From 1a9ae3c686f3720fe7275605017220a4a046b4b3 Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Wed, 29 Oct 2025 16:13:22 +0300 Subject: [PATCH 1/8] chore: venona patch --- charts/cf-runtime/.ci/values-rootless.yaml | 4 ++-- charts/cf-runtime/Chart.yaml | 8 ++++++-- charts/cf-runtime/values-rootless.yaml | 4 ++-- charts/cf-runtime/values.yaml | 24 +++++++++++----------- 4 files changed, 22 insertions(+), 18 deletions(-) diff --git a/charts/cf-runtime/.ci/values-rootless.yaml b/charts/cf-runtime/.ci/values-rootless.yaml index ed84e694..333ecb7d 100644 --- a/charts/cf-runtime/.ci/values-rootless.yaml +++ b/charts/cf-runtime/.ci/values-rootless.yaml @@ -16,8 +16,8 @@ volumeProvisioner: runtime: dind: image: - tag: 28.5.1-3.0.4-rootless - digest: sha256:f41a83414a4befefef4b594f97770a144160370dec111a8d0ffb217cefa68287 + tag: 28.5.1-3.0.5-rootless + digest: sha256:49d77f61e754db1329c7969cc20d2e6b6d034faa33b7303835eff318223e85ed userVolumeMounts: dind: name: dind diff --git a/charts/cf-runtime/Chart.yaml b/charts/cf-runtime/Chart.yaml index 22a85fcc..5adbb0e6 100644 --- a/charts/cf-runtime/Chart.yaml +++ b/charts/cf-runtime/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for Codefresh Runner name: cf-runtime -version: 8.3.14 +version: 8.3.15 keywords: - codefresh - runner @@ -17,8 +17,12 @@ annotations: artifacthub.io/containsSecurityUpdates: "true" # Supported kinds: `added`, `changed`, `deprecated`, `removed`, `fixed`, `security`: artifacthub.io/changes: | + - kind: changed + description: "Update \"engine\" to 1.180.6" + - kind: fixed + description: "Fix an issue that prevented the Docker metrics collector from shutting down gracefully" - kind: security - description: "Security fixes in dind, engine, cf-cosign-image-signer, cf-container-logger, cf-docker-puller and cf-docker-pusher." + description: "Security fixes in dind, engine, cf-debugger and cli" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/charts/cf-runtime/values-rootless.yaml b/charts/cf-runtime/values-rootless.yaml index 88f7e8d7..d5d0b399 100644 --- a/charts/cf-runtime/values-rootless.yaml +++ b/charts/cf-runtime/values-rootless.yaml @@ -19,8 +19,8 @@ volumeProvisioner: runtime: dind: image: - tag: 28.5.1-3.0.4-rootless - digest: sha256:f41a83414a4befefef4b594f97770a144160370dec111a8d0ffb217cefa68287 + tag: 28.5.1-3.0.5-rootless + digest: sha256:49d77f61e754db1329c7969cc20d2e6b6d034faa33b7303835eff318223e85ed userVolumeMounts: dind: name: dind diff --git a/charts/cf-runtime/values.yaml b/charts/cf-runtime/values.yaml index 551f5c33..8e71c5e6 100644 --- a/charts/cf-runtime/values.yaml +++ b/charts/cf-runtime/values.yaml @@ -81,8 +81,8 @@ runner: image: registry: quay.io repository: codefresh/cli - tag: 0.89.3-rootless - digest: sha256:bbf49935b078eb0f282fec4ff674eea55f880b101809c6415e3ead7a0c729261 + tag: 0.89.5-rootless + digest: sha256:5ee4232a14d1dd81e47e95dc5f7c06f27a24c3d6936f988f157833ea93e1ab6c resources: limits: memory: 512Mi @@ -401,9 +401,9 @@ runtime: image: registry: quay.io repository: codefresh/dind - tag: 28.5.1-3.0.4 # use `latest-rootless/rootless/28.5.1-3.0.4-rootless` tags for rootless-dind + tag: 28.5.1-3.0.5 # use `latest-rootless/rootless/28.5.1-3.0.5-rootless` tags for rootless-dind pullPolicy: IfNotPresent - digest: sha256:89c9239f6692f81b2cbdb52554f3d4dbd25a8a5b476dd653837125a7d327f1c9 + digest: sha256:3d823bcbdf7437fc4262f5b307e1ba2d0fa0c59afd43cbd0ad74198d11868d1c # -- Set dind resources. resources: requests: null @@ -505,9 +505,9 @@ runtime: image: registry: quay.io repository: codefresh/engine - tag: 1.180.4 + tag: 1.180.6 pullPolicy: IfNotPresent - digest: sha256:26f19b68bf18081c73d41d5da92a6e638a2c69abe857f7470bc37ee06a030237 + digest: sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84 # -- Set container command. command: - npm @@ -576,8 +576,8 @@ runtime: pipeline-debugger: registry: quay.io repository: codefresh/cf-debugger - tag: 1.3.10 - digest: sha256:61eba0921344478f7e124e957b4eedcc8fea09ae562ee1f5e18773a93d66acd2 + tag: 1.3.11 + digest: sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f template-engine: registry: quay.io repository: codefresh/pikolo @@ -765,8 +765,8 @@ runtime: image: registry: quay.io repository: codefresh/cli - tag: 0.89.3-rootless - digest: sha256:bbf49935b078eb0f282fec4ff674eea55f880b101809c6415e3ead7a0c729261 + tag: 0.89.5-rootless + digest: sha256:5ee4232a14d1dd81e47e95dc5f7c06f27a24c3d6936f988f157833ea93e1ab6c rbac: enabled: true annotations: {} @@ -787,8 +787,8 @@ runtime: image: registry: quay.io repository: codefresh/cli - tag: 0.89.3-rootless - digest: sha256:bbf49935b078eb0f282fec4ff674eea55f880b101809c6415e3ead7a0c729261 + tag: 0.89.5-rootless + digest: sha256:5ee4232a14d1dd81e47e95dc5f7c06f27a24c3d6936f988f157833ea93e1ab6c affinity: {} nodeSelector: {} podSecurityContext: {} From 1c4ea75a6ca630100eb38848a239819eab405c04 Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Wed, 29 Oct 2025 16:19:59 +0300 Subject: [PATCH 2/8] chore: update README.md --- charts/cf-runtime/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/cf-runtime/README.md b/charts/cf-runtime/README.md index 48dfe2a2..d2ebabad 100644 --- a/charts/cf-runtime/README.md +++ b/charts/cf-runtime/README.md @@ -1,6 +1,6 @@ ## Codefresh Runner -![Version: 8.3.14](https://img.shields.io/badge/Version-8.3.14-informational?style=flat-square) +![Version: 8.3.15](https://img.shields.io/badge/Version-8.3.15-informational?style=flat-square) Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/installation/codefresh-runner/) to Kubernetes. @@ -1282,7 +1282,7 @@ Install the Helm chart | runner.enabled | bool | `true` | Enable the runner | | runner.env | object | `{}` | Add additional env vars | | runner.image | object | `{"digest":"sha256:96a8696ab418c3327e2e5fcf8ab08359b332167ef750b543ddd245ac4270153f","registry":"quay.io","repository":"codefresh/venona","tag":"2.0.7"}` | Set image | -| runner.init | object | `{"image":{"digest":"sha256:bbf49935b078eb0f282fec4ff674eea55f880b101809c6415e3ead7a0c729261","registry":"quay.io","repository":"codefresh/cli","tag":"0.89.3-rootless"},"resources":{"limits":{"cpu":"1","memory":"512Mi"},"requests":{"cpu":"0.2","memory":"256Mi"}}}` | Init container | +| runner.init | object | `{"image":{"digest":"sha256:5ee4232a14d1dd81e47e95dc5f7c06f27a24c3d6936f988f157833ea93e1ab6c","registry":"quay.io","repository":"codefresh/cli","tag":"0.89.5-rootless"},"resources":{"limits":{"cpu":"1","memory":"512Mi"},"requests":{"cpu":"0.2","memory":"256Mi"}}}` | Init container | | runner.name | string | `""` | Set runner deployment name | | runner.nodeSelector | object | `{}` | Set node selector | | runner.podAnnotations | object | `{}` | Set pod annotations | @@ -1303,7 +1303,7 @@ Install the Helm chart | runtime.accounts | list | `[]` | (for On-Premise only) Assign accounts to runtime (list of account ids) | | runtime.agent | bool | `true` | (for On-Premise only) Enable agent | | runtime.description | string | `""` | Runtime description | -| runtime.dind | object | `{"affinity":{},"containerSecurityContext":{},"env":{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"},"image":{"digest":"sha256:89c9239f6692f81b2cbdb52554f3d4dbd25a8a5b476dd653837125a7d327f1c9","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.1-3.0.4"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"pvcs":{"dind":{"annotations":{},"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":30,"tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{},"volumePermissions":{"enabled":false,"image":{"digest":"sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f","registry":"docker.io","repository":"alpine","tag":3.18},"resources":{},"securityContext":{"runAsUser":0}}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). | +| runtime.dind | object | `{"affinity":{},"containerSecurityContext":{},"env":{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"},"image":{"digest":"sha256:3d823bcbdf7437fc4262f5b307e1ba2d0fa0c59afd43cbd0ad74198d11868d1c","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.1-3.0.5"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"pvcs":{"dind":{"annotations":{},"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":30,"tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{},"volumePermissions":{"enabled":false,"image":{"digest":"sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f","registry":"docker.io","repository":"alpine","tag":3.18},"resources":{},"securityContext":{"runAsUser":0}}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). | | runtime.dind.affinity | object | `{}` | Set affinity | | runtime.dind.containerSecurityContext | object | `{}` | Set container security context. | | runtime.dind.env | object | `{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"}` | Set additional env vars. | @@ -1314,7 +1314,7 @@ Install the Helm chart | runtime.dind.env.IMAGE_RETAIN_PERIOD | string | `"14400"` | Do not delete Docker images if they have events newer than `NOW minus IMAGE_RETAIN_PERIOD` | | runtime.dind.env.INODES_USAGE_THRESHOLD | string | `"0.8"` | Run cleanup if current inodes usage exceeds INODES_USAGE_THRESHOLD | | runtime.dind.env.VOLUMES_RETAIN_PERIOD | string | `"14400"` | Do not delete Docker volumes if they have events newer than `NOW minus VOLUMES_RETAIN_PERIOD` | -| runtime.dind.image | object | `{"digest":"sha256:89c9239f6692f81b2cbdb52554f3d4dbd25a8a5b476dd653837125a7d327f1c9","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.1-3.0.4"}` | Set dind image. | +| runtime.dind.image | object | `{"digest":"sha256:3d823bcbdf7437fc4262f5b307e1ba2d0fa0c59afd43cbd0ad74198d11868d1c","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.1-3.0.5"}` | Set dind image. | | runtime.dind.nodeSelector | object | `{}` | Set node selector. | | runtime.dind.podAnnotations | object | `{}` | Set pod annotations. | | runtime.dind.podLabels | object | `{}` | Set pod labels. | @@ -1335,7 +1335,7 @@ Install the Helm chart | runtime.dind.userVolumeMounts | object | `{}` | Add extra volume mounts | | runtime.dind.userVolumes | object | `{}` | Add extra volumes | | runtime.dindDaemon | object | See below | DinD pod daemon config | -| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:26f19b68bf18081c73d41d5da92a6e638a2c69abe857f7470bc37ee06a030237","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.4"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.6"},"container-logger":{"digest":"sha256:e2ccf1aab9dc118d91a449843842f5d19b4cd25731b5409de412b4ade7a2a524","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.13.3"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:3b87e3e4bd7ab76d94ca4dbee63317085a2e2e45779214ec3e42c5049ec2fbf8","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.9"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:70d53821b9314d88e3571dfb096e8f577caf3e4c2199253621b8d0c85d20b8ad","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.10"},"gc-builder":{"digest":"sha256:383306f0775d70776f26284176c5cebd21784b371defecbf96e99b0b7bafe058","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.5"},"git-cloner":{"digest":"sha256:91c36338bc191b6c17111bc9672302fece527b5d6a545173b889c70e31efafc9","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.3"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:61eba0921344478f7e124e957b4eedcc8fea09ae562ee1f5e18773a93d66acd2","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.10"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | +| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.6"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.6"},"container-logger":{"digest":"sha256:e2ccf1aab9dc118d91a449843842f5d19b4cd25731b5409de412b4ade7a2a524","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.13.3"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:3b87e3e4bd7ab76d94ca4dbee63317085a2e2e45779214ec3e42c5049ec2fbf8","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.9"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:70d53821b9314d88e3571dfb096e8f577caf3e4c2199253621b8d0c85d20b8ad","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.10"},"gc-builder":{"digest":"sha256:383306f0775d70776f26284176c5cebd21784b371defecbf96e99b0b7bafe058","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.5"},"git-cloner":{"digest":"sha256:91c36338bc191b6c17111bc9672302fece527b5d6a545173b889c70e31efafc9","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.3"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.11"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | | runtime.engine.affinity | object | `{}` | Set affinity | | runtime.engine.command | list | `["npm","run","start"]` | Set container command. | | runtime.engine.env | object | `{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"}` | Set additional env vars. | @@ -1373,7 +1373,7 @@ Install the Helm chart | runtime.engine.env.OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | | runtime.engine.env.PYROSCOPE_SERVER_ADDRESS | string | `""` | Pyroscope server address | | runtime.engine.env.TRUSTED_QEMU_IMAGES | string | `"tonistiigi/binfmt"` | Trusted QEMU images used for docker builds - when left blank defaults to .runtime.engine.runtimeImages.DEFAULT_QEMU_IMAGE value | -| runtime.engine.image | object | `{"digest":"sha256:26f19b68bf18081c73d41d5da92a6e638a2c69abe857f7470bc37ee06a030237","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.4"}` | Set image. | +| runtime.engine.image | object | `{"digest":"sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.6"}` | Set image. | | runtime.engine.nodeSelector | object | `{}` | Set node selector. | | runtime.engine.podAnnotations | object | `{}` | Set pod annotations. | | runtime.engine.podLabels | object | `{}` | Set pod labels. | @@ -1400,7 +1400,7 @@ Install the Helm chart | runtime.inCluster | bool | `true` | (for On-Premise only) Set inCluster runtime | | runtime.kubeconfigFilePath | string | `""` | (for On-Premise only) Set kubeconfig name and path | | runtime.patch | object | See below | Parameters for `runtime-patch` post-upgrade/install hook | -| runtime.patch.cronjob | object | `{"affinity":{},"enabled":true,"failedJobsHistory":1,"image":{"digest":"sha256:bbf49935b078eb0f282fec4ff674eea55f880b101809c6415e3ead7a0c729261","registry":"quay.io","repository":"codefresh/cli","tag":"0.89.3-rootless"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"schedule":"0/5 * * * *","successfulJobsHistory":1,"tolerations":[]}` | CronJob to update the runtime on schedule | +| runtime.patch.cronjob | object | `{"affinity":{},"enabled":true,"failedJobsHistory":1,"image":{"digest":"sha256:5ee4232a14d1dd81e47e95dc5f7c06f27a24c3d6936f988f157833ea93e1ab6c","registry":"quay.io","repository":"codefresh/cli","tag":"0.89.5-rootless"},"nodeSelector":{},"podSecurityContext":{},"resources":{},"schedule":"0/5 * * * *","successfulJobsHistory":1,"tolerations":[]}` | CronJob to update the runtime on schedule | | runtime.rbac | object | `{"create":true,"rules":[]}` | RBAC parameters | | runtime.rbac.create | bool | `true` | Create RBAC resources | | runtime.rbac.rules | list | `[]` | Add custom rule to the engine role | From 6f45460770b2b74b997ecbbe6fb44d3ab2f062f0 Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Thu, 30 Oct 2025 12:27:41 +0300 Subject: [PATCH 3/8] fix: security patches for images --- charts/cf-runtime/values.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/cf-runtime/values.yaml b/charts/cf-runtime/values.yaml index 8e71c5e6..39096bd1 100644 --- a/charts/cf-runtime/values.yaml +++ b/charts/cf-runtime/values.yaml @@ -561,13 +561,13 @@ runtime: fs-ops: registry: quay.io repository: codefresh/fs-ops - tag: 1.2.10 - digest: sha256:70d53821b9314d88e3571dfb096e8f577caf3e4c2199253621b8d0c85d20b8ad + tag: 1.2.11 + digest: sha256:cade5ace4d05528dfd0cbdbb96bd99c6ccae79dfeebe14661a4b7808e2131dc9 git-cloner: registry: quay.io repository: codefresh/cf-git-cloner - tag: 10.3.3 - digest: sha256:91c36338bc191b6c17111bc9672302fece527b5d6a545173b889c70e31efafc9 + tag: 10.3.4 + digest: sha256:ce1e922b94bbf1e5bd224468a2ccfe969200661ca2b6f0182b26ee0ad06e1a6d kube-deploy: registry: quay.io repository: codefresh/cf-deploy-kubernetes @@ -802,8 +802,8 @@ runtime: image: registry: quay.io repository: codefresh/kubectl - tag: 1.33.5 - digest: sha256:ac12fa598de71b3497e6f7e552a4944652933539817662a852b705876c828699 + tag: 1.34.1 + digest: sha256:bca3a2c97ea31f8ddc3ea2d185be426647775cc018f4d2cb4f5291505844760e rbac: enabled: true annotations: {} From 60e63c9545017374b39d5b9723b274f3efe7bcd2 Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Thu, 30 Oct 2025 12:35:02 +0300 Subject: [PATCH 4/8] chore: update README.md --- charts/cf-runtime/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cf-runtime/README.md b/charts/cf-runtime/README.md index d2ebabad..790e2d33 100644 --- a/charts/cf-runtime/README.md +++ b/charts/cf-runtime/README.md @@ -1335,7 +1335,7 @@ Install the Helm chart | runtime.dind.userVolumeMounts | object | `{}` | Add extra volume mounts | | runtime.dind.userVolumes | object | `{}` | Add extra volumes | | runtime.dindDaemon | object | See below | DinD pod daemon config | -| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.6"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.6"},"container-logger":{"digest":"sha256:e2ccf1aab9dc118d91a449843842f5d19b4cd25731b5409de412b4ade7a2a524","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.13.3"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:3b87e3e4bd7ab76d94ca4dbee63317085a2e2e45779214ec3e42c5049ec2fbf8","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.9"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:70d53821b9314d88e3571dfb096e8f577caf3e4c2199253621b8d0c85d20b8ad","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.10"},"gc-builder":{"digest":"sha256:383306f0775d70776f26284176c5cebd21784b371defecbf96e99b0b7bafe058","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.5"},"git-cloner":{"digest":"sha256:91c36338bc191b6c17111bc9672302fece527b5d6a545173b889c70e31efafc9","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.3"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.11"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | +| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.6"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.6"},"container-logger":{"digest":"sha256:e2ccf1aab9dc118d91a449843842f5d19b4cd25731b5409de412b4ade7a2a524","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.13.3"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:3b87e3e4bd7ab76d94ca4dbee63317085a2e2e45779214ec3e42c5049ec2fbf8","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.9"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:cade5ace4d05528dfd0cbdbb96bd99c6ccae79dfeebe14661a4b7808e2131dc9","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.11"},"gc-builder":{"digest":"sha256:383306f0775d70776f26284176c5cebd21784b371defecbf96e99b0b7bafe058","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.5"},"git-cloner":{"digest":"sha256:ce1e922b94bbf1e5bd224468a2ccfe969200661ca2b6f0182b26ee0ad06e1a6d","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.4"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.11"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | | runtime.engine.affinity | object | `{}` | Set affinity | | runtime.engine.command | list | `["npm","run","start"]` | Set container command. | | runtime.engine.env | object | `{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"}` | Set additional env vars. | From 8de72ca7cb54458283afa24adef5179efc7c67e5 Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Thu, 30 Oct 2025 12:45:40 +0300 Subject: [PATCH 5/8] fix: set missing digest --- charts/cf-runtime/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cf-runtime/values.yaml b/charts/cf-runtime/values.yaml index 39096bd1..7f5dd342 100644 --- a/charts/cf-runtime/values.yaml +++ b/charts/cf-runtime/values.yaml @@ -803,7 +803,7 @@ runtime: registry: quay.io repository: codefresh/kubectl tag: 1.34.1 - digest: sha256:bca3a2c97ea31f8ddc3ea2d185be426647775cc018f4d2cb4f5291505844760e + digest: sha256:7ad81c3b2c852d8c6dc5bd4d013b04bba458c0abe27594c01f21488fdde41e56 rbac: enabled: true annotations: {} From d07304293fe14f3cfac0007676426300fcae5a3a Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Thu, 30 Oct 2025 13:14:48 +0300 Subject: [PATCH 6/8] fix: update documentation --- charts/cf-runtime/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cf-runtime/Chart.yaml b/charts/cf-runtime/Chart.yaml index 5adbb0e6..b20c4f0e 100644 --- a/charts/cf-runtime/Chart.yaml +++ b/charts/cf-runtime/Chart.yaml @@ -22,7 +22,7 @@ annotations: - kind: fixed description: "Fix an issue that prevented the Docker metrics collector from shutting down gracefully" - kind: security - description: "Security fixes in dind, engine, cf-debugger and cli" + description: "Security fixes in cf-debugger, cf-git-cloner, cli, dind, engine, fs-ops and kubectl" dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts From 88e8e41bd710d3f97c1186865c20f3d7e240b474 Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Thu, 30 Oct 2025 16:06:01 +0300 Subject: [PATCH 7/8] fix: update engine --- charts/cf-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/cf-runtime/values.yaml b/charts/cf-runtime/values.yaml index 7f5dd342..3ed7f4b8 100644 --- a/charts/cf-runtime/values.yaml +++ b/charts/cf-runtime/values.yaml @@ -505,9 +505,9 @@ runtime: image: registry: quay.io repository: codefresh/engine - tag: 1.180.6 + tag: 1.180.7 pullPolicy: IfNotPresent - digest: sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84 + digest: sha256:1919280cecc58d9e1001435f31fdd79fa4fb5627a5e490be5ade603d6a5c641d # -- Set container command. command: - npm From 0024870a41772593cd96843a69e8cf7c5cb320dc Mon Sep 17 00:00:00 2001 From: Vasil Sudakou Date: Thu, 30 Oct 2025 16:06:53 +0300 Subject: [PATCH 8/8] chore: update README.md --- charts/cf-runtime/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/cf-runtime/README.md b/charts/cf-runtime/README.md index 790e2d33..a3411e91 100644 --- a/charts/cf-runtime/README.md +++ b/charts/cf-runtime/README.md @@ -1335,7 +1335,7 @@ Install the Helm chart | runtime.dind.userVolumeMounts | object | `{}` | Add extra volume mounts | | runtime.dind.userVolumes | object | `{}` | Add extra volumes | | runtime.dindDaemon | object | See below | DinD pod daemon config | -| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.6"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.6"},"container-logger":{"digest":"sha256:e2ccf1aab9dc118d91a449843842f5d19b4cd25731b5409de412b4ade7a2a524","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.13.3"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:3b87e3e4bd7ab76d94ca4dbee63317085a2e2e45779214ec3e42c5049ec2fbf8","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.9"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:cade5ace4d05528dfd0cbdbb96bd99c6ccae79dfeebe14661a4b7808e2131dc9","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.11"},"gc-builder":{"digest":"sha256:383306f0775d70776f26284176c5cebd21784b371defecbf96e99b0b7bafe058","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.5"},"git-cloner":{"digest":"sha256:ce1e922b94bbf1e5bd224468a2ccfe969200661ca2b6f0182b26ee0ad06e1a6d","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.4"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.11"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | +| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:1919280cecc58d9e1001435f31fdd79fa4fb5627a5e490be5ade603d6a5c641d","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.7"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.6"},"container-logger":{"digest":"sha256:e2ccf1aab9dc118d91a449843842f5d19b4cd25731b5409de412b4ade7a2a524","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.13.3"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:3b87e3e4bd7ab76d94ca4dbee63317085a2e2e45779214ec3e42c5049ec2fbf8","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.9"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:cade5ace4d05528dfd0cbdbb96bd99c6ccae79dfeebe14661a4b7808e2131dc9","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.11"},"gc-builder":{"digest":"sha256:383306f0775d70776f26284176c5cebd21784b371defecbf96e99b0b7bafe058","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.5"},"git-cloner":{"digest":"sha256:ce1e922b94bbf1e5bd224468a2ccfe969200661ca2b6f0182b26ee0ad06e1a6d","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.4"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.11"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | | runtime.engine.affinity | object | `{}` | Set affinity | | runtime.engine.command | list | `["npm","run","start"]` | Set container command. | | runtime.engine.env | object | `{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"}` | Set additional env vars. | @@ -1373,7 +1373,7 @@ Install the Helm chart | runtime.engine.env.OTEL_TRACES_SAMPLER | string | `"parentbased_always_on"` | OTel sampler to be used for traces. Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/ | | runtime.engine.env.PYROSCOPE_SERVER_ADDRESS | string | `""` | Pyroscope server address | | runtime.engine.env.TRUSTED_QEMU_IMAGES | string | `"tonistiigi/binfmt"` | Trusted QEMU images used for docker builds - when left blank defaults to .runtime.engine.runtimeImages.DEFAULT_QEMU_IMAGE value | -| runtime.engine.image | object | `{"digest":"sha256:0e45c339e12f4fe4eeeb5a791ef659b1c601d5b630c6cbb7b3726a41c27b4c84","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.6"}` | Set image. | +| runtime.engine.image | object | `{"digest":"sha256:1919280cecc58d9e1001435f31fdd79fa4fb5627a5e490be5ade603d6a5c641d","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.180.7"}` | Set image. | | runtime.engine.nodeSelector | object | `{}` | Set node selector. | | runtime.engine.podAnnotations | object | `{}` | Set pod annotations. | | runtime.engine.podLabels | object | `{}` | Set pod labels. |