From fe63ceafb04bf5d82eec93fb29292b8e304df1d0 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 12:49:32 +0300 Subject: [PATCH 1/9] feat(builder): use cf dind --- charts/builder/Chart.yaml | 2 +- charts/builder/values.yaml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/charts/builder/Chart.yaml b/charts/builder/Chart.yaml index cfb75868..8628f9fa 100644 --- a/charts/builder/Chart.yaml +++ b/charts/builder/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for default system/root runtime Builder (onprem) name: builder -version: 1.4.0 +version: 2.0.0 keywords: - codefresh - dind diff --git a/charts/builder/values.yaml b/charts/builder/values.yaml index 2b6eb0ec..d945bebd 100644 --- a/charts/builder/values.yaml +++ b/charts/builder/values.yaml @@ -70,8 +70,6 @@ container: - "/bin/sh" - "-c" - | - rm -fv /var/run/docker.pid - mkdir -p /var/run/codefresh # Adding cleaner cp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh if [[ -n "${DOCKER_CLEANER_CRON}" ]]; then @@ -79,7 +77,7 @@ container: echo "${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh " >> /etc/crontabs/root crond fi - dockerd + run.sh containerSecurityContext: privileged: true From 3eee933c8c36e0569ff13efbc5e8ddea53f736ff Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 12:51:20 +0300 Subject: [PATCH 2/9] feat(builder): use cf dind --- charts/builder/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/builder/README.md b/charts/builder/README.md index c0b25589..96b0b28d 100644 --- a/charts/builder/README.md +++ b/charts/builder/README.md @@ -1,6 +1,6 @@ # builder -![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) Helm Chart for default system/root runtime Builder (onprem) @@ -33,7 +33,7 @@ Helm Chart for default system/root runtime Builder (onprem) | configMaps.config.enabled | bool | `true` | | | container.command[0] | string | `"/bin/sh"` | | | container.command[1] | string | `"-c"` | | -| container.command[2] | string | `"rm -fv /var/run/docker.pid\nmkdir -p /var/run/codefresh\n# Adding cleaner\ncp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh\nif [[ -n \"${DOCKER_CLEANER_CRON}\" ]]; then\n echo \"Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh\"\n echo \"${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh \" >> /etc/crontabs/root\n crond\nfi\ndockerd\n"` | | +| container.command[2] | string | `"# Adding cleaner\ncp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh\nif [[ -n \"${DOCKER_CLEANER_CRON}\" ]]; then\n echo \"Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh\"\n echo \"${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh \" >> /etc/crontabs/root\n crond\nfi\nrun.sh\n"` | | | container.containerSecurityContext.privileged | bool | `true` | | | container.env.DOCKER_CLEANER_CRON | string | `"0 0 * * *"` | | | container.image.pullPolicy | string | `"IfNotPresent"` | | From b0be3ae8d83fbda57b285263765fc1cb77c08642 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 13:09:40 +0300 Subject: [PATCH 3/9] feat(builder): use cf dind --- charts/builder/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/builder/values.yaml b/charts/builder/values.yaml index d945bebd..da954b15 100644 --- a/charts/builder/values.yaml +++ b/charts/builder/values.yaml @@ -61,9 +61,9 @@ rbac: container: image: - registry: docker.io - repository: docker - tag: 24.0-dind + registry: quay.io + repository: codefresh/dind + tag: 26.1.4-1.28.8 pullPolicy: IfNotPresent command: From 2cb8ade5704f241185529e4a5d2af47883454df4 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 13:10:20 +0300 Subject: [PATCH 4/9] feat(builder): use cf dind --- charts/builder/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/builder/README.md b/charts/builder/README.md index 96b0b28d..8e4c24fa 100644 --- a/charts/builder/README.md +++ b/charts/builder/README.md @@ -37,9 +37,9 @@ Helm Chart for default system/root runtime Builder (onprem) | container.containerSecurityContext.privileged | bool | `true` | | | container.env.DOCKER_CLEANER_CRON | string | `"0 0 * * *"` | | | container.image.pullPolicy | string | `"IfNotPresent"` | | -| container.image.registry | string | `"docker.io"` | | -| container.image.repository | string | `"docker"` | | -| container.image.tag | string | `"24.0-dind"` | | +| container.image.registry | string | `"quay.io"` | | +| container.image.repository | string | `"codefresh/dind"` | | +| container.image.tag | string | `"26.1.4-1.28.8"` | | | container.resources.limits | object | `{}` | | | container.resources.requests | object | `{}` | | | container.volumeMounts.cf-certs.path[0].mountPath | string | `"/etc/ssl/cf"` | | From 93fb2ead34ac0b8c77422794e23ad095dbaf0658 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 15:33:24 +0300 Subject: [PATCH 5/9] feat(builder): use cf dind --- charts/builder/values.yaml | 41 +------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/charts/builder/values.yaml b/charts/builder/values.yaml index da954b15..3978dcab 100644 --- a/charts/builder/values.yaml +++ b/charts/builder/values.yaml @@ -2,31 +2,11 @@ global: imageRegistry: "" - # Backward compatibility with values/templates in cf-helm - # These values are defined in cf-helm `values.yaml/secrets.yaml`. But listing them here for verbosity. consulHost: "" consulService: consul-headless consulHttpPort: 8500 -# ----------------------------------------------------------------------------------------------------------------------- -# LEGACY VALUES -# ----------------------------------------------------------------------------------------------------------------------- - -# Backward compatibility with values/templates in cf-helm insecureRegistries: [] -cleaner: - image: - registry: quay.io - repository: codefresh/docker-cleaner - tag: "24.0" - pullPolicy: IfNotPresent -varLibDockerVolume: - accessMode: - storageSize: - -# ----------------------------------------------------------------------------------------------------------------------- -# NEW VALUES -# ----------------------------------------------------------------------------------------------------------------------- controller: enabled: true @@ -70,29 +50,17 @@ container: - "/bin/sh" - "-c" - | - # Adding cleaner - cp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh - if [[ -n "${DOCKER_CLEANER_CRON}" ]]; then - echo "Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh" - echo "${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh " >> /etc/crontabs/root - crond - fi - run.sh + ./run.sh containerSecurityContext: privileged: true - env: - DOCKER_CLEANER_CRON: "0 0 * * *" - volumeMounts: config: path: - mountPath: /etc/docker/daemon.json readOnly: true subPath: daemon.json - - mountPath: /opt/dind/docker-cleaner.sh - subPath: docker-cleaner cf-certs: path: - mountPath: /etc/ssl/cf @@ -136,13 +104,6 @@ configMaps: "insecure-registries" : [ {{- range $i, $e := .Values.insecureRegistries }} {{- if $i }},{{ end }} {{ $e | quote }} {{- end }} ] } - docker-cleaner: | - #!/bin/sh - echo "$0 - $(date)" | tee -a /var/log/cleaner.log - CLEANER_IMAGE={{ include (printf "cf-common-%s.image.name" (index .Subcharts "cf-common").Chart.Version ) (dict "image" .Values.cleaner.image "context" .) }} - docker pull $CLEANER_IMAGE - docker run --rm --name rt-cleaner -v /var/run/docker.sock:/var/run/docker.sock:rw --label io.codefresh.owner=codefresh -e GRACE_PERIOD_SECONDS=86400 --cpu-shares=10 $CLEANER_IMAGE ./docker-gc >> /var/log/cleaner.log 2>&1 - register: | #!/bin/sh set -e From 4faa4005bd5e249f211a08744be807cd8ae648c1 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 15:34:22 +0300 Subject: [PATCH 6/9] feat(builder): use cf dind --- charts/builder/README.md | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/charts/builder/README.md b/charts/builder/README.md index 8e4c24fa..71553280 100644 --- a/charts/builder/README.md +++ b/charts/builder/README.md @@ -23,19 +23,13 @@ Helm Chart for default system/root runtime Builder (onprem) | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | -| cleaner.image.pullPolicy | string | `"IfNotPresent"` | | -| cleaner.image.registry | string | `"quay.io"` | | -| cleaner.image.repository | string | `"codefresh/docker-cleaner"` | | -| cleaner.image.tag | string | `"24.0"` | | | configMaps.config.data."daemon.json" | string | `"{\n \"hosts\": [ \"unix:///var/run/docker.sock\",\n \"tcp://0.0.0.0:{{ .Values.service.main.ports.dind.port }}\"],\n \"storage-driver\": \"overlay2\",\n \"tlsverify\": true,\n \"tls\": true,\n \"tlscacert\": \"/etc/ssl/cf/ca.pem\",\n \"tlscert\": \"/etc/ssl/cf/cert.pem\",\n \"tlskey\": \"/etc/ssl/cf/key.pem\",\n \"insecure-registries\" : [ {{- range $i, $e := .Values.insecureRegistries }} {{- if $i }},{{ end }} {{ $e | quote }} {{- end }} ]\n}\n"` | | -| configMaps.config.data.docker-cleaner | string | `"#!/bin/sh\necho \"$0 - $(date)\" | tee -a /var/log/cleaner.log\nCLEANER_IMAGE={{ include (printf \"cf-common-%s.image.name\" (index .Subcharts \"cf-common\").Chart.Version ) (dict \"image\" .Values.cleaner.image \"context\" .) }}\ndocker pull $CLEANER_IMAGE\ndocker run --rm --name rt-cleaner -v /var/run/docker.sock:/var/run/docker.sock:rw --label io.codefresh.owner=codefresh -e GRACE_PERIOD_SECONDS=86400 --cpu-shares=10 $CLEANER_IMAGE ./docker-gc >> /var/log/cleaner.log 2>&1\n"` | | | configMaps.config.data.register | string | `"#!/bin/sh\nset -e\nNODE_NAME=\"$1\"\nSUBDOMAIN=\"$2\"\nNODE_ADDRESS=\"$1.$2\"\nCONSUL={{ include (printf \"cf-common-%s.classic.calculateConsulUri\" (index .Subcharts \"cf-common\").Chart.Version ) . }}\nACCOUNT=codefresh\nROLE=builder\nPROVIDER='\n{\n \"name\": \"kube-nodes\",\n \"type\": \"internal\"\n}'\nSYSTEM_DATA='{\"os_name\": \"dind\"}'\nNODE_SERVICE='\n{\n \"Node\": \"'${NODE_NAME}'\",\n \"Address\": \"'${NODE_ADDRESS}'\",\n \"Service\": {\n \"Service\": \"docker-node\",\n \"Tags\": [\n \"dind\",\n \"noagent\",\n \"account_codefresh\",\n \"type_builder\"\n ],\n \"Address\": \"'${NODE_ADDRESS}'\",\n \"Port\": {{ .Values.service.main.ports.dind.port }}\n },\n \"Check\": {\n \"Node\": \"\",\n \"CheckID\": \"service:docker-node\",\n \"Name\": \"Remote Node Check\",\n \"Notes\": \"Check builder is up and running\",\n \"Output\": \"Builder alive and reachable\",\n \"Status\": \"passing\",\n \"ServiceID\": \"docker-node\"\n }\n}'\necho \"Registering dind node ($NODE_NAME) in consul. Configuration: ${NODE_SERVICE}\"\ncurl -X PUT -d \"${NODE_SERVICE}\" ${CONSUL}/v1/catalog/register\ncurl -X PUT -d \"${NODE_ADDRESS}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/publicAddress\ncurl -X PUT -d \"${ACCOUNT}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/account\ncurl -X PUT -d \"${ROLE}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/role\ncurl -X PUT -d \"${PROVIDER}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/systemData\ncurl -X PUT -d \"${SYSTEM_DATA}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/provider\n"` | | | configMaps.config.enabled | bool | `true` | | | container.command[0] | string | `"/bin/sh"` | | | container.command[1] | string | `"-c"` | | -| container.command[2] | string | `"# Adding cleaner\ncp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh\nif [[ -n \"${DOCKER_CLEANER_CRON}\" ]]; then\n echo \"Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh\"\n echo \"${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh \" >> /etc/crontabs/root\n crond\nfi\nrun.sh\n"` | | +| container.command[2] | string | `"./run.sh\n"` | | | container.containerSecurityContext.privileged | bool | `true` | | -| container.env.DOCKER_CLEANER_CRON | string | `"0 0 * * *"` | | | container.image.pullPolicy | string | `"IfNotPresent"` | | | container.image.registry | string | `"quay.io"` | | | container.image.repository | string | `"codefresh/dind"` | | @@ -47,9 +41,9 @@ Helm Chart for default system/root runtime Builder (onprem) | container.volumeMounts.config.path[0].mountPath | string | `"/etc/docker/daemon.json"` | | | container.volumeMounts.config.path[0].readOnly | bool | `true` | | | container.volumeMounts.config.path[0].subPath | string | `"daemon.json"` | | -| container.volumeMounts.config.path[1].mountPath | string | `"/opt/dind/docker-cleaner.sh"` | | -| container.volumeMounts.config.path[1].subPath | string | `"docker-cleaner"` | | -| controller | object | `{"enabled":true,"replicas":1,"type":"statefulset"}` | --------------------------------------------------------------------------------------------------------------------- | +| controller.enabled | bool | `true` | | +| controller.replicas | int | `1` | | +| controller.type | string | `"statefulset"` | | | global.consulHost | string | `""` | | | global.consulHttpPort | int | `8500` | | | global.consulService | string | `"consul-headless"` | | @@ -68,7 +62,7 @@ Helm Chart for default system/root runtime Builder (onprem) | initContainers.register.image.tag | string | `"8.4.0"` | | | initContainers.register.volumeMounts.config.path[0].mountPath | string | `"/opt/dind/register"` | | | initContainers.register.volumeMounts.config.path[0].subPath | string | `"register"` | | -| insecureRegistries | list | `[]` | --------------------------------------------------------------------------------------------------------------------- Backward compatibility with values/templates in cf-helm | +| insecureRegistries | list | `[]` | | | nodeSelector | object | `{}` | | | pdb | object | `{}` | | | podAnnotations.checksum/config | string | `"{{ include (print .Template.BasePath \"/configmap.yaml\") . | sha256sum }}"` | | @@ -82,8 +76,6 @@ Helm Chart for default system/root runtime Builder (onprem) | serviceAccount.enabled | bool | `false` | | | tolerations | list | `[]` | | | topologySpreadConstraints | list | `[]` | | -| varLibDockerVolume.accessMode | string | `nil` | | -| varLibDockerVolume.storageSize | string | `nil` | | | volumeClaimTemplates.varlibdocker.accessMode | string | `"ReadWriteOnce"` | | | volumeClaimTemplates.varlibdocker.mountPath | string | `"/var/lib/docker"` | | | volumeClaimTemplates.varlibdocker.size | string | `"100Gi"` | | From d326023b72951066e392c08d72c961b36b055409 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 16:30:01 +0300 Subject: [PATCH 7/9] feat(builder): use cf dind --- charts/builder/README.md | 3 +++ charts/builder/values.yaml | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/charts/builder/README.md b/charts/builder/README.md index 71553280..a00a1082 100644 --- a/charts/builder/README.md +++ b/charts/builder/README.md @@ -76,6 +76,9 @@ Helm Chart for default system/root runtime Builder (onprem) | serviceAccount.enabled | bool | `false` | | | tolerations | list | `[]` | | | topologySpreadConstraints | list | `[]` | | +| varLibDockerVolume.accessMode | string | `nil` | | +| varLibDockerVolume.storageClass | string | `nil` | | +| varLibDockerVolume.storageSize | string | `nil` | | | volumeClaimTemplates.varlibdocker.accessMode | string | `"ReadWriteOnce"` | | | volumeClaimTemplates.varlibdocker.mountPath | string | `"/var/lib/docker"` | | | volumeClaimTemplates.varlibdocker.size | string | `"100Gi"` | | diff --git a/charts/builder/values.yaml b/charts/builder/values.yaml index 3978dcab..06158e6f 100644 --- a/charts/builder/values.yaml +++ b/charts/builder/values.yaml @@ -8,6 +8,11 @@ global: insecureRegistries: [] +varLibDockerVolume: + accessMode: + storageSize: + storageClass: + controller: enabled: true type: statefulset From 97c2620b2c1689283f0cd0a59c9ba8d543b5a5c2 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Tue, 2 Sep 2025 17:19:52 +0300 Subject: [PATCH 8/9] feat(builder): use cf dind From ea1a1a6c0a541df4b0ccea2a161b685ce6152c77 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 3 Sep 2025 11:24:15 +0300 Subject: [PATCH 9/9] feat(builder): use cf dind --- charts/builder/README.md | 1 + charts/builder/values.yaml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/charts/builder/README.md b/charts/builder/README.md index a00a1082..7c8ed469 100644 --- a/charts/builder/README.md +++ b/charts/builder/README.md @@ -30,6 +30,7 @@ Helm Chart for default system/root runtime Builder (onprem) | container.command[1] | string | `"-c"` | | | container.command[2] | string | `"./run.sh\n"` | | | container.containerSecurityContext.privileged | bool | `true` | | +| container.env.CLEAN_DOCKER | string | `"true"` | | | container.image.pullPolicy | string | `"IfNotPresent"` | | | container.image.registry | string | `"quay.io"` | | | container.image.repository | string | `"codefresh/dind"` | | diff --git a/charts/builder/values.yaml b/charts/builder/values.yaml index 06158e6f..1ba80e94 100644 --- a/charts/builder/values.yaml +++ b/charts/builder/values.yaml @@ -57,6 +57,9 @@ container: - | ./run.sh + env: + CLEAN_DOCKER: "true" + containerSecurityContext: privileged: true