diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 82ef5115..68ceeb3f 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -42,11 +42,6 @@ dependencies: version: 0.7.9 alias: gitops-operator condition: gitops-operator.enabled -- name: garage - repository: https://codefresh-io.github.io/garage - alias: garage-workflows-artifact-storage - version: 0.5.0-cf.3 - condition: garage-workflows-artifact-storage.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts version: 0.5.1 diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index d15a7228..7328c7ed 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -16,6 +16,25 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ +## Argo-workflows artifact and log storage +Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. +If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values: + +```yaml +argo-workflows: + controller: + workflowDefaults: + spec: + artifactRepository: + configMap: codefresh-workflows-log-store + key: codefresh-workflows-log-store +``` + +> [!WARNING] +> It's highly recommended to use your own artifact storage for data privacy reasons. +> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. +> Please refer to the official documentation for more details. + ## Installation with External ArgoCD If you want to use an existing ArgoCD installation, you can disable the built-in ArgoCD and configure the GitOps Runtime to use the external ArgoCD. @@ -259,6 +278,7 @@ sealed-secrets: | argo-rollouts.enabled | bool | `true` | | | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` | | | argo-rollouts.installCRDs | bool | `true` | | +| argo-workflows.controller.workflowDefaults.spec.archiveLogs | bool | `true` | | | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs | | argo-workflows.enabled | bool | `true` | | | argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` | | @@ -266,8 +286,10 @@ sealed-secrets: | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` | | | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI | | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. | -| cf-argocd-extras | object | `{"libraryMode":true}` | Codefresh extra services for ArgoCD | +| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]},"libraryMode":true,"sourcesServer":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}}` | Codefresh extra services for ArgoCD | | cf-argocd-extras.libraryMode | bool | `true` | Library mode for the chart. Allows to inject values from gitops runtime chart | +| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}` | Sources server configuration | +| codefreshWorkflowLogStoreCM | object | `{"enabled":true,"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. | | event-reporters.rollout.eventSource.affinity | object | `{}` | | | event-reporters.rollout.eventSource.nodeSelector | object | `{}` | | | event-reporters.rollout.eventSource.replicas | int | `1` | | @@ -304,14 +326,6 @@ sealed-secrets: | event-reporters.workflow.sensor.retryStrategy.steps | int | `3` | Number of retries | | event-reporters.workflow.sensor.tolerations | list | `[]` | | | event-reporters.workflow.serviceAccount.create | bool | `true` | | -| garage-workflows-artifact-storage | object | `{"deployment":{"kind":"StatefulSet","replicaCount":3},"enabled":false,"fullnameOverride":"garage","garage":{"replicationMode":3},"persistence":{"data":{"size":"100Mi","storageClass":""},"enabled":true,"meta":{"size":"100Mi","storageClass":""}},"resources":{},"tests":{"enabled":false}}` | Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) | -| garage-workflows-artifact-storage.deployment.kind | string | `"StatefulSet"` | Only statefulset is supported for Codefresh gitops runtime. Do not change this | -| garage-workflows-artifact-storage.persistence.data | object | `{"size":"100Mi","storageClass":""}` | Volume that stores artifacts and logs for workflows | -| garage-workflows-artifact-storage.persistence.data.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used | -| garage-workflows-artifact-storage.persistence.meta | object | `{"size":"100Mi","storageClass":""}` | Volume that stores cluster metadata | -| garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used | -| garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. | -| garage-workflows-artifact-storage.tests | object | `{"enabled":false}` | Helm tests | | gitops-operator.affinity | object | `{}` | | | gitops-operator.crds | object | `{"additionalLabels":{},"annotations":{},"install":true,"keep":false}` | Codefresh gitops operator crds | | gitops-operator.crds.additionalLabels | object | `{}` | Additional labels for gitops operator CRDs | @@ -369,7 +383,8 @@ sealed-secrets: | global.external-argo-rollouts | object | `{"rollout-reporter":{"enabled":false}}` | Configuration for external Argo Rollouts | | global.external-argo-rollouts.rollout-reporter | object | `{"enabled":false}` | Rollout reporter settings | | global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout | -| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | +| global.nodeSelector | object | `{}` | Global nodeSelector for all components | +| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings | | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. | | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. | | global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource | @@ -381,7 +396,7 @@ sealed-secrets: | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. | | global.runtime.gitCredentials.password.value | string | `nil` | Plain text password | | global.runtime.gitCredentials.username | string | `"username"` | Username. Optional when using token in password. | -| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings | +| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings | | global.runtime.ingress.enabled | bool | `false` | Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false. | | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. | | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. | @@ -389,7 +404,8 @@ sealed-secrets: | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) | | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". | | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. | -| installer | object | `{"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release | +| global.tolerations | list | `[]` | Global tolerations for all components | +| installer | object | `{"affinity":{},"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"nodeSelector":{},"skipValidation":false,"tolerations":[]}` | Runtime installer used for running hooks and checks on the release | | installer.skipValidation | bool | `false` | if set to true, pre-install hook will *not* run | | internal-router.affinity | object | `{}` | | | internal-router.clusterDomain | string | `"cluster.local"` | | @@ -424,6 +440,6 @@ sealed-secrets: | internal-router.serviceAccount.name | string | `""` | | | internal-router.tolerations | list | `[]` | | | sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- | -| tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | +| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. | | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false | | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 3dc84754..fe36e8a6 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -16,6 +16,27 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/) ## Codefresh official documentation: Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/ +## Argo-workflows artifact and log storage +Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration. +If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values: + +```yaml +argo-workflows: + controller: + workflowDefaults: + spec: + artifactRepository: + configMap: codefresh-workflows-log-store + key: codefresh-workflows-log-store +``` + + +> [!WARNING] +> It's highly recommended to use your own artifact storage for data privacy reasons. +> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes. +> Please refer to the official documentation for more details. + + ## Installation with External ArgoCD If you want to use an existing ArgoCD installation, you can disable the built-in ArgoCD and configure the GitOps Runtime to use the external ArgoCD. diff --git a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml new file mode 100644 index 00000000..8c4f404f --- /dev/null +++ b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml @@ -0,0 +1,23 @@ +{{- if .Values.codefreshWorkflowLogStoreCM.enabled }} + {{- $_ := required "global.codefresh.accountId is required if codefreshWorkflowLogStoreCM is enabled" .Values.global.codefresh.accountId }} +apiVersion: v1 +data: + codefresh-workflows-log-store: | + archiveLogs: true + s3: + bucket: {{ .Values.global.codefresh.accountId }} + endpoint: {{ .Values.codefreshWorkflowLogStoreCM.endpoint }} + insecure: {{ .Values.codefreshWorkflowLogStoreCM.insecure }} + keyFormat: {{ .Values.global.runtime.name }}/{{ "{{" }}workflow.name{{ "}}" }}/{{ "{{" }}pod.name{{ "}}" }} + accessKeySecret: + name: codefresh-token + key: token + secretKeySecret: + name: codefresh-token + key: token +kind: ConfigMap +metadata: + annotations: + workflows.argoproj.io/default-artifact-repository: codefresh-workflows-log-store + name: codefresh-workflows-log-store +{{- end }} diff --git a/charts/gitops-runtime/templates/tunnel-client.yaml b/charts/gitops-runtime/templates/tunnel-client.yaml index 2b4368e8..8d5b0c70 100644 --- a/charts/gitops-runtime/templates/tunnel-client.yaml +++ b/charts/gitops-runtime/templates/tunnel-client.yaml @@ -10,4 +10,4 @@ reduce complexity of installation and number or mandatory values to provide for {{ $runtimeName := required "runtime.name is required" .Values.global.runtime.name }} {{ $_ := set $tunnelClientContext.Values.tunnel "subdomainPrefix" (printf "%s-%s" $accoundId $runtimeName)}} {{- include "codefresh-tunnel-client.resources" $tunnelClientContext }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml b/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml new file mode 100644 index 00000000..5ad11e58 --- /dev/null +++ b/charts/gitops-runtime/tests/codefresh-workflow-logs-store.yaml @@ -0,0 +1,67 @@ +suite: codefresh-workflow-logs-store tests +templates: + - codefresh-workflow-log-store.yaml +tests: + +- it: Should only create the configmap when enabled + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + codefreshWorkflowLogStoreCM.enabled: false + asserts: + - hasDocuments: + count: 0 + +- it: Should only create the configmap when enabled + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + codefreshWorkflowLogStoreCM.enabled: true + asserts: + - hasDocuments: + count: 1 + +- it: Should fail if the accountId is not set + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + codefreshWorkflowLogStoreCM.enabled: true + global.codefresh.accountId: "" + asserts: + - failedTemplate: + errorMessage: 'global.codefresh.accountId is required if codefreshWorkflowLogStoreCM is enabled' + +- it: ConfigMap data populated with the correct values + template: 'codefresh-workflow-log-store.yaml' + values: + - ./values/mandatory-values.yaml + set: + global: + runtime: + name: test-runtime + codefreshWorkflowLogStoreCM.enabled: true + global.codefresh.accountId: "test-account" + codefreshWorkflowLogStoreCM: + enabled: true + endpoint: test.codefresh.io + insecure: true + asserts: + - equal: + path: data + value: + codefresh-workflows-log-store: | + archiveLogs: true + s3: + bucket: test-account + endpoint: test.codefresh.io + insecure: true + keyFormat: test-runtime/{{workflow.name}}/{{pod.name}} + accessKeySecret: + name: codefresh-token + key: token + secretKeySecret: + name: codefresh-token + key: token diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 6af30479..7839af6c 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -313,7 +313,16 @@ argo-workflows: resources: requests: ephemeral-storage: 10Mi + controller: + workflowDefaults: + spec: + archiveLogs: true +# -- Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. +codefreshWorkflowLogStoreCM: + enabled: true + endpoint: gitops-workflow-logs.codefresh.io + insecure: false #----------------------------------------------------------------------------------------------------------------------- # Argo rollouts #----------------------------------------------------------------------------------------------------------------------- @@ -714,38 +723,6 @@ gitops-operator: cpu: 100m memory: 128Mi -#----------------------------------------------------------------------------------------------------------------------- -# Garage -#----------------------------------------------------------------------------------------------------------------------- -# -- Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) -garage-workflows-artifact-storage: - fullnameOverride: garage - enabled: false - deployment: - # -- Only statefulset is supported for Codefresh gitops runtime. Do not change this - kind: StatefulSet - replicaCount: 3 - garage: - #-- Default to 3 replicas, see the replication_mode section at https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode - replicationMode: 3 - persistence: - enabled: true - # -- Volume that stores cluster metadata - meta: - # -- When empty value empty the default storage class for the cluster will be used - storageClass: "" - size: 100Mi - # -- Volume that stores artifacts and logs for workflows - data: - # -- When empty value empty the default storage class for the cluster will be used - storageClass: "" - size: 100Mi - # -- Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. - resources: {} - # -- Helm tests - tests: - enabled: false - #----------------------------------------------------------------------------------------------------------------------- # cf-argocd-extras #-----------------------------------------------------------------------------------------------------------------------