diff --git a/README.md b/README.md
index 0a5850c7b..2fff995f7 100644
--- a/README.md
+++ b/README.md
@@ -1,20 +1,2672 @@
-## codefresh-onprem-helm
+## Codefresh On-Premises
-This repository contains the Helm chart for Codefresh On-Prem installation.
+ 
-### How-to create on-prem patch release:
+Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes.
+
+## Table of Content
+
+- [Prerequisites](#prerequisites)
+- [Get Repo Info](#get-repo-info)
+- [Install Chart](#install-chart)
+- [Chart Configuration](#chart-configuration)
+ - [Persistent services](#persistent-services)
+ - [Configuring external services](#configuring-external-services)
+ - [External MongoDB](#external-mongodb)
+ - [External MongoDB with MTLS](#external-mongodb-with-mtls)
+ - [External PostgresSQL](#external-postgressql)
+ - [External Redis](#external-redis)
+ - [External Redis with MTLS](#external-redis-with-mtls)
+ - [External RabbitMQ](#external-rabbitmq)
+ - [Configuring Ingress-NGINX](#configuring-ingress-nginx)
+ - [ELB with SSL Termination (Classic Load Balancer)](#elb-with-ssl-termination-classic-load-balancer)
+ - [NLB (Network Load Balancer)](#nlb-network-load-balancer)
+ - [Configuration with ALB (Application Load Balancer)](#configuration-with-alb-application-load-balancer)
+ - [Configuration with Private Registry](#configuration-with-private-registry)
+ - [Configuration with multi-role CF-API](#configuration-with-multi-role-cf-api)
+ - [High Availability](#high-availability)
+ - [Mounting private CA certs](#mounting-private-ca-certs)
+- [Installing on OpenShift](#installing-on-openshift)
+- [Firebase Configuration](#firebase-configuration)
+- [Additional configuration](#additional-configuration)
+ - [Retention policy for builds and logs](#retention-policy-for-builds-and-logs)
+ - [Projects pipelines limit](#projects-pipelines-limit)
+ - [Enable session cookie](#enable-session-cookie)
+ - [X-Frame-Options response header](#x-frame-options-response-header)
+ - [Image digests in containers](#image-digests-in-containers)
+- [Configuring OIDC Provider](#configuring-oidc-provider)
+- [Maintaining MongoDB indexes](#maintaining-mongodb-indexes)
+- [Upgrading](#upgrading)
+ - [To 2.0.0](#to-2-0-0)
+ - [To 2.0.12](#to-2-0-12)
+ - [To 2.0.17](#to-2-0-17)
+ - [To 2.1.0](#to-2-1-0)
+ - [To 2.1.7](#to-2-1-7)
+ - [To 2.2.0](#to-2-2-0)
+ - [To 2.3.0](#to-2-3-0)
+ - [To 2.4.0](#to-2-4-0)
+ - [To 2.5.0](#to-2-5-0)
+ - [To 2.6.0](#to-2-6-0)
+ - [To 2.7.0](#to-2-7-0)
+ - [To 2.8.0](#to-2-8-0)
+ - [To 3.0.0](#to-3-0-0)
+- [Rollback](#rollback)
+- [Troubleshooting](#troubleshooting)
+- [Values](#values)
+
+⚠️⚠️⚠️
+> Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh`
+
+> Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh`
+
+## Prerequisites
+
+- Kubernetes **>= 1.28 && <= 1.32** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well)
+- Helm **3.8.0+**
+- PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available)
+- Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory)
+- GCR Service Account JSON `sa.json` (provided by Codefresh, contact support@codefresh.io)
+- Firebase [Realtime Database URL](https://firebase.google.com/docs/database/web/start#create_a_database) with [legacy token](https://firebase.google.com/docs/database/rest/auth#legacy_tokens). See [Firebase Configuration](#firebase-configuration)
+- Valid TLS certificates for Ingress
+- When [external](#external-postgressql) PostgreSQL is used, `pg_cron` and `pg_partman` extensions **must be enabled** for [analytics](https://codefresh.io/docs/docs/dashboards/home-dashboard/#pipelines-dashboard) to work (see [AWS RDS example](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL_pg_cron.html#PostgreSQL_pg_cron.enable)). The `pg_cron` extension should be the 1.4 version or higher for Azure Postgres DB.
+
+## Get Repo Info
+
+```console
+helm show all oci://quay.io/codefresh/codefresh
+```
+See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
+
+## Install Chart
+
+**Important:** only helm 3.8.0+ is supported
+
+Edit default `values.yaml` or create empty `cf-values.yaml`
+
+- Pass `sa.json` (as a single line) to `.Values.imageCredentials.password`
+
+```yaml
+# -- Credentials for Image Pull Secret object
+imageCredentials:
+ registry: us-docker.pkg.dev
+ username: _json_key
+ password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }'
+```
+
+- Specify `.Values.global.appUrl`, `.Values.global.firebaseUrl`, `.Values.global.firebaseSecret`, `.Values.global.env.MONGOOSE_AUTO_INDEX`, `.Values.global.env.MONGO_AUTOMATIC_INDEX_CREATION`
+
+```yaml
+global:
+ # -- Application root url. Will be used in Ingress as hostname
+ appUrl: onprem.mydomain.com
+
+ # -- Firebase URL for logs streaming.
+ firebaseUrl: <>
+ # -- Firebase URL for logs streaming from existing secret
+ firebaseUrlSecretKeyRef: {}
+ # E.g.
+ # firebaseUrlSecretKeyRef:
+ # name: my-secret
+ # key: firebase-url
+
+ # -- Firebase Secret.
+ firebaseSecret: <>
+ # -- Firebase Secret from existing secret
+ firebaseSecretSecretKeyRef: {}
+ # E.g.
+ # firebaseSecretSecretKeyRef:
+ # name: my-secret
+ # key: firebase-secret
+
+ # -- Enable index creation in MongoDB
+ # This is required for first-time installations!
+ # Before usage in Production, you must set it to `false` or remove it!
+ env:
+ MONGOOSE_AUTO_INDEX: "true"
+ MONGO_AUTOMATIC_INDEX_CREATION: "true"
+
+```
+
+- Specify `.Values.ingress.tls.cert` and `.Values.ingress.tls.key` OR `.Values.ingress.tls.existingSecret`
+
+```yaml
+ingress:
+ # -- Enable the Ingress
+ enabled: true
+ # -- Set the ingressClass that is used for the ingress.
+ # Default `nginx-codefresh` is created from `ingress-nginx` controller subchart
+ # If you specify a different ingress class, disable `ingress-nginx` subchart (see below)
+ ingressClassName: nginx-codefresh
+ tls:
+ # -- Enable TLS
+ enabled: true
+ # -- Default secret name to be created with provided `cert` and `key` below
+ secretName: "star.codefresh.io"
+ # -- Certificate (base64 encoded)
+ cert: ""
+ # -- Private key (base64 encoded)
+ key: ""
+ # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`)
+ existingSecret: ""
+
+ingress-nginx:
+ # -- Enable ingress-nginx controller
+ enabled: true
+```
+
+- *Or specify your own `.Values.ingress.ingressClassName` (disable built-in ingress-nginx subchart)*
+
+```yaml
+ingress:
+ # -- Enable the Ingress
+ enabled: true
+ # -- Set the ingressClass that is used for the ingress.
+ ingressClassName: nginx
+
+ingress-nginx:
+ # -- Disable ingress-nginx controller
+ enabled: false
+```
+
+- Install the chart
+
+```console
+ helm upgrade --install cf oci://quay.io/codefresh/codefresh \
+ -f cf-values.yaml \
+ --namespace codefresh \
+ --create-namespace \
+ --debug \
+ --wait \
+ --timeout 15m
+ ```
+
+### ⚠️ **MANDATORY** Post-Installation Action Items
+
+Once your Codefresh On-Prem instance is installed, configured, and confirmed to be ready for production use, the following variables must be set to `false` or removed:
+
+```yaml
+global:
+ env:
+ MONGOOSE_AUTO_INDEX: "false"
+ MONGO_AUTOMATIC_INDEX_CREATION: "false"
+```
+
+## Chart Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
+
+```console
+helm show values codefresh/codefresh
+```
+
+### Persistent services
+
+The following table displays the list of **persistent** services created as part of the on-premises installation:
+
+| Database | Purpose | Required version |
+| :--- | :---- | :--- |
+| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x |
+| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 16.x or 17.x |
+| Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x |
+| RabbitMQ | Used for message queueing. | 3.13 \| 4.0.x |
+
+> Running on netfs (nfs, cifs) is not recommended.
+
+> Docker daemon (`cf-builder` stateful set) can be run on block storage only.
+
+All of them can be externalized. See the next sections.
+
+### Configuring external services
+
+The chart contains required dependencies for the corresponding services
+- [bitnami/mongodb](https://github.com/bitnami/charts/tree/main/bitnami/mongodb)
+- [bitnami/postgresql](https://github.com/bitnami/charts/tree/main/bitnami/postgresql)
+- [bitnami/redis](https://github.com/bitnami/charts/tree/main/bitnami/redis)
+- [bitnami/rabbitmq](https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq)
+
+However, you might need to use external services like [MongoDB Atlas Database](https://www.mongodb.com/atlas/database) or [Amazon RDS for PostgreSQL](https://aws.amazon.com/rds/postgresql/). In order to use them, adjust the values accordingly:
+
+#### External MongoDB
+
+> ⚠️ **Important!** If you use MongoDB Atlas, you must create user with `Write` permissions before installing Codefresh:
+> Then, provide the user credentials in the chart values at
+`.Values.global.mongodbUser/mongodbRootUserSecretKeyRef`
+`.Values.global.mongodbPassword/mongodbRootPasswordSecretKeyRef`
+`.Values.seed.mongoSeedJob.mongodbRootUser/mongodbRootUserSecretKeyRef`
+`.Values.seed.mongoSeedJob.mongodbRootPassword/mongodbRootPasswordSecretKeyRef`
+> Ref:
+> [Create Users in Atlas](https://www.mongodb.com/docs/atlas/security-add-mongodb-users/#configure-database-users)
+
+`values.yaml` for external MongoDB:
+
+```yaml
+seed:
+ mongoSeedJob:
+ # -- Enable mongo seed job. Seeds the required data (default idp/user/account), creates cfuser and required databases.
+ enabled: true
+ # -- Root user in plain text (required ONLY for seed job!).
+ mongodbRootUser: "root"
+ # -- Root user from existing secret
+ mongodbRootUserSecretKeyRef: {}
+ # E.g.
+ # mongodbRootUserSecretKeyRef:
+ # name: my-secret
+ # key: mongodb-root-user
+
+ # -- Root password in plain text (required ONLY for seed job!).
+ mongodbRootPassword: "password"
+ # -- Root password from existing secret
+ mongodbRootPasswordSecretKeyRef: {}
+ # E.g.
+ # mongodbRootPasswordSecretKeyRef:
+ # name: my-secret
+ # key: mongodb-root-password
+
+global:
+ # -- LEGACY (but still supported) - Use `.global.mongodbProtocol` + `.global.mongodbUser/mongodbUserSecretKeyRef` + `.global.mongodbPassword/mongodbPasswordSecretKeyRef` + `.global.mongodbHost/mongodbHostSecretKeyRef` + `.global.mongodbOptions` instead
+ # Default MongoDB URI. Will be used by ALL services to communicate with MongoDB.
+ # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/
+ # Note! `defaultauthdb` is omitted on purpose (i.e. mongodb://.../[defaultauthdb]).
+ mongoURI: ""
+ # E.g.
+ # mongoURI: "mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/"
+
+ # -- Set mongodb protocol (`mongodb` / `mongodb+srv`)
+ mongodbProtocol: mongodb
+ # -- Set mongodb user in plain text
+ mongodbUser: "cfuser"
+ # -- Set mongodb user from existing secret
+ mongodbUserSecretKeyRef: {}
+ # E.g.
+ # mongodbUserSecretKeyRef:
+ # name: my-secret
+ # key: mongodb-user
+
+ # -- Set mongodb password in plain text
+ mongodbPassword: "password"
+ # -- Set mongodb password from existing secret
+ mongodbPasswordSecretKeyRef: {}
+ # E.g.
+ # mongodbPasswordSecretKeyRef:
+ # name: my-secret
+ # key: mongodb-password
+
+ # -- Set mongodb host in plain text
+ mongodbHost: "my-mongodb.prod.svc.cluster.local:27017"
+ # -- Set mongodb host from existing secret
+ mongodbHostSecretKeyRef: {}
+ # E.g.
+ # mongodbHostSecretKeyRef:
+ # name: my-secret
+ # key: monogdb-host
+
+ # -- Set mongodb connection string options
+ # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options
+ mongodbOptions: "retryWrites=true"
+
+mongodb:
+ # -- Disable mongodb subchart installation
+ enabled: false
+```
+
+#### External MongoDB with MTLS
+
+In order to use MTLS (Mutual TLS) for MongoDB, you need:
+
+* Create a K8S secret that contains the certificate (certificate file and private key).
+ The K8S secret should have one `ca.pem` key.
+```console
+cat cert.crt > ca.pem
+cat cert.key >> ca.pem
+kubectl create secret generic my-mongodb-tls --from-file=ca.pem
+```
+
+* Add `.Values.global.volumes` and `.Values.global.volumeMounts` to mount the secret into all the services.
+```yaml
+global:
+ volumes:
+ mongodb-tls:
+ enabled: true
+ type: secret
+ nameOverride: my-mongodb-tls
+ optional: true
+
+ volumeMounts:
+ mongodb-tls:
+ path:
+ - mountPath: /etc/ssl/mongodb/ca.pem
+ subPath: ca.pem
+
+ env:
+ MONGODB_SSL_ENABLED: true
+ MTLS_CERT_PATH: /etc/ssl/mongodb/ca.pem
+ RUNTIME_MTLS_CERT_PATH: /etc/ssl/mongodb/ca.pem
+ RUNTIME_MONGO_TLS: "true"
+ # Set these env vars to 'false' if self-signed certificate is used to avoid x509 errors
+ RUNTIME_MONGO_TLS_VALIDATE: "false"
+ MONGO_MTLS_VALIDATE: "false"
+```
+
+#### External PostgresSQL
+
+```yaml
+seed:
+ postgresSeedJob:
+ # -- Enable postgres seed job. Creates required user and databases.
+ enabled: true
+ # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!)
+ # Must be a privileged user allowed to create databases and grant roles.
+ # If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used.
+ postgresUser: "postgres"
+ # -- (optional) "postgres" admin user from exising secret
+ postgresUserSecretKeyRef: {}
+ # E.g.
+ # postgresUserSecretKeyRef:
+ # name: my-secret
+ # key: postgres-user
+
+ # -- (optional) Password for "postgres" admin user (required ONLY for seed job!)
+ postgresPassword: "password"
+ # -- (optional) Password for "postgres" admin user from existing secret
+ postgresPasswordSecretKeyRef: {}
+ # E.g.
+ # postgresPasswordSecretKeyRef:
+ # name: my-secret
+ # key: postgres-password
+
+global:
+ # -- Set postgres user in plain text
+ postgresUser: cf_user
+ # -- Set postgres user from existing secret
+ postgresUserSecretKeyRef: {}
+ # E.g.
+ # postgresUserSecretKeyRef:
+ # name: my-secret
+ # key: postgres-user
+
+ # -- Set postgres password in plain text
+ postgresPassword: password
+ # -- Set postgres password from existing secret
+ postgresPasswordSecretKeyRef: {}
+ # E.g.
+ # postgresPasswordSecretKeyRef:
+ # name: my-secret
+ # key: postgres-password
+
+ # -- Set postgres service address in plain text.
+ postgresHostname: "my-postgres.domain.us-east-1.rds.amazonaws.com"
+ # -- Set postgres service from existing secret
+ postgresHostnameSecretKeyRef: {}
+ # E.g.
+ # postgresHostnameSecretKeyRef:
+ # name: my-secret
+ # key: postgres-hostname
+
+ # -- Set postgres port number
+ postgresPort: 5432
+
+postgresql:
+ # -- Disable postgresql subchart installation
+ enabled: false
+```
+
+##### Using SSL with a PostgreSQL
+
+Provide the following env vars to enforce SSL connection to PostgresSQL:
+
+```yaml
+global:
+ env:
+ # More info in the official docs: https://www.postgresql.org/docs/current/libpq-envars.html
+ PGSSLMODE: "require"
+
+helm-repo-manager:
+ env:
+ POSTGRES_DISABLE_SSL: "false"
+```
+
+> ⚠️ **Important!**
+> We do not support custom CA configuration for PostgreSQL, including self-signed certificates. This may cause incompatibility with some providers' default configurations.
+> In particular, Amazon RDS for PostgreSQL version 15 and later requires SSL encryption by default ([ref](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Requiring)).
+> We recommend disabling SSL on the provider side in such cases or using the following steps to mount custom CA certificates: [Mounting private CA certs](#mounting-private-ca-certs)
+
+#### External Redis
+
+```yaml
+global:
+ # -- Set redis password in plain text
+ redisPassword: password
+ # -- Set redis service port
+ redisPort: 6379
+ # -- Set redis password from existing secret
+ redisPasswordSecretKeyRef: {}
+ # E.g.
+ # redisPasswordSecretKeyRef:
+ # name: my-secret
+ # key: redis-password
+
+ # -- Set redis hostname in plain text. Takes precedence over `global.redisService`!
+ redisUrl: "my-redis.namespace.svc.cluster.local"
+ # -- Set redis hostname from existing secret.
+ redisUrlSecretKeyRef: {}
+ # E.g.
+ # redisUrlSecretKeyRef:
+ # name: my-secret
+ # key: redis-url
+
+redis:
+ # -- Disable redis subchart installation
+ enabled: false
+
+```
+
+> If ElastiCache is used, set `REDIS_TLS` to `true` in `.Values.global.env`
+
+> ⚠️ ElastiCache with **Cluster mode** is not supported!
+
+```yaml
+global:
+ env:
+ REDIS_TLS: true
+```
+
+#### External Redis with MTLS
+
+In order to use [MTLS (Mutual TLS) for Redis](https://redis.io/docs/management/security/encryption/), you need:
+
+* Create a K8S secret that contains the certificate (ca, certificate and private key).
+```console
+cat ca.crt tls.crt > tls.crt
+kubectl create secret tls my-redis-tls --cert=tls.crt --key=tls.key --dry-run=client -o yaml | kubectl apply -f -
+```
+
+* Add `.Values.global.volumes` and `.Values.global.volumeMounts` to mount the secret into all the services.
+```yaml
+global:
+ volumes:
+ redis-tls:
+ enabled: true
+ type: secret
+ # Existing secret with TLS certificates (keys: `ca.crt` , `tls.crt`, `tls.key`)
+ nameOverride: my-redis-tls
+ optional: true
+
+ volumeMounts:
+ redis-tls:
+ path:
+ - mountPath: /etc/ssl/redis
+
+ env:
+ REDIS_TLS: true
+ REDIS_CA_PATH: /etc/ssl/redis/ca.crt
+ REDIS_CLIENT_CERT_PATH : /etc/ssl/redis/tls.crt
+ REDIS_CLIENT_KEY_PATH: /etc/ssl/redis/tls.key
+ # Set these env vars like that if self-signed certificate is used to avoid x509 errors
+ REDIS_REJECT_UNAUTHORIZED: false
+ REDIS_TLS_SKIP_VERIFY: true
+```
+
+#### External RabbitMQ
+
+```yaml
+global:
+ # -- Set rabbitmq protocol (`amqp/amqps`)
+ rabbitmqProtocol: amqp
+ # -- Set rabbitmq username in plain text
+ rabbitmqUsername: user
+ # -- Set rabbitmq username from existing secret
+ rabbitmqUsernameSecretKeyRef: {}
+ # E.g.
+ # rabbitmqUsernameSecretKeyRef:
+ # name: my-secret
+ # key: rabbitmq-username
+
+ # -- Set rabbitmq password in plain text
+ rabbitmqPassword: password
+ # -- Set rabbitmq password from existing secret
+ rabbitmqPasswordSecretKeyRef: {}
+ # E.g.
+ # rabbitmqPasswordSecretKeyRef:
+ # name: my-secret
+ # key: rabbitmq-password
+
+ # -- Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`!
+ rabbitmqHostname: "my-rabbitmq.namespace.svc.cluster.local:5672"
+ # -- Set rabbitmq service address from existing secret.
+ rabbitmqHostnameSecretKeyRef: {}
+ # E.g.
+ # rabbitmqHostnameSecretKeyRef:
+ # name: my-secret
+ # key: rabbitmq-hostname
+
+rabbitmq:
+ # -- Disable rabbitmq subchart installation
+ enabled: false
+```
+
+### Configuring Ingress-NGINX
+
+The chart deploys the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main) and exposes controller behind a Service of `Type=LoadBalancer`
+
+All installation options for `ingress-nginx` are described at [Configuration](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx#configuration)
+
+Relevant examples for Codefesh are below:
+
+#### ELB with SSL Termination (Classic Load Balancer)
+
+*certificate provided from ACM*
+
+```yaml
+ingress-nginx:
+ controller:
+ service:
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
+ service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
+ service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+ service.beta.kubernetes.io/aws-load-balancer-ssl-cert: < CERTIFICATE ARN >
+ targetPorts:
+ http: http
+ https: http
+
+# -- Ingress
+ingress:
+ tls:
+ # -- Disable TLS
+ enabled: false
+```
+
+#### NLB (Network Load Balancer)
+
+*certificate provided as base64 string or as exisiting k8s secret*
+
+```yaml
+ingress-nginx:
+ controller:
+ service:
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-type: nlb
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+ service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+ service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+
+# -- Ingress
+ingress:
+ tls:
+ # -- Enable TLS
+ enabled: true
+ # -- Default secret name to be created with provided `cert` and `key` below
+ secretName: "star.codefresh.io"
+ # -- Certificate (base64 encoded)
+ cert: "LS0tLS1CRUdJTiBDRVJ...."
+ # -- Private key (base64 encoded)
+ key: "LS0tLS1CRUdJTiBSU0E..."
+ # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`)
+ existingSecret: ""
+```
+
+### Configuration with ALB (Application Load Balancer)
+
+*[Application Load Balancer](https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller) should be deployed to the cluster*
+
+```yaml
+ingress-nginx:
+ # -- Disable ingress-nginx subchart installation
+ enabled: false
+
+ingress:
+ # -- ALB contoller ingress class
+ ingressClassName: alb
+ annotations:
+ alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig":{ "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
+ alb.ingress.kubernetes.io/backend-protocol: HTTP
+ alb.ingress.kubernetes.io/certificate-arn:
+ alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
+ alb.ingress.kubernetes.io/scheme: internet-facing
+ alb.ingress.kubernetes.io/success-codes: 200,404
+ alb.ingress.kubernetes.io/target-type: ip
+ services:
+ # For ALB /* asterisk is required in path
+ internal-gateway:
+ - /*
+
+```
+
+### Configuration with Private Registry
+
+If you install/upgrade Codefresh on an air-gapped environment without access to public registries (i.e. `quay.io`/`docker.io`) or Codefresh Enterprise registry at `gcr.io`, you will have to mirror the images to your organization’s container registry.
+
+- Obtain [image list](https://github.com/codefresh-io/onprem-images/tree/master/releases) for specific release
+
+- [Push images](https://github.com/codefresh-io/onprem-images/blob/master/push-to-registry.sh) to private docker registry
+
+- Specify image registry in values
+
+```yaml
+global:
+ imageRegistry: myregistry.domain.com
+
+```
+
+There are 3 types of images, with the values above in rendered manifests images will be converted as follows:
+
+**non-Codefresh** like:
+
+```yaml
+bitnami/mongo:4.2
+registry.k8s.io/ingress-nginx/controller:v1.4.0
+postgres:13
+```
+converted to:
+```yaml
+myregistry.domain.com/bitnami/mongodb:4.2
+myregistry.domain.com/ingress-nginx/controller:v1.2.0
+myregistry.domain.com/postgres:13
+```
+
+Codefresh **public** images like:
+```yaml
+quay.io/codefresh/dind:20.10.13-1.25.2
+quay.io/codefresh/engine:1.147.8
+quay.io/codefresh/cf-docker-builder:1.1.14
+```
+converted to:
+```yaml
+myregistry.domain.com/codefresh/dind:20.10.13-1.25.2
+myregistry.domain.com/codefresh/engine:1.147.8
+myregistry.domain.com/codefresh/cf-docker-builder:1.1.14
+```
+
+Codefresh **private** images like:
+```yaml
+gcr.io/codefresh-enterprise/codefresh/cf-api:21.153.6
+gcr.io/codefresh-enterprise/codefresh/cf-ui:14.69.38
+gcr.io/codefresh-enterprise/codefresh/pipeline-manager:3.121.7
+```
+converted to:
+
+```yaml
+myregistry.domain.com/codefresh/cf-api:21.153.6
+myregistry.domain.com/codefresh/cf-ui:14.69.38
+myregistry.domain.com/codefresh/pipeline-manager:3.121.7
+```
+
+Use the example below to override repository for all templates:
+
+```yaml
+
+global:
+ imagePullSecrets:
+ - cf-registry
+
+ingress-nginx:
+ controller:
+ image:
+ registry: myregistry.domain.com
+ image: codefresh/controller
+
+mongodb:
+ image:
+ repository: codefresh/mongodb
+
+postgresql:
+ image:
+ repository: codefresh/postgresql
+
+consul:
+ image:
+ repository: codefresh/consul
+
+redis:
+ image:
+ repository: codefresh/redis
+
+rabbitmq:
+ image:
+ repository: codefresh/rabbitmq
+
+nats:
+ image:
+ repository: codefresh/nats
+
+builder:
+ container:
+ image:
+ repository: codefresh/docker
+
+runner:
+ container:
+ image:
+ repository: codefresh/docker
+
+internal-gateway:
+ container:
+ image:
+ repository: codefresh/nginx-unprivileged
+
+helm-repo-manager:
+ chartmuseum:
+ image:
+ repository: myregistry.domain.com/codefresh/chartmuseum
+
+cf-platform-analytics-platform:
+ redis:
+ image:
+ repository: codefresh/redis
+```
+
+### Configuration with multi-role CF-API
+
+The chart installs cf-api as a single deployment. Though, at a larger scale, we do recommend to split cf-api to multiple roles (one deployment per role) as follows:
+
+```yaml
+
+global:
+ # -- Change internal cfapi service address
+ cfapiService: cfapi-internal
+ # -- Change endpoints cfapi service address
+ cfapiEndpointsService: cfapi-endpoints
+
+cfapi: &cf-api
+ # -- Disable default cfapi deployment
+ enabled: false
+ # -- (optional) Enable the autoscaler
+ # The value will be merged into each cfapi role. So you can specify it once.
+ hpa:
+ enabled: true
+# Enable cf-api roles
+cfapi-auth:
+ <<: *cf-api
+ enabled: true
+cfapi-internal:
+ <<: *cf-api
+ enabled: true
+cfapi-ws:
+ <<: *cf-api
+ enabled: true
+cfapi-admin:
+ <<: *cf-api
+ enabled: true
+cfapi-endpoints:
+ <<: *cf-api
+ enabled: true
+cfapi-terminators:
+ <<: *cf-api
+ enabled: true
+cfapi-sso-group-synchronizer:
+ <<: *cf-api
+ enabled: true
+cfapi-buildmanager:
+ <<: *cf-api
+ enabled: true
+cfapi-cacheevictmanager:
+ <<: *cf-api
+ enabled: true
+cfapi-eventsmanagersubscriptions:
+ <<: *cf-api
+ enabled: true
+cfapi-kubernetesresourcemonitor:
+ <<: *cf-api
+ enabled: true
+cfapi-environments:
+ <<: *cf-api
+ enabled: true
+cfapi-gitops-resource-receiver:
+ <<: *cf-api
+ enabled: true
+cfapi-downloadlogmanager:
+ <<: *cf-api
+ enabled: true
+cfapi-teams:
+ <<: *cf-api
+ enabled: true
+cfapi-kubernetes-endpoints:
+ <<: *cf-api
+ enabled: true
+cfapi-test-reporting:
+ <<: *cf-api
+ enabled: true
+```
+
+### High Availability
+
+The chart installs the non-HA version of Codefresh by default. If you want to run Codefresh in HA mode, use the example values below.
+
+> **Note!** `cronus` is not supported in HA mode, otherwise builds with CRON triggers will be duplicated
+
+`values.yaml`
+```yaml
+cfapi:
+ hpa:
+ enabled: true
+ # These are the defaults for all Codefresh subcharts
+ # minReplicas: 2
+ # maxReplicas: 10
+ # targetCPUUtilizationPercentage: 70
+
+argo-platform:
+ abac:
+ hpa:
+ enabled: true
+
+ analytics-reporter:
+ hpa:
+ enabled: true
+
+ api-events:
+ hpa:
+ enabled: true
+
+ api-graphql:
+ hpa:
+ enabled: true
+
+ audit:
+ hpa:
+ enabled: true
+
+ cron-executor:
+ hpa:
+ enabled: true
+
+ event-handler:
+ hpa:
+ enabled: true
+
+ ui:
+ hpa:
+ enabled: true
+
+cfui:
+ hpa:
+ enabled: true
+
+internal-gateway:
+ hpa:
+ enabled: true
+
+cf-broadcaster:
+ hpa:
+ enabled: true
+
+cf-platform-analytics-platform:
+ hpa:
+ enabled: true
+
+charts-manager:
+ hpa:
+ enabled: true
+
+cluster-providers:
+ hpa:
+ enabled: true
+
+context-manager:
+ hpa:
+ enabled: true
+
+gitops-dashboard-manager:
+ hpa:
+ enabled: true
+
+helm-repo-manager:
+ hpa:
+ enabled: true
+
+hermes:
+ hpa:
+ enabled: true
+
+k8s-monitor:
+ hpa:
+ enabled: true
+
+kube-integration:
+ hpa:
+ enabled: true
+
+nomios:
+ hpa:
+ enabled: true
+
+pipeline-manager:
+ hpa:
+ enabled: true
+
+runtime-environment-manager:
+ hpa:
+ enabled: true
+
+tasker-kubernetes:
+ hpa:
+ enabled: true
+
+```
+
+For infra services (MongoDB, PostgreSQL, RabbitMQ, Redis, Consul, Nats, Ingress-NGINX) from built-in Bitnami charts you can use the following example:
+
+> **Note!** Use [topologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods) for better resiliency
+
+`values.yaml`
+```yaml
+global:
+ postgresService: postgresql-ha-pgpool
+ mongodbHost: cf-mongodb-0,cf-mongodb-1,cf-mongodb-2 # Replace `cf` with your Helm Release name
+ mongodbOptions: replicaSet=rs0&retryWrites=true
+ redisUrl: cf-redis-ha-haproxy
+
+builder:
+ controller:
+ replicas: 3
+
+consul:
+ replicaCount: 3
+
+cfsign:
+ controller:
+ replicas: 3
+ persistence:
+ certs-data:
+ enabled: false
+ volumes:
+ certs-data:
+ type: emptyDir
+ initContainers:
+ volume-permissions:
+ enabled: false
+
+ingress-nginx:
+ controller:
+ autoscaling:
+ enabled: true
+
+mongodb:
+ architecture: replicaset
+ replicaCount: 3
+ externalAccess:
+ enabled: true
+ service:
+ type: ClusterIP
+
+nats:
+ replicaCount: 3
+
+postgresql:
+ enabled: false
+
+postgresql-ha:
+ enabled: true
+ volumePermissions:
+ enabled: true
+
+rabbitmq:
+ replicaCount: 3
+
+redis:
+ enabled: false
+
+redis-ha:
+ enabled: true
+```
+
+### Mounting private CA certs
+
+```yaml
+global:
+ env:
+ NODE_EXTRA_CA_CERTS: /etc/ssl/custom/ca.crt
+
+ volumes:
+ custom-ca:
+ enabled: true
+ type: secret
+ existingName: my-custom-ca-cert # exisiting K8s secret object with the CA cert
+ optional: true
+
+ volumeMounts:
+ custom-ca:
+ path:
+ - mountPath: /etc/ssl/custom/ca.crt
+ subPath: ca.crt
+```
+
+## Installing on OpenShift
+
+To deploy Codefresh On-Prem on OpenShift use the following values example:
+
+```yaml
+ingress:
+ ingressClassName: openshift-default
+
+global:
+ dnsService: dns-default
+ dnsNamespace: openshift-dns
+ clusterDomain: cluster.local
+
+# Requires privileged SCC.
+builder:
+ enabled: false
+
+cfapi:
+ podSecurityContext:
+ enabled: false
+
+cf-platform-analytics-platform:
+ redis:
+ master:
+ podSecurityContext:
+ enabled: false
+ containerSecurityContext:
+ enabled: false
+
+cfsign:
+ podSecurityContext:
+ enabled: false
+ initContainers:
+ volume-permissions:
+ enabled: false
+
+cfui:
+ podSecurityContext:
+ enabled: false
+
+internal-gateway:
+ podSecurityContext:
+ enabled: false
+
+helm-repo-manager:
+ chartmuseum:
+ securityContext:
+ enabled: false
+
+consul:
+ podSecurityContext:
+ enabled: false
+ containerSecurityContext:
+ enabled: false
+
+cronus:
+ podSecurityContext:
+ enabled: false
+
+ingress-nginx:
+ enabled: false
+
+mongodb:
+ podSecurityContext:
+ enabled: false
+ containerSecurityContext:
+ enabled: false
+
+postgresql:
+ primary:
+ podSecurityContext:
+ enabled: false
+ containerSecurityContext:
+ enabled: false
+
+redis:
+ master:
+ podSecurityContext:
+ enabled: false
+ containerSecurityContext:
+ enabled: false
+
+rabbitmq:
+ podSecurityContext:
+ enabled: false
+ containerSecurityContext:
+ enabled: false
+
+# Requires privileged SCC.
+runner:
+ enabled: false
+```
+
+## Firebase Configuration
+
+As outlined in [prerequisites](#prerequisites), it's required to set up a Firebase database for builds logs streaming:
+
+- [Create a Database](https://firebase.google.com/docs/database/web/start#create_a_database).
+- Create a [Legacy token](https://firebase.google.com/docs/database/rest/auth#legacy_tokens) for authentication.
+- Set the following rules for the database:
+```json
+{
+ "rules": {
+ "build-logs": {
+ "$jobId":{
+ ".read": "!root.child('production/build-logs/'+$jobId).exists() || (auth != null && auth.admin == true) || (auth == null && data.child('visibility').exists() && data.child('visibility').val() == 'public') || ( auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val() )",
+ ".write": "auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val()"
+ }
+ },
+ "environment-logs": {
+ "$environmentId":{
+ ".read": "!root.child('production/environment-logs/'+$environmentId).exists() || ( auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val() )",
+ ".write": "auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val()"
+ }
+ }
+ }
+}
+```
+
+However, if you're in an air-gapped environment, you can omit this prerequisite and use a built-in logging system (i.e. `OfflineLogging` feature-flag).
+See [feature management](https://codefresh.io/docs/docs/installation/on-premises/on-prem-feature-management)
+
+## Additional configuration
+
+### Retention policy for builds and logs
+
+With this method, Codefresh by default deletes builds older than six months.
+
+The retention mechanism removes data from the following collections: `workflowproccesses`, `workflowrequests`, `workflowrevisions`
+
+```yaml
+cfapi:
+ env:
+ # Determines if automatic build deletion through the Cron job is enabled.
+ RETENTION_POLICY_IS_ENABLED: true
+ # The maximum number of builds to delete by a single Cron job. To avoid database issues, especially when there are large numbers of old builds, we recommend deleting them in small chunks. You can gradually increase the number after verifying that performance is not affected.
+ RETENTION_POLICY_BUILDS_TO_DELETE: 50
+ # The number of days for which to retain builds. Builds older than the defined retention period are deleted.
+ RETENTION_POLICY_DAYS: 180
+```
+
+### Retention policy for builds and logs
+> Configuration for Codefresh On-Prem >= 2.x
+
+> Previous configuration example (i.e. `RETENTION_POLICY_IS_ENABLED=true` ) is also supported in Codefresh On-Prem >= 2.x
+
+**For existing environments, for the retention mechanism to work, you must first drop the `created ` index in `workflowprocesses` collection. This requires a maintenance window that depends on the number of builds.**
+
+```yaml
+cfapi:
+ env:
+ # Determines if automatic build deletion is enabled.
+ TTL_RETENTION_POLICY_IS_ENABLED: true
+ # The number of days for which to retain builds, and can be between 30 (minimum) and 365 (maximum). Builds older than the defined retention period are deleted.
+ TTL_RETENTION_POLICY_IN_DAYS: 180
+```
+
+### Projects pipelines limit
+
+```yaml
+pipeline-manager:
+ env:
+ # Determines project's pipelines limit (default: 500)
+ PROJECT_PIPELINES_LIMIT: 500
+```
+
+### Enable session cookie
+
+```yaml
+cfapi:
+ env:
+ # Generate a unique session cookie (cf-uuid) on each login
+ DISABLE_CONCURRENT_SESSIONS: true
+ # Customize cookie domain
+ CF_UUID_COOKIE_DOMAIN: .mydomain.com
+```
+
+> **Note!** Ingress host for [gitops-runtime](https://artifacthub.io/packages/helm/codefresh-gitops-runtime/gitops-runtime) and ingress host for control plane must share the same root domain (i.e. `onprem.mydomain.com` and `runtime.mydomain.com`)
+
+### X-Frame-Options response header
+
+```yaml
+cfapi:
+ env:
+ # Set value to the `X-Frame-Options` response header. Control the restrictions of embedding Codefresh page into the iframes.
+ # Possible values: sameorigin(default) / deny
+ FRAME_OPTIONS: sameorigin
+
+cfui:
+ env:
+ FRAME_OPTIONS: sameorigin
+```
+
+Read more about header at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options.
+
+### Configure CSP (Content Security Policy)
+
+`CONTENT_SECURITY_POLICY` is the string describing content policies. Use semi-colons to separate between policies. `CONTENT_SECURITY_POLICY_REPORT_TO` is a comma-separated list of JSON objects. Each object must have a name and an array of endpoints that receive the incoming CSP reports.
+
+For detailed information, see the [Content Security Policy article on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
+
+```yaml
+cfui:
+ env:
+ CONTENT_SECURITY_POLICY: ""
+ CONTENT_SECURITY_POLICY_REPORT_ONLY: "default-src 'self'; font-src 'self'
+ https://fonts.gstatic.com; script-src 'self' https://unpkg.com https://js.stripe.com;
+ style-src 'self' https://fonts.googleapis.com; 'unsafe-eval' 'unsafe-inline'"
+ CONTENT_SECURITY_POLICY_REPORT_TO: ""
+```
+
+### x-hub-signature-256 signature for GitHub AE
+
+For detailed information, see the [Securing your webhooks](https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks) and [Webhooks](https://docs.github.com/en/github-ae@latest/rest/webhooks).
+
+```
+cfapi:
+ env:
+ USE_SHA256_GITHUB_SIGNATURE: "true"
+```
+
+### Image digests in containers
+
+In Codefresh On-Prem 2.6.x all Codefresh owner microservices include image digests in the default subchart values.
+
+For example, default values for `cfapi` might look like this:
+
+```yaml
+container:
+ image:
+ registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
+ repository: codefresh/cf-api
+ tag: 21.268.1
+ digest: "sha256:bae42f8efc18facc2bf93690fce4ab03ef9607cec4443fada48292d1be12f5f8"
+ pullPolicy: IfNotPresent
+```
+
+this resulting in the following image reference in the pod spec:
+
+```yaml
+spec:
+ containers:
+ - name: cfapi
+ image: us-docker.pkg.dev/codefresh-enterprise/gcr.io/codefresh/cf-api:21.268.1@sha256:bae42f8efc18facc2bf93690fce4ab03ef9607cec4443fada48292d1be12f5f8
+```
+
+> **Note!** When the `digest` is providerd, the `tag` is ignored! You can omit digest and use tag only like the following `values.yaml` example:
+
+```yaml
+cfapi:
+ container:
+ image:
+ tag: 21.268.1
+ # -- Set empty tag for digest
+ digest: ""
+```
+
+## Configuring OIDC Provider
+
+OpenID Connect (OIDC) allows Codefresh Builds to access resources in your cloud provider (such as AWS, Azure, GCP), without needing to store cloud credentials as long-lived pipeline secret variables.
+
+### Enabling the OIDC Provider in Codefresh On-Prem
+
+#### Prerequisites:
+
+- DNS name for OIDC Provider
+- Valid TLS certificates for Ingress
+- K8S secret containing JWKS (JSON Web Key Sets). Can be generated at [mkjwk.org](https://mkjwk.org/)
+- K8S secret containing Cliend ID (public identifier for app) and Client Secret (application password; cryptographically strong random string)
+
+> **NOTE!** In production usage use [External Secrets Operator](https://external-secrets.io/latest/) or [HashiCorp Vault](https://developer.hashicorp.com/vault/docs/platform/k8s) to create secrets. The following example uses `kubectl` for brevity.
+
+For JWKS use **Public and Private Keypair Set** (if generated at [mkjwk.org](https://mkjwk.org/)), for example:
+
+`cf-oidc-provider-jwks.json`:
+```json
+{
+ "keys": [
+ {
+ "p": "...",
+ "kty": "RSA",
+ "q": "...",
+ "d": "...",
+ "e": "AQAB",
+ "use": "sig",
+ "qi": "...",
+ "dp": "...",
+ "alg": "RS256",
+ "dq": "...",
+ "n": "..."
+ }
+ ]
+}
+```
+
+```console
+# Creating secret containing JWKS.
+# The secret KEY is `cf-oidc-provider-jwks.json`. It then referenced in `OIDC_JWKS_PRIVATE_KEYS_PATH` environment variable in `cf-oidc-provider`.
+# The secret NAME is referenced in `.volumes.jwks-file.nameOverride` (volumeMount is configured in the chart already)
+kubectl create secret generic cf-oidc-provider-jwks \
+ --from-file=cf-oidc-provider-jwks.json \
+ -n $NAMESPACE
+
+# Creating secret containing Client ID and Client Secret
+# Secret NAME is `cf-oidc-provider-client-secret`.
+# It then referenced in `OIDC_CF_PLATFORM_CLIENT_ID` and `OIDC_CF_PLATFORM_CLIENT_SECRET` environment variables in `cf-oidc-provider`
+# and in `OIDC_PROVIDER_CLIENT_ID` and `OIDC_PROVIDER_CLIENT_SECRET` in `cfapi`.
+kubectl create secret generic cf-oidc-provider-client-secret \
+ --from-literal=client-id=codefresh \
+ --from-literal=client-secret='verysecureclientsecret' \
+ -n $NAMESPACE
+```
+
+`values.yaml`
+```yaml
+global:
+ # -- Set OIDC Provider URL
+ oidcProviderService: "oidc.mydomain.com"
+ # -- Default OIDC Provider service client ID in plain text.
+ # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
+ oidcProviderClientId: null
+ # -- Default OIDC Provider service client secret in plain text.
+ # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
+ oidcProviderClientSecret: null
+
+cfapi:
+ # -- Set additional variables for cfapi
+ # Reference a secret containing Client ID and Client Secret
+ env:
+ OIDC_PROVIDER_CLIENT_ID:
+ valueFrom:
+ secretKeyRef:
+ name: cf-oidc-provider-client-secret
+ key: client-id
+ OIDC_PROVIDER_CLIENT_SECRET:
+ valueFrom:
+ secretKeyRef:
+ name: cf-oidc-provider-client-secret
+ key: client-secret
+
+cf-oidc-provider:
+ # -- Enable OIDC Provider
+ enabled: true
+
+ container:
+ env:
+ OIDC_JWKS_PRIVATE_KEYS_PATH: /secrets/jwks/cf-oidc-provider-jwks.json
+ # -- Reference a secret containing Client ID and Client Secret
+ OIDC_CF_PLATFORM_CLIENT_ID:
+ valueFrom:
+ secretKeyRef:
+ name: cf-oidc-provider-client-secret
+ key: client-id
+ OIDC_CF_PLATFORM_CLIENT_SECRET:
+ valueFrom:
+ secretKeyRef:
+ name: cf-oidc-provider-client-secret
+ key: client-secret
+
+ volumes:
+ jwks-file:
+ enabled: true
+ type: secret
+ # -- Secret name containing JWKS
+ nameOverride: "cf-oidc-provider-jwks"
+ optional: false
+
+ ingress:
+ main:
+ # -- Enable ingress for OIDC Provider
+ enabled: true
+ annotations: {}
+ # -- Set ingress class name
+ ingressClassName: ""
+ hosts:
+ # -- Set OIDC Provider URL
+ - host: "oidc.mydomain.com"
+ paths:
+ - path: /
+ # For ALB (Application Load Balancer) /* asterisk is required in path
+ # e.g.
+ # - path: /*
+ tls: []
+```
+
+Deploy HELM chart with new `values.yaml`
+
+Use https://oidc.mydomain.com/.well-known/openid-configuration to verify OIDC Provider configuration
+
+### Adding the identity provider in AWS
+
+To add Codefresh OIDC provider to IAM, see the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html)
+- For the **provider URL**: Use `.Values.global.oidcProviderService` value with `https://` prefix (i.e. https://oidc.mydomain.com)
+- For the **Audienece**: Use `.Values.global.appUrl` value with `https://` prefix (i.e. https://onprem.mydomain.com)
+
+#### Configuring the role and trust policy
+
+To configure the role and trust in IAM, see [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html)
+
+Edit the trust policy to add the sub field to the validation conditions. For example, use `StringLike` to allow only builds from specific pipeline to assume a role in AWS.
+```json
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Principal": {
+ "Federated": "arn:aws:iam:::oidc-provider/oidc.mydomain.com"
+ },
+ "Action": "sts:AssumeRoleWithWebIdentity",
+ "Condition": {
+ "StringEquals": {
+ "oidc.mydomain.com:aud": "https://onprem.mydomain.com"
+ },
+ "StringLike": {
+ "oidc.mydomain.com:sub": "account:64884faac2751b77ca7ab324:pipeline:64f7232ab698cfcb95d93cef:*"
+ }
+ }
+ }
+ ]
+}
+```
+
+To see all the claims supported by Codefresh OIDC provider, see `claims_supported` entries at https://oidc.mydomain.com/.well-known/openid-configuration
+```json
+"claims_supported": [
+ "sub",
+ "account_id",
+ "account_name",
+ "pipeline_id",
+ "pipeline_name",
+ "workflow_id",
+ "initiator",
+ "scm_user_name",
+ "scm_repo_url",
+ "scm_ref",
+ "scm_pull_request_target_branch",
+ "sid",
+ "auth_time",
+ "iss"
+]
+```
+
+#### Using OIDC in Codefresh Builds
+
+Use [obtain-oidc-id-token](https://github.com/codefresh-io/steps/blob/822afc0a9a128384e76459c6573628020a2cf404/incubating/obtain-oidc-id-token/step.yaml#L27-L58) and [aws-sts-assume-role-with-web-identity](https://github.com/codefresh-io/steps/blob/822afc0a9a128384e76459c6573628020a2cf404/incubating/aws-sts-assume-role-with-web-identity/step.yaml#L29-L63) steps to exchange the OIDC token (JWT) for a cloud access token.
+
+## Maintaining MongoDB Indexes
+
+Sometimes, in new releases of Codefresh On-Prem, index requirements change. When this happens, it's mentioned in the [Upgrading section](#upgrading) for the specific release.
+
+> ℹ️ If you're upgrading from version `X` to version `Y`, and index requirements were updated in any of the intermediate versions, you only need to align your indexes with the index requirements of version `Y`. To do that, follow [Index alignment](#index-alignment) instructions.
+
+### Index alignment
+
+The required index definitions for each release can be found at the following resources:
+
+- `2.6`
+- `2.7`
+- `2.8`
+
+The indexes are stored in JSON files with keys and options specified.
+
+The directory structure is:
+
+```console
+indexes
+├── # MongoDB database name
+│ ├── .json # MongoDB indexes for the specified collection
+```
+
+**Overview of the index alignment process:**
+
+1. Identify the differences between the indexes in your MongoDB instance and the required index definitions.
+2. Create any missing indexes one by one. (It's important not to create them in bulk.)
+3. Perform the upgrade of Codefresh On-Prem installation.
+4. Then remove any unnecessary indexes.
+
+> ⚠️ **Note! Any changes to indexes should be performed during a defined maintenance window or during periods of lowest traffic to MongoDB.**
+>
+> Building indexes during time periods where the target collection is under heavy write load can result in reduced write performance and longer index builds. ([*Source: MongoDB official documentation*](https://www.mongodb.com/docs/manual/core/index-creation/#index-build-impact-on-database-performance))
+>
+> Even minor changes to indexes (e.g., index removal) can cause brief but noticeable performance degradation ([*Source: MongoDB official documentation*](https://www.mongodb.com/docs/manual/core/query-plans/#plan-cache-flushes))
+
+#### Self-hosted MongoDB
+
+For self-hosted MongoDB, follow the instructions below:
+
+- Connect to the MongoDB server using the [mongosh](https://www.mongodb.com/docs/mongodb-shell/install/) shell. Open your terminal or command prompt and run the following command, replacing `` with the appropriate MongoDB connection string for your server:
+
+```shell
+mongosh ""
+```
+
+- Retrieve the list of indexes for a specific collection:
+
+```js
+db.getSiblingDB('').getCollection('').getIndexes()
+```
+
+- Compare your indexes with the required indexes for the target release, and adjust them by creating any missing indexes or removing any unnecessary ones
+
+**Index creation**
+
+> ⚠ **Note! Always create indexes sequentially, one by one. Don't create them in bulk.**
+
+- To create an index, use the `createIndex()` method:
+
+```js
+db.getSiblingDB('').getCollection('').createIndex(, )
+```
+
+After executing the `createIndex()` command, you should see a result indicating that the index was created successfully.
+
+**Index removal**
+
+- To remove an index, use the `dropIndex()` method with ``:
+
+```js
+db.getSiblingDB('').getCollection('').dropIndex('')
+```
+
+#### Atlas Database
+
+If you're hosting MongoDB on [Atlas](https://www.mongodb.com/atlas/database), use the following [Manage Indexes](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/) guide to View, Create or Remove indexes.
+
+> ⚠️ **Important!** In Atlas, for production environments, it is recommended to use rolling index builds by enabling the "Build index via rolling process" checkbox. ([*MongoDB official documentation*](https://www.mongodb.com/docs/v6.0/tutorial/build-indexes-on-replica-sets/))
+
+## Upgrading
+
+### To 2-0-0
+
+This major chart version change (v1.4.X -> v2.0.0) contains some **incompatible breaking change needing manual actions**.
+
+**Before applying the upgrade, read through this section!**
+
+#### ⚠️ New Services
+
+Codefesh 2.0 chart includes additional dependent microservices (charts):
+- `argo-platform`: Main Codefresh GitOps module.
+- `internal-gateway`: NGINX that proxies requests to the correct components (api-graphql, api-events, ui).
+- `argo-hub-platform`: Service for Argo Workflow templates.
+- `platform-analytics` and `etl-starter`: Service for [Pipelines dasboard](https://codefresh.io/docs/docs/dashboards/home-dashboard/#pipelines-dashboard)
+
+These services require additional databases in MongoDB (`audit`/`read-models`/`platform-analytics-postgres`) and in Postgresql (`analytics` and `analytics_pre_aggregations`)
+The helm chart is configured to re-run seed jobs to create necessary databases and users during the upgrade.
+
+```yaml
+seed:
+ # -- Enable all seed jobs
+ enabled: true
+```
+
+#### ⚠️ New MongoDB Indexes
+
+Starting from version 2.0.0, two new MongoDB indexes have been added that are vital for optimizing database queries and enhancing overall system performance. It is crucial to create these indexes before performing the upgrade to avoid any potential performance degradation.
+
+- `account_1_annotations.key_1_annotations.value_1` (db: `codefresh`; collection: `annotations`)
+```json
+{
+ "account" : 1,
+ "annotations.key" : 1,
+ "annotations.value" : 1
+}
+```
+
+- `accountId_1_entityType_1_entityId_1` (db: `codefresh`; collection: `workflowprocesses`)
+
+```json
+{
+ "accountId" : 1,
+ "entityType" : 1,
+ "entityId" : 1
+}
+```
+
+To prevent potential performance degradation during the upgrade, it is important to schedule a maintenance window during a period of low activity or minimal user impact and create the indexes mentioned above before initiating the upgrade process. By proactively creating these indexes, you can avoid the application automatically creating them during the upgrade and ensure a smooth transition with optimized performance.
+
+**Index Creation**
+
+If you're hosting MongoDB on [Atlas](https://www.mongodb.com/atlas/database), use the following [Create, View, Drop, and Hide Indexes](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/) guide to create indexes mentioned above. It's important to create them in a rolling fashion (i.e. **Build index via rolling process** checkbox enabled) in produciton environment.
+
+For self-hosted MongoDB, see the following instruction:
+
+- Connect to the MongoDB server using the [mongosh](https://www.mongodb.com/docs/mongodb-shell/install/) shell. Open your terminal or command prompt and run the following command, replacing with the appropriate MongoDB connection string for your server:
+```console
+mongosh ""
+```
+
+- Once connected, switch to the `codefresh` database where the index will be located using the `use` command.
+```console
+use codefresh
+```
+
+- To create the indexes, use the createIndex() method. The createIndex() method should be executed on the db object.
+```console
+db.workflowprocesses.createIndex({ account: 1, 'annotations.key': 1, 'annotations.value': 1 }, { name: 'account_1_annotations.key_1_annotations.value_1', sparse: true, background: true })
+```
+
+```console
+db.annotations.createIndex({ accountId: 1, entityType: 1, entityId: 1 }, { name: 'accountId_1_entityType_1_entityId_1', background: true })
+```
+After executing the createIndex() command, you should see a result indicating the successful creation of the index.
+
+#### ⚠️ [Kcfi](https://github.com/codefresh-io/kcfi) Deprecation
+
+This major release deprecates [kcfi](https://github.com/codefresh-io/kcfi) installer. The recommended way to install Codefresh On-Prem is **Helm**.
+Due to that, Kcfi `config.yaml` will not be compatible for Helm-based installation.
+You still can reuse the same `config.yaml` for the Helm chart, but you need to remove (or update) the following sections.
+
+* `.Values.metadata` is deprecated. Remove it from `config.yaml`
+
+*1.4.x `config.yaml`*
+```yaml
+metadata:
+ kind: codefresh
+ installer:
+ type: helm
+ helm:
+ chart: codefresh
+ repoUrl: http://chartmuseum.codefresh.io/codefresh
+ version: 1.4.x
+```
+
+* `.Values.kubernetes` is deprecated. Remove it from `config.yaml`
+
+*1.4.x `config.yaml`*
+```yaml
+kubernetes:
+ namespace: codefresh
+ context: context-name
+```
+
+* `.Values.tls` (`.Values.webTLS`) is moved under `.Values.ingress.tls`. Remove `.Values.tls` from `config.yaml` afterwards.
+
+ See full [values.yaml](./values.yaml#L92).
+
+*1.4.x `config.yaml`*
+```yaml
+tls:
+ selfSigned: false
+ cert: certs/certificate.crt
+ key: certs/private.key
+```
+
+*2.0.0 `config.yaml`*
+```yaml
+# -- Ingress
+ingress:
+ # -- Enable the Ingress
+ enabled: true
+ # -- Set the ingressClass that is used for the ingress.
+ ingressClassName: nginx-codefresh
+ tls:
+ # -- Enable TLS
+ enabled: true
+ # -- Default secret name to be created with provided `cert` and `key` below
+ secretName: "star.codefresh.io"
+ # -- Certificate (base64 encoded)
+ cert: "LS0tLS1CRUdJTiBDRVJ...."
+ # -- Private key (base64 encoded)
+ key: "LS0tLS1CRUdJTiBSU0E..."
+ # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`)
+ existingSecret: ""
+```
+
+* `.Values.images` is deprecated. Remove `.Values.images` from `config.yaml`.
+
+ - `.Values.images.codefreshRegistrySa` is changed to `.Values.imageCredentials`
+
+ - `.Values.privateRegistry.address` is changed to `.Values.global.imageRegistry` (no trailing slash `/` at the end)
+
+ See full `values.yaml` [here](./values.yaml#L2) and [here](./values.yaml#L143).
+
+*1.4.x `config.yaml`*
+```yaml
+images:
+ codefreshRegistrySa: sa.json
+ usePrivateRegistry: true
+ privateRegistry:
+ address: myprivateregistry.domain
+ username: username
+ password: password
+```
+
+*2.0.0 `config.yaml`*
+```yaml
+# -- Credentials for Image Pull Secret object
+imageCredentials: {}
+# Pass sa.json (as a single line). Obtain GCR Service Account JSON (sa.json) at support@codefresh.io
+# E.g.:
+# imageCredentials:
+# registry: gcr.io
+# username: _json_key
+# password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }'
+```
+
+*2.0.0 `config.yaml`*
+```yaml
+global:
+ # -- Global Docker image registry
+ imageRegistry: "myprivateregistry.domain"
+```
+
+* `.Values.dbinfra` is deprecated. Remove it from `config.yaml`
+
+*1.4.x `config.yaml`*
+```yaml
+dbinfra:
+ enabled: false
+```
+
+* `.Values.firebaseUrl` and `.Values.firebaseSecret` is moved under `.Values.global`
+
+*1.4.x `config.yaml`*
+```yaml
+firebaseUrl:
+firebaseSecret:
+newrelicLicenseKey:
+```
+
+*2.0.0 `config.yaml`*
+```yaml
+global:
+ # -- Firebase URL for logs streaming.
+ firebaseUrl: ""
+ # -- Firebase Secret.
+ firebaseSecret: ""
+ # -- New Relic Key
+ newrelicLicenseKey: ""
+```
+
+* `.Values.global.certsJobs` and `.Values.global.seedJobs` is deprecated. Use `.Values.seed.mongoSeedJob` and `.Values.seed.postgresSeedJob`.
+
+ See full [values.yaml](./values.yaml#L42).
+
+*1.4.x `config.yaml`*
+```yaml
+global:
+ certsJobs: true
+ seedJobs: true
+```
+
+*2.0.0 `config.yaml`*
+```yaml
+seed:
+ # -- Enable all seed jobs
+ enabled: true
+ # -- Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases.
+ # @default -- See below
+ mongoSeedJob:
+ enabled: true
+ # -- Postgres Seed Job. Required at first install. Creates required user and databases.
+ # @default -- See below
+ postgresSeedJob:
+ enabled: true
+```
+
+#### ⚠️ Migration to [Library Charts](https://helm.sh/docs/topics/library_charts/)
+
+All Codefresh subchart templates (i.e. `cfapi`, `cfui`, `pipeline-manager`, `context-manager`, etc) have been migrated to use Helm [library charts](https://helm.sh/docs/topics/library_charts/).
+That allows unifying the values structure across all Codefresh-owned charts. However, there are some **immutable** fields in the old charts which cannot be upgraded during a regular `helm upgrade`, and require additional manual actions.
+
+Run the following commands before appying the upgrade.
+
+* Delete `cf-runner` and `cf-builder` stateful sets.
+
+```console
+kubectl delete sts cf-runner --namespace $NAMESPACE
+kubectl delete sts cf-builder --namespace $NAMESPACE
+```
+
+* Delete all jobs
+
+```console
+kubectl delete job --namespace $NAMESPACE -l release=cf
+```
+
+* In `values.yaml`/`config.yaml` remove `.Values.nomios.ingress` section if you have it
+
+```yaml
+nomios:
+ # Remove ingress section
+ ingress:
+ ...
+```
+
+### To 2-0-12
+
+#### ⚠️ Legacy ChartMuseum subchart deprecation
+
+Due to deprecation of legacy ChartMuseum subchart in favor of upstream [chartmuseum](https://github.com/chartmuseum/charts/tree/main/src/chartmuseum), you need to remove the old deployment before the upgrade due to **immutable** `matchLabels` field change in the deployment spec.
+
+```console
+kubectl delete deploy cf-chartmuseum --namespace $NAMESPACE
+```
+
+#### ⚠️ Affected values
+
+- If you have `.persistence.enabled=true` defined and NOT `.persistence.existingClaim` like:
+
+```yaml
+helm-repo-manager:
+ chartmuseum:
+ persistence:
+ enabled: true
+```
+then you **have to backup** the content of old PVC (mounted as `/storage` in the old deployment) **before the upgrade**!
-- Checkout from the corresponding `release-.` branch
```shell
-git checkout -b onprem-X.Y.Z release-X.Y
-```
-- Update `.version` in Chart.yaml
-- Update `artifacthub.io/changes` annotation in Chart.yaml
-- *optional* Update `dependencies` in Chart.yaml
-- *optional* Update `values.yaml`, `templates/**`, etc with required changes
-- Run `helm dep update` to update dependencies
-- *optional* Run `./codefresh/.ci/runtime-images.sh`
-- Run `./codefresh/.ci/helm-docs.sh`
-- Commit changes and open the PR against the corresponding `release-.` branch
-- Comment `/test` to trigger CI pipeline
-- Merge the PR after successful CI build
+POD_NAME=$(kubectl get pod -l app=chartmuseum -n $NAMESPACE --no-headers -o custom-columns=":metadata.name")
+kubectl cp -n $NAMESPACE $POD_NAME:/storage $(pwd)/storage
+```
+
+**After the upgrade**, restore the content into new deployment:
+```shell
+POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=chartmuseum -n $NAMESPACE --no-headers -o custom-columns=":metadata.name")
+kubectl cp -n $NAMESPACE $(pwd)/storage $POD_NAME:/storage
+```
+
+- If you have `.persistence.existingClaim` defined, you can keep it as is:
+```yaml
+helm-repo-manager:
+ chartmuseum:
+ existingClaim: my-claim-name
+```
+
+- If you have `.Values.global.imageRegistry` specified, it **won't be** applied for the new chartmuseum subchart. Add image registry explicitly for the subchart as follows
+
+```yaml
+global:
+ imageRegistry: myregistry.domain.com
+
+helm-repo-manager:
+ chartmuseum:
+ image:
+ repository: myregistry.domain.com/codefresh/chartmuseum
+```
+
+### To 2-0-17
+
+#### ⚠️ Affected values
+
+Values structure for argo-platform images has been changed.
+Added `registry` to align with the rest of the services.
+
+> values for <= v2.0.16
+```yaml
+argo-platform:
+ api-graphql:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-api-graphql
+ abac:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-abac
+ analytics-reporter:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-analytics-reporter
+ api-events:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-api-events
+ audit:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-audit
+ cron-executor:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-cron-executor
+ event-handler:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-event-handler
+ ui:
+ image:
+ repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-ui
+```
+
+> values for >= v2.0.17
+
+```yaml
+argo-platform:
+ api-graphql:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-api-graphql
+ abac:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-abac
+ analytics-reporter:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-analytics-reporter
+ api-events:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-api-events
+ audit:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-audit
+ cron-executor:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-cron-executor
+ event-handler:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-event-handler
+ ui:
+ image:
+ registry: gcr.io/codefresh-enterprise
+ repository: codefresh-io/argo-platform-ui
+```
+
+### To 2-1-0
+
+### [What's new in 2.1.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-21)
+
+#### Affected values:
+
+- [Legacy ChartMuseum subchart deprecation](#to-2-0-12)
+- [Argo-Platform images values structure change](#to-2-0-17)
+- **Changed** default ingress paths. All paths point to `internal-gateway` now. **Remove any overrides at `.Values.ingress.services`!** (updated example for ALB)
+- **Deprecated** `global.mongoURI`. **Supported for backward compatibility!**
+- **Added** `global.mongodbProtocol` / `global.mongodbUser` / `global.mongodbPassword` / `global.mongodbHost` / `global.mongodbOptions`
+- **Added** `global.mongodbUserSecretKeyRef` / `global.mongodbPasswordSecretKeyRef` / `global.mongodbHostSecretKeyRef`
+- **Added** `seed.mongoSeedJob.mongodbRootUserSecretKeyRef` / `seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef`
+- **Added** `seed.postgresSeedJob.postgresUserSecretKeyRef` / `seed.postgresSeedJob.postgresPasswordSecretKeyRef`
+- **Added** `global.firebaseUrlSecretKeyRef` / `global.firebaseSecretSecretKeyRef`
+- **Added** `global.postgresUserSecretKeyRef` / `global.postgresPasswordSecretKeyRef` / `global.postgresHostnameSecretKeyRef`
+- **Added** `global.rabbitmqUsernameSecretKeyRef` / `global.rabbitmqPasswordSecretKeyRef` / `global.rabbitmqHostnameSecretKeyRef`
+- **Added** `global.redisPasswordSecretKeyRef` / `global.redisUrlSecretKeyRef`
+
+- **Removed** `global.runtimeMongoURI` (defaults to `global.mongoURI` or `global.mongodbHost`/`global.mongodbHostSecretKeyRef`/etc like values)
+- **Removed** `global.runtimeMongoDb` (defaults to `global.mongodbDatabase`)
+- **Removed** `global.runtimeRedisHost` (defaults to `global.redisUrl`/`global.redisUrlSecretKeyRef` or `global.redisService`)
+- **Removed** `global.runtimeRedisPort` (defaults to `global.redisPort`)
+- **Removed** `global.runtimeRedisPassword` (defaults to `global.redisPassword`/`global.redisPasswordSecretKeyRef`)
+- **Removed** `global.runtimeRedisDb` (defaults to values below)
+
+```yaml
+cfapi:
+ env:
+ RUNTIME_REDIS_DB: 0
+
+cf-broadcaster:
+ env:
+ REDIS_DB: 0
+```
+
+### To 2-1-7
+
+⚠️⚠️⚠️
+> Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh`
+
+> Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh`
+
+### To 2-2-0
+
+### [What's new in 2.2.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-22)
+
+#### MongoDB 5.x
+
+Codefresh On-Prem 2.2.x uses MongoDB 5.x (4.x is still supported). If you run external MongoDB, it is **highly** recommended to upgrade it to 5.x after upgrading Codefresh On-Prem to 2.2.x.
+
+#### Redis HA
+
+> If you run external Redis, this is not applicable to you.
+
+Codefresh On-Prem 2.2.x adds (not replaces!) an **optional** Redis-HA (master/slave configuration with Sentinel sidecars for failover management) instead of a single Redis instance.
+To enable it, see the following values:
+
+```yaml
+global:
+ redisUrl: cf-redis-ha-haproxy # Replace `cf` with your Helm release name
+
+# -- Disable standalone Redis instance
+redis:
+ enabled: false
+
+# -- Enable Redis HA
+redis-ha:
+ enabled: true
+```
+
+### To 2-3-0
+
+### [What's new in 2.3.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-23)
+
+⚠️ This major release changes default registry for Codefresh **private** images from GCR (`gcr.io`) to GAR (`us-docker.pkg.dev`)
+
+Update `.Values.imageCredentials.registry` to `us-docker.pkg.dev` if it's explicitly set to `gcr.io` in your values file.
+
+Default `.Values.imageCredentials` for Onprem **v2.2.x and below**
+```yaml
+imageCredentials:
+ registry: gcr.io
+ username: _json_key
+ password:
+```
+
+Default `.Values.imageCredentials` for Onprem **v2.3.x and above**
+```yaml
+imageCredentials:
+ registry: us-docker.pkg.dev
+ username: _json_key
+ password:
+```
+
+## Rollback
+
+Use `helm history` to determine which release has worked, then use `helm rollback` to perform a rollback
+
+> When rollback from 2.x prune these resources due to immutabled fields changes
+
+```console
+kubectl delete sts cf-runner --namespace $NAMESPACE
+kubectl delete sts cf-builder --namespace $NAMESPACE
+kubectl delete deploy cf-chartmuseum --namespace $NAMESPACE
+kubectl delete job --namespace $NAMESPACE -l release=$RELEASE_NAME
+```
+
+```console
+helm rollback $RELEASE_NAME $RELEASE_NUMBER \
+ --namespace $NAMESPACE \
+ --debug \
+ --wait
+```
+
+### To 2-4-0
+
+### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24)
+
+#### New cfapi-auth role
+
+New `cfapi-auth` role is introduced in 2.4.x.
+
+If you run onprem with [multi-role cfapi configuration](#configuration-with-multi-role-cf-api), make sure to **enable** `cfapi-auth` role:
+
+```yaml
+cfapi-auth:
+ <<: *cf-api
+ enabled: true
+```
+
+#### Default SYSTEM_TYPE for acccounts
+
+Since 2.4.x, `SYSTEM_TYPE` is changed to `PROJECT_ONE` by default.
+
+If you want to preserve original `CLASSIC` values, update cfapi environment variables:
+
+```yaml
+cfapi:
+ container:
+ env:
+ DEFAULT_SYSTEM_TYPE: CLASSIC
+```
+
+### To 2-5-0
+
+### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25)
+
+### To 2-6-0
+
+> ⚠️ **WARNING! MongoDB indexes changed!**
+>
+> Please, follow [Maintaining MongoDB indexes](#maintaining-mongodb-indexes) guide to meet index requirements **BEFORE** the upgrade process.
+
+### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26)
+
+#### Affected values
+
+[Image digests in containers](#image-digests-in-containers)
+
+### To 2-7-0
+
+> ⚠️ **WARNING! MongoDB indexes changed!**
+>
+> Please, follow [Maintaining MongoDB indexes](#maintaining-mongodb-indexes) guide to meet index requirements **BEFORE** the upgrade process.
+
+### [What's new in 2.7.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-27)
+
+#### Affected values
+
+- Added option to provide global `tolerations`/`nodeSelector`/`affinity` for all Codefresh subcharts
+> **Note!** These global settings will not be applied to Bitnami subcharts (e.g. `mongodb`, `redis`, `rabbitmq`, `postgres`. etc)
+
+```yaml
+global:
+ tolerations:
+ - key: "key"
+ operator: "Equal"
+ value: "value"
+ effect: "NoSchedule"
+
+ nodeSelector:
+ key: "value"
+
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "key"
+ operator: "In"
+ values:
+ - "value"
+```
+
+### To 2-8-0
+
+> ⚠️ **WARNING! MongoDB indexes changed!**
+>
+> Please, follow [Maintaining MongoDB indexes](#maintaining-mongodb-indexes) guide to meet index requirements **BEFORE** the upgrade process.
+
+### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28)
+
+### ⚠️ ⚠️ ⚠️ Breaking changes. Read before upgrading!
+
+### MongoDB update
+
+Default MongoDB image is changed from 6.x to 7.x.
+
+If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x.
+
+- **Before the upgrade**, for backward compatibility (in case you need to rollback to 6.x), you should set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file.
+
+```yaml
+mongodb:
+ migration:
+ enabled: true
+ featureCompatibilityVersion: "6.0"
+```
+
+- Perform Codefresh On-Prem upgrade to 2.8.x. Make sure all systems are up and running.
+
+- **After the upgrade**, if all system are stable, you need to set `featureCompatibilityVersion` to `7.0` in your values file and re-deploy the chart.
+
+```yaml
+mongodb:
+ migration:
+ enabled: true
+ featureCompatibilityVersion: "7.0"
+```
+
+⚠️ ⚠️ ⚠️ If FCV (FeatureCompatibilityVersion) is managed by MongoDB itself (i.e. Atlas), you can disable it completely (that is default value in Helm chart)
+
+```yaml
+mongodb:
+ migration:
+ enabled: false
+```
+
+### PostgreSQL update
+
+Default PostgreSQL image is changed from 13.x to 17.x
+
+If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x.
+
+> ⚠️ **Important!**
+> The default SSL configuration may change on your provider's side when you upgrade.
+> Please read the following section before the upgrade: [Using SSL with a PostgreSQL](#using-ssl-with-a-postgresql)
+
+⚠️ ⚠️ ⚠️ 16.x version is also supported (17.x version of PostgreSQL is still in preview on multiple cloud providers)
+
+⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported due to **incompatible breaking changes** in the database files. You will see the following error in the logs:
+```
+postgresql 17:36:28.41 INFO ==> ** Starting PostgreSQL **
+2025-05-21 17:36:28.432 GMT [1] FATAL: database files are incompatible with server
+2025-05-21 17:36:28.432 GMT [1] DETAIL: The data directory was initialized by PostgreSQL version 13, which is not compatible with this version 17.2.
+```
+You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet.
+
+- **Before the upgrade**, backup your data on a separate PVC
+
+- Create PVC with the same or bigger size as your current PostgreSQL PVC:
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: postgresql-dump
+spec:
+ storageClassName:
+ resources:
+ requests:
+ storage:
+ volumeMode: Filesystem
+ accessModes:
+ - ReadWriteOnce
+```
+
+- Create a job to dump the data from the old PostgreSQL StatefulSet into the new PVC:
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: postgresql-dump
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ containers:
+ - name: postgresql-dump
+ image: quay.io/codefresh/postgresql:17
+ resources:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+ env:
+ - name: PGUSER
+ value: ""
+ - name: PGPASSWORD
+ value: ""
+ - name: PGHOST
+ value: ""
+ - name: PGPORT
+ value: ""
+ command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ pg_dumpall --verbose > /opt/postgresql-dump/dump.sql
+ volumeMounts:
+ - name: postgresql-dump
+ mountPath: /opt/postgresql-dump
+ securityContext:
+ runAsUser: 0
+ fsGroup: 0
+ volumes:
+ - name: postgresql-dump
+ persistentVolumeClaim:
+ claimName: postgresql-dump
+ restartPolicy: Never
+```
+
+- Delete old PostgreSQL StatefulSet and PVC
+
+```console
+STS_NAME=$(kubectl get sts -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}')
+PVC_NAME=$(kubectl get pvc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}')
+
+kubectl delete sts $STS_NAME -n $NAMESPACE
+kubectl delete pvc $PVC_NAME -n $NAMESPACE
+```
+
+- Peform the upgrade to 2.8.x with PostgreSQL seed job enabled to re-create users and databases
+
+```yaml
+seed:
+ postgresSeedJob:
+ enabled: true
+```
+
+- Create a job to restore the data from the new PVC into the new PostgreSQL StatefulSet:
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: postgresql-restore
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ containers:
+ - name: postgresql-restore
+ image: quay.io/codefresh/postgresql:17
+ resources:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+ env:
+ - name: PGUSER
+ value: ""
+ - name: PGPASSWORD
+ value: ""
+ - name: PGHOST
+ value: ""
+ - name: PGPORT
+ value: ""
+ command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ psql -f /opt/postgresql-dump/dump.sql
+ volumeMounts:
+ - name: postgresql-dump
+ mountPath: /opt/postgresql-dump
+ securityContext:
+ runAsUser: 0
+ fsGroup: 0
+ volumes:
+ - name: postgresql-dump
+ persistentVolumeClaim:
+ claimName: postgresql-dump
+ restartPolicy: Never
+```
+
+### RabbitMQ update
+
+Default RabbitMQ image is changed from 3.x to 4.0
+
+If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0
+
+For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags.
+
+#### Affected values
+
+- Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts
+
+- Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh`
+
+- `.Values.hooks` was splitted into `.Values.hooks.mongodb` and `.Values.hooks.consul`
+
+### To 3-0-0
+
+#### Affected values
+
+- `.Values.runner` is removed
+
+## Troubleshooting
+
+### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired
+
+Builds are stuck in pending with `Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired`
+
+**Reason:** Runtime certificates have expiried.
+
+To check if runtime internal CA expired:
+
+```console
+kubectl -n $NAMESPACE get secret/cf-codefresh-certs-client -o jsonpath="{.data['ca\.pem']}" | base64 -d | openssl x509 -enddate -noout
+```
+
+**Resolution:** Replace internal CA and re-issue dind certs for runtime
+
+- Delete k8s secret with expired certificate
+```console
+kubectl -n $NAMESPACE delete secret cf-codefresh-certs-client
+```
+
+- Set `.Values.global.gencerts.enabled=true` (`.Values.global.certsJob=true` for onprem < 2.x version)
+
+```yaml
+# -- Job to generate internal runtime secrets.
+# @default -- See below
+gencerts:
+ enabled: true
+```
+
+- Upgrade Codefresh On-Prem Helm release. It will recreate `cf-codefresh-certs-client` secret
+```console
+helm upgrade --install cf codefresh/codefresh \
+ -f cf-values.yaml \
+ --namespace codefresh \
+ --create-namespace \
+ --debug \
+ --wait \
+ --timeout 15m
+```
+
+- Restart `cfapi` and `cfsign` deployments
+
+```console
+kubectl -n $NAMESPACE rollout restart deployment/cf-cfapi
+kubectl -n $NAMESPACE rollout restart deployment/cf-cfsign
+```
+
+**Case A:** Codefresh Runner installed with HELM chart ([charts/cf-runtime](https://github.com/codefresh-io/venona/tree/release-1.0/charts/cf-runtime))
+
+Re-apply the `cf-runtime` helm chart. Post-upgrade `gencerts-dind` helm hook will regenerate the dind certificates using a new CA.
+
+**Case B:** Codefresh Runner installed with legacy CLI ([codefresh runner init](https://codefresh-io.github.io/cli/runner/init/))
+
+Delete `codefresh-certs-server` k8s secret and run [./configure-dind-certs.sh](https://github.com/codefresh-io/venona/blob/release-1.0/charts/cf-runtime/files/configure-dind-certs.sh) in your runtime namespace.
+
+```console
+kubectl -n $NAMESPACE delete secret codefresh-certs-server
+./configure-dind-certs.sh -n $RUNTIME_NAMESPACE https://$CODEFRESH_HOST $CODEFRESH_API_TOKEN
+```
+
+### Consul Error: Refusing to rejoin cluster because the server has been offline for more than the configured server_rejoin_age_max
+
+After platform upgrade, Consul fails with the error `refusing to rejoin cluster because the server has been offline for more than the configured server_rejoin_age_max - consider wiping your data dir`. There is [known issue](https://github.com/hashicorp/consul/issues/20722) of **hashicorp/consul** behaviour. Try to wipe out or delete the consul PV with config data and restart Consul StatefulSet.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| argo-hub-platform | object | See below | argo-hub-platform |
+| argo-platform | object | See below | argo-platform |
+| argo-platform.abac | object | See below | abac |
+| argo-platform.analytics-reporter | object | See below | analytics-reporter |
+| argo-platform.anchors | object | See below | Anchors |
+| argo-platform.api-events | object | See below | api-events |
+| argo-platform.api-graphql | object | See below | api-graphql All other services under `.Values.argo-platform` follows the same values structure. |
+| argo-platform.api-graphql.affinity | object | `{}` | Set pod's affinity |
+| argo-platform.api-graphql.env | object | See below | Env vars |
+| argo-platform.api-graphql.hpa | object | `{"enabled":false}` | HPA |
+| argo-platform.api-graphql.hpa.enabled | bool | `false` | Enable autoscaler |
+| argo-platform.api-graphql.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/argo-platform-api-graphql"}` | Image |
+| argo-platform.api-graphql.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry |
+| argo-platform.api-graphql.image.repository | string | `"codefresh/argo-platform-api-graphql"` | Repository |
+| argo-platform.api-graphql.kind | string | `"Deployment"` | Controller kind. Currently, only `Deployment` is supported |
+| argo-platform.api-graphql.pdb | object | `{"enabled":false}` | PDB |
+| argo-platform.api-graphql.pdb.enabled | bool | `false` | Enable pod disruption budget |
+| argo-platform.api-graphql.podAnnotations | object | `{"checksum/secret":"{{ include (print $.Template.BasePath \"/api-graphql/secret.yaml\") . | sha256sum }}"}` | Set pod's annotations |
+| argo-platform.api-graphql.resources | object | See below | Resource limits and requests |
+| argo-platform.api-graphql.secrets | object | See below | Secrets |
+| argo-platform.api-graphql.tolerations | list | `[]` | Set pod's tolerations |
+| argo-platform.argocd-hooks | object | See below | argocd-hooks Don't enable! Not used in onprem! |
+| argo-platform.audit | object | See below | audit |
+| argo-platform.broadcaster | object | See below | broadcaster |
+| argo-platform.cron-executor | object | See below | cron-executor |
+| argo-platform.event-handler | object | See below | event-handler |
+| argo-platform.promotion-orchestrator | object | See below | promotion-orchestrator |
+| argo-platform.runtime-manager | object | See below | runtime-manager Don't enable! Not used in onprem! |
+| argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! |
+| argo-platform.ui | object | See below | ui |
+| argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! |
+| builder | object | `{"affinity":{},"enabled":true,"imagePullSecrets":[],"initContainers":{"register":{"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/curl","tag":"8.14.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder |
+| cf-broadcaster | object | See below | broadcaster |
+| cf-oidc-provider | object | See below | cf-oidc-provider |
+| cf-platform-analytics-etlstarter | object | See below | etl-starter |
+| cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart |
+| cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true}` | Only postgres ETL should be running in onprem |
+| cf-platform-analytics-platform | object | See below | platform-analytics |
+| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api |
+| cfapi-internal.<<.affinity | object | `{}` | Affinity configuration |
+| cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration |
+| cfapi-internal.<<.container.env | object | See below | Env vars |
+| cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image |
+| cfapi-internal.<<.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix |
+| cfapi-internal.<<.container.image.repository | string | `"codefresh/cf-api"` | Repository |
+| cfapi-internal.<<.controller | object | `{"replicas":2}` | Controller configuration |
+| cfapi-internal.<<.controller.replicas | int | `2` | Replicas number |
+| cfapi-internal.<<.enabled | bool | `true` | Enable cf-api |
+| cfapi-internal.<<.hpa | object | `{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70}` | Autoscaler configuration |
+| cfapi-internal.<<.hpa.enabled | bool | `false` | Enable HPA |
+| cfapi-internal.<<.hpa.maxReplicas | int | `10` | Maximum number of replicas |
+| cfapi-internal.<<.hpa.minReplicas | int | `2` | Minimum number of replicas |
+| cfapi-internal.<<.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage |
+| cfapi-internal.<<.imagePullSecrets | list | `[]` | Image pull secrets |
+| cfapi-internal.<<.nodeSelector | object | `{}` | Node selector configuration |
+| cfapi-internal.<<.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration |
+| cfapi-internal.<<.pdb.enabled | bool | `false` | Enable PDB |
+| cfapi-internal.<<.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage |
+| cfapi-internal.<<.podSecurityContext | object | `{}` | Pod security context configuration |
+| cfapi-internal.<<.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits |
+| cfapi-internal.<<.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration |
+| cfapi-internal.<<.tolerations | list | `[]` | Tolerations configuration |
+| cfapi-internal.enabled | bool | `false` | |
+| cfapi.affinity | object | `{}` | Affinity configuration |
+| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration |
+| cfapi.container.env | object | See below | Env vars |
+| cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image |
+| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix |
+| cfapi.container.image.repository | string | `"codefresh/cf-api"` | Repository |
+| cfapi.controller | object | `{"replicas":2}` | Controller configuration |
+| cfapi.controller.replicas | int | `2` | Replicas number |
+| cfapi.enabled | bool | `true` | Enable cf-api |
+| cfapi.hpa | object | `{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70}` | Autoscaler configuration |
+| cfapi.hpa.enabled | bool | `false` | Enable HPA |
+| cfapi.hpa.maxReplicas | int | `10` | Maximum number of replicas |
+| cfapi.hpa.minReplicas | int | `2` | Minimum number of replicas |
+| cfapi.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage |
+| cfapi.imagePullSecrets | list | `[]` | Image pull secrets |
+| cfapi.nodeSelector | object | `{}` | Node selector configuration |
+| cfapi.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration |
+| cfapi.pdb.enabled | bool | `false` | Enable PDB |
+| cfapi.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage |
+| cfapi.podSecurityContext | object | `{}` | Pod security context configuration |
+| cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits |
+| cfapi.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration |
+| cfapi.tolerations | list | `[]` | Tolerations configuration |
+| cfsign | object | See below | tls-sign |
+| cfui | object | See below | cf-ui |
+| charts-manager | object | See below | charts-manager |
+| ci.enabled | bool | `false` | |
+| cluster-providers | object | See below | cluster-providers |
+| consul | object | See below | consul Ref: https://github.com/bitnami/charts/blob/main/bitnami/consul/values.yaml |
+| context-manager | object | See below | context-manager |
+| cronus | object | See below | cronus |
+| developmentChart | bool | `false` | |
+| dockerconfigjson | object | `{}` | DEPRECATED - Use `.imageCredentials` instead dockerconfig (for `kcfi` tool backward compatibility) for Image Pull Secret. Obtain GCR Service Account JSON (sa.json) at support@codefresh.io ```shell GCR_SA_KEY_B64=$(cat sa.json | base64) DOCKER_CFG_VAR=$(echo -n "_json_key:$(echo ${GCR_SA_KEY_B64} | base64 -d)" | base64 | tr -d '\n') ``` E.g.: dockerconfigjson: auths: gcr.io: auth: |
+| gencerts | object | See below | Job to generate internal runtime secrets. Required at first install. |
+| gitops-dashboard-manager | object | See below | gitops-dashboard-manager |
+| global | object | See below | Global parameters |
+| global.affinity | object | `{}` | Global affinity constraints Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
+| global.appProtocol | string | `"https"` | Application protocol. |
+| global.appUrl | string | `"onprem.codefresh.local"` | Application root url. Will be used in Ingress objects as hostname |
+| global.broadcasterPort | int | `80` | Default broadcaster service port. |
+| global.broadcasterService | string | `"cf-broadcaster"` | Default broadcaster service name. |
+| global.builderService | string | `"builder"` | Default builder service name. |
+| global.cfapiEndpointsService | string | `"cfapi"` | Default API endpoints service name |
+| global.cfapiInternalPort | int | `3000` | Default API service port. |
+| global.cfapiService | string | `"cfapi"` | Default API service name. |
+| global.cfk8smonitorService | string | `"k8s-monitor"` | Default k8s-monitor service name. |
+| global.chartsManagerPort | int | `9000` | Default chart-manager service port. |
+| global.chartsManagerService | string | `"charts-manager"` | Default charts-manager service name. |
+| global.clusterProvidersPort | int | `9000` | Default cluster-providers service port. |
+| global.clusterProvidersService | string | `"cluster-providers"` | Default cluster-providers service name. |
+| global.codefresh | string | `"codefresh"` | LEGACY - Keep as is! Used for subcharts to access external secrets and configmaps. |
+| global.consulHttpPort | int | `8500` | Default Consul service port. |
+| global.consulService | string | `"consul-headless"` | Default Consul service name. |
+| global.contextManagerPort | int | `9000` | Default context-manager service port. |
+| global.contextManagerService | string | `"context-manager"` | Default context-manager service name. |
+| global.dnsService | string | `"kube-dns"` | Definitions for internal-gateway nginx resolver |
+| global.env | object | `{}` | Global Env vars |
+| global.firebaseSecret | string | `""` | Firebase Secret in plain text |
+| global.firebaseSecretSecretKeyRef | object | `{}` | Firebase Secret from existing secret |
+| global.firebaseUrl | string | `"https://codefresh-on-prem.firebaseio.com/on-prem"` | Firebase URL for logs streaming in plain text |
+| global.firebaseUrlSecretKeyRef | object | `{}` | Firebase URL for logs streaming from existing secret |
+| global.gitopsDashboardManagerDatabase | string | `"pipeline-manager"` | Default gitops-dashboarad-manager db collection. |
+| global.gitopsDashboardManagerPort | int | `9000` | Default gitops-dashboarad-manager service port. |
+| global.gitopsDashboardManagerService | string | `"gitops-dashboard-manager"` | Default gitops-dashboarad-manager service name. |
+| global.helmRepoManagerService | string | `"helm-repo-manager"` | Default helm-repo-manager service name. |
+| global.hermesService | string | `"hermes"` | Default hermes service name. |
+| global.imagePullSecrets | list | `["codefresh-registry"]` | Global Docker registry secret names as array |
+| global.imageRegistry | string | `""` | Global Docker image registry |
+| global.kubeIntegrationPort | int | `9000` | Default kube-integration service port. |
+| global.kubeIntegrationService | string | `"kube-integration"` | Default kube-integration service name. |
+| global.mongoURI | string | `""` | LEGACY (but still supported) - Use `.global.mongodbProtocol` + `.global.mongodbUser/mongodbUserSecretKeyRef` + `.global.mongodbPassword/mongodbPasswordSecretKeyRef` + `.global.mongodbHost/mongodbHostSecretKeyRef` + `.global.mongodbOptions` instead Default MongoDB URI. Will be used by ALL services to communicate with MongoDB. Ref: https://www.mongodb.com/docs/manual/reference/connection-string/ Note! `defaultauthdb` is omitted on purpose (i.e. mongodb://.../[defaultauthdb]). |
+| global.mongodbDatabase | string | `"codefresh"` | Default MongoDB database name. Don't change! |
+| global.mongodbHost | string | `"cf-mongodb"` | Set mongodb host in plain text |
+| global.mongodbHostSecretKeyRef | object | `{}` | Set mongodb host from existing secret |
+| global.mongodbOptions | string | `"retryWrites=true"` | Set mongodb connection string options Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options |
+| global.mongodbPassword | string | `"mTiXcU2wafr9"` | Set mongodb password in plain text |
+| global.mongodbPasswordSecretKeyRef | object | `{}` | Set mongodb password from existing secret |
+| global.mongodbProtocol | string | `"mongodb"` | Set mongodb protocol (`mongodb` / `mongodb+srv`) |
+| global.mongodbRootUser | string | `""` | DEPRECATED Use `.Values.seed.mongoSeedJob` instead. |
+| global.mongodbUser | string | `"cfuser"` | Set mongodb user in plain text |
+| global.mongodbUserSecretKeyRef | object | `{}` | Set mongodb user from existing secret |
+| global.natsPort | int | `4222` | Default nats service port. |
+| global.natsService | string | `"nats"` | Default nats service name. |
+| global.newrelicLicenseKey | string | `""` | New Relic Key |
+| global.nodeSelector | object | `{}` | Global nodeSelector constraints Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
+| global.oidcProviderClientId | string | `nil` | Default OIDC Provider service client ID in plain text. |
+| global.oidcProviderClientSecret | string | `nil` | Default OIDC Provider service client secret in plain text. |
+| global.oidcProviderPort | int | `443` | Default OIDC Provider service port. |
+| global.oidcProviderProtocol | string | `"https"` | Default OIDC Provider service protocol. |
+| global.oidcProviderService | string | `""` | Default OIDC Provider service name (Provider URL). |
+| global.oidcProviderTokenEndpoint | string | `"/token"` | Default OIDC Provider service token endpoint. |
+| global.pipelineManagerPort | int | `9000` | Default pipeline-manager service port. |
+| global.pipelineManagerService | string | `"pipeline-manager"` | Default pipeline-manager service name. |
+| global.platformAnalyticsPort | int | `80` | Default platform-analytics service port. |
+| global.platformAnalyticsService | string | `"platform-analytics"` | Default platform-analytics service name. |
+| global.postgresDatabase | string | `"codefresh"` | Set postgres database name |
+| global.postgresHostname | string | `""` | Set postgres service address in plain text. Takes precedence over `global.postgresService`! |
+| global.postgresHostnameSecretKeyRef | object | `{}` | Set postgres service from existing secret |
+| global.postgresPassword | string | `"eC9arYka4ZbH"` | Set postgres password in plain text |
+| global.postgresPasswordSecretKeyRef | object | `{}` | Set postgres password from existing secret |
+| global.postgresPort | int | `5432` | Set postgres port number |
+| global.postgresService | string | `"postgresql"` | Default internal postgresql service address from bitnami/postgresql subchart |
+| global.postgresUser | string | `"postgres"` | Set postgres user in plain text |
+| global.postgresUserSecretKeyRef | object | `{}` | Set postgres user from existing secret |
+| global.rabbitService | string | `"rabbitmq:5672"` | Default internal rabbitmq service address from bitnami/rabbitmq subchart. |
+| global.rabbitmqHostname | string | `""` | Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! |
+| global.rabbitmqHostnameSecretKeyRef | object | `{}` | Set rabbitmq service address from existing secret. |
+| global.rabbitmqPassword | string | `"cVz9ZdJKYm7u"` | Set rabbitmq password in plain text |
+| global.rabbitmqPasswordSecretKeyRef | object | `{}` | Set rabbitmq password from existing secret |
+| global.rabbitmqProtocol | string | `"amqp"` | Set rabbitmq protocol (`amqp/amqps`) |
+| global.rabbitmqUsername | string | `"user"` | Set rabbitmq username in plain text |
+| global.rabbitmqUsernameSecretKeyRef | object | `{}` | Set rabbitmq username from existing secret |
+| global.redisPassword | string | `"hoC9szf7NtrU"` | Set redis password in plain text |
+| global.redisPasswordSecretKeyRef | object | `{}` | Set redis password from existing secret |
+| global.redisPort | int | `6379` | Set redis service port |
+| global.redisService | string | `"redis-master"` | Default internal redis service address from bitnami/redis subchart |
+| global.redisUrl | string | `""` | Set redis hostname in plain text. Takes precedence over `global.redisService`! |
+| global.redisUrlSecretKeyRef | object | `{}` | Set redis hostname from existing secret. |
+| global.runtimeEnvironmentManagerPort | int | `80` | Default runtime-environment-manager service port. |
+| global.runtimeEnvironmentManagerService | string | `"runtime-environment-manager"` | Default runtime-environment-manager service name. |
+| global.security | object | `{"allowInsecureImages":true}` | Bitnami |
+| global.storageClass | string | `""` | Global StorageClass for Persistent Volume(s) |
+| global.tlsSignPort | int | `4999` | Default tls-sign service port. |
+| global.tlsSignService | string | `"cfsign"` | Default tls-sign service name. |
+| global.tolerations | list | `[]` | Global tolerations constraints Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
+| helm-repo-manager | object | See below | helm-repo-manager |
+| hermes | object | See below | hermes |
+| hooks | object | See below | Pre/post-upgrade Job hooks. |
+| hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.3"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. |
+| hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. |
+| hooks.rabbitmq | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/rabbitmqadmin","tag":"2.8.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Enable stable feature flags in RabbitMQ. |
+| imageCredentials | object | `{}` | Credentials for Image Pull Secret object |
+| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress |
+| ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml |
+| ingress.annotations | object | See below | Set annotations for ingress. |
+| ingress.enabled | bool | `true` | Enable the Ingress |
+| ingress.ingressClassName | string | `"nginx-codefresh"` | Set the ingressClass that is used for the ingress. Default `nginx-codefresh` is created from `ingress-nginx` controller subchart |
+| ingress.labels | object | `{}` | Set labels for ingress |
+| ingress.nameOverride | string | `""` | Override Ingress resource name |
+| ingress.services | object | See below | Default services and corresponding paths |
+| ingress.tls.cert | string | `""` | Certificate (base64 encoded) |
+| ingress.tls.enabled | bool | `false` | Enable TLS |
+| ingress.tls.existingSecret | string | `""` | Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`) |
+| ingress.tls.key | string | `""` | Private key (base64 encoded) |
+| ingress.tls.secretName | string | `"star.codefresh.io"` | Default secret name to be created with provided `cert` and `key` below |
+| internal-gateway | object | See below | internal-gateway |
+| k8s-monitor | object | See below | k8s-monitor |
+| kube-integration | object | See below | kube-integration |
+| mailer.enabled | bool | `false` | |
+| mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml |
+| nats | object | See below | nats Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml |
+| nomios | object | See below | nomios |
+| payments.enabled | bool | `false` | |
+| pipeline-manager | object | See below | pipeline-manager |
+| postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml |
+| postgresql-ha | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/values.yaml |
+| postgresqlCleanJob | object | See below | Maintenance postgresql clean job. Removes a certain number of the last records in the event store table. |
+| rabbitmq | object | See below | rabbitmq Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml |
+| redis | object | See below | redis Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml |
+| redis-ha | object | `{"auth":true,"enabled":false,"haproxy":{"enabled":true,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}}},"persistentVolume":{"enabled":true,"size":"10Gi"},"redis":{"resources":{"requests":{"cpu":"100m","memory":"128Mi"}}},"redisPassword":"hoC9szf7NtrU"}` | redis-ha # Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml |
+| runtime-environment-manager | object | See below | runtime-environment-manager |
+| runtimeImages | object | See below | runtimeImages |
+| salesforce-reporter.enabled | bool | `false` | |
+| seed | object | See below | Seed jobs |
+| seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI |
+| seed.enabled | bool | `true` | Enable all seed jobs |
+| seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. |
+| seed.mongoSeedJob.env | object | `{}` | Extra env variables for seed job. |
+| seed.mongoSeedJob.mongodbRootOptions | string | `""` | Extra options for connection string (e.g. `authSource=admin`). |
+| seed.mongoSeedJob.mongodbRootPassword | string | `"XT9nmM8dZD"` | Root password in plain text (required ONLY for seed job!). |
+| seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret |
+| seed.mongoSeedJob.mongodbRootUser | string | `"root"` | Root user in plain text (required ONLY for seed job!). |
+| seed.mongoSeedJob.mongodbRootUserSecretKeyRef | object | `{}` | Root user from existing secret |
+| seed.postgresSeedJob | object | See below | Postgres Seed Job. Required at first install. Creates required user and databases. |
+| seed.postgresSeedJob.postgresPassword | optional | `""` | Password for "postgres" admin user (required ONLY for seed job!) |
+| seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret |
+| seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. |
+| seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret |
+| segment-reporter.enabled | bool | `false` | |
+| tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes |
+| webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress |
diff --git a/charts/codefresh/README.md.gotmpl b/README.md.gotmpl
similarity index 84%
rename from charts/codefresh/README.md.gotmpl
rename to README.md.gotmpl
index 2d3038ebe..ddceb2b5c 100644
--- a/charts/codefresh/README.md.gotmpl
+++ b/README.md.gotmpl
@@ -24,7 +24,6 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/
- [Configuration with ALB (Application Load Balancer)](#configuration-with-alb-application-load-balancer)
- [Configuration with Private Registry](#configuration-with-private-registry)
- [Configuration with multi-role CF-API](#configuration-with-multi-role-cf-api)
- - [Indexes in MongoDB](#indexes-in-mongodb)
- [High Availability](#high-availability)
- [Mounting private CA certs](#mounting-private-ca-certs)
- [Installing on OpenShift](#installing-on-openshift)
@@ -36,6 +35,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/
- [X-Frame-Options response header](#x-frame-options-response-header)
- [Image digests in containers](#image-digests-in-containers)
- [Configuring OIDC Provider](#configuring-oidc-provider)
+- [Maintaining MongoDB indexes](#maintaining-mongodb-indexes)
- [Upgrading](#upgrading)
- [To 2.0.0](#to-2-0-0)
- [To 2.0.12](#to-2-0-12)
@@ -49,6 +49,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/
- [To 2.6.0](#to-2-6-0)
- [To 2.7.0](#to-2-7-0)
- [To 2.8.0](#to-2-8-0)
+ - [To 3.0.0](#to-3-0-0)
- [Rollback](#rollback)
- [Troubleshooting](#troubleshooting)
- [Values](#values)
@@ -68,7 +69,7 @@ Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/
- GCR Service Account JSON `sa.json` (provided by Codefresh, contact support@codefresh.io)
- Firebase [Realtime Database URL](https://firebase.google.com/docs/database/web/start#create_a_database) with [legacy token](https://firebase.google.com/docs/database/rest/auth#legacy_tokens). See [Firebase Configuration](#firebase-configuration)
- Valid TLS certificates for Ingress
-- When [external](#external-postgressql) PostgreSQL is used, `pg_cron` and `pg_partman` extensions **must be enabled** for [analytics](https://codefresh.io/docs/docs/dashboards/home-dashboard/#pipelines-dashboard) to work (see [AWS RDS example](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL_pg_cron.html#PostgreSQL_pg_cron.enable))
+- When [external](#external-postgressql) PostgreSQL is used, `pg_cron` and `pg_partman` extensions **must be enabled** for [analytics](https://codefresh.io/docs/docs/dashboards/home-dashboard/#pipelines-dashboard) to work (see [AWS RDS example](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL_pg_cron.html#PostgreSQL_pg_cron.enable)). The `pg_cron` extension should be the 1.4 version or higher for Azure Postgres DB.
## Get Repo Info
@@ -81,8 +82,6 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
**Important:** only helm 3.8.0+ is supported
-**Important:** Read about [Indexes in MongoDB](#indexes-in-mongodb) before installation
-
Edit default `values.yaml` or create empty `cf-values.yaml`
- Pass `sa.json` (as a single line) to `.Values.imageCredentials.password`
@@ -95,7 +94,7 @@ imageCredentials:
password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }'
```
-- Specify `.Values.global.appUrl`, `.Values.global.firebaseUrl` and `.Values.global.firebaseSecret`
+- Specify `.Values.global.appUrl`, `.Values.global.firebaseUrl`, `.Values.global.firebaseSecret`, `.Values.global.env.MONGOOSE_AUTO_INDEX`, `.Values.global.env.MONGO_AUTOMATIC_INDEX_CREATION`
```yaml
global:
@@ -120,6 +119,9 @@ global:
# name: my-secret
# key: firebase-secret
+ # -- Enable index creation in MongoDB
+ # This is required for first-time installations!
+ # Before usage in Production, you must set it to `false` or remove it!
env:
MONGOOSE_AUTO_INDEX: "true"
MONGO_AUTOMATIC_INDEX_CREATION: "true"
@@ -179,6 +181,17 @@ ingress-nginx:
--timeout 15m
```
+### ⚠️ **MANDATORY** Post-Installation Action Items
+
+Once your Codefresh On-Prem instance is installed, configured, and confirmed to be ready for production use, the following variables must be set to `false` or removed:
+
+```yaml
+global:
+ env:
+ MONGOOSE_AUTO_INDEX: "false"
+ MONGO_AUTOMATIC_INDEX_CREATION: "false"
+```
+
## Chart Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
@@ -194,9 +207,9 @@ The following table displays the list of **persistent** services created as part
| Database | Purpose | Required version |
| :--- | :---- | :--- |
| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x |
-| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x |
+| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 16.x or 17.x |
| Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x |
-| RabbitMQ | Used for message queueing. | 4.0.x |
+| RabbitMQ | Used for message queueing. | 3.13 \| 4.0.x |
> Running on netfs (nfs, cifs) is not recommended.
@@ -216,6 +229,17 @@ However, you might need to use external services like [MongoDB Atlas Database](h
#### External MongoDB
+> ⚠️ **Important!** If you use MongoDB Atlas, you must create user with `Write` permissions before installing Codefresh:
+> Then, provide the user credentials in the chart values at
+`.Values.global.mongodbUser/mongodbRootUserSecretKeyRef`
+`.Values.global.mongodbPassword/mongodbRootPasswordSecretKeyRef`
+`.Values.seed.mongoSeedJob.mongodbRootUser/mongodbRootUserSecretKeyRef`
+`.Values.seed.mongoSeedJob.mongodbRootPassword/mongodbRootPasswordSecretKeyRef`
+> Ref:
+> [Create Users in Atlas](https://www.mongodb.com/docs/atlas/security-add-mongodb-users/#configure-database-users)
+
+`values.yaml` for external MongoDB:
+
```yaml
seed:
mongoSeedJob:
@@ -388,6 +412,27 @@ postgresql:
enabled: false
```
+##### Using SSL with a PostgreSQL
+
+Provide the following env vars to enforce SSL connection to PostgresSQL:
+
+```yaml
+global:
+ env:
+ # More info in the official docs: https://www.postgresql.org/docs/current/libpq-envars.html
+ PGSSLMODE: "require"
+
+helm-repo-manager:
+ env:
+ POSTGRES_DISABLE_SSL: "false"
+```
+
+> ⚠️ **Important!**
+> We do not support custom CA configuration for PostgreSQL, including self-signed certificates. This may cause incompatibility with some providers' default configurations.
+> In particular, Amazon RDS for PostgreSQL version 15 and later requires SSL encryption by default ([ref](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Requiring)).
+> We recommend disabling SSL on the provider side in such cases or using the following steps to mount custom CA certificates: [Mounting private CA certs](#mounting-private-ca-certs)
+
+
#### External Redis
```yaml
@@ -421,7 +466,9 @@ redis:
> If ElastiCache is used, set `REDIS_TLS` to `true` in `.Values.global.env`
-```
+> ⚠️ ElastiCache with **Cluster mode** is not supported!
+
+```yaml
global:
env:
REDIS_TLS: true
@@ -785,59 +832,6 @@ cfapi-test-reporting:
enabled: true
```
-⚠️ ⚠️ ⚠️
-### Indexes in MongoDB
-⚠️ ⚠️ ⚠️
-
-Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability.
-
-Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem.
-
-It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability.
-
-The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) repository.
-The indexes are stored in JSON files with keys and options specified.
-
-The directory structure is:
-
-```console
-codefresh-onprem-helm
-├── indexes
-│ ├── # MongoDB database name
-│ │ ├── .json # MongoDB indexes for the specified collection
-```
-
-#### Enabling auto-index creation
-
-For first-time installations, you **must** enable auto-index creation by setting the following values:
-
-```yaml
-global:
- env:
- MONGOOSE_AUTO_INDEX: "true"
- MONGO_AUTOMATIC_INDEX_CREATION: "true"
-```
-
-You **should** disable it for the next upgrades by setting these variables to `false`:
-
-```yaml
-global:
- env:
- MONGOOSE_AUTO_INDEX: "false"
- MONGO_AUTOMATIC_INDEX_CREATION: "false"
-```
-
-#### Creating Indexes manually
-
-> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets.
-
-Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI.
-
-Ref:
-- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index)
-- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/)
-
-
### High Availability
The chart installs the non-HA version of Codefresh by default. If you want to run Codefresh in HA mode, use the example values below.
@@ -1202,7 +1196,7 @@ cfapi:
### Projects pipelines limit
```yaml
-cfapi:
+pipeline-manager:
env:
# Determines project's pipelines limit (default: 500)
PROJECT_PIPELINES_LIMIT: 500
@@ -1491,6 +1485,87 @@ To see all the claims supported by Codefresh OIDC provider, see `claims_supporte
Use [obtain-oidc-id-token](https://github.com/codefresh-io/steps/blob/822afc0a9a128384e76459c6573628020a2cf404/incubating/obtain-oidc-id-token/step.yaml#L27-L58) and [aws-sts-assume-role-with-web-identity](https://github.com/codefresh-io/steps/blob/822afc0a9a128384e76459c6573628020a2cf404/incubating/aws-sts-assume-role-with-web-identity/step.yaml#L29-L63) steps to exchange the OIDC token (JWT) for a cloud access token.
+## Maintaining MongoDB Indexes
+
+Sometimes, in new releases of Codefresh On-Prem, index requirements change. When this happens, it's mentioned in the [Upgrading section](#upgrading) for the specific release.
+
+> ℹ️ If you're upgrading from version `X` to version `Y`, and index requirements were updated in any of the intermediate versions, you only need to align your indexes with the index requirements of version `Y`. To do that, follow [Index alignment](#index-alignment) instructions.
+
+### Index alignment
+
+The required index definitions for each release can be found at the following resources:
+
+- `2.6`
+- `2.7`
+- `2.8`
+
+The indexes are stored in JSON files with keys and options specified.
+
+The directory structure is:
+
+```console
+indexes
+├── # MongoDB database name
+│ ├── .json # MongoDB indexes for the specified collection
+```
+
+**Overview of the index alignment process:**
+
+1. Identify the differences between the indexes in your MongoDB instance and the required index definitions.
+2. Create any missing indexes one by one. (It's important not to create them in bulk.)
+3. Perform the upgrade of Codefresh On-Prem installation.
+4. Then remove any unnecessary indexes.
+
+> ⚠️ **Note! Any changes to indexes should be performed during a defined maintenance window or during periods of lowest traffic to MongoDB.**
+>
+> Building indexes during time periods where the target collection is under heavy write load can result in reduced write performance and longer index builds. ([*Source: MongoDB official documentation*](https://www.mongodb.com/docs/manual/core/index-creation/#index-build-impact-on-database-performance))
+>
+> Even minor changes to indexes (e.g., index removal) can cause brief but noticeable performance degradation ([*Source: MongoDB official documentation*](https://www.mongodb.com/docs/manual/core/query-plans/#plan-cache-flushes))
+
+#### Self-hosted MongoDB
+
+For self-hosted MongoDB, follow the instructions below:
+
+- Connect to the MongoDB server using the [mongosh](https://www.mongodb.com/docs/mongodb-shell/install/) shell. Open your terminal or command prompt and run the following command, replacing `` with the appropriate MongoDB connection string for your server:
+
+
+```shell
+mongosh ""
+```
+
+- Retrieve the list of indexes for a specific collection:
+
+```js
+db.getSiblingDB('').getCollection('').getIndexes()
+```
+
+- Compare your indexes with the required indexes for the target release, and adjust them by creating any missing indexes or removing any unnecessary ones
+
+**Index creation**
+
+> ⚠ **Note! Always create indexes sequentially, one by one. Don't create them in bulk.**
+
+- To create an index, use the `createIndex()` method:
+
+```js
+db.getSiblingDB('').getCollection('').createIndex(, )
+```
+
+After executing the `createIndex()` command, you should see a result indicating that the index was created successfully.
+
+**Index removal**
+
+- To remove an index, use the `dropIndex()` method with ``:
+
+```js
+db.getSiblingDB('').getCollection('').dropIndex('')
+```
+
+#### Atlas Database
+
+If you're hosting MongoDB on [Atlas](https://www.mongodb.com/atlas/database), use the following [Manage Indexes](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/) guide to View, Create or Remove indexes.
+
+> ⚠️ **Important!** In Atlas, for production environments, it is recommended to use rolling index builds by enabling the "Build index via rolling process" checkbox. ([*MongoDB official documentation*](https://www.mongodb.com/docs/v6.0/tutorial/build-indexes-on-replica-sets/))
## Upgrading
@@ -1751,7 +1826,7 @@ nomios:
...
```
-### To 2.0.12
+### To 2-0-12
#### ⚠️ Legacy ChartMuseum subchart deprecation
@@ -2028,18 +2103,22 @@ cfapi:
### To 2-6-0
+> ⚠️ **WARNING! MongoDB indexes changed!**
+>
+> Please, follow [Maintaining MongoDB indexes](#maintaining-mongodb-indexes) guide to meet index requirements **BEFORE** the upgrade process.
+
### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26)
#### Affected values
[Image digests in containers](#image-digests-in-containers)
-#### Auto-index creation in MongoDB
-
-[Auto-index creation in MongoDB](#auto-index-creation-in-mongodb)
-
### To 2-7-0
+> ⚠️ **WARNING! MongoDB indexes changed!**
+>
+> Please, follow [Maintaining MongoDB indexes](#maintaining-mongodb-indexes) guide to meet index requirements **BEFORE** the upgrade process.
+
### [What's new in 2.7.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-27)
#### Affected values
@@ -2071,6 +2150,10 @@ global:
### To 2-8-0
+> ⚠️ **WARNING! MongoDB indexes changed!**
+>
+> Please, follow [Maintaining MongoDB indexes](#maintaining-mongodb-indexes) guide to meet index requirements **BEFORE** the upgrade process.
+
### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28)
### ⚠️ ⚠️ ⚠️ Breaking changes. Read before upgrading!
@@ -2081,7 +2164,7 @@ Default MongoDB image is changed from 6.x to 7.x.
If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x.
-For backward compatibility (in case you need to rollback to 6.x), you can set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file.
+- **Before the upgrade**, for backward compatibility (in case you need to rollback to 6.x), you should set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file.
```yaml
mongodb:
@@ -2090,43 +2173,185 @@ mongodb:
featureCompatibilityVersion: "6.0"
```
+- Perform Codefresh On-Prem upgrade to 2.8.x. Make sure all systems are up and running.
+
+- **After the upgrade**, if all system are stable, you need to set `featureCompatibilityVersion` to `7.0` in your values file and re-deploy the chart.
+
+```yaml
+mongodb:
+ migration:
+ enabled: true
+ featureCompatibilityVersion: "7.0"
+```
+
+⚠️ ⚠️ ⚠️ If FCV (FeatureCompatibilityVersion) is managed by MongoDB itself (i.e. Atlas), you can disable it completely (that is default value in Helm chart)
+
+```yaml
+mongodb:
+ migration:
+ enabled: false
+```
+
### PostgreSQL update
Default PostgreSQL image is changed from 13.x to 17.x
If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x.
-⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported. You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet.
+> ⚠️ **Important!**
+> The default SSL configuration may change on your provider's side when you upgrade.
+> Please read the following section before the upgrade: [Using SSL with a PostgreSQL](#using-ssl-with-a-postgresql)
+
+⚠️ ⚠️ ⚠️ 16.x version is also supported (17.x version of PostgreSQL is still in preview on multiple cloud providers)
+
+⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported due to **incompatible breaking changes** in the database files. You will see the following error in the logs:
+```
+postgresql 17:36:28.41 INFO ==> ** Starting PostgreSQL **
+2025-05-21 17:36:28.432 GMT [1] FATAL: database files are incompatible with server
+2025-05-21 17:36:28.432 GMT [1] DETAIL: The data directory was initialized by PostgreSQL version 13, which is not compatible with this version 17.2.
+```
+You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet.
+
+- **Before the upgrade**, backup your data on a separate PVC
+
+- Create PVC with the same or bigger size as your current PostgreSQL PVC:
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: postgresql-dump
+spec:
+ storageClassName:
+ resources:
+ requests:
+ storage:
+ volumeMode: Filesystem
+ accessModes:
+ - ReadWriteOnce
+```
+
+- Create a job to dump the data from the old PostgreSQL StatefulSet into the new PVC:
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: postgresql-dump
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ containers:
+ - name: postgresql-dump
+ image: quay.io/codefresh/postgresql:17
+ resources:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+ env:
+ - name: PGUSER
+ value: ""
+ - name: PGPASSWORD
+ value: ""
+ - name: PGHOST
+ value: ""
+ - name: PGPORT
+ value: ""
+ command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ pg_dumpall --verbose > /opt/postgresql-dump/dump.sql
+ volumeMounts:
+ - name: postgresql-dump
+ mountPath: /opt/postgresql-dump
+ securityContext:
+ runAsUser: 0
+ fsGroup: 0
+ volumes:
+ - name: postgresql-dump
+ persistentVolumeClaim:
+ claimName: postgresql-dump
+ restartPolicy: Never
+```
+
+- Delete old PostgreSQL StatefulSet and PVC
```console
-PGUSER=postgres
-PGHOST=cf-postgresql
-PGPORT=5432
-PGPASSWORD=postgres
-BACKUP_DIR=/tmp/pg_backup
-BACKUP_SQL=backup.sql
-TIMESTAMP=$(date +%Y%m%d%H%M%S)
-NAMESPACE=codefresh
-
-# Backup PostgreSQL data
-pg_dumpall --verbose > "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" 2>> "$LOG_FILE"
-
-# Delete old PostgreSQL StatefulSet
STS_NAME=$(kubectl get sts -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}')
PVC_NAME=$(kubectl get pvc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}')
kubectl delete sts $STS_NAME -n $NAMESPACE
kubectl delete pvc $PVC_NAME -n $NAMESPACE
+```
-# Perform Codefresh On-Prem upgrade to 2.8.x
+- Peform the upgrade to 2.8.x with PostgreSQL seed job enabled to re-create users and databases
-# Restore PostgreSQL data
-psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1
+```yaml
+seed:
+ postgresSeedJob:
+ enabled: true
+```
+
+- Create a job to restore the data from the new PVC into the new PostgreSQL StatefulSet:
+
+```yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: postgresql-restore
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ containers:
+ - name: postgresql-restore
+ image: quay.io/codefresh/postgresql:17
+ resources:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+ env:
+ - name: PGUSER
+ value: ""
+ - name: PGPASSWORD
+ value: ""
+ - name: PGHOST
+ value: ""
+ - name: PGPORT
+ value: ""
+ command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ psql -f /opt/postgresql-dump/dump.sql
+ volumeMounts:
+ - name: postgresql-dump
+ mountPath: /opt/postgresql-dump
+ securityContext:
+ runAsUser: 0
+ fsGroup: 0
+ volumes:
+ - name: postgresql-dump
+ persistentVolumeClaim:
+ claimName: postgresql-dump
+ restartPolicy: Never
```
### RabbitMQ update
-Default RabbitMQ image is changed from 3.x to 4.x
+Default RabbitMQ image is changed from 3.x to 4.0
+
+If you run external RabbitMQ, follow the [official instructions](https://www.rabbitmq.com/docs/upgrade) to upgrade to 4.0
+
+For built-in RabbitMQ `bitnami/rabbitmq` subchart, pre-upgrade hook was added to enable all stable feature flags.
#### Affected values
@@ -2136,6 +2361,13 @@ Default RabbitMQ image is changed from 3.x to 4.x
- `.Values.hooks` was splitted into `.Values.hooks.mongodb` and `.Values.hooks.consul`
+### To 3-0-0
+
+#### Affected values
+
+- `.Values.runner` is removed
+
+
## Troubleshooting
### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired
diff --git a/RELEASE.md b/RELEASE.md
new file mode 100644
index 000000000..cc3650c92
--- /dev/null
+++ b/RELEASE.md
@@ -0,0 +1,44 @@
+# Release Process
+
+## Releasing a new version
+
+For a **MAJOR** or **MINOR** release:
+
+- Checkout from `main` branch
+```shell
+git checkout -b onprem-X.Y main
+```
+- Merge latest `release-X.Y` into the new branch
+```shell
+git merge --no-ff release-X.Y
+```
+- Resolve any merge conflicts.
+- In `Chart.yaml`:
+ - Update `.version` and `.appVersion`
+ - For Codefresh dependencies (i.e. with `repository: oci://quay.io/codefresh/charts`) update version to use latest (i.e. `version: *`)
+ - Update `artifacthub.io/changes` annotation
+- Update `values.yaml`, `templates/**`, etc with required changes
+- Run `helm dep update` to update dependencies
+- Run `./charts/codefresh/.ci/runtime-images.sh`
+- Run `./scripts/helm-docs.sh`
+- Commit changes and open the PR against the `main` branch
+- Comment `/test` to trigger CI pipeline
+- Merge the PR after successful CI build
+- After merging the PR the corresponding `release-X.Y` branch will be created. For the next patches, `release-X.Y` branch must be used as BASE branch!
+
+For a **PATCH** release:
+
+- Checkout from the corresponding `release-.` branch
+```shell
+git checkout -b onprem-X.Y.Z release-X.Y
+```
+- Update `.version` in Chart.yaml
+- Update `artifacthub.io/changes` annotation in Chart.yaml
+- *optional* Update `dependencies` in Chart.yaml
+- *optional* Update `values.yaml`, `templates/**`, etc with required changes
+- Run `helm dep update` to update dependencies
+- *optional* Run `./charts/codefresh/.ci/runtime-images.sh`
+- Run `./scripts/helm-docs.sh`
+- Commit changes and open the PR against the corresponding `release-.` branch
+- Comment `/test` to trigger CI pipeline
+- Merge the PR after successful CI build
diff --git a/charts/codefresh-gitops/README.md b/charts/codefresh-gitops/README.md
deleted file mode 100644
index 5aa1422cd..000000000
--- a/charts/codefresh-gitops/README.md
+++ /dev/null
@@ -1,189 +0,0 @@
-# codefresh-gitops
-
- 
-
-Helm Chart for Codefresh GitOps On-Prem
-
-**Homepage:**
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| codefresh | | |
-
-## Source Code
-
-*
-
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| https://charts.bitnami.com/bitnami | mongodb | 15.6.26 |
-| https://charts.bitnami.com/bitnami | postgresql | 16.7.4 |
-| https://charts.bitnami.com/bitnami | rabbitmq | 15.5.3 |
-| https://charts.bitnami.com/bitnami | redis | 20.13.4 |
-| oci://quay.io/codefresh/charts | argo-hub-platform | * |
-| oci://quay.io/codefresh/charts | argo-platform | * |
-| oci://quay.io/codefresh/charts | cf-common | 0.27.0 |
-| oci://quay.io/codefresh/charts | cf-platform-analytics-platform(cf-platform-analytics) | * |
-| oci://quay.io/codefresh/charts | cf-platform-analytics-etlstarter(cf-platform-analytics) | * |
-| oci://quay.io/codefresh/charts | cfapi(cfapi) | * |
-| oci://quay.io/codefresh/charts | cfui | * |
-| oci://quay.io/codefresh/charts | internal-gateway | 0.10.4 |
-| oci://quay.io/codefresh/charts | runtime-environment-manager | * |
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| argo-hub-platform | object | See below | argo-hub-platform |
-| argo-platform | object | See below | argo-platform |
-| argo-platform.abac | object | See below | abac |
-| argo-platform.analytics-reporter | object | See below | analytics-reporter |
-| argo-platform.anchors | object | See below | Anchors |
-| argo-platform.api-events | object | See below | api-events |
-| argo-platform.api-graphql | object | See below | api-graphql All other services under `.Values.argo-platform` follows the same values structure. |
-| argo-platform.api-graphql.affinity | object | `{}` | Set pod's affinity |
-| argo-platform.api-graphql.env | object | See below | Env vars |
-| argo-platform.api-graphql.hpa | object | `{"enabled":false}` | HPA |
-| argo-platform.api-graphql.hpa.enabled | bool | `false` | Enable autoscaler |
-| argo-platform.api-graphql.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh-io/argo-platform-api-graphql"}` | Image |
-| argo-platform.api-graphql.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry |
-| argo-platform.api-graphql.image.repository | string | `"codefresh-io/argo-platform-api-graphql"` | Repository |
-| argo-platform.api-graphql.kind | string | `"Deployment"` | Controller kind. Currently, only `Deployment` is supported |
-| argo-platform.api-graphql.pdb | object | `{"enabled":false}` | PDB |
-| argo-platform.api-graphql.pdb.enabled | bool | `false` | Enable pod disruption budget |
-| argo-platform.api-graphql.podAnnotations | object | `{"checksum/secret":"{{ include (print $.Template.BasePath \"/api-graphql/secret.yaml\") . | sha256sum }}"}` | Set pod's annotations |
-| argo-platform.api-graphql.resources | object | See below | Resource limits and requests |
-| argo-platform.api-graphql.secrets | object | See below | Secrets |
-| argo-platform.api-graphql.tolerations | list | `[]` | Set pod's tolerations |
-| argo-platform.argocd-hooks | object | See below | argocd-hooks Don't enable! Not used in onprem! |
-| argo-platform.audit | object | See below | audit |
-| argo-platform.broadcaster | object | See below | broadcaster |
-| argo-platform.cron-executor | object | See below | cron-executor |
-| argo-platform.event-handler | object | See below | event-handler |
-| argo-platform.promotion-orchestrator | object | See below | promotion-orchestrator |
-| argo-platform.runtime-manager | object | See below | runtime-manager Don't enable! Not used in onprem! |
-| argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! |
-| argo-platform.ui | object | See below | ui |
-| argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! |
-| cf-platform-analytics-etlstarter | object | See below | etl-starter |
-| cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart |
-| cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true,"fullnameOverride":"system-etl-postgres"}` | Only postgres ETL should be running in onprem |
-| cf-platform-analytics-platform | object | See below | platform-analytics |
-| cfapi | object | `{"affinity":{},"container":{"env":{"API_URI":"cfapi","AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"GITOPS","LOGGER_LEVEL":"debug","ON_PREMISE":true,"PIPELINE_MANAGER_URI":"pipeline-manager","PLATFORM_ANALYTICS_URI":"platform-analytics","RUNTIME_ENVIRONMENT_MANAGER_URI":"runtime-environment-manager"},"image":{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}},"controller":{"replicas":2},"enabled":true,"fullnameOverride":"cfapi","hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"tolerations":[]}` | cf-api |
-| cfapi.affinity | object | `{}` | Affinity configuration |
-| cfapi.container | object | `{"env":{"API_URI":"cfapi","AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"GITOPS","LOGGER_LEVEL":"debug","ON_PREMISE":true,"PIPELINE_MANAGER_URI":"pipeline-manager","PLATFORM_ANALYTICS_URI":"platform-analytics","RUNTIME_ENVIRONMENT_MANAGER_URI":"runtime-environment-manager"},"image":{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}}` | Container configuration |
-| cfapi.container.env | object | See below | Env vars |
-| cfapi.container.image | object | `{"digest":"","registry":"us-docker.pkg.dev/codefresh-inc/gcr.io","repository":"codefresh/dev/cf-api","tag":"21.283.0-test-gitops-system-type"}` | Image |
-| cfapi.container.image.digest | string | `""` | Digest |
-| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-inc/gcr.io"` | Registry prefix |
-| cfapi.container.image.repository | string | `"codefresh/dev/cf-api"` | Repository |
-| cfapi.container.image.tag | string | `"21.283.0-test-gitops-system-type"` | Tag |
-| cfapi.controller | object | `{"replicas":2}` | Controller configuration |
-| cfapi.controller.replicas | int | `2` | Replicas number |
-| cfapi.enabled | bool | `true` | Enable cf-api |
-| cfapi.fullnameOverride | string | `"cfapi"` | Override name |
-| cfapi.hpa | object | `{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70}` | Autoscaler configuration |
-| cfapi.hpa.enabled | bool | `false` | Enable HPA |
-| cfapi.hpa.maxReplicas | int | `10` | Maximum number of replicas |
-| cfapi.hpa.minReplicas | int | `2` | Minimum number of replicas |
-| cfapi.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage |
-| cfapi.imagePullSecrets | list | `[]` | Image pull secrets |
-| cfapi.nodeSelector | object | `{}` | Node selector configuration |
-| cfapi.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration |
-| cfapi.pdb.enabled | bool | `false` | Enable PDB |
-| cfapi.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage |
-| cfapi.podSecurityContext | object | `{}` | Pod security context configuration |
-| cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits |
-| cfapi.tolerations | list | `[]` | Tolerations configuration |
-| cfui | object | See below | cf-ui |
-| global | object | See below | Global parameters |
-| global.affinity | object | `{}` | Global affinity constraints Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
-| global.appProtocol | string | `"https"` | Application protocol. |
-| global.appUrl | string | `"onprem.codefresh.local"` | Application root url. Will be used in Ingress objects as hostname |
-| global.cfapiEndpointsService | string | `"cfapi"` | Default API endpoints service name |
-| global.cfapiInternalPort | int | `3000` | Default API service port. |
-| global.cfapiService | string | `"cfapi"` | Default API service name. |
-| global.dnsService | string | `"kube-dns"` | Definitions for internal-gateway nginx resolver |
-| global.env | object | `{}` | Global Env vars |
-| global.imagePullSecrets | list | `["codefresh-registry"]` | Global Docker registry secret names as array |
-| global.imageRegistry | string | `""` | Global Docker image registry |
-| global.mongoURI | string | `""` | Legacy MongoDB connection string. Keep empty! |
-| global.mongodbDatabase | string | `"codefresh"` | Default MongoDB database name. Don't change! |
-| global.mongodbHost | string | `"mongodb"` | Set mongodb host in plain text |
-| global.mongodbHostSecretKeyRef | object | `{}` | Set mongodb host from existing secret |
-| global.mongodbOptions | string | `"retryWrites=true"` | Set mongodb connection string options Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options |
-| global.mongodbPassword | string | `"password"` | Set mongodb password in plain text |
-| global.mongodbPasswordSecretKeyRef | object | `{}` | Set mongodb password from existing secret |
-| global.mongodbProtocol | string | `"mongodb"` | Set mongodb protocol (`mongodb` / `mongodb+srv`) |
-| global.mongodbUser | string | `"user"` | Set mongodb user in plain text |
-| global.mongodbUserSecretKeyRef | object | `{}` | Set mongodb user from existing secret |
-| global.newrelicLicenseKey | string | `""` | New Relic Key |
-| global.nodeSelector | object | `{}` | Global nodeSelector constraints Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
-| global.platformAnalyticsPort | int | `80` | Default platform-analytics service port. |
-| global.platformAnalyticsService | string | `"platform-analytics"` | Default platform-analytics service name. |
-| global.postgresDatabase | string | `"codefresh"` | Set postgres database name |
-| global.postgresHostname | string | `"postgresql"` | Set postgres service address in plain text. Takes precedence over `global.postgresService`! |
-| global.postgresHostnameSecretKeyRef | object | `{}` | Set postgres service from existing secret |
-| global.postgresPassword | string | `"postgres"` | Set postgres password in plain text |
-| global.postgresPasswordSecretKeyRef | object | `{}` | Set postgres password from existing secret |
-| global.postgresPort | int | `5432` | Set postgres port number |
-| global.postgresService | string | `"postgresql"` | Default internal postgresql service address from bitnami/postgresql subchart |
-| global.postgresUser | string | `"postgres"` | Set postgres user in plain text |
-| global.postgresUserSecretKeyRef | object | `{}` | Set postgres user from existing secret |
-| global.rabbitService | string | `"rabbitmq:5672"` | Default internal rabbitmq service address from bitnami/rabbitmq subchart. |
-| global.rabbitmqHostname | string | `"rabbitmq:5672"` | Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! |
-| global.rabbitmqHostnameSecretKeyRef | object | `{}` | Set rabbitmq service address from existing secret. |
-| global.rabbitmqPassword | string | `"rabbitmq"` | Set rabbitmq password in plain text |
-| global.rabbitmqPasswordSecretKeyRef | object | `{}` | Set rabbitmq password from existing secret |
-| global.rabbitmqProtocol | string | `"amqp"` | Set rabbitmq protocol (`amqp/amqps`) |
-| global.rabbitmqUsername | string | `"user"` | Set rabbitmq username in plain text |
-| global.rabbitmqUsernameSecretKeyRef | object | `{}` | Set rabbitmq username from existing secret |
-| global.redisPassword | string | `"redis"` | Set redis password in plain text |
-| global.redisPasswordSecretKeyRef | object | `{}` | Set redis password from existing secret |
-| global.redisPort | int | `6379` | Set redis service port |
-| global.redisService | string | `"redis-master"` | Default internal redis service address from bitnami/redis subchart |
-| global.redisUrl | string | `"redis-master"` | Set redis hostname in plain text. Takes precedence over `global.redisService`! |
-| global.redisUrlSecretKeyRef | object | `{}` | Set redis hostname from existing secret. |
-| global.security | object | `{"allowInsecureImages":true}` | Bitnami |
-| global.storageClass | string | `""` | Global StorageClass for Persistent Volume(s) |
-| global.tolerations | list | `[]` | Global tolerations constraints Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
-| hooks | object | See below | Pre/post-upgrade Job hooks. |
-| hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Sets feature compatibility version |
-| imageCredentials | object | `{}` | Credentials for Image Pull Secret object |
-| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress |
-| ingress.annotations | object | See below | Set annotations for ingress. |
-| ingress.enabled | bool | `true` | Enable the Ingress |
-| ingress.ingressClassName | string | `""` | Set the ingressClass that is used for the ingress. Default `nginx-codefresh` is created from `ingress-nginx` controller subchart |
-| ingress.labels | object | `{}` | Set labels for ingress |
-| ingress.nameOverride | string | `""` | Override Ingress resource name |
-| ingress.services | object | See below | Default services and corresponding paths |
-| ingress.tls.cert | string | `""` | Certificate (base64 encoded) |
-| ingress.tls.enabled | bool | `false` | Enable TLS |
-| ingress.tls.existingSecret | string | `""` | Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`) |
-| ingress.tls.key | string | `""` | Private key (base64 encoded) |
-| ingress.tls.secretName | string | `"star.codefresh.io"` | Default secret name to be created with provided `cert` and `key` below |
-| internal-gateway | object | See below | internal-gateway |
-| mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml |
-| postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml |
-| rabbitmq | object | See below | rabbitmq Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml |
-| redis | object | See below | redis Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml |
-| runtime-environment-manager | object | See below | runtime-environment-manager |
-| seed | object | See below | Seed jobs |
-| seed.enabled | bool | `true` | Enable all seed jobs |
-| seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. |
-| seed.mongoSeedJob.mongodbRootPassword | string | `"password"` | Root password in plain text (required ONLY for seed job!). |
-| seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret |
-| seed.mongoSeedJob.mongodbRootUser | string | `"root"` | Root user in plain text (required ONLY for seed job!). |
-| seed.mongoSeedJob.mongodbRootUserSecretKeyRef | object | `{}` | Root user from existing secret |
-| seed.postgresSeedJob | object | See below | Postgres Seed Job. Required at first install. Creates required user and databases. |
-| seed.postgresSeedJob.postgresPassword | optional | `""` | Password for "postgres" admin user (required ONLY for seed job!) |
-| seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret |
-| seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. |
-| seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh b/charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh
index b539b9e6f..b7a7ab3ba 100644
--- a/charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh
+++ b/charts/codefresh-gitops/files/hooks/mongoSetCompatibilityVersion.sh
@@ -16,6 +16,11 @@ waitForMongoDB() {
done
}
+getMongoDBVersion() {
+ local version=$(mongosh ${MONGODB_ROOT_URI} --eval "db.version()" 2>&1)
+ echo $version
+}
+
parseMongoURI() {
local proto="$(echo $1 | grep :// | sed -e's,^\(.*://\).*,\1,g')"
local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi
@@ -33,4 +38,10 @@ parseMongoURI $MONGO_URI
waitForMongoDB
-mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"$MONGODB_COMPAT_VERSION\" } )"
+MONGO_VERSION=$(getMongoDBVersion)
+
+if [[ $MONGO_VERSION == 7* ]]; then
+ mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"$MONGODB_COMPAT_VERSION\", confirm: true } )"
+else
+ mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand( { setFeatureCompatibilityVersion: \"$MONGODB_COMPAT_VERSION\" } )"
+fi
diff --git a/charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh b/charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh
index 8ba8852ac..fa4950606 100644
--- a/charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh
+++ b/charts/codefresh-gitops/files/seed/postgresSeedJobScript.sh
@@ -1,6 +1,14 @@
#!/bin/bash
-set -xeuo pipefail
+DEBUG="${DEBUG:-false}"
+
+
+set -euo pipefail
+
+if [[ $DEBUG == "true" ]]; then
+ set -xeuo pipefail
+ echo "Running in debug mode"
+fi
POSTGRES_DATABASES=(
"codefresh"
@@ -20,7 +28,9 @@ POSTGRES_SEED_USER="${POSTGRES_SEED_USER:-$POSTGRES_USER}"
POSTGRES_SEED_PASSWORD="${POSTGRES_SEED_PASSWORD:-$POSTGRES_PASSWORD}"
function createDB() {
- psql -tc "SELECT 1 FROM pg_database WHERE datname = '${1}'" | grep -q 1 || psql -c "CREATE DATABASE ${1}"
+ local db=$1
+ echo "Creating ${db} database"
+ psql -c "CREATE DATABASE ${db}" 2>&1 || true
}
function createUser() {
@@ -29,7 +39,9 @@ function createUser() {
}
function grantPrivileges() {
- psql -c "GRANT ALL ON DATABASE ${1} TO ${POSTGRES_USER}"
+ local db=$1
+ echo "Granting privileges on $db to ${POSTGRES_USER}"
+ psql -c "GRANT ALL ON DATABASE ${db} TO ${POSTGRES_USER}"
}
function runSeed() {
@@ -38,6 +50,7 @@ function runSeed() {
export PGPASSWORD=${POSTGRES_SEED_PASSWORD}
export PGHOST=${POSTGRES_HOSTNAME}
export PGPORT=${POSTGRES_PORT}
+ export PGDATABASE=postgres # Use the default postgres database
if [[ "${POSTGRES_SEED_USER}" != "${POSTGRES_USER}" ]]; then
createUser
@@ -51,4 +64,4 @@ function runSeed() {
done
}
-runSeed
\ No newline at end of file
+runSeed
diff --git a/charts/codefresh/.ci/helm-docs.sh b/charts/codefresh/.ci/helm-docs.sh
index 97e5b0b59..dada6923f 100755
--- a/charts/codefresh/.ci/helm-docs.sh
+++ b/charts/codefresh/.ci/helm-docs.sh
@@ -1,7 +1,7 @@
#!/bin/bash
## Reference: https://github.com/norwoodj/helm-docs
set -eux
-REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
echo "$REPO_ROOT"
echo "Running Helm-Docs"
@@ -10,9 +10,9 @@ docker run \
-u $(id -u) \
--rm \
--entrypoint /bin/sh \
- jnorwood/helm-docs:v1.11.0 \
+ jnorwood/helm-docs:v1.14.2 \
-c \
helm-docs \
- --chart-search-root=codefresh \
- --template-files=./_templates.gotmpl \
- --template-files=README.md.gotmpl \
\ No newline at end of file
+ --chart-search-root=charts/codefresh \
+ --template-files=README.md.gotmpl \
+ --output-file=README.md
diff --git a/charts/codefresh/.ci/values/defaults-hpa.yaml b/charts/codefresh/.ci/values/defaults.yaml
similarity index 71%
rename from charts/codefresh/.ci/values/defaults-hpa.yaml
rename to charts/codefresh/.ci/values/defaults.yaml
index 2b5a4bc0f..0bae9c1e0 100644
--- a/charts/codefresh/.ci/values/defaults-hpa.yaml
+++ b/charts/codefresh/.ci/values/defaults.yaml
@@ -22,7 +22,7 @@ cfapi:
ingress:
enabled: true
- ingressClassName: nginx-internal
+ ingressClassName: nginx
tls:
enabled: false
@@ -75,3 +75,28 @@ argo-platform:
promotion-orchestrator:
hpa:
enabled: true
+
+mongodb:
+ migration:
+ enabled: false
+ image:
+ repository: bitnamilegacy/mongodb
+ nodeSelector:
+ kubernetes.io/arch: amd64
+
+consul:
+ image:
+ repository: bitnamilegacy/consul
+
+nats:
+ image:
+ repository: bitnamilegacy/nats
+
+rabbitmq:
+ image:
+ repository: bitnamilegacy/rabbitmq
+
+hooks:
+ mongodb:
+ nodeSelector:
+ kubernetes.io/arch: amd64
diff --git a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml
index 6ba0f60cb..abaff8144 100644
--- a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml
+++ b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml
@@ -1,6 +1,8 @@
seed:
mongoSeedJob:
mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin
+ mongodbRootOptions: authSource=admin
+ mongodbRootPassword: XT9nmM8dZDZ
global:
appUrl: "" # placeholder for ${CF_APP_HOST}
@@ -49,7 +51,7 @@ global:
ingress:
enabled: true
- ingressClassName: nginx-internal
+ ingressClassName: nginx
tls:
enabled: false
@@ -86,9 +88,9 @@ mongodb:
mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB('${MONGODB_DATABASE}').createCollection('test')"
done
- mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json
- mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json
- mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json
+# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection idps --type json --legacy --file /usr/share/extras/idps.json
+# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection accounts --type json --legacy --file /usr/share/extras/accounts.json
+# mongoimport --uri ${MONGODB_ROOT_URI} --db codefresh --collection users --type json --legacy --file /usr/share/extras/users.json
extraVolumeMounts:
- name: extras
@@ -106,6 +108,8 @@ mongodb:
caCert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGVENDQWYyZ0F3SUJBZ0lRZWVySXdOWkNpdyt1alRPdHZ2TEZLREFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwdGVVMXZibWR2TFdOaE1CNFhEVEl5TVRFd01qRTRNRFl6TWxvWERUTXlNVEF6TURFNApNRFl6TWxvd0ZURVRNQkVHQTFVRUF4TUtiWGxOYjI1bmJ5MWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTGxpV3dIVDQ5OWE0MzgrUWZjcExTNThVT2FsV3ArVXhkWVYwQjZkVTlFejlQSW4KTncydXZqNWtjN3RtU08xUk5ReEJRVjZpOHNBWHdQcTM1WlZYdTQ2OHhURkdHMXZBTWhrTkQ1OTJWd3JFNElCSgpTMm9XNEV6UWJPR3Fsd2ZBanNMZ1VlRjdBbHRuUEVNMjBSQ3hpMzhPNGY0VHZNZHpQamhIa2NNU2NMaHNhYjRlCjYrbVA0MFJBcEdLc2hwV2YwbnoyMXErWU83Zm4wNjVYd3dvUVBvL1BZa0FLdWNHZk1xRjltYXRCYWdUMlVwT0cKSFlRa2pzRW1zSmxEdkhsV1RBdzU2eFl4UU9UbUVWU2hkYzlKRDNmWEZEVkd6L1NVYkZXQTVualBLL0QvbXdpawppM0RaL0h6SUVEbXBJUElxRERsTGdIL3F6b3Jlb0NKMjB1YnlCb1VDQXdFQUFhTmhNRjh3RGdZRFZSMFBBUUgvCkJBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQVBCZ05WSFJNQkFmOEUKQlRBREFRSC9NQjBHQTFVZERnUVdCQlFXTWg5RDRiVkljRWQ2dVBOZ1RqWGpMWUpoSmpBTkJna3Foa2lHOXcwQgpBUXNGQUFPQ0FRRUFSUTBaV3F0dUlLWHNHTTJ4TW1Za0VJTHprckJySktiWXhIOFlCUEJFTjZZT09la0o2Q1FhCjQzZitmaHJlQ2o4NFdwSzdwckNEcjJYTmlHNHJlYjBrU2dYdmpyZUVBTzU0Q1FzelJwR0xUVjROMTBjTDdHUVoKaXd6OElGMXppTld4WXVXK29aSFRBQ2NMRkJkUnFFZWNSWUJXTU0vaDhZcldoWTRIaXlIMHp4UkRsOGNpU2ZOMApoa2lURzZQd0V0S29ZRWUwZ21OWXhkWFNzZ2FMZFlUMjNiMGJsMlB3OUdZdkJlWmFpZlZTbllDYmhmTDNPVkQxCjV6YnBXNHhmMEJyM0VGbStrUHh0SGxVR2FsUXdFb3NSVy9kWEpFWFVQTHNGb2xPRDRiR0xvblE4Z2VHcFVYVzQKR3prV0g5QTFXUlE4bWIxd0ZDTkZNVjgvUWxKams3MEJFUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0="
caKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdVdKYkFkUGozMXJqZno1Qjl5a3RMbnhRNXFWYW41VEYxaFhRSHAxVDBUUDA4aWMzCkRhNitQbVJ6dTJaSTdWRTFERUZCWHFMeXdCZkErcmZsbFZlN2pyekZNVVliVzhBeUdRMFBuM1pYQ3NUZ2dFbEwKYWhiZ1ROQnM0YXFYQjhDT3d1QlI0WHNDVzJjOFF6YlJFTEdMZnc3aC9oTzh4M00rT0VlUnd4Snd1R3hwdmg3cgo2WS9qUkVDa1lxeUdsWi9TZlBiV3I1Zzd0K2ZUcmxmRENoQStqODlpUUFxNXdaOHlvWDJacTBGcUJQWlNrNFlkCmhDU093U2F3bVVPOGVWWk1ERG5yRmpGQTVPWVJWS0YxejBrUGQ5Y1VOVWJQOUpSc1ZZRG1lTThyOFArYkNLU0wKY05uOGZNZ1FPYWtnOGlvTU9VdUFmK3JPaXQ2Z0luYlM1dklHaFFJREFRQUJBb0lCQUNIQ3JxNHJoMkVpclRGOApCZ2xiMzFXSzREVFF3aXN6cmIrcUkwZWdBU2FsSHFPR3pyallMTjh4N2YyZnlBSW4rdEFyaGhzVTg3NVYxUmdUCnEyVENJRzhESTZvd2lVVHhRRzVkZVkzaHdFSSt6bCt1ZVdSdG5CV0JFNE1aVFAzbGJGcEMvY1poWDNHRDRHNmgKS2Z1dlNhY3U3NnNVcnhsbmZGcEZkbDhmR1pZTUlOOUNZWHArWWVJZzRuYW5ZSFJsbk1LM05QSjIzZUVHdkpjeQpLdUZWNndIUzFlWmg1M0J0aWRlY3czcmFzZFhJWmMzdFJidlFid3lDbjZ5dVlING0vUXJzMVFUckp2dzdyWU1sCkxyZGxlZm5uWk9XNFNVc3dINkVCWmF3RC9FTFc4eFNORVhudUkzUFp0di9oRVVZd3RKOVdMbk0rRitzc21ldm8KaHVGMUI5VUNnWUVBMFBHSmc2U3N6dHlKNkhyM0tTaEhyN3h5eVVPOVJTK0N3LzBSV2cranJ3SGFlRGRIalpvKwpaYXhxWVdoRUR0aUZieWpJdWR2MFF1aUZhMHVObDUvMGl3YXR2Tm81RitNZWV3WGt1T0YraWE3RFdFODk0a2ZECkVqYXJYWUk3ZkpnTkdxVmthWUw1cGdGcmxpUDhkZDFkK0VlTWV4dmJadTdwYUZzaXBaZWs1NE1DZ1lFQTR5S0cKdzAyMHJTTGRwdlYyQmE2WG4zbFRXUW0wMFlOaVFuY0YrVjJXNm95RjREK2liRUppTUdUZzRESzZLVllNVElpNQpmaVV4WHlib0Fkd1hvTlpqMmhPWmhmMVZSa3g1WGIrOVorbDV3ZFlBMGR4RmV1ajBDakpmd3p1UTNuOUxZOWxlCnJSSi91SklkbHhKWkx2Z0RLZzdRZ2NuNkJCN2Y1Ujlwa1JKaTgxY0NnWUJYZ2xITnlOSjNjUFp4WDg3VWRnSlEKSCtVVFZrT1hEbWIrSHFkOXlMOE5OUUdEQitQMzhubmZxMjZDaldDenR3dHJtdkUycG1DUEJVT2J4SER3NkJWTApoT2lQQi9hUmdwWHBnSFppMkU1ZTY4cjAyWHRab2lTWkpEeHhWWElFcE1vWU50enZNK1BMR3gwc0xMWTN4eGJzClBVc2c1SEhua25nL05LdzJIbVQ2Y1FLQmdEaW9lQzFueU5ZWGlHc0pkL05hNWYrbDZDQ2h4elVzTE9xZmZpSUMKTW84M2xuMmw0Z0pYWE43dGl4cmlESVliTE40NmpPcm1wRFkwSWxPMGIwQnp1bHkvM3VBSm5hZjNrNTdMSVpnMgpLV1VzMk8rQW51UldEK29yUHJBWXY3NkF5bkdSMjRnWXdUdHRWMnhENjNOSDhxSWZKK3Y0VWlHTkFoVEpqUy9mCkFrZnBBb0dBQ0pRS0lOU0hZOWN2RGZseWNWNmRCcndGS0hRb3oyZGg5Z0EvSjBGazYyc0VrNDY1SUtINm96VDQKQTlSZi8yMHBLZG40dmRnTktJQ3R1cUNKN1JIMC82bVRZWXUwSEJTWHo1elZIdWczTHpFbGxOdVB4MnRhc0x0MgpjdElsVkVrdk96L1hCa3BMVUE2TDlaR01Ha2tyeUJoNEdXd2FCajBHeldUQ2JMUGZ3N3c9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t"
mode: allowTLS
+ image:
+ repository: bitnamilegacy/nginx
redis:
tls:
diff --git a/charts/codefresh/Chart.lock b/charts/codefresh/Chart.lock
index 98cc11773..04e832213 100644
--- a/charts/codefresh/Chart.lock
+++ b/charts/codefresh/Chart.lock
@@ -4,16 +4,16 @@ dependencies:
version: 0.18.1
- name: internal-gateway
repository: oci://quay.io/codefresh/charts
- version: 0.10.2
+ version: 0.11.0
- name: consul
repository: https://charts.bitnami.com/bitnami
- version: 11.4.17
+ version: 11.4.32
- name: mongodb
repository: https://charts.bitnami.com/bitnami
version: 15.6.26
- name: postgresql
repository: https://charts.bitnami.com/bitnami
- version: 16.7.4
+ version: 16.7.15
- name: postgresql-ha
repository: oci://quay.io/codefresh/charts
version: 12.0.4
@@ -28,144 +28,141 @@ dependencies:
version: 15.5.3
- name: nats
repository: https://charts.bitnami.com/bitnami
- version: 9.0.17
+ version: 9.0.22
- name: builder
repository: oci://quay.io/codefresh/charts
- version: 1.4.0
-- name: runner
- repository: oci://quay.io/codefresh/charts
- version: 1.4.0
+ version: 2.0.0
- name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
- version: 4.12.1
+ version: 4.12.5
- name: cluster-providers
repository: oci://quay.io/codefresh/charts
- version: 1.17.15
+ version: 1.18.0
- name: kube-integration
repository: oci://quay.io/codefresh/charts
- version: 1.31.19
+ version: 1.32.0
- name: charts-manager
repository: oci://quay.io/codefresh/charts
- version: 1.23.1
+ version: 1.25.0
- name: cfsign
repository: oci://quay.io/codefresh/charts
- version: 1.8.8
+ version: 1.8.10
- name: tasker-kubernetes
repository: oci://quay.io/codefresh/charts
- version: 1.26.18
+ version: 1.27.0
- name: context-manager
repository: oci://quay.io/codefresh/charts
- version: 2.34.2
+ version: 2.36.0
- name: pipeline-manager
repository: oci://quay.io/codefresh/charts
- version: 3.139.2
+ version: 3.141.0
- name: gitops-dashboard-manager
repository: oci://quay.io/codefresh/charts
- version: 1.14.22
+ version: 1.15.0
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfapi
repository: oci://quay.io/codefresh/charts
- version: 21.279.2
+ version: 21.291.10
- name: cfui
repository: oci://quay.io/codefresh/charts
- version: 14.98.27
+ version: 14.99.34
- name: k8s-monitor
repository: oci://quay.io/codefresh/charts
- version: 4.11.14
+ version: 4.11.16
- name: runtime-environment-manager
repository: oci://quay.io/codefresh/charts
- version: 3.41.1
+ version: 3.43.0
- name: cf-broadcaster
repository: oci://quay.io/codefresh/charts
- version: 1.13.0
+ version: 1.14.0
- name: helm-repo-manager
repository: oci://quay.io/codefresh/charts
- version: 0.20.2
+ version: 0.23.0
- name: hermes
repository: oci://quay.io/codefresh/charts
- version: 0.21.18
+ version: 0.21.21
- name: nomios
repository: oci://quay.io/codefresh/charts
- version: 0.11.10
+ version: 0.11.11
- name: cronus
repository: oci://quay.io/codefresh/charts
- version: 0.8.10
+ version: 0.8.12
- name: cf-platform-analytics
repository: oci://quay.io/codefresh/charts
- version: 0.49.87
+ version: 0.51.0
- name: cf-platform-analytics
repository: oci://quay.io/codefresh/charts
- version: 0.49.87
+ version: 0.51.0
- name: argo-platform
repository: oci://quay.io/codefresh/charts
- version: 1.3506.0
+ version: 1.3728.0
- name: argo-hub-platform
repository: oci://quay.io/codefresh/charts
- version: 0.1.23
+ version: 0.1.27
- name: cf-oidc-provider
repository: oci://quay.io/codefresh/charts
- version: 0.0.16
+ version: 0.1.0
- name: mailer
repository: oci://quay.io/codefresh/charts
- version: 1.20.8
+ version: 1.21.0
- name: payments
repository: oci://quay.io/codefresh/charts
- version: 2.23.18
+ version: 2.24.1
- name: segment-reporter
repository: oci://quay.io/codefresh/charts
- version: 1.17.8
+ version: 1.18.0
- name: salesforce-reporter
repository: oci://quay.io/codefresh/charts
version: 1.30.11
-digest: sha256:814b879b8e7b0b276c66b821c69c2c22febbbec4a30fed89117d50530ae0ea5e
-generated: "2025-05-19T23:11:03.858637+03:00"
+digest: sha256:d1695e2604961bf299ea44243a6fbf535d7109a87bfdc5fcdaf6f7d015b8206e
+generated: "2025-09-03T19:27:21.888711+03:00"
diff --git a/charts/codefresh/Chart.yaml b/charts/codefresh/Chart.yaml
index 59e0e1a85..aa2f765fb 100644
--- a/charts/codefresh/Chart.yaml
+++ b/charts/codefresh/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
description: Helm Chart for Codefresh On-Prem
name: codefresh
-version: 2.8.0
+version: 0.0.0
keywords:
- codefresh
home: https://codefresh.io/
@@ -11,7 +11,7 @@ sources:
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
-appVersion: 2.7.0
+appVersion: 0.0.0
annotations:
artifacthub.io/prerelease: "true"
artifacthub.io/alternativeName: "codefresh-onprem"
@@ -19,17 +19,21 @@ annotations:
# supported kinds are added, changed, deprecated, removed, fixed and security.
artifacthub.io/changes: |
- kind: changed
- description: "Initial 2.8.0 release"
+ description: "Initial onprem 3.0 release. Update microservices"
+ - kind: changed
+ description: "Change cf-builder image to use codefresh/dind image instead of library/docker"
+ - kind: deprecated
+ description: "Remove cf-runner subchart (was used for deprecated launch-composition step)"
dependencies:
- name: cf-common
repository: oci://quay.io/codefresh/charts
version: 0.18.1
- name: internal-gateway
repository: oci://quay.io/codefresh/charts
- version: 0.10.2
+ version: 0.11.0
condition: internal-gateway.enabled
- name: consul
- version: 11.4.17
+ version: 11.4.32
repository: https://charts.bitnami.com/bitnami
condition: consul.enabled
- name: mongodb
@@ -37,7 +41,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: mongodb.enabled,mongo.enabled,global.mongoDeploy
- name: postgresql
- version: 16.7.4
+ version: 16.7.15
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: postgresql-ha
@@ -57,19 +61,15 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: rabbitmq.enabled
- name: nats
- version: 9.0.17
+ version: 9.0.22
repository: https://charts.bitnami.com/bitnami
condition: nats.enabled
- name: builder
repository: oci://quay.io/codefresh/charts
condition: builder.enabled
- version: 1.4.0
- - name: runner
- repository: oci://quay.io/codefresh/charts
- condition: runner.enabled
- version: 1.4.0
+ version: 2.0.0
- name: ingress-nginx
- version: 4.12.1
+ version: 4.12.5
repository: https://kubernetes.github.io/ingress-nginx
condition: ingress-nginx.enabled
- name: cluster-providers
diff --git a/charts/codefresh/README.md b/charts/codefresh/README.md
index ec4d301e0..0c7934757 100644
--- a/charts/codefresh/README.md
+++ b/charts/codefresh/README.md
@@ -1,2440 +1,5 @@
-## Codefresh On-Premises
+# Codefresh Helm Chart
- 
+## Documentation
-Helm chart for deploying [Codefresh On-Premises](https://codefresh.io/docs/docs/getting-started/intro-to-codefresh/) to Kubernetes.
-
-## Table of Content
-
-- [Prerequisites](#prerequisites)
-- [Get Repo Info](#get-repo-info)
-- [Install Chart](#install-chart)
-- [Chart Configuration](#chart-configuration)
- - [Persistent services](#persistent-services)
- - [Configuring external services](#configuring-external-services)
- - [External MongoDB](#external-mongodb)
- - [External MongoDB with MTLS](#external-mongodb-with-mtls)
- - [External PostgresSQL](#external-postgressql)
- - [External Redis](#external-redis)
- - [External Redis with MTLS](#external-redis-with-mtls)
- - [External RabbitMQ](#external-rabbitmq)
- - [Configuring Ingress-NGINX](#configuring-ingress-nginx)
- - [ELB with SSL Termination (Classic Load Balancer)](#elb-with-ssl-termination-classic-load-balancer)
- - [NLB (Network Load Balancer)](#nlb-network-load-balancer)
- - [Configuration with ALB (Application Load Balancer)](#configuration-with-alb-application-load-balancer)
- - [Configuration with Private Registry](#configuration-with-private-registry)
- - [Configuration with multi-role CF-API](#configuration-with-multi-role-cf-api)
- - [Indexes in MongoDB](#indexes-in-mongodb)
- - [High Availability](#high-availability)
- - [Mounting private CA certs](#mounting-private-ca-certs)
-- [Installing on OpenShift](#installing-on-openshift)
-- [Firebase Configuration](#firebase-configuration)
-- [Additional configuration](#additional-configuration)
- - [Retention policy for builds and logs](#retention-policy-for-builds-and-logs)
- - [Projects pipelines limit](#projects-pipelines-limit)
- - [Enable session cookie](#enable-session-cookie)
- - [X-Frame-Options response header](#x-frame-options-response-header)
- - [Image digests in containers](#image-digests-in-containers)
-- [Configuring OIDC Provider](#configuring-oidc-provider)
-- [Upgrading](#upgrading)
- - [To 2.0.0](#to-2-0-0)
- - [To 2.0.12](#to-2-0-12)
- - [To 2.0.17](#to-2-0-17)
- - [To 2.1.0](#to-2-1-0)
- - [To 2.1.7](#to-2-1-7)
- - [To 2.2.0](#to-2-2-0)
- - [To 2.3.0](#to-2-3-0)
- - [To 2.4.0](#to-2-4-0)
- - [To 2.5.0](#to-2-5-0)
- - [To 2.6.0](#to-2-6-0)
- - [To 2.7.0](#to-2-7-0)
- - [To 2.8.0](#to-2-8-0)
-- [Rollback](#rollback)
-- [Troubleshooting](#troubleshooting)
-- [Values](#values)
-
-⚠️⚠️⚠️
-> Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh`
-
-> Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh`
-
-## Prerequisites
-
-- Kubernetes **>= 1.28 && <= 1.32** (Supported versions mean that installation passed for the versions listed; however, it **may** work on older k8s versions as well)
-- Helm **3.8.0+**
-- PV provisioner support in the underlying infrastructure (with [resizing](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) available)
-- Minimal 4vCPU and 8Gi Memory available in the cluster (for production usage the recommended minimal cluster capacity is at least 12vCPUs and 36Gi Memory)
-- GCR Service Account JSON `sa.json` (provided by Codefresh, contact support@codefresh.io)
-- Firebase [Realtime Database URL](https://firebase.google.com/docs/database/web/start#create_a_database) with [legacy token](https://firebase.google.com/docs/database/rest/auth#legacy_tokens). See [Firebase Configuration](#firebase-configuration)
-- Valid TLS certificates for Ingress
-- When [external](#external-postgressql) PostgreSQL is used, `pg_cron` and `pg_partman` extensions **must be enabled** for [analytics](https://codefresh.io/docs/docs/dashboards/home-dashboard/#pipelines-dashboard) to work (see [AWS RDS example](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL_pg_cron.html#PostgreSQL_pg_cron.enable))
-
-## Get Repo Info
-
-```console
-helm show all oci://quay.io/codefresh/codefresh
-```
-See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
-
-## Install Chart
-
-**Important:** only helm 3.8.0+ is supported
-
-**Important:** Read about [Indexes in MongoDB](#indexes-in-mongodb) before installation
-
-Edit default `values.yaml` or create empty `cf-values.yaml`
-
-- Pass `sa.json` (as a single line) to `.Values.imageCredentials.password`
-
-```yaml
-# -- Credentials for Image Pull Secret object
-imageCredentials:
- registry: us-docker.pkg.dev
- username: _json_key
- password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }'
-```
-
-- Specify `.Values.global.appUrl`, `.Values.global.firebaseUrl` and `.Values.global.firebaseSecret`
-
-```yaml
-global:
- # -- Application root url. Will be used in Ingress as hostname
- appUrl: onprem.mydomain.com
-
- # -- Firebase URL for logs streaming.
- firebaseUrl: <>
- # -- Firebase URL for logs streaming from existing secret
- firebaseUrlSecretKeyRef: {}
- # E.g.
- # firebaseUrlSecretKeyRef:
- # name: my-secret
- # key: firebase-url
-
- # -- Firebase Secret.
- firebaseSecret: <>
- # -- Firebase Secret from existing secret
- firebaseSecretSecretKeyRef: {}
- # E.g.
- # firebaseSecretSecretKeyRef:
- # name: my-secret
- # key: firebase-secret
-
- env:
- MONGOOSE_AUTO_INDEX: "true"
- MONGO_AUTOMATIC_INDEX_CREATION: "true"
-
-```
-
-- Specify `.Values.ingress.tls.cert` and `.Values.ingress.tls.key` OR `.Values.ingress.tls.existingSecret`
-
-```yaml
-ingress:
- # -- Enable the Ingress
- enabled: true
- # -- Set the ingressClass that is used for the ingress.
- # Default `nginx-codefresh` is created from `ingress-nginx` controller subchart
- # If you specify a different ingress class, disable `ingress-nginx` subchart (see below)
- ingressClassName: nginx-codefresh
- tls:
- # -- Enable TLS
- enabled: true
- # -- Default secret name to be created with provided `cert` and `key` below
- secretName: "star.codefresh.io"
- # -- Certificate (base64 encoded)
- cert: ""
- # -- Private key (base64 encoded)
- key: ""
- # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`)
- existingSecret: ""
-
-ingress-nginx:
- # -- Enable ingress-nginx controller
- enabled: true
-```
-
-- *Or specify your own `.Values.ingress.ingressClassName` (disable built-in ingress-nginx subchart)*
-
-```yaml
-ingress:
- # -- Enable the Ingress
- enabled: true
- # -- Set the ingressClass that is used for the ingress.
- ingressClassName: nginx
-
-ingress-nginx:
- # -- Disable ingress-nginx controller
- enabled: false
-```
-
-- Install the chart
-
-```console
- helm upgrade --install cf oci://quay.io/codefresh/codefresh \
- -f cf-values.yaml \
- --namespace codefresh \
- --create-namespace \
- --debug \
- --wait \
- --timeout 15m
- ```
-
-## Chart Configuration
-
-See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
-
-```console
-helm show values codefresh/codefresh
-```
-
-### Persistent services
-
-The following table displays the list of **persistent** services created as part of the on-premises installation:
-
-| Database | Purpose | Required version |
-| :--- | :---- | :--- |
-| MongoDB | Stores all account data (account settings, users, projects, pipelines, builds etc.) | 7.x |
-| Postgresql | Stores data about events for the account (pipeline updates, deletes, etc.). The audit log uses the data from this database. | 17.x |
-| Redis | Used for caching, and as a key-value store for cron trigger manager. | 7.0.x |
-| RabbitMQ | Used for message queueing. | 4.0.x |
-
-> Running on netfs (nfs, cifs) is not recommended.
-
-> Docker daemon (`cf-builder` stateful set) can be run on block storage only.
-
-All of them can be externalized. See the next sections.
-
-### Configuring external services
-
-The chart contains required dependencies for the corresponding services
-- [bitnami/mongodb](https://github.com/bitnami/charts/tree/main/bitnami/mongodb)
-- [bitnami/postgresql](https://github.com/bitnami/charts/tree/main/bitnami/postgresql)
-- [bitnami/redis](https://github.com/bitnami/charts/tree/main/bitnami/redis)
-- [bitnami/rabbitmq](https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq)
-
-However, you might need to use external services like [MongoDB Atlas Database](https://www.mongodb.com/atlas/database) or [Amazon RDS for PostgreSQL](https://aws.amazon.com/rds/postgresql/). In order to use them, adjust the values accordingly:
-
-#### External MongoDB
-
-```yaml
-seed:
- mongoSeedJob:
- # -- Enable mongo seed job. Seeds the required data (default idp/user/account), creates cfuser and required databases.
- enabled: true
- # -- Root user in plain text (required ONLY for seed job!).
- mongodbRootUser: "root"
- # -- Root user from existing secret
- mongodbRootUserSecretKeyRef: {}
- # E.g.
- # mongodbRootUserSecretKeyRef:
- # name: my-secret
- # key: mongodb-root-user
-
- # -- Root password in plain text (required ONLY for seed job!).
- mongodbRootPassword: "password"
- # -- Root password from existing secret
- mongodbRootPasswordSecretKeyRef: {}
- # E.g.
- # mongodbRootPasswordSecretKeyRef:
- # name: my-secret
- # key: mongodb-root-password
-
-global:
- # -- LEGACY (but still supported) - Use `.global.mongodbProtocol` + `.global.mongodbUser/mongodbUserSecretKeyRef` + `.global.mongodbPassword/mongodbPasswordSecretKeyRef` + `.global.mongodbHost/mongodbHostSecretKeyRef` + `.global.mongodbOptions` instead
- # Default MongoDB URI. Will be used by ALL services to communicate with MongoDB.
- # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/
- # Note! `defaultauthdb` is omitted on purpose (i.e. mongodb://.../[defaultauthdb]).
- mongoURI: ""
- # E.g.
- # mongoURI: "mongodb://cfuser:mTiXcU2wafr9@cf-mongodb:27017/"
-
- # -- Set mongodb protocol (`mongodb` / `mongodb+srv`)
- mongodbProtocol: mongodb
- # -- Set mongodb user in plain text
- mongodbUser: "cfuser"
- # -- Set mongodb user from existing secret
- mongodbUserSecretKeyRef: {}
- # E.g.
- # mongodbUserSecretKeyRef:
- # name: my-secret
- # key: mongodb-user
-
- # -- Set mongodb password in plain text
- mongodbPassword: "password"
- # -- Set mongodb password from existing secret
- mongodbPasswordSecretKeyRef: {}
- # E.g.
- # mongodbPasswordSecretKeyRef:
- # name: my-secret
- # key: mongodb-password
-
- # -- Set mongodb host in plain text
- mongodbHost: "my-mongodb.prod.svc.cluster.local:27017"
- # -- Set mongodb host from existing secret
- mongodbHostSecretKeyRef: {}
- # E.g.
- # mongodbHostSecretKeyRef:
- # name: my-secret
- # key: monogdb-host
-
- # -- Set mongodb connection string options
- # Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options
- mongodbOptions: "retryWrites=true"
-
-mongodb:
- # -- Disable mongodb subchart installation
- enabled: false
-```
-
-#### External MongoDB with MTLS
-
-In order to use MTLS (Mutual TLS) for MongoDB, you need:
-
-* Create a K8S secret that contains the certificate (certificate file and private key).
- The K8S secret should have one `ca.pem` key.
-```console
-cat cert.crt > ca.pem
-cat cert.key >> ca.pem
-kubectl create secret generic my-mongodb-tls --from-file=ca.pem
-```
-
-* Add `.Values.global.volumes` and `.Values.global.volumeMounts` to mount the secret into all the services.
-```yaml
-global:
- volumes:
- mongodb-tls:
- enabled: true
- type: secret
- nameOverride: my-mongodb-tls
- optional: true
-
- volumeMounts:
- mongodb-tls:
- path:
- - mountPath: /etc/ssl/mongodb/ca.pem
- subPath: ca.pem
-
- env:
- MONGODB_SSL_ENABLED: true
- MTLS_CERT_PATH: /etc/ssl/mongodb/ca.pem
- RUNTIME_MTLS_CERT_PATH: /etc/ssl/mongodb/ca.pem
- RUNTIME_MONGO_TLS: "true"
- # Set these env vars to 'false' if self-signed certificate is used to avoid x509 errors
- RUNTIME_MONGO_TLS_VALIDATE: "false"
- MONGO_MTLS_VALIDATE: "false"
-```
-
-#### External PostgresSQL
-
-```yaml
-seed:
- postgresSeedJob:
- # -- Enable postgres seed job. Creates required user and databases.
- enabled: true
- # -- (optional) "postgres" admin user in plain text (required ONLY for seed job!)
- # Must be a privileged user allowed to create databases and grant roles.
- # If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used.
- postgresUser: "postgres"
- # -- (optional) "postgres" admin user from exising secret
- postgresUserSecretKeyRef: {}
- # E.g.
- # postgresUserSecretKeyRef:
- # name: my-secret
- # key: postgres-user
-
- # -- (optional) Password for "postgres" admin user (required ONLY for seed job!)
- postgresPassword: "password"
- # -- (optional) Password for "postgres" admin user from existing secret
- postgresPasswordSecretKeyRef: {}
- # E.g.
- # postgresPasswordSecretKeyRef:
- # name: my-secret
- # key: postgres-password
-
-global:
- # -- Set postgres user in plain text
- postgresUser: cf_user
- # -- Set postgres user from existing secret
- postgresUserSecretKeyRef: {}
- # E.g.
- # postgresUserSecretKeyRef:
- # name: my-secret
- # key: postgres-user
-
- # -- Set postgres password in plain text
- postgresPassword: password
- # -- Set postgres password from existing secret
- postgresPasswordSecretKeyRef: {}
- # E.g.
- # postgresPasswordSecretKeyRef:
- # name: my-secret
- # key: postgres-password
-
- # -- Set postgres service address in plain text.
- postgresHostname: "my-postgres.domain.us-east-1.rds.amazonaws.com"
- # -- Set postgres service from existing secret
- postgresHostnameSecretKeyRef: {}
- # E.g.
- # postgresHostnameSecretKeyRef:
- # name: my-secret
- # key: postgres-hostname
-
- # -- Set postgres port number
- postgresPort: 5432
-
-postgresql:
- # -- Disable postgresql subchart installation
- enabled: false
-```
-
-#### External Redis
-
-```yaml
-global:
- # -- Set redis password in plain text
- redisPassword: password
- # -- Set redis service port
- redisPort: 6379
- # -- Set redis password from existing secret
- redisPasswordSecretKeyRef: {}
- # E.g.
- # redisPasswordSecretKeyRef:
- # name: my-secret
- # key: redis-password
-
- # -- Set redis hostname in plain text. Takes precedence over `global.redisService`!
- redisUrl: "my-redis.namespace.svc.cluster.local"
- # -- Set redis hostname from existing secret.
- redisUrlSecretKeyRef: {}
- # E.g.
- # redisUrlSecretKeyRef:
- # name: my-secret
- # key: redis-url
-
-redis:
- # -- Disable redis subchart installation
- enabled: false
-
-```
-
-> If ElastiCache is used, set `REDIS_TLS` to `true` in `.Values.global.env`
-
-```
-global:
- env:
- REDIS_TLS: true
-```
-
-#### External Redis with MTLS
-
-In order to use [MTLS (Mutual TLS) for Redis](https://redis.io/docs/management/security/encryption/), you need:
-
-* Create a K8S secret that contains the certificate (ca, certificate and private key).
-```console
-cat ca.crt tls.crt > tls.crt
-kubectl create secret tls my-redis-tls --cert=tls.crt --key=tls.key --dry-run=client -o yaml | kubectl apply -f -
-```
-
-* Add `.Values.global.volumes` and `.Values.global.volumeMounts` to mount the secret into all the services.
-```yaml
-global:
- volumes:
- redis-tls:
- enabled: true
- type: secret
- # Existing secret with TLS certificates (keys: `ca.crt` , `tls.crt`, `tls.key`)
- nameOverride: my-redis-tls
- optional: true
-
- volumeMounts:
- redis-tls:
- path:
- - mountPath: /etc/ssl/redis
-
- env:
- REDIS_TLS: true
- REDIS_CA_PATH: /etc/ssl/redis/ca.crt
- REDIS_CLIENT_CERT_PATH : /etc/ssl/redis/tls.crt
- REDIS_CLIENT_KEY_PATH: /etc/ssl/redis/tls.key
- # Set these env vars like that if self-signed certificate is used to avoid x509 errors
- REDIS_REJECT_UNAUTHORIZED: false
- REDIS_TLS_SKIP_VERIFY: true
-```
-
-#### External RabbitMQ
-
-```yaml
-global:
- # -- Set rabbitmq protocol (`amqp/amqps`)
- rabbitmqProtocol: amqp
- # -- Set rabbitmq username in plain text
- rabbitmqUsername: user
- # -- Set rabbitmq username from existing secret
- rabbitmqUsernameSecretKeyRef: {}
- # E.g.
- # rabbitmqUsernameSecretKeyRef:
- # name: my-secret
- # key: rabbitmq-username
-
- # -- Set rabbitmq password in plain text
- rabbitmqPassword: password
- # -- Set rabbitmq password from existing secret
- rabbitmqPasswordSecretKeyRef: {}
- # E.g.
- # rabbitmqPasswordSecretKeyRef:
- # name: my-secret
- # key: rabbitmq-password
-
- # -- Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`!
- rabbitmqHostname: "my-rabbitmq.namespace.svc.cluster.local:5672"
- # -- Set rabbitmq service address from existing secret.
- rabbitmqHostnameSecretKeyRef: {}
- # E.g.
- # rabbitmqHostnameSecretKeyRef:
- # name: my-secret
- # key: rabbitmq-hostname
-
-rabbitmq:
- # -- Disable rabbitmq subchart installation
- enabled: false
-```
-
-### Configuring Ingress-NGINX
-
-The chart deploys the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/main) and exposes controller behind a Service of `Type=LoadBalancer`
-
-All installation options for `ingress-nginx` are described at [Configuration](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx#configuration)
-
-Relevant examples for Codefesh are below:
-
-#### ELB with SSL Termination (Classic Load Balancer)
-
-*certificate provided from ACM*
-
-```yaml
-ingress-nginx:
- controller:
- service:
- annotations:
- service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
- service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
- service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
- service.beta.kubernetes.io/aws-load-balancer-ssl-cert: < CERTIFICATE ARN >
- targetPorts:
- http: http
- https: http
-
-# -- Ingress
-ingress:
- tls:
- # -- Disable TLS
- enabled: false
-```
-
-#### NLB (Network Load Balancer)
-
-*certificate provided as base64 string or as exisiting k8s secret*
-
-```yaml
-ingress-nginx:
- controller:
- service:
- annotations:
- service.beta.kubernetes.io/aws-load-balancer-type: nlb
- service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
- service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
- service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
-
-# -- Ingress
-ingress:
- tls:
- # -- Enable TLS
- enabled: true
- # -- Default secret name to be created with provided `cert` and `key` below
- secretName: "star.codefresh.io"
- # -- Certificate (base64 encoded)
- cert: "LS0tLS1CRUdJTiBDRVJ...."
- # -- Private key (base64 encoded)
- key: "LS0tLS1CRUdJTiBSU0E..."
- # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`)
- existingSecret: ""
-```
-
-### Configuration with ALB (Application Load Balancer)
-
-*[Application Load Balancer](https://github.com/kubernetes-sigs/aws-load-balancer-controller/tree/main/helm/aws-load-balancer-controller) should be deployed to the cluster*
-
-```yaml
-ingress-nginx:
- # -- Disable ingress-nginx subchart installation
- enabled: false
-
-ingress:
- # -- ALB contoller ingress class
- ingressClassName: alb
- annotations:
- alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig":{ "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
- alb.ingress.kubernetes.io/backend-protocol: HTTP
- alb.ingress.kubernetes.io/certificate-arn:
- alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
- alb.ingress.kubernetes.io/scheme: internet-facing
- alb.ingress.kubernetes.io/success-codes: 200,404
- alb.ingress.kubernetes.io/target-type: ip
- services:
- # For ALB /* asterisk is required in path
- internal-gateway:
- - /*
-
-```
-
-### Configuration with Private Registry
-
-If you install/upgrade Codefresh on an air-gapped environment without access to public registries (i.e. `quay.io`/`docker.io`) or Codefresh Enterprise registry at `gcr.io`, you will have to mirror the images to your organization’s container registry.
-
-- Obtain [image list](https://github.com/codefresh-io/onprem-images/tree/master/releases) for specific release
-
-- [Push images](https://github.com/codefresh-io/onprem-images/blob/master/push-to-registry.sh) to private docker registry
-
-- Specify image registry in values
-
-```yaml
-global:
- imageRegistry: myregistry.domain.com
-
-```
-
-There are 3 types of images, with the values above in rendered manifests images will be converted as follows:
-
-**non-Codefresh** like:
-
-```yaml
-bitnami/mongo:4.2
-registry.k8s.io/ingress-nginx/controller:v1.4.0
-postgres:13
-```
-converted to:
-```yaml
-myregistry.domain.com/bitnami/mongodb:4.2
-myregistry.domain.com/ingress-nginx/controller:v1.2.0
-myregistry.domain.com/postgres:13
-```
-
-Codefresh **public** images like:
-```yaml
-quay.io/codefresh/dind:20.10.13-1.25.2
-quay.io/codefresh/engine:1.147.8
-quay.io/codefresh/cf-docker-builder:1.1.14
-```
-converted to:
-```yaml
-myregistry.domain.com/codefresh/dind:20.10.13-1.25.2
-myregistry.domain.com/codefresh/engine:1.147.8
-myregistry.domain.com/codefresh/cf-docker-builder:1.1.14
-```
-
-Codefresh **private** images like:
-```yaml
-gcr.io/codefresh-enterprise/codefresh/cf-api:21.153.6
-gcr.io/codefresh-enterprise/codefresh/cf-ui:14.69.38
-gcr.io/codefresh-enterprise/codefresh/pipeline-manager:3.121.7
-```
-converted to:
-
-```yaml
-myregistry.domain.com/codefresh/cf-api:21.153.6
-myregistry.domain.com/codefresh/cf-ui:14.69.38
-myregistry.domain.com/codefresh/pipeline-manager:3.121.7
-```
-
-Use the example below to override repository for all templates:
-
-```yaml
-
-global:
- imagePullSecrets:
- - cf-registry
-
-ingress-nginx:
- controller:
- image:
- registry: myregistry.domain.com
- image: codefresh/controller
-
-mongodb:
- image:
- repository: codefresh/mongodb
-
-postgresql:
- image:
- repository: codefresh/postgresql
-
-consul:
- image:
- repository: codefresh/consul
-
-redis:
- image:
- repository: codefresh/redis
-
-rabbitmq:
- image:
- repository: codefresh/rabbitmq
-
-nats:
- image:
- repository: codefresh/nats
-
-builder:
- container:
- image:
- repository: codefresh/docker
-
-runner:
- container:
- image:
- repository: codefresh/docker
-
-internal-gateway:
- container:
- image:
- repository: codefresh/nginx-unprivileged
-
-helm-repo-manager:
- chartmuseum:
- image:
- repository: myregistry.domain.com/codefresh/chartmuseum
-
-cf-platform-analytics-platform:
- redis:
- image:
- repository: codefresh/redis
-```
-
-### Configuration with multi-role CF-API
-
-The chart installs cf-api as a single deployment. Though, at a larger scale, we do recommend to split cf-api to multiple roles (one deployment per role) as follows:
-
-```yaml
-
-global:
- # -- Change internal cfapi service address
- cfapiService: cfapi-internal
- # -- Change endpoints cfapi service address
- cfapiEndpointsService: cfapi-endpoints
-
-cfapi: &cf-api
- # -- Disable default cfapi deployment
- enabled: false
- # -- (optional) Enable the autoscaler
- # The value will be merged into each cfapi role. So you can specify it once.
- hpa:
- enabled: true
-# Enable cf-api roles
-cfapi-auth:
- <<: *cf-api
- enabled: true
-cfapi-internal:
- <<: *cf-api
- enabled: true
-cfapi-ws:
- <<: *cf-api
- enabled: true
-cfapi-admin:
- <<: *cf-api
- enabled: true
-cfapi-endpoints:
- <<: *cf-api
- enabled: true
-cfapi-terminators:
- <<: *cf-api
- enabled: true
-cfapi-sso-group-synchronizer:
- <<: *cf-api
- enabled: true
-cfapi-buildmanager:
- <<: *cf-api
- enabled: true
-cfapi-cacheevictmanager:
- <<: *cf-api
- enabled: true
-cfapi-eventsmanagersubscriptions:
- <<: *cf-api
- enabled: true
-cfapi-kubernetesresourcemonitor:
- <<: *cf-api
- enabled: true
-cfapi-environments:
- <<: *cf-api
- enabled: true
-cfapi-gitops-resource-receiver:
- <<: *cf-api
- enabled: true
-cfapi-downloadlogmanager:
- <<: *cf-api
- enabled: true
-cfapi-teams:
- <<: *cf-api
- enabled: true
-cfapi-kubernetes-endpoints:
- <<: *cf-api
- enabled: true
-cfapi-test-reporting:
- <<: *cf-api
- enabled: true
-```
-
-⚠️ ⚠️ ⚠️
-### Indexes in MongoDB
-⚠️ ⚠️ ⚠️
-
-Indexes in MongoDB are essential for efficient query performance, especially as your data grows. Without proper indexes, MongoDB must perform full collection scans to find matching documents, which can significantly slow down operations and increase resource usage. For production environments, ensuring that all frequently queried fields are indexed is vital to maintain optimal performance and scalability.
-
-Auto-index creation in MongoDB is disabled by default in Codefresh On-Prem to prevent unexpected performance issues in production environments during upgrades. When enabled, MongoDB will automatically create indexes for fields used in queries, which can lead to high CPU and disk usage, increased I/O, and potential service disruptions—especially on large datasets. By requiring manual index management, administrators can plan index creation during maintenance windows, ensuring system stability and predictable performance before upgrading Codefresh On-Prem.
-
-It is critical to ensure that your MongoDB indexes are always aligned with the latest recommended state for your Codefresh On-Prem version. Outdated or missing indexes can lead to degraded performance, slow queries, and increased resource consumption. Always review release notes and update or create indexes as specified during upgrades or when new collections/fields are introduced. Regularly auditing and maintaining your indexes helps ensure optimal system reliability and scalability.
-
-The indexes list is located at the [codefresh-io/codefresh-onprem-helm](https://github.com/codefresh-io/codefresh-onprem-helm/tree/onprem-2.8.0/indexes) repository.
-The indexes are stored in JSON files with keys and options specified.
-
-The directory structure is:
-
-```console
-codefresh-onprem-helm
-├── indexes
-│ ├── # MongoDB database name
-│ │ ├── .json # MongoDB indexes for the specified collection
-```
-
-#### Enabling auto-index creation
-
-For first-time installations, you **must** enable auto-index creation by setting the following values:
-
-```yaml
-global:
- env:
- MONGOOSE_AUTO_INDEX: "true"
- MONGO_AUTOMATIC_INDEX_CREATION: "true"
-```
-
-You **should** disable it for the next upgrades by setting these variables to `false`:
-
-```yaml
-global:
- env:
- MONGOOSE_AUTO_INDEX: "false"
- MONGO_AUTOMATIC_INDEX_CREATION: "false"
-```
-
-#### Creating Indexes manually
-
-> **Note!** If you have a large amount of MongoDB data, it is recommended to create indexes manually. Enabling auto-index creation can cause performance degradation during the index creation process with large datasets.
-
-Depending on your MongoDB service (e.g., Atlas, self-hosted), you can create indexes using the MongoDB shell or the Atlas UI.
-
-Ref:
-- [Create an Index in Atlas DB](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/#create-an-index)
-- [Create an Index with mongosh](https://www.mongodb.com/docs/manual/reference/method/db.collection.createIndex/)
-
-### High Availability
-
-The chart installs the non-HA version of Codefresh by default. If you want to run Codefresh in HA mode, use the example values below.
-
-> **Note!** `cronus` is not supported in HA mode, otherwise builds with CRON triggers will be duplicated
-
-`values.yaml`
-```yaml
-cfapi:
- hpa:
- enabled: true
- # These are the defaults for all Codefresh subcharts
- # minReplicas: 2
- # maxReplicas: 10
- # targetCPUUtilizationPercentage: 70
-
-argo-platform:
- abac:
- hpa:
- enabled: true
-
- analytics-reporter:
- hpa:
- enabled: true
-
- api-events:
- hpa:
- enabled: true
-
- api-graphql:
- hpa:
- enabled: true
-
- audit:
- hpa:
- enabled: true
-
- cron-executor:
- hpa:
- enabled: true
-
- event-handler:
- hpa:
- enabled: true
-
- ui:
- hpa:
- enabled: true
-
-cfui:
- hpa:
- enabled: true
-
-internal-gateway:
- hpa:
- enabled: true
-
-cf-broadcaster:
- hpa:
- enabled: true
-
-cf-platform-analytics-platform:
- hpa:
- enabled: true
-
-charts-manager:
- hpa:
- enabled: true
-
-cluster-providers:
- hpa:
- enabled: true
-
-context-manager:
- hpa:
- enabled: true
-
-gitops-dashboard-manager:
- hpa:
- enabled: true
-
-helm-repo-manager:
- hpa:
- enabled: true
-
-hermes:
- hpa:
- enabled: true
-
-k8s-monitor:
- hpa:
- enabled: true
-
-kube-integration:
- hpa:
- enabled: true
-
-nomios:
- hpa:
- enabled: true
-
-pipeline-manager:
- hpa:
- enabled: true
-
-runtime-environment-manager:
- hpa:
- enabled: true
-
-tasker-kubernetes:
- hpa:
- enabled: true
-
-```
-
-For infra services (MongoDB, PostgreSQL, RabbitMQ, Redis, Consul, Nats, Ingress-NGINX) from built-in Bitnami charts you can use the following example:
-
-> **Note!** Use [topologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods) for better resiliency
-
-`values.yaml`
-```yaml
-global:
- postgresService: postgresql-ha-pgpool
- mongodbHost: cf-mongodb-0,cf-mongodb-1,cf-mongodb-2 # Replace `cf` with your Helm Release name
- mongodbOptions: replicaSet=rs0&retryWrites=true
- redisUrl: cf-redis-ha-haproxy
-
-builder:
- controller:
- replicas: 3
-
-consul:
- replicaCount: 3
-
-cfsign:
- controller:
- replicas: 3
- persistence:
- certs-data:
- enabled: false
- volumes:
- certs-data:
- type: emptyDir
- initContainers:
- volume-permissions:
- enabled: false
-
-ingress-nginx:
- controller:
- autoscaling:
- enabled: true
-
-mongodb:
- architecture: replicaset
- replicaCount: 3
- externalAccess:
- enabled: true
- service:
- type: ClusterIP
-
-nats:
- replicaCount: 3
-
-postgresql:
- enabled: false
-
-postgresql-ha:
- enabled: true
- volumePermissions:
- enabled: true
-
-rabbitmq:
- replicaCount: 3
-
-redis:
- enabled: false
-
-redis-ha:
- enabled: true
-```
-
-### Mounting private CA certs
-
-```yaml
-global:
- env:
- NODE_EXTRA_CA_CERTS: /etc/ssl/custom/ca.crt
-
- volumes:
- custom-ca:
- enabled: true
- type: secret
- existingName: my-custom-ca-cert # exisiting K8s secret object with the CA cert
- optional: true
-
- volumeMounts:
- custom-ca:
- path:
- - mountPath: /etc/ssl/custom/ca.crt
- subPath: ca.crt
-```
-
-## Installing on OpenShift
-
-To deploy Codefresh On-Prem on OpenShift use the following values example:
-
-```yaml
-ingress:
- ingressClassName: openshift-default
-
-global:
- dnsService: dns-default
- dnsNamespace: openshift-dns
- clusterDomain: cluster.local
-
-# Requires privileged SCC.
-builder:
- enabled: false
-
-cfapi:
- podSecurityContext:
- enabled: false
-
-cf-platform-analytics-platform:
- redis:
- master:
- podSecurityContext:
- enabled: false
- containerSecurityContext:
- enabled: false
-
-cfsign:
- podSecurityContext:
- enabled: false
- initContainers:
- volume-permissions:
- enabled: false
-
-cfui:
- podSecurityContext:
- enabled: false
-
-internal-gateway:
- podSecurityContext:
- enabled: false
-
-helm-repo-manager:
- chartmuseum:
- securityContext:
- enabled: false
-
-consul:
- podSecurityContext:
- enabled: false
- containerSecurityContext:
- enabled: false
-
-cronus:
- podSecurityContext:
- enabled: false
-
-ingress-nginx:
- enabled: false
-
-mongodb:
- podSecurityContext:
- enabled: false
- containerSecurityContext:
- enabled: false
-
-postgresql:
- primary:
- podSecurityContext:
- enabled: false
- containerSecurityContext:
- enabled: false
-
-redis:
- master:
- podSecurityContext:
- enabled: false
- containerSecurityContext:
- enabled: false
-
-rabbitmq:
- podSecurityContext:
- enabled: false
- containerSecurityContext:
- enabled: false
-
-# Requires privileged SCC.
-runner:
- enabled: false
-```
-
-## Firebase Configuration
-
-As outlined in [prerequisites](#prerequisites), it's required to set up a Firebase database for builds logs streaming:
-
-- [Create a Database](https://firebase.google.com/docs/database/web/start#create_a_database).
-- Create a [Legacy token](https://firebase.google.com/docs/database/rest/auth#legacy_tokens) for authentication.
-- Set the following rules for the database:
-```json
-{
- "rules": {
- "build-logs": {
- "$jobId":{
- ".read": "!root.child('production/build-logs/'+$jobId).exists() || (auth != null && auth.admin == true) || (auth == null && data.child('visibility').exists() && data.child('visibility').val() == 'public') || ( auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val() )",
- ".write": "auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val()"
- }
- },
- "environment-logs": {
- "$environmentId":{
- ".read": "!root.child('production/environment-logs/'+$environmentId).exists() || ( auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val() )",
- ".write": "auth != null && data.child('accountId').exists() && auth.accountId == data.child('accountId').val()"
- }
- }
- }
-}
-```
-
-However, if you're in an air-gapped environment, you can omit this prerequisite and use a built-in logging system (i.e. `OfflineLogging` feature-flag).
-See [feature management](https://codefresh.io/docs/docs/installation/on-premises/on-prem-feature-management)
-
-## Additional configuration
-
-### Retention policy for builds and logs
-
-With this method, Codefresh by default deletes builds older than six months.
-
-The retention mechanism removes data from the following collections: `workflowproccesses`, `workflowrequests`, `workflowrevisions`
-
-```yaml
-cfapi:
- env:
- # Determines if automatic build deletion through the Cron job is enabled.
- RETENTION_POLICY_IS_ENABLED: true
- # The maximum number of builds to delete by a single Cron job. To avoid database issues, especially when there are large numbers of old builds, we recommend deleting them in small chunks. You can gradually increase the number after verifying that performance is not affected.
- RETENTION_POLICY_BUILDS_TO_DELETE: 50
- # The number of days for which to retain builds. Builds older than the defined retention period are deleted.
- RETENTION_POLICY_DAYS: 180
-```
-
-### Retention policy for builds and logs
-> Configuration for Codefresh On-Prem >= 2.x
-
-> Previous configuration example (i.e. `RETENTION_POLICY_IS_ENABLED=true` ) is also supported in Codefresh On-Prem >= 2.x
-
-**For existing environments, for the retention mechanism to work, you must first drop the `created ` index in `workflowprocesses` collection. This requires a maintenance window that depends on the number of builds.**
-
-```yaml
-cfapi:
- env:
- # Determines if automatic build deletion is enabled.
- TTL_RETENTION_POLICY_IS_ENABLED: true
- # The number of days for which to retain builds, and can be between 30 (minimum) and 365 (maximum). Builds older than the defined retention period are deleted.
- TTL_RETENTION_POLICY_IN_DAYS: 180
-```
-
-### Projects pipelines limit
-
-```yaml
-cfapi:
- env:
- # Determines project's pipelines limit (default: 500)
- PROJECT_PIPELINES_LIMIT: 500
-```
-
-### Enable session cookie
-
-```yaml
-cfapi:
- env:
- # Generate a unique session cookie (cf-uuid) on each login
- DISABLE_CONCURRENT_SESSIONS: true
- # Customize cookie domain
- CF_UUID_COOKIE_DOMAIN: .mydomain.com
-```
-
-> **Note!** Ingress host for [gitops-runtime](https://artifacthub.io/packages/helm/codefresh-gitops-runtime/gitops-runtime) and ingress host for control plane must share the same root domain (i.e. `onprem.mydomain.com` and `runtime.mydomain.com`)
-
-### X-Frame-Options response header
-
-```yaml
-cfapi:
- env:
- # Set value to the `X-Frame-Options` response header. Control the restrictions of embedding Codefresh page into the iframes.
- # Possible values: sameorigin(default) / deny
- FRAME_OPTIONS: sameorigin
-
-cfui:
- env:
- FRAME_OPTIONS: sameorigin
-```
-
-Read more about header at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options.
-
-### Configure CSP (Content Security Policy)
-
-`CONTENT_SECURITY_POLICY` is the string describing content policies. Use semi-colons to separate between policies. `CONTENT_SECURITY_POLICY_REPORT_TO` is a comma-separated list of JSON objects. Each object must have a name and an array of endpoints that receive the incoming CSP reports.
-
-For detailed information, see the [Content Security Policy article on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
-
-```yaml
-cfui:
- env:
- CONTENT_SECURITY_POLICY: ""
- CONTENT_SECURITY_POLICY_REPORT_ONLY: "default-src 'self'; font-src 'self'
- https://fonts.gstatic.com; script-src 'self' https://unpkg.com https://js.stripe.com;
- style-src 'self' https://fonts.googleapis.com; 'unsafe-eval' 'unsafe-inline'"
- CONTENT_SECURITY_POLICY_REPORT_TO: ""
-```
-
-### x-hub-signature-256 signature for GitHub AE
-
-For detailed information, see the [Securing your webhooks](https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks) and [Webhooks](https://docs.github.com/en/github-ae@latest/rest/webhooks).
-
-```
-cfapi:
- env:
- USE_SHA256_GITHUB_SIGNATURE: "true"
-```
-
-### Image digests in containers
-
-In Codefresh On-Prem 2.6.x all Codefresh owner microservices include image digests in the default subchart values.
-
-For example, default values for `cfapi` might look like this:
-
-```yaml
-container:
- image:
- registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh/cf-api
- tag: 21.268.1
- digest: "sha256:bae42f8efc18facc2bf93690fce4ab03ef9607cec4443fada48292d1be12f5f8"
- pullPolicy: IfNotPresent
-```
-
-this resulting in the following image reference in the pod spec:
-
-```yaml
-spec:
- containers:
- - name: cfapi
- image: us-docker.pkg.dev/codefresh-enterprise/gcr.io/codefresh/cf-api:21.268.1@sha256:bae42f8efc18facc2bf93690fce4ab03ef9607cec4443fada48292d1be12f5f8
-```
-
-> **Note!** When the `digest` is providerd, the `tag` is ignored! You can omit digest and use tag only like the following `values.yaml` example:
-
-```yaml
-cfapi:
- container:
- image:
- tag: 21.268.1
- # -- Set empty tag for digest
- digest: ""
-```
-
-## Configuring OIDC Provider
-
-OpenID Connect (OIDC) allows Codefresh Builds to access resources in your cloud provider (such as AWS, Azure, GCP), without needing to store cloud credentials as long-lived pipeline secret variables.
-
-### Enabling the OIDC Provider in Codefresh On-Prem
-
-#### Prerequisites:
-
-- DNS name for OIDC Provider
-- Valid TLS certificates for Ingress
-- K8S secret containing JWKS (JSON Web Key Sets). Can be generated at [mkjwk.org](https://mkjwk.org/)
-- K8S secret containing Cliend ID (public identifier for app) and Client Secret (application password; cryptographically strong random string)
-
-> **NOTE!** In production usage use [External Secrets Operator](https://external-secrets.io/latest/) or [HashiCorp Vault](https://developer.hashicorp.com/vault/docs/platform/k8s) to create secrets. The following example uses `kubectl` for brevity.
-
-For JWKS use **Public and Private Keypair Set** (if generated at [mkjwk.org](https://mkjwk.org/)), for example:
-
-`cf-oidc-provider-jwks.json`:
-```json
-{
- "keys": [
- {
- "p": "...",
- "kty": "RSA",
- "q": "...",
- "d": "...",
- "e": "AQAB",
- "use": "sig",
- "qi": "...",
- "dp": "...",
- "alg": "RS256",
- "dq": "...",
- "n": "..."
- }
- ]
-}
-```
-
-```console
-# Creating secret containing JWKS.
-# The secret KEY is `cf-oidc-provider-jwks.json`. It then referenced in `OIDC_JWKS_PRIVATE_KEYS_PATH` environment variable in `cf-oidc-provider`.
-# The secret NAME is referenced in `.volumes.jwks-file.nameOverride` (volumeMount is configured in the chart already)
-kubectl create secret generic cf-oidc-provider-jwks \
- --from-file=cf-oidc-provider-jwks.json \
- -n $NAMESPACE
-
-# Creating secret containing Client ID and Client Secret
-# Secret NAME is `cf-oidc-provider-client-secret`.
-# It then referenced in `OIDC_CF_PLATFORM_CLIENT_ID` and `OIDC_CF_PLATFORM_CLIENT_SECRET` environment variables in `cf-oidc-provider`
-# and in `OIDC_PROVIDER_CLIENT_ID` and `OIDC_PROVIDER_CLIENT_SECRET` in `cfapi`.
-kubectl create secret generic cf-oidc-provider-client-secret \
- --from-literal=client-id=codefresh \
- --from-literal=client-secret='verysecureclientsecret' \
- -n $NAMESPACE
-```
-
-`values.yaml`
-```yaml
-global:
- # -- Set OIDC Provider URL
- oidcProviderService: "oidc.mydomain.com"
- # -- Default OIDC Provider service client ID in plain text.
- # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
- oidcProviderClientId: null
- # -- Default OIDC Provider service client secret in plain text.
- # Optional! If specified here, no need to specify CLIENT_ID/CLIENT_SECRET env vars in cfapi and cf-oidc-provider below.
- oidcProviderClientSecret: null
-
-cfapi:
- # -- Set additional variables for cfapi
- # Reference a secret containing Client ID and Client Secret
- env:
- OIDC_PROVIDER_CLIENT_ID:
- valueFrom:
- secretKeyRef:
- name: cf-oidc-provider-client-secret
- key: client-id
- OIDC_PROVIDER_CLIENT_SECRET:
- valueFrom:
- secretKeyRef:
- name: cf-oidc-provider-client-secret
- key: client-secret
-
-cf-oidc-provider:
- # -- Enable OIDC Provider
- enabled: true
-
- container:
- env:
- OIDC_JWKS_PRIVATE_KEYS_PATH: /secrets/jwks/cf-oidc-provider-jwks.json
- # -- Reference a secret containing Client ID and Client Secret
- OIDC_CF_PLATFORM_CLIENT_ID:
- valueFrom:
- secretKeyRef:
- name: cf-oidc-provider-client-secret
- key: client-id
- OIDC_CF_PLATFORM_CLIENT_SECRET:
- valueFrom:
- secretKeyRef:
- name: cf-oidc-provider-client-secret
- key: client-secret
-
- volumes:
- jwks-file:
- enabled: true
- type: secret
- # -- Secret name containing JWKS
- nameOverride: "cf-oidc-provider-jwks"
- optional: false
-
- ingress:
- main:
- # -- Enable ingress for OIDC Provider
- enabled: true
- annotations: {}
- # -- Set ingress class name
- ingressClassName: ""
- hosts:
- # -- Set OIDC Provider URL
- - host: "oidc.mydomain.com"
- paths:
- - path: /
- # For ALB (Application Load Balancer) /* asterisk is required in path
- # e.g.
- # - path: /*
- tls: []
-```
-
-Deploy HELM chart with new `values.yaml`
-
-Use https://oidc.mydomain.com/.well-known/openid-configuration to verify OIDC Provider configuration
-
-### Adding the identity provider in AWS
-
-To add Codefresh OIDC provider to IAM, see the [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html)
-- For the **provider URL**: Use `.Values.global.oidcProviderService` value with `https://` prefix (i.e. https://oidc.mydomain.com)
-- For the **Audienece**: Use `.Values.global.appUrl` value with `https://` prefix (i.e. https://onprem.mydomain.com)
-
-#### Configuring the role and trust policy
-
-To configure the role and trust in IAM, see [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html)
-
-Edit the trust policy to add the sub field to the validation conditions. For example, use `StringLike` to allow only builds from specific pipeline to assume a role in AWS.
-```json
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Federated": "arn:aws:iam:::oidc-provider/oidc.mydomain.com"
- },
- "Action": "sts:AssumeRoleWithWebIdentity",
- "Condition": {
- "StringEquals": {
- "oidc.mydomain.com:aud": "https://onprem.mydomain.com"
- },
- "StringLike": {
- "oidc.mydomain.com:sub": "account:64884faac2751b77ca7ab324:pipeline:64f7232ab698cfcb95d93cef:*"
- }
- }
- }
- ]
-}
-```
-
-To see all the claims supported by Codefresh OIDC provider, see `claims_supported` entries at https://oidc.mydomain.com/.well-known/openid-configuration
-```json
-"claims_supported": [
- "sub",
- "account_id",
- "account_name",
- "pipeline_id",
- "pipeline_name",
- "workflow_id",
- "initiator",
- "scm_user_name",
- "scm_repo_url",
- "scm_ref",
- "scm_pull_request_target_branch",
- "sid",
- "auth_time",
- "iss"
-]
-```
-
-#### Using OIDC in Codefresh Builds
-
-Use [obtain-oidc-id-token](https://github.com/codefresh-io/steps/blob/822afc0a9a128384e76459c6573628020a2cf404/incubating/obtain-oidc-id-token/step.yaml#L27-L58) and [aws-sts-assume-role-with-web-identity](https://github.com/codefresh-io/steps/blob/822afc0a9a128384e76459c6573628020a2cf404/incubating/aws-sts-assume-role-with-web-identity/step.yaml#L29-L63) steps to exchange the OIDC token (JWT) for a cloud access token.
-
-## Upgrading
-
-### To 2-0-0
-
-This major chart version change (v1.4.X -> v2.0.0) contains some **incompatible breaking change needing manual actions**.
-
-**Before applying the upgrade, read through this section!**
-
-#### ⚠️ New Services
-
-Codefesh 2.0 chart includes additional dependent microservices (charts):
-- `argo-platform`: Main Codefresh GitOps module.
-- `internal-gateway`: NGINX that proxies requests to the correct components (api-graphql, api-events, ui).
-- `argo-hub-platform`: Service for Argo Workflow templates.
-- `platform-analytics` and `etl-starter`: Service for [Pipelines dasboard](https://codefresh.io/docs/docs/dashboards/home-dashboard/#pipelines-dashboard)
-
-These services require additional databases in MongoDB (`audit`/`read-models`/`platform-analytics-postgres`) and in Postgresql (`analytics` and `analytics_pre_aggregations`)
-The helm chart is configured to re-run seed jobs to create necessary databases and users during the upgrade.
-
-```yaml
-seed:
- # -- Enable all seed jobs
- enabled: true
-```
-
-#### ⚠️ New MongoDB Indexes
-
-Starting from version 2.0.0, two new MongoDB indexes have been added that are vital for optimizing database queries and enhancing overall system performance. It is crucial to create these indexes before performing the upgrade to avoid any potential performance degradation.
-
-- `account_1_annotations.key_1_annotations.value_1` (db: `codefresh`; collection: `annotations`)
-```json
-{
- "account" : 1,
- "annotations.key" : 1,
- "annotations.value" : 1
-}
-```
-
-- `accountId_1_entityType_1_entityId_1` (db: `codefresh`; collection: `workflowprocesses`)
-
-```json
-{
- "accountId" : 1,
- "entityType" : 1,
- "entityId" : 1
-}
-```
-
-To prevent potential performance degradation during the upgrade, it is important to schedule a maintenance window during a period of low activity or minimal user impact and create the indexes mentioned above before initiating the upgrade process. By proactively creating these indexes, you can avoid the application automatically creating them during the upgrade and ensure a smooth transition with optimized performance.
-
-**Index Creation**
-
-If you're hosting MongoDB on [Atlas](https://www.mongodb.com/atlas/database), use the following [Create, View, Drop, and Hide Indexes](https://www.mongodb.com/docs/atlas/atlas-ui/indexes/) guide to create indexes mentioned above. It's important to create them in a rolling fashion (i.e. **Build index via rolling process** checkbox enabled) in produciton environment.
-
-For self-hosted MongoDB, see the following instruction:
-
-- Connect to the MongoDB server using the [mongosh](https://www.mongodb.com/docs/mongodb-shell/install/) shell. Open your terminal or command prompt and run the following command, replacing with the appropriate MongoDB connection string for your server:
-```console
-mongosh ""
-```
-
-- Once connected, switch to the `codefresh` database where the index will be located using the `use` command.
-```console
-use codefresh
-```
-
-- To create the indexes, use the createIndex() method. The createIndex() method should be executed on the db object.
-```console
-db.workflowprocesses.createIndex({ account: 1, 'annotations.key': 1, 'annotations.value': 1 }, { name: 'account_1_annotations.key_1_annotations.value_1', sparse: true, background: true })
-```
-
-```console
-db.annotations.createIndex({ accountId: 1, entityType: 1, entityId: 1 }, { name: 'accountId_1_entityType_1_entityId_1', background: true })
-```
-After executing the createIndex() command, you should see a result indicating the successful creation of the index.
-
-#### ⚠️ [Kcfi](https://github.com/codefresh-io/kcfi) Deprecation
-
-This major release deprecates [kcfi](https://github.com/codefresh-io/kcfi) installer. The recommended way to install Codefresh On-Prem is **Helm**.
-Due to that, Kcfi `config.yaml` will not be compatible for Helm-based installation.
-You still can reuse the same `config.yaml` for the Helm chart, but you need to remove (or update) the following sections.
-
-* `.Values.metadata` is deprecated. Remove it from `config.yaml`
-
-*1.4.x `config.yaml`*
-```yaml
-metadata:
- kind: codefresh
- installer:
- type: helm
- helm:
- chart: codefresh
- repoUrl: http://chartmuseum.codefresh.io/codefresh
- version: 1.4.x
-```
-
-* `.Values.kubernetes` is deprecated. Remove it from `config.yaml`
-
-*1.4.x `config.yaml`*
-```yaml
-kubernetes:
- namespace: codefresh
- context: context-name
-```
-
-* `.Values.tls` (`.Values.webTLS`) is moved under `.Values.ingress.tls`. Remove `.Values.tls` from `config.yaml` afterwards.
-
- See full [values.yaml](./values.yaml#L92).
-
-*1.4.x `config.yaml`*
-```yaml
-tls:
- selfSigned: false
- cert: certs/certificate.crt
- key: certs/private.key
-```
-
-*2.0.0 `config.yaml`*
-```yaml
-# -- Ingress
-ingress:
- # -- Enable the Ingress
- enabled: true
- # -- Set the ingressClass that is used for the ingress.
- ingressClassName: nginx-codefresh
- tls:
- # -- Enable TLS
- enabled: true
- # -- Default secret name to be created with provided `cert` and `key` below
- secretName: "star.codefresh.io"
- # -- Certificate (base64 encoded)
- cert: "LS0tLS1CRUdJTiBDRVJ...."
- # -- Private key (base64 encoded)
- key: "LS0tLS1CRUdJTiBSU0E..."
- # -- Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`)
- existingSecret: ""
-```
-
-* `.Values.images` is deprecated. Remove `.Values.images` from `config.yaml`.
-
- - `.Values.images.codefreshRegistrySa` is changed to `.Values.imageCredentials`
-
- - `.Values.privateRegistry.address` is changed to `.Values.global.imageRegistry` (no trailing slash `/` at the end)
-
- See full `values.yaml` [here](./values.yaml#L2) and [here](./values.yaml#L143).
-
-*1.4.x `config.yaml`*
-```yaml
-images:
- codefreshRegistrySa: sa.json
- usePrivateRegistry: true
- privateRegistry:
- address: myprivateregistry.domain
- username: username
- password: password
-```
-
-*2.0.0 `config.yaml`*
-```yaml
-# -- Credentials for Image Pull Secret object
-imageCredentials: {}
-# Pass sa.json (as a single line). Obtain GCR Service Account JSON (sa.json) at support@codefresh.io
-# E.g.:
-# imageCredentials:
-# registry: gcr.io
-# username: _json_key
-# password: '{ "type": "service_account", "project_id": "codefresh-enterprise", "private_key_id": ... }'
-```
-
-*2.0.0 `config.yaml`*
-```yaml
-global:
- # -- Global Docker image registry
- imageRegistry: "myprivateregistry.domain"
-```
-
-* `.Values.dbinfra` is deprecated. Remove it from `config.yaml`
-
-*1.4.x `config.yaml`*
-```yaml
-dbinfra:
- enabled: false
-```
-
-* `.Values.firebaseUrl` and `.Values.firebaseSecret` is moved under `.Values.global`
-
-*1.4.x `config.yaml`*
-```yaml
-firebaseUrl:
-firebaseSecret:
-newrelicLicenseKey:
-```
-
-*2.0.0 `config.yaml`*
-```yaml
-global:
- # -- Firebase URL for logs streaming.
- firebaseUrl: ""
- # -- Firebase Secret.
- firebaseSecret: ""
- # -- New Relic Key
- newrelicLicenseKey: ""
-```
-
-* `.Values.global.certsJobs` and `.Values.global.seedJobs` is deprecated. Use `.Values.seed.mongoSeedJob` and `.Values.seed.postgresSeedJob`.
-
- See full [values.yaml](./values.yaml#L42).
-
-*1.4.x `config.yaml`*
-```yaml
-global:
- certsJobs: true
- seedJobs: true
-```
-
-*2.0.0 `config.yaml`*
-```yaml
-seed:
- # -- Enable all seed jobs
- enabled: true
- # -- Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases.
- # @default -- See below
- mongoSeedJob:
- enabled: true
- # -- Postgres Seed Job. Required at first install. Creates required user and databases.
- # @default -- See below
- postgresSeedJob:
- enabled: true
-```
-
-#### ⚠️ Migration to [Library Charts](https://helm.sh/docs/topics/library_charts/)
-
-All Codefresh subchart templates (i.e. `cfapi`, `cfui`, `pipeline-manager`, `context-manager`, etc) have been migrated to use Helm [library charts](https://helm.sh/docs/topics/library_charts/).
-That allows unifying the values structure across all Codefresh-owned charts. However, there are some **immutable** fields in the old charts which cannot be upgraded during a regular `helm upgrade`, and require additional manual actions.
-
-Run the following commands before appying the upgrade.
-
-* Delete `cf-runner` and `cf-builder` stateful sets.
-
-```console
-kubectl delete sts cf-runner --namespace $NAMESPACE
-kubectl delete sts cf-builder --namespace $NAMESPACE
-```
-
-* Delete all jobs
-
-```console
-kubectl delete job --namespace $NAMESPACE -l release=cf
-```
-
-* In `values.yaml`/`config.yaml` remove `.Values.nomios.ingress` section if you have it
-
-```yaml
-nomios:
- # Remove ingress section
- ingress:
- ...
-```
-
-### To 2.0.12
-
-#### ⚠️ Legacy ChartMuseum subchart deprecation
-
-Due to deprecation of legacy ChartMuseum subchart in favor of upstream [chartmuseum](https://github.com/chartmuseum/charts/tree/main/src/chartmuseum), you need to remove the old deployment before the upgrade due to **immutable** `matchLabels` field change in the deployment spec.
-
-```console
-kubectl delete deploy cf-chartmuseum --namespace $NAMESPACE
-```
-
-#### ⚠️ Affected values
-
-- If you have `.persistence.enabled=true` defined and NOT `.persistence.existingClaim` like:
-
-```yaml
-helm-repo-manager:
- chartmuseum:
- persistence:
- enabled: true
-```
-then you **have to backup** the content of old PVC (mounted as `/storage` in the old deployment) **before the upgrade**!
-
-```shell
-POD_NAME=$(kubectl get pod -l app=chartmuseum -n $NAMESPACE --no-headers -o custom-columns=":metadata.name")
-kubectl cp -n $NAMESPACE $POD_NAME:/storage $(pwd)/storage
-```
-
-**After the upgrade**, restore the content into new deployment:
-```shell
-POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=chartmuseum -n $NAMESPACE --no-headers -o custom-columns=":metadata.name")
-kubectl cp -n $NAMESPACE $(pwd)/storage $POD_NAME:/storage
-```
-
-- If you have `.persistence.existingClaim` defined, you can keep it as is:
-```yaml
-helm-repo-manager:
- chartmuseum:
- existingClaim: my-claim-name
-```
-
-- If you have `.Values.global.imageRegistry` specified, it **won't be** applied for the new chartmuseum subchart. Add image registry explicitly for the subchart as follows
-
-```yaml
-global:
- imageRegistry: myregistry.domain.com
-
-helm-repo-manager:
- chartmuseum:
- image:
- repository: myregistry.domain.com/codefresh/chartmuseum
-```
-
-### To 2-0-17
-
-#### ⚠️ Affected values
-
-Values structure for argo-platform images has been changed.
-Added `registry` to align with the rest of the services.
-
-> values for <= v2.0.16
-```yaml
-argo-platform:
- api-graphql:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-api-graphql
- abac:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-abac
- analytics-reporter:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-analytics-reporter
- api-events:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-api-events
- audit:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-audit
- cron-executor:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-cron-executor
- event-handler:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-event-handler
- ui:
- image:
- repository: gcr.io/codefresh-enterprise/codefresh-io/argo-platform-ui
-```
-
-> values for >= v2.0.17
-
-```yaml
-argo-platform:
- api-graphql:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-api-graphql
- abac:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-abac
- analytics-reporter:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-analytics-reporter
- api-events:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-api-events
- audit:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-audit
- cron-executor:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-cron-executor
- event-handler:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-event-handler
- ui:
- image:
- registry: gcr.io/codefresh-enterprise
- repository: codefresh-io/argo-platform-ui
-```
-
-### To 2-1-0
-
-### [What's new in 2.1.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-21)
-
-#### Affected values:
-
-- [Legacy ChartMuseum subchart deprecation](#to-2-0-12)
-- [Argo-Platform images values structure change](#to-2-0-17)
-- **Changed** default ingress paths. All paths point to `internal-gateway` now. **Remove any overrides at `.Values.ingress.services`!** (updated example for ALB)
-- **Deprecated** `global.mongoURI`. **Supported for backward compatibility!**
-- **Added** `global.mongodbProtocol` / `global.mongodbUser` / `global.mongodbPassword` / `global.mongodbHost` / `global.mongodbOptions`
-- **Added** `global.mongodbUserSecretKeyRef` / `global.mongodbPasswordSecretKeyRef` / `global.mongodbHostSecretKeyRef`
-- **Added** `seed.mongoSeedJob.mongodbRootUserSecretKeyRef` / `seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef`
-- **Added** `seed.postgresSeedJob.postgresUserSecretKeyRef` / `seed.postgresSeedJob.postgresPasswordSecretKeyRef`
-- **Added** `global.firebaseUrlSecretKeyRef` / `global.firebaseSecretSecretKeyRef`
-- **Added** `global.postgresUserSecretKeyRef` / `global.postgresPasswordSecretKeyRef` / `global.postgresHostnameSecretKeyRef`
-- **Added** `global.rabbitmqUsernameSecretKeyRef` / `global.rabbitmqPasswordSecretKeyRef` / `global.rabbitmqHostnameSecretKeyRef`
-- **Added** `global.redisPasswordSecretKeyRef` / `global.redisUrlSecretKeyRef`
-
-- **Removed** `global.runtimeMongoURI` (defaults to `global.mongoURI` or `global.mongodbHost`/`global.mongodbHostSecretKeyRef`/etc like values)
-- **Removed** `global.runtimeMongoDb` (defaults to `global.mongodbDatabase`)
-- **Removed** `global.runtimeRedisHost` (defaults to `global.redisUrl`/`global.redisUrlSecretKeyRef` or `global.redisService`)
-- **Removed** `global.runtimeRedisPort` (defaults to `global.redisPort`)
-- **Removed** `global.runtimeRedisPassword` (defaults to `global.redisPassword`/`global.redisPasswordSecretKeyRef`)
-- **Removed** `global.runtimeRedisDb` (defaults to values below)
-
-```yaml
-cfapi:
- env:
- RUNTIME_REDIS_DB: 0
-
-cf-broadcaster:
- env:
- REDIS_DB: 0
-```
-
-### To 2-1-7
-
-⚠️⚠️⚠️
-> Since version 2.1.7 chart is pushed **only** to OCI registry at `oci://quay.io/codefresh/codefresh`
-
-> Versions prior to 2.1.7 are still available in ChartMuseum at `http://chartmuseum.codefresh.io/codefresh`
-
-### To 2-2-0
-
-### [What's new in 2.2.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-22)
-
-#### MongoDB 5.x
-
-Codefresh On-Prem 2.2.x uses MongoDB 5.x (4.x is still supported). If you run external MongoDB, it is **highly** recommended to upgrade it to 5.x after upgrading Codefresh On-Prem to 2.2.x.
-
-#### Redis HA
-
-> If you run external Redis, this is not applicable to you.
-
-Codefresh On-Prem 2.2.x adds (not replaces!) an **optional** Redis-HA (master/slave configuration with Sentinel sidecars for failover management) instead of a single Redis instance.
-To enable it, see the following values:
-
-```yaml
-global:
- redisUrl: cf-redis-ha-haproxy # Replace `cf` with your Helm release name
-
-# -- Disable standalone Redis instance
-redis:
- enabled: false
-
-# -- Enable Redis HA
-redis-ha:
- enabled: true
-```
-
-### To 2-3-0
-
-### [What's new in 2.3.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-23)
-
-⚠️ This major release changes default registry for Codefresh **private** images from GCR (`gcr.io`) to GAR (`us-docker.pkg.dev`)
-
-Update `.Values.imageCredentials.registry` to `us-docker.pkg.dev` if it's explicitly set to `gcr.io` in your values file.
-
-Default `.Values.imageCredentials` for Onprem **v2.2.x and below**
-```yaml
-imageCredentials:
- registry: gcr.io
- username: _json_key
- password:
-```
-
-Default `.Values.imageCredentials` for Onprem **v2.3.x and above**
-```yaml
-imageCredentials:
- registry: us-docker.pkg.dev
- username: _json_key
- password:
-```
-
-## Rollback
-
-Use `helm history` to determine which release has worked, then use `helm rollback` to perform a rollback
-
-> When rollback from 2.x prune these resources due to immutabled fields changes
-
-```console
-kubectl delete sts cf-runner --namespace $NAMESPACE
-kubectl delete sts cf-builder --namespace $NAMESPACE
-kubectl delete deploy cf-chartmuseum --namespace $NAMESPACE
-kubectl delete job --namespace $NAMESPACE -l release=$RELEASE_NAME
-```
-
-```console
-helm rollback $RELEASE_NAME $RELEASE_NUMBER \
- --namespace $NAMESPACE \
- --debug \
- --wait
-```
-
-### To 2-4-0
-
-### [What's new in 2.4.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-24)
-
-#### New cfapi-auth role
-
-New `cfapi-auth` role is introduced in 2.4.x.
-
-If you run onprem with [multi-role cfapi configuration](#configuration-with-multi-role-cf-api), make sure to **enable** `cfapi-auth` role:
-
-```yaml
-cfapi-auth:
- <<: *cf-api
- enabled: true
-```
-
-#### Default SYSTEM_TYPE for acccounts
-
-Since 2.4.x, `SYSTEM_TYPE` is changed to `PROJECT_ONE` by default.
-
-If you want to preserve original `CLASSIC` values, update cfapi environment variables:
-
-```yaml
-cfapi:
- container:
- env:
- DEFAULT_SYSTEM_TYPE: CLASSIC
-```
-
-### To 2-5-0
-
-### [What's new in 2.5.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-25)
-
-### To 2-6-0
-
-### [What's new in 2.6.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-26)
-
-#### Affected values
-
-[Image digests in containers](#image-digests-in-containers)
-
-#### Auto-index creation in MongoDB
-
-[Auto-index creation in MongoDB](#auto-index-creation-in-mongodb)
-
-### To 2-7-0
-
-### [What's new in 2.7.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-27)
-
-#### Affected values
-
-- Added option to provide global `tolerations`/`nodeSelector`/`affinity` for all Codefresh subcharts
-> **Note!** These global settings will not be applied to Bitnami subcharts (e.g. `mongodb`, `redis`, `rabbitmq`, `postgres`. etc)
-
-```yaml
-global:
- tolerations:
- - key: "key"
- operator: "Equal"
- value: "value"
- effect: "NoSchedule"
-
- nodeSelector:
- key: "value"
-
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "key"
- operator: "In"
- values:
- - "value"
-```
-
-### To 2-8-0
-
-### [What's new in 2.8.x](https://codefresh.io/docs/docs/whats-new/on-prem-release-notes/#on-premises-version-28)
-
-### ⚠️ ⚠️ ⚠️ Breaking changes. Read before upgrading!
-
-### MongoDB update
-
-Default MongoDB image is changed from 6.x to 7.x.
-
-If you run external MongoDB (i.e. [Atlas](https://cloud.mongodb.com)), it is **required** to upgrade it to 7.x after upgrading Codefresh On-Prem to 2.8.x.
-
-For backward compatibility (in case you need to rollback to 6.x), you can set [`featureCompatibilityVersion`](https://www.mongodb.com/docs/v6.0/reference/command/setFeatureCompatibilityVersion/) to `6.0` in your values file.
-
-```yaml
-mongodb:
- migration:
- enabled: true
- featureCompatibilityVersion: "6.0"
-```
-
-### PostgreSQL update
-
-Default PostgreSQL image is changed from 13.x to 17.x
-
-If you run external PostgreSQL, follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x.
-
-⚠️ ⚠️ ⚠️ If you run built-in PostgreSQL `bitnami/postgresql` subchart, direct upgrade is not supported. You need to backup your data, delete the old PostgreSQL StatefulSet with PVCs and restore the data into a new PostgreSQL StatefulSet.
-
-```console
-PGUSER=postgres
-PGHOST=cf-postgresql
-PGPORT=5432
-PGPASSWORD=postgres
-BACKUP_DIR=/tmp/pg_backup
-BACKUP_SQL=backup.sql
-TIMESTAMP=$(date +%Y%m%d%H%M%S)
-NAMESPACE=codefresh
-
-# Backup PostgreSQL data
-pg_dumpall --verbose > "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" 2>> "$LOG_FILE"
-
-# Delete old PostgreSQL StatefulSet
-STS_NAME=$(kubectl get sts -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}')
-PVC_NAME=$(kubectl get pvc -n $NAMESPACE -l app.kubernetes.io/instance=$RELEASE_NAME -l app.kubernetes.io/name=postgresql -o jsonpath='{.items[0].metadata.name}')
-
-kubectl delete sts $STS_NAME -n $NAMESPACE
-kubectl delete pvc $PVC_NAME -n $NAMESPACE
-
-# Perform Codefresh On-Prem upgrade to 2.8.x
-
-# Restore PostgreSQL data
-psql -U -f "$BACKUP_DIR/$BACKUP_SQL.$TIMESTAMP" >> "$LOG_FILE" 2>&1
-```
-
-### RabbitMQ update
-
-Default RabbitMQ image is changed from 3.x to 4.x
-
-#### Affected values
-
-- Added option to provide `.Values.global.tolerations`/`.Values.global.nodeSelector`/`.Values.global.affinity` for all Codefresh subcharts
-
-- Changed default location for public images from `quay.io/codefresh` to `us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh`
-
-- `.Values.hooks` was splitted into `.Values.hooks.mongodb` and `.Values.hooks.consul`
-
-## Troubleshooting
-
-### Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired
-
-Builds are stuck in pending with `Error: Failed to validate connection to Docker daemon; caused by Error: certificate has expired`
-
-**Reason:** Runtime certificates have expiried.
-
-To check if runtime internal CA expired:
-
-```console
-kubectl -n $NAMESPACE get secret/cf-codefresh-certs-client -o jsonpath="{.data['ca\.pem']}" | base64 -d | openssl x509 -enddate -noout
-```
-
-**Resolution:** Replace internal CA and re-issue dind certs for runtime
-
-- Delete k8s secret with expired certificate
-```console
-kubectl -n $NAMESPACE delete secret cf-codefresh-certs-client
-```
-
-- Set `.Values.global.gencerts.enabled=true` (`.Values.global.certsJob=true` for onprem < 2.x version)
-
-```yaml
-# -- Job to generate internal runtime secrets.
-# @default -- See below
-gencerts:
- enabled: true
-```
-
-- Upgrade Codefresh On-Prem Helm release. It will recreate `cf-codefresh-certs-client` secret
-```console
-helm upgrade --install cf codefresh/codefresh \
- -f cf-values.yaml \
- --namespace codefresh \
- --create-namespace \
- --debug \
- --wait \
- --timeout 15m
-```
-
-- Restart `cfapi` and `cfsign` deployments
-
-```console
-kubectl -n $NAMESPACE rollout restart deployment/cf-cfapi
-kubectl -n $NAMESPACE rollout restart deployment/cf-cfsign
-```
-
-**Case A:** Codefresh Runner installed with HELM chart ([charts/cf-runtime](https://github.com/codefresh-io/venona/tree/release-1.0/charts/cf-runtime))
-
-Re-apply the `cf-runtime` helm chart. Post-upgrade `gencerts-dind` helm hook will regenerate the dind certificates using a new CA.
-
-**Case B:** Codefresh Runner installed with legacy CLI ([codefresh runner init](https://codefresh-io.github.io/cli/runner/init/))
-
-Delete `codefresh-certs-server` k8s secret and run [./configure-dind-certs.sh](https://github.com/codefresh-io/venona/blob/release-1.0/charts/cf-runtime/files/configure-dind-certs.sh) in your runtime namespace.
-
-```console
-kubectl -n $NAMESPACE delete secret codefresh-certs-server
-./configure-dind-certs.sh -n $RUNTIME_NAMESPACE https://$CODEFRESH_HOST $CODEFRESH_API_TOKEN
-```
-
-### Consul Error: Refusing to rejoin cluster because the server has been offline for more than the configured server_rejoin_age_max
-
-After platform upgrade, Consul fails with the error `refusing to rejoin cluster because the server has been offline for more than the configured server_rejoin_age_max - consider wiping your data dir`. There is [known issue](https://github.com/hashicorp/consul/issues/20722) of **hashicorp/consul** behaviour. Try to wipe out or delete the consul PV with config data and restart Consul StatefulSet.
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| argo-hub-platform | object | See below | argo-hub-platform |
-| argo-platform | object | See below | argo-platform |
-| argo-platform.abac | object | See below | abac |
-| argo-platform.analytics-reporter | object | See below | analytics-reporter |
-| argo-platform.anchors | object | See below | Anchors |
-| argo-platform.api-events | object | See below | api-events |
-| argo-platform.api-graphql | object | See below | api-graphql All other services under `.Values.argo-platform` follows the same values structure. |
-| argo-platform.api-graphql.affinity | object | `{}` | Set pod's affinity |
-| argo-platform.api-graphql.env | object | See below | Env vars |
-| argo-platform.api-graphql.hpa | object | `{"enabled":false}` | HPA |
-| argo-platform.api-graphql.hpa.enabled | bool | `false` | Enable autoscaler |
-| argo-platform.api-graphql.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh-io/argo-platform-api-graphql"}` | Image |
-| argo-platform.api-graphql.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry |
-| argo-platform.api-graphql.image.repository | string | `"codefresh-io/argo-platform-api-graphql"` | Repository |
-| argo-platform.api-graphql.kind | string | `"Deployment"` | Controller kind. Currently, only `Deployment` is supported |
-| argo-platform.api-graphql.pdb | object | `{"enabled":false}` | PDB |
-| argo-platform.api-graphql.pdb.enabled | bool | `false` | Enable pod disruption budget |
-| argo-platform.api-graphql.podAnnotations | object | `{"checksum/secret":"{{ include (print $.Template.BasePath \"/api-graphql/secret.yaml\") . | sha256sum }}"}` | Set pod's annotations |
-| argo-platform.api-graphql.resources | object | See below | Resource limits and requests |
-| argo-platform.api-graphql.secrets | object | See below | Secrets |
-| argo-platform.api-graphql.tolerations | list | `[]` | Set pod's tolerations |
-| argo-platform.argocd-hooks | object | See below | argocd-hooks Don't enable! Not used in onprem! |
-| argo-platform.audit | object | See below | audit |
-| argo-platform.broadcaster | object | See below | broadcaster |
-| argo-platform.cron-executor | object | See below | cron-executor |
-| argo-platform.event-handler | object | See below | event-handler |
-| argo-platform.promotion-orchestrator | object | See below | promotion-orchestrator |
-| argo-platform.runtime-manager | object | See below | runtime-manager Don't enable! Not used in onprem! |
-| argo-platform.runtime-monitor | object | See below | runtime-monitor Don't enable! Not used in onprem! |
-| argo-platform.ui | object | See below | ui |
-| argo-platform.useExternalSecret | bool | `false` | Use regular k8s secret object. Keep `false`! |
-| builder | object | `{"affinity":{},"container":{"image":{"registry":"docker.io","repository":"library/docker","tag":"28.0-dind"}},"enabled":true,"imagePullSecrets":[],"initContainers":{"register":{"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/curl","tag":"8.11.1"}}},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | builder |
-| cf-broadcaster | object | See below | broadcaster |
-| cf-oidc-provider | object | See below | cf-oidc-provider |
-| cf-platform-analytics-etlstarter | object | See below | etl-starter |
-| cf-platform-analytics-etlstarter.redis.enabled | bool | `false` | Disable redis subchart |
-| cf-platform-analytics-etlstarter.system-etl-postgres | object | `{"container":{"env":{"BLUE_GREEN_ENABLED":true}},"controller":{"cronjob":{"ttlSecondsAfterFinished":300}},"enabled":true}` | Only postgres ETL should be running in onprem |
-| cf-platform-analytics-platform | object | See below | platform-analytics |
-| cfapi | object | `{"affinity":{},"container":{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}},"controller":{"replicas":2},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}},"secrets":{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}},"tolerations":[]}` | cf-api |
-| cfapi-internal.<<.affinity | object | `{}` | Affinity configuration |
-| cfapi-internal.<<.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration |
-| cfapi-internal.<<.container.env | object | See below | Env vars |
-| cfapi-internal.<<.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image |
-| cfapi-internal.<<.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix |
-| cfapi-internal.<<.container.image.repository | string | `"codefresh/cf-api"` | Repository |
-| cfapi-internal.<<.controller | object | `{"replicas":2}` | Controller configuration |
-| cfapi-internal.<<.controller.replicas | int | `2` | Replicas number |
-| cfapi-internal.<<.enabled | bool | `true` | Enable cf-api |
-| cfapi-internal.<<.hpa | object | `{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70}` | Autoscaler configuration |
-| cfapi-internal.<<.hpa.enabled | bool | `false` | Enable HPA |
-| cfapi-internal.<<.hpa.maxReplicas | int | `10` | Maximum number of replicas |
-| cfapi-internal.<<.hpa.minReplicas | int | `2` | Minimum number of replicas |
-| cfapi-internal.<<.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage |
-| cfapi-internal.<<.imagePullSecrets | list | `[]` | Image pull secrets |
-| cfapi-internal.<<.nodeSelector | object | `{}` | Node selector configuration |
-| cfapi-internal.<<.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration |
-| cfapi-internal.<<.pdb.enabled | bool | `false` | Enable PDB |
-| cfapi-internal.<<.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage |
-| cfapi-internal.<<.podSecurityContext | object | `{}` | Pod security context configuration |
-| cfapi-internal.<<.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits |
-| cfapi-internal.<<.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration |
-| cfapi-internal.<<.tolerations | list | `[]` | Tolerations configuration |
-| cfapi-internal.enabled | bool | `false` | |
-| cfapi.affinity | object | `{}` | Affinity configuration |
-| cfapi.container | object | `{"env":{"AUDIT_AUTO_CREATE_DB":true,"DEFAULT_SYSTEM_TYPE":"PROJECT_ONE","GITHUB_API_PATH_PREFIX":"/api/v3","LOGGER_LEVEL":"debug","OIDC_PROVIDER_PORT":"{{ .Values.global.oidcProviderPort }}","OIDC_PROVIDER_PROTOCOL":"{{ .Values.global.oidcProviderProtocol }}","OIDC_PROVIDER_TOKEN_ENDPOINT":"{{ .Values.global.oidcProviderTokenEndpoint }}","OIDC_PROVIDER_URI":"{{ .Values.global.oidcProviderService }}","ON_PREMISE":true,"RUNTIME_MONGO_DB":"codefresh","RUNTIME_REDIS_DB":0},"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}}` | Container configuration |
-| cfapi.container.env | object | See below | Env vars |
-| cfapi.container.image | object | `{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/cf-api"}` | Image |
-| cfapi.container.image.registry | string | `"us-docker.pkg.dev/codefresh-enterprise/gcr.io"` | Registry prefix |
-| cfapi.container.image.repository | string | `"codefresh/cf-api"` | Repository |
-| cfapi.controller | object | `{"replicas":2}` | Controller configuration |
-| cfapi.controller.replicas | int | `2` | Replicas number |
-| cfapi.enabled | bool | `true` | Enable cf-api |
-| cfapi.hpa | object | `{"enabled":false,"maxReplicas":10,"minReplicas":2,"targetCPUUtilizationPercentage":70}` | Autoscaler configuration |
-| cfapi.hpa.enabled | bool | `false` | Enable HPA |
-| cfapi.hpa.maxReplicas | int | `10` | Maximum number of replicas |
-| cfapi.hpa.minReplicas | int | `2` | Minimum number of replicas |
-| cfapi.hpa.targetCPUUtilizationPercentage | int | `70` | Average CPU utilization percentage |
-| cfapi.imagePullSecrets | list | `[]` | Image pull secrets |
-| cfapi.nodeSelector | object | `{}` | Node selector configuration |
-| cfapi.pdb | object | `{"enabled":false,"minAvailable":"50%"}` | Pod disruption budget configuration |
-| cfapi.pdb.enabled | bool | `false` | Enable PDB |
-| cfapi.pdb.minAvailable | string | `"50%"` | Minimum number of replicas in percentage |
-| cfapi.podSecurityContext | object | `{}` | Pod security context configuration |
-| cfapi.resources | object | `{"limits":{},"requests":{"cpu":"200m","memory":"256Mi"}}` | Resource requests and limits |
-| cfapi.secrets | object | `{"secret":{"enabled":true,"stringData":{"OIDC_PROVIDER_CLIENT_ID":"{{ .Values.global.oidcProviderClientId }}","OIDC_PROVIDER_CLIENT_SECRET":"{{ .Values.global.oidcProviderClientSecret }}"},"type":"Opaque"}}` | Secrets configuration |
-| cfapi.tolerations | list | `[]` | Tolerations configuration |
-| cfsign | object | See below | tls-sign |
-| cfui | object | See below | cf-ui |
-| charts-manager | object | See below | charts-manager |
-| ci.enabled | bool | `false` | |
-| cluster-providers | object | See below | cluster-providers |
-| consul | object | See below | consul Ref: https://github.com/bitnami/charts/blob/main/bitnami/consul/values.yaml |
-| context-manager | object | See below | context-manager |
-| cronus | object | See below | cronus |
-| developmentChart | bool | `false` | |
-| dockerconfigjson | object | `{}` | DEPRECATED - Use `.imageCredentials` instead dockerconfig (for `kcfi` tool backward compatibility) for Image Pull Secret. Obtain GCR Service Account JSON (sa.json) at support@codefresh.io ```shell GCR_SA_KEY_B64=$(cat sa.json | base64) DOCKER_CFG_VAR=$(echo -n "_json_key:$(echo ${GCR_SA_KEY_B64} | base64 -d)" | base64 | tr -d '\n') ``` E.g.: dockerconfigjson: auths: gcr.io: auth: |
-| gencerts | object | See below | Job to generate internal runtime secrets. Required at first install. |
-| gitops-dashboard-manager | object | See below | gitops-dashboard-manager |
-| global | object | See below | Global parameters |
-| global.affinity | object | `{}` | Global affinity constraints Apply affinity to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
-| global.appProtocol | string | `"https"` | Application protocol. |
-| global.appUrl | string | `"onprem.codefresh.local"` | Application root url. Will be used in Ingress objects as hostname |
-| global.broadcasterPort | int | `80` | Default broadcaster service port. |
-| global.broadcasterService | string | `"cf-broadcaster"` | Default broadcaster service name. |
-| global.builderService | string | `"builder"` | Default builder service name. |
-| global.cfapiEndpointsService | string | `"cfapi"` | Default API endpoints service name |
-| global.cfapiInternalPort | int | `3000` | Default API service port. |
-| global.cfapiService | string | `"cfapi"` | Default API service name. |
-| global.cfk8smonitorService | string | `"k8s-monitor"` | Default k8s-monitor service name. |
-| global.chartsManagerPort | int | `9000` | Default chart-manager service port. |
-| global.chartsManagerService | string | `"charts-manager"` | Default charts-manager service name. |
-| global.clusterProvidersPort | int | `9000` | Default cluster-providers service port. |
-| global.clusterProvidersService | string | `"cluster-providers"` | Default cluster-providers service name. |
-| global.codefresh | string | `"codefresh"` | LEGACY - Keep as is! Used for subcharts to access external secrets and configmaps. |
-| global.consulHttpPort | int | `8500` | Default Consul service port. |
-| global.consulService | string | `"consul-headless"` | Default Consul service name. |
-| global.contextManagerPort | int | `9000` | Default context-manager service port. |
-| global.contextManagerService | string | `"context-manager"` | Default context-manager service name. |
-| global.dnsService | string | `"kube-dns"` | Definitions for internal-gateway nginx resolver |
-| global.env | object | `{}` | Global Env vars |
-| global.firebaseSecret | string | `""` | Firebase Secret in plain text |
-| global.firebaseSecretSecretKeyRef | object | `{}` | Firebase Secret from existing secret |
-| global.firebaseUrl | string | `"https://codefresh-on-prem.firebaseio.com/on-prem"` | Firebase URL for logs streaming in plain text |
-| global.firebaseUrlSecretKeyRef | object | `{}` | Firebase URL for logs streaming from existing secret |
-| global.gitopsDashboardManagerDatabase | string | `"pipeline-manager"` | Default gitops-dashboarad-manager db collection. |
-| global.gitopsDashboardManagerPort | int | `9000` | Default gitops-dashboarad-manager service port. |
-| global.gitopsDashboardManagerService | string | `"gitops-dashboard-manager"` | Default gitops-dashboarad-manager service name. |
-| global.helmRepoManagerService | string | `"helm-repo-manager"` | Default helm-repo-manager service name. |
-| global.hermesService | string | `"hermes"` | Default hermes service name. |
-| global.imagePullSecrets | list | `["codefresh-registry"]` | Global Docker registry secret names as array |
-| global.imageRegistry | string | `""` | Global Docker image registry |
-| global.kubeIntegrationPort | int | `9000` | Default kube-integration service port. |
-| global.kubeIntegrationService | string | `"kube-integration"` | Default kube-integration service name. |
-| global.mongoURI | string | `""` | LEGACY (but still supported) - Use `.global.mongodbProtocol` + `.global.mongodbUser/mongodbUserSecretKeyRef` + `.global.mongodbPassword/mongodbPasswordSecretKeyRef` + `.global.mongodbHost/mongodbHostSecretKeyRef` + `.global.mongodbOptions` instead Default MongoDB URI. Will be used by ALL services to communicate with MongoDB. Ref: https://www.mongodb.com/docs/manual/reference/connection-string/ Note! `defaultauthdb` is omitted on purpose (i.e. mongodb://.../[defaultauthdb]). |
-| global.mongodbDatabase | string | `"codefresh"` | Default MongoDB database name. Don't change! |
-| global.mongodbHost | string | `"cf-mongodb"` | Set mongodb host in plain text |
-| global.mongodbHostSecretKeyRef | object | `{}` | Set mongodb host from existing secret |
-| global.mongodbOptions | string | `"retryWrites=true"` | Set mongodb connection string options Ref: https://www.mongodb.com/docs/manual/reference/connection-string/#connection-string-options |
-| global.mongodbPassword | string | `"mTiXcU2wafr9"` | Set mongodb password in plain text |
-| global.mongodbPasswordSecretKeyRef | object | `{}` | Set mongodb password from existing secret |
-| global.mongodbProtocol | string | `"mongodb"` | Set mongodb protocol (`mongodb` / `mongodb+srv`) |
-| global.mongodbRootUser | string | `""` | DEPRECATED Use `.Values.seed.mongoSeedJob` instead. |
-| global.mongodbUser | string | `"cfuser"` | Set mongodb user in plain text |
-| global.mongodbUserSecretKeyRef | object | `{}` | Set mongodb user from existing secret |
-| global.natsPort | int | `4222` | Default nats service port. |
-| global.natsService | string | `"nats"` | Default nats service name. |
-| global.newrelicLicenseKey | string | `""` | New Relic Key |
-| global.nodeSelector | object | `{}` | Global nodeSelector constraints Apply nodeSelector to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
-| global.oidcProviderClientId | string | `nil` | Default OIDC Provider service client ID in plain text. |
-| global.oidcProviderClientSecret | string | `nil` | Default OIDC Provider service client secret in plain text. |
-| global.oidcProviderPort | int | `443` | Default OIDC Provider service port. |
-| global.oidcProviderProtocol | string | `"https"` | Default OIDC Provider service protocol. |
-| global.oidcProviderService | string | `""` | Default OIDC Provider service name (Provider URL). |
-| global.oidcProviderTokenEndpoint | string | `"/token"` | Default OIDC Provider service token endpoint. |
-| global.pipelineManagerPort | int | `9000` | Default pipeline-manager service port. |
-| global.pipelineManagerService | string | `"pipeline-manager"` | Default pipeline-manager service name. |
-| global.platformAnalyticsPort | int | `80` | Default platform-analytics service port. |
-| global.platformAnalyticsService | string | `"platform-analytics"` | Default platform-analytics service name. |
-| global.postgresDatabase | string | `"codefresh"` | Set postgres database name |
-| global.postgresHostname | string | `""` | Set postgres service address in plain text. Takes precedence over `global.postgresService`! |
-| global.postgresHostnameSecretKeyRef | object | `{}` | Set postgres service from existing secret |
-| global.postgresPassword | string | `"eC9arYka4ZbH"` | Set postgres password in plain text |
-| global.postgresPasswordSecretKeyRef | object | `{}` | Set postgres password from existing secret |
-| global.postgresPort | int | `5432` | Set postgres port number |
-| global.postgresService | string | `"postgresql"` | Default internal postgresql service address from bitnami/postgresql subchart |
-| global.postgresUser | string | `"postgres"` | Set postgres user in plain text |
-| global.postgresUserSecretKeyRef | object | `{}` | Set postgres user from existing secret |
-| global.rabbitService | string | `"rabbitmq:5672"` | Default internal rabbitmq service address from bitnami/rabbitmq subchart. |
-| global.rabbitmqHostname | string | `""` | Set rabbitmq service address in plain text. Takes precedence over `global.rabbitService`! |
-| global.rabbitmqHostnameSecretKeyRef | object | `{}` | Set rabbitmq service address from existing secret. |
-| global.rabbitmqPassword | string | `"cVz9ZdJKYm7u"` | Set rabbitmq password in plain text |
-| global.rabbitmqPasswordSecretKeyRef | object | `{}` | Set rabbitmq password from existing secret |
-| global.rabbitmqProtocol | string | `"amqp"` | Set rabbitmq protocol (`amqp/amqps`) |
-| global.rabbitmqUsername | string | `"user"` | Set rabbitmq username in plain text |
-| global.rabbitmqUsernameSecretKeyRef | object | `{}` | Set rabbitmq username from existing secret |
-| global.redisPassword | string | `"hoC9szf7NtrU"` | Set redis password in plain text |
-| global.redisPasswordSecretKeyRef | object | `{}` | Set redis password from existing secret |
-| global.redisPort | int | `6379` | Set redis service port |
-| global.redisService | string | `"redis-master"` | Default internal redis service address from bitnami/redis subchart |
-| global.redisUrl | string | `""` | Set redis hostname in plain text. Takes precedence over `global.redisService`! |
-| global.redisUrlSecretKeyRef | object | `{}` | Set redis hostname from existing secret. |
-| global.runnerService | string | `"runner"` | Default runner service name. |
-| global.runtimeEnvironmentManagerPort | int | `80` | Default runtime-environment-manager service port. |
-| global.runtimeEnvironmentManagerService | string | `"runtime-environment-manager"` | Default runtime-environment-manager service name. |
-| global.security | object | `{"allowInsecureImages":true}` | Bitnami |
-| global.storageClass | string | `""` | Global StorageClass for Persistent Volume(s) |
-| global.tlsSignPort | int | `4999` | Default tls-sign service port. |
-| global.tlsSignService | string | `"cfsign"` | Default tls-sign service name. |
-| global.tolerations | list | `[]` | Global tolerations constraints Apply toleratons to all Codefresh subcharts. Will not be applied on Bitnami subcharts. |
-| helm-repo-manager | object | See below | helm-repo-manager |
-| hermes | object | See below | hermes |
-| hooks | object | See below | Pre/post-upgrade Job hooks. |
-| hooks.consul | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/kubectl","tag":"1.33.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Recreates `consul-headless` service due to duplicated ports in Service during the upgrade. |
-| hooks.mongodb | object | `{"affinity":{},"enabled":true,"image":{"registry":"us-docker.pkg.dev/codefresh-inc/public-gcr-io","repository":"codefresh/mongosh","tag":"2.5.0"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[]}` | Updates images in `system/default` runtime. |
-| imageCredentials | object | `{}` | Credentials for Image Pull Secret object |
-| ingress | object | `{"annotations":{"nginx.ingress.kubernetes.io/service-upstream":"true","nginx.ingress.kubernetes.io/ssl-redirect":"false","nginx.org/redirect-to-https":"false"},"enabled":true,"ingressClassName":"nginx-codefresh","labels":{},"nameOverride":"","services":{"internal-gateway":["/"]},"tls":{"cert":"","enabled":false,"existingSecret":"","key":"","secretName":"star.codefresh.io"}}` | Ingress |
-| ingress-nginx | object | See below | ingress-nginx Ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml |
-| ingress.annotations | object | See below | Set annotations for ingress. |
-| ingress.enabled | bool | `true` | Enable the Ingress |
-| ingress.ingressClassName | string | `"nginx-codefresh"` | Set the ingressClass that is used for the ingress. Default `nginx-codefresh` is created from `ingress-nginx` controller subchart |
-| ingress.labels | object | `{}` | Set labels for ingress |
-| ingress.nameOverride | string | `""` | Override Ingress resource name |
-| ingress.services | object | See below | Default services and corresponding paths |
-| ingress.tls.cert | string | `""` | Certificate (base64 encoded) |
-| ingress.tls.enabled | bool | `false` | Enable TLS |
-| ingress.tls.existingSecret | string | `""` | Existing `kubernetes.io/tls` type secret with TLS certificates (keys: `tls.crt`, `tls.key`) |
-| ingress.tls.key | string | `""` | Private key (base64 encoded) |
-| ingress.tls.secretName | string | `"star.codefresh.io"` | Default secret name to be created with provided `cert` and `key` below |
-| internal-gateway | object | See below | internal-gateway |
-| k8s-monitor | object | See below | k8s-monitor |
-| kube-integration | object | See below | kube-integration |
-| mailer.enabled | bool | `false` | |
-| mongodb | object | See below | mongodb Ref: https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml |
-| nats | object | See below | nats Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml |
-| nomios | object | See below | nomios |
-| payments.enabled | bool | `false` | |
-| pipeline-manager | object | See below | pipeline-manager |
-| postgresql | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml |
-| postgresql-ha | object | See below | postgresql Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql-ha/values.yaml |
-| postgresqlCleanJob | object | See below | Maintenance postgresql clean job. Removes a certain number of the last records in the event store table. |
-| rabbitmq | object | See below | rabbitmq Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml |
-| redis | object | See below | redis Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml |
-| redis-ha | object | `{"auth":true,"enabled":false,"haproxy":{"enabled":true,"resources":{"requests":{"cpu":"100m","memory":"128Mi"}}},"persistentVolume":{"enabled":true,"size":"10Gi"},"redis":{"resources":{"requests":{"cpu":"100m","memory":"128Mi"}}},"redisPassword":"hoC9szf7NtrU"}` | redis-ha # Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml |
-| runner | object | See below | runner |
-| runtime-environment-manager | object | See below | runtime-environment-manager |
-| runtimeImages | object | See below | runtimeImages |
-| salesforce-reporter.enabled | bool | `false` | |
-| seed | object | See below | Seed jobs |
-| seed-e2e | object | `{"affinity":{},"backoffLimit":10,"enabled":false,"image":{"registry":"docker.io","repository":"mongo","tag":"latest"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"tolerations":[],"ttlSecondsAfterFinished":300}` | CI |
-| seed.enabled | bool | `true` | Enable all seed jobs |
-| seed.mongoSeedJob | object | See below | Mongo Seed Job. Required at first install. Seeds the required data (default idp/user/account), creates cfuser and required databases. |
-| seed.mongoSeedJob.mongodbRootPassword | string | `"XT9nmM8dZD"` | Root password in plain text (required ONLY for seed job!). |
-| seed.mongoSeedJob.mongodbRootPasswordSecretKeyRef | object | `{}` | Root password from existing secret |
-| seed.mongoSeedJob.mongodbRootUser | string | `"root"` | Root user in plain text (required ONLY for seed job!). |
-| seed.mongoSeedJob.mongodbRootUserSecretKeyRef | object | `{}` | Root user from existing secret |
-| seed.postgresSeedJob | object | See below | Postgres Seed Job. Required at first install. Creates required user and databases. |
-| seed.postgresSeedJob.postgresPassword | optional | `""` | Password for "postgres" admin user (required ONLY for seed job!) |
-| seed.postgresSeedJob.postgresPasswordSecretKeyRef | optional | `{}` | Password for "postgres" admin user from existing secret |
-| seed.postgresSeedJob.postgresUser | optional | `""` | "postgres" admin user in plain text (required ONLY for seed job!) Must be a privileged user allowed to create databases and grant roles. If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used. |
-| seed.postgresSeedJob.postgresUserSecretKeyRef | optional | `{}` | "postgres" admin user from exising secret |
-| segment-reporter.enabled | bool | `false` | |
-| tasker-kubernetes | object | `{"affinity":{},"container":{"image":{"registry":"us-docker.pkg.dev/codefresh-enterprise/gcr.io","repository":"codefresh/tasker-kubernetes"}},"enabled":true,"hpa":{"enabled":false},"imagePullSecrets":[],"nodeSelector":{},"pdb":{"enabled":false},"podSecurityContext":{},"resources":{"limits":{},"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | tasker-kubernetes |
-| webTLS | object | `{"cert":"","enabled":false,"key":"","secretName":"star.codefresh.io"}` | DEPRECATED - Use `.Values.ingress.tls` instead TLS secret for Ingress |
+For full Codefresh On-Prem Helm chart documentation please checkout [README.md](https://github.com/codefresh-io/codefresh-onprem-helm/blob/onprem-3.0/README.md)
diff --git a/charts/codefresh/files/mongoSeedJobScript.sh b/charts/codefresh/files/mongoSeedJobScript.sh
index 53947038f..6762bad5c 100644
--- a/charts/codefresh/files/mongoSeedJobScript.sh
+++ b/charts/codefresh/files/mongoSeedJobScript.sh
@@ -12,9 +12,12 @@ export MONGODB_ROOT_PASSWORD=...
COMMENT
-# set -eou pipefail
+if [[ -n $DEBUG ]]; then
+ set -o xtrace
+fi
ASSETS_PATH=${ASSETS_PATH:-/usr/share/extras/}
+MTLS_CERT_PATH=${MTLS_CERT_PATH:-/etc/ssl/mongodb/ca.pem}
MONGODB_DATABASES=(
"archive"
@@ -34,12 +37,12 @@ MONGODB_DATABASES=(
)
disableMongoTelemetry() {
- mongosh --nodb --eval "disableTelemetry()"
+ mongosh --nodb --eval "disableTelemetry()" || true
}
waitForMongoDB() {
while true; do
- status=$(mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand('ping')" 2>&1)
+ status=$(mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.adminCommand('ping')" 2>&1)
echo -e "MongoDB status:\n$status"
if $(echo $status | grep 'ok: 1' -q); then
@@ -56,12 +59,23 @@ parseMongoURI() {
local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi
local url="$(echo ${1/$proto/})"
local userpass="$(echo $url | grep @ | cut -d@ -f1)"
- local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')"
+ if [[ -z $userpass ]]; then
+ local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')"
+ MONGO_URI="$proto$hostport/${MONGODB_DATABASE}$parameters"
+ else
+ local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')"
+ MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)"
+ MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)"
+ MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters"
+ fi
+
+
+ if [[ -z $MONGODB_ROOT_OPTIONS ]]; then
+ MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters"
+ else
+ MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin?${MONGODB_ROOT_OPTIONS}"
+ fi
- MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)"
- MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)"
- MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters"
- MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters"
}
getMongoVersion() {
@@ -82,6 +96,14 @@ setPacks() {
parseMongoURI $MONGO_URI
+if [[ -s ${MTLS_CERT_PATH} ]]; then
+ MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile ${MTLS_CERT_PATH} --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates"
+ MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile ${MTLS_CERT_PATH} --sslAllowInvalidHostnames --sslAllowInvalidCertificates"
+else
+ MONGO_URI_EXTRA_PARAMS=""
+ MONGOIMPORT_EXTRA_PARAMS=""
+fi
+
disableMongoTelemetry
waitForMongoDB
@@ -90,20 +112,23 @@ getMongoVersion
for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do
waitForMongoDB
- mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true
+ mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true
waitForMongoDB
- mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
+ mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
+
+ # MongoDB Atlas
+ mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db = db.getSiblingDB(\"${MONGODB_DATABASE}\"); db[\"${MONGODB_DATABASE}\"].insertOne({ name: \"init\", value: true })" 2>&1 || true
done
-mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true
-mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true
-mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
+mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true
+mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true
+mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true
if [[ $DEVELOPMENT_CHART == "true" ]]; then
setSystemAdmin
setPacks
fi
-mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json
-mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json
-mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json
+mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json
+mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json
+mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json
diff --git a/charts/codefresh/templates/_helpers.tpl b/charts/codefresh/templates/_helpers.tpl
index b657b6742..05daf4aa0 100644
--- a/charts/codefresh/templates/_helpers.tpl
+++ b/charts/codefresh/templates/_helpers.tpl
@@ -55,7 +55,16 @@ Return runtime image (classic runtime) with private registry prefix
*/}}
{{- define "codefresh.buildImageName" -}}
{{- if .registry -}}
- {{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
+ {{- $imageName := .imageFullName -}}
+ {{- if hasPrefix "us-docker.pkg.dev/codefresh-inc/public-gcr-io/" $imageName }}
+ {{- $imageName = trimPrefix "us-docker.pkg.dev/codefresh-inc/public-gcr-io/" $imageName }}
+ {{- end }}
+ {{- if hasPrefix "quay.io/" $imageName }}
+ {{- $imageName = trimPrefix "quay.io/" $imageName }}
+ {{- end }}
+ {{- if hasPrefix "docker.io/" $imageName }}
+ {{- $imageName = trimPrefix "docker.io/" $imageName | replace "library" "codefresh" }}
+ {{- end }}
{{- printf "%s/%s" .registry $imageName -}}
{{- else -}}
{{- printf "%s" .imageFullName -}}
diff --git a/charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl b/charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl
index cf88a3a7f..d52b9ad55 100644
--- a/charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl
+++ b/charts/codefresh/templates/configmaps/runtimeEnvironments.json.tpl
@@ -29,7 +29,7 @@
"inCluster": true,
"namespace": "{{ .Release.Namespace }}"
},
- "image": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.ENGINE_IMAGE) }}",
+ "image": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.ENGINE_IMAGE) }}",
"command": [
"npm",
"run",
@@ -45,19 +45,19 @@
"RUNTIME_ADDITIONAL_INTERNAL_REGISTRIES_JSON": "/etc/admin/additional-internal-registries.json",
"LOGGER_LEVEL": "debug",
"NODE_ENV": "kubernetes",
- "DOCKER_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_PUSHER_IMAGE) }}",
- "DOCKER_PULLER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_PULLER_IMAGE) }}",
- "DOCKER_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_BUILDER_IMAGE) }}",
- "CONTAINER_LOGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.CONTAINER_LOGGER_IMAGE) }}",
- "GIT_CLONE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.GIT_CLONE_IMAGE) }}",
- "DOCKER_TAG_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) }}",
- "FS_OPS_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.FS_OPS_IMAGE) }}",
- "COMPOSE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.COMPOSE_IMAGE) }}",
- "KUBE_DEPLOY": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.KUBE_DEPLOY) }}",
- "TEMPLATE_ENGINE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.TEMPLATE_ENGINE) }}",
- "PIPELINE_DEBUGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.PIPELINE_DEBUGGER_IMAGE) }}",
- "CR_6177_FIXER": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.CR_6177_FIXER) }}",
- "GC_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.GC_BUILDER_IMAGE) }}",
+ "DOCKER_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_PUSHER_IMAGE) }}",
+ "DOCKER_PULLER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_PULLER_IMAGE) }}",
+ "DOCKER_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_BUILDER_IMAGE) }}",
+ "CONTAINER_LOGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.CONTAINER_LOGGER_IMAGE) }}",
+ "GIT_CLONE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.GIT_CLONE_IMAGE) }}",
+ "DOCKER_TAG_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) }}",
+ "FS_OPS_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.FS_OPS_IMAGE) }}",
+ "COMPOSE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.COMPOSE_IMAGE) }}",
+ "KUBE_DEPLOY": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.KUBE_DEPLOY) }}",
+ "TEMPLATE_ENGINE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.TEMPLATE_ENGINE) }}",
+ "PIPELINE_DEBUGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.PIPELINE_DEBUGGER_IMAGE) }}",
+ "CR_6177_FIXER": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.CR_6177_FIXER) }}",
+ "GC_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.GC_BUILDER_IMAGE) }}",
"NODE_TLS_REJECT_UNAUTHORIZED": "0"
},
"volumeMounts": {
@@ -109,7 +109,7 @@
},
"description": "System hybrid runtime environment for kubernetes",
"runtimeScheduler": {
- "image": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.ENGINE_IMAGE) }}",
+ "image": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.ENGINE_IMAGE) }}",
"command": [
"npm",
"run",
@@ -121,19 +121,19 @@
"LOGGER_LEVEL": "debug",
"NODE_ENV": "kubernetes",
"METRICS_CODEFRESH_ENABLED": "true",
- "DOCKER_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_PUSHER_IMAGE) }}",
- "DOCKER_PULLER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_PULLER_IMAGE) }}",
- "DOCKER_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_BUILDER_IMAGE) }}",
- "CONTAINER_LOGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.CONTAINER_LOGGER_IMAGE) }}",
- "GIT_CLONE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.GIT_CLONE_IMAGE) }}",
- "DOCKER_TAG_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) }}",
- "FS_OPS_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.FS_OPS_IMAGE) }}",
- "COMPOSE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.COMPOSE_IMAGE) }}",
- "KUBE_DEPLOY": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.KUBE_DEPLOY) }}",
- "TEMPLATE_ENGINE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.TEMPLATE_ENGINE) }}",
- "PIPELINE_DEBUGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.PIPELINE_DEBUGGER_IMAGE) }}",
- "CR_6177_FIXER": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.CR_6177_FIXER) }}",
- "GC_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.GC_BUILDER_IMAGE) }}",
+ "DOCKER_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_PUSHER_IMAGE) }}",
+ "DOCKER_PULLER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_PULLER_IMAGE) }}",
+ "DOCKER_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_BUILDER_IMAGE) }}",
+ "CONTAINER_LOGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.CONTAINER_LOGGER_IMAGE) }}",
+ "GIT_CLONE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.GIT_CLONE_IMAGE) }}",
+ "DOCKER_TAG_PUSHER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) }}",
+ "FS_OPS_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.FS_OPS_IMAGE) }}",
+ "COMPOSE_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.COMPOSE_IMAGE) }}",
+ "KUBE_DEPLOY": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.KUBE_DEPLOY) }}",
+ "TEMPLATE_ENGINE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.TEMPLATE_ENGINE) }}",
+ "PIPELINE_DEBUGGER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.PIPELINE_DEBUGGER_IMAGE) }}",
+ "CR_6177_FIXER": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.CR_6177_FIXER) }}",
+ "GC_BUILDER_IMAGE": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.GC_BUILDER_IMAGE) }}",
"NO_EXT_MONITOR": "true",
"DISABLE_WORKSPACE_CACHE": "true",
"NODE_TLS_REJECT_UNAUTHORIZED": "0",
@@ -170,7 +170,7 @@
"cluster": {
"namespace": "{{ .Release.Namespace }}"
},
- "dindImage": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.dockerRegistry "imageFullName" .Values.runtimeImages.DIND_IMAGE) }}",
+ "dindImage": "{{ include "codefresh.buildImageName" (dict "registry" .Values.global.imageRegistry "imageFullName" .Values.runtimeImages.DIND_IMAGE) }}",
"defaultDindResources": {
"requests": {
"cpu": "390m",
@@ -267,6 +267,6 @@
"extends": [
"system/default"
]
- }
+ }
]
{{- end -}}
diff --git a/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml b/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml
index 1e01d429a..4bc915e8f 100644
--- a/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml
+++ b/charts/codefresh/templates/hooks/pre-upgrade/delete-consul-svc-job.yaml
@@ -38,7 +38,7 @@ spec:
- /bin/sh
- -c
- |
- set -e
+ set -x
CONSUL_SVC_HEADLESS=$(kubectl get svc -n {{ .Release.Namespace }} \
-l app.kubernetes.io/instance={{ include "codefresh.fullname" . }}\
-l app.kubernetes.io/name=consul \
diff --git a/charts/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml b/charts/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml
new file mode 100644
index 000000000..cbff56fa1
--- /dev/null
+++ b/charts/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-job.yaml
@@ -0,0 +1,83 @@
+{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }}
+{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
+{{- $tolerations := .Values.hooks.consul.tolerations | default list }}
+{{- $globalTolerations := .Values.global.tolerations | default list }}
+{{- $allToleration := concat $globalTolerations $tolerations }}
+{{- $affinity := .Values.hooks.consul.affinity | default dict }}
+{{- $globalAffinity := .Values.global.affinity | default dict }}
+{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }}
+{{- $nodeSelector := .Values.hooks.consul.nodeSelector | default dict }}
+{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }}
+{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ labels:
+ {{ include "codefresh.labels" . | nindent 4 }}
+ annotations:
+ helm.sh/hook: pre-upgrade
+ helm.sh/hook-weight: "5"
+ helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
+spec:
+ ttlSecondsAfterFinished: 300
+ backoffLimit: 6
+ template:
+ metadata:
+ name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ labels:
+ {{ include "codefresh.labels" . | nindent 8 }}
+ spec:
+ {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }}
+ containers:
+ - name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ image: {{ include (printf "%s.image.name" $libTemplateName) (dict "image" .Values.hooks.rabbitmq.image "context" .) }}
+ env:
+ - name: RABBITMQADMIN_TARGET_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ key: RABBITMQADMIN_TARGET_HOST
+ - name: RABBITMQADMIN_TARGET_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ key: RABBITMQADMIN_TARGET_PORT
+ - name: RABBITMQADMIN_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ key: RABBITMQADMIN_USERNAME
+ - name: RABBITMQADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ key: RABBITMQADMIN_PASSWORD
+ command:
+ - /bin/bash
+ - -c
+ - |
+ set -x
+ rabbitmqadmin \
+ --host=$RABBITMQADMIN_TARGET_HOST \
+ --port=$RABBITMQADMIN_TARGET_PORT \
+ --username=$RABBITMQADMIN_USERNAME \
+ --password=$RABBITMQADMIN_PASSWORD \
+ feature_flags enable_all
+ resources:
+ {{- toYaml .Values.hooks.rabbitmq.resources | nindent 10 }}
+ {{- with $allNodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with $allAffinity }}
+ affinity:
+ {{- toYaml . | nindent 8}}
+ {{- end }}
+ {{- with $allToleration }}
+ tolerations:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ restartPolicy: OnFailure
+{{- end }}
diff --git a/charts/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml b/charts/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml
new file mode 100644
index 000000000..7244c570e
--- /dev/null
+++ b/charts/codefresh/templates/hooks/pre-upgrade/enable-stable-flags-rabbitmq-secret.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.hooks.rabbitmq.enabled .Values.rabbitmq.enabled }}
+{{- $libTemplateName := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "codefresh.fullname" . }}-rabbitmq-enable-stable-flags
+ labels:
+ {{ include "codefresh.labels" . | nindent 4 }}
+ annotations:
+ helm.sh/hook: pre-upgrade
+ helm.sh/hook-weight: "-10"
+ helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed
+type: Opaque
+data:
+ RABBITMQADMIN_TARGET_HOST: {{ (printf "%s-%s" .Release.Name (coalesce .Values.global.rabbitService .Values.global.rabbitmqService) | lower | trimSuffix ":5672") | b64enc | quote }}
+ RABBITMQADMIN_TARGET_PORT: {{ printf "%d" 15672 | b64enc | quote }}
+ RABBITMQADMIN_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }}
+ RABBITMQADMIN_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }}
+{{- end }}
diff --git a/charts/codefresh/templates/secrets/secret.yaml b/charts/codefresh/templates/secrets/secret.yaml
index e0fa81259..0ea7c521c 100644
--- a/charts/codefresh/templates/secrets/secret.yaml
+++ b/charts/codefresh/templates/secrets/secret.yaml
@@ -17,8 +17,8 @@ data:
MONGODB_PROTOCOL: {{ coalesce .Values.global.mongodbProtocol | default "mongodb" | b64enc }}
# legacy MONGODB_* secrets
- MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }}
- MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }}
+ MONGODB_ROOT_USER: {{ coalesce .Values.seed.mongoSeedJob.mongodbRootUser .Values.global.mongodbRootUser | b64enc }}
+ MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.seed.mongoSeedJob.mongodbRootPassword .Values.global.mongodbRootPassword) | b64enc }}
MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}}
MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }}
MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }}
diff --git a/charts/codefresh/templates/seed/mongo-seed-job.yaml b/charts/codefresh/templates/seed/mongo-seed-job.yaml
index a97706859..2cbac34a2 100644
--- a/charts/codefresh/templates/seed/mongo-seed-job.yaml
+++ b/charts/codefresh/templates/seed/mongo-seed-job.yaml
@@ -52,8 +52,19 @@ spec:
{{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }}
- name: MONGODB_ROOT_PASSWORD
{{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }}
+ - name: MONGODB_ROOT_OPTIONS
+ value: {{ .Values.seed.mongoSeedJob.mongodbRootOptions | quote }}
- name: DEVELOPMENT_CHART
value: {{ .Values.developmentChart | quote }}
+ {{- range $env, $val := .Values.seed.mongoSeedJob.env }}
+ - name: {{ $env }}
+ value: {{ $val | quote }}
+ {{ end }}
+ {{- range $env, $val := .Values.global.env }}
+ - name: {{ $env }}
+ value: {{ $val | quote }}
+ {{ end }}
+
command:
- "/bin/bash"
- "-exc"
diff --git a/charts/codefresh/templates/seed/postgres-seed-job.yaml b/charts/codefresh/templates/seed/postgres-seed-job.yaml
index 6ff5366b1..9f66be450 100644
--- a/charts/codefresh/templates/seed/postgres-seed-job.yaml
+++ b/charts/codefresh/templates/seed/postgres-seed-job.yaml
@@ -49,6 +49,10 @@ spec:
{{- include "codefresh.postgres-seed-user-env-var-value" . | indent 12 }}
- name: POSTGRES_SEED_PASSWORD
{{- include "codefresh.postgres-seed-password-env-var-value" . | indent 12 }}
+ {{- range $env, $val := .Values.global.env }}
+ - name: {{ $env }}
+ value: {{ $val | quote }}
+ {{ end }}
resources:
{{- toYaml .Values.seed.resources | nindent 10 }}
command:
diff --git a/charts/codefresh/tests/misc/global_constrains_test.yaml b/charts/codefresh/tests/misc/global_constrains_test.yaml
index 903a5358f..903808c14 100644
--- a/charts/codefresh/tests/misc/global_constrains_test.yaml
+++ b/charts/codefresh/tests/misc/global_constrains_test.yaml
@@ -394,38 +394,6 @@ tests:
values:
- "value"
- - it: cf-runner should have global tolerations/nodeSelector/affinity/imagePullSecret
- values:
- - ../values/global.yaml
- template: charts/runner/templates/controller.yaml
- asserts:
- - contains:
- path: spec.template.spec.imagePullSecrets
- content:
- name: my-secret
- - contains:
- path: spec.template.spec.tolerations
- content:
- key: "key"
- operator: "Equal"
- value: "value"
- effect: "NoSchedule"
- - equal:
- path: spec.template.spec.nodeSelector
- value:
- key: "value"
- - equal:
- path: spec.template.spec.affinity
- value:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "key"
- operator: "In"
- values:
- - "value"
-
- it: cf-broadcaster should have global tolerations/nodeSelector/affinity/imagePullSecret
values:
- ../values/global.yaml
diff --git a/charts/codefresh/tests/private-registry/cf_charts_test.yaml b/charts/codefresh/tests/private-registry/cf_charts_test.yaml
index c03ce1391..d817a35ea 100644
--- a/charts/codefresh/tests/private-registry/cf_charts_test.yaml
+++ b/charts/codefresh/tests/private-registry/cf_charts_test.yaml
@@ -19,7 +19,6 @@ templates:
- charts/hermes/templates/*.yaml
- charts/nomios/templates/*.yaml
- charts/builder/templates/*.yaml
- - charts/runner/templates/*.yaml
- charts/cf-oidc-provider/templates/*.yaml
tests:
- it: "(Codefresh subcharts) should test image private registry prefix"
@@ -116,11 +115,6 @@ tests:
path: spec.template.spec.containers[0].image
pattern: ^myregistry.io/.*$
template: charts/builder/templates/controller.yaml
- # cf-runner
- - matchRegex:
- path: spec.template.spec.containers[0].image
- pattern: ^myregistry.io/.*$
- template: charts/runner/templates/controller.yaml
# cf-oidc-provider
- matchRegex:
path: spec.template.spec.containers[0].image
diff --git a/charts/codefresh/values.yaml b/charts/codefresh/values.yaml
index 9a4b9df36..466263a26 100644
--- a/charts/codefresh/values.yaml
+++ b/charts/codefresh/values.yaml
@@ -14,7 +14,7 @@ gencerts:
image:
registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
repository: codefresh/kubectl
- tag: 1.33.0
+ tag: 1.33.3
rbac:
enabled: true
ttlSecondsAfterFinished: 300
@@ -55,6 +55,11 @@ seed:
# name: my-secret
# key: mongodb-root-password
+ # -- Extra options for connection string (e.g. `authSource=admin`).
+ mongodbRootOptions: ""
+ # -- Extra env variables for seed job.
+ env: {}
+
# -- Postgres Seed Job. Required at first install. Creates required user and databases.
# @default -- See below
postgresSeedJob:
@@ -62,7 +67,7 @@ seed:
image:
registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
repository: codefresh/postgresql
- tag: 17
+ tag: 17.5.0-debian-12-r20
# -- (optional) "postgres" admin user in plain text (required ONLY for seed job!)
# Must be a privileged user allowed to create databases and grant roles.
# If omitted, username and password from `.Values.global.postgresUser/postgresPassword` will be used.
@@ -355,8 +360,6 @@ global:
cfapiEndpointsService: cfapi
# -- Default builder service name.
builderService: builder
- # -- Default runner service name.
- runnerService: runner
# -- Default tls-sign service name.
tlsSignService: cfsign
# -- Default tls-sign service port.
@@ -454,13 +457,24 @@ hooks:
image:
registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
repository: codefresh/kubectl
- tag: 1.33.0
+ tag: 1.33.3
+ affinity: {}
+ nodeSelector: {}
+ podSecurityContext: {}
+ resources: {}
+ tolerations: []
+ # -- Enable stable feature flags in RabbitMQ.
+ rabbitmq:
+ enabled: true
+ image:
+ registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
+ repository: codefresh/rabbitmqadmin
+ tag: 2.8.0
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
-
# -- Maintenance postgresql clean job.
# Removes a certain number of the last records in the event store table.
@@ -470,7 +484,7 @@ postgresqlCleanJob:
image:
registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
repository: codefresh/postgresql
- tag: 17
+ tag: 17.5.0-debian-12-r20
schedule: "0 0 * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
@@ -484,19 +498,19 @@ postgresqlCleanJob:
# -- runtimeImages
# @default -- See below
runtimeImages:
- COMPOSE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/compose:v2.32.2-1.5.2
- CONTAINER_LOGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-container-logger:1.12.5
- DIND_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/dind:26.1.4-1.28.8
- DOCKER_BUILDER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-builder:1.4.4
- DOCKER_PULLER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-puller:8.0.20
- DOCKER_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-pusher:6.0.17
- DOCKER_TAG_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-tag-pusher:1.3.15
- ENGINE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/engine:1.177.8
- FS_OPS_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/fs-ops:1.2.10
- GIT_CLONE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-git-cloner:10.2.0
- KUBE_DEPLOY: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-deploy-kubernetes:16.2.6
- PIPELINE_DEBUGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-debugger:1.3.9
- TEMPLATE_ENGINE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/pikolo:0.14.3
+ COMPOSE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/compose:v2.37.0-1.5.4@sha256:e74494370100678ccb1c1058e6ef3ddcf67b21fcd37da8b3482376c8282549ad
+ CONTAINER_LOGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-container-logger:1.12.8@sha256:6e376bb00e824827cb038e15160ccf0fead4f868197b75bbc80dbd6bc34af8d6
+ DIND_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/dind:26.1.4-1.28.8@sha256:33c343dd01e8a24f0b4a872bbe62884320719f9d9dc27b7a8fed9f7e9fc7e80e
+ DOCKER_BUILDER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-builder:1.4.7@sha256:1d02df4dcf703a97c7a64b147cd2c3f6ec2c708aad16be5abbd337f3c13a48ad
+ DOCKER_PULLER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-puller:8.0.22@sha256:914f071bcb1893bcb42c3f8907f8f3874f1f30db1a2ccaa4b825dab9bb157e60
+ DOCKER_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-pusher:6.0.20@sha256:bad3773029a68f33953f1dc245cb92c386b5311a996340eea41fe6b9cc52a96c
+ DOCKER_TAG_PUSHER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-docker-tag-pusher:1.3.19@sha256:ec4416525bbf4912786035fbb2e1f26ae04f94559c535f02232b48eb0a1c5fa7
+ ENGINE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/engine:1.178.2@sha256:3e179cb065419699c0925bb1eccee1e1a9d3b6609859f801a85feeaef0b6c153
+ FS_OPS_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/fs-ops:1.2.10@sha256:70d53821b9314d88e3571dfb096e8f577caf3e4c2199253621b8d0c85d20b8ad
+ GIT_CLONE_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-git-cloner:10.3.2@sha256:2e09eef18d5caddae708058ec63247825ac4e4ee5e5763986f65e1312fbcc449
+ KUBE_DEPLOY: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-deploy-kubernetes:16.2.9@sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263
+ PIPELINE_DEBUGGER_IMAGE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/cf-debugger:1.3.9@sha256:37975653b4ef5378bd1e38d453c7dac4721cba1c1977a5ca6118a67b98a47925
+ TEMPLATE_ENGINE: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/pikolo:0.14.6@sha256:b3f499fcf93037e69fba599d2f292cfc9f28a158052dd57d5de9cdf9756f1f60
CR_6177_FIXER: docker.io/library/alpine:3.21
GC_BUILDER_IMAGE: docker.io/library/alpine:3.21
@@ -734,6 +748,7 @@ cf-platform-analytics-etlstarter:
container:
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
+ repository: codefresh/cf-platform-analytics
env:
ENV: production
DATASET_ID: etl
@@ -756,6 +771,10 @@ cf-platform-analytics-platform:
redis:
enabled: true
nameOverride: redis-platform-analytics
+ image:
+ registry: quay.io
+ repository: codefresh/redis
+ tag: 7.4.3-debian-12-r0
resources:
requests:
cpu: 100m
@@ -807,7 +826,7 @@ cfsign:
image:
registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
repository: codefresh/curl
- tag: 8.11.1
+ tag: 8.14.1
affinity: {}
nodeSelector: {}
podSecurityContext: {}
@@ -892,6 +911,8 @@ cluster-providers:
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/consul/values.yaml
consul:
enabled: true
+ image:
+ repository: bitnamilegacy/consul
datacenterName: codefresh-onprem
replicaCount: 1
extraEnvVars:
@@ -974,8 +995,8 @@ helm-repo-manager:
ingress:
enabled: false
image:
- repository: us-docker.pkg.dev/codefresh-inc/public-gcr-io/codefresh/chartmuseum
- tag: 8795e993
+ repository: ghcr.io/helm/chartmuseum
+ tag: v0.16.3
resources:
requests:
cpu: 100m
@@ -1092,6 +1113,8 @@ kube-integration:
mongodb:
enabled: true
architecture: standalone
+ image:
+ repository: bitnamilegacy/mongodb
useStatefulSet: true
auth:
enabled: true
@@ -1102,14 +1125,16 @@ mongodb:
cpu: 200m
memory: 256Mi
migration:
- enabled: true
- featureCompatibilityVersion: "6.0"
+ enabled: false
+ featureCompatibilityVersion: "7.0"
# -- nats
# @default -- See below
# Ref: https://github.com/bitnami/charts/blob/main/bitnami/nats/values.yaml
nats:
enabled: true
+ image:
+ repository: bitnamilegacy/nats
replicaCount: 1
auth:
enabled: false
@@ -1142,7 +1167,7 @@ postgresql:
image:
registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
repository: codefresh/postgresql
- tag: 17
+ tag: 17.5.0-debian-12-r20
auth:
enablePostgresUser: true
postgresPassword: "eC9arYka4ZbH"
@@ -1198,6 +1223,10 @@ redis:
requests:
cpu: 200m
memory: 256Mi
+ image:
+ registry: quay.io
+ repository: codefresh/redis
+ tag: 7.4.3-debian-12-r0
# -- redis-ha
## Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
@@ -1226,7 +1255,8 @@ redis-ha:
rabbitmq:
enabled: true
image:
- tag: "4.0"
+ repository: bitnamilegacy/rabbitmq
+ tag: "4.1.3"
replicaCount: 1
auth:
username: user
@@ -1246,34 +1276,7 @@ builder:
image:
registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
repository: codefresh/curl
- tag: 8.11.1
- container:
- image:
- registry: docker.io
- repository: library/docker
- tag: 28.0-dind
- affinity: {}
- nodeSelector: {}
- podSecurityContext: {}
- resources: {}
- tolerations: []
-
-# -- runner
-# @default -- See below
-runner:
- enabled: true
- imagePullSecrets: []
- initContainers:
- register:
- image:
- registry: us-docker.pkg.dev/codefresh-inc/public-gcr-io
- repository: codefresh/curl
- tag: 8.11.1
- container:
- image:
- registry: docker.io
- repository: library/docker
- tag: 28.0-dind
+ tag: 8.14.1
affinity: {}
nodeSelector: {}
podSecurityContext: {}
@@ -1359,7 +1362,7 @@ argo-hub-platform:
container:
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-hub-platform
+ repository: codefresh/argo-hub-platform
imagePullSecrets: []
resources:
requests:
@@ -1422,7 +1425,7 @@ argo-platform:
# -- Registry
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
# -- Repository
- repository: codefresh-io/argo-platform-api-graphql
+ repository: codefresh/argo-platform-api-graphql
# -- Env vars
# @default -- See below
env:
@@ -1485,7 +1488,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-abac
+ repository: codefresh/argo-platform-abac
env:
MONGODB_PROTOCOL: *mongodb-protocol
MONGODB_OPTIONS: *mongodb-options
@@ -1521,7 +1524,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-analytics-reporter
+ repository: codefresh/argo-platform-analytics-reporter
env:
ENABLED_DATABASE_TYPES: POSTGRES
MONGODB_PROTOCOL: *mongodb-protocol
@@ -1570,7 +1573,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-api-events
+ repository: codefresh/argo-platform-api-events
env:
RABBITMQ_PROTOCOL: *rabbitmq-protocol
RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
@@ -1608,7 +1611,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-audit
+ repository: codefresh/argo-platform-audit
env:
MONGODB_PROTOCOL: *mongodb-protocol
MONGODB_OPTIONS: *mongodb-options
@@ -1651,7 +1654,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-cron-executor
+ repository: codefresh/argo-platform-cron-executor
env:
MONGODB_PROTOCOL: *mongodb-protocol
MONGODB_OPTIONS: *mongodb-options
@@ -1694,7 +1697,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-event-handler
+ repository: codefresh/argo-platform-event-handler
env:
MONGODB_PROTOCOL: *mongodb-protocol
MONGODB_OPTIONS: *mongodb-options
@@ -1747,7 +1750,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-ui
+ repository: codefresh/argo-platform-ui
resources:
requests:
cpu: 100m
@@ -1768,7 +1771,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-broadcaster
+ repository: codefresh/argo-platform-broadcaster
env:
MONGODB_PROTOCOL: *mongodb-protocol
MONGODB_OPTIONS: *mongodb-options
@@ -1776,6 +1779,8 @@ argo-platform:
MONGODB_READMODELS_URI: '{{ include "argo-patform-libs.env-vars.mongodb-readmodels-uri-env-var-value" . }}'
RABBITMQ_URLS: $(RABBITMQ_PROTOCOL)://$(RABBITMQ_USER):$(RABBITMQ_PASSWORD)@$(RABBITMQ_HOST)
secrets:
+ v1-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiEndpointsService }}
+ v1-internal-host: http://{{ .Release.Name }}-{{ .Values.global.cfapiService }}:{{ .Values.global.cfapiInternalPort }}
mongodb-protocol: *mongodb-protocol
mongodb-options: *mongodb-options
mongodb-host: *mongodb-host
@@ -1809,7 +1814,7 @@ argo-platform:
kind: Deployment
image:
registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io
- repository: codefresh-io/argo-platform-promotion-orchestrator
+ repository: codefresh/argo-platform-promotion-orchestrator
env:
MONGODB_PROTOCOL: *mongodb-protocol
MONGODB_OPTIONS: *mongodb-options
diff --git a/indexes/codefresh/agenttasks.json b/indexes/codefresh/agenttasks.json
index 8c761fcd0..7e5b1f26f 100644
--- a/indexes/codefresh/agenttasks.json
+++ b/indexes/codefresh/agenttasks.json
@@ -1,29 +1,20 @@
[
{
- "v" : 2.0,
- "key" : {
- "_id" : 1.0
- },
- "name" : "_id_"
- },
- {
- "v" : 2.0,
- "key" : {
- "metadata.accountId" : 1,
- "metadata.reIdentifier" : 1,
- "metadata.shouldExecute" : 1,
- "metadata.startAt" : 1,
- "metadata.status" : 1,
- "metadata.expireAt" : 1
- },
- "name" : "metadata.accountId_1_metadata.reIdentifier_1_metadata.shouldExecute_1_metadata.startAt_1_metadata.status_1_metadata.expireAt_1"
+ "keys": {
+ "metadata.accountId": 1,
+ "metadata.reIdentifier": 1,
+ "metadata.shouldExecute": 1,
+ "metadata.startAt": 1,
+ "metadata.status": 1,
+ "metadata.expireAt": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "metadata.expireAt" : 1
+ "keys": {
+ "metadata.expireAt": 1
},
- "name" : "metadata.expireAt_1",
- "expireAfterSeconds" : 0.0
+ "options": {
+ "expireAfterSeconds": 0
+ }
}
-]
+]
\ No newline at end of file
diff --git a/indexes/codefresh/feature-store-versioned.json b/indexes/codefresh/feature-store-versioned.json
index 4be0e7132..e5c9af57f 100644
--- a/indexes/codefresh/feature-store-versioned.json
+++ b/indexes/codefresh/feature-store-versioned.json
@@ -1,25 +1,16 @@
[
{
- "expireAfterSeconds": 43200.0,
- "key": {
- "createdAt": 1.0
+ "keys": {
+ "createdAt": 1
},
- "name": "createdAt_1",
- "v": 2.0
+ "options": {
+ "expireAfterSeconds": 43200
+ }
},
{
- "key": {
- "_id": -1.0,
- "LDRedisStoreVersion": 1.0
- },
- "name": "LDRedisStoreVersion_1__id_-1",
- "v": 2.0
- },
- {
- "key": {
- "_id": 1.0
- },
- "name": "_id_",
- "v": 2.0
+ "keys": {
+ "_id": -1,
+ "LDRedisStoreVersion": 1
+ }
}
-]
+]
\ No newline at end of file
diff --git a/indexes/codefresh/users.json b/indexes/codefresh/users.json
new file mode 100644
index 000000000..07200446a
--- /dev/null
+++ b/indexes/codefresh/users.json
@@ -0,0 +1,15 @@
+[
+ {
+ "keys": {
+ "account": 1,
+ "_id": 1
+ }
+ },
+ {
+ "keys": {
+ "role": 1,
+ "account": 1,
+ "_id": 1
+ }
+ }
+]
\ No newline at end of file
diff --git a/indexes/codefresh/workflowprocesses.json b/indexes/codefresh/workflowprocesses.json
index e2e6e65a3..6f54ab77f 100644
--- a/indexes/codefresh/workflowprocesses.json
+++ b/indexes/codefresh/workflowprocesses.json
@@ -1,460 +1,382 @@
[
{
- "v" : 1.0,
- "key" : {
- "account" : 1.0,
- "pendingLicense" : 1.0,
- "created" : 1.0
- },
- "name" : "account_1_pendingLicense_1_created_1"
+ "keys": {
+ "account": 1,
+ "pendingLicense": 1,
+ "created": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "pipeline" : 1.0,
- "status" : 1.0
- },
- "name" : "pipeline_1_status_1"
+ "keys": {
+ "pipeline": 1,
+ "status": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1.0,
- "triggerType" : 1.0
- },
- "name" : "account_1_triggerType_1"
+ "keys": {
+ "account": 1,
+ "triggerType": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1.0,
- "pipelineInfo.pipelineId" : 1.0
- },
- "name" : "account_1_pipelineInfo.pipelineId_1"
+ "keys": {
+ "account": 1,
+ "pipelineInfo.pipelineId": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "account" : 1.0,
- "startImmediately" : 1.0,
- "status" : 1.0
- },
- "name" : "account_1_startImmediately_1_status_1"
+ "keys": {
+ "account": 1,
+ "startImmediately": 1,
+ "status": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "account" : 1.0,
- "scmMetadata.repoName" : 1.0,
- "scmMetadata.repoOwner" : 1.0,
- "trigger" : 1.0,
- "service" : 1.0
- },
- "name" : "account_1_scmMetadata.repoName_1_scmMetadata.repoOwner_1_trigger_1_service_1"
+ "keys": {
+ "account": 1,
+ "scmMetadata.repoName": 1,
+ "scmMetadata.repoOwner": 1,
+ "trigger": 1,
+ "service": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "isPublic" : 1.0
- },
- "name" : "isPublic_1"
+ "keys": {
+ "isPublic": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "codefreshEnv" : 1,
- "status" : 1,
- "shouldPerformFinishSystem" : 1,
- "_id" : 1
- },
- "name" : "codefreshEnv_1_status_1_shouldPerformFinishSystem_1__id_1"
+ "keys": {
+ "codefreshEnv": 1,
+ "status": 1,
+ "shouldPerformFinishSystem": 1,
+ "_id": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "helmInfo.boardId" : 1
- },
- "name" : "account_1_helmInfo.boardId_1"
+ "keys": {
+ "account": 1,
+ "helmInfo.boardId": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1.0,
- "environs" : 1.0
- },
- "name" : "account_1_environs_1"
+ "keys": {
+ "account": 1,
+ "environs": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "account" : 1.0,
- "status" : 1.0,
- "trigger" : 1.0
- },
- "name" : "account_1_status_1_trigger_1"
+ "keys": {
+ "account": 1,
+ "status": 1,
+ "trigger": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "pipeline" : 1,
- "trigger" : 1,
- "_id" : -1
- },
- "name" : "account_1_pipeline_1_trigger_1__id_-1"
+ "keys": {
+ "account": 1,
+ "pipeline": 1,
+ "trigger": 1,
+ "_id": -1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "scmMetadata.branchName" : 1.0,
- "account" : 1.0,
- "pipeline" : 1.0,
- "created" : -1.0,
- "finished" : 1.0
- },
- "name" : "scmMetadata.branchName_1_account_1_pipeline_1_created_-1_finished_1"
+ "keys": {
+ "scmMetadata.branchName": 1,
+ "account": 1,
+ "pipeline": 1,
+ "created": -1,
+ "finished": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "trigger" : 1.0,
- "account" : 1.0,
- "status" : 1.0,
- "_id" : -1.0
- },
- "name" : "trigger_1_account_1_status_1__id_-1"
+ "keys": {
+ "trigger": 1,
+ "account": 1,
+ "status": 1,
+ "_id": -1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "account" : 1.0,
- "trigger" : 1.0,
- "scmMetadata.repoName" : 1.0,
- "service" : 1.0
- },
- "name" : "account_1_trigger_1_scmMetadata.repoName_1_service_1"
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "scmMetadata.repoName": 1,
+ "service": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "service" : 1.0,
- "status" : 1.0
- },
- "name" : "service_1_status_1"
+ "keys": {
+ "service": 1,
+ "status": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "finished" : 1.0
- },
- "name" : "finished_1"
+ "keys": {
+ "finished": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "healthStatus.engine.status" : 1.0
- },
- "name" : "healthStatus.engine.status_1"
+ "keys": {
+ "healthStatus.engine.status": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "codefreshEnv" : 1,
- "status" : 1,
- "_id" : 1
- },
- "name" : "codefreshEnv_1_status_1__id_1"
+ "keys": {
+ "codefreshEnv": 1,
+ "status": 1,
+ "_id": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "account" : 1.0,
- "service" : 1.0,
- "trigger" : 1.0
- },
- "name" : "account_1_service_1_trigger_1"
+ "keys": {
+ "account": 1,
+ "service": 1,
+ "trigger": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "scmMetadata.branchName" : 1.0,
- "service" : 1.0,
- "status" : 1.0,
- "created" : -1.0
- },
- "name" : "scmMetadata.branchName_1_service_1_status_1_created_-1"
+ "keys": {
+ "scmMetadata.branchName": 1,
+ "service": 1,
+ "status": 1,
+ "created": -1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "status" : 1.0,
- "trigger" : 1.0
- },
- "name" : "status_1_trigger_1"
+ "keys": {
+ "status": 1,
+ "trigger": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "pipeline" : 1.0,
- "finished" : -1.0
- },
- "name" : "pipeline_1_finished_-1"
+ "keys": {
+ "pipeline": 1,
+ "finished": -1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "progress" : 1.0
- },
- "name" : "progress_1"
+ "keys": {
+ "progress": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1.0,
- "environ" : 1.0
- },
- "name" : "account_1_environ_1"
+ "keys": {
+ "account": 1,
+ "environ": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "status" : 1,
- "created" : -1
- },
- "name" : "status_1_created_-1"
+ "keys": {
+ "status": 1,
+ "created": -1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "createdAt" : 1.0
- },
- "name" : "createdAt_1"
+ "keys": {
+ "createdAt": 1
+ }
},
{
- "v" : 1.0,
- "key" : {
- "request" : 1.0
- },
- "name" : "request_1"
+ "keys": {
+ "request": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "_id" : 1,
- "scmMetadata.repoName" : 1
- },
- "name" : "account_1__id_1_scmMetadata.repoName_1"
+ "keys": {
+ "account": 1,
+ "_id": 1,
+ "scmMetadata.repoName": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "pipeline" : 1,
- "created" : -1
- },
- "name" : "pipeline_1_created_-1"
+ "keys": {
+ "pipeline": 1,
+ "created": -1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "status" : 1,
- "created" : 1
- },
- "name" : "account_1_status_1_created_1"
+ "keys": {
+ "account": 1,
+ "status": 1,
+ "created": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "status" : 1,
- "runtimeEnvironmentMetadata.agent" : 1,
- "created" : 1
- },
- "name" : "status_1_runtimeEnvironmentMetadata.agent_1_created_1"
+ "keys": {
+ "status": 1,
+ "runtimeEnvironmentMetadata.agent": 1,
+ "created": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "created" : 1
- },
- "name" : "created_1",
- "expireAfterSeconds" : 31536000.0
+ "keys": {
+ "created": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "status" : 1,
- "trigger" : 1,
- "pipeline" : 1,
- "keepPVCsForPendingApproval" : 1
- },
- "name" : "account_1_status_1_trigger_1_pipeline_1_keepPVCsForPendingApproval_1",
- "partialFilterExpression" : {
- "status" : {
- "$in" : [
- "pending",
- "delayed",
- "elected",
- "running",
- "terminating",
- "pending-approval"
- ]
+ "keys": {
+ "account": 1,
+ "status": 1,
+ "trigger": 1,
+ "pipeline": 1,
+ "keepPVCsForPendingApproval": 1
+ },
+ "options": {
+ "partialFilterExpression": {
+ "status": {
+ "$in": [
+ "pending",
+ "delayed",
+ "elected",
+ "running",
+ "terminating",
+ "pending-approval"
+ ]
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "_id" : 1.0
+ "keys": {
+ "account": 1,
+ "scmMetadata.revision": 1,
+ "_id": -1,
+ "pipeline": 1
},
- "name" : "_id_"
- },
- {
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "scmMetadata.revision" : 1,
- "_id" : -1,
- "pipeline" : 1
- },
- "name" : "account_1_scmMetadata.revision_1__id_-1_pipeline_1",
- "partialFilterExpression" : {
- "scmMetadata.revision" : {
- "$exists" : true
+ "options": {
+ "partialFilterExpression": {
+ "scmMetadata.revision": {
+ "$exists": true
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "scmMetadata.userName" : 1,
- "_id" : -1,
- "pipeline" : 1
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "scmMetadata.userName": 1,
+ "_id": -1,
+ "pipeline": 1
},
- "name" : "account_1_trigger_1_scmMetadata.userName_1__id_-1_pipeline_1",
- "partialFilterExpression" : {
- "scmMetadata.userName" : {
- "$exists" : true
+ "options": {
+ "partialFilterExpression": {
+ "scmMetadata.userName": {
+ "$exists": true
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "annotations.key" : 1,
- "annotations.value" : 1,
- "_id" : -1,
- "pipeline" : 1
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "annotations.key": 1,
+ "annotations.value": 1,
+ "_id": -1,
+ "pipeline": 1
},
- "name" : "account_1_trigger_1_annotations.key_1_annotations.value_1__id_-1_pipeline_1",
- "sparse" : true
+ "options": {
+ "sparse": true
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "pipelineTrigger" : 1,
- "_id" : -1,
- "pipeline" : 1
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "pipelineTrigger": 1,
+ "_id": -1,
+ "pipeline": 1
},
- "name" : "account_1_trigger_1_pipelineTrigger_1__id_-1_pipeline_1",
- "partialFilterExpression" : {
- "pipelineTrigger" : {
- "$exists" : true
+ "options": {
+ "partialFilterExpression": {
+ "pipelineTrigger": {
+ "$exists": true
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "scmMetadata.branchName" : 1,
- "_id" : -1,
- "pipeline" : 1
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "scmMetadata.branchName": 1,
+ "_id": -1,
+ "pipeline": 1
},
- "name" : "account_1_trigger_1_scmMetadata.branchName_1__id_-1_pipeline_1",
- "partialFilterExpression" : {
- "scmMetadata.branchName" : {
- "$exists" : true
+ "options": {
+ "partialFilterExpression": {
+ "scmMetadata.branchName": {
+ "$exists": true
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "_id" : -1,
- "pipeline" : 1
- },
- "name" : "account_1_trigger_1__id_-1_pipeline_1"
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "_id": -1,
+ "pipeline": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "scmMetadata.provider" : 1,
- "_id" : -1,
- "pipeline" : 1
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "scmMetadata.provider": 1,
+ "_id": -1,
+ "pipeline": 1
},
- "name" : "account_1_trigger_1_scmMetadata.provider_1__id_-1_pipeline_1",
- "partialFilterExpression" : {
- "scmMetadata.provider" : {
- "$exists" : true
+ "options": {
+ "partialFilterExpression": {
+ "scmMetadata.provider": {
+ "$exists": true
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "scmMetadata.repoName" : 1,
- "_id" : -1,
- "pipeline" : 1
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "scmMetadata.repoName": 1,
+ "_id": -1,
+ "pipeline": 1
},
- "name" : "account_1_trigger_1_scmMetadata.repoName_1__id_-1_pipeline_1",
- "partialFilterExpression" : {
- "scmMetadata.repoName" : {
- "$exists" : true
+ "options": {
+ "partialFilterExpression": {
+ "scmMetadata.repoName": {
+ "$exists": true
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "account" : 1,
- "trigger" : 1,
- "scmMetadata.provider" : 1,
- "scmMetadata.event" : 1,
- "_id" : -1,
- "pipeline" : 1
- },
- "name" : "account_1_trigger_1_scmMetadata.provider_1_scmMetadata.event_1__id_-1_pipeline_1",
- "partialFilterExpression" : {
- "scmMetadata.event" : {
- "$exists" : true
- },
- "scmMetadata.provider" : {
- "$exists" : true
+ "keys": {
+ "account": 1,
+ "trigger": 1,
+ "scmMetadata.provider": 1,
+ "scmMetadata.event": 1,
+ "_id": -1,
+ "pipeline": 1
+ },
+ "options": {
+ "partialFilterExpression": {
+ "scmMetadata.event": {
+ "$exists": true
+ },
+ "scmMetadata.provider": {
+ "$exists": true
+ }
}
}
},
{
- "v" : 2.0,
- "key" : {
- "pipeline" : 1,
- "_id" : -1
- },
- "name" : "pipeline_1__id_-1"
+ "keys": {
+ "pipeline": 1,
+ "_id": -1
+ }
}
]
diff --git a/indexes/read-models/analysisruns.json b/indexes/read-models/analysisruns.json
index 2a5c93752..7c8071247 100644
--- a/indexes/read-models/analysisruns.json
+++ b/indexes/read-models/analysisruns.json
@@ -1,332 +1,313 @@
[
{
- "v" : 2.0,
- "key" : {
- "_id" : 1.0
+ "keys": {
+ "__passiveReferencedBy.name": 1
},
- "name" : "_id_"
- },
- {
- "v" : 2.0,
- "key" : {
- "__passiveReferencedBy.name" : 1.0
- },
- "name" : "__passiveReferencedBy.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__passiveReferencedBy.name" : 1.0,
- "__passiveReferencedBy.kind" : 1.0,
- "__passiveReferencedBy.namespace" : 1.0,
- "__passiveReferencedBy.group" : 1.0,
- "__passiveReferencedBy.version" : 1.0
+ "keys": {
+ "__passiveReferencedBy.name": 1,
+ "__passiveReferencedBy.kind": 1,
+ "__passiveReferencedBy.namespace": 1,
+ "__passiveReferencedBy.group": 1,
+ "__passiveReferencedBy.version": 1
},
- "name" : "__passiveReferencedBy.name_1___passiveReferencedBy.kind_1___passiveReferencedBy.namespace_1___passiveReferencedBy.group_1___passiveReferencedBy.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__passiveReferences.name" : 1.0
+ "keys": {
+ "__passiveReferences.name": 1
},
- "name" : "__passiveReferences.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__passiveReferences.name" : 1.0,
- "__passiveReferences.kind" : 1.0,
- "__passiveReferences.namespace" : 1.0,
- "__passiveReferences.group" : 1.0,
- "__passiveReferences.version" : 1.0
+ "keys": {
+ "__passiveReferences.name": 1,
+ "__passiveReferences.kind": 1,
+ "__passiveReferences.namespace": 1,
+ "__passiveReferences.group": 1,
+ "__passiveReferences.version": 1
},
- "name" : "__passiveReferences.name_1___passiveReferences.kind_1___passiveReferences.namespace_1___passiveReferences.group_1___passiveReferences.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferencedBy.name" : 1.0
+ "keys": {
+ "__inferredReferencedBy.name": 1
},
- "name" : "__inferredReferencedBy.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferencedBy.name" : 1.0,
- "__inferredReferencedBy.kind" : 1.0,
- "__inferredReferencedBy.namespace" : 1.0,
- "__inferredReferencedBy.group" : 1.0,
- "__inferredReferencedBy.version" : 1.0
+ "keys": {
+ "__inferredReferencedBy.name": 1,
+ "__inferredReferencedBy.kind": 1,
+ "__inferredReferencedBy.namespace": 1,
+ "__inferredReferencedBy.group": 1,
+ "__inferredReferencedBy.version": 1
},
- "name" : "__inferredReferencedBy.name_1___inferredReferencedBy.kind_1___inferredReferencedBy.namespace_1___inferredReferencedBy.group_1___inferredReferencedBy.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferences.name" : 1.0
+ "keys": {
+ "__inferredReferences.name": 1
},
- "name" : "__inferredReferences.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferences.name" : 1.0,
- "__inferredReferences.kind" : 1.0,
- "__inferredReferences.namespace" : 1.0,
- "__inferredReferences.group" : 1.0,
- "__inferredReferences.version" : 1.0
+ "keys": {
+ "__inferredReferences.name": 1,
+ "__inferredReferences.kind": 1,
+ "__inferredReferences.namespace": 1,
+ "__inferredReferences.group": 1,
+ "__inferredReferences.version": 1
},
- "name" : "__inferredReferences.name_1___inferredReferences.kind_1___inferredReferences.namespace_1___inferredReferences.group_1___inferredReferences.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "updatedAt" : 1.0
+ "keys": {
+ "updatedAt": 1
},
- "name" : "updatedAt_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "projects" : 1.0
+ "keys": {
+ "projects": 1
},
- "name" : "projects_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.name" : 1.0
+ "keys": {
+ "metadata.name": 1
},
- "name" : "metadata.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.labels" : 1.0
+ "keys": {
+ "metadata.labels": 1
},
- "name" : "metadata.labels_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.accountId" : 1.0,
- "metadata.runtime" : 1.0,
- "metadata.cluster" : 1.0,
- "metadata.namespace" : 1.0,
- "metadata.group" : 1.0,
- "metadata.version" : 1.0,
- "metadata.kind" : 1.0,
- "metadata.name" : 1.0,
- "metadata.uid" : 1.0,
- "metadata.revision" : 1.0
+ "keys": {
+ "metadata.accountId": 1,
+ "metadata.runtime": 1,
+ "metadata.cluster": 1,
+ "metadata.namespace": 1,
+ "metadata.group": 1,
+ "metadata.version": 1,
+ "metadata.kind": 1,
+ "metadata.name": 1,
+ "metadata.uid": 1,
+ "metadata.revision": 1
},
- "name" : "metadata.accountId_1_metadata.runtime_1_metadata.cluster_1_metadata.namespace_1_metadata.group_1_metadata.version_1_metadata.kind_1_metadata.name_1_metadata.uid_1_metadata.revision_1",
- "unique" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "unique": true,
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.accountId" : 1,
- "revision" : 1,
- "metadata.labels.rollout-type" : 1,
- "metadata.runtime" : 1,
- "metadata.labels.step-index" : 1
- },
- "name" : "metadata.accountId_1_revision_1_metadata.labels.rollout-type_1_metadata.runtime_1_metadata.labels.step-index_1"
+ "keys": {
+ "metadata.accountId": 1,
+ "revision": 1,
+ "metadata.labels.rollout-type": 1,
+ "metadata.runtime": 1,
+ "metadata.labels.step-index": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "metadata.accountId" : 1,
- "revision" : 1,
- "metadata.labels.rollout-type" : 1,
- "metadata.runtime" : 1,
- "metadata.creationTimestamp" : -1
- },
- "name" : "metadata.accountId_1_revision_1_metadata.labels.rollout-type_1_metadata.runtime_1_metadata.creationTimestamp_-1"
+ "keys": {
+ "metadata.accountId": 1,
+ "revision": 1,
+ "metadata.labels.rollout-type": 1,
+ "metadata.runtime": 1,
+ "metadata.creationTimestamp": -1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "ownerReferences.uid" : 1,
- "revision" : 1
+ "keys": {
+ "ownerReferences.uid": 1,
+ "revision": 1
},
- "name" : "ownerReferences.uid_1_revision_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
}
-]
+]
\ No newline at end of file
diff --git a/indexes/read-models/images-binaries.json b/indexes/read-models/images-binaries.json
index 338df48e6..c8efda894 100644
--- a/indexes/read-models/images-binaries.json
+++ b/indexes/read-models/images-binaries.json
@@ -1,95 +1,68 @@
[
{
- "v" : 2.0,
- "key" : {
- "_id" : 1.0
- },
- "name" : "_id_"
- },
- {
- "v" : 2.0,
- "key" : {
- "accountId" : 1.0,
- "imageName" : 1.0,
- "repositoryName" : 1.0
- },
- "name" : "accountId_1_imageName_1_repositoryName_1",
- "background" : true
+ "keys": {
+ "accountId": 1,
+ "imageName": 1,
+ "repositoryName": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "accountId" : 1.0,
- "repositoryName" : 1.0,
- "gitRepository" : 1.0
- },
- "name" : "accountId_1_repositoryName_1_gitRepository_1",
- "background" : true
+ "keys": {
+ "accountId": 1,
+ "repositoryName": 1,
+ "gitRepository": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "accountId" : 1.0,
- "repositoryName" : 1.0,
- "branch" : 1.0
- },
- "name" : "accountId_1_repositoryName_1_branch_1",
- "background" : true
+ "keys": {
+ "accountId": 1,
+ "repositoryName": 1,
+ "branch": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "runtime.name" : 1.0
- },
- "name" : "runtime.name_1",
- "background" : true
+ "keys": {
+ "runtime.name": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "accountId" : 1.0,
- "repoDigest" : 1.0
- },
- "name" : "accountId_1_repoDigest_1",
- "background" : true
+ "keys": {
+ "accountId": 1,
+ "repoDigest": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "accountId" : 1.0,
- "internalImageId" : 1.0
- },
- "name" : "accountId_1_internalImageId_1",
- "background" : true
+ "keys": {
+ "accountId": 1,
+ "internalImageId": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "accountId" : 1,
- "binaryId" : 1,
- "lastUpdate" : -1,
- "_id" : -1
- },
- "name" : "accountId_1_binaryId_1_lastUpdate_-1__id_-1"
+ "keys": {
+ "accountId": 1,
+ "binaryId": 1,
+ "lastUpdate": -1,
+ "_id": -1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "accountId" : 1,
- "imageName" : 1
+ "keys": {
+ "accountId": 1,
+ "imageName": 1
},
- "name" : "accountId_1_imageName_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
}
-]
+]
\ No newline at end of file
diff --git a/indexes/read-models/product-releases.json b/indexes/read-models/product-releases.json
new file mode 100644
index 000000000..0588ba775
--- /dev/null
+++ b/indexes/read-models/product-releases.json
@@ -0,0 +1,105 @@
+[
+ {
+ "keys": {
+ "status": 1
+ },
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
+ }
+ },
+ {
+ "keys": {
+ "accountId": 1,
+ "updatedAt": -1
+ },
+ "options": {
+ "collation": {
+ "locale": "en",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 2,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
+ }
+ },
+ {
+ "keys": {
+ "accountId": 1,
+ "productName": 1,
+ "triggerCommit.sha": 1
+ },
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
+ }
+ },
+ {
+ "keys": {
+ "accountId": 1,
+ "productName": 1,
+ "status": 1,
+ "triggerEnvironment": 1,
+ "triggerCommit.sha": 1
+ },
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
+ }
+ },
+ {
+ "keys": {
+ "accountId": 1,
+ "productName": 1
+ },
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
+ }
+ }
+]
\ No newline at end of file
diff --git a/indexes/read-models/releases.json b/indexes/read-models/releases.json
index e48f117e5..731a06bb0 100644
--- a/indexes/read-models/releases.json
+++ b/indexes/read-models/releases.json
@@ -1,196 +1,140 @@
[
{
- "v" : 2.0,
- "key" : {
- "_id" : 1.0
- },
- "name" : "_id_"
+ "keys": {
+ "applicationMetadata.name": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.name" : 1.0
- },
- "name" : "applicationMetadata.name_1",
- "background" : true
+ "keys": {
+ "applicationMetadata.labels": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.labels" : 1.0
- },
- "name" : "applicationMetadata.labels_1",
- "background" : true
+ "keys": {
+ "application.prs.type": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "application.prs.type" : 1.0
- },
- "name" : "application.prs.type_1",
- "background" : true
+ "keys": {
+ "application.prs.key": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "application.prs.key" : 1.0
- },
- "name" : "application.prs.key_1",
- "background" : true
+ "keys": {
+ "application.prs.accountId": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "application.prs.accountId" : 1.0
- },
- "name" : "application.prs.accountId_1",
- "background" : true
+ "keys": {
+ "application.issues.type": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "application.issues.type" : 1.0
- },
- "name" : "application.issues.type_1",
- "background" : true
+ "keys": {
+ "application.issues.key": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "application.issues.key" : 1.0
- },
- "name" : "application.issues.key_1",
- "background" : true
+ "keys": {
+ "application.issues.accountId": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "application.issues.accountId" : 1.0
- },
- "name" : "application.issues.accountId_1",
- "background" : true
+ "keys": {
+ "applicationMetadata.accountId": 1,
+ "applicationMetadata.runtime": 1,
+ "applicationMetadata.name": 1,
+ "applicationMetadata.namespace": 1,
+ "application.issues.key": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.accountId" : 1.0,
- "applicationMetadata.runtime" : 1.0,
- "applicationMetadata.name" : 1.0,
- "applicationMetadata.namespace" : 1.0,
- "application.issues.key" : 1.0
- },
- "name" : "applicationMetadata.accountId_1_applicationMetadata.runtime_1_applicationMetadata.name_1_applicationMetadata.namespace_1_application.issues.key_1",
- "background" : true
+ "keys": {
+ "applicationMetadata.accountId": 1,
+ "applicationMetadata.runtime": 1,
+ "applicationMetadata.name": 1,
+ "applicationMetadata.namespace": 1,
+ "application.prs.key": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.accountId" : 1.0,
- "applicationMetadata.runtime" : 1.0,
- "applicationMetadata.name" : 1.0,
- "applicationMetadata.namespace" : 1.0,
- "application.prs.key" : 1.0
- },
- "name" : "applicationMetadata.accountId_1_applicationMetadata.runtime_1_applicationMetadata.name_1_applicationMetadata.namespace_1_application.prs.key_1",
- "background" : true
+ "keys": {
+ "applicationMetadata.accountId": 1,
+ "applicationMetadata.runtime": 1,
+ "applicationMetadata.name": 1,
+ "applicationMetadata.namespace": 1,
+ "application.committers.userName": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.accountId" : 1.0,
- "applicationMetadata.runtime" : 1.0,
- "applicationMetadata.name" : 1.0,
- "applicationMetadata.namespace" : 1.0,
- "application.committers.userName" : 1.0
- },
- "name" : "applicationMetadata.accountId_1_applicationMetadata.runtime_1_applicationMetadata.name_1_applicationMetadata.namespace_1_application.committers.userName_1",
- "background" : true
- },
- {
- "v" : 2.0,
- "key" : {
- "applicationMetadata.accountId" : 1.0,
- "applicationMetadata.runtime" : 1.0,
- "applicationMetadata.name" : 1.0,
- "applicationMetadata.namespace" : 1.0,
- "applicationMetadata.group" : 1.0,
- "applicationMetadata.version" : 1.0,
- "applicationMetadata.kind" : 1.0,
- "historyId" : -1.0
- },
- "name" : "applicationMetadata.accountId_1_applicationMetadata.runtime_1_applicationMetadata.name_1_applicationMetadata.namespace_1_applicationMetadata.group_1_applicationMetadata.version_1_applicationMetadata.kind_1_historyId_-1",
- "background" : true,
- "unique" : true
- },
- {
- "v" : 2.0,
- "key" : {
- "applicationMetadata.accountId" : 1.0,
- "applicationMetadata.runtime" : 1.0,
- "applicationMetadata.name" : 1.0,
- "applicationMetadata.namespace" : 1.0,
- "applicationMetadata.group" : 1.0,
- "applicationMetadata.version" : 1.0,
- "reportedToJira" : 1.0,
- "historyId" : 1.0,
- "application.status.syncStartedAt" : 1.0
+ "keys": {
+ "applicationMetadata.accountId": 1,
+ "applicationMetadata.runtime": 1,
+ "applicationMetadata.name": 1,
+ "applicationMetadata.namespace": 1,
+ "applicationMetadata.group": 1,
+ "applicationMetadata.version": 1,
+ "applicationMetadata.kind": 1,
+ "historyId": -1
},
- "name" : "applicationMetadata.accountId_1_applicationMetadata.runtime_1_applicationMetadata.name_1_applicationMetadata.namespace_1_applicationMetadata.group_1_applicationMetadata.version_1_reportedToJira_1_historyId_1_application.status.syncStartedAt_1",
- "background" : true
+ "options": {
+ "unique": true
+ }
},
{
- "v" : 2.0,
- "key" : {
- "fromState.services.revision" : 1,
- "fromState.services.name" : 1,
- "applicationMetadata.accountId" : 1
- },
- "name" : "fromState.services.revision_1_fromState.services.name_1_applicationMetadata.accountId_1"
+ "keys": {
+ "applicationMetadata.accountId": 1,
+ "applicationMetadata.runtime": 1,
+ "applicationMetadata.name": 1,
+ "applicationMetadata.namespace": 1,
+ "applicationMetadata.group": 1,
+ "applicationMetadata.version": 1,
+ "reportedToJira": 1,
+ "historyId": 1,
+ "application.status.syncStartedAt": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "syncOperationRevision" : 1,
- "applicationMetadata.name" : 1,
- "applicationMetadata.accountId" : 1,
- "historyId" : -1
- },
- "name" : "syncOperationRevision_1_applicationMetadata.name_1_applicationMetadata.accountId_1_historyId_-1"
+ "keys": {
+ "fromState.services.revision": 1,
+ "fromState.services.name": 1,
+ "applicationMetadata.accountId": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.name" : 1,
- "applicationMetadata.accountId" : 1,
- "historyId" : -1
- },
- "name" : "applicationMetadata.name_1_applicationMetadata.accountId_1_historyId_-1"
+ "keys": {
+ "syncOperationRevision": 1,
+ "applicationMetadata.name": 1,
+ "applicationMetadata.accountId": 1,
+ "historyId": -1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.name" : 1,
- "applicationMetadata.accountId" : 1,
- "application.status.healthStatus" : 1
- },
- "name" : "applicationMetadata.name_1_applicationMetadata.accountId_1_application.status.healthStatus_1"
+ "keys": {
+ "applicationMetadata.name": 1,
+ "applicationMetadata.accountId": 1,
+ "historyId": -1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "applicationMetadata.name" : 1,
- "applicationMetadata.accountId" : 1,
- "current" : 1
- },
- "name" : "applicationMetadata.name_1_applicationMetadata.accountId_1_current_1"
+ "keys": {
+ "applicationMetadata.name": 1,
+ "applicationMetadata.accountId": 1,
+ "application.status.healthStatus": 1
+ }
},
{
- "v" : 2.0,
- "key" : {
- "application.status.revision" : 1,
- "applicationMetadata.name" : 1,
- "applicationMetadata.accountId" : 1
- },
- "name" : "application.status.revision_1_applicationMetadata.name_1_applicationMetadata.accountId_1"
+ "keys": {
+ "applicationMetadata.name": 1,
+ "applicationMetadata.accountId": 1,
+ "current": 1
+ }
+ },
+ {
+ "keys": {
+ "application.status.revision": 1,
+ "applicationMetadata.name": 1,
+ "applicationMetadata.accountId": 1
+ }
}
-]
+]
\ No newline at end of file
diff --git a/indexes/read-models/rollouts.json b/indexes/read-models/rollouts.json
index 7d4519f14..0bb53806c 100644
--- a/indexes/read-models/rollouts.json
+++ b/indexes/read-models/rollouts.json
@@ -1,393 +1,374 @@
[
{
- "v" : 2.0,
- "key" : {
- "_id" : 1.0
+ "keys": {
+ "__passiveReferencedBy.name": 1
},
- "name" : "_id_"
- },
- {
- "v" : 2.0,
- "key" : {
- "__passiveReferencedBy.name" : 1.0
- },
- "name" : "__passiveReferencedBy.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__passiveReferencedBy.name" : 1.0,
- "__passiveReferencedBy.kind" : 1.0,
- "__passiveReferencedBy.namespace" : 1.0,
- "__passiveReferencedBy.group" : 1.0,
- "__passiveReferencedBy.version" : 1.0
+ "keys": {
+ "__passiveReferencedBy.name": 1,
+ "__passiveReferencedBy.kind": 1,
+ "__passiveReferencedBy.namespace": 1,
+ "__passiveReferencedBy.group": 1,
+ "__passiveReferencedBy.version": 1
},
- "name" : "__passiveReferencedBy.name_1___passiveReferencedBy.kind_1___passiveReferencedBy.namespace_1___passiveReferencedBy.group_1___passiveReferencedBy.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__passiveReferences.name" : 1.0
+ "keys": {
+ "__passiveReferences.name": 1
},
- "name" : "__passiveReferences.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__passiveReferences.name" : 1.0,
- "__passiveReferences.kind" : 1.0,
- "__passiveReferences.namespace" : 1.0,
- "__passiveReferences.group" : 1.0,
- "__passiveReferences.version" : 1.0
+ "keys": {
+ "__passiveReferences.name": 1,
+ "__passiveReferences.kind": 1,
+ "__passiveReferences.namespace": 1,
+ "__passiveReferences.group": 1,
+ "__passiveReferences.version": 1
},
- "name" : "__passiveReferences.name_1___passiveReferences.kind_1___passiveReferences.namespace_1___passiveReferences.group_1___passiveReferences.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferencedBy.name" : 1.0
+ "keys": {
+ "__inferredReferencedBy.name": 1
},
- "name" : "__inferredReferencedBy.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferencedBy.name" : 1.0,
- "__inferredReferencedBy.kind" : 1.0,
- "__inferredReferencedBy.namespace" : 1.0,
- "__inferredReferencedBy.group" : 1.0,
- "__inferredReferencedBy.version" : 1.0
+ "keys": {
+ "__inferredReferencedBy.name": 1,
+ "__inferredReferencedBy.kind": 1,
+ "__inferredReferencedBy.namespace": 1,
+ "__inferredReferencedBy.group": 1,
+ "__inferredReferencedBy.version": 1
},
- "name" : "__inferredReferencedBy.name_1___inferredReferencedBy.kind_1___inferredReferencedBy.namespace_1___inferredReferencedBy.group_1___inferredReferencedBy.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferences.name" : 1.0
+ "keys": {
+ "__inferredReferences.name": 1
},
- "name" : "__inferredReferences.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "__inferredReferences.name" : 1.0,
- "__inferredReferences.kind" : 1.0,
- "__inferredReferences.namespace" : 1.0,
- "__inferredReferences.group" : 1.0,
- "__inferredReferences.version" : 1.0
+ "keys": {
+ "__inferredReferences.name": 1,
+ "__inferredReferences.kind": 1,
+ "__inferredReferences.namespace": 1,
+ "__inferredReferences.group": 1,
+ "__inferredReferences.version": 1
},
- "name" : "__inferredReferences.name_1___inferredReferences.kind_1___inferredReferences.namespace_1___inferredReferences.group_1___inferredReferences.version_1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "updatedAt" : 1.0
+ "keys": {
+ "updatedAt": 1
},
- "name" : "updatedAt_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "projects" : 1.0
+ "keys": {
+ "projects": 1
},
- "name" : "projects_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.name" : 1.0
+ "keys": {
+ "metadata.name": 1
},
- "name" : "metadata.name_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.labels" : 1.0
+ "keys": {
+ "metadata.labels": 1
},
- "name" : "metadata.labels_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "source.syncStartedAt" : 1.0
+ "keys": {
+ "source.syncStartedAt": 1
},
- "name" : "source.syncStartedAt_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "source.gitSource" : 1.0
+ "keys": {
+ "source.gitSource": 1
},
- "name" : "source.gitSource_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.accountId" : 1.0,
- "metadata.runtime" : 1.0,
- "metadata.cluster" : 1.0,
- "metadata.namespace" : 1.0,
- "metadata.group" : 1.0,
- "metadata.version" : 1.0,
- "metadata.kind" : 1.0,
- "metadata.name" : 1.0,
- "metadata.revision" : 1.0,
- "metadata.uid" : 1.0,
- "metadata.labels.app\\u002ekubernetes\\u002eio/instance" : 1.0
+ "keys": {
+ "metadata.accountId": 1,
+ "metadata.runtime": 1,
+ "metadata.cluster": 1,
+ "metadata.namespace": 1,
+ "metadata.group": 1,
+ "metadata.version": 1,
+ "metadata.kind": 1,
+ "metadata.name": 1,
+ "metadata.revision": 1,
+ "metadata.uid": 1,
+ "metadata.labels.app\\u002ekubernetes\\u002eio/instance": 1
},
- "name" : "metadata.accountId_1_metadata.runtime_1_metadata.cluster_1_metadata.namespace_1_metadata.group_1_metadata.version_1_metadata.kind_1_metadata.name_1_metadata.revision_1_metadata.uid_1_metadata.labels.app\\u002ekubernetes\\u002eio/instance_1",
- "unique" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "unique": true,
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "source.gitSourceUID" : 1.0
+ "keys": {
+ "source.gitSourceUID": 1
},
- "name" : "source.gitSourceUID_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "source.gitSourceNamespace" : 1.0
+ "keys": {
+ "source.gitSourceNamespace": 1
},
- "name" : "source.gitSourceNamespace_1",
- "background" : true,
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
},
{
- "v" : 2.0,
- "key" : {
- "metadata.appName" : 1,
- "metadata.accountId" : 1,
- "metadata.runtime" : 1,
- "_id" : -1
+ "keys": {
+ "metadata.appName": 1,
+ "metadata.accountId": 1,
+ "metadata.runtime": 1,
+ "_id": -1
},
- "name" : "metadata.appName_1_metadata.accountId_1_metadata.runtime_1__id_-1",
- "collation" : {
- "locale" : "en_US",
- "caseLevel" : false,
- "caseFirst" : "off",
- "strength" : 1.0,
- "numericOrdering" : false,
- "alternate" : "non-ignorable",
- "maxVariable" : "punct",
- "normalization" : false,
- "backwards" : false,
- "version" : "57.1"
+ "options": {
+ "collation": {
+ "locale": "en_US",
+ "caseLevel": false,
+ "caseFirst": "off",
+ "strength": 1,
+ "numericOrdering": false,
+ "alternate": "non-ignorable",
+ "maxVariable": "punct",
+ "normalization": false,
+ "backwards": false,
+ "version": "57.1"
+ }
}
}
-]
+]
\ No newline at end of file
diff --git a/scripts/helm-docs.sh b/scripts/helm-docs.sh
new file mode 100755
index 000000000..5b323435f
--- /dev/null
+++ b/scripts/helm-docs.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+## Reference: https://github.com/norwoodj/helm-docs
+helm-docs \
+ --chart-search-root=charts/codefresh \
+ --template-files=../../README.md.gotmpl \
+ --output-file=../../README.md
diff --git a/scripts/update_re_images.sh b/scripts/update_re_images.sh
index e5f6d31ac..184f3af09 100755
--- a/scripts/update_re_images.sh
+++ b/scripts/update_re_images.sh
@@ -20,7 +20,7 @@ msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
runtimeJson=$(mktemp)
-codefresh get sys-re system/root --extend -o json > $runtimeJson
+codefresh get sys-re system/linux_paying_plan --extend -o json > $runtimeJson
RUNTIME_IMAGES=(
ENGINE_IMAGE