From f792b4e53e644a3d776bef3e2a8eaa649c29c8a4 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 28 May 2025 19:22:24 +0300 Subject: [PATCH 1/8] feat: add support for custom TLS certificates from the platform --- charts/gitops-runtime/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 8e0a9feb..b79c948b 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -43,5 +43,5 @@ dependencies: alias: gitops-operator condition: gitops-operator.enabled - name: cf-argocd-extras - repository: oci://quay.io/codefresh/charts - version: 0.5.2 + repository: oci://quay.io/codefresh/charts/dev + version: 0.5.3-feat-platform-custom-tls-certs From 0ee3e68943d08b0320b824d4086114e77faef8c2 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 28 May 2025 19:38:10 +0300 Subject: [PATCH 2/8] feat: add support for custom TLS certificates from the platform From 202306dcfa18cb9355d15060c1f17ce60b21f2b2 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 28 May 2025 19:51:00 +0300 Subject: [PATCH 3/8] feat: add support for custom TLS certificates from the platform --- charts/gitops-runtime/templates/event-reporter.yaml | 5 +++++ charts/gitops-runtime/templates/sources-server.yaml | 9 +++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/templates/event-reporter.yaml b/charts/gitops-runtime/templates/event-reporter.yaml index 640883ae..0be83a99 100644 --- a/charts/gitops-runtime/templates/event-reporter.yaml +++ b/charts/gitops-runtime/templates/event-reporter.yaml @@ -18,4 +18,9 @@ {{- $_ := set $cfArgoCdExtrasContext.Values.eventReporter.container.env "ARGOCD_SERVER_ROOTPATH" (index .Values "global" "external-argo-cd" "server" "rootpath") }} {{- end }} +{{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} + {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} + {{- $_ := set $cfArgoCdExtrasContext.Values.eventReporter.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $key ) }} +{{- end }} + {{ include "cf-argocd-extras.event-reporter.resources" $cfArgoCdExtrasContext }} diff --git a/charts/gitops-runtime/templates/sources-server.yaml b/charts/gitops-runtime/templates/sources-server.yaml index c1358d33..111ca5c7 100644 --- a/charts/gitops-runtime/templates/sources-server.yaml +++ b/charts/gitops-runtime/templates/sources-server.yaml @@ -10,12 +10,17 @@ {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }} {{- else }} {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }} - {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }} + {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }} {{- end }} {{- end }} {{- if and (index .Values "global" "external-argo-cd" "server" "rootpath") }} - {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGOCD_SERVER_ROOTPATH" (index .Values "global" "external-argo-cd" "server" "rootpath") }} + {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGOCD_SERVER_ROOTPATH" (index .Values "global" "external-argo-cd" "server" "rootpath") }} +{{- end }} + +{{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} + {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} + {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $key ) }} {{- end }} {{- include "cf-argocd-extras.sources-server.hpa" $cfArgoCdExtrasContext }} From 38ebd985e57110a2a1d906126c99e1fb3ee7b412 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 28 May 2025 19:53:14 +0300 Subject: [PATCH 4/8] feat: add support for custom TLS certificates from the platform From 54a5ee757115472249dc08970f164cb34b619429 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 28 May 2025 20:11:01 +0300 Subject: [PATCH 5/8] feat: add support for custom TLS certificates from the platform --- charts/gitops-runtime/templates/event-reporter.yaml | 6 ++++-- charts/gitops-runtime/templates/sources-server.yaml | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/gitops-runtime/templates/event-reporter.yaml b/charts/gitops-runtime/templates/event-reporter.yaml index 0be83a99..be24301f 100644 --- a/charts/gitops-runtime/templates/event-reporter.yaml +++ b/charts/gitops-runtime/templates/event-reporter.yaml @@ -19,8 +19,10 @@ {{- end }} {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} - {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} - {{- $_ := set $cfArgoCdExtrasContext.Values.eventReporter.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $key ) }} + {{- $secretName := .Values.global.codefresh.tls.caCerts.secretKeyRef.name | default "codefresh-tls-certs" }} + {{- $secretKey := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} + {{- $_ := set $cfArgoCdExtrasContext.Values.eventReporter.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $secretKey ) }} + {{- $_ := set (index $cfArgoCdExtrasContext.Values.eventReporter.volumes "codefresh-tls-certs") "nameOverride" $secretName }} {{- end }} {{ include "cf-argocd-extras.event-reporter.resources" $cfArgoCdExtrasContext }} diff --git a/charts/gitops-runtime/templates/sources-server.yaml b/charts/gitops-runtime/templates/sources-server.yaml index 111ca5c7..5a728723 100644 --- a/charts/gitops-runtime/templates/sources-server.yaml +++ b/charts/gitops-runtime/templates/sources-server.yaml @@ -19,8 +19,10 @@ {{- end }} {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} - {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} - {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $key ) }} + {{- $secretName := .Values.global.codefresh.tls.caCerts.secretKeyRef.name | default "codefresh-tls-certs" }} + {{- $secretKey := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} + {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $secretKey ) }} + {{- $_ := set (index $cfArgoCdExtrasContext.Values.sourcesServer.volumes "codefresh-tls-certs") "nameOverride" $secretName }} {{- end }} {{- include "cf-argocd-extras.sources-server.hpa" $cfArgoCdExtrasContext }} From de0f8ce348133484344e4f18aceb65ec2c7657c2 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Wed, 28 May 2025 20:32:26 +0300 Subject: [PATCH 6/8] feat: add support for custom TLS certificates from the platform --- .../tests/cf-argocd-extras_test.yaml | 184 ++++++++++++++++++ 1 file changed, 184 insertions(+) diff --git a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml index 7d5c4fe8..304ae0fb 100644 --- a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml +++ b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml @@ -154,3 +154,187 @@ tests: - equal: path: data["redis.server"] value: RELEASE-NAME-redis-ha-haproxy:6379 + + - it: Sources-Server should have an OPTIONAL codefresh-tls-certs volume and volumeMount by default + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Sources-Server should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secret: + create: true + key: ca-bundle.crt + content: | + -----BEGIN CERTIFICATE----- + MIID... + -----END CERTIFICATE----- + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Sources-Server should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secretKeyRef is set + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secretKeyRef: + name: my-codefresh-tls-certs + key: my-ca-bundle.crt + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/my-ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: my-codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Event-Reporter should have an OPTIONAL codefresh-tls-certs volume and volumeMount by default + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Event-Reporter should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secret: + create: true + key: ca-bundle.crt + content: | + -----BEGIN CERTIFICATE----- + MIID... + -----END CERTIFICATE----- + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Event-Reporter should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secretKeyRef is set + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secretKeyRef: + name: my-codefresh-tls-certs + key: my-ca-bundle.crt + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/my-ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: my-codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true From 51acae42c06c0d44c7f4f3dbb0960c3000b1de34 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 29 May 2025 12:45:25 +0300 Subject: [PATCH 7/8] feat: add support for custom TLS certificates from the platform --- charts/gitops-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index b79c948b..d95fd646 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -44,4 +44,4 @@ dependencies: condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts/dev - version: 0.5.3-feat-platform-custom-tls-certs + version: 0.5.4-feat-platform-custom-tls-certs From 8d23c08034c064761f0119ba5bb62aad0f9caf9b Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Thu, 29 May 2025 12:45:37 +0300 Subject: [PATCH 8/8] feat: add support for custom TLS certificates from the platform --- charts/gitops-runtime/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index d95fd646..a3a44a62 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -43,5 +43,5 @@ dependencies: alias: gitops-operator condition: gitops-operator.enabled - name: cf-argocd-extras - repository: oci://quay.io/codefresh/charts/dev - version: 0.5.4-feat-platform-custom-tls-certs + repository: oci://quay.io/codefresh/charts + version: 0.5.4