Skip to content

feat(builder): use cf dind #118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Sep 3, 2025
Merged

feat(builder): use cf dind #118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
fe63cea
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
3eee933
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
b0be3ae
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
2cb8ade
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
93fb2ea
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
4faa400
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
d326023
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
97c2620
feat(builder): use cf dind
mikhail-klimko Sep 2, 2025
ea1a1a6
feat(builder): use cf dind
mikhail-klimko Sep 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/builder/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
description: Helm Chart for default system/root runtime Builder (onprem)
name: builder
version: 1.4.0
version: 2.0.0
keywords:
- codefresh
- dind
Expand Down
26 changes: 11 additions & 15 deletions charts/builder/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# builder

![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square)
![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square)

Helm Chart for default system/root runtime Builder (onprem)

Expand All @@ -23,33 +23,28 @@ Helm Chart for default system/root runtime Builder (onprem)
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| cleaner.image.pullPolicy | string | `"IfNotPresent"` | |
| cleaner.image.registry | string | `"quay.io"` | |
| cleaner.image.repository | string | `"codefresh/docker-cleaner"` | |
| cleaner.image.tag | string | `"24.0"` | |
| configMaps.config.data."daemon.json" | string | `"{\n \"hosts\": [ \"unix:///var/run/docker.sock\",\n \"tcp://0.0.0.0:{{ .Values.service.main.ports.dind.port }}\"],\n \"storage-driver\": \"overlay2\",\n \"tlsverify\": true,\n \"tls\": true,\n \"tlscacert\": \"/etc/ssl/cf/ca.pem\",\n \"tlscert\": \"/etc/ssl/cf/cert.pem\",\n \"tlskey\": \"/etc/ssl/cf/key.pem\",\n \"insecure-registries\" : [ {{- range $i, $e := .Values.insecureRegistries }} {{- if $i }},{{ end }} {{ $e | quote }} {{- end }} ]\n}\n"` | |
| configMaps.config.data.docker-cleaner | string | `"#!/bin/sh\necho \"$0 - $(date)\" | tee -a /var/log/cleaner.log\nCLEANER_IMAGE={{ include (printf \"cf-common-%s.image.name\" (index .Subcharts \"cf-common\").Chart.Version ) (dict \"image\" .Values.cleaner.image \"context\" .) }}\ndocker pull $CLEANER_IMAGE\ndocker run --rm --name rt-cleaner -v /var/run/docker.sock:/var/run/docker.sock:rw --label io.codefresh.owner=codefresh -e GRACE_PERIOD_SECONDS=86400 --cpu-shares=10 $CLEANER_IMAGE ./docker-gc >> /var/log/cleaner.log 2>&1\n"` | |
| configMaps.config.data.register | string | `"#!/bin/sh\nset -e\nNODE_NAME=\"$1\"\nSUBDOMAIN=\"$2\"\nNODE_ADDRESS=\"$1.$2\"\nCONSUL={{ include (printf \"cf-common-%s.classic.calculateConsulUri\" (index .Subcharts \"cf-common\").Chart.Version ) . }}\nACCOUNT=codefresh\nROLE=builder\nPROVIDER='\n{\n \"name\": \"kube-nodes\",\n \"type\": \"internal\"\n}'\nSYSTEM_DATA='{\"os_name\": \"dind\"}'\nNODE_SERVICE='\n{\n \"Node\": \"'${NODE_NAME}'\",\n \"Address\": \"'${NODE_ADDRESS}'\",\n \"Service\": {\n \"Service\": \"docker-node\",\n \"Tags\": [\n \"dind\",\n \"noagent\",\n \"account_codefresh\",\n \"type_builder\"\n ],\n \"Address\": \"'${NODE_ADDRESS}'\",\n \"Port\": {{ .Values.service.main.ports.dind.port }}\n },\n \"Check\": {\n \"Node\": \"\",\n \"CheckID\": \"service:docker-node\",\n \"Name\": \"Remote Node Check\",\n \"Notes\": \"Check builder is up and running\",\n \"Output\": \"Builder alive and reachable\",\n \"Status\": \"passing\",\n \"ServiceID\": \"docker-node\"\n }\n}'\necho \"Registering dind node ($NODE_NAME) in consul. Configuration: ${NODE_SERVICE}\"\ncurl -X PUT -d \"${NODE_SERVICE}\" ${CONSUL}/v1/catalog/register\ncurl -X PUT -d \"${NODE_ADDRESS}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/publicAddress\ncurl -X PUT -d \"${ACCOUNT}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/account\ncurl -X PUT -d \"${ROLE}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/role\ncurl -X PUT -d \"${PROVIDER}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/systemData\ncurl -X PUT -d \"${SYSTEM_DATA}\" ${CONSUL}/v1/kv/services/docker-node/${NODE_NAME}/provider\n"` | |
| configMaps.config.enabled | bool | `true` | |
| container.command[0] | string | `"/bin/sh"` | |
| container.command[1] | string | `"-c"` | |
| container.command[2] | string | `"rm -fv /var/run/docker.pid\nmkdir -p /var/run/codefresh\n# Adding cleaner\ncp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh\nif [[ -n \"${DOCKER_CLEANER_CRON}\" ]]; then\n echo \"Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh\"\n echo \"${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh \" >> /etc/crontabs/root\n crond\nfi\ndockerd\n"` | |
| container.command[2] | string | `"./run.sh\n"` | |
| container.containerSecurityContext.privileged | bool | `true` | |
| container.env.DOCKER_CLEANER_CRON | string | `"0 0 * * *"` | |
| container.env.CLEAN_DOCKER | string | `"true"` | |
| container.image.pullPolicy | string | `"IfNotPresent"` | |
| container.image.registry | string | `"docker.io"` | |
| container.image.repository | string | `"docker"` | |
| container.image.tag | string | `"24.0-dind"` | |
| container.image.registry | string | `"quay.io"` | |
| container.image.repository | string | `"codefresh/dind"` | |
| container.image.tag | string | `"26.1.4-1.28.8"` | |
| container.resources.limits | object | `{}` | |
| container.resources.requests | object | `{}` | |
| container.volumeMounts.cf-certs.path[0].mountPath | string | `"/etc/ssl/cf"` | |
| container.volumeMounts.cf-certs.path[0].readOnly | bool | `true` | |
| container.volumeMounts.config.path[0].mountPath | string | `"/etc/docker/daemon.json"` | |
| container.volumeMounts.config.path[0].readOnly | bool | `true` | |
| container.volumeMounts.config.path[0].subPath | string | `"daemon.json"` | |
| container.volumeMounts.config.path[1].mountPath | string | `"/opt/dind/docker-cleaner.sh"` | |
| container.volumeMounts.config.path[1].subPath | string | `"docker-cleaner"` | |
| controller | object | `{"enabled":true,"replicas":1,"type":"statefulset"}` | --------------------------------------------------------------------------------------------------------------------- |
| controller.enabled | bool | `true` | |
| controller.replicas | int | `1` | |
| controller.type | string | `"statefulset"` | |
| global.consulHost | string | `""` | |
| global.consulHttpPort | int | `8500` | |
| global.consulService | string | `"consul-headless"` | |
Expand All @@ -68,7 +63,7 @@ Helm Chart for default system/root runtime Builder (onprem)
| initContainers.register.image.tag | string | `"8.4.0"` | |
| initContainers.register.volumeMounts.config.path[0].mountPath | string | `"/opt/dind/register"` | |
| initContainers.register.volumeMounts.config.path[0].subPath | string | `"register"` | |
| insecureRegistries | list | `[]` | --------------------------------------------------------------------------------------------------------------------- Backward compatibility with values/templates in cf-helm |
| insecureRegistries | list | `[]` | |
| nodeSelector | object | `{}` | |
| pdb | object | `{}` | |
| podAnnotations.checksum/config | string | `"{{ include (print .Template.BasePath \"/configmap.yaml\") . | sha256sum }}"` | |
Expand All @@ -83,6 +78,7 @@ Helm Chart for default system/root runtime Builder (onprem)
| tolerations | list | `[]` | |
| topologySpreadConstraints | list | `[]` | |
| varLibDockerVolume.accessMode | string | `nil` | |
| varLibDockerVolume.storageClass | string | `nil` | |
| varLibDockerVolume.storageSize | string | `nil` | |
| volumeClaimTemplates.varlibdocker.accessMode | string | `"ReadWriteOnce"` | |
| volumeClaimTemplates.varlibdocker.mountPath | string | `"/var/lib/docker"` | |
Expand Down
51 changes: 9 additions & 42 deletions charts/builder/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,16 @@
global:
imageRegistry: ""

# Backward compatibility with values/templates in cf-helm
# These values are defined in cf-helm `values.yaml/secrets.yaml`. But listing them here for verbosity.
consulHost: ""
consulService: consul-headless
consulHttpPort: 8500

# -----------------------------------------------------------------------------------------------------------------------
# LEGACY VALUES
# -----------------------------------------------------------------------------------------------------------------------

# Backward compatibility with values/templates in cf-helm
insecureRegistries: []
cleaner:
image:
registry: quay.io
repository: codefresh/docker-cleaner
tag: "24.0"
pullPolicy: IfNotPresent

varLibDockerVolume:
accessMode:
storageSize:

# -----------------------------------------------------------------------------------------------------------------------
# NEW VALUES
# -----------------------------------------------------------------------------------------------------------------------
storageClass:

controller:
enabled: true
Expand Down Expand Up @@ -61,40 +46,29 @@ rbac:

container:
image:
registry: docker.io
repository: docker
tag: 24.0-dind
registry: quay.io
repository: codefresh/dind
tag: 26.1.4-1.28.8
pullPolicy: IfNotPresent

command:
- "/bin/sh"
- "-c"
- |
rm -fv /var/run/docker.pid
mkdir -p /var/run/codefresh
# Adding cleaner
cp -L /opt/dind/docker-cleaner.sh /usr/local/bin/ && chmod +x /usr/local/bin/docker-cleaner.sh
if [[ -n "${DOCKER_CLEANER_CRON}" ]]; then
echo "Set /etc/crontabs/root - ${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh"
echo "${DOCKER_CLEANER_CRON} /usr/local/bin/docker-cleaner.sh " >> /etc/crontabs/root
crond
fi
dockerd
./run.sh

env:
CLEAN_DOCKER: "true"

containerSecurityContext:
privileged: true

env:
DOCKER_CLEANER_CRON: "0 0 * * *"

volumeMounts:
config:
path:
- mountPath: /etc/docker/daemon.json
readOnly: true
subPath: daemon.json
- mountPath: /opt/dind/docker-cleaner.sh
subPath: docker-cleaner
cf-certs:
path:
- mountPath: /etc/ssl/cf
Expand Down Expand Up @@ -138,13 +112,6 @@ configMaps:
"insecure-registries" : [ {{- range $i, $e := .Values.insecureRegistries }} {{- if $i }},{{ end }} {{ $e | quote }} {{- end }} ]
}

docker-cleaner: |
#!/bin/sh
echo "$0 - $(date)" | tee -a /var/log/cleaner.log
CLEANER_IMAGE={{ include (printf "cf-common-%s.image.name" (index .Subcharts "cf-common").Chart.Version ) (dict "image" .Values.cleaner.image "context" .) }}
docker pull $CLEANER_IMAGE
docker run --rm --name rt-cleaner -v /var/run/docker.sock:/var/run/docker.sock:rw --label io.codefresh.owner=codefresh -e GRACE_PERIOD_SECONDS=86400 --cpu-shares=10 $CLEANER_IMAGE ./docker-gc >> /var/log/cleaner.log 2>&1

register: |
#!/bin/sh
set -e
Expand Down
Loading