From 5e6bd59ede120b1b00b95f4a62ba6ac1657cb5e8 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 26 Sep 2025 15:01:59 +0300 Subject: [PATCH 01/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/Chart.yaml | 4 + .../_main-container.yaml | 7 + .../cf-argocd-extras/_default-values.tpl | 20 +- charts/gitops-runtime/templates/_helpers.tpl | 94 +++++++-- .../templates/app-proxy/deployment.yaml | 2 + .../pre-install/redis-secret-init/job.yaml | 37 ++++ .../pre-install/redis-secret-init/rbac.yaml | 51 +++++ .../templates/redis/_helpers.tpl | 48 +++++ .../templates/redis/deployment.yaml | 156 +++++++++++++++ .../templates/redis/health-configmap.yaml | 37 ++++ .../gitops-runtime/templates/redis/pdb.yaml | 28 +++ .../templates/redis/service.yaml | 29 +++ .../templates/redis/serviceaccount.yaml | 16 ++ .../templates/redis/servicemonitor.yaml | 36 ++++ .../tests/cf-argocd-extras_test.yaml | 16 +- .../tests/external_argocd_test.yaml | 15 +- charts/gitops-runtime/values.yaml | 178 ++++++++++++++++++ 17 files changed, 731 insertions(+), 43 deletions(-) create mode 100644 charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml create mode 100644 charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml create mode 100644 charts/gitops-runtime/templates/redis/_helpers.tpl create mode 100644 charts/gitops-runtime/templates/redis/deployment.yaml create mode 100644 charts/gitops-runtime/templates/redis/health-configmap.yaml create mode 100644 charts/gitops-runtime/templates/redis/pdb.yaml create mode 100644 charts/gitops-runtime/templates/redis/service.yaml create mode 100644 charts/gitops-runtime/templates/redis/serviceaccount.yaml create mode 100644 charts/gitops-runtime/templates/redis/servicemonitor.yaml diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 5f7ef9f5..3be70536 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -40,3 +40,7 @@ dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts version: 0.27.0 +- name: redis-ha + version: 4.33.4 + repository: https://dandydeveloper.github.io/charts/ + condition: redis-ha.enabled diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index f59f769e..c0f19ee1 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -217,6 +217,13 @@ LEADER_ID: fieldRef: fieldPath: metadata.name {{- end }} +CACHE_HOST: {{ (splitList ":" (include "codefresh-gitops-runtime.argocd.redis.url" .) | first) }} +CACHE_PORT: {{ (splitList ":" (include "codefresh-gitops-runtime.argocd.redis.url" .) | last) }} +CACHE_PASSWORD: + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth {{ include "codefresh-gitops-runtime.get-proxy-env-vars" . }} {{- end -}} diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl b/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl index 37d145e2..9df788f0 100644 --- a/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl +++ b/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl @@ -148,29 +148,29 @@ eventReporter: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: event-reporter-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: event-reporter-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: event-reporter-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: event-reporter-cmd-params-cm key: redis-username optional: true REPO_SERVER: @@ -427,29 +427,29 @@ sourcesServer: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: sources-server-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: sources-server-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: sources-server-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: sources-server-cmd-params-cm key: redis-username optional: true REPO_SERVER: diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 1b66f710..68eadb0e 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -330,18 +330,18 @@ Determine argocd server password. Determine argocd redis url */}} {{- define "codefresh-gitops-runtime.argocd.redis.url" -}} -{{- $argoCDValues := (get .Values "argo-cd") }} -{{- if and (index .Values "argo-cd" "enabled") }} - {{- $serviceName := include "codefresh-gitops-runtime.argocd.redis.servicename" . }} - {{- $port := include "codefresh-gitops-runtime.argocd.redis.serviceport" . }} - {{- printf "%s:%s" $serviceName $port }} -{{- else if and (index .Values "global" "external-argo-cd" "redis") }} - {{- $redis := (index .Values "global" "external-argo-cd" "redis") }} - {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.svc is not set" $redis.svc }} - {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.port is not set" $redis.port }} - {{- printf "%s:%v" $svc $port }} +{{- if and (index .Values "redis-ha" "enabled") (index .Values "redis-ha" "haproxy" "enabled") }} + {{- $redisHa := (index .Values "redis-ha") -}} + {{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}} + {{- $serverName := printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}} + {{- $port := $redisHa.haproxy.servicePort -}} + {{- printf "%s:%v" $serverName $port }} +{{- else if .Values.redis.enabled }} + {{- $serviceName := include "redis.fullname" . }} + {{- $port := .Values.redis.service.ports.redis.port }} + {{- printf "%s:%v" $serviceName $port }} {{- else }} - {{- fail "ArgoCD is not enabled and .Values.global.external-argo-cd.redis is not set" }} + {{- fail "ERROR: .Values.redis or .Values.redis-ha must be enabled!" }} {{- end }} {{- end}} @@ -536,3 +536,75 @@ NO_PROXY: {{ .Values.global.noProxy | quote }} {{- printf "%s" $eventBusName }} {{- end }} + +{{- define "codefresh-gitops-runtime.image.name" -}} + {{/* Restoring root $ context */}} + {{- $ := .context -}} + + {{- $registryName := .image.registry -}} + {{- $repositoryName := .image.repository -}} + {{- $imageTag := .image.tag | toString -}} + {{- $imageDigest := .image.digest }} + + {{- if $.Values.global -}} + {{- if $.Values.global.imageRegistry -}} + {{ $registryName = $.Values.global.imageRegistry }} + {{- end -}} + {{- end -}} + + {{- if $registryName -}} + {{- if $imageDigest }} + {{- printf "%s/%s:%s@%s" $registryName $repositoryName $imageTag $imageDigest -}} + {{- else }} + {{- printf "%s/%s:%s" $registryName $repositoryName $imageTag -}} + {{- end }} + {{- else }} + {{- if $imageDigest }} + {{- printf "%s:%s@%s" $repositoryName $imageTag $imageDigest -}} + {{- else }} + {{- printf "%s:%s" $repositoryName $imageTag -}} + {{- end }} + {{- end }} +{{- end }} + +{{- define "codefresh-gitops-runtime.env-vars"}} +{{- $ := .context }} + {{- if .Values }} + {{- if not (kindIs "map" .Values) }} + {{ fail "ERROR: env block must be a map"}} + {{- end }} + {{- end }} + {{- $env := .Values }} + {{- $templatedEnv := include "codefresh-gitops-runtime.tplrender" (dict "Values" $env "context" $) | fromYaml }} + {{- range $name, $val := $templatedEnv }} + {{- if or (kindIs "string" $val) (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }} +- name: {{ $name }} + value: {{ $val | quote }} + {{- else if kindIs "map" $val}} + {{- if hasKey $val "valueFrom" }} + {{- if or (hasKey $val.valueFrom "secretKeyRef") (hasKey $val.valueFrom "configMapKeyRef") (hasKey $val.valueFrom "fieldRef") }} +- name: {{ $name }} +{{- $val | toYaml | nindent 2 }} + {{- else}} + {{ fail "ERROR: Only secretKeyRef/configMapKeyRef/fieldRef are supported for valueFrom block for environment variables!" }} + {{- end}} + {{- else }} + {{ fail "ERROR: Cannot generate environment variables only strings and valueFrom are supported!"}} + {{- end }} + {{- else }} + {{ fail "ERROR: Only maps and string/int/bool are supported for environment variables!"}} + {{- end }} + {{- end }} +{{- end }} + +{{- define "codefresh-gitops-runtime.tplrender" -}} + {{- $tpl := .Values -}} + {{- if not (typeIs "string" $tpl) -}} + {{- $tpl = toYaml $tpl -}} + {{- end -}} + {{- if contains "{{" $tpl -}} + {{- tpl $tpl .context }} + {{- else -}} + {{- $tpl -}} + {{- end -}} +{{- end -}} diff --git a/charts/gitops-runtime/templates/app-proxy/deployment.yaml b/charts/gitops-runtime/templates/app-proxy/deployment.yaml index 0dab28dc..d9d2e9ab 100644 --- a/charts/gitops-runtime/templates/app-proxy/deployment.yaml +++ b/charts/gitops-runtime/templates/app-proxy/deployment.yaml @@ -3,6 +3,8 @@ {{- $_ := set $appProxyContext "Values" (deepCopy (get .Values "app-proxy")) }} {{- $_ := set $appProxyContext.Values "global" (deepCopy (get .Values "global")) }} {{- $_ := set $appProxyContext.Values "argo-cd" (get .Values "argo-cd") }} +{{- $_ := set $appProxyContext.Values "redis" (get .Values "redis") }} +{{- $_ := set $appProxyContext.Values "redis-ha" (get .Values "redis-ha") }} {{/* Merge environment variables with the ones in _app-proxy-env.yaml */}} {{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" . | fromYaml) }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml new file mode 100644 index 00000000..b35bb953 --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/job.yaml @@ -0,0 +1,37 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: redis-secret-init + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "10" +spec: + backoffLimit: 0 + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: redis-secret-init + restartPolicy: Never + containers: + - name: redis-secret-init + image: {{ include "codefresh-gitops-runtime.image.name" (dict "image" (index .Values "redis-secret-init" "image") "context" .) }} + imagePullPolicy: {{ index .Values "redis-secret-init" "image" "pullPolicy" | default "IfNotPresent" }} + command: ["sh", "-c"] + args: + - | + PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c16) + if kubectl get secret gitops-runtime-redis -o jsonpath="{.data.auth}" &> /dev/null; then + echo "Secret gitops-runtime-redis already exists, skipping creation" + exit 0 + fi + kubectl create secret generic gitops-runtime-redis --from-literal=auth=$PASSWORD --dry-run=client -o yaml | kubectl apply -f - + {{- with (index .Values "redis-secret-init" "nodeSelector") | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with (index .Values "redis-secret-init" "tolerations") | default .Values.global.tolerations }} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with (index .Values "redis-secret-init" "affinity") }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml new file mode 100644 index 00000000..9b331b4c --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/redis-secret-init/rbac.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: redis-secret-init + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - gitops-runtime-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: redis-secret-init + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-secret-init +subjects: +- kind: ServiceAccount + name: redis-secret-init + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: redis-secret-init + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "-10" diff --git a/charts/gitops-runtime/templates/redis/_helpers.tpl b/charts/gitops-runtime/templates/redis/_helpers.tpl new file mode 100644 index 00000000..15d65e70 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "redis.fullname" -}} +{{- print "redis" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "redis.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "redis.labels" -}} +helm.sh/chart: {{ include "redis.chart" . }} +{{ include "redis.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: redis +codefresh.io/internal: "true" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "redis.selectorLabels" -}} +app.kubernetes.io/name: redis +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redis.serviceAccountName" -}} +{{- if .Values.redis.serviceAccount.create }} +{{- default (include "redis.fullname" .) .Values.redis.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.redis.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/deployment.yaml b/charts/gitops-runtime/templates/redis/deployment.yaml new file mode 100644 index 00000000..174e4460 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/deployment.yaml @@ -0,0 +1,156 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "redis.fullname" . }} + labels: + {{- include "redis.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "redis.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.redis.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "redis.selectorLabels" . | nindent 8 }} + {{- with .Values.redis.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.redis.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "redis.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.redis.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "redis.fullname" . }} + securityContext: + {{- toYaml .Values.redis.securityContext | nindent 12 }} + image: {{ include "codefresh-gitops-runtime.image.name" (dict "image" .Values.redis.image "context" .) }} + imagePullPolicy: {{ .Values.redis.image.pullPolicy | default "IfNotPresent" }} + args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + - --save + - "" + - --appendonly + - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth + {{- include "codefresh-gitops-runtime.env-vars" (dict "Values" .Values.redis.env "context" .) | nindent 8 }} + {{- with .Values.redis.envFrom }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.redis.service.ports.redis.targetPort }} + protocol: TCP + resources: + {{- toYaml .Values.redis.resources | nindent 10 }} + volumeMounts: + - mountPath: /health + name: health + {{- if .Values.redis.metrics.enabled }} + - name: metrics + image: {{ include "codefresh-gitops-runtime.image.name" (dict "image" .Values.redis.metrics.image "context" .) }} + imagePullPolicy: {{ .Values.redis.metrics.image.pullPolicy | default "IfNotPresent" }} + env: + - name: REDIS_ADDR + value: {{ printf "redis://localhost:%v" .Values.redis.service.ports.redis.targetPort }} + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: {{ printf "0.0.0.0:%v" .Values.redis.service.ports.metrics.targetPort }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth + {{- include "codefresh-gitops-runtime.env-vars" (dict "Values" .Values.redis.metrics.env "context" .) | nindent 8 }} + {{- with .Values.redis.metrics.envFrom }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.redis.service.ports.metrics.targetPort }} + {{- if .Values.redis.metrics.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.service.ports.metrics.targetPort }} + initialDelaySeconds: {{ .Values.redis.metrics.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.metrics.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.metrics.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.metrics.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.service.ports.metrics.targetPort }} + initialDelaySeconds: {{ .Values.redis.metrics.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.metrics.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.metrics.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.metrics.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.redis.metrics.resources | nindent 10 }} + {{- end }} + {{- with .Values.redis.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations | default .Values.global.tolerations }} + tolerations: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.redis.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "codefresh-gitops-runtime.tplrender" (dict "Values" . "context" .) | nindent 8 }} + {{- end }} + volumes: + - name: health + configMap: + name: {{ include "redis.fullname" . }}-health + defaultMode: 493 +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/health-configmap.yaml b/charts/gitops-runtime/templates/redis/health-configmap.yaml new file mode 100644 index 00000000..8d5fb71a --- /dev/null +++ b/charts/gitops-runtime/templates/redis/health-configmap.yaml @@ -0,0 +1,37 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "redis.fullname" . }}-health + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.service.ports.redis.targetPort }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.service.ports.redis.targetPort }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/pdb.yaml b/charts/gitops-runtime/templates/redis/pdb.yaml new file mode 100644 index 00000000..67a5d0fc --- /dev/null +++ b/charts/gitops-runtime/templates/redis/pdb.yaml @@ -0,0 +1,28 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "redis.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.redis.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.redis.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.redis.pdb.minAvailable | default 1 }} + {{- end }} + selector: + matchLabels: + {{- include "redis.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/service.yaml b/charts/gitops-runtime/templates/redis/service.yaml new file mode 100644 index 00000000..30b73631 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/service.yaml @@ -0,0 +1,29 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "redis.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.redis.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: redis + port: {{ .Values.redis.service.ports.redis.port }} + targetPort: redis + - name: metrics + port: {{ .Values.redis.service.ports.metrics.port }} + targetPort: metrics + selector: + {{- include "redis.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/serviceaccount.yaml b/charts/gitops-runtime/templates/redis/serviceaccount.yaml new file mode 100644 index 00000000..4bb1af29 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create (not $redisHa.enabled) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "redis.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + {{- with .Values.redis.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "redis.labels" . | nindent 4 }} +{{- end }} diff --git a/charts/gitops-runtime/templates/redis/servicemonitor.yaml b/charts/gitops-runtime/templates/redis/servicemonitor.yaml new file mode 100644 index 00000000..b51c93e7 --- /dev/null +++ b/charts/gitops-runtime/templates/redis/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- $redisHa := index .Values "redis-ha" }} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "redis.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.redis.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.redis.service.ports.metrics.port }} + {{- with .Values.redis.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.redis.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "redis.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml index 1e31b2e9..ae226a5b 100644 --- a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml +++ b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml @@ -14,7 +14,7 @@ tests: value: argo-cd-server:80 - equal: path: data["redis.server"] - value: argo-cd-redis:6379 + value: redis:6379 - equal: path: data["repo.server"] value: argo-cd-repo-server:8081 @@ -123,26 +123,24 @@ tests: values: - ./values/mandatory-values-ingress.yaml set: - argo-cd: - redis-ha: - enabled: true + redis-ha: + enabled: true asserts: - equal: path: data["redis.server"] - value: RELEASE-NAME-redis-ha-haproxy:6379 + value: redis-ha-haproxy:6379 - it: Event-Reporter ConfigMap should have valid redis-ha url template: cf-argocd-extras/event-reporter/configmap.yaml values: - ./values/mandatory-values-ingress.yaml set: - argo-cd: - redis-ha: - enabled: true + redis-ha: + enabled: true asserts: - equal: path: data["redis.server"] - value: RELEASE-NAME-redis-ha-haproxy:6379 + value: redis-ha-haproxy:6379 - it: Sources-Server should have an OPTIONAL codefresh-tls-certs volume and volumeMount by default template: cf-argocd-extras/sources-server/deployment.yaml diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml index a8bee393..f09b48f2 100644 --- a/charts/gitops-runtime/tests/external_argocd_test.yaml +++ b/charts/gitops-runtime/tests/external_argocd_test.yaml @@ -253,7 +253,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: my-argocd-redis:6379 + value: redis:6379 - it: event-reporter ConfigMap should have valid Sources Server address template: cf-argocd-extras/event-reporter/configmap.yaml @@ -379,7 +379,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: my-argocd-redis:6379 + value: redis:6379 - it: sources-server ConfigMap should have valid Repo Server URL template: cf-argocd-extras/sources-server/configmap.yaml @@ -490,17 +490,6 @@ tests: - failedTemplate: errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.password or .Values.global.external-argo-cd.auth.passwordSecretKeyRef is not set" - - it: should require ArgoCd redis address if it's not provided - template: cf-argocd-extras/sources-server/deployment.yaml - values: - - ./values/mandatory-values-ingress.yaml - - ./values/external-argocd-values.yaml - set: - global.external-argo-cd.redis: null - asserts: - - failedTemplate: - errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.redis is not set" - - it: should require ArgoCd repoServer address if it's not provided template: cf-argocd-extras/sources-server/deployment.yaml values: diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 809d186b..83427482 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -804,3 +804,181 @@ cf-argocd-extras: enabled: false minAvailable: "50%" maxUnavailable: "" + +redis-secret-init: + image: + registry: docker.io + repository: alpine/kubectl + tag: 1.34.1 + +redis: + enabled: true + image: + registry: public.ecr.aws + repository: docker/library/redis + tag: 8.2.1-alpine + podAnnotations: {} + podLabels: {} + imagePullSecrets: [] + podSecurityContext: {} + securityContext: {} + env: {} + envFrom: [] + extraArgs: [] + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + service: + type: ClusterIP + labels: {} + annotations: {} + ports: + redis: + port: 6379 + targetPort: 6379 + metrics: + port: 9121 + targetPort: 9121 + resources: {} + metrics: + enabled: true + image: + registry: ghcr.io + repository: oliver006/redis_exporter + tag: v1.72.1 + env: {} + envFrom: [] + resources: {} + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 5 + serviceMonitor: + enabled: false + nodeSelector: {} + tolerations: [] + affinity: {} + topologySpreadConstraints: [] + pdb: + enabled: true + labels: {} + annotations: {} + minAvailable: 1 + maxUnavailable: "" + serviceAccount: + create: true + name: "" + annotations: {} + +## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` +# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml +redis-ha: + # -- Enables the Redis HA subchart and disables the custom Redis single node deployment + enabled: false + # -- Full name of the Redis HA Resources + fullnameOverride: "redis-ha" + ## Redis image + image: + # -- Redis repository + repository: public.ecr.aws/docker/library/redis + # -- Redis tag + tag: 8.2.1-alpine + ## Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Repository to use for the redis-exporter + image: ghcr.io/oliver006/redis_exporter + # -- Tag to use for the redis-exporter + tag: v1.69.0 + persistentVolume: + # -- Configures persistence on Redis nodes + enabled: false + ## Redis specific configuration options + redis: + # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated + masterGroupName: gitops-runtime + # -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) + # @default -- See [values.yaml] + config: + # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled + # @default -- `'""'` + save: '""' + ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. + haproxy: + # -- Enabled HAProxy LoadBalancing/Proxy + enabled: true + metrics: + # -- HAProxy enable prometheus metric scraping + enabled: true + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + # -- Assign custom [affinity] rules to the haproxy pods. + affinity: | + + # -- [Tolerations] for use with node taints for haproxy pods. + tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: gitops-runtime-redis + + # -- Whether the Redis server pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the Redis server pods. + additionalAffinities: {} + + # -- Assign custom [affinity] rules to the Redis pods. + affinity: | + + # -- [Tolerations] for use with node taints for Redis pods. + tolerations: [] + + # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: + # -- Enable Redis HA topology spread constraints + enabled: false + # -- Max skew of pods tolerated + # @default -- `""` (defaults to `1`) + maxSkew: "" + # -- Topology key for spread + # @default -- `""` (defaults to `topology.kubernetes.io/zone`) + topologyKey: "" + # -- Enforcement policy, hard or soft + # @default -- `""` (defaults to `ScheduleAnyway`) + whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true From 4b4073fa7b694af5468d97714ed50dc295ee950e Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 26 Sep 2025 16:00:52 +0300 Subject: [PATCH 02/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/README.md | 78 ++++++++++++++++++++++---- charts/gitops-runtime/README.md.gotmpl | 16 ++++++ charts/gitops-runtime/values.yaml | 20 +++++-- 3 files changed, 96 insertions(+), 18 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index 70d98d61..f2f87c3c 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -360,6 +360,22 @@ gitops-operator: tag: vX.Y.Z ``` +### To 0.24.x + +#### Affected values + +- `.Values.redis`/`.Values.redis-ha`/`.Values.redis-secret-init` were added + +```yaml +# Enabled standalone (single Deployment) Redis +redis: + enabled: true + +# Enabled Redis High Availability (StatefulSet with Proxy) +redis-ha: + enabled: false +``` + ## Values | Key | Type | Default | Description | @@ -395,14 +411,14 @@ gitops-operator: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3706.0"` | | +| app-proxy.image.tag | string | `"1.3772.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3706.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3772.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -470,8 +486,8 @@ gitops-operator: | argo-cd.crds.install | bool | `true` | | | argo-cd.enabled | bool | `true` | | | argo-cd.fullnameOverride | string | `"argo-cd"` | | -| argo-events.configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.18.2"` | | -| argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.16.0"` | | +| argo-events.configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.19.1"` | | +| argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.17.3"` | | | argo-events.configs.jetstream.versions[0].natsImage | string | `"nats:2.11.4"` | | | argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | | argo-events.configs.jetstream.versions[0].version | string | `"latest"` | | @@ -491,10 +507,10 @@ gitops-operator: | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | -| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"serviceMonitor":{"main":{"enabled":false}},"tolerations":[]},"sourcesServer":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}}` | Codefresh extra services for ArgoCD | +| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"serviceMonitor":{"main":{"enabled":false}},"tolerations":[]},"sourcesServer":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}}` | Codefresh extra services for ArgoCD | | cf-argocd-extras.eventReporter.pdb.enabled | bool | `false` | Enable PDB for event-reporter | | cf-argocd-extras.eventReporter.serviceMonitor.main.enabled | bool | `false` | Enable ServiceMonitor for event reporter | -| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"v0.5.14"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | Sources server configuration | +| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | Sources server configuration | | cf-argocd-extras.sourcesServer.hpa.enabled | bool | `false` | Enable HPA for sources server | | cf-argocd-extras.sourcesServer.pdb.enabled | bool | `false` | Enable PDB for sources server | | codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | @@ -560,10 +576,11 @@ gitops-operator: | gitops-operator.crds.install | bool | `true` | Whether or not to install CRDs | | gitops-operator.crds.keep | bool | `false` | Keep CRDs if gitops runtime release is uninstalled | | gitops-operator.enabled | bool | `true` | | +| gitops-operator.env.GITOPS_OPERATOR_VERSION | string | `"0.11.1"` | | | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image.registry | string | `"quay.io"` | defaults | | gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"v0.11.1"` | | +| gitops-operator.image.tag | string | `"18fcd09"` | | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -593,7 +610,7 @@ gitops-operator: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.external-argo-cd | object | `{"auth":{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"},"redis":{"port":6379,"svc":"argocd-redis"},"repoServer":{"port":8081,"svc":"argocd-repo-server"},"server":{"port":80,"rootpath":"","svc":"argocd-server"}}` | Configuration for external ArgoCD Should be used when `argo-cd.enabled` is set to false | +| global.external-argo-cd | object | `{"auth":{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"},"repoServer":{"port":8081,"svc":"argocd-repo-server"},"server":{"port":80,"rootpath":"","svc":"argocd-server"}}` | Configuration for external ArgoCD Should be used when `argo-cd.enabled` is set to false | | global.external-argo-cd.auth | object | `{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"}` | How GitOps Runtime should authenticate with ArgoCD | | global.external-argo-cd.auth.password | string | `""` | ArgoCD password in plain text | | global.external-argo-cd.auth.passwordSecretKeyRef | object | `{"key":"password","name":"argocd-initial-admin-secret"}` | ArgoCD password referenced by an existing secret | @@ -601,8 +618,6 @@ gitops-operator: | global.external-argo-cd.auth.tokenSecretKeyRef | object | `{}` | ArgoCD token referenced by an existing secret | | global.external-argo-cd.auth.type | string | `"password"` | Authentication type. Can be password or token | | global.external-argo-cd.auth.username | string | `"admin"` | ArgoCD username in plain text | -| global.external-argo-cd.redis.port | int | `6379` | Port of the ArgoCD Redis | -| global.external-argo-cd.redis.svc | string | `"argocd-redis"` | Service name of the ArgoCD Redis | | global.external-argo-cd.repoServer.port | int | `8081` | Port of the ArgoCD repo server | | global.external-argo-cd.repoServer.svc | string | `"argocd-repo-server"` | Service name of the ArgoCD repo server | | global.external-argo-cd.server | object | `{"port":80,"rootpath":"","svc":"argocd-server"}` | ArgoCD server settings | @@ -649,7 +664,7 @@ gitops-operator: | internal-router.fullnameOverride | string | `"internal-router"` | | | internal-router.image.pullPolicy | string | `"IfNotPresent"` | | | internal-router.image.repository | string | `"docker.io/nginxinc/nginx-unprivileged"` | | -| internal-router.image.tag | string | `"1.28-alpine3.21"` | | +| internal-router.image.tag | string | `"1.29-alpine3.22"` | | | internal-router.imagePullSecrets | list | `[]` | | | internal-router.ipv6 | object | `{"enabled":false}` | For ipv6 enabled clusters switch ipv6 enabled to true | | internal-router.nameOverride | string | `""` | | @@ -673,7 +688,46 @@ gitops-operator: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | -| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | +| redis | object | `{"affinity":{},"enabled":true,"env":{},"envFrom":[],"extraArgs":[],"image":{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"},"imagePullSecrets":[],"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"metrics":{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}},"nodeSelector":{},"pdb":{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"securityContext":{},"service":{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"topologySpreadConstraints":[]}` | Enable standalone redis deployment Will be replaced by redis-ha subchart when `redis-ha.enabled=true` | +| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | +| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | +| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.existingSecret | string | `"gitops-runtime-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | +| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"v1.69.0"` | Tag to use for the redis-exporter | +| redis-ha.fullnameOverride | string | `"redis-ha"` | Full name of the Redis HA Resources | +| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | +| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | +| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | +| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | +| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | +| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | +| redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| redis-ha.image.tag | string | `"8.2.1-alpine"` | Redis tag | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | +| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | +| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | +| redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | +| redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | +| redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | +| redis-ha.topologySpreadConstraints.whenUnsatisfiable | string | `""` (defaults to `ScheduleAnyway`) | Enforcement policy, hard or soft | +| redis-secret-init | object | `{"affinity":{},"image":{"registry":"docker.io","repository":"alpine/kubectl","tag":"1.34.1"},"nodeSelector":{},"tolerations":[]}` | Enable hook job to create redis secret | +| redis.image | object | `{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"}` | Redis image | +| redis.metrics | object | `{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}}` | Enable metrics sidecar | +| redis.metrics.serviceMonitor | object | `{"enabled":false}` | Enable a prometheus ServiceMonitor | +| redis.pdb | object | `{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1}` | Enabled Pod Disruption Budget for redis | +| redis.readinessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | Probes configuration | +| redis.service | object | `{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"}` | Service configuration | +| redis.serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Create ServiceAccount for redis | +| sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.32.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | | tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 837a55c8..5d9c8d80 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -364,4 +364,20 @@ gitops-operator: tag: vX.Y.Z ``` +### To 0.24.x + +#### Affected values + +- `.Values.redis`/`.Values.redis-ha`/`.Values.redis-secret-init` were added + +```yaml +# Enabled standalone (single Deployment) Redis +redis: + enabled: true + +# Enabled Redis High Availability (StatefulSet with Proxy) +redis-ha: + enabled: false +``` + {{ template "chart.valuesSection" . }} diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 83427482..7ce9ad92 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -144,11 +144,6 @@ global: # e.g. # rootpath: '/argocd' rootpath: '' - redis: - # -- Service name of the ArgoCD Redis - svc: argocd-redis - # -- Port of the ArgoCD Redis - port: 6379 repoServer: # -- Service name of the ArgoCD repo server svc: argocd-repo-server @@ -805,14 +800,21 @@ cf-argocd-extras: minAvailable: "50%" maxUnavailable: "" +# -- Enable hook job to create redis secret redis-secret-init: image: registry: docker.io repository: alpine/kubectl tag: 1.34.1 + nodeSelector: {} + tolerations: [] + affinity: {} +# -- Enable standalone redis deployment +# Will be replaced by redis-ha subchart when `redis-ha.enabled=true` redis: enabled: true + # -- Redis image image: registry: public.ecr.aws repository: docker/library/redis @@ -825,6 +827,7 @@ redis: env: {} envFrom: [] extraArgs: [] + # -- Probes configuration readinessProbe: enabled: true initialDelaySeconds: 30 @@ -839,6 +842,7 @@ redis: timeoutSeconds: 15 successThreshold: 1 failureThreshold: 5 + # -- Service configuration service: type: ClusterIP labels: {} @@ -851,6 +855,7 @@ redis: port: 9121 targetPort: 9121 resources: {} + # -- Enable metrics sidecar metrics: enabled: true image: @@ -874,18 +879,21 @@ redis: timeoutSeconds: 15 successThreshold: 1 failureThreshold: 5 + # -- Enable a prometheus ServiceMonitor serviceMonitor: enabled: false nodeSelector: {} tolerations: [] affinity: {} topologySpreadConstraints: [] + # -- Enabled Pod Disruption Budget for redis pdb: - enabled: true + enabled: false labels: {} annotations: {} minAvailable: 1 maxUnavailable: "" + # -- Create ServiceAccount for redis serviceAccount: create: true name: "" From e1457a9baac9d1627912fa9814ed9ec9aad53fda Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 26 Sep 2025 16:00:58 +0300 Subject: [PATCH 03/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/tests/redis_test.yaml | 72 +++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 charts/gitops-runtime/tests/redis_test.yaml diff --git a/charts/gitops-runtime/tests/redis_test.yaml b/charts/gitops-runtime/tests/redis_test.yaml new file mode 100644 index 00000000..89341135 --- /dev/null +++ b/charts/gitops-runtime/tests/redis_test.yaml @@ -0,0 +1,72 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: redis tests +templates: + - cf-argocd-extras/**/*.yaml + - app-proxy/deployment.yaml + - redis/** + - charts/redis-ha/** +tests: + - it: Standalone Redis Deployment should be created by default + template: redis/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - containsDocument: + kind: Deployment + apiVersion: apps/v1 + name: redis + + - it: Redis HA StatefulSet should be created when redis-ha.enabled is true + template: charts/redis-ha/templates/redis-ha-statefulset.yaml + values: + - ./values/mandatory-values-ingress.yaml + set: + redis-ha.enabled: true + asserts: + - containsDocument: + kind: StatefulSet + apiVersion: apps/v1 + name: redis-ha-server + - containsDocument: + kind: Deployment + apiVersion: apps/v1 + name: redis + not: true + + - it: App-Proxy should have CACHE_ environment variables (standalone Redis) + template: app-proxy/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_HOST")].value + value: redis + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PORT")].value + value: "6379" + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PASSWORD")].valueFrom + value: + secretKeyRef: + name: gitops-runtime-redis + key: auth + + - it: App-Proxy should have CACHE_ environment variables (Redis HA) + template: app-proxy/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + set: + redis-ha.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_HOST")].value + value: redis-ha-haproxy + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PORT")].value + value: "6379" + - equal: + path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PASSWORD")].valueFrom + value: + secretKeyRef: + name: gitops-runtime-redis + key: auth From 3d42306d9f1863d21d695709edbe4ae11f9369c4 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Fri, 26 Sep 2025 16:02:04 +0300 Subject: [PATCH 04/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/README.md | 2 +- charts/gitops-runtime/README.md.gotmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index f2f87c3c..0e0c6a2a 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -367,7 +367,7 @@ gitops-operator: - `.Values.redis`/`.Values.redis-ha`/`.Values.redis-secret-init` were added ```yaml -# Enabled standalone (single Deployment) Redis +# Enabled standalone Redis (single Deployment with 1 replica) redis: enabled: true diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 5d9c8d80..43e1919c 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -371,7 +371,7 @@ gitops-operator: - `.Values.redis`/`.Values.redis-ha`/`.Values.redis-secret-init` were added ```yaml -# Enabled standalone (single Deployment) Redis +# Enabled standalone Redis (single Deployment with 1 replica) redis: enabled: true From f3673f8752f682526cf9c3ddce174edcc6c39601 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 29 Sep 2025 11:07:57 +0300 Subject: [PATCH 05/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 7ce9ad92..d70ddded 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -903,7 +903,7 @@ redis: # Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: # -- Enables the Redis HA subchart and disables the custom Redis single node deployment - enabled: false + enabled: true # -- Full name of the Redis HA Resources fullnameOverride: "redis-ha" ## Redis image From 32d78a0188a0178c151a90be2094f0351d3274bb Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 29 Sep 2025 19:08:34 +0300 Subject: [PATCH 06/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 5ad3bb4f..7ce9ad92 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -721,7 +721,7 @@ gitops-operator: # -- defaults registry: quay.io repository: codefresh/codefresh-gitops-operator - tag: 3ac2676 + tag: 18fcd09 env: GITOPS_OPERATOR_VERSION: 0.11.1 serviceAccount: @@ -903,7 +903,7 @@ redis: # Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: # -- Enables the Redis HA subchart and disables the custom Redis single node deployment - enabled: true + enabled: false # -- Full name of the Redis HA Resources fullnameOverride: "redis-ha" ## Redis image From 12f2d6dfcbb22af120314355b633ada89065279f Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 30 Sep 2025 09:09:23 +0300 Subject: [PATCH 07/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 7ce9ad92..0b47df0e 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -721,7 +721,7 @@ gitops-operator: # -- defaults registry: quay.io repository: codefresh/codefresh-gitops-operator - tag: 18fcd09 + tag: 3ac2676 env: GITOPS_OPERATOR_VERSION: 0.11.1 serviceAccount: From aa7a5f617bd9939935745444b0bd07d6278abb93 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 10:49:17 +0300 Subject: [PATCH 08/16] merge main --- charts/gitops-runtime/templates/_helpers.tpl | 73 -------------------- 1 file changed, 73 deletions(-) diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 55ff2f61..ce356168 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -587,76 +587,3 @@ NO_PROXY: {{ .Values.global.noProxy | quote }} {{- $tpl -}} {{- end -}} {{- end -}} - - -{{- define "codefresh-gitops-runtime.image.name" -}} - {{/* Restoring root $ context */}} - {{- $ := .context -}} - - {{- $registryName := .image.registry -}} - {{- $repositoryName := .image.repository -}} - {{- $imageTag := .image.tag | toString -}} - {{- $imageDigest := .image.digest }} - - {{- if $.Values.global -}} - {{- if $.Values.global.imageRegistry -}} - {{ $registryName = $.Values.global.imageRegistry }} - {{- end -}} - {{- end -}} - - {{- if $registryName -}} - {{- if $imageDigest }} - {{- printf "%s/%s:%s@%s" $registryName $repositoryName $imageTag $imageDigest -}} - {{- else }} - {{- printf "%s/%s:%s" $registryName $repositoryName $imageTag -}} - {{- end }} - {{- else }} - {{- if $imageDigest }} - {{- printf "%s:%s@%s" $repositoryName $imageTag $imageDigest -}} - {{- else }} - {{- printf "%s:%s" $repositoryName $imageTag -}} - {{- end }} - {{- end }} -{{- end }} - -{{- define "codefresh-gitops-runtime.env-vars"}} -{{- $ := .context }} - {{- if .Values }} - {{- if not (kindIs "map" .Values) }} - {{ fail "ERROR: env block must be a map"}} - {{- end }} - {{- end }} - {{- $env := .Values }} - {{- $templatedEnv := include "codefresh-gitops-runtime.tplrender" (dict "Values" $env "context" $) | fromYaml }} - {{- range $name, $val := $templatedEnv }} - {{- if or (kindIs "string" $val) (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }} -- name: {{ $name }} - value: {{ $val | quote }} - {{- else if kindIs "map" $val}} - {{- if hasKey $val "valueFrom" }} - {{- if or (hasKey $val.valueFrom "secretKeyRef") (hasKey $val.valueFrom "configMapKeyRef") (hasKey $val.valueFrom "fieldRef") }} -- name: {{ $name }} -{{- $val | toYaml | nindent 2 }} - {{- else}} - {{ fail "ERROR: Only secretKeyRef/configMapKeyRef/fieldRef are supported for valueFrom block for environment variables!" }} - {{- end}} - {{- else }} - {{ fail "ERROR: Cannot generate environment variables only strings and valueFrom are supported!"}} - {{- end }} - {{- else }} - {{ fail "ERROR: Only maps and string/int/bool are supported for environment variables!"}} - {{- end }} - {{- end }} -{{- end }} - -{{- define "codefresh-gitops-runtime.tplrender" -}} - {{- $tpl := .Values -}} - {{- if not (typeIs "string" $tpl) -}} - {{- $tpl = toYaml $tpl -}} - {{- end -}} - {{- if contains "{{" $tpl -}} - {{- tpl $tpl .context }} - {{- else -}} - {{- $tpl -}} - {{- end -}} -{{- end -}} From 11bac814e570f9a5f7730cd82b52a438acb115a4 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 10:54:25 +0300 Subject: [PATCH 09/16] merge main --- charts/gitops-runtime/README.md | 172 +++++++++++++++++------------- charts/gitops-runtime/values.yaml | 54 +++++----- 2 files changed, 124 insertions(+), 102 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index ff5c9277..dbada838 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -382,7 +382,7 @@ redis-ha: |-----|------|---------|-------------| | app-proxy.affinity | object | `{}` | | | app-proxy.config.argoCdUrl | string | `nil` | ArgoCD Url. determined by chart logic. Do not change unless you are certain you need to | -| app-proxy.config.argoCdUsername | string | `"admin"` | ArgoCD user to be used by app-proxy | +| app-proxy.config.argoCdUsername | string | `""` | deprecated. use `global.external-argo-cd.auth.username` instead | | app-proxy.config.argoWorkflowsInsecure | string | `"true"` | | | app-proxy.config.argoWorkflowsUrl | string | `nil` | Workflows server url. Determined by chart logic. Do not change unless you are certain you need to | | app-proxy.config.clusterChunkSize | int | `50` | define cluster list size per request to report the cluster state to platform, e.g. if you have 90 clusters and set clusterChunkSize: 40, it means cron job will report cluster state to platform in 3 iterations (40,40,10) - reduce this value if you have a lot of clusters and the cron job is failing with payload too large error - use 0 to sync all clusters at once | @@ -411,14 +411,14 @@ redis-ha: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3791.0"` | | +| app-proxy.image.tag | string | `"1.3806.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3791.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3806.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -495,7 +495,39 @@ redis-ha: | argo-events.configs.nats.versions[0].natsStreamingImage | string | `"nats-streaming:0.25.6"` | | | argo-events.configs.nats.versions[0].version | string | `"0.22.1"` | | | argo-events.crds.install | bool | `false` | | +| argo-events.enabled | bool | `false` | | | argo-events.fullnameOverride | string | `"argo-events"` | | +| argo-gateway.affinity | object | `{}` | | +| argo-gateway.hpa.enabled | bool | `true` | | +| argo-gateway.hpa.maxReplicas | int | `10` | | +| argo-gateway.hpa.minReplicas | int | `1` | | +| argo-gateway.hpa.targetCPUUtilizationPercentage | int | `70` | | +| argo-gateway.image.registry | string | `"quay.io"` | | +| argo-gateway.image.repository | string | `"codefresh/cf-argocd-extras"` | | +| argo-gateway.image.tag | string | `"695977c"` | | +| argo-gateway.livenessProbe.failureThreshold | int | `3` | | +| argo-gateway.livenessProbe.initialDelaySeconds | int | `10` | | +| argo-gateway.livenessProbe.periodSeconds | int | `10` | | +| argo-gateway.livenessProbe.successThreshold | int | `1` | | +| argo-gateway.livenessProbe.timeoutSeconds | int | `10` | | +| argo-gateway.nodeSelector | object | `{}` | | +| argo-gateway.pdb.enabled | bool | `true` | | +| argo-gateway.pdb.maxUnavailable | string | `""` | | +| argo-gateway.pdb.minAvailable | string | `"50%"` | | +| argo-gateway.readinessProbe.failureThreshold | int | `3` | | +| argo-gateway.readinessProbe.initialDelaySeconds | int | `10` | | +| argo-gateway.readinessProbe.periodSeconds | int | `10` | | +| argo-gateway.readinessProbe.successThreshold | int | `1` | | +| argo-gateway.readinessProbe.timeoutSeconds | int | `10` | | +| argo-gateway.resources.requests.cpu | string | `"100m"` | | +| argo-gateway.resources.requests.memory | string | `"128Mi"` | | +| argo-gateway.service.type | string | `"ClusterIP"` | | +| argo-gateway.serviceAccount.create | bool | `true` | | +| argo-gateway.serviceMonitor.enabled | bool | `false` | | +| argo-gateway.serviceMonitor.interval | string | `"30s"` | | +| argo-gateway.serviceMonitor.labels | object | `{}` | | +| argo-gateway.serviceMonitor.scrapeTimeout | string | `"10s"` | | +| argo-gateway.tolerations | list | `[]` | | | argo-rollouts.controller.replicas | int | `1` | | | argo-rollouts.enabled | bool | `true` | | | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | @@ -507,63 +539,9 @@ redis-ha: | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | -| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"serviceMonitor":{"main":{"enabled":false}},"tolerations":[]},"sourcesServer":{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}}` | Codefresh extra services for ArgoCD | -| cf-argocd-extras.eventReporter.pdb.enabled | bool | `false` | Enable PDB for event-reporter | -| cf-argocd-extras.eventReporter.serviceMonitor.main.enabled | bool | `false` | Enable ServiceMonitor for event reporter | -| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"container":{"image":{"registry":"quay.io","repository":"codefresh/cf-argocd-extras","tag":"1556733"}},"enabled":true,"hpa":{"enabled":false,"maxReplicas":10,"minReplicas":1,"targetCPUUtilizationPercentage":70},"nodeSelector":{},"pdb":{"enabled":false,"maxUnavailable":"","minAvailable":"50%"},"resources":{"requests":{"cpu":"100m","memory":"128Mi"}},"tolerations":[]}` | Sources server configuration | -| cf-argocd-extras.sourcesServer.hpa.enabled | bool | `false` | Enable HPA for sources server | -| cf-argocd-extras.sourcesServer.pdb.enabled | bool | `false` | Enable PDB for sources server | | codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | -| event-reporters.rollout.eventSource.affinity | object | `{}` | | -| event-reporters.rollout.eventSource.nodeSelector | object | `{}` | | -| event-reporters.rollout.eventSource.replicas | int | `1` | | -| event-reporters.rollout.eventSource.resources | object | `{}` | | -| event-reporters.rollout.eventSource.tolerations | list | `[]` | | -| event-reporters.rollout.sensor.affinity | object | `{}` | | -| event-reporters.rollout.sensor.atLeastOnce | bool | `true` | At Least Once | -| event-reporters.rollout.sensor.env | object | `{}` | Environment variables for sensor pods - add DEBUG_LOG: "true" to add debug level logs | -| event-reporters.rollout.sensor.logging | object | `{"enabled":false,"intervalSeconds":0}` | Set to true to enable logging. Set intervalSeconds to add logging interval to moderate log flow. | -| event-reporters.rollout.sensor.nodeSelector | object | `{}` | | -| event-reporters.rollout.sensor.policy.status.allow[0] | int | `200` | | -| event-reporters.rollout.sensor.policy.status.allow[1] | int | `201` | | -| event-reporters.rollout.sensor.policy.status.allow[2] | int | `204` | | -| event-reporters.rollout.sensor.policy.status.allow[3] | int | `400` | | -| event-reporters.rollout.sensor.policy.status.allow[4] | int | `401` | | -| event-reporters.rollout.sensor.policy.status.allow[5] | int | `404` | | -| event-reporters.rollout.sensor.replicas | int | `1` | | -| event-reporters.rollout.sensor.resources | object | `{}` | | -| event-reporters.rollout.sensor.retryStrategy | object | `{"duration":0,"factor":1,"jitter":1,"steps":3}` | Retry strategy for events sent to Codefresh | -| event-reporters.rollout.sensor.retryStrategy.duration | int | `0` | The initial duration, use strings like "2s", "1m" | -| event-reporters.rollout.sensor.retryStrategy.factor | float | `1` | Duration is multiplied by factor each retry, if factor is not zero and steps limit has not been reached. Should not be negative | -| event-reporters.rollout.sensor.retryStrategy.jitter | int | `1` | The sleep between each retry is the duration plus an additional amount chosen uniformly at random from the interval between zero and `jitter * duration`. | -| event-reporters.rollout.sensor.retryStrategy.steps | int | `3` | Number of retries | -| event-reporters.rollout.sensor.tolerations | list | `[]` | | -| event-reporters.rollout.serviceAccount.create | bool | `true` | | -| event-reporters.workflow.eventSource.affinity | object | `{}` | | -| event-reporters.workflow.eventSource.nodeSelector | object | `{}` | | -| event-reporters.workflow.eventSource.replicas | int | `1` | | -| event-reporters.workflow.eventSource.resources | object | `{}` | | -| event-reporters.workflow.eventSource.tolerations | list | `[]` | | -| event-reporters.workflow.sensor.affinity | object | `{}` | | -| event-reporters.workflow.sensor.atLeastOnce | bool | `true` | At Least Once | -| event-reporters.workflow.sensor.env | object | `{}` | Environment variables for sensor pods - add DEBUG_LOG: "true" to add debug level logs | -| event-reporters.workflow.sensor.logging | object | `{"enabled":false,"intervalSeconds":0}` | Set to true to enable logging. Set intervalSeconds to add logging interval to moderate log flow. | -| event-reporters.workflow.sensor.nodeSelector | object | `{}` | | -| event-reporters.workflow.sensor.policy.status.allow[0] | int | `200` | | -| event-reporters.workflow.sensor.policy.status.allow[1] | int | `201` | | -| event-reporters.workflow.sensor.policy.status.allow[2] | int | `204` | | -| event-reporters.workflow.sensor.policy.status.allow[3] | int | `400` | | -| event-reporters.workflow.sensor.policy.status.allow[4] | int | `401` | | -| event-reporters.workflow.sensor.policy.status.allow[5] | int | `404` | | -| event-reporters.workflow.sensor.replicas | int | `1` | | -| event-reporters.workflow.sensor.resources | object | `{}` | | -| event-reporters.workflow.sensor.retryStrategy | object | `{"duration":0,"factor":1,"jitter":1,"steps":3}` | Retry strategy for events sent to Codefresh | -| event-reporters.workflow.sensor.retryStrategy.duration | int | `0` | The initial duration, use strings like "2s", "1m" | -| event-reporters.workflow.sensor.retryStrategy.factor | float | `1` | Duration is multiplied by factor each retry, if factor is not zero and steps limit has not been reached. Should not be negative | -| event-reporters.workflow.sensor.retryStrategy.jitter | int | `1` | The sleep between each retry is the duration plus an additional amount chosen uniformly at random from the interval between zero and `jitter * duration`. | -| event-reporters.workflow.sensor.retryStrategy.steps | int | `3` | Number of retries | -| event-reporters.workflow.sensor.tolerations | list | `[]` | | -| event-reporters.workflow.serviceAccount.create | bool | `true` | | +| event-reporters.cluster-event-reporter | object | `{}` | | +| event-reporters.runtime-event-reporter | object | `{}` | | | gitops-operator.affinity | object | `{}` | | | gitops-operator.config.commitStatusPollingInterval | string | `"10s"` | Commit status polling interval | | gitops-operator.config.maxConcurrentReleases | int | `100` | Maximum number of concurrent releases being processed by the operator (this will not affect the number of releases being processed by the gitops runtime) | @@ -577,11 +555,10 @@ redis-ha: | gitops-operator.crds.keep | bool | `false` | Keep CRDs if gitops runtime release is uninstalled | | gitops-operator.enabled | bool | `true` | | | gitops-operator.env.GITOPS_OPERATOR_VERSION | string | `"0.11.1"` | | -| gitops-operator.env.GITOPS_OPERATOR_VERSION | string | `"0.11.1"` | | | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image.registry | string | `"quay.io"` | defaults | | gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"3ac2676"` | | +| gitops-operator.image.tag | string | `"a1316ff"` | | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | @@ -611,14 +588,40 @@ redis-ha: | global.codefresh.userToken | object | `{"secretKeyRef":{},"token":""}` | User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided. | | global.codefresh.userToken.secretKeyRef | object | `{}` | User token that references an existing secret containing the token. | | global.codefresh.userToken.token | string | `""` | User token in plain text. The chart creates and manages the secret for this token. | -| global.external-argo-cd | object | `{"auth":{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"},"repoServer":{"port":8081,"svc":"argocd-repo-server"},"server":{"port":80,"rootpath":"","svc":"argocd-server"}}` | Configuration for external ArgoCD Should be used when `argo-cd.enabled` is set to false | -| global.external-argo-cd.auth | object | `{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"}` | How GitOps Runtime should authenticate with ArgoCD | -| global.external-argo-cd.auth.password | string | `""` | ArgoCD password in plain text | -| global.external-argo-cd.auth.passwordSecretKeyRef | object | `{"key":"password","name":"argocd-initial-admin-secret"}` | ArgoCD password referenced by an existing secret | -| global.external-argo-cd.auth.token | string | `""` | ArgoCD token in plain text | -| global.external-argo-cd.auth.tokenSecretKeyRef | object | `{}` | ArgoCD token referenced by an existing secret | -| global.external-argo-cd.auth.type | string | `"password"` | Authentication type. Can be password or token | -| global.external-argo-cd.auth.username | string | `"admin"` | ArgoCD username in plain text | +| global.event-reporters.affinity | object | `{}` | | +| global.event-reporters.config | object | `{}` | | +| global.event-reporters.image.registry | string | `"quay.io"` | | +| global.event-reporters.image.repository | string | `"codefresh/cf-argocd-extras"` | | +| global.event-reporters.image.tag | string | `"695977c"` | | +| global.event-reporters.livenessProbe.failureThreshold | int | `3` | | +| global.event-reporters.livenessProbe.initialDelaySeconds | int | `10` | | +| global.event-reporters.livenessProbe.periodSeconds | int | `10` | | +| global.event-reporters.livenessProbe.successThreshold | int | `1` | | +| global.event-reporters.livenessProbe.timeoutSeconds | int | `10` | | +| global.event-reporters.nodeSelector | object | `{}` | | +| global.event-reporters.pdb.enabled | bool | `true` | | +| global.event-reporters.pdb.maxUnavailable | string | `""` | | +| global.event-reporters.pdb.minAvailable | string | `"50%"` | | +| global.event-reporters.readinessProbe.failureThreshold | int | `3` | | +| global.event-reporters.readinessProbe.initialDelaySeconds | int | `10` | | +| global.event-reporters.readinessProbe.periodSeconds | int | `10` | | +| global.event-reporters.readinessProbe.successThreshold | int | `1` | | +| global.event-reporters.readinessProbe.timeoutSeconds | int | `10` | | +| global.event-reporters.replicaCount | int | `2` | | +| global.event-reporters.resources.requests.cpu | string | `"100m"` | | +| global.event-reporters.resources.requests.memory | string | `"128Mi"` | | +| global.event-reporters.service.ports.http.port | int | `8088` | | +| global.event-reporters.service.ports.http.targetPort | int | `8088` | | +| global.event-reporters.service.ports.metrics.port | int | `8087` | | +| global.event-reporters.service.ports.metrics.targetPort | int | `8087` | | +| global.event-reporters.service.type | string | `"ClusterIP"` | | +| global.event-reporters.serviceAccount.create | bool | `true` | | +| global.event-reporters.serviceMonitor.enabled | bool | `false` | | +| global.event-reporters.serviceMonitor.interval | string | `"30s"` | | +| global.event-reporters.serviceMonitor.labels | object | `{}` | | +| global.event-reporters.serviceMonitor.scrapeTimeout | string | `"10s"` | | +| global.event-reporters.tolerations | list | `[]` | | +| global.external-argo-cd | object | `{"repoServer":{"port":8081,"svc":"argocd-repo-server"},"server":{"port":80,"rootpath":"","svc":"argocd-server"}}` | Configuration for external ArgoCD Should be used when `argo-cd.enabled` is set to false | | global.external-argo-cd.repoServer.port | int | `8081` | Port of the ArgoCD repo server | | global.external-argo-cd.repoServer.svc | string | `"argocd-repo-server"` | Service name of the ArgoCD repo server | | global.external-argo-cd.server | object | `{"port":80,"rootpath":"","svc":"argocd-server"}` | ArgoCD server settings | @@ -630,16 +633,19 @@ redis-ha: | global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout | | global.httpProxy | string | `""` | global HTTP_PROXY for all components | | global.httpsProxy | string | `""` | global HTTPS_PROXY for all components | +| global.imageRegistry | string | `""` | | +| global.integrations.argo-cd.server.auth | object | `{"password":"","passwordSecretKeyRef":{"key":"password","name":"argocd-initial-admin-secret"},"token":"","tokenSecretKeyRef":{},"type":"password","username":"admin"}` | How GitOps Runtime should authenticate with ArgoCD server | +| global.integrations.argo-cd.server.auth.password | string | `""` | ArgoCD password in plain text | +| global.integrations.argo-cd.server.auth.passwordSecretKeyRef | object | `{"key":"password","name":"argocd-initial-admin-secret"}` | ArgoCD password referenced by an existing secret | +| global.integrations.argo-cd.server.auth.token | string | `""` | ArgoCD token in plain text | +| global.integrations.argo-cd.server.auth.tokenSecretKeyRef | object | `{}` | ArgoCD token referenced by an existing secret | +| global.integrations.argo-cd.server.auth.type | string | `"password"` | Authentication type. Can be password or token | +| global.integrations.argo-cd.server.auth.username | string | `"admin"` | ArgoCD username in plain text | | global.noProxy | string | `""` | global NO_PROXY for all components | | global.nodeSelector | object | `{}` | Global nodeSelector for all components | -| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"jetstream":{"affinity":{},"containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[],"version":"latest"},"name":"","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2},"type":"nats"},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | +| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | -| global.runtime.eventBus | object | `{"annotations":{},"jetstream":{"affinity":{},"containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[],"version":"latest"},"name":"","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","metadata":{"labels":{"app.kubernetes.io/name":"codefresh-eventbus"}},"nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2},"type":"nats"}` | Runtime eventbus | -| global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource | -| global.runtime.eventBus.name | string | `""` | Eventbus name | -| global.runtime.eventBus.pdb | object | `{"enabled":true,"minAvailable":2}` | Pod disruption budget for the eventbus | -| global.runtime.eventBus.pdb.minAvailable | int | `2` | Minimum number of available eventbus pods. For eventbus to stay functional the majority of its replicas should always be available. | | global.runtime.gitCredentials | object | `{"password":{"secretKeyRef":{},"value":null},"username":"username"}` | Git credentials runtime. Runtime is not fully functional without those credentials. If not provided through the installation, they must be provided through the Codefresh UI. | | global.runtime.gitCredentials.password | object | `{"secretKeyRef":{},"value":null}` | Password. If using GitHub token, please provide it here. | | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. | @@ -710,10 +716,26 @@ redis-ha: | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | | redis-ha.image.tag | string | `"8.2.1-alpine"` | Redis tag | +| redis-ha.livenessProbe.failureThreshold | int | `3` | | +| redis-ha.livenessProbe.initialDelaySeconds | int | `10` | | +| redis-ha.livenessProbe.periodSeconds | int | `10` | | +| redis-ha.livenessProbe.successThreshold | int | `1` | | +| redis-ha.livenessProbe.timeoutSeconds | int | `10` | | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | +| redis-ha.readinessProbe.failureThreshold | int | `3` | | +| redis-ha.readinessProbe.initialDelaySeconds | int | `10` | | +| redis-ha.readinessProbe.periodSeconds | int | `10` | | +| redis-ha.readinessProbe.successThreshold | int | `1` | | +| redis-ha.readinessProbe.timeoutSeconds | int | `10` | | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.service.type | string | `"ClusterIP"` | | +| redis-ha.serviceAccount.create | bool | `true` | | +| redis-ha.serviceMonitor.enabled | bool | `false` | | +| redis-ha.serviceMonitor.interval | string | `"30s"` | | +| redis-ha.serviceMonitor.labels | object | `{}` | | +| redis-ha.serviceMonitor.scrapeTimeout | string | `"10s"` | | | redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | | redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index fa5318e4..3c7019a5 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -676,29 +676,29 @@ argo-gateway: targetCPUUtilizationPercentage: 70 pdb: enabled: true - container: - image: - registry: quay.io - repository: codefresh/cf-argocd-extras - tag: "1556733" - nodeSelector: {} - tolerations: [] - affinity: {} - resources: - requests: - memory: "128Mi" - cpu: "100m" - hpa: - # -- Enable HPA for sources server - enabled: false - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 70 - pdb: - # -- Enable PDB for sources server - enabled: false - minAvailable: "50%" - maxUnavailable: "" + minAvailable: "50%" + maxUnavailable: "" + service: + type: ClusterIP + serviceAccount: + create: true + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + serviceMonitor: + enabled: false + interval: 30s + scrapeTimeout: 10s + labels: {} # -- Enable hook job to create redis secret redis-secret-init: @@ -799,6 +799,10 @@ redis: name: "" annotations: {} +event-reporters: + cluster-event-reporter: {} + runtime-event-reporter: {} + ## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` # Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: @@ -913,7 +917,3 @@ redis-ha: interval: 30s scrapeTimeout: 10s labels: {} - -event-reporters: - cluster-event-reporter: {} - runtime-event-reporter: {} From efd38cca9252520460dc92d3ae88902aaf42c67d Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 11:01:47 +0300 Subject: [PATCH 10/16] merge main --- .../gitops-runtime/tests/argo-api-gateway_test.yaml | 9 ++++----- .../gitops-runtime/tests/event-reporters_test.yaml | 7 +++---- .../gitops-runtime/tests/external_argocd_test.yaml | 12 ------------ 3 files changed, 7 insertions(+), 21 deletions(-) diff --git a/charts/gitops-runtime/tests/argo-api-gateway_test.yaml b/charts/gitops-runtime/tests/argo-api-gateway_test.yaml index a6cd2d88..9cb9a936 100644 --- a/charts/gitops-runtime/tests/argo-api-gateway_test.yaml +++ b/charts/gitops-runtime/tests/argo-api-gateway_test.yaml @@ -13,7 +13,7 @@ tests: value: argo-cd-server:80 - equal: path: data["redis.server"] - value: argo-cd-redis:6379 + value: redis:6379 - equal: path: data["repo.server"] value: argo-cd-repo-server:8081 @@ -77,13 +77,12 @@ tests: values: - ./values/mandatory-values-ingress.yaml set: - argo-cd: - redis-ha: - enabled: true + redis-ha: + enabled: true asserts: - equal: path: data["redis.server"] - value: RELEASE-NAME-redis-ha-haproxy:6379 + value: redis-ha-haproxy:6379 - it: Argo Api Gateway should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true template: argo-gateway/deployment.yaml diff --git a/charts/gitops-runtime/tests/event-reporters_test.yaml b/charts/gitops-runtime/tests/event-reporters_test.yaml index c1ea127e..518bc3fd 100644 --- a/charts/gitops-runtime/tests/event-reporters_test.yaml +++ b/charts/gitops-runtime/tests/event-reporters_test.yaml @@ -35,13 +35,12 @@ tests: values: - ./values/mandatory-values-ingress.yaml set: - argo-cd: - redis-ha: - enabled: true + redis-ha: + enabled: true asserts: - equal: path: data["redis.server"] - value: RELEASE-NAME-redis-ha-haproxy:6379 + value: redis-ha-haproxy:6379 - it: Runtime Reporter should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true template: event-reporters/runtime-event-reporter/deployment.yaml diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml index 6213b544..63b00a68 100644 --- a/charts/gitops-runtime/tests/external_argocd_test.yaml +++ b/charts/gitops-runtime/tests/external_argocd_test.yaml @@ -675,18 +675,6 @@ tests: name: ARGO_CD_TOKEN_SECRET_KEY value: token - - it: should require ArgoCd redis address if it's not provided - values: - - ./values/mandatory-values-ingress.yaml - - ./values/external-argocd-values.yaml - set: - global: - external-argo-cd: - redis: null - asserts: - - failedTemplate: - errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.redis is not set" - - it: should require ArgoCd repoServer address if it's not provided values: - ./values/mandatory-values-ingress.yaml From de0e97f2db86a314df08ee8b7c7836c47f39e977 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 11:15:21 +0300 Subject: [PATCH 11/16] merge main --- charts/gitops-runtime/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 3c7019a5..14c7932c 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -894,8 +894,6 @@ redis-ha: # @default -- See [values.yaml] containerSecurityContext: readOnlyRootFilesystem: true - minAvailable: "50%" - maxUnavailable: "" service: type: ClusterIP serviceAccount: From ba00efa7749d53af5eb88eca8e7ce3ed284e1fed Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 11:41:13 +0300 Subject: [PATCH 12/16] merge main --- charts/gitops-runtime/README.md | 16 ---------------- charts/gitops-runtime/values.yaml | 21 --------------------- 2 files changed, 37 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index dbada838..db1d97b8 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -716,26 +716,10 @@ redis-ha: | redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | | redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | | redis-ha.image.tag | string | `"8.2.1-alpine"` | Redis tag | -| redis-ha.livenessProbe.failureThreshold | int | `3` | | -| redis-ha.livenessProbe.initialDelaySeconds | int | `10` | | -| redis-ha.livenessProbe.periodSeconds | int | `10` | | -| redis-ha.livenessProbe.successThreshold | int | `1` | | -| redis-ha.livenessProbe.timeoutSeconds | int | `10` | | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | -| redis-ha.readinessProbe.failureThreshold | int | `3` | | -| redis-ha.readinessProbe.initialDelaySeconds | int | `10` | | -| redis-ha.readinessProbe.periodSeconds | int | `10` | | -| redis-ha.readinessProbe.successThreshold | int | `1` | | -| redis-ha.readinessProbe.timeoutSeconds | int | `10` | | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | | redis-ha.redis.masterGroupName | string | `"gitops-runtime"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | -| redis-ha.service.type | string | `"ClusterIP"` | | -| redis-ha.serviceAccount.create | bool | `true` | | -| redis-ha.serviceMonitor.enabled | bool | `false` | | -| redis-ha.serviceMonitor.interval | string | `"30s"` | | -| redis-ha.serviceMonitor.labels | object | `{}` | | -| redis-ha.serviceMonitor.scrapeTimeout | string | `"10s"` | | | redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | | redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | | redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 14c7932c..bdf1fb22 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -894,24 +894,3 @@ redis-ha: # @default -- See [values.yaml] containerSecurityContext: readOnlyRootFilesystem: true - service: - type: ClusterIP - serviceAccount: - create: true - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 10 - serviceMonitor: - enabled: false - interval: 30s - scrapeTimeout: 10s - labels: {} From 2972e4b431ecdd72072a8ad25f9470efdead634c Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 20:07:12 +0300 Subject: [PATCH 13/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/README.md | 4 ++-- .../gitops-runtime/templates/redis/_helpers.tpl | 2 +- .../tests/argo-api-gateway_test.yaml | 4 ++-- .../tests/event-reporters_test.yaml | 17 ++++++++++++++++- charts/gitops-runtime/values.yaml | 3 ++- 5 files changed, 23 insertions(+), 7 deletions(-) diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index db1d97b8..726d0b49 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -695,7 +695,7 @@ redis-ha: | internal-router.serviceAccount.create | bool | `true` | | | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | -| redis | object | `{"affinity":{},"enabled":true,"env":{},"envFrom":[],"extraArgs":[],"image":{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"},"imagePullSecrets":[],"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"metrics":{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}},"nodeSelector":{},"pdb":{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"securityContext":{},"service":{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"topologySpreadConstraints":[]}` | Enable standalone redis deployment Will be replaced by redis-ha subchart when `redis-ha.enabled=true` | +| redis | object | `{"affinity":{},"enabled":true,"env":{},"envFrom":[],"extraArgs":[],"fullnameOverride":"runtime-redis","image":{"registry":"public.ecr.aws","repository":"docker/library/redis","tag":"8.2.1-alpine"},"imagePullSecrets":[],"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"metrics":{"enabled":true,"env":{},"envFrom":[],"image":{"registry":"ghcr.io","repository":"oliver006/redis_exporter","tag":"v1.72.1"},"livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"serviceMonitor":{"enabled":false}},"nodeSelector":{},"pdb":{"annotations":{},"enabled":false,"labels":{},"maxUnavailable":"","minAvailable":1},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"resources":{},"securityContext":{},"service":{"annotations":{},"labels":{},"ports":{"metrics":{"port":9121,"targetPort":9121},"redis":{"port":6379,"targetPort":6379}},"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":""},"tolerations":[],"topologySpreadConstraints":[]}` | Enable standalone redis deployment Will be replaced by redis-ha subchart when `redis-ha.enabled=true` | | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | | redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | @@ -705,7 +705,7 @@ redis-ha: | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"v1.69.0"` | Tag to use for the redis-exporter | -| redis-ha.fullnameOverride | string | `"redis-ha"` | Full name of the Redis HA Resources | +| redis-ha.fullnameOverride | string | `"runtime-redis-ha"` | Full name of the Redis HA Resources | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | | redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | diff --git a/charts/gitops-runtime/templates/redis/_helpers.tpl b/charts/gitops-runtime/templates/redis/_helpers.tpl index 15d65e70..f8895325 100644 --- a/charts/gitops-runtime/templates/redis/_helpers.tpl +++ b/charts/gitops-runtime/templates/redis/_helpers.tpl @@ -4,7 +4,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "redis.fullname" -}} -{{- print "redis" }} +{{- .Values.redis.fullnameOverride | default (print "redis") }} {{- end }} {{/* diff --git a/charts/gitops-runtime/tests/argo-api-gateway_test.yaml b/charts/gitops-runtime/tests/argo-api-gateway_test.yaml index 9cb9a936..1f02ef8b 100644 --- a/charts/gitops-runtime/tests/argo-api-gateway_test.yaml +++ b/charts/gitops-runtime/tests/argo-api-gateway_test.yaml @@ -13,7 +13,7 @@ tests: value: argo-cd-server:80 - equal: path: data["redis.server"] - value: redis:6379 + value: runtime-redis:6379 - equal: path: data["repo.server"] value: argo-cd-repo-server:8081 @@ -82,7 +82,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: redis-ha-haproxy:6379 + value: runtime-redis-ha-haproxy:6379 - it: Argo Api Gateway should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true template: argo-gateway/deployment.yaml diff --git a/charts/gitops-runtime/tests/event-reporters_test.yaml b/charts/gitops-runtime/tests/event-reporters_test.yaml index 518bc3fd..6a833a2f 100644 --- a/charts/gitops-runtime/tests/event-reporters_test.yaml +++ b/charts/gitops-runtime/tests/event-reporters_test.yaml @@ -30,6 +30,21 @@ tests: path: metadata.name value: runtime-event-reporter + - it: Runtime Reporter ConfigMap should have valid data + template: event-reporters/runtime-event-reporter/configmap.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - equal: + path: data["argocd.server"] + value: argo-cd-server:80 + - equal: + path: data["redis.server"] + value: runtime-redis:6379 + - equal: + path: data["repo.server"] + value: argo-cd-repo-server:8081 + - it: Runtime Reporter ConfigMap should have valid redis-ha url template: event-reporters/runtime-event-reporter/configmap.yaml values: @@ -40,7 +55,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: redis-ha-haproxy:6379 + value: runtime-redis-ha-haproxy:6379 - it: Runtime Reporter should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true template: event-reporters/runtime-event-reporter/deployment.yaml diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index bdf1fb22..46cc1903 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -714,6 +714,7 @@ redis-secret-init: # Will be replaced by redis-ha subchart when `redis-ha.enabled=true` redis: enabled: true + fullnameOverride: "runtime-redis" # -- Redis image image: registry: public.ecr.aws @@ -809,7 +810,7 @@ redis-ha: # -- Enables the Redis HA subchart and disables the custom Redis single node deployment enabled: false # -- Full name of the Redis HA Resources - fullnameOverride: "redis-ha" + fullnameOverride: "runtime-redis-ha" ## Redis image image: # -- Redis repository From dd57484374ed095ecb2e448f2d9b127594c2dbae Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 21:44:47 +0300 Subject: [PATCH 14/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/tests/redis_test.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/gitops-runtime/tests/redis_test.yaml b/charts/gitops-runtime/tests/redis_test.yaml index 89341135..3993e30d 100644 --- a/charts/gitops-runtime/tests/redis_test.yaml +++ b/charts/gitops-runtime/tests/redis_test.yaml @@ -14,7 +14,7 @@ tests: - containsDocument: kind: Deployment apiVersion: apps/v1 - name: redis + name: runtime-redis - it: Redis HA StatefulSet should be created when redis-ha.enabled is true template: charts/redis-ha/templates/redis-ha-statefulset.yaml @@ -26,11 +26,11 @@ tests: - containsDocument: kind: StatefulSet apiVersion: apps/v1 - name: redis-ha-server + name: runtime-redis-ha-server - containsDocument: kind: Deployment apiVersion: apps/v1 - name: redis + name: runtime-redis not: true - it: App-Proxy should have CACHE_ environment variables (standalone Redis) @@ -40,7 +40,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].env[?(@.name=="CACHE_HOST")].value - value: redis + value: runtime-redis - equal: path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PORT")].value value: "6379" @@ -60,7 +60,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].env[?(@.name=="CACHE_HOST")].value - value: redis-ha-haproxy + value: runtime-redis-ha-haproxy - equal: path: spec.template.spec.containers[0].env[?(@.name=="CACHE_PORT")].value value: "6379" From b844d35c056e8616c08b737a3cdef13ff1f6f362 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 22:02:15 +0300 Subject: [PATCH 15/16] feat: add separate redis for cf-argocd-extras and app-proxy --- charts/gitops-runtime/tests/external_argocd_test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml index 63b00a68..a0b26c2a 100644 --- a/charts/gitops-runtime/tests/external_argocd_test.yaml +++ b/charts/gitops-runtime/tests/external_argocd_test.yaml @@ -407,7 +407,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: redis:6379 + value: runtime-redis:6379 - it: runtime-event-reporter ConfigMap should have valid Sources Server address template: event-reporters/runtime-event-reporter/configmap.yaml @@ -555,7 +555,7 @@ tests: asserts: - equal: path: data["redis.server"] - value: redis:6379 + value: runtime-redis:6379 - it: argo-gateway ConfigMap should have valid Repo Server URL template: argo-gateway/configmap.yaml From 73c87d6a902474dc86f13865b00dfc42e635e862 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 8 Oct 2025 22:20:05 +0300 Subject: [PATCH 16/16] feat: add separate redis for cf-argocd-extras and app-proxy --- .../templates/argo-gateway/_env.yaml | 10 ++++----- .../cluster-event-reporter/_env.yaml | 10 ++++----- .../runtime-event-reporter/_env.yaml | 10 ++++----- .../tests/event-reporters_test.yaml | 22 +++++++++++++++++++ 4 files changed, 37 insertions(+), 15 deletions(-) diff --git a/charts/gitops-runtime/templates/argo-gateway/_env.yaml b/charts/gitops-runtime/templates/argo-gateway/_env.yaml index 89fb754e..d38f6d2f 100644 --- a/charts/gitops-runtime/templates/argo-gateway/_env.yaml +++ b/charts/gitops-runtime/templates/argo-gateway/_env.yaml @@ -63,29 +63,29 @@ LISTEN_ADDRESS: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: argo-gateway-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: argo-gateway-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: argo-gateway-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: argo-gateway-cmd-params-cm key: redis-username optional: true REPO_SERVER: diff --git a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml index 007edfb8..982f3624 100644 --- a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml +++ b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml @@ -111,29 +111,29 @@ OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: cluster-event-reporter-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: cluster-event-reporter-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: cluster-event-reporter-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: cluster-event-reporter-cmd-params-cm key: redis-username optional: true REPO_SERVER: diff --git a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml index 5ceb04f0..64cb9d97 100644 --- a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml +++ b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml @@ -111,29 +111,29 @@ OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: REDISDB: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: runtime-event-reporter-cmd-params-cm key: redis.db optional: true REDIS_COMPRESSION: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: runtime-event-reporter-cmd-params-cm key: redis.compression optional: true REDIS_PASSWORD: valueFrom: secretKeyRef: - name: argocd-redis + name: gitops-runtime-redis key: auth REDIS_SERVER: valueFrom: configMapKeyRef: - name: argocd-cmd-params-cm + name: runtime-event-reporter-cmd-params-cm key: redis.server REDIS_USERNAME: valueFrom: secretKeyRef: - name: argocd-redis + name: runtime-event-reporter-cmd-params-cm key: redis-username optional: true REPO_SERVER: diff --git a/charts/gitops-runtime/tests/event-reporters_test.yaml b/charts/gitops-runtime/tests/event-reporters_test.yaml index 6a833a2f..c86c5526 100644 --- a/charts/gitops-runtime/tests/event-reporters_test.yaml +++ b/charts/gitops-runtime/tests/event-reporters_test.yaml @@ -167,3 +167,25 @@ tests: value: cpu: 200m memory: 256Mi + + - it: Runtime Reporter should have correct REDIS_ environment variables + template: event-reporters/runtime-event-reporter/deployment.yaml + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: runtime-event-reporter-cmd-params-cm + key: redis.server + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: gitops-runtime-redis + key: auth