CR-18430-del-git-source (#45)

* add volume + mount to pre-uninstall hook * updated `argo-cd` to `v2.6.0-cap-CR-18430-del-app` --------- Co-authored-by: Ilia Medvedev <ilia.medvedev@codefresh.io>
codefresh-io · May 23, 2023 · d1a6e3a · d1a6e3a
1 parent 3cf7f28
commit d1a6e3a
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 16 deletions.
diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml
@@ -2,9 +2,9 @@ apiVersion: v2
 appVersion: 0.1.29
 description: A Helm chart for Codefresh gitops runtime
 name: gitops-runtime
-version: 0.2.5-alpha
+version: 0.2.6-alpha
 home: https://github.com/codefresh-io/gitops-runtime-helm
-icon: https://codefresh.io/docs/assets/brand/codefresh_purple_dark_logo.png
+icon: https://avatars1.githubusercontent.com/u/11412079?v=3
 keywords:
   - codefresh
   - gitops
@@ -15,12 +15,14 @@ annotations:
   artifacthub.io/alternativeName: "codefresh-gitops-runtime"
   artifacthub.io/prerelease: "true"
   artifacthub.io/changes: |
+    - kind: changed
+      description: updated `argo-cd` to `v2.6.0-cap-CR-18430-del-app` (fix application/git-source deletion)
     - kind: fixed
-      description: bump `cap-app-proxy` to `1.2257.0` (fix convertToGitops)
+      description: Fix delete runtime hook when using custom CA
 dependencies:
 - name: argo-cd
   repository: https://codefresh-io.github.io/argo-helm
-  version: 5.29.1-1-cap-CR-17237
+  version: 5.29.2-cap-CR-18430
 - name: argo-events
   repository: https://codefresh-io.github.io/argo-helm
   version: 2.0.5-1-cf-init

diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md
@@ -1,6 +1,6 @@
 # gitops-runtime
 
-![Version: 0.2.5-alpha](https://img.shields.io/badge/Version-0.2.5--alpha-informational?style=flat-square) ![AppVersion: 0.1.29](https://img.shields.io/badge/AppVersion-0.1.29-informational?style=flat-square)
+![Version: 0.2.6-alpha](https://img.shields.io/badge/Version-0.2.6--alpha-informational?style=flat-square) ![AppVersion: 0.1.29](https://img.shields.io/badge/AppVersion-0.1.29-informational?style=flat-square)
 
 A Helm chart for Codefresh gitops runtime
 
@@ -18,7 +18,7 @@ A Helm chart for Codefresh gitops runtime
 |------------|------|---------|
 | https://bitnami-labs.github.io/sealed-secrets/ | sealed-secrets | 2.7.3 |
 | https://chartmuseum.codefresh.io/codefresh-tunnel-client | tunnel-client(codefresh-tunnel-client) | 0.1.12 |
-| https://codefresh-io.github.io/argo-helm | argo-cd | 5.29.1-1-cap-CR-17237 |
+| https://codefresh-io.github.io/argo-helm | argo-cd | 5.29.2-cap-CR-18430 |
 | https://codefresh-io.github.io/argo-helm | argo-events | 2.0.5-1-cf-init |
 | https://codefresh-io.github.io/argo-helm | argo-rollouts | 2.22.1-1-cap-sw |
 | https://codefresh-io.github.io/argo-helm | argo-workflows | 0.22.9-1-CR-17426 |

diff --git a/charts/gitops-runtime/templates/app-proxy/deployment.yaml b/charts/gitops-runtime/templates/app-proxy/deployment.yaml
@@ -9,13 +9,14 @@
 {{/* Add extra volumes (used for cutom tls) */}}
 {{- $calculatedVolumes := include "codefresh-gitops-runtime.app-proxy.extra-volumes" . | fromYaml }}
 {{- if $calculatedVolumes.extraVolumes }}
-{{- $additionalVolumes := concat (get $calculatedVolumes "extraVolumes") $appProxyContext.Values.extraVolumes }}
-{{- $_ := set $appProxyContext.Values "extraVolumes" $additionalVolumes }}
+  {{- $additionalVolumes := concat (get $calculatedVolumes "extraVolumes") $appProxyContext.Values.extraVolumes }}
+  {{- $_ := set $appProxyContext.Values "extraVolumes" $additionalVolumes }}
 {{- end }}
+
 {{- $initContainerCalculatedVolumeMounts := include "codefresh-gitops-runtime.app-proxy.init.extra-volume-mounts" . | fromYaml }}
 {{- if $initContainerCalculatedVolumeMounts.extraVolumeMounts }}
-{{- $initContainerExtraVolumeMounts := concat (get $initContainerCalculatedVolumeMounts "extraVolumeMounts") $appProxyContext.Values.extraVolumeMounts }}
-{{- $_ := set $appProxyContext.Values.initContainer "extraVolumeMounts" $initContainerExtraVolumeMounts }}
+  {{- $initContainerExtraVolumeMounts := concat (get $initContainerCalculatedVolumeMounts "extraVolumeMounts") $appProxyContext.Values.extraVolumeMounts }}
+  {{- $_ := set $appProxyContext.Values.initContainer "extraVolumeMounts" $initContainerExtraVolumeMounts }}
 {{- end }}
 
 {{- include "cap-app-proxy.resources.deployment" $appProxyContext }}
diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/delete-runtime-from-platform.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/delete-runtime-from-platform.yaml
@@ -1,3 +1,9 @@
+{{- $customCASecretName := ""}}
+{{- $customCASecretKey := ""}}
+{{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }}
+  {{- $customCASecretName = .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }}
+  {{- $customCASecretKey = .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }}
+{{- end }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -13,20 +19,24 @@ spec:
       containers:
       - name: delete-runtime-from-platform
         image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}"
+        imagePullPolicy: {{ .Values.installer.image.pullPolicy }}
         env:
         - name: RUNTIME_NAME
           value: {{ .Values.global.runtime.name }}
         - name: PLATFORM_URL
           value: {{ .Values.global.codefresh.url }}
         - name: USER_TOKEN
           {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 10 }}
-{{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }}
-  {{- $name := .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }}
-  {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }}
+{{- if $customCASecretName }}
         - name: SSL_CERT_FILE
-          value: /app/config/{{ $name }}/{{ $key }}
+          value: /app/config/codefresh-tls-certs/{{ $customCASecretKey }}
+{{- end }}
+{{- if $customCASecretName }}
+        volumeMounts:
+        - mountPath: /app/config/codefresh-tls-certs
+          name: codefresh-tls-certs
+          readOnly: true
 {{- end }}
-        imagePullPolicy: {{ .Values.installer.image.pullPolicy }}
         command: ["sh", "-c"]
         args: 
         - |
@@ -36,3 +46,11 @@ spec:
             echo "User token unavailable, unable to remove runtime ${RUNTIME_NAME} from platform, please remove it from UI"
             exit 1
           fi
+{{- if $customCASecretName }}
+      volumes:
+      - name: codefresh-tls-certs
+        secret:
+          secretName: {{ $customCASecretName }}
+          defaultMode: 420
+          optional: true
+{{- end }}
diff --git a/charts/gitops-runtime/tests/custom-ca_test.yaml b/charts/gitops-runtime/tests/custom-ca_test.yaml
@@ -122,6 +122,65 @@ tests:
         name: codefresh-tls-certs
         readOnly: true
 
+- it: volume in pre-delete-hook - chart created secret
+  template: 'hooks/pre-uninstall/delete-runtime-from-platform.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    global.codefresh.tls.caCerts.secret.create: true
+    global.codefresh.tls.caCerts.secret.content: |
+      -----BEGIN CERTIFICATE-----
+      ... encoded certificate data here ...
+      -----END CERTIFICATE-----
+  asserts:
+  - contains:
+      path: spec.template.spec.volumes
+      content:
+        name: codefresh-tls-certs
+        secret:
+          secretName: codefresh-tls-certs
+          defaultMode: 420
+          optional: true
+  - contains:
+      path: spec.template.spec.containers[0].volumeMounts
+      content:
+        mountPath: /app/config/codefresh-tls-certs
+        name: codefresh-tls-certs
+        readOnly: true
+
+- it: volume in pre-delete-hook - no tls
+  template: 'hooks/pre-uninstall/delete-runtime-from-platform.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  asserts:
+  - isNull:
+      path: spec.template.spec.volumes
+  - isNull:
+      path: spec.template.spec.containers[0].volumeMounts
+
+- it: volume in pre-delete-hook - secret ref
+  template: 'hooks/pre-uninstall/delete-runtime-from-platform.yaml'
+  values:
+  - ./values/mandatory-values.yaml
+  set:
+    global.codefresh.tls.caCerts.secretKeyRef.name: my-secret
+    global.codefresh.tls.caCerts.secretKeyRef.key: my-key
+  asserts:
+  - contains:
+      path: spec.template.spec.volumes
+      content:
+        name: codefresh-tls-certs
+        secret:
+          secretName: my-secret
+          defaultMode: 420
+          optional: true
+  - contains:
+      path: spec.template.spec.containers[0].volumeMounts
+      content:
+        mountPath: /app/config/codefresh-tls-certs
+        name: codefresh-tls-certs
+        readOnly: true
+
 - it: environment variable in pre-delete hook - secret ref
   template: 'hooks/pre-uninstall/delete-runtime-from-platform.yaml'
   values:
@@ -134,7 +193,7 @@ tests:
       path: spec.template.spec.containers[0].env
       content:
         name: SSL_CERT_FILE
-        value:  /app/config/my-secret/my-key
+        value:  /app/config/codefresh-tls-certs/my-key
 
 - it: environment variable in pre-delete hook - chart created secret
   template: 'hooks/pre-uninstall/delete-runtime-from-platform.yaml'