From 535e6495fa3e0ba36a1a3ded28650ae04136b669 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 12:57:58 +0300 Subject: [PATCH 01/16] feat: update dependencies --- charts/codefresh/Chart.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/codefresh/Chart.yaml b/charts/codefresh/Chart.yaml index 3547910a9..9754648b5 100644 --- a/charts/codefresh/Chart.yaml +++ b/charts/codefresh/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: Helm Chart for Codefresh On-Prem name: codefresh -version: 2.6.14 +version: 2.6.15 keywords: - codefresh home: https://codefresh.io/ @@ -17,9 +17,9 @@ annotations: artifacthub.io/alternativeName: "codefresh-onprem" artifacthub.io/containsSecurityUpdates: "false" # supported kinds are added, changed, deprecated, removed, fixed and security. - # artifacthub.io/changes: | - # - kind: fixed - # description: "Fixed an issue with incorrect Github Enterprise branch list endpoint." + artifacthub.io/changes: | + - kind: fixed + description: "Fixed an issue with incorrect Github Enterprise branch list endpoint." dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts From 63fee4756300552a71a01fcb02efea00504bdd12 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 13:16:48 +0300 Subject: [PATCH 02/16] feat: update dependencies --- charts/codefresh/.ci/values/defaults.yaml | 105 ++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 charts/codefresh/.ci/values/defaults.yaml diff --git a/charts/codefresh/.ci/values/defaults.yaml b/charts/codefresh/.ci/values/defaults.yaml new file mode 100644 index 000000000..4f7c5cc5f --- /dev/null +++ b/charts/codefresh/.ci/values/defaults.yaml @@ -0,0 +1,105 @@ +seed-e2e: + enabled: true + +global: + appUrl: "" # placeholder + imagePullSecrets: + - codefresh-registry + - dockerhub-creds + +cfapi: + rbac: + namespaced: false + hpa: + enabled: true + resources: + requests: + cpu: 300m + memory: 1024Mi + container: + env: + DEFAULT_SYSTEM_TYPE: CLASSIC + +ingress: + enabled: true + ingressClassName: nginx + tls: + enabled: false + +ingress-nginx: + enabled: false + +argo-platform: + enabled: true + + analytics-reporter: + hpa: + enabled: true + + api-events: + hpa: + enabled: true + + api-graphql: + hpa: + enabled: true + resources: + requests: + cpu: 300m + memory: 1024Mi + + cron-executor: + hpa: + enabled: true + + event-handler: + hpa: + enabled: true + resources: + requests: + cpu: 300m + memory: 1024Mi + + ui: + hpa: + enabled: true + + audit: + hpa: + enabled: true + + abac: + hpa: + enabled: true + + promotion-orchestrator: + hpa: + enabled: true + +mongodb: + migration: + enabled: false + image: + repository: bitnamilegacy/mongodb + nodeSelector: + kubernetes.io/arch: amd64 + +consul: + image: + repository: bitnamilegacy/consul + +nats: + image: + repository: bitnamilegacy/nats + +rabbitmq: + image: + repository: bitnamilegacy/rabbitmq + +hooks: + mongodb: + nodeSelector: + kubernetes.io/arch: amd64 + rabbitmq: + nodeSelector: + kubernetes.io/arch: amd64 From 1453389adf02b28cff5cb35cc4ed19291141393c Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 14:34:03 +0300 Subject: [PATCH 03/16] feat: update dependencies --- charts/codefresh/templates/secrets/regsecret.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/codefresh/templates/secrets/regsecret.yaml b/charts/codefresh/templates/secrets/regsecret.yaml index 50a060885..ebb707c0e 100644 --- a/charts/codefresh/templates/secrets/regsecret.yaml +++ b/charts/codefresh/templates/secrets/regsecret.yaml @@ -1,4 +1,5 @@ {{ $name := printf "%v-%v-%v" .Release.Name .Values.global.codefresh "registry" }} + {{- if .Values.imageCredentials }} --- apiVersion: v1 kind: Secret @@ -20,4 +21,5 @@ metadata: type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ include "codefresh.imagePullSecret" . }} -{{- end }} \ No newline at end of file + {{- end }} +{{- end }} From 17107652844de3f1a74fd605c2fe2696cc1c1a9b Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 14:42:30 +0300 Subject: [PATCH 04/16] feat: update dependencies --- charts/codefresh/values.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/codefresh/values.yaml b/charts/codefresh/values.yaml index 32b724331..ae1bb54b2 100644 --- a/charts/codefresh/values.yaml +++ b/charts/codefresh/values.yaml @@ -717,6 +717,8 @@ cf-platform-analytics-platform: redis: enabled: true nameOverride: redis-platform-analytics + image: + repository:: bitnamilegacy/redis resources: requests: cpu: 100m @@ -1149,6 +1151,8 @@ redis: requests: cpu: 200m memory: 256Mi + image: + repository:: bitnamilegacy/redis # -- redis-ha ## Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml @@ -1305,7 +1309,7 @@ argo-hub-platform: container: image: registry: us-docker.pkg.dev/codefresh-enterprise/gcr.io - repository: codefresh-io/argo-hub-platform + repository: codefresh/argo-hub-platform imagePullSecrets: - '{{ .Release.Name }}-registry' resources: From 1749d6ad9a7859b45c4eddc411a9503e421a3a3b Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 14:53:56 +0300 Subject: [PATCH 05/16] feat: update dependencies --- charts/codefresh/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/codefresh/values.yaml b/charts/codefresh/values.yaml index ae1bb54b2..c81d64105 100644 --- a/charts/codefresh/values.yaml +++ b/charts/codefresh/values.yaml @@ -718,7 +718,7 @@ cf-platform-analytics-platform: enabled: true nameOverride: redis-platform-analytics image: - repository:: bitnamilegacy/redis + repository: bitnamilegacy/redis resources: requests: cpu: 100m @@ -1152,7 +1152,7 @@ redis: cpu: 200m memory: 256Mi image: - repository:: bitnamilegacy/redis + repository: bitnamilegacy/redis # -- redis-ha ## Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml From 4bf740ebb67ce6f7bb645a2f874e10e9fc0d78b7 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 14:55:26 +0300 Subject: [PATCH 06/16] feat: update dependencies --- charts/codefresh/.ci/values/defaults.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/codefresh/.ci/values/defaults.yaml b/charts/codefresh/.ci/values/defaults.yaml index 4f7c5cc5f..a7bc671a6 100644 --- a/charts/codefresh/.ci/values/defaults.yaml +++ b/charts/codefresh/.ci/values/defaults.yaml @@ -103,3 +103,7 @@ hooks: rabbitmq: nodeSelector: kubernetes.io/arch: amd64 + +seed: + nodeSelector: + kubernetes.io/arch: amd64 From b605fd3af05777215c93097ca260299ffbcc530a Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 15:13:56 +0300 Subject: [PATCH 07/16] feat: update dependencies --- charts/codefresh/.ci/values/mtls-mongodb-redis.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml index 6ba0f60cb..782103e18 100644 --- a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -106,6 +106,8 @@ mongodb: caCert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGVENDQWYyZ0F3SUJBZ0lRZWVySXdOWkNpdyt1alRPdHZ2TEZLREFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwdGVVMXZibWR2TFdOaE1CNFhEVEl5TVRFd01qRTRNRFl6TWxvWERUTXlNVEF6TURFNApNRFl6TWxvd0ZURVRNQkVHQTFVRUF4TUtiWGxOYjI1bmJ5MWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTGxpV3dIVDQ5OWE0MzgrUWZjcExTNThVT2FsV3ArVXhkWVYwQjZkVTlFejlQSW4KTncydXZqNWtjN3RtU08xUk5ReEJRVjZpOHNBWHdQcTM1WlZYdTQ2OHhURkdHMXZBTWhrTkQ1OTJWd3JFNElCSgpTMm9XNEV6UWJPR3Fsd2ZBanNMZ1VlRjdBbHRuUEVNMjBSQ3hpMzhPNGY0VHZNZHpQamhIa2NNU2NMaHNhYjRlCjYrbVA0MFJBcEdLc2hwV2YwbnoyMXErWU83Zm4wNjVYd3dvUVBvL1BZa0FLdWNHZk1xRjltYXRCYWdUMlVwT0cKSFlRa2pzRW1zSmxEdkhsV1RBdzU2eFl4UU9UbUVWU2hkYzlKRDNmWEZEVkd6L1NVYkZXQTVualBLL0QvbXdpawppM0RaL0h6SUVEbXBJUElxRERsTGdIL3F6b3Jlb0NKMjB1YnlCb1VDQXdFQUFhTmhNRjh3RGdZRFZSMFBBUUgvCkJBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQVBCZ05WSFJNQkFmOEUKQlRBREFRSC9NQjBHQTFVZERnUVdCQlFXTWg5RDRiVkljRWQ2dVBOZ1RqWGpMWUpoSmpBTkJna3Foa2lHOXcwQgpBUXNGQUFPQ0FRRUFSUTBaV3F0dUlLWHNHTTJ4TW1Za0VJTHprckJySktiWXhIOFlCUEJFTjZZT09la0o2Q1FhCjQzZitmaHJlQ2o4NFdwSzdwckNEcjJYTmlHNHJlYjBrU2dYdmpyZUVBTzU0Q1FzelJwR0xUVjROMTBjTDdHUVoKaXd6OElGMXppTld4WXVXK29aSFRBQ2NMRkJkUnFFZWNSWUJXTU0vaDhZcldoWTRIaXlIMHp4UkRsOGNpU2ZOMApoa2lURzZQd0V0S29ZRWUwZ21OWXhkWFNzZ2FMZFlUMjNiMGJsMlB3OUdZdkJlWmFpZlZTbllDYmhmTDNPVkQxCjV6YnBXNHhmMEJyM0VGbStrUHh0SGxVR2FsUXdFb3NSVy9kWEpFWFVQTHNGb2xPRDRiR0xvblE4Z2VHcFVYVzQKR3prV0g5QTFXUlE4bWIxd0ZDTkZNVjgvUWxKams3MEJFUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" caKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdVdKYkFkUGozMXJqZno1Qjl5a3RMbnhRNXFWYW41VEYxaFhRSHAxVDBUUDA4aWMzCkRhNitQbVJ6dTJaSTdWRTFERUZCWHFMeXdCZkErcmZsbFZlN2pyekZNVVliVzhBeUdRMFBuM1pYQ3NUZ2dFbEwKYWhiZ1ROQnM0YXFYQjhDT3d1QlI0WHNDVzJjOFF6YlJFTEdMZnc3aC9oTzh4M00rT0VlUnd4Snd1R3hwdmg3cgo2WS9qUkVDa1lxeUdsWi9TZlBiV3I1Zzd0K2ZUcmxmRENoQStqODlpUUFxNXdaOHlvWDJacTBGcUJQWlNrNFlkCmhDU093U2F3bVVPOGVWWk1ERG5yRmpGQTVPWVJWS0YxejBrUGQ5Y1VOVWJQOUpSc1ZZRG1lTThyOFArYkNLU0wKY05uOGZNZ1FPYWtnOGlvTU9VdUFmK3JPaXQ2Z0luYlM1dklHaFFJREFRQUJBb0lCQUNIQ3JxNHJoMkVpclRGOApCZ2xiMzFXSzREVFF3aXN6cmIrcUkwZWdBU2FsSHFPR3pyallMTjh4N2YyZnlBSW4rdEFyaGhzVTg3NVYxUmdUCnEyVENJRzhESTZvd2lVVHhRRzVkZVkzaHdFSSt6bCt1ZVdSdG5CV0JFNE1aVFAzbGJGcEMvY1poWDNHRDRHNmgKS2Z1dlNhY3U3NnNVcnhsbmZGcEZkbDhmR1pZTUlOOUNZWHArWWVJZzRuYW5ZSFJsbk1LM05QSjIzZUVHdkpjeQpLdUZWNndIUzFlWmg1M0J0aWRlY3czcmFzZFhJWmMzdFJidlFid3lDbjZ5dVlING0vUXJzMVFUckp2dzdyWU1sCkxyZGxlZm5uWk9XNFNVc3dINkVCWmF3RC9FTFc4eFNORVhudUkzUFp0di9oRVVZd3RKOVdMbk0rRitzc21ldm8KaHVGMUI5VUNnWUVBMFBHSmc2U3N6dHlKNkhyM0tTaEhyN3h5eVVPOVJTK0N3LzBSV2cranJ3SGFlRGRIalpvKwpaYXhxWVdoRUR0aUZieWpJdWR2MFF1aUZhMHVObDUvMGl3YXR2Tm81RitNZWV3WGt1T0YraWE3RFdFODk0a2ZECkVqYXJYWUk3ZkpnTkdxVmthWUw1cGdGcmxpUDhkZDFkK0VlTWV4dmJadTdwYUZzaXBaZWs1NE1DZ1lFQTR5S0cKdzAyMHJTTGRwdlYyQmE2WG4zbFRXUW0wMFlOaVFuY0YrVjJXNm95RjREK2liRUppTUdUZzRESzZLVllNVElpNQpmaVV4WHlib0Fkd1hvTlpqMmhPWmhmMVZSa3g1WGIrOVorbDV3ZFlBMGR4RmV1ajBDakpmd3p1UTNuOUxZOWxlCnJSSi91SklkbHhKWkx2Z0RLZzdRZ2NuNkJCN2Y1Ujlwa1JKaTgxY0NnWUJYZ2xITnlOSjNjUFp4WDg3VWRnSlEKSCtVVFZrT1hEbWIrSHFkOXlMOE5OUUdEQitQMzhubmZxMjZDaldDenR3dHJtdkUycG1DUEJVT2J4SER3NkJWTApoT2lQQi9hUmdwWHBnSFppMkU1ZTY4cjAyWHRab2lTWkpEeHhWWElFcE1vWU50enZNK1BMR3gwc0xMWTN4eGJzClBVc2c1SEhua25nL05LdzJIbVQ2Y1FLQmdEaW9lQzFueU5ZWGlHc0pkL05hNWYrbDZDQ2h4elVzTE9xZmZpSUMKTW84M2xuMmw0Z0pYWE43dGl4cmlESVliTE40NmpPcm1wRFkwSWxPMGIwQnp1bHkvM3VBSm5hZjNrNTdMSVpnMgpLV1VzMk8rQW51UldEK29yUHJBWXY3NkF5bkdSMjRnWXdUdHRWMnhENjNOSDhxSWZKK3Y0VWlHTkFoVEpqUy9mCkFrZnBBb0dBQ0pRS0lOU0hZOWN2RGZseWNWNmRCcndGS0hRb3oyZGg5Z0EvSjBGazYyc0VrNDY1SUtINm96VDQKQTlSZi8yMHBLZG40dmRnTktJQ3R1cUNKN1JIMC82bVRZWXUwSEJTWHo1elZIdWczTHpFbGxOdVB4MnRhc0x0MgpjdElsVkVrdk96L1hCa3BMVUE2TDlaR01Ha2tyeUJoNEdXd2FCajBHeldUQ2JMUGZ3N3c9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" mode: allowTLS + image: + repository: bitnamilegacy/nginx redis: tls: From 66941612c59a82932bd343f000b61e75d3af85b4 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 15:33:32 +0300 Subject: [PATCH 08/16] feat: update dependencies --- charts/codefresh/.ci/values/mtls-mongodb-redis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml index 782103e18..04dd0bb92 100644 --- a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -1,6 +1,6 @@ seed: mongoSeedJob: - mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin + enabled: false global: appUrl: "" # placeholder for ${CF_APP_HOST} From e5b30441ba51dd95f1e3b141c483cfa5881dd9bf Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 15:49:27 +0300 Subject: [PATCH 09/16] feat: update dependencies --- charts/codefresh/.ci/values/mtls-mongodb-redis.yaml | 2 +- charts/codefresh/templates/_env_var_secret_ref.tpl | 4 +++- charts/codefresh/templates/secrets/secret.yaml | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml index 04dd0bb92..782103e18 100644 --- a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -1,6 +1,6 @@ seed: mongoSeedJob: - enabled: false + mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin global: appUrl: "" # placeholder for ${CF_APP_HOST} diff --git a/charts/codefresh/templates/_env_var_secret_ref.tpl b/charts/codefresh/templates/_env_var_secret_ref.tpl index b0881ca05..175e70670 100644 --- a/charts/codefresh/templates/_env_var_secret_ref.tpl +++ b/charts/codefresh/templates/_env_var_secret_ref.tpl @@ -73,7 +73,9 @@ MONGO_SEED_URI env var value {{- /* Check for legacy global.mongoURI */}} - {{- if .Values.global.mongoURI }} + {{- if .Values.seed.mongoSeedJob.mongodbRootURI }} +value: "$(MONGO_ROOT_URI)" + {{- else if .Values.global.mongoURI }} value: "$(MONGO_URI)" {{- /* New secret implementation diff --git a/charts/codefresh/templates/secrets/secret.yaml b/charts/codefresh/templates/secrets/secret.yaml index e0fa81259..47b509e78 100644 --- a/charts/codefresh/templates/secrets/secret.yaml +++ b/charts/codefresh/templates/secrets/secret.yaml @@ -19,7 +19,8 @@ data: # legacy MONGODB_* secrets MONGODB_ROOT_USER: {{ coalesce .Values.global.mongodbRootUser .Values.seed.mongoSeedJob.mongodbRootUser | b64enc }} MONGODB_ROOT_PASSWORD: {{ urlquery (coalesce .Values.global.mongodbRootPassword .Values.seed.mongoSeedJob.mongodbRootPassword) | b64enc }} - MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc}} + MONGO_URI: {{ .Values.global.mongoURI | default "empty" | b64enc }} + MONGO_ROOT_URI: {{ coalesce .Values.seed.mongoSeedJob.mongodbRootURI | default "empty" | b64enc }} MONGO_URI_RE_MANAGER: {{ include (printf "%s.classic.calculateMongoUri" $libTemplateName) (dict "dbName" "runtime-environment-manager" "mongoURI" .Values.global.mongoURI) | default "empty" | b64enc }} MONGODB_RE_DATABASE: {{ printf "%s" "runtime-environment-manager" | b64enc }} From 694d54ec9f3b4d91dd4e21785977a71d22e3bfb4 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 15:58:48 +0300 Subject: [PATCH 10/16] feat: update dependencies --- charts/codefresh/.ci/values/mtls-mongodb-redis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml index 782103e18..fbf13a8a8 100644 --- a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -1,6 +1,6 @@ seed: mongoSeedJob: - mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin + mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017 global: appUrl: "" # placeholder for ${CF_APP_HOST} From 75a432da984a95912b0c47f35030c0d060765940 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 16:11:39 +0300 Subject: [PATCH 11/16] feat: update dependencies --- charts/codefresh/files/mongoSeedJobScript.sh | 47 +++++++++++++------ .../templates/seed/mongo-seed-job.yaml | 31 +++++++++--- 2 files changed, 57 insertions(+), 21 deletions(-) diff --git a/charts/codefresh/files/mongoSeedJobScript.sh b/charts/codefresh/files/mongoSeedJobScript.sh index 3bcaf6f98..24d54aa6d 100644 --- a/charts/codefresh/files/mongoSeedJobScript.sh +++ b/charts/codefresh/files/mongoSeedJobScript.sh @@ -15,6 +15,7 @@ COMMENT # set -eou pipefail ASSETS_PATH=${ASSETS_PATH:-/usr/share/extras/} +MTLS_CERT_PATH=${MTLS_CERT_PATH:-/etc/ssl/mongodb/ca.pem} MONGODB_DATABASES=( "archive" @@ -37,7 +38,7 @@ disableMongoTelemetry() { waitForMongoDB() { while true; do - status=$(mongosh ${MONGODB_ROOT_URI} --eval "db.adminCommand('ping')" 2>&1) + status=$(mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.adminCommand('ping')" 2>&1) echo -e "MongoDB status:\n$status" if $(echo $status | grep 'ok: 1' -q); then @@ -54,12 +55,22 @@ parseMongoURI() { local parameters="$(echo $1 | grep '?' | cut -d '?' -f2)"; if [[ -n $parameters ]]; then parameters="?${parameters}"; fi local url="$(echo ${1/$proto/})" local userpass="$(echo $url | grep @ | cut -d@ -f1)" - local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + if [[ -z $userpass ]]; then + local hostport="$(echo $url | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGO_URI="$proto$hostport/${MONGODB_DATABASE}$parameters" + else + local hostport="$(echo $url | sed s/$userpass// | sed "s/\/\?$parameters//" | sed -re "s/\/\?|@//g" | sed 's/\/$//')" + MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" + MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" + MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" + fi + + if [[ -z $MONGODB_ROOT_OPTIONS ]]; then + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" + else + MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin?${MONGODB_ROOT_OPTIONS}" + fi - MONGODB_PASSWORD="$(echo $userpass | grep : | cut -d: -f2)" - MONGODB_USER="$(echo $userpass | grep : | cut -d: -f1)" - MONGO_URI="$proto$userpass@$hostport/${MONGODB_DATABASE}$parameters" - MONGODB_ROOT_URI="$proto${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$hostport/admin$parameters" } getMongoVersion() { @@ -68,6 +79,14 @@ getMongoVersion() { parseMongoURI $MONGO_URI +if [[ -s ${MTLS_CERT_PATH} ]]; then + MONGO_URI_EXTRA_PARAMS="--tls --tlsCertificateKeyFile ${MTLS_CERT_PATH} --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates" + MONGOIMPORT_EXTRA_PARAMS="--ssl --sslPEMKeyFile ${MTLS_CERT_PATH} --sslAllowInvalidHostnames --sslAllowInvalidCertificates" +else + MONGO_URI_EXTRA_PARAMS="" + MONGOIMPORT_EXTRA_PARAMS="" +fi + disableMongoTelemetry waitForMongoDB @@ -76,15 +95,15 @@ getMongoVersion for MONGODB_DATABASE in ${MONGODB_DATABASES[@]}; do waitForMongoDB - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").createUser({user: \"${MONGODB_USER}\", pwd: \"${MONGODB_PASSWORD}\", roles: [\"readWrite\"]})" 2>&1 || true waitForMongoDB - mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true + mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"${MONGODB_DATABASE}\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true done -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true -mongosh ${MONGODB_ROOT_URI} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"pipeline-manager\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true +mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true -mongoimport --uri ${MONGO_URI} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json -mongoimport --uri ${MONGO_URI} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json -mongoimport --uri ${MONGO_URI} --collection users --type json --legacy --file ${ASSETS_PATH}users.json +mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json +mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json +mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json diff --git a/charts/codefresh/templates/seed/mongo-seed-job.yaml b/charts/codefresh/templates/seed/mongo-seed-job.yaml index 85a8c3eca..66f3c49d1 100644 --- a/charts/codefresh/templates/seed/mongo-seed-job.yaml +++ b/charts/codefresh/templates/seed/mongo-seed-job.yaml @@ -2,6 +2,15 @@ {{ $context := deepCopy .Values.seed }} --- {{- if and .Values.seed.enabled (or .Values.global.seedJobs .Values.seed.mongoSeedJob.enabled) }} +{{- $tolerations := .Values.seed.tolerations | default list }} +{{- $globalTolerations := .Values.global.tolerations | default list }} +{{- $allToleration := concat $globalTolerations $tolerations }} +{{- $affinity := .Values.seed.affinity | default dict }} +{{- $globalAffinity := .Values.global.affinity | default dict }} +{{- $allAffinity := mergeOverwrite $globalAffinity $affinity }} +{{- $nodeSelector := .Values.seed.nodeSelector | default dict }} +{{- $globalNodeSelector := .Values.global.nodeSelector | default dict }} +{{- $allNodeSelector := mergeOverwrite $globalNodeSelector $nodeSelector }} apiVersion: batch/v1 kind: Job metadata: @@ -21,10 +30,7 @@ spec: labels: {{ include "codefresh.labels" . | nindent 8 }} spec: - {{- if .Values.global.imageRegistry }} - imagePullSecrets: - - name: "{{ .Release.Name }}-{{ .Values.global.codefresh }}-registry" - {{- end }} + {{- include (printf "%s.image.pullSecrets" $libTemplateName ) . | nindent 6 }} securityContext: {{- toYaml .Values.seed.podSecurityContext | nindent 8 }} containers: @@ -46,6 +52,17 @@ spec: {{- include "codefresh.mongodb-root-user-env-var-value" . | indent 12 }} - name: MONGODB_ROOT_PASSWORD {{- include "codefresh.mongodb-root-password-env-var-value" . | indent 12 }} + - name: MONGODB_ROOT_OPTIONS + value: {{ .Values.seed.mongoSeedJob.mongodbRootOptions | quote }} + {{- range $env, $val := .Values.seed.mongoSeedJob.env }} + - name: {{ $env }} + value: {{ $val | quote }} + {{ end }} + {{- range $env, $val := .Values.global.env }} + - name: {{ $env }} + value: {{ $val | quote }} + {{ end }} + command: - "/bin/bash" - "-exc" @@ -64,15 +81,15 @@ spec: mountPath: "/usr/share/extras/idps.json" subPath: "idps.json" {{- include (printf "%s.volumeMounts" $libTemplateName) ( dict "Values" .Values.seed.volumeMounts "context" $ ) | nindent 8 }} - {{- with .Values.seed.nodeSelector }} + {{- with $allNodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.affinity }} + {{- with $allAffinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.seed.tolerations }} + {{- with $allToleration }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} From 5f312bcc373e72a96035ce23f378971919fd9c12 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 16:47:30 +0300 Subject: [PATCH 12/16] feat: update dependencies --- charts/codefresh/.ci/values/mtls-mongodb-redis.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml index fbf13a8a8..698eb70f2 100644 --- a/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml +++ b/charts/codefresh/.ci/values/mtls-mongodb-redis.yaml @@ -1,6 +1,8 @@ seed: mongoSeedJob: - mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017 + mongodbRootURI: mongodb://root:XT9nmM8dZDZ@cf-mongodb:27017/?authSource=admin + mongodbRootOptions: authSource=admin + mongodbRootPassword: XT9nmM8dZDZ global: appUrl: "" # placeholder for ${CF_APP_HOST} From 118c5eb69df4165ab74c673d677d0592101f2b54 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 16:56:07 +0300 Subject: [PATCH 13/16] feat: update dependencies --- charts/codefresh/files/mongoSeedJobScript.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/codefresh/files/mongoSeedJobScript.sh b/charts/codefresh/files/mongoSeedJobScript.sh index 24d54aa6d..54589f60c 100644 --- a/charts/codefresh/files/mongoSeedJobScript.sh +++ b/charts/codefresh/files/mongoSeedJobScript.sh @@ -104,6 +104,6 @@ mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\" mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").grantRolesToUser( \"${MONGODB_USER}\", [ { role: \"readWrite\", db: \"platform-analytics-postgres\" } ] )" 2>&1 || true mongosh ${MONGODB_ROOT_URI} ${MONGO_URI_EXTRA_PARAMS} --eval "db.getSiblingDB(\"codefresh\").changeUserPassword(\"${MONGODB_USER}\",\"${MONGODB_PASSWORD}\")" 2>&1 || true -mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json -mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json -mongoimport --uri ${MONGO_URI} ${MONGO_URI_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection idps --type json --legacy --file ${ASSETS_PATH}idps.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection accounts --type json --legacy --file ${ASSETS_PATH}accounts.json +mongoimport --uri ${MONGO_URI} ${MONGOIMPORT_EXTRA_PARAMS} --collection users --type json --legacy --file ${ASSETS_PATH}users.json From d250efcab67e9a98b4e433d2e538eb85cda6eb27 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 18:41:36 +0300 Subject: [PATCH 14/16] feat: update dependencies --- charts/codefresh/.ci/values/defaults.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/charts/codefresh/.ci/values/defaults.yaml b/charts/codefresh/.ci/values/defaults.yaml index a7bc671a6..ea3367193 100644 --- a/charts/codefresh/.ci/values/defaults.yaml +++ b/charts/codefresh/.ci/values/defaults.yaml @@ -96,6 +96,15 @@ rabbitmq: image: repository: bitnamilegacy/rabbitmq +redis: + image: + repository: bitnamilegacy/redis + +cf-platform-analytics-platform: + redis: + image: + repository: bitnamilegacy/redis + hooks: mongodb: nodeSelector: From 645c606e90c66859ec2810a668ab603922ce46e6 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 18:58:30 +0300 Subject: [PATCH 15/16] feat: update dependencies --- charts/codefresh/templates/secrets/regsecret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/codefresh/templates/secrets/regsecret.yaml b/charts/codefresh/templates/secrets/regsecret.yaml index ebb707c0e..1d9957991 100644 --- a/charts/codefresh/templates/secrets/regsecret.yaml +++ b/charts/codefresh/templates/secrets/regsecret.yaml @@ -1,5 +1,5 @@ {{ $name := printf "%v-%v-%v" .Release.Name .Values.global.codefresh "registry" }} - {{- if .Values.imageCredentials }} + {{- if .Values.imageCredentials.password }} --- apiVersion: v1 kind: Secret From 9834deb959ee22cfff856840ecaca448662be33e Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 1 Dec 2025 19:06:35 +0300 Subject: [PATCH 16/16] feat: update dependencies --- charts/codefresh/templates/secrets/regsecret.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/codefresh/templates/secrets/regsecret.yaml b/charts/codefresh/templates/secrets/regsecret.yaml index 1d9957991..3ccfdc905 100644 --- a/charts/codefresh/templates/secrets/regsecret.yaml +++ b/charts/codefresh/templates/secrets/regsecret.yaml @@ -1,5 +1,4 @@ {{ $name := printf "%v-%v-%v" .Release.Name .Values.global.codefresh "registry" }} - {{- if .Values.imageCredentials.password }} --- apiVersion: v1 kind: Secret @@ -21,5 +20,4 @@ metadata: type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ include "codefresh.imagePullSecret" . }} - {{- end }} {{- end }}