diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml index 7751eb84..172d4f9f 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_config.yaml @@ -1,17 +1,11 @@ -{{- define "cap-app-proxy.resources.configmap-documented-configs"}} -argoCdUrl: {{ .Values.config.argoCdUrl }} -argoCdUsername: {{ .Values.config.argoCdUsername }} +{{- define "cap-app-proxy.resources.configmap-documented-configs" }} argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }} -argoWorkflowsUrl: {{ default "" .Values.config.argoWorkflowsUrl }} +clusterChunkSize: {{ .Values.config.clusterChunkSize | quote }} cors: {{ .Values.global.codefresh.url }} - {{- with .Values.config.clusterChunkSize }} -clusterChunkSize: {{ . | quote }} - {{- end }} -env: {{ .Values.config.env | quote}} isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} isExternalArgoCD: {{ .Values.global.runtime.isExternalArgoCD | quote }} runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}} -skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }} +isNamespacedRuntime: {{ .Values.global.runtime.singleNamespace | quote }} logLevel: {{ .Values.config.logLevel | quote }} {{- $enrichmentValues := get .Values "image-enrichment" }} {{- if $enrichmentValues.enabled }} @@ -30,7 +24,7 @@ enrichmentJiraEnrichmentImage: {{ printf "%s/%s:%s" $enrichmentValues.config.ima {{- define "cap-app-proxy.resources.configmap" }} {{- $documentedConfigs := (include "cap-app-proxy.resources.configmap-documented-configs" . | fromYaml ) }} -{{- $overrides := omit .Values.config "clusterChunkSize" }} +{{- $overrides := omit .Values.config "argoWorkflowsInsecure" "clusterChunkSize" "cors" }} {{- $mergedConfig := mergeOverwrite $documentedConfigs $overrides }} apiVersion: v1 kind: ConfigMap diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index f59f769e..a19430d5 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -5,9 +5,6 @@ ARGO_CD_URL: name: cap-app-proxy-cm key: argoCdUrl optional: true -ARGO_CD_TOKEN: {{ include "codefresh-gitops-runtime.argocd.server.token" . | nindent 2 }} -ARGO_CD_USERNAME: {{ include "codefresh-gitops-runtime.argocd.server.username-env-var" . | nindent 2 }} -ARGO_CD_PASSWORD: {{ include "codefresh-gitops-runtime.argocd.server.password" . | nindent 2 }} ARGO_WORKFLOWS_INSECURE: valueFrom: configMapKeyRef: @@ -224,8 +221,9 @@ LEADER_ID: Read defaults from the template above and merge with the values provided in values file */}} {{- define "cap-app-proxy.environment-variables" -}} -{{- $defaults := (include "cap-app-proxy.environment-variables.defaults" . | fromYaml) }} -{{- $overrides := .Values.env }} -{{- $mergedValues := mergeOverwrite $defaults $overrides }} -{{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" $mergedValues }} + {{- $defaults := (include "cap-app-proxy.environment-variables.defaults" . | fromYaml) }} + {{- $argoCdAuth := (include "codefresh-gitops-runtime.argocd-auth" . | fromYaml) }} + {{- $overrides := .Values.env }} + {{- $mergedValues := mergeOverwrite $defaults $argoCdAuth $overrides }} + {{- include "codefresh-gitops-runtime.components.common_helpers.container-templates.env-vars" $mergedValues }} {{- end -}} diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl b/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl index 37d145e2..02deac9e 100644 --- a/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl +++ b/charts/gitops-runtime/templates/_components/cf-argocd-extras/_default-values.tpl @@ -1,4 +1,5 @@ {{- define "cf-argocd-extras.default-values" }} + {{- $argoCdAuth := (include "codefresh-gitops-runtime.argocd-token-auth" . | fromYaml) }} global: {} externalRedis: @@ -84,8 +85,7 @@ eventReporter: name: argocd-cmd-params-cm key: server.rootpath optional: true - ARGO_CD_TOKEN_SECRET_NAME: argocd-token - ARGO_CD_TOKEN_SECRET_KEY: token +{{ $argoCdAuth | toYaml | indent 6 }} BINARY_NAME: event-reporter CODEFRESH_SSL_CERT_PATH: "" CODEFRESH_TLS_INSECURE: @@ -392,8 +392,7 @@ sourcesServer: configMapKeyRef: name: sources-server-cmd-params-cm key: argocd.server - ARGO_CD_TOKEN_SECRET_NAME: argocd-token - ARGO_CD_TOKEN_SECRET_KEY: token +{{ $argoCdAuth | toYaml | indent 6}} ARGOCD_SERVER_ROOTPATH: valueFrom: configMapKeyRef: diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml b/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml index ccbadd63..6c349787 100644 --- a/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml +++ b/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml @@ -15,16 +15,6 @@ {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key" (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }} {{- end }} -{{- if and (eq (index $context.Values "global" "external-argo-cd" "auth" "type") "token") }} - {{- if not (index $context.Values "global" "external-argo-cd" "auth" "token") }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }} - {{- else }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }} - {{- end }} -{{- end }} - {{- if and (index $context.Values "global" "external-argo-cd" "server" "rootpath") }} {{- $_ := set $context.Values.container.env "ARGOCD_SERVER_ROOTPATH" (index $context.Values "global" "external-argo-cd" "server" "rootpath") }} {{- end }} diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml b/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml index 16c67b92..e32cb923 100644 --- a/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml +++ b/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml @@ -15,16 +15,6 @@ {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key" (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }} {{- end }} -{{- if and (eq (index $context.Values "global" "external-argo-cd" "auth" "type") "token") }} - {{- if not (index $context.Values "global" "external-argo-cd" "auth" "token") }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }} - {{- else }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }} - {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }} - {{- end }} -{{- end }} - {{- if and (index $context.Values "global" "external-argo-cd" "server" "rootpath") }} {{- $_ := set $context.Values.container.env "ARGOCD_SERVER_ROOTPATH" (index $context.Values "global" "external-argo-cd" "server" "rootpath") }} {{- end }} diff --git a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml index f2e10f74..d8548693 100644 --- a/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml +++ b/charts/gitops-runtime/templates/_components/gitops-operator/_env.yaml @@ -3,25 +3,29 @@ Some environment variables are determined by values provided in other components to keep the separation of components as pseudo library charts, they are defined here to be merged when components are generated. */}} {{- define "gitops-operator.resources.environment-variables.calculated" }} + {{- include "codefresh-gitops-runtime.argocd-token-auth" . }} {{/* if custom certificates are provided */}} {{- if .Values.global.codefresh.tls.caCerts.secretKeyRef }} CF_CA_CERT: {{ printf "/app/config/codefresh-tls/%s" .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} {{- end }} CF_URL: {{ .Values.global.codefresh.url }} +COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }} GITOPS_OPERATOR_VERSION: {{ .Values.image.tag }} + {{- if (gt (int .Values.replicaCount) 1 ) }} +LEADER_ELECT: true + {{- else }} +LEADER_ELECT: false + {{- end }} +MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }} +PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }} RUNTIME: {{ .Values.global.runtime.name }} TASK_POLLING_INTERVAL: {{ .Values.config.taskPollingInterval }} -COMMIT_STATUS_POLLING_INTERVAL: {{ .Values.config.commitStatusPollingInterval }} WORKFLOW_MONITOR_POLLING_INTERVAL: {{ .Values.config.workflowMonitorPollingInterval }} -MAX_CONCURRENT_RELEASES: {{ .Values.config.maxConcurrentReleases }} -PROMOTION_WRAPPER_TEMPLATE: {{ .Values.config.promotionWrapperTemplate | quote }} {{- end }} {{- define "gitops-operator.resources.environment-variables.defaults" -}} AP_URL: http://cap-app-proxy:3017 ARGO_CD_URL: argo-cd-server:80 -ARGO_CD_TOKEN_SECRET_NAME: argocd-token -ARGO_CD_TOKEN_SECRET_KEY: token ARGO_WF_URL: http://argo-server:2746 CF_TOKEN: valueFrom: @@ -29,7 +33,6 @@ CF_TOKEN: name: codefresh-token key: token HEALTH_PROBE_BIND_ADDRESS: :8081 -LEADER_ELECT: true METRICS_BIND_ADDRESS: :8080 METRICS_SECURE: false NAMESPACE: diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl index 693878f4..ccf704a2 100644 --- a/charts/gitops-runtime/templates/_helpers.tpl +++ b/charts/gitops-runtime/templates/_helpers.tpl @@ -94,7 +94,7 @@ Determine argocd repo server service name. Must be called with chart root contex */}} {{- define "codefresh-gitops-runtime.argocd.reposerver.servicename" -}} {{/* For now use template from ArgoCD chart until better approach */}} - {{- if and (index .Subcharts "argo-cd") }} + {{- if (index .Subcharts "argo-cd") }} {{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd") "Release" .Release ) }} {{- else }} {{- $repoServer := index .Values "global" "external-argo-cd" "repoServer" }} @@ -108,7 +108,7 @@ Determine argocd argocd repo server port */}} {{- define "codefresh-gitops-runtime.argocd.reposerver.serviceport" -}} {{/* For now use template from ArgoCD chart until better approach */}} - {{- if and (index .Subcharts "argo-cd") }} + {{- if (index .Subcharts "argo-cd") }} {{- index .Values "argo-cd" "repoServer" "service" "port" }} {{- else }} {{- $repoServer := index .Values "global" "external-argo-cd" "repoServer" }} @@ -123,11 +123,11 @@ Determine argocd repoServer url */}} {{- define "codefresh-gitops-runtime.argocd.reposerver.url" -}} {{- $argoCDValues := (get .Values "argo-cd") }} -{{- if and (index .Values "argo-cd" "enabled") }} +{{- if (index .Values "argo-cd" "enabled") }} {{- $serviceName := include "codefresh-gitops-runtime.argocd.reposerver.servicename" . }} {{- $port := include "codefresh-gitops-runtime.argocd.reposerver.serviceport" . }} {{- printf "%s:%s" $serviceName $port }} -{{- else if and (index .Values "global" "external-argo-cd" "repoServer") }} +{{- else if (index .Values "global" "external-argo-cd" "repoServer") }} {{- $repoServer := (index .Values "global" "external-argo-cd" "repoServer") }} {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.repoServer.svc is not set" $repoServer.svc }} {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.repoServer.port is not set" $repoServer.port }} @@ -150,7 +150,7 @@ Determine argocd servicename. Must be called with chart root context Determine rollouts name */}} {{- define "codefresh-gitops-runtime.argo-rollouts.name" -}} - {{- if and (index .Values "argo-rollouts" "enabled") }} + {{- if (index .Values "argo-rollouts" "enabled") }} {{/* For now use template from rollouts chart until better approach */}} {{- template "argo-rollouts.fullname" (dict "Values" (get .Values "argo-rollouts")) }} {{- else }} @@ -190,7 +190,7 @@ Determine argocd redis service port. Must be called with chart root context Determine argocd server url. Must be called with chart root context */}} {{- define "codefresh-gitops-runtime.argocd.server.url" -}} - {{- if and (index .Values "argo-cd" "enabled") }} + {{- if (index .Values "argo-cd" "enabled") }} {{- $protocol := "https" }} {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} {{- if (eq $port "80") }} @@ -198,13 +198,13 @@ Determine argocd server url. Must be called with chart root context {{- end }} {{- $url := include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . }} {{- printf "%s://%s" $protocol $url }} - {{- else if and (index .Values "global" "external-argo-cd" "server") }} + {{- else if (index .Values "global" "external-argo-cd" "server") }} {{- $argoCDSrv := (index .Values "global" "external-argo-cd" "server") }} {{- $protocol := "http" }} {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.svc is not set" $argoCDSrv.svc }} {{- $port := (required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.port is not port" $argoCDSrv.port) | toString }} {{- $rootpath := (index .Values "global" "external-argo-cd" "server" "rootpath") }} - {{- if and (eq $port "80") }} + {{- if (eq $port "80") }} {{- printf "%s://%s%s" $protocol $svc $rootpath }} {{- else }} {{- printf "%s://%s:%s%s" $protocol $svc $port $rootpath }} @@ -219,12 +219,12 @@ Determine argocd server url witout the protocol. Must be called with chart root */}} {{- define "codefresh-gitops-runtime.argocd.server.no-protocol-url" -}} {{- $argoCDValues := (get .Values "argo-cd") }} -{{- if and (index .Values "argo-cd" "enabled") }} +{{- if (index .Values "argo-cd" "enabled") }} {{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }} {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }} {{- $path := (get $argoCDValues.configs.params "server.rootpath") }} {{- printf "%s:%s%s" $serverName $port $path }} -{{- else if and (index .Values "global" "external-argo-cd" "server") }} +{{- else if (index .Values "global" "external-argo-cd" "server") }} {{- $argoCDSrv := (index .Values "global" "external-argo-cd" "server") }} {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.svc is not set" $argoCDSrv.svc }} {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.server.port is not set" $argoCDSrv.port }} @@ -235,95 +235,70 @@ Determine argocd server url witout the protocol. Must be called with chart root {{- end }} {{- end}} -{{/* -Determine argocd server password. -*/}} -{{- define "codefresh-gitops-runtime.argocd.server.password" }} - {{- if and (index .Values "argo-cd" "enabled") }} -valueFrom: - secretKeyRef: - name: argocd-initial-admin-secret - key: password - {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "password") (index .Values "global" "external-argo-cd" "auth" "passwordSecretKeyRef") }} -valueFrom: - secretKeyRef: -{{- index .Values "global" "external-argo-cd" "auth" "passwordSecretKeyRef" | toYaml | nindent 4 }} - {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "password") (index .Values "global" "external-argo-cd" "auth" "password") }} -valueFrom: - secretKeyRef: - name: gitops-runtime-argo-cd-password - key: token - {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "token") }} -valueFrom: - secretKeyRef: - name: gitops-runtime-argo-cd-token - key: token - {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef") }} -valueFrom: - secretKeyRef: -{{- index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" | toYaml | nindent 4 }} - optional: true - {{- else }} -{{ fail "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.password or .Values.global.external-argo-cd.auth.passwordSecretKeyRef is not set" }} - {{- end }} -{{- end }} - - -{{/* -Determine argocd token password. -*/}} -{{- define "codefresh-gitops-runtime.argocd.server.token" }} - {{- if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name") (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key")}} -valueFrom: - secretKeyRef: -{{- index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" | toYaml | nindent 4 }} - {{- else if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") (index .Values "global" "external-argo-cd" "auth" "token") }} -valueFrom: - secretKeyRef: - name: gitops-runtime-argo-cd-token - key: token - {{- else if or (eq (index .Values "global" "external-argo-cd" "auth" "type") "password") }} -valueFrom: - secretKeyRef: - name: argocd-token - key: token - optional: true +{{- define "codefresh-gitops-runtime.argocd-auth" -}} + {{- $argoCdAuth := (index .Values "global" "integrations" "argo-cd" "server" "auth") }} + {{- if (eq $argoCdAuth.type "password") }} +ARGO_CD_USERNAME: + valueFrom: + configMapKeyRef: + name: cap-app-proxy-cm + key: argoCdUsername +ARGO_CD_PASSWORD: + valueFrom: + secretKeyRef: + {{- if $argoCdAuth.password }} + name: gitops-runtime-argo-cd-password + key: token + {{- else if $argoCdAuth.passwordSecretKeyRef }} + {{- $argoCdAuth.passwordSecretKeyRef | toYaml | nindent 6 }} + {{- end }} + {{- else if (eq $argoCdAuth.type "token") }} +ARGO_CD_TOKEN: + valueFrom: + secretKeyRef: + {{- if $argoCdAuth.token }} + name: gitops-runtime-argo-cd-token + key: token + {{- else if $argoCdAuth.tokenSecretKeyRef }} + {{- if and (hasKey $argoCdAuth.tokenSecretKeyRef "name") (hasKey $argoCdAuth.tokenSecretKeyRef "key") }} + {{- $argoCdAuth.tokenSecretKeyRef | toYaml | nindent 6 }} + {{- else }} + {{- fail "Both 'name' and 'key' must be set in .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef" }} + {{- end }} + {{- end }} {{- else }} - {{ fail (printf "Invalid value for .Values.global.external-argo-cd.auth.type: %s. Allowed values are: [password token]" (index .Values "global" "external-argo-cd" "auth" "type")) }} + {{ fail (printf "Invalid value for .Values.global.integrations.argo-cd.server.auth.type: %s. Allowed values are: [password token]" $argoCdAuth.type) }} {{- end }} {{- end }} {{/* -Determine argocd server password. +Used by gitops-operator, event-reporter and sources-server to use the correct secret name/key for argo-cd token */}} -{{- define "codefresh-gitops-runtime.argocd.server.username-env-var" }} - {{- if and (index .Values "argo-cd" "enabled") }} -valueFrom: - configMapKeyRef: - name: cap-app-proxy-cm - key: argoCdUsername - optional: true - {{- else if and (index .Values "global" "external-argo-cd" "auth" "usernameSecretKeyRef") }} -valueFrom: - secretKeyRef: -{{- index .Values "global" "external-argo-cd" "auth" "usernameSecretKeyRef" | toYaml | nindent 4 }} - {{- else if and (index .Values "global" "external-argo-cd" "auth" "username") }} -{{- printf "%s" (index .Values "global" "external-argo-cd" "auth" "username") }} +{{- define "codefresh-gitops-runtime.argocd-token-auth" }} + {{- $argoCdAuth := (index .Values "global" "integrations" "argo-cd" "server" "auth") }} + {{- if (eq $argoCdAuth.type "password") }} +ARGO_CD_TOKEN_SECRET_NAME: argocd-token +ARGO_CD_TOKEN_SECRET_KEY: token + {{- else if (eq $argoCdAuth.type "token") }} + {{- if $argoCdAuth.token }} +ARGO_CD_TOKEN_SECRET_NAME: gitops-runtime-argo-cd-token +ARGO_CD_TOKEN_SECRET_KEY: token + {{- else if $argoCdAuth.tokenSecretKeyRef }} +ARGO_CD_TOKEN_SECRET_NAME: {{ required ".Values.global.integrations.argo-cd.server.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name }} +ARGO_CD_TOKEN_SECRET_KEY: {{ required ".Values.global.integrations.argo-cd.server.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key }} + {{- end }} {{- else }} -{{ fail "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.username or .Values.global.external-argo-cd.auth.usernameSecretKeyRef is not set" }} + {{ fail (printf "Invalid value for .Values.global.integrations.argo-cd.server.auth.type: %s. Allowed values are: [password token]" $argoCdAuth.type) }} {{- end }} {{- end }} {{/* -Determine argocd server password. +Determine argocd server username ConfigMap. */}} {{- define "codefresh-gitops-runtime.argocd.server.username-cm" }} - {{- if and (index .Values "argo-cd" "enabled") }} - {{- printf "%s" (index .Values "app-proxy" "config" "argoCdUsername") }} - {{- else if and (index .Values "global" "external-argo-cd" "auth" "username") }} - {{- printf "%s" (index .Values "global" "external-argo-cd" "auth" "username") }} - {{- else }} - {{- fail "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.username is not set" }} + {{- $externalArgoCDValues := (index .Values "global" "integrations" "argo-cd" "server" "auth") }} + {{- if (eq $externalArgoCDValues.type "password") }} + {{- coalesce (index .Values "app-proxy" "config" "argoCdUsername") (index .Values "global" "integrations" "argo-cd" "server" "auth" "username") "" }} {{- end }} {{- end }} @@ -332,11 +307,11 @@ Determine argocd redis url */}} {{- define "codefresh-gitops-runtime.argocd.redis.url" -}} {{- $argoCDValues := (get .Values "argo-cd") }} -{{- if and (index .Values "argo-cd" "enabled") }} +{{- if (index .Values "argo-cd" "enabled") }} {{- $serviceName := include "codefresh-gitops-runtime.argocd.redis.servicename" . }} {{- $port := include "codefresh-gitops-runtime.argocd.redis.serviceport" . }} {{- printf "%s:%s" $serviceName $port }} -{{- else if and (index .Values "global" "external-argo-cd" "redis") }} +{{- else if (index .Values "global" "external-argo-cd" "redis") }} {{- $redis := (index .Values "global" "external-argo-cd" "redis") }} {{- $svc := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.svc is not set" $redis.svc }} {{- $port := required "ArgoCD is not enabled and .Values.global.external-argo-cd.redis.port is not set" $redis.port }} diff --git a/charts/gitops-runtime/templates/app-proxy/config.yaml b/charts/gitops-runtime/templates/app-proxy/config.yaml index 7cbfb544..4da5a020 100644 --- a/charts/gitops-runtime/templates/app-proxy/config.yaml +++ b/charts/gitops-runtime/templates/app-proxy/config.yaml @@ -7,7 +7,11 @@ {{- if not $appProxyContext.Values.config.argoCdUrl }} {{ $_ := set $appProxyContext.Values.config "argoCdUrl" $argoCdUrl }} {{- end }} -{{- $_ := set $appProxyContext.Values.config "argoCdUsername" $argoCdUsername }} +{{- if $argoCdUsername }} + {{- $_ := set $appProxyContext.Values.config "argoCdUsername" $argoCdUsername }} +{{- else }} + {{ $_ := unset $appProxyContext.Values.config "argoCdUsername" }} +{{- end }} {{- if index (get .Values "argo-workflows") "enabled" }} {{- if not $appProxyContext.Values.config.argoWorkflowsUrl }} {{- $argoWorkflowsUrl := include "codefresh-gitops-runtime.argo-workflows.server.url" . }} diff --git a/charts/gitops-runtime/templates/app-proxy/external-argocd-token.yaml b/charts/gitops-runtime/templates/app-proxy/external-argocd-token.yaml index f96892a4..2b66ae9a 100644 --- a/charts/gitops-runtime/templates/app-proxy/external-argocd-token.yaml +++ b/charts/gitops-runtime/templates/app-proxy/external-argocd-token.yaml @@ -1,5 +1,5 @@ -{{- $externalArgoCDValues := (index .Values "global" "external-argo-cd" "auth") }} -{{- if $externalArgoCDValues.password -}} +{{- $argoCdAuth := (index .Values "global" "integrations" "argo-cd" "server" "auth") }} +{{- if $argoCdAuth.password }} --- apiVersion: v1 kind: Secret @@ -9,10 +9,10 @@ metadata: {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} type: Opaque stringData: - token: {{ $externalArgoCDValues.password }} + token: {{ $argoCdAuth.password }} {{- end }} -{{- if $externalArgoCDValues.token -}} +{{- if $argoCdAuth.token }} --- apiVersion: v1 kind: Secret @@ -22,5 +22,5 @@ metadata: {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }} type: Opaque stringData: - token: {{ $externalArgoCDValues.token }} + token: {{ $argoCdAuth.token }} {{- end }} diff --git a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml index 81b56609..41a1108c 100644 --- a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml +++ b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml @@ -6,18 +6,6 @@ {{- $_ := set $context "Values" $vals }} {{- $_ := set $context.Values "global" (deepCopy (get .Values "global")) }} -{{- if and (not (index .Values "argo-cd" "enabled")) }} - {{- if and (eq (index .Values "global" "external-argo-cd" "auth" "type") "token") }} - {{- if not (index $context.Values "global" "external-argo-cd" "auth" "token") }} - {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "name")) }} - {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index $context.Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key")) }} - {{- else }} - {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }} - {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }} - {{- end }} - {{- end }} -{{- end }} - {{/* Set argo-cd-server service and port */}} {{ if not (index $context.Values "env" "ARGO_CD_URL") }} {{- $_ := set $context.Values.env "ARGO_CD_URL" (include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . ) }} @@ -25,22 +13,16 @@ {{/* Set workflows url */}} {{- if index .Values "argo-workflows" "enabled" }} - {{- if not $context.Values.env.ARGO_WF_URL }} - {{- $argoWorkflowsUrl := include "codefresh-gitops-runtime.argo-workflows.server.url" . }} - {{- $_ := set $context.Values.env "ARGO_WF_URL" $argoWorkflowsUrl }} - {{- end }} + {{- if not $context.Values.env.ARGO_WF_URL }} + {{- $argoWorkflowsUrl := include "codefresh-gitops-runtime.argo-workflows.server.url" . }} + {{- $_ := set $context.Values.env "ARGO_WF_URL" $argoWorkflowsUrl }} + {{- end }} {{- end}} {{/* Set certificates */}} {{- if or $context.Values.global.codefresh.tls.caCerts.secret.create $context.Values.global.codefresh.tls.caCerts.secretKeyRef}} - {{- $_ := set $context.Values.global.codefresh.tls.caCerts.secretKeyRef "name" ($context.Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" $context.Values.global.codefresh.tls.caCerts.secretKeyRef.name) }} - {{- $_ := set $context.Values.global.codefresh.tls.caCerts.secretKeyRef "key" ($context.Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" $context.Values.global.codefresh.tls.caCerts.secret.key) $context.Values.global.codefresh.tls.caCerts.secretKeyRef.key) }} -{{- end }} - -{{- if and (gt (int $context.Values.replicaCount) 1 ) }} -{{- $_ := set $context.Values.env "LEADER_ELECT" "true" }} -{{- else }} -{{- $_ := set $context.Values.env "LEADER_ELECT" "false" }} + {{- $_ := set $context.Values.global.codefresh.tls.caCerts.secretKeyRef "name" ($context.Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" $context.Values.global.codefresh.tls.caCerts.secretKeyRef.name) }} + {{- $_ := set $context.Values.global.codefresh.tls.caCerts.secretKeyRef "key" ($context.Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" $context.Values.global.codefresh.tls.caCerts.secret.key) $context.Values.global.codefresh.tls.caCerts.secretKeyRef.key) }} {{- end }} {{- include "gitops-operator.resources.deployment" $context }} diff --git a/charts/gitops-runtime/tests/argo-projects-templates-integration_test.yaml b/charts/gitops-runtime/tests/argo-projects-templates-integration_test.yaml index 7b79c4fc..3f496141 100644 --- a/charts/gitops-runtime/tests/argo-projects-templates-integration_test.yaml +++ b/charts/gitops-runtime/tests/argo-projects-templates-integration_test.yaml @@ -29,12 +29,15 @@ tests: values: - ./values/mandatory-values.yaml set: - argo-cd.fullnameOverride: argo-cd-test - argo-cd.configs.params.server\.insecure: false + argo-cd: + fullnameOverride: argo-cd-testasd + configs: + params: + "server.insecure": false asserts: - equal: path: data.argoCdUrl - value: https://argo-cd-test-server:443 + value: https://argo-cd-testasd-server:443 # ------------------------------------------------------------------------------------------ # Argo Workflows diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml index a8bee393..02c42c81 100644 --- a/charts/gitops-runtime/tests/external_argocd_test.yaml +++ b/charts/gitops-runtime/tests/external_argocd_test.yaml @@ -19,7 +19,7 @@ tests: path: data.argoCdUrl value: http://my-argocd-server - - it: app-proxy ConfigMap should have valid ArgoCd Username + - it: app-proxy ConfigMap should have valid default ArgoCd Username values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml @@ -35,25 +35,80 @@ tests: - ./values/external-argocd-values.yaml template: app-proxy/config.yaml set: - global.external-argo-cd.auth.username: adminoverride + global: + integrations: + argo-cd: + server: + auth: + username: adminoverride asserts: - equal: path: data.argoCdUsername value: adminoverride - - it: app-proxy ConfigMap should have isExternalArgoCD key set to true + - it: app-proxy ConfigMap override priority should prefer value from app-proxy.config (for backward compatibility) values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml template: app-proxy/config.yaml set: - global.external-argo-cd.auth.username: adminoverride + global: + integrations: + argo-cd: + server: + auth: + username: external-adminoverride + app-proxy: + config: + argoCdUsername: app-proxy-adminoverride + asserts: + - equal: + path: data.argoCdUsername + value: app-proxy-adminoverride + + - it: app-proxy ConfigMap should *not* have username, if auth.type is token + values: + - ./values/mandatory-values-ingress.yaml + - ./values/external-argocd-values.yaml + template: app-proxy/config.yaml + set: + global: + integrations: + argo-cd: + server: + auth: + type: token + token: some-token + asserts: + - notExists: + path: data.argoCdUsername + + - it: app-proxy ConfigMap should have isExternalArgoCD key set to true + values: + - ./values/mandatory-values-ingress.yaml + - ./values/external-argocd-values.yaml + template: app-proxy/config.yaml asserts: - equal: path: data.isExternalArgoCD value: "true" - - it: app-proxy Deployment should have valid ARGO_CD_PASSWORD env var set via passwordSecretKeyRef + - it: app-proxy Deployment should have valid deafult ARGO_CD_USERNAME env var if auth.type is password + values: + - ./values/mandatory-values-ingress.yaml + - ./values/external-argocd-values.yaml + template: app-proxy/deployment.yaml + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ARGO_CD_USERNAME + valueFrom: + configMapKeyRef: + key: argoCdUsername + name: cap-app-proxy-cm + + - it: app-proxy Deployment should have valid deafult ARGO_CD_PASSWORD env var set via passwordSecretKeyRef values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml @@ -68,14 +123,42 @@ tests: key: password name: argocd-initial-admin-secret + - it: app-proxy Deployment should have valid ARGO_CD_PASSWORD env var set via passwordSecretKeyRef override + values: + - ./values/mandatory-values-ingress.yaml + - ./values/external-argocd-values.yaml + template: app-proxy/deployment.yaml + set: + global: + integrations: + argo-cd: + server: + auth: + passwordSecretKeyRef: + name: name-override + key: key-override + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: ARGO_CD_PASSWORD + valueFrom: + secretKeyRef: + key: key-override + name: name-override + - it: app-proxy Deploymeny should have valid ARGO_CD_PASSWORD env var set via plaintext password values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml template: app-proxy/deployment.yaml set: - global.external-argo-cd.auth.passwordSecretKeyRef: [] - global.external-argo-cd.auth.password: token + global: + integrations: + argo-cd: + server: + auth: + password: token asserts: - contains: path: spec.template.spec.containers[0].env @@ -86,29 +169,71 @@ tests: key: token name: gitops-runtime-argo-cd-password - - it: app-proxy Deployment should have valid ARGO_CD_USERNAME env var set via plaintext username + - it: app-proxy Deployment should *not* have ARGO_CD_TOKEN env var if auth.type is password values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml template: app-proxy/deployment.yaml - set: - global.external-argo-cd.auth.username: adminoverride asserts: - - contains: + - notContains: + any: true + path: spec.template.spec.containers[0].env + content: + name: ARGO_CD_TOKEN + + - it: app-proxy Deployment should *not* have ARGO_CD_USERNAME env var if auth.type is token + values: + - ./values/mandatory-values-ingress.yaml + - ./values/external-argocd-values.yaml + template: app-proxy/deployment.yaml + set: + global: + integrations: + argo-cd: + server: + auth: + type: token + token: plaintexttoken + asserts: + - notContains: + any: true path: spec.template.spec.containers[0].env content: name: ARGO_CD_USERNAME - value: adminoverride - - it: app-proxy Deployment should have valid ARGO_CD_TOKEN env var set via tokenSecretKeyRef + - it: app-proxy Deployment should *not* have ARGO_CD_PASSWORD env var if auth.type is token + values: + - ./values/mandatory-values-ingress.yaml + - ./values/external-argocd-values.yaml + template: app-proxy/deployment.yaml + set: + global: + integrations: + argo-cd: + server: + auth: + type: token + token: plaintexttoken + asserts: + - notContains: + any: true + path: spec.template.spec.containers[0].env + content: + name: ARGO_CD_PASSWORD + + - it: app-proxy Deployment should have valid ARGO_CD_TOKEN env var set via plaintext token values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml template: app-proxy/deployment.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.tokenSecretKeyRef.name: my-argocd-secret - global.external-argo-cd.auth.tokenSecretKeyRef.key: my-token + global: + integrations: + argo-cd: + server: + auth: + type: token + token: plaintexttoken asserts: - contains: path: spec.template.spec.containers[0].env @@ -116,17 +241,24 @@ tests: name: ARGO_CD_TOKEN valueFrom: secretKeyRef: - key: my-token - name: my-argocd-secret + key: token + name: gitops-runtime-argo-cd-token - - it: app-proxy Deployment should have valid ARGO_CD_TOKEN env var set via plaintext token + - it: app-proxy Deployment should have valid ARGO_CD_TOKEN env var set via tokenSecretKeyRef values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml template: app-proxy/deployment.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: "plaintexttoken" + global: + integrations: + argo-cd: + server: + auth: + type: token + tokenSecretKeyRef: + name: my-argocd-secret + key: my-token asserts: - contains: path: spec.template.spec.containers[0].env @@ -134,8 +266,8 @@ tests: name: ARGO_CD_TOKEN valueFrom: secretKeyRef: - key: token - name: gitops-runtime-argo-cd-token + name: my-argocd-secret + key: my-token - it: gitops-operator Deployment should have valid ARGO_CD_TOKEN_SECRET_NAME env var set via tokenSecretKeyRef values: @@ -143,15 +275,21 @@ tests: - ./values/external-argocd-values.yaml template: gitops-operator/deployment.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.tokenSecretKeyRef.name: my-argocd-token-secret - global.external-argo-cd.auth.tokenSecretKeyRef.key: my-token + global: + integrations: + argo-cd: + server: + auth: + type: token + tokenSecretKeyRef: + name: my-argocd-secret + key: my-token asserts: - contains: path: spec.template.spec.containers[0].env content: name: ARGO_CD_TOKEN_SECRET_NAME - value: my-argocd-token-secret + value: my-argocd-secret - it: gitops-operator Deployment should have valid ARGO_CD_TOKEN_SECRET_KEY env var set via tokenSecretKeyRef values: @@ -159,9 +297,15 @@ tests: - ./values/external-argocd-values.yaml template: gitops-operator/deployment.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.tokenSecretKeyRef.name: my-argocd-token-secret - global.external-argo-cd.auth.tokenSecretKeyRef.key: my-token + global: + integrations: + argo-cd: + server: + auth: + type: token + tokenSecretKeyRef: + name: my-argocd-secret + key: my-token asserts: - contains: path: spec.template.spec.containers[0].env @@ -175,8 +319,13 @@ tests: - ./values/external-argocd-values.yaml template: gitops-operator/deployment.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: "plaintexttoken" + global: + integrations: + argo-cd: + server: + auth: + type: token + token: "plaintexttoken" asserts: - contains: path: spec.template.spec.containers[0].env @@ -190,8 +339,13 @@ tests: - ./values/external-argocd-values.yaml template: gitops-operator/deployment.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: "plaintexttoken" + global: + integrations: + argo-cd: + server: + auth: + type: token + token: "plaintexttoken" asserts: - contains: path: spec.template.spec.containers[0].env @@ -305,15 +459,21 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.tokenSecretKeyRef.name: my-argocd-token-secret - global.external-argo-cd.auth.tokenSecretKeyRef.key: my-token + global: + integrations: + argo-cd: + server: + auth: + type: token + tokenSecretKeyRef: + name: my-argocd-token + key: my-token asserts: - contains: path: spec.template.spec.containers[0].env content: name: ARGO_CD_TOKEN_SECRET_NAME - value: my-argocd-token-secret + value: my-argocd-token - it: event-reporter StatefulSet should have valid ARGO_CD_TOKEN_SECRET_KEY env var set via tokenSecretKeyRef template: cf-argocd-extras/event-reporter/statefulset.yaml @@ -321,9 +481,15 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.tokenSecretKeyRef.name: my-argocd-token-secret - global.external-argo-cd.auth.tokenSecretKeyRef.key: my-token + global: + integrations: + argo-cd: + server: + auth: + type: token + tokenSecretKeyRef: + name: my-argocd-token + key: my-token asserts: - contains: path: spec.template.spec.containers[0].env @@ -337,8 +503,13 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: "plaintexttoken" + global: + integrations: + argo-cd: + server: + auth: + type: token + token: "plaintexttoken" asserts: - contains: path: spec.template.spec.containers[0].env @@ -352,8 +523,13 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: "plaintexttoken" + global: + integrations: + argo-cd: + server: + auth: + type: token + token: "plaintexttoken" asserts: - contains: path: spec.template.spec.containers[0].env @@ -421,15 +597,21 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.tokenSecretKeyRef.name: my-argocd-token-secret - global.external-argo-cd.auth.tokenSecretKeyRef.key: my-token + global: + integrations: + argo-cd: + server: + auth: + type: token + tokenSecretKeyRef: + name: my-argocd-token + key: my-token asserts: - contains: path: spec.template.spec.containers[0].env content: name: ARGO_CD_TOKEN_SECRET_NAME - value: my-argocd-token-secret + value: my-argocd-token - it: sources-server Deployment should have valid ARGO_CD_TOKEN_SECRET_KEY env var set via tokenSecretKeyRef template: cf-argocd-extras/sources-server/deployment.yaml @@ -437,9 +619,15 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.tokenSecretKeyRef.name: my-argocd-token-secret - global.external-argo-cd.auth.tokenSecretKeyRef.key: my-token + global: + integrations: + argo-cd: + server: + auth: + type: token + tokenSecretKeyRef: + name: my-argocd-token + key: my-token asserts: - contains: path: spec.template.spec.containers[0].env @@ -453,8 +641,13 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: "plaintexttoken" + global: + integrations: + argo-cd: + server: + auth: + type: token + token: "plaintexttoken" asserts: - contains: path: spec.template.spec.containers[0].env @@ -468,8 +661,13 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: "plaintexttoken" + global: + integrations: + argo-cd: + server: + auth: + type: token + token: "plaintexttoken" asserts: - contains: path: spec.template.spec.containers[0].env @@ -477,26 +675,15 @@ tests: name: ARGO_CD_TOKEN_SECRET_KEY value: token - - it: should require ArgoCd password if auth.type=password is set and no password is provided - values: - - ./values/mandatory-values-ingress.yaml - - ./values/external-argocd-values.yaml - template: app-proxy/deployment.yaml - set: - global.external-argo-cd.auth.type: password - global.external-argo-cd.auth.password: null - global.external-argo-cd.auth.passwordSecretKeyRef: [] - asserts: - - failedTemplate: - errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.auth.password or .Values.global.external-argo-cd.auth.passwordSecretKeyRef is not set" - - it: should require ArgoCd redis address if it's not provided template: cf-argocd-extras/sources-server/deployment.yaml values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.redis: null + global: + external-argo-cd: + redis: null asserts: - failedTemplate: errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.redis is not set" @@ -507,7 +694,9 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.repoServer: null + global: + external-argo-cd: + repoServer: null asserts: - failedTemplate: errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.repoServer is not set" @@ -516,12 +705,16 @@ tests: values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml - template: app-proxy/deployment.yaml set: - global.external-argo-cd.auth.type: invalid + global: + integrations: + argo-cd: + server: + auth: + type: invalid asserts: - failedTemplate: - errorMessage: "Invalid value for .Values.global.external-argo-cd.auth.type: invalid. Allowed values are: [password token]" + errorMessage: "Invalid value for .Values.global.integrations.argo-cd.server.auth.type: invalid. Allowed values are: [password token]" - it: event-reporter StatefulSet should have valid ARGOCD_SERVER_ROOTPATH env var template: cf-argocd-extras/event-reporter/statefulset.yaml @@ -529,7 +722,10 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.server.rootpath: /argocd + global: + external-argo-cd: + server: + rootpath: /argocd asserts: - contains: path: spec.template.spec.containers[0].env @@ -543,7 +739,10 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.server.rootpath: /argocd + global: + external-argo-cd: + server: + rootpath: /argocd asserts: - contains: path: spec.template.spec.containers[0].env @@ -557,7 +756,10 @@ tests: - ./values/external-argocd-values.yaml template: app-proxy/config.yaml set: - global.external-argo-cd.server.rootpath: /argocd + global: + external-argo-cd: + server: + rootpath: /argocd asserts: - equal: path: data.argoCdUrl @@ -569,7 +771,10 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.server.rootpath: /argocd + global: + external-argo-cd: + server: + rootpath: /argocd asserts: - contains: path: spec.template.spec.containers[0].env @@ -583,8 +788,13 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: mytoken + global: + integrations: + argo-cd: + server: + auth: + type: token + token: mytoken asserts: - isKind: of: Secret @@ -600,8 +810,13 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: password - global.external-argo-cd.auth.password: mypassword + global: + integrations: + argo-cd: + server: + auth: + type: password + password: mypassword asserts: - isKind: of: Secret @@ -625,18 +840,23 @@ tests: pattern: "name: sources-server" - it: should require ArgoCd token if auth.type=token is set and no token is provided - template: cf-argocd-extras/sources-server/deployment.yaml values: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.auth.type: token - global.external-argo-cd.auth.token: null - global.external-argo-cd.auth.tokenSecretKeyRef.name: null - global.external-argo-cd.auth.tokenSecretKeyRef.key: null + global: + integrations: + argo-cd: + server: + auth: + type: token + token: null + tokenSecretKeyRef: + name: null + key: null asserts: - failedTemplate: - errorMessage: ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" + errorMessage: ".Values.global.integrations.argo-cd.server.auth.type is set to 'token' therefore .Values.global.integrations.argo-cd.server.auth.tokenSecretKeyRef.name is required" - it: should require ArgoCd server address if it's not provided template: cf-argocd-extras/sources-server/deployment.yaml @@ -644,7 +864,9 @@ tests: - ./values/mandatory-values-ingress.yaml - ./values/external-argocd-values.yaml set: - global.external-argo-cd.server: null + global: + external-argo-cd: + server: null asserts: - failedTemplate: errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.server is not set" diff --git a/charts/gitops-runtime/tests/values/external-argocd-values.yaml b/charts/gitops-runtime/tests/values/external-argocd-values.yaml index 5bc63344..db86d10d 100644 --- a/charts/gitops-runtime/tests/values/external-argocd-values.yaml +++ b/charts/gitops-runtime/tests/values/external-argocd-values.yaml @@ -13,20 +13,6 @@ global: repoServer: svc: my-argocd-repo-server port: 8081 - auth: - type: password - - username: "admin" - password: "" - passwordSecretKeyRef: - name: argocd-initial-admin-secret - key: password - - token: "" - tokenSecretKeyRef: - name: "" - key: "" argo-cd: enabled: false - diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 2da706db..2795a922 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -131,6 +131,32 @@ global: cpu: 200m memory: 1Gi ephemeral-storage: 2Gi + integrations: + argo-cd: + server: + # -- How GitOps Runtime should authenticate with ArgoCD server + auth: + # -- Authentication type. Can be password or token + type: password + # If `auth.type=password` is set + # -- ArgoCD username in plain text + username: "admin" + # -- ArgoCD password in plain text + password: "" + # -- ArgoCD password referenced by an existing secret + passwordSecretKeyRef: + name: argocd-initial-admin-secret + key: password + # If `auth.type=token` is set + # -- ArgoCD token in plain text + token: "" + # -- ArgoCD token referenced by an existing secret + tokenSecretKeyRef: {} + # e.g: + # tokenSecretKeyRef: + # name: argocd-token + # key: token + # -- Configuration for external ArgoCD # Should be used when `argo-cd.enabled` is set to false external-argo-cd: @@ -154,29 +180,7 @@ global: svc: argocd-repo-server # -- Port of the ArgoCD repo server port: 8081 - # -- ArgoCD username in plain text - # -- How GitOps Runtime should authenticate with ArgoCD - auth: - # -- Authentication type. Can be password or token - type: password - # If `auth.type=password` is set - # -- ArgoCD username in plain text - username: "admin" - # -- ArgoCD password in plain text - password: "" - # -- ArgoCD password referenced by an existing secret - passwordSecretKeyRef: - name: argocd-initial-admin-secret - key: password - # If `auth.type=token` is set - # -- ArgoCD token in plain text - token: "" - # -- ArgoCD token referenced by an existing secret - tokenSecretKeyRef: {} - # e.g: - # tokenSecretKeyRef: - # name: argocd-token - # key: token + # -- Configuration for external Argo Rollouts external-argo-rollouts: # -- Rollout reporter settings @@ -564,14 +568,14 @@ app-proxy: tag: 1.1.16-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3791.0 + tag: 1.3798.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3791.0 + tag: 1.3798.0 pullPolicy: IfNotPresent command: - ./init.sh @@ -613,8 +617,8 @@ app-proxy: nameOverride: "" fullnameOverride: "cap-app-proxy" config: - # -- ArgoCD user to be used by app-proxy - argoCdUsername: "admin" + # -- deprecated. use `global.external-argo-cd.auth.username` instead + argoCdUsername: "" # -- ArgoCD Url. determined by chart logic. Do not change unless you are certain you need to argoCdUrl: # -- Workflows server url. Determined by chart logic. Do not change unless you are certain you need to diff --git a/scripts/helm-unittests.sh b/scripts/helm-unittests.sh index b33be9f8..e8c30d09 100755 --- a/scripts/helm-unittests.sh +++ b/scripts/helm-unittests.sh @@ -5,4 +5,4 @@ CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)" echo "$CHART_DIR" echo "Running Helm unittests" -docker run --entrypoint "/bin/sh" -it --rm -v $CHART_DIR/charts:/charts alpine/helm:3.14.4 -c 'helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 0.5.1 && helm unittest /charts/gitops-runtime' +docker run --entrypoint "/bin/sh" -it --rm -v $CHART_DIR/charts:/charts alpine/helm:3.19.0 -c 'helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 1.0.2 && helm unittest /charts/gitops-runtime' diff --git a/tests/component-tests/setup/values/gitea.values.yaml b/tests/component-tests/setup/values/gitea.values.yaml index 4629621e..51729b97 100644 --- a/tests/component-tests/setup/values/gitea.values.yaml +++ b/tests/component-tests/setup/values/gitea.values.yaml @@ -8,9 +8,15 @@ # These values are used by the Helm install command in the test suite to # ensure a minimal and reliable Gitea setup for testing purposes. # ----------------------------------------------------------------------------- -redis-cluster: - enabled: false postgresql-ha: enabled: false -postgresql: - enabled: true + +valkey-cluster: + enabled: false + +gitea: + config: + database: + DB_TYPE: sqlite3 + HOST: localhost + PORT: 3306