Skip to content

Commit 132c333

Browse files
authored
feat: add runner init-container; deprecate --generate-helm-values-file (#388)
1 parent 7c57360 commit 132c333

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+3264
-392
lines changed

.gitignore

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,4 +33,13 @@ venona/venona
3333
*.lock
3434

3535
# test values
36-
**/test-values/**
36+
**/test-values/**
37+
38+
# only ignore the values.yaml file at the root of the repo
39+
/values.yaml
40+
41+
# helm charts
42+
**/*.tgz
43+
**/charts/**/charts
44+
**/dry-run.yaml
45+
**/values-dev.yaml
Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
# Values used in `helm-chart-ci` pipeline
2+
# All placeholders will be set during ci build
23
global:
34
codefreshToken: placeholder
5+
accountId: placeholder
6+
context: placeholder
7+
# intentionally empty
8+
runtimeName: ""
9+
agentName: ""
410
appProxy:
511
enabled: true
612
ingress:
@@ -23,15 +29,6 @@ runtime:
2329
limits:
2430
cpu: 1000m
2531
memory: 1024Mi
26-
podAnnotations:
27-
karpenter.sh/do-not-evict: 'true'
28-
nodeSelector:
29-
node-type: dind
30-
tolerations:
31-
- effect: NoSchedule
32-
key: codefresh.io
33-
operator: Equal
34-
value: dinds
3532
engine:
3633
resources:
3734
requests:
@@ -40,12 +37,3 @@ runtime:
4037
limits:
4138
cpu: 1000m
4239
memory: 1024Mi
43-
podAnnotations:
44-
karpenter.sh/do-not-evict: 'true'
45-
nodeSelector:
46-
node-type: engine
47-
tolerations:
48-
- effect: NoSchedule
49-
key: codefresh.io
50-
operator: Equal
51-
value: engines

charts/cf-runtime/Chart.yaml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v2
22
description: A Helm chart for Codefresh Runner
33
name: cf-runtime
4-
version: 5.3.1
4+
version: 6.0.0
55
keywords:
66
- codefresh
77
- runner
@@ -14,8 +14,12 @@ maintainers:
1414
url: https://codefresh-io.github.io/
1515
annotations:
1616
artifacthub.io/changes: |
17+
- kind: deprecated
18+
description: Deprecated --generate-helm-values-file
1719
- kind: changed
18-
description: Updated venona image to 1.9.17
20+
description: Update engine version
21+
- kind: changed
22+
description: Update dind version
1923
dependencies:
2024
- name: cf-common
2125
repository: https://chartmuseum.codefresh.io/cf-common

charts/cf-runtime/README.md

Lines changed: 137 additions & 46 deletions
Large diffs are not rendered by default.

charts/cf-runtime/README.md.gotmpl

Lines changed: 121 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,13 @@ Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/insta
99
- [Prerequisites](#prerequisites)
1010
- [Get Repo Info](#get-repo-info)
1111
- [Install Chart](#install-chart)
12+
- [Chart Configuration](#chart-configuration)
1213
- [Upgrade Chart](#upgrade-chart)
13-
- [To 2.x](#to-2x)
14-
- [To 3.x](#to-3x)
15-
- [To 4.x](#to-4x)
16-
- [To 5.x](#to-5x)
14+
- [To 2.x](#to-2-x)
15+
- [To 3.x](#to-3-x)
16+
- [To 4.x](#to-4-x)
17+
- [To 5.x](#to-5-x)
18+
- [To 6.x](#to-6-x)
1719
- [Architecture](#architecture)
1820
- [Configuration](#configuration)
1921
- [EBS backend volume configuration](#ebs-backend-volume-configuration)
@@ -40,31 +42,62 @@ helm repo update
4042

4143
**Important:** only helm3 is supported
4244

43-
1. Download the Codefresh CLI and authenticate it with your Codefresh account. Follow [here](https://codefresh-io.github.io/cli/getting-started/) for more detailed instructions.
44-
2. Run the following command to create mandatory values for Codefresh Runner:
45+
- Specify the following mandatory values
4546

46-
```console
47-
codefresh runner init --generate-helm-values-file
48-
```
47+
```yaml
48+
# -- Global parameters
49+
# @default -- See below
50+
global:
51+
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
52+
# Ref: https://g.codefresh.io/user/settings (see API Keys)
53+
codefreshToken: ""
54+
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
55+
codefreshTokenSecretKeyRef: {}
56+
# E.g.
57+
# codefreshTokenSecretKeyRef:
58+
# name: my-codefresh-api-token
59+
# key: codefresh-api-token
4960

50-
* This will not install anything on your cluster, except for running cluster acceptance tests, which may be skipped using the `--skip-cluster-test` option.
51-
* This command will also generate a `generated_values.yaml` file in your current directory, which you will need to provide to the `helm upgrade` command later.
52-
3. Run the following to complete the installation:
61+
# -- Account ID (required!)
62+
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
63+
accountId: ""
5364

54-
```console
55-
helm repo add cf-runtime https://chartmuseum.codefresh.io/cf-runtime
65+
# -- K8s context name (required!)
66+
context: ""
67+
# E.g.
68+
# context: prod-ue1-runtime-1
5669

57-
helm upgrade --install cf-runtime cf-runtime/cf-runtime -f ./generated_values.yaml --create-namespace --namespace codefresh
58-
```
70+
# -- Agent Name (optional!)
71+
# If omitted, the following format will be used '{{ `{{ .Values.global.context }}_{{ .Release.Namespace }}` }}'
72+
agentName: ""
73+
# E.g.
74+
# agentName: prod-ue1-runtime-1
5975

60-
*Install from OCI-based registry*
61-
```console
62-
helm upgrade --install cf-runtime oci://quay.io/codefresh/cf-runtime -f ./generated_values.yaml --create-namespace --namespace codefresh
63-
```
64-
4. At this point you should have a working Codefresh Runner. You can verify the installation by running:
65-
```console
66-
codefresh runner execute-test-pipeline --runtime-name <runtime-name>
67-
```
76+
# -- Runtime name (optional!)
77+
# If omitted, the following format will be used '{{ `{{ .Values.global.context }}/{{ .Release.Namespace }}` }}'
78+
runtimeName: ""
79+
# E.g.
80+
# runtimeName: prod-ue1-runtime-1/namespace
81+
```
82+
83+
- Install chart
84+
85+
```console
86+
helm upgrade --install cf-runtime cf-runtime/cf-runtime --create-namespace --namespace codefresh
87+
```
88+
89+
*Install from OCI-based registry*
90+
```console
91+
helm upgrade --install cf-runtime oci://quay.io/codefresh/cf-runtime --create-namespace --namespace codefresh
92+
```
93+
94+
## Chart Configuration
95+
96+
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
97+
98+
```console
99+
helm show values cf-runtime/cf-runtime
100+
```
68101

69102
## Upgrade Chart
70103

@@ -83,7 +116,7 @@ Affected values:
83116
### To 3.x
84117

85118
⚠️⚠️⚠️
86-
### Please, READ this before the upgrade!
119+
### READ this before the upgrade!
87120

88121
This major release adds [runtime-environment](https://codefresh.io/docs/docs/installation/codefresh-runner/#runtime-environment-specification) spec into chart templates.
89122
That means it is possible to set parametes for `dind` and `engine` pods via [values.yaml](./values.yaml).
@@ -138,6 +171,69 @@ runtime:
138171
Affected values:
139172
- `.runtime.dind.pvcs` converted from **list** to **dict**
140173

174+
### To 6.x
175+
176+
⚠️⚠️⚠️
177+
### READ this before the upgrade!
178+
179+
This major release deprecates previously required `codefresh runner init --generate-helm-values-file`.
180+
181+
Affected values:
182+
- **Replaced** `.monitor.clusterId` with `.global.context` as **mandatory** value!
183+
- **Deprecated** `.global.agentToken` / `.global.agentTokenSecretKeyRef`
184+
- **Removed** `.global.agentId`
185+
- **Removed** `.global.keys` / `.global.dindCertsSecretRef`
186+
- **Removed** `.global.existingAgentToken` / `existingDindCertsSecret`
187+
- **Removed** `.monitor.clusterId` / `.monitor.token` / `.monitor.existingMonitorToken`
188+
189+
#### Migrate the Helm chart from version 5.x to 6.x
190+
191+
Given this is the legacy `generated_values.yaml` values:
192+
193+
> legacy `generated_values.yaml`
194+
```yaml
195+
{
196+
"appProxy": {
197+
"enabled": false,
198+
},
199+
"monitor": {
200+
"enabled": false,
201+
"clusterId": "my-cluster-name",
202+
"token": "1234567890"
203+
},
204+
"global": {
205+
"namespace": "namespace",
206+
"codefreshHost": "https://g.codefresh.io",
207+
"agentToken": "0987654321",
208+
"agentId": "agent-id-here",
209+
"agentName": "my-cluster-name_my-namespace",
210+
"accountId": "my-account-id",
211+
"runtimeName": "my-cluster-name/my-namespace",
212+
"codefreshToken": "1234567890",
213+
"keys": {
214+
"key": "-----BEGIN RSA PRIVATE KEY-----...",
215+
"csr": "-----BEGIN CERTIFICATE REQUEST-----...",
216+
"ca": "-----BEGIN CERTIFICATE-----...",
217+
"serverCert": "-----BEGIN CERTIFICATE-----..."
218+
}
219+
}
220+
}
221+
```
222+
223+
Update `values.yaml` for new chart version:
224+
225+
> For existing installation for backward compatibility `.Values.global.agentToken/agentTokenSecretKeyRef` **must be provided!** For installation from scratch this value is no longer required.
226+
227+
> updated `values.yaml`
228+
```yaml
229+
global:
230+
codefreshToken: "1234567890"
231+
accountId: "my-account-id"
232+
context: "my-cluster-name"
233+
agentToken: "0987654321" # MANDATORY when migrating from < 6.x chart version !
234+
agentName: "my-cluster-name_my-namespace" # optional
235+
runtimeName: "my-cluster-name/my-namespace" # optional
236+
```
141237

142238
## Architecture
143239

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
#!/bin/bash
2+
3+
echo "-----"
4+
echo "API_HOST: ${API_HOST}"
5+
echo "AGENT_NAME: ${AGENT_NAME}"
6+
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
7+
echo "AGENT: ${AGENT}"
8+
echo "-----"
9+
10+
auth() {
11+
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
12+
}
13+
14+
remove_runtime() {
15+
if [ "$AGENT" == "true" ]; then
16+
codefresh delete re ${RUNTIME_NAME} || true
17+
else
18+
codefresh delete sys-re ${RUNTIME_NAME} || true
19+
fi
20+
}
21+
22+
remove_agent() {
23+
codefresh delete agent ${AGENT_NAME} || true
24+
}
25+
26+
remove_finalizers() {
27+
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
28+
}
29+
30+
auth
31+
remove_runtime
32+
remove_agent
33+
remove_finalizers

charts/cf-runtime/files/configure-dind-certs.sh

Lines changed: 8 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
8484
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
8585
mkdir -p $TMPDIR $CERTS_DIR
8686

87-
K8S_CERT_SECRET_NAME=cf-certs-dind
87+
K8S_CERT_SECRET_NAME=codefresh-certs-server
8888
echo -e "\n------------------\nGenerating server tls certificates ... "
8989

9090
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
@@ -123,15 +123,10 @@ SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
123123

124124
echo -e "\n------------------\nCreating certificate secret "
125125

126-
if ! kubectl -n$NAMESPACE get secret "${K8S_CERT_SECRET_NAME}"; then
127-
kubectl -n$NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
128-
--from-file=$SRV_TLS_CA_CERT \
129-
--from-file=$SRV_TLS_KEY \
130-
--from-file=$SRV_TLS_CERT || fatal "Failed storing the generated certificates in Kubernetes!"
131-
kubectl label --overwrite secret ${K8S_CERT_SECRET_NAME} app.kubernetes.io/managed-by=Helm
132-
kubectl annotate --overwrite secret ${K8S_CERT_SECRET_NAME} meta.helm.sh/release-name=$RELEASE
133-
kubectl annotate --overwrite secret ${K8S_CERT_SECRET_NAME} meta.helm.sh/release-namespace=$NAMESPACE
134-
else
135-
msg "${K8S_CERT_SECRET_NAME} secret already exists. Skipping."
136-
fi
137-
126+
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
127+
--from-file=$SRV_TLS_CA_CERT \
128+
--from-file=$SRV_TLS_KEY \
129+
--from-file=$SRV_TLS_CERT \
130+
--dry-run=client -o yaml | kubectl apply --overwrite -f -
131+
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
132+
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'

0 commit comments

Comments
 (0)