diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 87391528dd..823dfd2544 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,10 +1,6 @@ #ALL * @vikramdevtron @kripanshdevtron @nishant-d @prakarsh-dt -#DOCS -docs/ @ashokdevtron @uxarya-d @prakarsh-dt -.gitbook.yaml @uxarya-d @prakarsh-dt - #Helm Charts charts/devtron/ @prakarsh-dt @pawan-mehta-dt @nishant-d scripts/devtron-reference-helm-charts @prakarsh-dt @pawan-mehta-dt @nishant-d diff --git a/.github/workflows/update-release-notes.yml b/.github/workflows/update-release-notes.yml index ed6d35fdac..b2641ec397 100644 --- a/.github/workflows/update-release-notes.yml +++ b/.github/workflows/update-release-notes.yml @@ -7,6 +7,7 @@ on: - closed branches: - main + - develop # Allows you to run this workflow manually from the Actions tab workflow_dispatch: diff --git a/CHANGELOG/release-notes-v0.7.2.md b/CHANGELOG/release-notes-v0.7.2.md new file mode 100644 index 0000000000..e78a01c417 --- /dev/null +++ b/CHANGELOG/release-notes-v0.7.2.md @@ -0,0 +1,127 @@ +## v0.7.2 + +## Bugs +- fix: error in enable change ci (#5358) +- fix: ci patch rbac fixes (#5461) +- fix: bitbucket commit race condition for concurrent requests (#5505) +- fix: handle nil check image scanning (#5497) +- fix: error in switching ci to external ci (#5500) +- fix: autoscale error handling (#5481) +- fix: ci material update fixes for linked ci pipelines (#5523) +- fix: Unable to get HPA manifest for no-gitops deployment (#5522) +- fix: Deployment stuck in starting for no-gitops based pipelines (#5526) +- fix: panic handling for deleted app in app group and env group filters (#5541) +- fix: security time fix when scanning is passed (#5549) +- fix: app group query optimisations (#5558) +- fix: version and fixed_version in image scan result table (#5552) +- fix: add if not exists in migration script for avoiding any errors while rerunning scripts (#5579) +- fix: Resource Browser Shortnames are not applying dynamically (#5573) +- fix: tls enabled flag not getting passed (#5609) +- fix: reverting acd token fetch logic (#5614) +- fix: query optimisations for app group cd listing and ci pipeline blockage state (#5641) +- fix: dependabot security updates (#5608) +- fix: default PipelineType given (#5668) +- fix: validation in CiJob for external Artifact (#5669) +- fix: Nats Panic Error in Orchestrator (#5670) +- fix: SSH & Proxy Cluster flows broken (#5675) +- fix: Restart in orchestrator just after release (#5671) +- fix: Sql query optimisation for application group app status listing (#5672) +- fix: handling for HPA (autoscaling) (#5666) +- fix: refrain from checkin autoscalingCheckBeforeTrigger for virt clus (#5696) +- fix: Decode secret fix on add update oss (#5695) +- fix: saving pco concurrency case handled (#5688) +- fix: script for pipelineStageStepVariable, making input value and default_value text from varchar255 (#5701) +- fix: Issue in EA Mode Cluster - error: pg: multiple rows in result set. (#5708) +- fix: SkipCiBuildCachePushPull code incorporated with minor refac in handle runtime params validation (#5712) +- fix: migration syn (#5718) +- fix: ci patch rbac for branch update (#5759) +- fix: Bitnami chart repo tls issue (#5740) +- fix: check rbac on env if envName is present (#5765) +- fix: scan tool active check removed (#5771) +- fix: panic handlings and argocd app delete stuck in partial stage (#5770) +- fix: unimplemented cluster cron service (#5781) +- fix: sql injection fixes (#5783) +- fix: sql injection fixes (#5801) +- fix: upgraded to /argo-cd/v2 v2.9.21 (#5758) +- fix: Ea rbac issues and not working on airgapped (#5813) +- fix: scan list in global security page sql injection fix (#5808) +- fix: app details page breaking (#5823) +- fix: plugin ip variables value getting changed (#5844) +- fix: ignore kubelink errors in server startup (#5852) (#5854) +- fix: user rbac flows (#5804) +- fix: pg multiple rows in EA mode (#5869) +- fix: app overview panic for helm app (#5863) +- fix: app detail page breaking (#5873) +- fix: copy container image plugin issue (#5876) +- fix: create GitOps configuration issue (#5883) +## Enhancements +- feat: support for handling hibernation and un-hibernation for keda enabled (#5431) +- feat: Async ArgoCd App refresh operation (#5448) +- feat: deployment config migration (#5368) +- feat: Skipping falg based CMCS for Ci Job (#5536) +- feat: expose git commit data as env vars for ci stage (#5534) +- feat: Defining applications as part of release track (#5489) +- feat: gitlab webhook support (#5420) +- feat: Enhance the buildx to use cache for multi arch builds (#5307) +- feat: bug fix for picking wrong values in docker arguments (#5565) +- feat: enable external argocd listing (#5585) +- feat: plugin versioning feature (#5352) +- feat: service account in chart sync (#5584) +- feat: panic in sync pod cron and terminal not opening fix (#5603) +- feat: tls support for git and gitops (#5305) +- feat: system network controller sql script (#5637) +- feat: skip argowf logs from ci logs (#5646) +- feat: gitops support for oci repositories (#5577) +- feat: ext argo app rbac and missing common features and flux app listing and details with rbac (#5528) +- feat: expose git ops metrics (#5582) +- feat: Generate config and secret hash for application mounting external k8s secrets (#5626) +- feat: Env description handling (#5744) +- feat: Added basic auth support for servicemonitor (#5761) +- feat: Docker pull env driven (#5767) +- feat: plugin creation support (#5630) +- feat: Added multiple features support in servicemonitor (#5789) +## Documentation +- doc: Added FAQ no. 28 + GoLang-migrate Link + Code Block Fix (#5502) +- docs: Drafted Software Distribution Hub (#5459) +- doc: Created Image Label + Comments Doc (#5314) +- doc: FAQ added for Bitnami Charts (#5545) +- doc: Added Keycloak SSO Doc (#5571) +- doc: Code scan plugin docs (#5562) +- docs: jenkins-plugin (#5542) +- doc: Copacetic plugin docs (#5564) +- doc: Pull images from container repository (#5563) +- doc: Collated Doc Fixes for July (#5591) +- doc: Drafted Schema Driven DT (#5533) +- doc: fixes in Copacetic plugin doc (#5622) +- doc: Edit Deployment Chart Schema (#5735) +- doc: Redirection of old entry in gitbook.yaml (#5738) +- docs: added Documentation for Air-Gapped Installation (#5360) +- doc: Update prerequisites of code-scan (#5625) +- doc: Cosign plugin doc (#5665) +- doc: CraneCopy plugin doc (#5658) +- doc: Devtron CD Trigger Plugin doc (#5747) +- doc: DockerSlim plugin doc (#5660) +- doc: Devtron Job Trigger Plugin doc (#5742) +- doc: Vulnerability Scanning Plugin doc (#5722) +- docs: Jira plugins doc (Validator + Updater) (#5709) +- docs: added commands enable ingress during helm installation (#5794) +- doc: Revamped + Restructured Ingress Setup Doc (#5798) +- docs: modifying route in ingress doc (#5799) +- docs: modified the anchorlink in ingress.md (#5800) +- doc: ArgoCD + FluxCD App Listing (#5636) +- doc: Added Special CEL Expr in Filter Condition doc (#5850) +## Others +- misc: removal of azure-devops-issue-sync.yml (#5592) +- misc: added action for discrod webhook (#5615) +- misc: Revert "misc: added action for discrod webhook" (#5619) +- chore: Plugin script fix oss (#5661) +- misc: Release candidate v0.16.0 (#5687) +- chore: migration number changes (#5692) +- chore: ea fixes for helm app (#5713) +- misc: Main sync rc - branch update (#5753) +- chore: Revert "feat: plugin creation support" (#5778) +- chore: cron status update refactoring (#5790) +- misc: sync with common-lib changes with release candidate 18 (#5830) +- chore: Custom tag for copy container image plugin (#5760) (#5841) +- chore: migration number fix (#5840) +- misc: Update CODEOWNERS (#5885) diff --git a/api/appStore/InstalledAppRestHandler.go b/api/appStore/InstalledAppRestHandler.go index a765340119..ffb3f0463c 100644 --- a/api/appStore/InstalledAppRestHandler.go +++ b/api/appStore/InstalledAppRestHandler.go @@ -148,6 +148,13 @@ func (handler *InstalledAppRestHandlerImpl) FetchAppOverview(w http.ResponseWrit token := r.Header.Get("token") handler.Logger.Infow("request payload, FindAppOverview", "installedAppId", installedAppId) installedApp, err := handler.installedAppService.GetInstalledAppById(installedAppId) + if err != nil && err != pg.ErrNoRows { + common.WriteJsonResp(w, err, nil, http.StatusInternalServerError) + return + } else if err == pg.ErrNoRows || installedApp == nil { + common.WriteJsonResp(w, errors.New("helm app doses not exist"), nil, http.StatusNotFound) + return + } appOverview, err := handler.appCrudOperationService.GetAppMetaInfo(installedApp.AppId, installedAppId, installedApp.EnvironmentId) if err != nil { handler.Logger.Errorw("service err, FetchAppOverview", "err", err, "appId", installedApp.AppId, "installedAppId", installedAppId) diff --git a/charts/devtron/Chart.yaml b/charts/devtron/Chart.yaml index 9f5318f630..4c50dadb08 100644 --- a/charts/devtron/Chart.yaml +++ b/charts/devtron/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: devtron-operator -appVersion: 0.7.1 +appVersion: 0.7.2 description: Chart to configure and install Devtron. Devtron is a Kubernetes Orchestration system. keywords: - Devtron @@ -11,7 +11,7 @@ keywords: - argocd - Hyperion engine: gotpl -version: 0.22.73 +version: 0.22.74 sources: - https://github.com/devtron-labs/charts dependencies: diff --git a/charts/devtron/devtron-bom.yaml b/charts/devtron/devtron-bom.yaml index 6e35b6fc0a..9f96cb713f 100644 --- a/charts/devtron/devtron-bom.yaml +++ b/charts/devtron/devtron-bom.yaml @@ -8,13 +8,9 @@ global: runAsUser: 1000 runAsNonRoot: true containerRegistry: "quay.io/devtron" - # The below values can be specified both at global as well as component level - nodeSelector: {} - tolerations: [] - imagePullSecrets: [] extraManifests: [] installer: - release: "v0.7.1" + release: "v0.7.2" registry: "" image: "inception" tag: "473deaa4-185-21582" @@ -30,21 +26,25 @@ components: ENABLE_CI_JOB: "true" GLOBAL_API_TIMEOUT: "60000" TRIGGER_API_TIMEOUT: "60000" - ENABLE_EXTERNAL_ARGO_CD: "false" + ENABLE_EXTERNAL_ARGO_CD: "true" SERVICE_WORKER_TIMEOUT: "1" API_BATCH_SIZE: "30" + FEATURE_EXTERNAL_FLUX_CD_ENABLE: "true" + FEATURE_STEP_WISE_LOGS_ENABLE: "true" + FEATURE_USER_DEFINED_GITOPS_REPO_ENABLE: "true" + ENABLE_RESOURCE_SCAN: "true" registry: "" - image: "dashboard:5f95d187-690-23841" + image: "dashboard:215319c7-690-25536" imagePullPolicy: IfNotPresent devtron: registry: "" - image: "hyperion:291c4c75-280-23860" - cicdImage: "devtron:291c4c75-434-23853" + image: "hyperion:3f68456b-280-25566" + cicdImage: "devtron:3f68456b-434-25567" imagePullPolicy: IfNotPresent customOverrides: {} ciRunner: registry: "" - image: "ci-runner:48aca9f4-138-23844" + image: "ci-runner:fd5702db-138-25483" argocdDexServer: registry: "" image: "dex:v2.30.2" @@ -53,7 +53,7 @@ components: authenticator: "authenticator:e414faff-393-13273" kubelink: registry: "" - image: "kubelink:0dee6306-564-23843" + image: "kubelink:6ef0fbbe-564-25533" imagePullPolicy: IfNotPresent configs: ENABLE_HELM_RELEASE_CACHE: "true" @@ -71,7 +71,7 @@ components: keyName: postgresql-password kubewatch: registry: "" - image: "kubewatch:850b40d5-419-23840" + image: "kubewatch:7c8611f4-419-25531" imagePullPolicy: IfNotPresent configs: devtroncd_NAMESPACE: "devtron-ci" @@ -91,7 +91,7 @@ components: armImage: postgres_exporter:v0.10.1 gitsensor: registry: "" - image: "git-sensor:86e13283-200-23847" + image: "git-sensor:5b9cf0ec-200-25481" imagePullPolicy: IfNotPresent serviceMonitor: enabled: false @@ -109,7 +109,7 @@ components: # Values for lens lens: registry: "" - image: "lens:56211042-333-23839" + image: "lens:9db8a2fb-333-25482" imagePullPolicy: IfNotPresent configs: GIT_SENSOR_PROTOCOL: GRPC @@ -154,7 +154,7 @@ components: DB_NAME: "lens" chartSync: registry: "" - image: chart-sync:5a1d0301-150-23845 + image: chart-sync:13ffae06-150-25515 # values for argocd integration argo-cd: global: @@ -174,14 +174,14 @@ workflowController: IMDSv1ExecutorImage: "argoexec:v3.0.7" security: imageScanner: - image: "image-scanner:137872c2-141-23848" + image: "image-scanner:348201f8-141-25486" clair: image: repository: clair tag: 4.3.6 # Values for notifier integration notifier: - image: "notifier:9639b1ab-372-23850" + image: "notifier:06392394-372-25535" minio: image: "minio:RELEASE.2021-02-14T04-01-33Z" mbImage: "minio-mc:RELEASE.2021-02-14T04-28-06Z" @@ -200,3 +200,27 @@ monitoring: image: "k8s-sidecar:1.1.0" curlImage: "curl:7.73.0" imagePullPolicy: IfNotPresent +devtronEnterprise: + enabled: false + casbin: + registry: "" + image: "casbin:efc28fb2-6de0e914-462-25420" + imagePullPolicy: IfNotPresent + configs: + PG_ADDR: postgresql-postgresql.devtroncd + PG_DATABASE: casbin + PG_PORT: "5432" + PG_USER: postgres + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password + resources: {} + scoop: + enabled: false + registry: "" + image: "scoop:296d351d-629-24001" + imagePullPolicy: IfNotPresent + resources: {} + configs: + CLUSTER_ID: "1" + ORCHESTRATOR_URL: http://devtron-service.devtroncd.svc.cluster.local/orchestrator diff --git a/charts/devtron/templates/_helpers.tpl b/charts/devtron/templates/_helpers.tpl index 97da656497..97f2766cc7 100644 --- a/charts/devtron/templates/_helpers.tpl +++ b/charts/devtron/templates/_helpers.tpl @@ -19,13 +19,19 @@ it randomly. {{- end -}} {{- end }} +{{- define "imagePullSecret" }} +{{- with .Values.imagePullSecret.credentials }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + {{/* Expand the node selectors, tolerations, and image pull secrets for a Kubernetes resource. Usage: -{{ include "common.nodeSelector" (dict "nodeSelector" .Values.path.to.nodeSelector "tolerations" .Values.path.to.tolerations "imagePullSecrets" .Values.path.to.imagePullSecrets "global" .Values.global ) }} +{{ include "common.schedulerConfig" (dict "nodeSelector" .Values.path.to.nodeSelector "tolerations" .Values.path.to.tolerations "imagePullSecrets" .Values.path.to.imagePullSecrets "global" .Values.global ) }} */}} -{{- define "common.nodeSelector" -}} +{{- define "common.schedulerConfig" -}} {{- if .nodeSelector }} nodeSelector: {{ toYaml .nodeSelector | indent 2 }} diff --git a/charts/devtron/templates/app-sync-job.yaml b/charts/devtron/templates/app-sync-job.yaml index d665faadc8..92da12d5a2 100644 --- a/charts/devtron/templates/app-sync-job.yaml +++ b/charts/devtron/templates/app-sync-job.yaml @@ -11,7 +11,7 @@ spec: template: spec: serviceAccountName: devtron - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 6 }} initContainers: - name: migration-wait image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }} @@ -75,7 +75,8 @@ spec: spec: template: spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }} + serviceAccountName: chart-sync + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }} {{- if and $.Values.global $.Values.global.podSecurityContext }} securityContext: {{- toYaml $.Values.global.podSecurityContext | nindent 12 }} diff --git a/charts/devtron/templates/casbin.yaml b/charts/devtron/templates/casbin.yaml new file mode 100644 index 0000000000..1a21f32143 --- /dev/null +++ b/charts/devtron/templates/casbin.yaml @@ -0,0 +1,125 @@ +{{- if and .Values.devtronEnterprise.enabled }} +{{- with .Values.devtronEnterprise.casbin }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: casbin + release: casbin + name: casbin + namespace: devtroncd +spec: + minReadySeconds: 60 + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app: casbin + release: casbin + template: + metadata: + labels: + app: casbin + release: casbin + spec: + serviceAccountName: devtron-default-sa + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.devtronEnterprise.casbin.nodeSelector "tolerations" $.Values.devtronEnterprise.casbin.tolerations "imagePullSecrets" $.Values.devtronEnterprise.casbin.imagePullSecrets "global" $.Values.global) | indent 6 }} + containers: + - name: casbin + image: {{ include "common.image" (dict "component" $.Values.devtronEnterprise.casbin "global" $.Values.global) }} + {{- if .imagePullPolicy }} + imagePullPolicy: {{ .imagePullPolicy }} + {{- end }} + env: + - name: DEVTRON_APP_NAME + value: casbin + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- if .dbconfig }} + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .dbconfig.secretName }} + key: {{ .dbconfig.keyName }} + {{- end }} + envFrom: + - configMapRef: + name: casbin-cm + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 20 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 20 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 9000 + name: app + protocol: TCP + {{- if .resources }} + resources: +{{ toYaml .resources | indent 12 }} + {{- end }} + volumeMounts: [] + restartPolicy: Always + terminationGracePeriodSeconds: 30 + volumes: [] +--- +# Casbin ConfigMap +apiVersion: v1 +kind: ConfigMap +metadata: + name: casbin-cm + namespace: devtroncd + labels: + app: casbin + release: casbin +{{- if .configs }} +data: +{{ toYaml .configs | indent 2 }} +{{- end }} +--- +# Casbin Service +apiVersion: v1 +kind: Service +metadata: + labels: + app: casbin + release: casbin + annotations: + "helm.sh/resource-policy": keep + name: casbin-service + namespace: devtroncd +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: app + port: 9000 + protocol: TCP + targetPort: app + selector: + app: casbin + release: casbin + type: ClusterIP +{{- end}} +{{- end}} diff --git a/charts/devtron/templates/configmap-secret.yaml b/charts/devtron/templates/configmap-secret.yaml index b856f736dc..3b6127f3cc 100644 --- a/charts/devtron/templates/configmap-secret.yaml +++ b/charts/devtron/templates/configmap-secret.yaml @@ -247,9 +247,9 @@ data: PG_PASSWORD: {{ $postgresPwd }} {{- if $.Values.installer.modules }} {{- if has "cicd" $.Values.installer.modules }} + ORCH_TOKEN: {{ $ORCH_TOKEN }} EXTERNAL_CI_API_SECRET: {{ $EXTERNAL_CI_API_SECRET }} WEBHOOK_TOKEN: {{ $WEBHOOK_TOKEN }} - ORCH_TOKEN: {{ $ORCH_TOKEN }} DEX_SECRET: {{ $DEX_SECRET }} DEX_JWTKEY: {{ $DEX_JWTKEY }} DEX_CSTOREKEY: {{ $DEX_CSTOREKEY }} @@ -289,3 +289,57 @@ data: {{- end }} {{- end }} type: Opaque + +{{- if $.Values.imagePullSecret }} +{{- if $.Values.imagePullSecret.create }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} + namespace: devtroncd + annotations: + "helm.sh/hook": pre-install,pre-upgrade +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ include "imagePullSecret" . }} + +{{- if eq .Values.imagePullSecret.namespaceScope "all" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} + namespace: devtron-cd + annotations: + "helm.sh/hook": pre-install,pre-upgrade +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ include "imagePullSecret" . }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} + namespace: devtron-ci + annotations: + "helm.sh/hook": pre-install,pre-upgrade +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ include "imagePullSecret" . }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} + namespace: argo + annotations: + "helm.sh/hook": pre-install,pre-upgrade +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ include "imagePullSecret" . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/devtron/templates/dashboard.yaml b/charts/devtron/templates/dashboard.yaml index d909d4978d..8d978e8cac 100644 --- a/charts/devtron/templates/dashboard.yaml +++ b/charts/devtron/templates/dashboard.yaml @@ -77,7 +77,8 @@ spec: securityContext: {{- toYaml $.Values.global.podSecurityContext | nindent 8 }} {{- end }} - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.dashboard.nodeSelector "tolerations" $.Values.components.dashboard.tolerations "imagePullSecrets" $.Values.components.dashboard.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.dashboard.nodeSelector "tolerations" $.Values.components.dashboard.tolerations "imagePullSecrets" $.Values.components.dashboard.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa containers: - name: dashboard image: {{ include "common.image" (dict "component" $.Values.components.dashboard "global" $.Values.global) }} diff --git a/charts/devtron/templates/devtron-scc.yaml b/charts/devtron/templates/devtron-scc.yaml index b6f1c9680e..1f5f10d03e 100644 --- a/charts/devtron/templates/devtron-scc.yaml +++ b/charts/devtron/templates/devtron-scc.yaml @@ -32,6 +32,8 @@ users: - system:serviceaccount:devtroncd:argocd-server - system:serviceaccount:devtron-ci:ci-runner - system:serviceaccount:devtron-cd:cd-runner +- system:serviceaccount:devtroncd:chart-sync +- system:serviceaccount:devtroncd:devtron-default-sa volumes: - '*' {{- end }} diff --git a/charts/devtron/templates/devtron.yaml b/charts/devtron/templates/devtron.yaml index db2f24ccc8..23c39c90b7 100644 --- a/charts/devtron/templates/devtron.yaml +++ b/charts/devtron/templates/devtron.yaml @@ -1,4 +1,5 @@ {{- with .Values.components.devtron }} +{{- $argocdEnabled := index $.Values "argo-cd" }} --- apiVersion: v1 kind: ConfigMap @@ -19,6 +20,12 @@ data: DEX_HOST: http://argocd-dex-server.devtroncd DEX_PORT: "5556" APP_SYNC_IMAGE: {{ include "common.image" (dict "component" $.Values.components.chartSync "global" $.Values.global ) }} + {{- if and $.Values.devtronEnterprise.enabled $.Values.devtronEnterprise.scoop.enabled }} + SCOOP_CLUSTER_CONFIG: '{"1":{"serviceName":"scoop-service","passKey":"qhihdidhwid","namespace":"devtroncd","port":"80"}}' + {{- end }} + {{- if $.Values.devtronEnterprise.enabled }} + CASBIN_CLIENT_URL: casbin-service.devtroncd:9000 + {{- end }} {{- if $.Values.installer.modules }} {{- if has "cicd" $.Values.installer.modules }} CD_HOST: "argocd-server.devtroncd" @@ -86,7 +93,16 @@ data: ENFORCER_MAX_BATCH_SIZE: "1" DEVTRON_SECRET_NAME: "devtron-secret" ENABLE_ASYNC_ARGO_CD_INSTALL_DEVTRON_CHART: "false" - USE_ARTIFACT_LISTING_API_V2: "true" + USE_ARTIFACT_LISTING_API_V2: "false" + ASYNC_BUILDX_CACHE_EXPORT: "true" + BUILDX_CACHE_MODE_MIN: "false" + DEVTRON_CHART_ARGO_CD_INSTALL_REQUEST_TIMEOUT: "1" + IN_APP_LOGGING_ENABLED: "true" + PARALLELISM_LIMIT_FOR_TAG_PROCESSING: "2" + SCAN_V2_ENABLED: "false" + TIMEOUT_IN_SECONDS: "60" + SHOW_DOCKER_BUILD_ARGS: "true" + FORCE_SECURITY_SCANNING: "false" RUN_HELM_INSTALL_IN_ASYNC_MODE_HELM_APPS: "true" ENABLE_ASYNC_INSTALL_DEVTRON_CHART: "true" DEVTRON_CHART_INSTALL_REQUEST_TIMEOUT: "6" @@ -160,6 +176,26 @@ data: {{- if .customOverrides }} {{ toYaml .customOverrides | indent 2}} {{- end }} + {{- $modules := list }} + {{- if has "cicd" $.Values.installer.modules }} + {{- $modules = append $modules "cicd" }} + {{- if $.Values.notifier.enabled }} + {{- $modules = append $modules "notifier" }} + {{- end }} + {{- if and $.Values.security.enabled $.Values.security.trivy.enabled }} + {{- $modules = append $modules "security.trivy" }} + {{- end }} + {{- if and $.Values.security.enabled $.Values.security.clair.enabled }} + {{- $modules = append $modules "security.clair" }} + {{- end }} + {{- if $.Values.monitoring.grafana.enabled }} + {{- $modules = append $modules "monitoring.grafana" }} + {{- end }} + {{- if ($argocdEnabled.enabled) }} + {{- $modules = append $modules "argo-cd" }} + {{- end }} + {{- end }} + INSTALLED_MODULES: {{ if $modules }}{{ printf "'%s'" (join "," $modules) }}{{ else }}""{{ end }} DEFAULT_CI_IMAGE: {{ include "common.image" (dict "component" $.Values.components.ciRunner "global" $.Values.global ) }} --- apiVersion: v1 @@ -201,7 +237,7 @@ spec: app: devtron release: devtron spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.devtron.nodeSelector "tolerations" $.Values.components.devtron.tolerations "imagePullSecrets" $.Values.components.devtron.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.devtron.nodeSelector "tolerations" $.Values.components.devtron.tolerations "imagePullSecrets" $.Values.components.devtron.imagePullSecrets "global" $.Values.global) | indent 6 }} terminationGracePeriodSeconds: 30 restartPolicy: Always serviceAccountName: devtron diff --git a/charts/devtron/templates/dex.yaml b/charts/devtron/templates/dex.yaml index b5bbaadbcc..a95c0379b7 100644 --- a/charts/devtron/templates/dex.yaml +++ b/charts/devtron/templates/dex.yaml @@ -59,7 +59,7 @@ spec: labels: app.kubernetes.io/name: argocd-dex-server spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.argocdDexServer.nodeSelector "tolerations" $.Values.components.argocdDexServer.tolerations "imagePullSecrets" $.Values.components.argocdDexServer.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.argocdDexServer.nodeSelector "tolerations" $.Values.components.argocdDexServer.tolerations "imagePullSecrets" $.Values.components.argocdDexServer.imagePullSecrets "global" $.Values.global) | indent 6 }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/charts/devtron/templates/gitsensor.yaml b/charts/devtron/templates/gitsensor.yaml index 4697699b0b..6248b7381b 100644 --- a/charts/devtron/templates/gitsensor.yaml +++ b/charts/devtron/templates/gitsensor.yaml @@ -73,7 +73,8 @@ spec: securityContext: runAsGroup: 1000 runAsUser: 1000 - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.gitsensor.nodeSelector "tolerations" $.Values.components.gitsensor.tolerations "imagePullSecrets" $.Values.components.gitsensor.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.gitsensor.nodeSelector "tolerations" $.Values.components.gitsensor.tolerations "imagePullSecrets" $.Values.components.gitsensor.imagePullSecrets "global" $.Values.global) | indent 6 }} initContainers: - command: - /bin/sh diff --git a/charts/devtron/templates/grafana.yaml b/charts/devtron/templates/grafana.yaml index c99a841e4a..3fb4b8a621 100644 --- a/charts/devtron/templates/grafana.yaml +++ b/charts/devtron/templates/grafana.yaml @@ -12,9 +12,10 @@ kind: Job metadata: name: grafana-org-job spec: + ttlSecondsAfterFinished: 100 template: spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }} serviceAccountName: devtron containers: - name: grafana-restart @@ -511,7 +512,7 @@ spec: fsGroup: 472 runAsGroup: 472 runAsUser: 472 - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }} initContainers: - name: init-chown-data image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.busyboxImage ) }} @@ -660,7 +661,7 @@ metadata: namespace: devtroncd spec: serviceAccountName: devtron-grafana-test - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 2 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 2 }} containers: - name: devtron-test image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.batsImage ) }} @@ -679,4 +680,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/devtron/templates/install.yaml b/charts/devtron/templates/install.yaml index 123e037885..e3e6192910 100644 --- a/charts/devtron/templates/install.yaml +++ b/charts/devtron/templates/install.yaml @@ -80,6 +80,7 @@ spec: labels: app: inception spec: + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.installer.nodeSelector "tolerations" $.Values.installer.tolerations "imagePullSecrets" $.Values.installer.imagePullSecrets "global" $.Values.global) | indent 6 }} {{- if and $.Values.global $.Values.global.podSecurityContext }} securityContext: {{- toYaml $.Values.global.podSecurityContext | nindent 8 }} diff --git a/charts/devtron/templates/kubelink.yaml b/charts/devtron/templates/kubelink.yaml index 25436ac2a4..f4e93054f0 100644 --- a/charts/devtron/templates/kubelink.yaml +++ b/charts/devtron/templates/kubelink.yaml @@ -57,7 +57,7 @@ spec: labels: app: kubelink spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.kubelink.nodeSelector "tolerations" $.Values.components.kubelink.tolerations "imagePullSecrets" $.Values.components.kubelink.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.kubelink.nodeSelector "tolerations" $.Values.components.kubelink.tolerations "imagePullSecrets" $.Values.components.kubelink.imagePullSecrets "global" $.Values.global) | indent 6 }} terminationGracePeriodSeconds: 30 restartPolicy: Always serviceAccount: devtron diff --git a/charts/devtron/templates/kubewatch.yaml b/charts/devtron/templates/kubewatch.yaml index fc7366deda..fa199caf3c 100644 --- a/charts/devtron/templates/kubewatch.yaml +++ b/charts/devtron/templates/kubewatch.yaml @@ -167,7 +167,7 @@ spec: app: kubewatch release: devtron spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.kubewatch.nodeSelector "tolerations" $.Values.components.kubewatch.tolerations "imagePullSecrets" $.Values.components.kubewatch.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.kubewatch.nodeSelector "tolerations" $.Values.components.kubewatch.tolerations "imagePullSecrets" $.Values.components.kubewatch.imagePullSecrets "global" $.Values.global) | indent 6 }} terminationGracePeriodSeconds: 30 restartPolicy: Always serviceAccountName: kubewatch diff --git a/charts/devtron/templates/lens.yaml b/charts/devtron/templates/lens.yaml index 503fd22eb4..c3a87b3462 100644 --- a/charts/devtron/templates/lens.yaml +++ b/charts/devtron/templates/lens.yaml @@ -66,7 +66,8 @@ spec: app: lens release: devtron spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.lens.nodeSelector "tolerations" $.Values.components.lens.tolerations "imagePullSecrets" $.Values.components.lens.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.lens.nodeSelector "tolerations" $.Values.components.lens.tolerations "imagePullSecrets" $.Values.components.lens.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa terminationGracePeriodSeconds: 30 restartPolicy: Always {{- if and $.Values.global $.Values.global.podSecurityContext }} diff --git a/charts/devtron/templates/migrator.yaml b/charts/devtron/templates/migrator.yaml index 00313889ae..31247c3277 100644 --- a/charts/devtron/templates/migrator.yaml +++ b/charts/devtron/templates/migrator.yaml @@ -14,7 +14,8 @@ metadata: spec: template: spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa {{- if and $.Values.global $.Values.global.podSecurityContext }} securityContext: {{- toYaml $.Values.global.podSecurityContext | nindent 8 }} @@ -122,7 +123,7 @@ metadata: spec: template: spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} serviceAccountName: devtron {{- if and $.Values.global $.Values.global.podSecurityContext }} securityContext: @@ -221,7 +222,8 @@ metadata: spec: template: spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa {{- if and $.Values.global $.Values.global.podSecurityContext }} securityContext: {{- toYaml $.Values.global.podSecurityContext | nindent 8 }} @@ -300,7 +302,8 @@ metadata: spec: template: spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa {{- if and $.Values.global $.Values.global.podSecurityContext }} securityContext: {{- toYaml $.Values.global.podSecurityContext | nindent 8 }} @@ -378,9 +381,10 @@ kind: Job metadata: name: postgresql-miscellaneous spec: + ttlSecondsAfterFinished: 100 template: spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} securityContext: fsGroup: 1000 runAsGroup: 1000 @@ -415,4 +419,4 @@ spec: backoffLimit: 20 activeDeadlineSeconds: 1800 {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/devtron/templates/minio.yaml b/charts/devtron/templates/minio.yaml index e445ca4393..1f788bfe82 100644 --- a/charts/devtron/templates/minio.yaml +++ b/charts/devtron/templates/minio.yaml @@ -259,7 +259,7 @@ spec: app: minio release: {{ $.Release.Name }} spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global) | indent 6 }} serviceAccountName: "devtron-minio" securityContext: runAsUser: 1000 @@ -322,13 +322,14 @@ metadata: release: {{ $.Release.Name }} heritage: Helm spec: + ttlSecondsAfterFinished: 100 template: metadata: labels: app: minio-job release: {{ $.Release.Name }} spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global) | indent 6 }} restartPolicy: OnFailure volumes: - name: minio-configuration @@ -384,7 +385,7 @@ spec: app: minio release: devtron-minio spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global) | indent 6 }} serviceAccountName: "devtron-minio" containers: - name: minio @@ -415,4 +416,4 @@ spec: secretName: devtron-minio {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/devtron/templates/nats-server.yaml b/charts/devtron/templates/nats-server.yaml index 0c06cd9fe9..e6aa25f71e 100644 --- a/charts/devtron/templates/nats-server.yaml +++ b/charts/devtron/templates/nats-server.yaml @@ -91,8 +91,9 @@ spec: app.kubernetes.io/name: nats app.kubernetes.io/instance: devtron-nats spec: + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.nats.nodeSelector "tolerations" $.Values.components.nats.tolerations "imagePullSecrets" $.Values.components.nats.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa # Common volumes for the containers. - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.nats.nodeSelector "tolerations" $.Values.components.nats.tolerations "imagePullSecrets" $.Values.components.nats.imagePullSecrets "global" $.Values.global) | indent 6 }} volumes: - name: config-volume @@ -139,8 +140,6 @@ spec: name: cluster - containerPort: 8222 name: monitor - - containerPort: 7777 - name: metrics command: - "nats-server" @@ -268,7 +267,7 @@ metadata: app.kubernetes.io/instance: devtron-nats app.kubernetes.io/managed-by: Helm spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.nats.nodeSelector "tolerations" $.Values.components.nats.tolerations "imagePullSecrets" $.Values.components.nats.imagePullSecrets "global" $.Values.global) | indent 2 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.nats.nodeSelector "tolerations" $.Values.components.nats.tolerations "imagePullSecrets" $.Values.components.nats.imagePullSecrets "global" $.Values.global) | indent 2 }} containers: - name: nats-box image: {{ include "common.image" (dict "component" $.Values.components.nats.natsBox "global" $.Values.global) }} @@ -316,4 +315,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/devtron/templates/notifier.yaml b/charts/devtron/templates/notifier.yaml index 054046e5a3..55116ed143 100644 --- a/charts/devtron/templates/notifier.yaml +++ b/charts/devtron/templates/notifier.yaml @@ -72,7 +72,8 @@ spec: app: notifier release: devtron spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.notifier.nodeSelector "tolerations" $.Values.notifier.tolerations "imagePullSecrets" $.Values.notifier.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.notifier.nodeSelector "tolerations" $.Values.notifier.tolerations "imagePullSecrets" $.Values.notifier.imagePullSecrets "global" $.Values.global) | indent 6 }} terminationGracePeriodSeconds: 30 restartPolicy: Always {{- if and $.Values.global $.Values.global.podSecurityContext }} diff --git a/charts/devtron/templates/postgresql.yaml b/charts/devtron/templates/postgresql.yaml index efcabcd020..01e7e97486 100644 --- a/charts/devtron/templates/postgresql.yaml +++ b/charts/devtron/templates/postgresql.yaml @@ -113,7 +113,8 @@ spec: release: "devtron" role: master spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.postgres.nodeSelector "tolerations" $.Values.components.postgres.tolerations "imagePullSecrets" $.Values.components.postgres.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.postgres.nodeSelector "tolerations" $.Values.components.postgres.tolerations "imagePullSecrets" $.Values.components.postgres.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa securityContext: fsGroup: 1001 initContainers: @@ -443,7 +444,8 @@ spec: app.kubernetes.io/name: postgres app.kubernetes.io/instance: devtron spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.postgres.nodeSelector "tolerations" $.Values.components.postgres.tolerations "imagePullSecrets" $.Values.components.postgres.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.postgres.nodeSelector "tolerations" $.Values.components.postgres.tolerations "imagePullSecrets" $.Values.components.postgres.imagePullSecrets "global" $.Values.global) | indent 6 }} + serviceAccountName: devtron-default-sa securityContext: fsGroup: 999 initContainers: diff --git a/charts/devtron/templates/scoop.yaml b/charts/devtron/templates/scoop.yaml new file mode 100644 index 0000000000..53a7587db1 --- /dev/null +++ b/charts/devtron/templates/scoop.yaml @@ -0,0 +1,169 @@ +{{- if and .Values.devtronEnterprise.enabled .Values.devtronEnterprise.scoop.enabled }} +{{- with .Values.devtronEnterprise.scoop }} +{{- $passKey := randAlphaNum 12 | lower }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: scoop-devtron + namespace: devtroncd + labels: + app: scoop +spec: + minReadySeconds: 60 + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app: scoop + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: scoop + spec: + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.devtronEnterprise.scoop.nodeSelector "tolerations" $.Values.devtronEnterprise.scoop.tolerations "imagePullSecrets" $.Values.devtronEnterprise.scoop.imagePullSecrets "global" $.Values.global) | indent 6 }} + terminationGracePeriodSeconds: 30 + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: sa-scoop + containers: + - name: scoop + image: {{ include "common.image" (dict "component" $.Values.devtronEnterprise.scoop "global" $.Values.global) }} + {{- if .imagePullPolicy }} + imagePullPolicy: {{ .imagePullPolicy }} + {{- end }} + {{- if and $.Values.global $.Values.global.containerSecurityContext }} + securityContext: +{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} + {{- end }} + env: + - name: X-PASS-KEY + value: qhihdidhwid + - name: PASS_KEY + value: qhihdidhwid + - name: RETENTION + value: "10080" + - name: TOKEN + valueFrom: + secretKeyRef: + name: devtron-secret + key: ORCH_TOKEN + envFrom: + - configMapRef: + name: scoop-cm + ports: + - containerPort: 8080 + name: app + protocol: TCP + {{- if .resources }} + resources: + {{- toYaml .resources | nindent 12 }} + {{- end }} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File +--- +# Scoop-service +apiVersion: v1 +kind: Service +metadata: + labels: + app: scoop + name: scoop-service + namespace: devtroncd +spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: app + selector: + app: scoop + sessionAffinity: None + type: ClusterIP + +--- +# Scoop ConfigMap +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: scoop + name: scoop-cm + namespace: devtroncd +{{- if .configs }} +data: +{{ toYaml .configs | indent 2 }} +{{- end }} + +--- +# Scoop ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + app.kubernetes.io/instance: devtron + name: read-only-cluster-role-scoop +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - "*" + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - "*" + verbs: + - get + - list + - watch + +--- +# Scoop ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: read-only-user-crb-scoop + annotations: + "helm.sh/resource-policy": keep +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: read-only-cluster-role-scoop +subjects: + - kind: ServiceAccount + name: sa-scoop + namespace: devtroncd + +--- +# Scoop ServiceAccount +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sa-scoop + namespace: devtroncd + labels: + app: scoop + annotations: + "helm.sh/resource-policy": keep +{{- end }} +{{- end }} diff --git a/charts/devtron/templates/workflow.yaml b/charts/devtron/templates/workflow.yaml index 61e3839660..e20c28be17 100644 --- a/charts/devtron/templates/workflow.yaml +++ b/charts/devtron/templates/workflow.yaml @@ -37,6 +37,29 @@ metadata: annotations: "helm.sh/hook": pre-install "helm.sh/resource-policy": keep +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: chart-sync + namespace: devtroncd + labels: + release: devtron +{{- if $.Values.components.chartSync.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.components.chartSync.imagePullSecrets | indent 2 }} +{{- else if $.Values.global.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: devtron-default-sa + namespace: devtroncd + labels: + release: devtron {{- if $.Values.installer.modules }} {{- if has "cicd" $.Values.installer.modules }} --- @@ -1270,7 +1293,7 @@ spec: labels: app: workflow-controller spec: - {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.workflowController.nodeSelector "tolerations" $.Values.workflowController.tolerations "imagePullSecrets" $.Values.workflowController.imagePullSecrets "global" $.Values.global) | indent 6 }} + {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.workflowController.nodeSelector "tolerations" $.Values.workflowController.tolerations "imagePullSecrets" $.Values.workflowController.imagePullSecrets "global" $.Values.global) | indent 6 }} containers: - args: - --configmap diff --git a/charts/devtron/values.yaml b/charts/devtron/values.yaml index 19f6854f38..f8b3928847 100644 --- a/charts/devtron/values.yaml +++ b/charts/devtron/values.yaml @@ -9,13 +9,22 @@ global: runAsNonRoot: true containerRegistry: "quay.io/devtron" # The below values can be specified both at global as well as component level + # nodeSelector: + # key: value + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # imagePullSecrets: + # - name: your-image-pull-secret nodeSelector: {} tolerations: [] imagePullSecrets: [] extraManifests: [] installer: repo: "devtron-labs/devtron" - release: "v0.7.1" + release: "v0.7.2" registry: "" image: inception tag: 473deaa4-185-21582 @@ -24,7 +33,6 @@ installer: openshift: false # Set this to true if you are installing on openshift production_overrides: "" # Set true if you want to use this Devtron stack in Production (This will require more resources) # Change the below values for full mode only - #Use secrets in plaintext, they'll be encoded to base64 automatically. secrets: {} # REQUIRED IF BLOB_STORAGE_PROVIDER=AZURE Token with read write access to AZURE_BLOB_CONTAINER_CI_LOG and AZURE_BLOB_CONTAINER_CI_CACHE @@ -61,16 +69,20 @@ components: ENABLE_CI_JOB: "true" GLOBAL_API_TIMEOUT: "60000" TRIGGER_API_TIMEOUT: "60000" - ENABLE_EXTERNAL_ARGO_CD: "false" + ENABLE_EXTERNAL_ARGO_CD: "true" SERVICE_WORKER_TIMEOUT: "1" API_BATCH_SIZE: "30" + FEATURE_EXTERNAL_FLUX_CD_ENABLE: "true" + FEATURE_STEP_WISE_LOGS_ENABLE: "true" + FEATURE_USER_DEFINED_GITOPS_REPO_ENABLE: "true" + ENABLE_RESOURCE_SCAN: "true" registry: "" - image: "dashboard:5f95d187-690-23841" + image: "dashboard:215319c7-690-25536" imagePullPolicy: IfNotPresent devtron: registry: "" - image: "hyperion:291c4c75-280-23860" - cicdImage: "devtron:291c4c75-434-23853" + image: "hyperion:3f68456b-280-25566" + cicdImage: "devtron:3f68456b-434-25567" imagePullPolicy: IfNotPresent customOverrides: {} serviceMonitor: @@ -96,7 +108,7 @@ components: # - devtron.example.com ciRunner: registry: "" - image: "ci-runner:48aca9f4-138-23844" + image: "ci-runner:fd5702db-138-25483" argocdDexServer: registry: "" image: "dex:v2.30.2" @@ -105,7 +117,7 @@ components: authenticator: "authenticator:e414faff-393-13273" kubelink: registry: "" - image: "kubelink:0dee6306-564-23843" + image: "kubelink:6ef0fbbe-564-25533" imagePullPolicy: IfNotPresent configs: ENABLE_HELM_RELEASE_CACHE: "true" @@ -123,7 +135,7 @@ components: keyName: postgresql-password kubewatch: registry: "" - image: "kubewatch:850b40d5-419-23840" + image: "kubewatch:7c8611f4-419-25531" imagePullPolicy: IfNotPresent configs: devtroncd_NAMESPACE: "devtron-ci" @@ -145,7 +157,7 @@ components: volumeSize: "20Gi" gitsensor: registry: "" - image: "git-sensor:86e13283-200-23847" + image: "git-sensor:5b9cf0ec-200-25481" imagePullPolicy: IfNotPresent serviceMonitor: enabled: false @@ -163,7 +175,7 @@ components: # Values for lens lens: registry: "" - image: "lens:56211042-333-23839" + image: "lens:9db8a2fb-333-25482" imagePullPolicy: IfNotPresent secrets: {} resources: {} @@ -210,7 +222,7 @@ components: DB_NAME: "lens" chartSync: registry: "" - image: chart-sync:5a1d0301-150-23845 + image: chart-sync:13ffae06-150-25515 # values for argocd integration argo-cd: enabled: false @@ -251,13 +263,7 @@ argo-cd: - all readOnlyRootFilesystem: true runAsNonRoot: true - env: - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true + env: [] affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -347,12 +353,6 @@ argo-cd: - --parallelismlimit - "50" env: - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true - name: ARGOCD_EXEC_TIMEOUT value: 180s containerSecurityContext: @@ -370,7 +370,7 @@ argo-cd: security: enabled: false imageScanner: - image: "image-scanner:137872c2-141-23848" + image: "image-scanner:348201f8-141-25486" # Values for trivy trivy: enabled: false @@ -385,7 +385,7 @@ security: notifier: enabled: false imagePullPolicy: IfNotPresent - image: "notifier:9639b1ab-372-23850" + image: "notifier:06392394-372-25535" configs: CD_ENVIRONMENT: PROD DB: orchestrator @@ -436,3 +436,28 @@ monitoring: resources: {} persistence: storage: "2Gi" +# Change these values for Devtron-Enterprise +devtronEnterprise: + enabled: false + casbin: + registry: "" + image: "casbin:efc28fb2-6de0e914-462-25420" + imagePullPolicy: IfNotPresent + configs: + PG_ADDR: postgresql-postgresql.devtroncd + PG_DATABASE: casbin + PG_PORT: "5432" + PG_USER: postgres + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password + resources: {} + scoop: + enabled: false + registry: "" + image: "scoop:296d351d-629-24001" + imagePullPolicy: IfNotPresent + resources: {} + configs: + CLUSTER_ID: "1" + ORCHESTRATOR_URL: http://devtron-service.devtroncd.svc.cluster.local/orchestrator diff --git a/cmd/external-app/wire_gen.go b/cmd/external-app/wire_gen.go index bab4ef2b47..ab3bca55cd 100644 --- a/cmd/external-app/wire_gen.go +++ b/cmd/external-app/wire_gen.go @@ -1,6 +1,6 @@ // Code generated by Wire. DO NOT EDIT. -//go:generate go run -mod=mod github.com/google/wire/cmd/wire +//go:generate go run github.com/google/wire/cmd/wire //go:build !wireinject // +build !wireinject diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index c219ea5bd1..ce8354d2d8 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -10,6 +10,12 @@ An immutable blob of data generated as an output after the execution of a job, b * Once a job is complete, you can view the job artifacts by going to Jobs → Run history (tab) → (choose a pipeline and date of triggering the build) → Artifacts (tab). +### ArgoCD Apps + +ArgoCD Apps are the micro-services deployed using a [GitOps](#gitops) deployment tool named [Argo CD](https://argo-cd.readthedocs.io/en/stable/). + +If ArgoCD applications are present in your cluster, they will appear in the [ArgoCD Apps listing](../user-guide/applications.md#enabling-argocd-app-listing). + ### Base Deployment Template A deployment template is a manifest of the application defining its runtime behavior. You can select one of the default deployment charts or custom deployment charts created by super-admin. @@ -112,6 +118,12 @@ Similarly, the CPU and memory resources can be different for each environment. T You can add external links related to the application. For e.g., you can add Prometheus, Grafana, and many more to your application by going to Global Configurations → External Links. [Read More...](../user-guide/global-configurations/external-links.md) +### FluxCD Apps + +FluxCD Apps are the micro-services deployed using a [GitOps](#gitops) deployment tool named [Flux CD](https://fluxcd.io/). + +If FluxCD applications are present in your cluster, they will appear in the [FluxCD Apps listing](../user-guide/applications.md#view-fluxcd-app-listing). + ### GitOps A methodology for managing and automating Kubernetes deployments using Git repositories as the source of truth. Changes to the desired state of the cluster are driven by Git commits. [Read More...](../user-guide/global-configurations/gitops.md) diff --git a/docs/user-guide/applications.md b/docs/user-guide/applications.md index 8df03f9be5..d436240c03 100644 --- a/docs/user-guide/applications.md +++ b/docs/user-guide/applications.md @@ -1,3 +1,145 @@ # Applications -Please configure Global Configurations before creating an application or cloning an existing application. \ No newline at end of file +{% hint style="warning" %} +Configure [Global Configurations](./global-configurations/README.md) first before creating an application or cloning an existing application. +{% endhint %} + +## Introduction + +The **Applications** page helps you create and manage your microservices, and it majorly consists of the following: + +* [Application Listing](#application-listing) +* [Create Button](#create-button) +* [Other Options](#other-options) + +### Application Listing + +You can view the app name, its status, environment, namespace, and many more upfront. The apps are segregated into: [Devtron Apps](../reference/glossary.md#devtron-apps), [Helm Apps](../reference/glossary.md#helm-apps), [ArgoCD Apps](../reference/glossary.md#argocd-apps), and [FluxCD Apps](../reference/glossary.md#fluxcd-apps). + +![Figure 1: App Types](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/argocd/app-types.jpg) + +### Create Button + +You can use this to: +* [Create a Devtron app](./create-application.md) +* [Create a Helm app](./deploy-chart/deployment-of-charts.md) +* [Create a Job](./jobs/create-job.md) + +### Other Options + +There are additional options available for you: +* **Search and filters** to make it easier for you to find applications. +* **Export CSV** to download the data of Devtron apps (not supported for Helm apps and Argo CD apps). +* **Sync button** to refresh the app listing. + +--- + +## View ArgoCD App Listing + +{% hint style="warning" %} +### Who Can Perform This Action? +Users need super-admin permission to view/enable/disable the ArgoCD listing. +{% endhint %} + +### Preface + +In Argo CD, a user manages one dashboard for one ArgoCD instance. Therefore, with multiple ArgoCD instances, the process becomes cumbersome for the user to manage several dashboards. + +With Devtron, you get an entire Argo CD app listing in one place. This listing includes: +* Apps deployed using [GitOps](../reference/glossary.md#gitops) on Devtron +* Other Argo CD apps present in your cluster + +![Figure 2: ArgoCD App List](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/argocd/app-details-argo.gif) + +### Advantages + +Devtron also bridges the gap for ArgoCD users by providing additional features as follows: + +* **Resource Scanning**: You can scan for vulnerabilities using Devtron's [resource scanning](../user-guide/security-features.md#from-app-details) feature. [![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/elements/EnterpriseTag.svg)](https://devtron.ai/pricing) + +* **Single-pane View**: All Argo CD apps will show details such as their app status, environment, cluster, and namespace together in one dashboard. + +* **Feature-rich Options**: Clicking an Argo CD app will give you access to its logs, terminal, events, manifest, available resource kinds, pod restart log, and many more. + +{% hint style="info" %} +### Additional References +[ArgoCD: Standalone Configuration vs Devtron Configuration](https://devtron.ai/blog/argocd-standalone-configuration-vs-devtron-configuration/#argocd-installation-and-configuration) +{% endhint %} + +### Prerequisite +The cluster in which Argo CD apps exist should be added in **Global Configurations** → **Clusters and Environments** + +### Feature Flag + +> **`ENABLE_EXTERNAL_ARGO_CD: "true"`** + +### Enabling ArgoCD App Listing + +{% embed url="https://www.youtube.com/watch?v=4KyYnsAEpqo" caption="Enabling External ArgoCD Listing" %} + +1. Go to the **Resource Browser** of Devtron. + +2. Select the cluster (in which your Argo CD app exists). + +3. Type `ConfigMap` in the 'Jump to Kind' field. + +4. Search for `dashboard-cm` using the available search bar and click it. + +5. Click **Edit Live Manifest**. + +6. Set the feature flag **ENABLE_EXTERNAL_ARGO_CD** to **"true"** + +7. Click **Apply Changes**. + +8. Go back to the 'Jump to Kind' field and type `Pod`. + +9. Search for `dashboard` pod and use the kebab menu (3 vertical dots) to delete the pod. + +10. Go to **Applications** and refresh the page. A new tab named **ArgoCD Apps** will be visible. + +11. Select the cluster(s) from the dropdown to view the Argo CD apps available in the chosen cluster(s). + + ![Figure 3: Cluster Selection for Argo CD Listing](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/argocd/argo-cluster-selection.jpg) + +--- + +## View FluxCD App Listing + +{% hint style="warning" %} +### Who Can Perform This Action? +Users need super-admin permission to view/enable/disable the FluxCD listing. +{% endhint %} + +### Preface + +Flux CD doesn't have any official dashboard; however, Devtron supports the listing of your [Flux CD](https://fluxcd.io/) apps in one dashboard. Here, the [advantages](#advantages) are same as those of [ArgoCD app listing](#view-argocd-app-listing). + +![Figure 4: FluxCD App List and Details](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/fluxcd/fluxcd-listing.jpg) + +### Prerequisite +The cluster in which Flux CD apps exist should be added in **Global Configurations** → **Clusters and Environments** + +### Feature Flag + +> **`FEATURE_EXTERNAL_FLUX_CD_ENABLE: "true"`** + +### Enabling FluxCD App Listing + +{% hint style="info" %} +### Tip +You may refer the steps mentioned in the [Enabling ArgoCD App Listing](#enabling-argocd-app-listing) section since the procedure is similar. +{% endhint %} + +Using Devtron's Resource Browser, add the [feature flag](#feature-flag-1) in the Dashboard ConfigMap as shown below. + +![Figure 5: Editing Dashboard ConfigMap](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/fluxcd/flux-feature-flag.jpg) + +After successfully executing all the steps, a new tab named **FluxCD Apps** will be visible. Select the cluster(s) from the dropdown to view the Flux CD apps available in the chosen cluster(s). + +![Figure 6: Selecting Cluster](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/fluxcd/cluster-selection.jpg) + +(Optional) Once you choose cluster(s), you may use the **Template Type** dropdown to further filter your Flux CD app listing based on its type, i.e., [Kustomization](https://fluxcd.io/flux/components/kustomize/kustomizations/) or [Helmrelease](https://fluxcd.io/flux/components/helm/helmreleases/). + +Click any Flux CD app to view its details as shown below. + +![Figure 7: Flux App Details](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/fluxcd/app-details-flux.gif) \ No newline at end of file diff --git a/docs/user-guide/global-configurations/filter-condition.md b/docs/user-guide/global-configurations/filter-condition.md index b721010e5d..bde3182985 100644 --- a/docs/user-guide/global-configurations/filter-condition.md +++ b/docs/user-guide/global-configurations/filter-condition.md @@ -8,6 +8,7 @@ Using filter conditions, you can control the progression of events. Here are a f * Images containing the label "test" should not be eligible for deployment in production environment * Only images having tag versions greater than v0.7.4 should be eligible for deployment * Images hosted on Docker Hub should be eligible but not the rest +* Only images derived from master branch should be eligible for production deployment (see [example](#scenario-2)) --- @@ -55,17 +56,17 @@ You must have application(s) with CI-CD workflow(s) configured ![Figure 5: Selecting Environment(s) from Cluster(s)](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/filters/environment-selection.jpg) - {% hint style="info" %} - Since an application can have more than one environment, the filter conditions apply only to the environment you chose in the **Apply to** section. If you create a filter condition without choosing an application or environment, it will not apply to any of your pipelines. - {% endhint %} +{% hint style="info" %} +Since an application can have more than one environment, the filter conditions apply only to the environment you chose in the **Apply to** section. If you create a filter condition without choosing an application or environment, it will not apply to any of your pipelines. +{% endhint %} 6. Click **Save**. You have successfully created a filter. ![Figure 6: Success Toast](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/filters/filter-created.jpg) - {% hint style="warning" %} - If you create filters using CEL expressions that result in a conflict (i.e., passing and failing of the same image), fail will have higher precedence - {% endhint %} +{% hint style="warning" %} +If you create filters using CEL expressions that result in a conflict (i.e., passing and failing of the same image), fail will have higher precedence +{% endhint %} --- @@ -78,6 +79,8 @@ Here's a sample pipeline we will be using for our explanation of [pass condition ### Pass Condition +#### Scenario 1 + Consider a scenario where you wish to make an image eligible for deployment only if its tag version is greater than `v0.0.7` The CEL Expression should be `containerImageTag > "v0.0.7"` @@ -102,6 +105,25 @@ Clicking the filter icon at the top-left shows the filter condition(s) applied t ![Figure 12b: Conditions Applied](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/filters/conditions-applied-1.jpg) +#### Scenario 2 + +Consider another scenario where you wish to make images eligible for deployment only if the application's git branch starts with the word `hotfix` and also if its repo URL matches your specified condition. + +**CEL Expression**: + +`gitCommitDetails.filter(gitCommitDetail, gitCommitDetail.startsWith('https://github.com/devtron-labs')).map(repo, gitCommitDetails[repo].branch).exists_one(branch, branch.startsWith('hotfix-'))` + +where, `https://github.com/devtron-labs` is a portion of the repo URL
+and `hotfix-` is for finding the branch name (say *hotfix-sept-2024*) + +Alternatively, if you have a fixed branch (say *hotfix-123*), you may write the following expression: + +`'hotfix-123' in gitCommitDetails.filter(gitCommitDetail, gitCommitDetail.startsWith('https://github.com/devtron-labs')).map(repo, gitCommitDetails[repo].branch)` + +**Walkthrough Video**: + +{% embed url="https://www.youtube.com/watch?v=R8IbZhXhH-k" caption="Filter Condition Example" %} + ### Fail Condition diff --git a/internal/sql/repository/AppListingRepository.go b/internal/sql/repository/AppListingRepository.go index c5536724f6..40519bccf4 100644 --- a/internal/sql/repository/AppListingRepository.go +++ b/internal/sql/repository/AppListingRepository.go @@ -382,7 +382,6 @@ func (impl AppListingRepositoryImpl) deploymentDetailsByAppIdAndEnvId(ctx contex } deploymentDetail.EnvironmentId = envId - deploymentDetail.EnvironmentId = envId dc, err := impl.deploymentConfigRepository.GetByAppIdAndEnvId(appId, envId) if err != nil && err != pg.ErrNoRows { impl.Logger.Errorw("error in getting deployment config by appId and envId", "appId", appId, "envId", envId, "err", err) diff --git a/manifests/install/devtron-installer.yaml b/manifests/install/devtron-installer.yaml index f0bb4839be..c13839c9b9 100644 --- a/manifests/install/devtron-installer.yaml +++ b/manifests/install/devtron-installer.yaml @@ -4,4 +4,4 @@ metadata: name: installer-devtron namespace: devtroncd spec: - url: https://raw.githubusercontent.com/devtron-labs/devtron/v0.7.1/manifests/installation-script + url: https://raw.githubusercontent.com/devtron-labs/devtron/v0.7.2/manifests/installation-script diff --git a/manifests/installation-script b/manifests/installation-script index fe6032030c..b1c4d67d2f 100644 --- a/manifests/installation-script +++ b/manifests/installation-script @@ -1,4 +1,4 @@ -LTAG="v0.7.1"; +LTAG="v0.7.2"; REPO_RAW_URL="https://raw.githubusercontent.com/devtron-labs/devtron/"; log("executed devtron setup installation"); diff --git a/manifests/release.txt b/manifests/release.txt index d189590491..8e6c98d5c6 100644 --- a/manifests/release.txt +++ b/manifests/release.txt @@ -1 +1 @@ -stable -1 v0.7.1 +stable -1 v0.7.2 diff --git a/manifests/yamls/dashboard.yaml b/manifests/yamls/dashboard.yaml index ae5a449c43..6f05ac9650 100644 --- a/manifests/yamls/dashboard.yaml +++ b/manifests/yamls/dashboard.yaml @@ -235,7 +235,7 @@ spec: - name: envoy-config-volume mountPath: /etc/envoy-config/ - name: dashboard - image: "quay.io/devtron/dashboard:5f95d187-690-23841" + image: "quay.io/devtron/dashboard:215319c7-690-25536" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/devtron.yaml b/manifests/yamls/devtron.yaml index ac0833faa6..6ccd9b8cc0 100644 --- a/manifests/yamls/devtron.yaml +++ b/manifests/yamls/devtron.yaml @@ -53,7 +53,7 @@ data: CD_NODE_TAINTS_VALUE: "ci" CD_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" DEFAULT_CD_NAMESPACE: "devtron-cd" - DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:48aca9f4-138-23844" + DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:fd5702db-138-25483" DEFAULT_CD_TIMEOUT: "3600" WF_CONTROLLER_INSTANCE_ID: "devtron-runner" CI_LOGS_KEY_PREFIX: "ci-artifacts" @@ -89,7 +89,7 @@ data: ENFORCER_CACHE: "true" ENFORCER_CACHE_EXPIRATION_IN_SEC: "345600" ENFORCER_MAX_BATCH_SIZE: "1" - APP_SYNC_IMAGE: "quay.io/devtron/chart-sync:5a1d0301-150-23845" + APP_SYNC_IMAGE: "quay.io/devtron/chart-sync:13ffae06-150-25515" DEVTRON_SECRET_NAME: "devtron-secret" GIT_SENSOR_PROTOCOL: GRPC GIT_SENSOR_URL: git-sensor-service.devtroncd:90 @@ -169,7 +169,7 @@ spec: runAsUser: 1000 containers: - name: devtron - image: "quay.io/devtron/devtron:291c4c75-434-23853" + image: "quay.io/devtron/devtron:b5a2f8ba-434-25563" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/gitsensor.yaml b/manifests/yamls/gitsensor.yaml index e16b519934..9c19b45885 100644 --- a/manifests/yamls/gitsensor.yaml +++ b/manifests/yamls/gitsensor.yaml @@ -67,7 +67,7 @@ spec: - /bin/sh - -c - mkdir -p /git-base/ssh-keys && chown -R devtron:devtron /git-base && chmod 777 /git-base/ssh-keys - image: "quay.io/devtron/git-sensor:86e13283-200-23847" + image: "quay.io/devtron/git-sensor:5b9cf0ec-200-25481" imagePullPolicy: IfNotPresent name: chown-git-base resources: {} @@ -80,7 +80,7 @@ spec: name: git-volume containers: - name: git-sensor - image: "quay.io/devtron/git-sensor:86e13283-200-23847" + image: "quay.io/devtron/git-sensor:5b9cf0ec-200-25481" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/image-scanner.yaml b/manifests/yamls/image-scanner.yaml index 9c8a06e861..61344fddbe 100644 --- a/manifests/yamls/image-scanner.yaml +++ b/manifests/yamls/image-scanner.yaml @@ -73,7 +73,7 @@ spec: runAsUser: 1000 containers: - name: image-scanner - image: "quay.io/devtron/image-scanner:137872c2-141-23848" + image: "quay.io/devtron/image-scanner:348201f8-141-25486" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/kubelink.yaml b/manifests/yamls/kubelink.yaml index 21531cf24c..6502a2ff93 100644 --- a/manifests/yamls/kubelink.yaml +++ b/manifests/yamls/kubelink.yaml @@ -25,7 +25,7 @@ spec: runAsUser: 1000 containers: - name: kubelink - image: "quay.io/devtron/kubelink:0dee6306-564-23843" + image: "quay.io/devtron/kubelink:6ef0fbbe-564-25533" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/kubewatch.yaml b/manifests/yamls/kubewatch.yaml index e00be3131a..2fabe230ef 100644 --- a/manifests/yamls/kubewatch.yaml +++ b/manifests/yamls/kubewatch.yaml @@ -164,7 +164,7 @@ spec: runAsUser: 1000 containers: - name: kubewatch - image: "quay.io/devtron/kubewatch:850b40d5-419-23840" + image: "quay.io/devtron/kubewatch:7c8611f4-419-25531" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/lens.yaml b/manifests/yamls/lens.yaml index dc92100db6..fd2b4c4e39 100644 --- a/manifests/yamls/lens.yaml +++ b/manifests/yamls/lens.yaml @@ -71,7 +71,7 @@ spec: runAsUser: 1000 containers: - name: lens - image: "quay.io/devtron/lens:56211042-333-23839" + image: "quay.io/devtron/lens:9db8a2fb-333-25482" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/notifier.yaml b/manifests/yamls/notifier.yaml index e182739a9e..437b293853 100644 --- a/manifests/yamls/notifier.yaml +++ b/manifests/yamls/notifier.yaml @@ -66,7 +66,7 @@ spec: restartPolicy: Always containers: - name: notifier - image: quay.io/devtron/notifier:9639b1ab-372-23850" + image: quay.io/devtron/notifier:06392394-372-25535" imagePullPolicy: IfNotPresent ports: - name: app diff --git a/pkg/eventProcessor/in/WorkflowEventProcessorService.go b/pkg/eventProcessor/in/WorkflowEventProcessorService.go index 1765448cbf..43bd26c219 100644 --- a/pkg/eventProcessor/in/WorkflowEventProcessorService.go +++ b/pkg/eventProcessor/in/WorkflowEventProcessorService.go @@ -190,8 +190,8 @@ func (impl *WorkflowEventProcessorImpl) SubscribeCDStageCompleteEvent() error { pluginArtifacts := make(map[string][]string) if cdStageCompleteEvent.PluginArtifacts != nil { pluginArtifacts = cdStageCompleteEvent.PluginArtifacts.GetRegistryToUniqueContainerArtifactDataMapping() - globalUtil.MergeMaps(pluginArtifacts, cdStageCompleteEvent.PluginRegistryArtifactDetails) } + globalUtil.MergeMaps(pluginArtifacts, cdStageCompleteEvent.PluginRegistryArtifactDetails) impl.logger.Debugw("received post stage success event for workflow runner ", "wfId", strconv.Itoa(wfr.Id)) err = impl.workflowDagExecutor.HandlePostStageSuccessEvent(triggerContext, wfr, wfr.CdWorkflowId, cdStageCompleteEvent.CdPipelineId, cdStageCompleteEvent.TriggeredBy, pluginArtifacts) @@ -647,8 +647,8 @@ func (impl *WorkflowEventProcessorImpl) BuildCiArtifactRequest(event bean.CiComp pluginArtifacts := make(map[string][]string) if event.PluginArtifacts != nil { pluginArtifacts = event.PluginArtifacts.GetRegistryToUniqueContainerArtifactDataMapping() - globalUtil.MergeMaps(pluginArtifacts, event.PluginRegistryArtifactDetails) } + globalUtil.MergeMaps(pluginArtifacts, event.PluginRegistryArtifactDetails) request := &wrokflowDagBean.CiArtifactWebhookRequest{ Image: event.DockerImage, diff --git a/pkg/workflow/dag/WorkflowDagExecutor.go b/pkg/workflow/dag/WorkflowDagExecutor.go index 096a3347c3..fa31d5dd83 100644 --- a/pkg/workflow/dag/WorkflowDagExecutor.go +++ b/pkg/workflow/dag/WorkflowDagExecutor.go @@ -539,8 +539,8 @@ func (impl *WorkflowDagExecutorImpl) HandlePreStageSuccessEvent(triggerContext t pluginArtifacts := make(map[string][]string) if cdStageCompleteEvent.PluginArtifacts != nil { pluginArtifacts = cdStageCompleteEvent.PluginArtifacts.GetRegistryToUniqueContainerArtifactDataMapping() - util4.MergeMaps(pluginArtifacts, cdStageCompleteEvent.PluginRegistryArtifactDetails) } + util4.MergeMaps(pluginArtifacts, cdStageCompleteEvent.PluginRegistryArtifactDetails) err = impl.deactivateUnusedPaths(wfRunner.ImagePathReservationIds, pluginArtifacts) if err != nil { diff --git a/releasenotes.md b/releasenotes.md index 8e333d8e67..e78a01c417 100644 --- a/releasenotes.md +++ b/releasenotes.md @@ -1,59 +1,127 @@ -## v0.7.1 +## v0.7.2 ## Bugs -- fix: EA mode wire fix (#5462) -- fix: compare manifest fixes (#5430) -- fix: override clusterRbac with direct allow behaviour for super admin (#5449) -- fix: external helm app when linked to devtron and page breaks while adding project to it, without switching back to applist (#5443) -- fix: empty the code and image scan script (#5434) -- fix: K8s Resource list RBAC ignore for Superadmin (#5415) -- fix: repo url and name handling with argocd (#5445) -- fix: fix for terminal disconnect issue when custom transport is being used (#5436) -- fix: gitops async failed for git cli mode in concurrent cases (#5412) -- fix: Updating pr-issue-validator-script (#5384) -- fix: optimised FetchLatestDeploymentWithChartRefs query (#5393) -- fix: nats consumer deleted on shutdown (#5377) -- fix: panic issue in get/ download pod logs api (#5342) -- fix: encountering panic in application groups in build and deploy page (#5330) -- fix: chart group rbac issue (#5183) -- fix: Multiple choice option for namespace in Kubernetes resource permission (#5293) -- fix: restart workloads fix in app group (#5313) -- fix: deployment chart fix (#5215) -- fix: docker file version fix (#5299) -- fix: hibernating status is not being updated in app listing page (#5294) +- fix: error in enable change ci (#5358) +- fix: ci patch rbac fixes (#5461) +- fix: bitbucket commit race condition for concurrent requests (#5505) +- fix: handle nil check image scanning (#5497) +- fix: error in switching ci to external ci (#5500) +- fix: autoscale error handling (#5481) +- fix: ci material update fixes for linked ci pipelines (#5523) +- fix: Unable to get HPA manifest for no-gitops deployment (#5522) +- fix: Deployment stuck in starting for no-gitops based pipelines (#5526) +- fix: panic handling for deleted app in app group and env group filters (#5541) +- fix: security time fix when scanning is passed (#5549) +- fix: app group query optimisations (#5558) +- fix: version and fixed_version in image scan result table (#5552) +- fix: add if not exists in migration script for avoiding any errors while rerunning scripts (#5579) +- fix: Resource Browser Shortnames are not applying dynamically (#5573) +- fix: tls enabled flag not getting passed (#5609) +- fix: reverting acd token fetch logic (#5614) +- fix: query optimisations for app group cd listing and ci pipeline blockage state (#5641) +- fix: dependabot security updates (#5608) +- fix: default PipelineType given (#5668) +- fix: validation in CiJob for external Artifact (#5669) +- fix: Nats Panic Error in Orchestrator (#5670) +- fix: SSH & Proxy Cluster flows broken (#5675) +- fix: Restart in orchestrator just after release (#5671) +- fix: Sql query optimisation for application group app status listing (#5672) +- fix: handling for HPA (autoscaling) (#5666) +- fix: refrain from checkin autoscalingCheckBeforeTrigger for virt clus (#5696) +- fix: Decode secret fix on add update oss (#5695) +- fix: saving pco concurrency case handled (#5688) +- fix: script for pipelineStageStepVariable, making input value and default_value text from varchar255 (#5701) +- fix: Issue in EA Mode Cluster - error: pg: multiple rows in result set. (#5708) +- fix: SkipCiBuildCachePushPull code incorporated with minor refac in handle runtime params validation (#5712) +- fix: migration syn (#5718) +- fix: ci patch rbac for branch update (#5759) +- fix: Bitnami chart repo tls issue (#5740) +- fix: check rbac on env if envName is present (#5765) +- fix: scan tool active check removed (#5771) +- fix: panic handlings and argocd app delete stuck in partial stage (#5770) +- fix: unimplemented cluster cron service (#5781) +- fix: sql injection fixes (#5783) +- fix: sql injection fixes (#5801) +- fix: upgraded to /argo-cd/v2 v2.9.21 (#5758) +- fix: Ea rbac issues and not working on airgapped (#5813) +- fix: scan list in global security page sql injection fix (#5808) +- fix: app details page breaking (#5823) +- fix: plugin ip variables value getting changed (#5844) +- fix: ignore kubelink errors in server startup (#5852) (#5854) +- fix: user rbac flows (#5804) +- fix: pg multiple rows in EA mode (#5869) +- fix: app overview panic for helm app (#5863) +- fix: app detail page breaking (#5873) +- fix: copy container image plugin issue (#5876) +- fix: create GitOps configuration issue (#5883) ## Enhancements -- feat: Checking multiarchitecture of images (#5232) -- feat: updated kubelink grpc client cfg (#5426) -- feat: Integration of Cranecopy plugin (#5131) -- feat: casbin upgraded to v2 (#5329) -- feat: new scripts added for rescan sbom support , helm manifest scan flag and git container links (#5406) -- feat: Reload materials api added (#5182) -- feat: mirgator plugin (#5347) -- feat: insecure support for chart-sync (#5328) -- feat: GitOps async install for devtron applications (#5169) -- feat: chart ref schema db migration (#5319) -- feat: Up and Down Script for BitBucket Plugin v1.0.0 (#4949) -- feat: Added statefulset chart 5.1.0 (#5199) -- feat: air gap registry v2 (#5220) -- feat: tenants and installations migration (#5187) +- feat: support for handling hibernation and un-hibernation for keda enabled (#5431) +- feat: Async ArgoCd App refresh operation (#5448) +- feat: deployment config migration (#5368) +- feat: Skipping falg based CMCS for Ci Job (#5536) +- feat: expose git commit data as env vars for ci stage (#5534) +- feat: Defining applications as part of release track (#5489) +- feat: gitlab webhook support (#5420) +- feat: Enhance the buildx to use cache for multi arch builds (#5307) +- feat: bug fix for picking wrong values in docker arguments (#5565) +- feat: enable external argocd listing (#5585) +- feat: plugin versioning feature (#5352) +- feat: service account in chart sync (#5584) +- feat: panic in sync pod cron and terminal not opening fix (#5603) +- feat: tls support for git and gitops (#5305) +- feat: system network controller sql script (#5637) +- feat: skip argowf logs from ci logs (#5646) +- feat: gitops support for oci repositories (#5577) +- feat: ext argo app rbac and missing common features and flux app listing and details with rbac (#5528) +- feat: expose git ops metrics (#5582) +- feat: Generate config and secret hash for application mounting external k8s secrets (#5626) +- feat: Env description handling (#5744) +- feat: Added basic auth support for servicemonitor (#5761) +- feat: Docker pull env driven (#5767) +- feat: plugin creation support (#5630) +- feat: Added multiple features support in servicemonitor (#5789) ## Documentation -- doc: Blob Storage Redirection + Other Fixes (#5432) -- doc: Added migration steps for 0.6 to 0.7 upgrade (#5411) -- doc: Created Deployment Window Draft (#4800) -- doc: Redirection Fix for User Permissions Doc + Other Fixes (#5382) -- doc: Redirection Fixes for 0.7 (#5381) -- doc: Redirection Issue Trial Fix (#5378) -- doc: Plugin Creation Doc (#5372) -- docs: Added specs for the global plugin Apis (#5362) -- docs: Fixes + Corrections in Docs (#5335) -- docs: fixed broken link in readme (#5337) -- docs: removed users (#5324) -- docs: Created a file for listing Devtron Users (#5310) +- doc: Added FAQ no. 28 + GoLang-migrate Link + Code Block Fix (#5502) +- docs: Drafted Software Distribution Hub (#5459) +- doc: Created Image Label + Comments Doc (#5314) +- doc: FAQ added for Bitnami Charts (#5545) +- doc: Added Keycloak SSO Doc (#5571) +- doc: Code scan plugin docs (#5562) +- docs: jenkins-plugin (#5542) +- doc: Copacetic plugin docs (#5564) +- doc: Pull images from container repository (#5563) +- doc: Collated Doc Fixes for July (#5591) +- doc: Drafted Schema Driven DT (#5533) +- doc: fixes in Copacetic plugin doc (#5622) +- doc: Edit Deployment Chart Schema (#5735) +- doc: Redirection of old entry in gitbook.yaml (#5738) +- docs: added Documentation for Air-Gapped Installation (#5360) +- doc: Update prerequisites of code-scan (#5625) +- doc: Cosign plugin doc (#5665) +- doc: CraneCopy plugin doc (#5658) +- doc: Devtron CD Trigger Plugin doc (#5747) +- doc: DockerSlim plugin doc (#5660) +- doc: Devtron Job Trigger Plugin doc (#5742) +- doc: Vulnerability Scanning Plugin doc (#5722) +- docs: Jira plugins doc (Validator + Updater) (#5709) +- docs: added commands enable ingress during helm installation (#5794) +- doc: Revamped + Restructured Ingress Setup Doc (#5798) +- docs: modifying route in ingress doc (#5799) +- docs: modified the anchorlink in ingress.md (#5800) +- doc: ArgoCD + FluxCD App Listing (#5636) +- doc: Added Special CEL Expr in Filter Condition doc (#5850) ## Others -- chore: common-lib upgrade for nats replicas (#5446) -- chore: migration for gitops config (#5383) -- chore: update common-lib tag version (#5333) -- chore: updated go version in EA dockerfile (#5327) - - - +- misc: removal of azure-devops-issue-sync.yml (#5592) +- misc: added action for discrod webhook (#5615) +- misc: Revert "misc: added action for discrod webhook" (#5619) +- chore: Plugin script fix oss (#5661) +- misc: Release candidate v0.16.0 (#5687) +- chore: migration number changes (#5692) +- chore: ea fixes for helm app (#5713) +- misc: Main sync rc - branch update (#5753) +- chore: Revert "feat: plugin creation support" (#5778) +- chore: cron status update refactoring (#5790) +- misc: sync with common-lib changes with release candidate 18 (#5830) +- chore: Custom tag for copy container image plugin (#5760) (#5841) +- chore: migration number fix (#5840) +- misc: Update CODEOWNERS (#5885) diff --git a/wire_gen.go b/wire_gen.go index 861a03ff6e..ac5db2be55 100644 --- a/wire_gen.go +++ b/wire_gen.go @@ -1,6 +1,6 @@ // Code generated by Wire. DO NOT EDIT. -//go:generate go run -mod=mod github.com/google/wire/cmd/wire +//go:generate go run github.com/google/wire/cmd/wire //go:build !wireinject // +build !wireinject