diff --git a/charts/builder/Chart.yaml b/charts/builder/Chart.yaml index cfb75868..8628f9fa 100644 --- a/charts/builder/Chart.yaml +++ b/charts/builder/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for default system/root runtime Builder (onprem) name: builder -version: 1.4.0 +version: 2.0.0 keywords: - codefresh - dind diff --git a/charts/builder/README.md b/charts/builder/README.md index c0b25589..7c8ed469 100644 --- a/charts/builder/README.md +++ b/charts/builder/README.md @@ -1,6 +1,6 @@ # builder -![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) Helm Chart for default system/root runtime Builder (onprem) @@ -23,23 +23,18 @@ Helm Chart for default system/root runtime Builder (onprem) | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | -| cleaner.image.pullPolicy | string | `"IfNotPresent"` | | -| cleaner.image.registry | string | `"quay.io"` | | -| cleaner.image.repository | string | `"codefresh/docker-cleaner"` | | -| cleaner.image.tag | string | `"24.0"` | | | configMaps.config.data."daemon.json" | string | `"{\n \"hosts\": [ \"unix:///var/run/docker.sock\",\n \"tcp://0.0.0.0:{{ .Values.service.main.ports.dind.port }}\"],\n \"storage-driver\": \"overlay2\",\n \"tlsverify\": true,\n \"tls\": true,\n \"tlscacert\": \"/etc/ssl/cf/ca.pem\",\n \"tlscert\": \"/etc/ssl/cf/cert.pem\",\n \"tlskey\": \"/etc/ssl/cf/key.pem\",\n \"insecure-registries\" : [ {{- range $i, $e := .Values.insecureRegistries }} {{- if $i }},{{ end }} {{ $e | quote }} {{- end }} ]\n}\n"` | | -| configMaps.config.data.docker-cleaner | string | `"#!/bin/sh\necho \"$0 - $(date)\" | tee -a /var/log/cleaner.log\nCLEANER_IMAGE={{ include (printf \"cf-common-%s.image.name\" (index .Subcharts \"cf-common\").Chart.Version ) (dict \"image\" .Values.cleaner.image \"context\" .) }}\ndocker pull $CLEANER_IMAGE\ndocker run --rm --name rt-cleaner -v /var/run/docker.sock:/var/run/docker.sock:rw --label io.codefresh.owner=codefresh -e GRACE_PERIOD_SECONDS=86400 --cpu-shares=10 $CLEANER_IMAGE ./docker-gc >> /var/log/cleaner.log 2>&1\n"` | | | configMaps.config.data.register | string | `"#!/bin/sh\nset -e\nNODE_NAME=\"$1\"\nSUBDOMAIN=\"$2\"\nNODE_ADDRESS=\"$1.$2\"\nCONSUL={{ include (printf \"cf-common-%s.classic.calculateConsulUri\" (index .Subcharts \"cf-common\").Chart.Version ) . }}\nACCOUNT=codefresh\nROLE=builder\nPROVIDER='\n{\n \"name\": \"kube-nodes\",\n \"type\": \"internal\"\n}'\nSYSTEM_DATA='{\"os_name\": \"dind\"}'\nNODE_SERVICE='\n{\n \"Node\": \"'${NODE_NAME}'\",\n \"Address\": \"'${NODE_ADDRESS}'\",\n \"Service\": {\n \"Service\": \"docker-node\",\n \"Tags\": [\n \"dind\",\n \"noagent\",\n \"account_codefresh\",\n \"type_builder\"\n ],\n \"Address\": \"'${NODE_ADDRESS}'\",\n \"Port\": {{ .Values.service.main.ports.dind.port }}\n },\n \"Check\": {\n \"Node\": \"\",\n \"CheckID\": \"service:docker-node\",\n \"Name\": \"Remote Node Check\",\n \"Notes\": \"Check builder is up and running\",\n \"Output\": \"Builder alive and reachable\",\n \"Status\": \"passing\",\n \"ServiceID\": \"docker-node\"\n }\n}'\necho \"Registering dind node ($NODE_NAME) in consul. Configuration: ${NODE_SERVICE}\"\ncurl -X PUT -d \"${NODE_SERVICE}\" ${CONSUL}/v1/catalog/register\ncurl -X PUT -d \"${NODE_ADDRESS}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/publicAddress\ncurl -X PUT -d \"${ACCOUNT}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/account\ncurl -X PUT -d \"${ROLE}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/role\ncurl -X PUT -d \"${PROVIDER}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/systemData\ncurl -X PUT -d \"${SYSTEM_DATA}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/provider\n"` | | | configMaps.config.enabled | bool | `true` | | | container.command[0] | string | `"/bin/sh"` | | | container.command[1] | string | `"-c"` | | -| container.command[2] | string | `"rm -fv /var/run/docker.pid\nmkdir -p /var/run/codefresh\n# Adding cleaner\ncp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh\nif [[ -n \"${DOCKER_CLEANER_CRON}\" ]]; then\n echo \"Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh\"\n echo \"${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh \" >> /etc/crontabs/root\n crond\nfi\ndockerd\n"` | | +| container.command[2] | string | `"./run.sh\n"` | | | container.containerSecurityContext.privileged | bool | `true` | | -| container.env.DOCKER_CLEANER_CRON | string | `"0 0 * * *"` | | +| container.env.CLEAN_DOCKER | string | `"true"` | | | container.image.pullPolicy | string | `"IfNotPresent"` | | -| container.image.registry | string | `"docker.io"` | | -| container.image.repository | string | `"docker"` | | -| container.image.tag | string | `"24.0-dind"` | | +| container.image.registry | string | `"quay.io"` | | +| container.image.repository | string | `"codefresh/dind"` | | +| container.image.tag | string | `"26.1.4-1.28.8"` | | | container.resources.limits | object | `{}` | | | container.resources.requests | object | `{}` | | | container.volumeMounts.cf-certs.path[0].mountPath | string | `"/etc/ssl/cf"` | | @@ -47,9 +42,9 @@ Helm Chart for default system/root runtime Builder (onprem) | container.volumeMounts.config.path[0].mountPath | string | `"/etc/docker/daemon.json"` | | | container.volumeMounts.config.path[0].readOnly | bool | `true` | | | container.volumeMounts.config.path[0].subPath | string | `"daemon.json"` | | -| container.volumeMounts.config.path[1].mountPath | string | `"/opt/dind/docker-cleaner.sh"` | | -| container.volumeMounts.config.path[1].subPath | string | `"docker-cleaner"` | | -| controller | object | `{"enabled":true,"replicas":1,"type":"statefulset"}` | --------------------------------------------------------------------------------------------------------------------- | +| controller.enabled | bool | `true` | | +| controller.replicas | int | `1` | | +| controller.type | string | `"statefulset"` | | | global.consulHost | string | `""` | | | global.consulHttpPort | int | `8500` | | | global.consulService | string | `"consul-headless"` | | @@ -68,7 +63,7 @@ Helm Chart for default system/root runtime Builder (onprem) | initContainers.register.image.tag | string | `"8.4.0"` | | | initContainers.register.volumeMounts.config.path[0].mountPath | string | `"/opt/dind/register"` | | | initContainers.register.volumeMounts.config.path[0].subPath | string | `"register"` | | -| insecureRegistries | list | `[]` | --------------------------------------------------------------------------------------------------------------------- Backward compatibility with values/templates in cf-helm | +| insecureRegistries | list | `[]` | | | nodeSelector | object | `{}` | | | pdb | object | `{}` | | | podAnnotations.checksum/config | string | `"{{ include (print .Template.BasePath \"/configmap.yaml\") . | sha256sum }}"` | | @@ -83,6 +78,7 @@ Helm Chart for default system/root runtime Builder (onprem) | tolerations | list | `[]` | | | topologySpreadConstraints | list | `[]` | | | varLibDockerVolume.accessMode | string | `nil` | | +| varLibDockerVolume.storageClass | string | `nil` | | | varLibDockerVolume.storageSize | string | `nil` | | | volumeClaimTemplates.varlibdocker.accessMode | string | `"ReadWriteOnce"` | | | volumeClaimTemplates.varlibdocker.mountPath | string | `"/var/lib/docker"` | | diff --git a/charts/builder/values.yaml b/charts/builder/values.yaml index 2b6eb0ec..1ba80e94 100644 --- a/charts/builder/values.yaml +++ b/charts/builder/values.yaml @@ -2,31 +2,16 @@ global: imageRegistry: "" - # Backward compatibility with values/templates in cf-helm - # These values are defined in cf-helm `values.yaml/secrets.yaml`. But listing them here for verbosity. consulHost: "" consulService: consul-headless consulHttpPort: 8500 -# ----------------------------------------------------------------------------------------------------------------------- -# LEGACY VALUES -# ----------------------------------------------------------------------------------------------------------------------- - -# Backward compatibility with values/templates in cf-helm insecureRegistries: [] -cleaner: - image: - registry: quay.io - repository: codefresh/docker-cleaner - tag: "24.0" - pullPolicy: IfNotPresent + varLibDockerVolume: accessMode: storageSize: - -# ----------------------------------------------------------------------------------------------------------------------- -# NEW VALUES -# ----------------------------------------------------------------------------------------------------------------------- + storageClass: controller: enabled: true @@ -61,40 +46,29 @@ rbac: container: image: - registry: docker.io - repository: docker - tag: 24.0-dind + registry: quay.io + repository: codefresh/dind + tag: 26.1.4-1.28.8 pullPolicy: IfNotPresent command: - "/bin/sh" - "-c" - | - rm -fv /var/run/docker.pid - mkdir -p /var/run/codefresh - # Adding cleaner - cp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh - if [[ -n "${DOCKER_CLEANER_CRON}" ]]; then - echo "Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh" - echo "${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh " >> /etc/crontabs/root - crond - fi - dockerd + ./run.sh + + env: + CLEAN_DOCKER: "true" containerSecurityContext: privileged: true - env: - DOCKER_CLEANER_CRON: "0 0 * * *" - volumeMounts: config: path: - mountPath: /etc/docker/daemon.json readOnly: true subPath: daemon.json - - mountPath: /opt/dind/docker-cleaner.sh - subPath: docker-cleaner cf-certs: path: - mountPath: /etc/ssl/cf @@ -138,13 +112,6 @@ configMaps: "insecure-registries" : [ {{- range $i, $e := .Values.insecureRegistries }} {{- if $i }},{{ end }} {{ $e | quote }} {{- end }} ] } - docker-cleaner: | - #!/bin/sh - echo "$0 - $(date)" | tee -a /var/log/cleaner.log - CLEANER_IMAGE={{ include (printf "cf-common-%s.image.name" (index .Subcharts "cf-common").Chart.Version ) (dict "image" .Values.cleaner.image "context" .) }} - docker pull $CLEANER_IMAGE - docker run --rm --name rt-cleaner -v /var/run/docker.sock:/var/run/docker.sock:rw --label io.codefresh.owner=codefresh -e GRACE_PERIOD_SECONDS=86400 --cpu-shares=10 $CLEANER_IMAGE ./docker-gc >> /var/log/cleaner.log 2>&1 - register: | #!/bin/sh set -e