diff --git a/.github/workflows/component-test.yaml b/.github/workflows/component-test.yaml index 3df1f97d8..1347db0fd 100644 --- a/.github/workflows/component-test.yaml +++ b/.github/workflows/component-test.yaml @@ -5,15 +5,9 @@ on: push: branches: - main - paths-ignore: - - "*.md" - - charts/** pull_request: branches: - main - paths-ignore: - - "*.md" - - charts/** jobs: component-test: diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index 87f386914..b3db273f1 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -19,29 +19,29 @@ annotations: - kind: changed description: 'chore(app-proxy): update cap-app-proxy image tags to 1.3727.0 (#692) - fix: remote-cluster application fails to sync due to its project' dependencies: - - name: argo-cd - repository: https://codefresh-io.github.io/argo-helm - condition: argo-cd.enabled - version: 8.0.6-6-cap-v3.0.2-2025-07-06-e9fc72a9 - - name: argo-events - repository: https://codefresh-io.github.io/argo-helm - version: 2.4.8-cap-CR-29689 - - name: argo-workflows - repository: https://codefresh-io.github.io/argo-helm - version: 0.45.15-v3.6.7-cap-CR-28355 - condition: argo-workflows.enabled - - name: argo-rollouts - repository: https://codefresh-io.github.io/argo-helm - version: 2.37.3-6-v1.7.2-cap-CR-29629 - condition: argo-rollouts.enabled - - name: sealed-secrets - repository: https://bitnami-labs.github.io/sealed-secrets/ - version: 2.17.2 - - name: codefresh-tunnel-client - repository: oci://quay.io/codefresh/charts - version: 0.1.21 - alias: tunnel-client - condition: tunnel-client.enabled - - name: cf-common - repository: oci://quay.io/codefresh/charts - version: 0.27.0 +- name: argo-cd + repository: https://codefresh-io.github.io/argo-helm + condition: argo-cd.enabled + version: 8.0.6-8-cap-v3.0.2-2025-08-12-9c8dfae9 +- name: argo-events + repository: https://codefresh-io.github.io/argo-helm + version: 2.4.8-cap-CR-29689 +- name: argo-workflows + repository: https://codefresh-io.github.io/argo-helm + version: 0.45.15-v3.6.7-cap-CR-28355 + condition: argo-workflows.enabled +- name: argo-rollouts + repository: https://codefresh-io.github.io/argo-helm + version: 2.37.3-6-v1.7.2-cap-CR-29629 + condition: argo-rollouts.enabled +- name: sealed-secrets + repository: https://bitnami-labs.github.io/sealed-secrets/ + version: 2.17.2 +- name: codefresh-tunnel-client + repository: oci://quay.io/codefresh/charts + version: 0.1.21 + alias: tunnel-client + condition: tunnel-client.enabled +- name: cf-common + repository: oci://quay.io/codefresh/charts + version: 0.27.0 diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md index a5678d955..4dbb4fb58 100644 --- a/charts/gitops-runtime/README.md +++ b/charts/gitops-runtime/README.md @@ -189,6 +189,154 @@ sealed-secrets: enabled: false ``` +## High Availability + +This chart installs the non-HA version of GitOps Runtime by default. If you want to run GitOps Runtime in HA mode, you can use the example values below: + +> **Warning:** +> You need at least 3 worker nodes for HA mode + +### HA mode with autoscaling + +```yaml +global: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + +app-proxy: + replicaCount: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: cap-app-proxy + +gitops-operator: + replicaCount: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: gitops-operator + +internal-router: + replicaCount: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: internal-router + +cf-argocd-extras: + sourcesServer: + hpa: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/component: sources-server + eventReporter: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/component: event-reporter + +argo-cd: + redis-ha: + enabled: true + + controller: + replicas: 1 + + server: + autoscaling: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + + repoServer: + autoscaling: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + + applicationSet: + replicas: 2 + +argo-workflows: + controller: + replicas: 2 + pdb: + enabled: true + minAvailable: 1 + server: + autoscaling: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + +event-reporters: + workflow: + sensor: + replicas: 2 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: sensor-name + operator: In + values: + - workflow-reporter + topologyKey: "kubernetes.io/hostname" + rollout: + sensor: + replicas: 2 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: sensor-name + operator: In + values: + - rollout-reporter + topologyKey: "kubernetes.io/hostname" +``` + ## Upgrading ### To >=0.23.3 @@ -261,14 +409,14 @@ gitops-operator: | app-proxy.image-enrichment.serviceAccount.name | string | `"codefresh-image-enrichment-sa"` | Name of the service account to create or the name of the existing one to use | | app-proxy.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.image.repository | string | `"quay.io/codefresh/cap-app-proxy"` | | -| app-proxy.image.tag | string | `"1.3727.0"` | | +| app-proxy.image.tag | string | `"1.3706.0"` | | | app-proxy.imagePullSecrets | list | `[]` | | | app-proxy.initContainer.command[0] | string | `"./init.sh"` | | | app-proxy.initContainer.env | object | `{}` | | | app-proxy.initContainer.extraVolumeMounts | list | `[]` | Extra volume mounts for init container | | app-proxy.initContainer.image.pullPolicy | string | `"IfNotPresent"` | | | app-proxy.initContainer.image.repository | string | `"quay.io/codefresh/cap-app-proxy-init"` | | -| app-proxy.initContainer.image.tag | string | `"1.3727.0"` | | +| app-proxy.initContainer.image.tag | string | `"1.3706.0"` | | | app-proxy.initContainer.resources.limits | object | `{}` | | | app-proxy.initContainer.resources.requests.cpu | string | `"0.2"` | | | app-proxy.initContainer.resources.requests.memory | string | `"256Mi"` | | @@ -429,7 +577,7 @@ gitops-operator: | gitops-operator.fullnameOverride | string | `""` | | | gitops-operator.image.registry | string | `"quay.io"` | defaults | | gitops-operator.image.repository | string | `"codefresh/codefresh-gitops-operator"` | | -| gitops-operator.image.tag | string | `"v0.10.2"` | | +| gitops-operator.image.tag | string | `"v0.11.1"` | | | gitops-operator.imagePullSecrets | list | `[]` | | | gitops-operator.nameOverride | string | `""` | | | gitops-operator.nodeSelector | object | `{}` | | diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl index 1dd14fdf9..f4fa62e94 100644 --- a/charts/gitops-runtime/README.md.gotmpl +++ b/charts/gitops-runtime/README.md.gotmpl @@ -193,6 +193,154 @@ sealed-secrets: enabled: false ``` +## High Availability + +This chart installs the non-HA version of GitOps Runtime by default. If you want to run GitOps Runtime in HA mode, you can use the example values below: + +> **Warning:** +> You need at least 3 worker nodes for HA mode + +### HA mode with autoscaling + +```yaml +global: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + +app-proxy: + replicaCount: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: cap-app-proxy + +gitops-operator: + replicaCount: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: gitops-operator + +internal-router: + replicaCount: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: internal-router + +cf-argocd-extras: + sourcesServer: + hpa: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/component: sources-server + eventReporter: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/component: event-reporter + +argo-cd: + redis-ha: + enabled: true + + controller: + replicas: 1 + + server: + autoscaling: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + + repoServer: + autoscaling: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + + applicationSet: + replicas: 2 + +argo-workflows: + controller: + replicas: 2 + pdb: + enabled: true + minAvailable: 1 + server: + autoscaling: + enabled: true + minReplicas: 2 + pdb: + enabled: true + minAvailable: 1 + +event-reporters: + workflow: + sensor: + replicas: 2 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: sensor-name + operator: In + values: + - workflow-reporter + topologyKey: "kubernetes.io/hostname" + rollout: + sensor: + replicas: 2 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: sensor-name + operator: In + values: + - rollout-reporter + topologyKey: "kubernetes.io/hostname" +``` + ## Upgrading ### To >=0.23.3 diff --git a/charts/gitops-runtime/values-ha.yaml b/charts/gitops-runtime/values-ha.yaml index 655ada8de..8b84a3d55 100644 --- a/charts/gitops-runtime/values-ha.yaml +++ b/charts/gitops-runtime/values-ha.yaml @@ -5,8 +5,7 @@ global: whenUnsatisfiable: DoNotSchedule app-proxy: - # -- Set to 1 until https://codefresh-io.atlassian.net/browse/CR-29338 is resolved - replicaCount: 1 + replicaCount: 2 pdb: enabled: true minAvailable: 1 diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index f4ce382c1..f22951288 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -563,14 +563,14 @@ app-proxy: tag: 1.1.15-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3727.0 + tag: 1.3718.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3727.0 + tag: 1.3718.0 pullPolicy: IfNotPresent command: - ./init.sh @@ -725,7 +725,7 @@ gitops-operator: # -- defaults registry: quay.io repository: codefresh/codefresh-gitops-operator - tag: v0.10.2 + tag: 58625b8 serviceAccount: create: true annotations: {} diff --git a/tests/component-tests/setup/mocks/platform-mocks.json b/tests/component-tests/setup/mocks/platform-mocks.json index 26b4da51c..24b306ac9 100644 --- a/tests/component-tests/setup/mocks/platform-mocks.json +++ b/tests/component-tests/setup/mocks/platform-mocks.json @@ -177,7 +177,7 @@ "method": "POST", "path": "/2.0/api/graphql", "body": { - "query": "\n query me {\n me {\n runtimeName\n activeAccount {\n id\n name\n gitProvider\n gitApiUrl\n sharedConfigRepo\n }\n }\n }\n" + "query": "\n query me {\n me {\n runtimeName\n activeAccount {\n id\n name\n gitProvider\n gitApiUrl\n sharedConfigRepo\n csdpValidated\n }\n }\n }\n" } }, "httpResponse": { @@ -191,7 +191,8 @@ "name": "local", "gitProvider": "GITHUB", "gitApiUrl": "http://mockserver.mockserver:1080", - "sharedConfigRepo": "http://gitea-http.gitea:3000/test-owner/codefresh-isc" + "sharedConfigRepo": "http://gitea-http.gitea:3000/test-owner/codefresh-isc", + "csdpValidated": true } } }