-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathREADME.md.gotmpl
More file actions
296 lines (243 loc) · 8.75 KB
/
README.md.gotmpl
File metadata and controls
296 lines (243 loc) · 8.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
## Codefresh gitops runtime
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
## Prerequisites
- Helm **3.11.0+**
## Get Chart Info
```console
helm show all oci://quay.io/codefresh/gitops-runtime
```
See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
## Codefresh official documentation:
Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/
## Multi Runtime Installation
You can install multiple Codefresh GitOps Runtimes in the same cluster, as long as each Runtime is deployed in its own namespace and manages only the applications in that namespace.
To achieve this, configure your Runtimes to run in namespaced mode by setting `global.runtime.singleNamespace=true`. See the values.yaml example below:
```yaml
global:
runtime:
singleNamespace: true
sealed-secrets:
enabled: false
argo-cd:
createClusterRoles: false
crds:
install: false
configs:
params:
application.namespaces: ''
argo-events:
controller:
rbac:
namespaced: true
argo-workflows:
crds:
install: false
singleNamespace: true
createAggregateRoles: false
controller:
clusterWorkflowTemplates:
enabled: false
server:
clusterWorkflowTemplates:
enabled: false
argo-rollouts:
enabled: false
tunnel-client:
enabled: false
gitops-operator:
crds:
install: false
```
Note that for the first runtime in the cluster, you have to configure it to install the CRDs, with setting these values:
```yaml
global:
runtime:
isConfigurationRuntime: true
argo-cd:
crds:
install: true
argo-workflows:
crds:
install: true
argo-rollouts:
installCRDs: true
gitops-operator:
crds:
install: true
```
> [!WARNING]
> If you want more than one runtime in your cluster, make sure that all of the runtimes in your cluster are configured with `global.runtime.singleNamespace=true`.
> If you already have a runtime installed in the cluster without this setting, multi runtime installation is not supported.
## Argo-workflows artifact and log storage
Codefresh provides a SaaS object storage based solution for Argo workflows logs storage. The chart deploys a configmap named `codefresh-workflows-log-store` with the repository configuration.
If you want to utilize the Codefresh SaaS solution for log storage for all workflows in the runtime please set the following values:
```yaml
argo-workflows:
controller:
workflowDefaults:
spec:
artifactRepositoryRef:
configMap: codefresh-workflows-log-store
key: codefresh-workflows-log-store
```
> [!WARNING]
> It's highly recommended to use your own artifact storage for data privacy reasons.
> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes.
> Please refer to the official documentation for more details.
## Installation with External ArgoCD
If you want to use an existing ArgoCD installation, you can disable the built-in ArgoCD and configure the GitOps Runtime to use the external ArgoCD.
See the `values.yaml` example below:
```yaml
global:
# -- Configuration for external ArgoCD
# Should be used when `argo-cd.enabled` is set to false
external-argo-cd:
# -- ArgoCD server settings
server:
# -- Service name of the ArgoCD server
svc: argocd
# -- Port of the ArgoCD server
port: 80
# -- Set if Argo CD is running behind reverse proxy under subpath different from /
# e.g.
# rootpath: '/argocd'
rootpath: ''
redis:
# -- Service name of the ArgoCD Redis
svc: argocd-redis
# -- Port of the ArgoCD Redis
port: 6379
repoServer:
# -- Service name of the ArgoCD repo server
svc: argocd-repo-server
# -- Port of the ArgoCD repo server
port: 8081
# -- How GitOps Runtime should authenticate with ArgoCD
auth:
# -- Authentication type. Can be password or token
type: password
# If `auth.type=password` is set
# -- ArgoCD username in plain text
username: "admin"
# -- ArgoCD password in plain text
password: ""
# -- ArgoCD password referenced by an existing secret
passwordSecretKeyRef:
name: argocd-initial-admin-secret
key: password
# If `auth.type=token` is set
# -- ArgoCD token in plain text
token: ""
# -- ArgoCD token referenced by an existing secret
tokenSecretKeyRef: {}
# e.g:
# tokenSecretKeyRef:
# name: argocd-token
# key: token
argo-cd:
# -- Disable built-in ArgoCD
enabled: false
```
⚠️ If `auth.type=password` is set, ArgoCd user must have `apiKey` capability enabled.
`argocd-cm` ConfigMap
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
data:
accounts.admin: apiKey, login
admin.enabled: "true"
```
## Installation with External Argo Rollouts
If you want to use an existing Argo Rollouts installation, you can disable the built-in Argo Rollouts and configure the GitOps Runtime to use the external Argo Rollouts.
See the `values.yaml` example below:
```yaml
global:
# -- Configuration for external Argo Rollouts
external-argo-rollouts:
# -- Rollout reporter settings
rollout-reporter:
# -- Enable rollout reporter
# Configuration is defined at .Values.event-reporters.rollout
enabled: true
argo-rollouts:
# -- Disable built-in Argo Rollouts
enabled: false
```
## Using with private registries - Helper utility
The GitOps Runtime comprises multiple subcharts and container images. Subcharts also vary in values structure, making it difficult to override image specific values to use private registries.
We have created a helper utility to resolve this issue:
- The utility create values files in the correct structure, overriding the registry for each image. When installing the chart, you can then provide those values files to override all images.
- The utility also creates other files with data to help you identify and correctly mirror all the images.
#### Usage
The utility is packaged in a container image. Below are instructions on executing the utility using Docker:
```
docker run -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:{{ template "chart.version" . }} <local_registry>
```
`output_dir` - is a local directory where the utility will output files. <br>
`local_registry` - is your local registry where you want to mirror the images to
The utility will output 4 files into the folder:
1. `image-list.txt` - is the list of all images used in this version of the chart. Those are the images that you need to mirror.
2. `image-mirror.csv` - is a csv file with 2 fields - source_image and target_image. source_image is the image with the original registry and target_image is the image with the private registry. Can be used as an input file for a mirroring script.
3. `values-images-no-tags.yaml` - a values file with all image values with the private registry **excluding tags**. If provided through --values to helm install/upgrade command - it will override all images to use the private registry.
4. `values-images-with-tags.yaml` - The same as 3 but with tags **included**.
For usage with external ArgoCD run the utility with `EXTERNAL_ARGOCD` environment variable set to `true`.
```
docker run -e EXTERNAL_ARGOCD=true -v <output_dir>:/output quay.io/codefresh/gitops-runtime-private-registry-utils:{{ template "chart.version" . }} <local_registry>
```
## Openshift
```yaml
internal-router:
dnsService: dns-default
dnsNamespace: openshift-dns
clusterDomain: cluster.local
argo-cd:
redis:
securityContext:
runAsUser: 1000680000 # Arbitrary user ID within allowed range
openshift:
enabled: true
argo-events:
openshift: true
webhook:
port: 8443
sealed-secrets:
podSecurityContext:
enabled: false
containerSecurityContext:
enabled: false
```
## Upgrading
### To >=0.23.3
#### Manual fix in the ISC repository
If the ISC repository already contains the resources/app-projects/cf-runtime-app-project.yaml file it should be manually updated:
```yaml
...
spec:
destinations:
- namespace: '*'
server: "*" # <-- replace 'https://kubernetes.default.svc' with "*" here
...
```
### To 0.23.x
#### Affected values
- `.Values.gitops-operator.image` map has been changed to include `registry` field. Please migrate the values git below:
```yaml
# before
gitops-operator:
image:
repository: quay.io/codefresh/codefresh-gitops-operator
tag: vX.Y.Z
# after
gitops-operator:
image:
registry: quay.io
repository: codefresh/codefresh-gitops-operator
tag: vX.Y.Z
```
{{ template "chart.valuesSection" . }}