diff --git a/CHANGELOG/release-notes-v0.7.0.md b/CHANGELOG/release-notes-v0.7.0.md new file mode 100644 index 0000000000..7181cc9e86 --- /dev/null +++ b/CHANGELOG/release-notes-v0.7.0.md @@ -0,0 +1,88 @@ +## v0.7.0 + +## Bugs +- fix: extra labels propagation made env driven (#5274) +- fix: App clone config map fix (#5268) +- fix: latest version in default cluster and on UI (#5259) +- fix: update CVE's severity and store multiple same CVE's in multiple packages (#5168) +- fix: fixing force push for gitops (#5152) +- fix: extra labels propagation based on k8s label regex matching (#5216) +- fix: invalid runner status (#5189) +- fix: revert changes from main (#5206) +- fix: apps and jobs permission (#5110) +- fix: added Copyright (#5172) +- fix:removed unused env var (#5174) +- fix: Handling all cases for 5xx (#5100) +- fix: trivy scan step command fix (#5162) +- fix: added extra args in trivy cmds (#5146) +- fix: proxyRouter empty data err panic handling (#5147) +- fix: handling side-effects for displaying external helm apps with same name across diff namespaces and clusters (#4951) +- fix: fatal log removed (#5043) +- fix: added a check for restricting managers to assign superadmin through permission groups (#5025) +- fix: SHOW_DOCKER_BUILD_ARGS variable not working as expected (#5117) +- fix: dependabot version upgrade (#5089) +- fix: containers are missing from app-details page in argocd app (#4973) +- fix:resolved PR review comments also remove check for virtual cluster (#5095) +- fix:handled namespace case if deleted by kubectl (#5081) +- fix: oci chart were getting deployed through gitops (#5088) +- fix: argocd config update fix (#5074) +- fix: handle 5xx in fetch resource tree api and cd-trigger (#5050) +- fix: gitops update updated (#5055) +- fix: App create api validations (#5019) +- fix: git material saved in transaction (#5040) +- fix: panic while pulling images (#5036) +- fix: terminal stuck in connecting state (#4989) +- fix: handle for wrong format of k8s version in semvercompare func in cronjob template charts (#5016) +- fix: Dockerfile ubuntu version (#5022) +- fix: application status changes to HIBERNATING, when hibernation fails due to some reason (#5005) +- fix: deleted api token can be reused if created again with same name (#4978) +- fix: Kubelink Requests getting Failed for gRPC method GetAppDetails (#5012) +- fix: terminate sync if in progress (#4946) +- fix: grpc error handling for TemplateChart req (#4980) +- fix: removed redundant import (#5004) +- fix: image promotion sql script (#4996) +- fix: image-approval-migartion fix (#4994) +- fix: ci-cd count per day in telemetry data (#4931) +## Enhancements +- feat: notifier behind nats (#5185) +- feat: cd pipeline deployment history refactoring (#5200) +- feat: wire nil test in pre ci pipeline (#4858) +- feat: added recovery counter metrics (#5124) +- feat: auto remediation (#5137) +- feat: support for ca cert in trivy (#5064) +- feat: validation for pipeline Type (#4670) +- feat: propagate labels such as envName and projectName (#5063) +- feat: Plugin to trigger Devtron Job (#5053) +- feat: CD Trigger Plugin (#4810) +- feat: Introduction to feasibility in Deployment (#4862) +## Documentation +- doc: Created Resource Watcher Doc (#5193) +- doc: Modified Portforward Section to Kubectl Section (#5236) +- doc: Added enhancements to security doc (#5203) +- docs: update readme to include multi arch flag (#4998) +- docs: config.md updatation for new flag (#5061) +- doc: Fixes in Documentation for May Month (#5150) +- doc: Created Resource Watcher Doc (#5193) +- doc: Modified Portforward Section to Kubectl Section (#5236) +- doc: Added enhancements to security doc (#5203) +- docs: update readme to include multi arch flag (#4998) +- docs: config.md updatation for new flag (#5061) +- doc: Added kubectl port-fwd section in RB (#5139) +- doc: Added Bitbucket Data Center in GitOps doc (#5075) +- doc: Image promotion policy (#4762) +- doc: Revamped Resource Browser Doc (#5035) +- doc: Added Bulk Restart in Application Groups doc (#5080) +- doc: Added new doc in the index (#5029) +- doc: Changes made in the doc according to the newer version (#5024) +- doc: Added Linked CI with Child Info + Runtime Build Parameters (#4991) +## Others +- chore: updated vendor (#5166) +- chore: gitops validation in api (#5082) +- chore: release v2 migration (#5126) +- chore: migration update for remote connection config (#5113) +- chore: added sql for release and release channels (#4898) +- chore: resource scan migration (#4977) +- chore: image promotion migration (#4992) +- misc: uniform GitHub action (#5069) + + diff --git a/charts/devtron/Chart.yaml b/charts/devtron/Chart.yaml index 434e865379..f90f672e74 100644 --- a/charts/devtron/Chart.yaml +++ b/charts/devtron/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: devtron-operator -appVersion: 0.6.29 +appVersion: 0.7.0 description: Chart to configure and install Devtron. Devtron is a Kubernetes Orchestration system. keywords: - Devtron @@ -11,7 +11,7 @@ keywords: - argocd - Hyperion engine: gotpl -version: 0.22.71 +version: 0.22.72 sources: - https://github.com/devtron-labs/charts dependencies: diff --git a/charts/devtron/devtron-bom.yaml b/charts/devtron/devtron-bom.yaml index 913ad4f3db..da4461d2f3 100644 --- a/charts/devtron/devtron-bom.yaml +++ b/charts/devtron/devtron-bom.yaml @@ -8,12 +8,13 @@ global: runAsUser: 1000 runAsNonRoot: true containerRegistry: "quay.io/devtron" - + installer: - release: "v0.6.29" + release: "v0.7.0" registry: "" image: "inception" tag: "473deaa4-185-21582" + components: dashboard: config: @@ -30,31 +31,30 @@ components: SERVICE_WORKER_TIMEOUT: "1" API_BATCH_SIZE: "30" registry: "" - image: "dashboard:1c86e84e-325-22108" + image: "dashboard:87aaf7ac-690-23135" imagePullPolicy: IfNotPresent - + devtron: registry: "" - image: "hyperion:e7f34f5a-280-22107" - cicdImage: "devtron:e7f34f5a-434-22106" + image: "hyperion:3aa7e420-280-23147" + cicdImage: "devtron:3aa7e420-434-23146" imagePullPolicy: IfNotPresent customOverrides: {} - + ciRunner: registry: "" - image: "ci-runner:f5614d79-541-22176" - - + image: "ci-runner:6e721248-138-23081" + argocdDexServer: registry: "" image: "dex:v2.30.2" imagePullPolicy: IfNotPresent initContainer: authenticator: "authenticator:e414faff-393-13273" - + kubelink: registry: "" - image: "kubelink:2610ac5a-564-22109" + image: "kubelink:a810dbae-564-23055" imagePullPolicy: IfNotPresent configs: ENABLE_HELM_RELEASE_CACHE: "true" @@ -69,10 +69,10 @@ components: dbconfig: secretName: postgresql-postgresql keyName: postgresql-password - + kubewatch: registry: "" - image: "kubewatch:50d4d32d-419-22116" + image: "kubewatch:f8ac0fe6-419-23054" imagePullPolicy: IfNotPresent configs: devtroncd_NAMESPACE: "devtron-ci" @@ -80,7 +80,7 @@ components: ACD_NAMESPACE: "devtroncd" ACD_INFORMER: "true" NATS_STREAM_MAX_AGE: "10800" - + postgres: registry: "" image: "postgres:11.9.0-debian-10-r26" @@ -90,6 +90,7 @@ components: metrics: image: postgres_exporter:v0.4.7 armImage: postgres_exporter:v0.10.1 + gitsensor: registry: "" image: "git-sensor:8545feb5-200-22005" @@ -107,10 +108,10 @@ components: dbconfig: secretName: postgresql-postgresql keyName: postgresql-password -# Values for lens + # Values for lens lens: registry: "" - image: "lens:70577aaa-333-21179" + image: "lens:3d3e8f08-333-23057" imagePullPolicy: IfNotPresent configs: GIT_SENSOR_PROTOCOL: GRPC @@ -123,7 +124,7 @@ components: dbconfig: secretName: postgresql-postgresql keyName: postgresql-password -# Change below values for nats + # Change below values for nats nats: registry: "" image: nats:2.9.3-alpine @@ -139,6 +140,7 @@ components: enabled: false persistence: storage: 5Gi + migrator: registry: "" image: "migrator:v4.16.2" @@ -151,13 +153,11 @@ components: DB_NAME: "casbin" gitsensor: DB_NAME: "git_sensor" - lens: + lens: DB_NAME: "lens" - chartSync: registry: "" - image: chart-sync:d0dcc590-373-21074 - + image: chart-sync:b67ab589-150-23082 # values for argocd integration argo-cd: global: @@ -175,9 +175,10 @@ workflowController: executorImage: "argoexec:v3.4.3" IMDSv1Image: "workflow-controller:v3.0.7" IMDSv1ExecutorImage: "argoexec:v3.0.7" + security: imageScanner: - image: "image-scanner:c0416bc2-334-22111" + image: "image-scanner:3ab2ba46-141-23064" clair: image: repository: clair @@ -185,11 +186,11 @@ security: # Values for notifier integration notifier: image: "notifier:924a17f6-372-22110" + minio: image: "minio:RELEASE.2021-02-14T04-01-33Z" mbImage: "minio-mc:RELEASE.2021-02-14T04-28-06Z" gatewayImage: "minio:RELEASE.2020-12-03T05-49-24Z" - # Values for grafana integration monitoring: grafana: diff --git a/charts/devtron/templates/_helpers.tpl b/charts/devtron/templates/_helpers.tpl index 71b3cec5ee..09fc0d92c0 100644 --- a/charts/devtron/templates/_helpers.tpl +++ b/charts/devtron/templates/_helpers.tpl @@ -19,7 +19,6 @@ it randomly. {{- end -}} {{- end }} - {{/* Return full image {{ include "common.image" ( dict "component" .Values.path.to.the.component "global" .Values.global .extraImage .extraImageTag .extraImageDigest ) }} @@ -50,4 +49,4 @@ Return full image {{- printf "%s" $imageName -}} {{- end }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/devtron/templates/argocd-secret.yaml b/charts/devtron/templates/argocd-secret.yaml index 70890bac98..b8d7775b3f 100644 --- a/charts/devtron/templates/argocd-secret.yaml +++ b/charts/devtron/templates/argocd-secret.yaml @@ -56,3 +56,178 @@ data: - name: kedacore type: helm url: https://kedacore.github.io/charts + resource.customizations: > + kubernetes-client.io/ExternalSecret: + health.lua: | + hs = {} + if obj.status ~= nil then + if obj.status.status ~= nil then + hs.status = "Degraded" + hs.message = obj.status.status + else + hs.status = "Healthy" + end + else + hs.status = "Healthy" + end + return hs + argoproj.io/Rollout: + health.lua: | + function checkReplicasStatus(obj) + hs = {} + replicasCount = getNumberValueOrDefault(obj.spec.replicas) + replicasStatus = getNumberValueOrDefault(obj.status.replicas) + updatedReplicas = getNumberValueOrDefault(obj.status.updatedReplicas) + availableReplicas = getNumberValueOrDefault(obj.status.availableReplicas) + + if updatedReplicas < replicasCount then + hs.status = "Progressing" + hs.message = "Waiting for roll out to finish: More replicas need to be updated" + return hs + end + -- Since the scale down delay can be very high, BlueGreen does not wait for all the old replicas to scale + -- down before marking itself healthy. As a result, only evaluate this condition if the strategy is canary. + if obj.spec.strategy.canary ~= nil and replicasStatus > updatedReplicas then + hs.status = "Progressing" + hs.message = "Waiting for roll out to finish: old replicas are pending termination" + return hs + end + if availableReplicas < updatedReplicas then + hs.status = "Progressing" + hs.message = "Waiting for roll out to finish: updated replicas are still becoming available" + return hs + end + return nil + end + + function getNumberValueOrDefault(field) + if field ~= nil then + return field + end + return 0 + end + + function checkPaused(obj) + hs = {} + local paused = false + if obj.status.verifyingPreview ~= nil then + paused = obj.status.verifyingPreview + elseif obj.spec.paused ~= nil then + paused = obj.spec.paused + end + + if paused then + hs.status = "Suspended" + hs.message = "Rollout is paused" + return hs + end + return nil + end + + hs = {} + if obj.status ~= nil then + if obj.status.conditions ~= nil then + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "InvalidSpec" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Progressing" and condition.reason == "RolloutAborted" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Progressing" and condition.reason == "ProgressDeadlineExceeded" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + end + end + if obj.status.currentPodHash ~= nil then + if obj.spec.strategy.blueGreen ~= nil then + isPaused = checkPaused(obj) + if isPaused ~= nil then + return isPaused + end + replicasHS = checkReplicasStatus(obj) + if replicasHS ~= nil then + return replicasHS + end + if obj.status.blueGreen ~= nil and obj.status.blueGreen.activeSelector ~= nil and obj.status.blueGreen.activeSelector == obj.status.currentPodHash then + hs.status = "Healthy" + hs.message = "The active Service is serving traffic to the current pod spec" + return hs + end + hs.status = "Progressing" + hs.message = "The current pod spec is not receiving traffic from the active service" + return hs + end + if obj.spec.strategy.recreate ~= nil then + isPaused = checkPaused(obj) + if isPaused ~= nil then + return isPaused + end + replicasHS = checkReplicasStatus(obj) + if replicasHS ~= nil then + return replicasHS + end + if obj.status.recreate ~= nil and obj.status.recreate.currentRS ~= nil and obj.status.recreate.currentRS == obj.status.currentPodHash then + hs.status = "Healthy" + hs.message = "Rollout is successful" + return hs + end + hs.status = "Progressing" + hs.message = "Rollout is in progress" + return hs + end + if obj.spec.strategy.canary ~= nil then + currentRSIsStable = obj.status.canary.stableRS == obj.status.currentPodHash + if obj.spec.strategy.canary.steps ~= nil and table.getn(obj.spec.strategy.canary.steps) > 0 then + stepCount = table.getn(obj.spec.strategy.canary.steps) + if obj.status.currentStepIndex ~= nil then + currentStepIndex = obj.status.currentStepIndex + isPaused = checkPaused(obj) + if isPaused ~= nil then + return isPaused + end + + if paused then + hs.status = "Suspended" + hs.message = "Rollout is paused" + return hs + end + if currentRSIsStable and stepCount == currentStepIndex then + replicasHS = checkReplicasStatus(obj) + if replicasHS ~= nil then + return replicasHS + end + hs.status = "Healthy" + hs.message = "The rollout has completed all steps" + return hs + end + end + hs.status = "Progressing" + hs.message = "Waiting for rollout to finish steps" + return hs + end + + -- The detecting the health of the Canary deployment when there are no steps + replicasHS = checkReplicasStatus(obj) + if replicasHS ~= nil then + return replicasHS + end + if currentRSIsStable then + hs.status = "Healthy" + hs.message = "The rollout has completed canary deployment" + return hs + end + hs.status = "Progressing" + hs.message = "Waiting for rollout to finish canary deployment" + end + end + end + hs.status = "Progressing" + hs.message = "Waiting for rollout to finish: status has not been reconciled." + return hs \ No newline at end of file diff --git a/charts/devtron/templates/configmap-secret.yaml b/charts/devtron/templates/configmap-secret.yaml index addaf20f61..b856f736dc 100644 --- a/charts/devtron/templates/configmap-secret.yaml +++ b/charts/devtron/templates/configmap-secret.yaml @@ -1,6 +1,13 @@ {{- $grafanaPwd := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-grafana-cred-secret" "Key" "admin-password") }} {{- $minioAccessKey := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-minio" "Key" "accesskey") }} {{- $minioSecretKey := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-minio" "Key" "secretkey") }} +{{- $EXTERNAL_CI_API_SECRET := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "EXTERNAL_CI_API_SECRET") }} +{{- $ORCH_TOKEN := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "ORCH_TOKEN") }} +{{- $DEX_SECRET := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_SECRET") }} +{{- $DEX_JWTKEY := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_JWTKEY") }} +{{- $DEX_CSTOREKEY := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_CSTOREKEY") }} +{{- $postgresPwd := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "postgresql-postgresql" "Key" "postgresql-password") }} +{{- $WEBHOOK_TOKEN := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "WEBHOOK_TOKEN") }} {{- if $.Values.installer.modules }} {{- if has "cicd" $.Values.installer.modules }} apiVersion: v1 @@ -192,11 +199,10 @@ data: {{- end }} {{- end }} --- -{{- $Secret := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "postgresql-postgresql" "Key" "postgresql-password") }} apiVersion: v1 kind: Secret data: - postgresql-password: {{ $Secret }} + postgresql-password: {{ $postgresPwd }} POSTGRES_USER: cG9zdGdyZXM= POSTGRES_DB: b3JjaGVzdHJhdG9y metadata: @@ -214,7 +220,7 @@ type: Opaque apiVersion: v1 kind: Secret data: - DB_PASSWORD: {{ $Secret }} + DB_PASSWORD: {{ $postgresPwd }} metadata: name: postgresql-migrator labels: @@ -238,7 +244,17 @@ metadata: "helm.sh/hook-weight": "-3" "helm.sh/resource-policy": keep data: - PG_PASSWORD: {{ $Secret }} + PG_PASSWORD: {{ $postgresPwd }} +{{- if $.Values.installer.modules }} +{{- if has "cicd" $.Values.installer.modules }} + EXTERNAL_CI_API_SECRET: {{ $EXTERNAL_CI_API_SECRET }} + WEBHOOK_TOKEN: {{ $WEBHOOK_TOKEN }} + ORCH_TOKEN: {{ $ORCH_TOKEN }} + DEX_SECRET: {{ $DEX_SECRET }} + DEX_JWTKEY: {{ $DEX_JWTKEY }} + DEX_CSTOREKEY: {{ $DEX_CSTOREKEY }} +{{- end }} +{{- end }} type: Opaque --- apiVersion: v1 diff --git a/charts/devtron/templates/devtron.yaml b/charts/devtron/templates/devtron.yaml index c697716d1a..948d5e739c 100644 --- a/charts/devtron/templates/devtron.yaml +++ b/charts/devtron/templates/devtron.yaml @@ -21,6 +21,70 @@ data: APP_SYNC_IMAGE: {{ include "common.image" (dict "component" $.Values.components.chartSync "global" $.Values.global ) }} {{- if $.Values.installer.modules }} {{- if has "cicd" $.Values.installer.modules }} + CD_HOST: "argocd-server.devtroncd" + CD_PORT: "80" + CD_NAMESPACE: "devtroncd" + EVENT_URL: "http://notifier-service.devtroncd:80/notify" + GIT_SENSOR_PROTOCOL: GRPC + GIT_SENSOR_URL: "git-sensor-service.devtroncd:90" + GIT_SENSOR_TIMEOUT: "300" + LENS_URL: "http://lens-service.devtroncd:80" + LENS_TIMEOUT: "300" + NATS_SERVER_HOST: "nats://devtron-nats.devtroncd:4222" + APP: "orchestrator" + PG_LOG_QUERY: "true" + LOG_LEVEL: "0" + GIT_WORKING_DIRECTORY: "/tmp/gitops/" + ACD_URL: "argocd-server.devtroncd" + ACD_USER: "admin" + ACD_TIMEOUT: "300" + ACD_SKIP_VERIFY: "true" + MODE: "PROD" + CD_LIMIT_CI_CPU: "0.5" + CD_LIMIT_CI_MEM: "3G" + CD_REQ_CI_CPU: "0.5" + CD_REQ_CI_MEM: "1G" + CD_NODE_TAINTS_KEY: "dedicated" + CD_NODE_LABEL_SELECTOR: "kubernetes.io/os=linux" + CD_WORKFLOW_SERVICE_ACCOUNT: "cd-runner" + DEFAULT_BUILD_LOGS_KEY_PREFIX: "devtron" + DEFAULT_CD_ARTIFACT_KEY_LOCATION: "devtron/cd-artifacts" + CD_NODE_TAINTS_VALUE: "ci" + CD_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" + DEFAULT_CD_NAMESPACE: "devtron-cd" + DEFAULT_CI_IMAGE: {{ include "common.image" (dict "component" $.Values.components.ciRunner "global" $.Values.global ) }} + DEFAULT_CD_TIMEOUT: "3600" + WF_CONTROLLER_INSTANCE_ID: "devtron-runner" + CI_LOGS_KEY_PREFIX: "ci-artifacts" + DEFAULT_NAMESPACE: "devtron-ci" + DEFAULT_TIMEOUT: "3600" + LIMIT_CI_CPU: "0.5" + LIMIT_CI_MEM: "3G" + REQ_CI_CPU: "0.5" + REQ_CI_MEM: "1G" + CI_NODE_TAINTS_KEY: "" + CI_NODE_TAINTS_VALUE: "" + CI_NODE_LABEL_SELECTOR: "" + CACHE_LIMIT: "5000000000" + DEFAULT_ARTIFACT_KEY_LOCATION: "devtron/ci-artifacts" + WORKFLOW_SERVICE_ACCOUNT: "ci-runner" + EXTERNAL_CI_PAYLOAD: "{\"ciProjectDetails\":[{\"gitRepository\":\"https://github.com/vikram1601/getting-started-nodejs.git\",\"checkoutPath\":\"./abc\",\"commitHash\":\"239077135f8cdeeccb7857e2851348f558cb53d3\",\"commitTime\":\"2022-10-30T20:00:00\",\"branch\":\"master\",\"message\":\"Update README.md\",\"author\":\"User Name \"}],\"dockerImage\":\"445808685819.dkr.ecr.us-east-2.amazonaws.com/orch:23907713-2\"}" + CI_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" + IMAGE_SCANNER_ENDPOINT: "http://image-scanner-service.devtroncd:80" + ECR_REPO_NAME_PREFIX: "devtron/" + ACD_USERNAME: "admin" + DEX_RURL: "http://argocd-dex-server.devtroncd:8080/callback" + DEX_URL: "http://argocd-dex-server.devtroncd:5556/dex" + CExpirationTime: "600" + JwtExpirationTime: "120" + ACD_CM: "argocd-cm" + ACD_NAMESPACE: "devtroncd" + MINIO_ENDPOINT: http://devtron-minio:9000 + GITOPS_REPO_PREFIX: "devtron" + ENFORCER_CACHE: "true" + ENFORCER_CACHE_EXPIRATION_IN_SEC: "345600" + ENFORCER_MAX_BATCH_SIZE: "1" + DEVTRON_SECRET_NAME: "devtron-secret" USE_ARTIFACT_LISTING_API_V2: "true" RUN_HELM_INSTALL_IN_ASYNC_MODE_HELM_APPS: "true" ENABLE_ASYNC_INSTALL_DEVTRON_CHART: "true" @@ -29,7 +93,18 @@ data: IMAGE_SCAN_MAX_RETRIES: "3" IMAGE_SCAN_RETRY_DELAY: "5" CONSUMER_CONFIG_JSON: '{"DEVTRON-CHART-INSTALL-DURABLE":{"natsMsgProcessingBatchSize":1}}' - USE_GIT_CLI : "true" + SKIP_GITOPS_VALIDATION: "false" + SKIP_CREATING_ECR_REPO: "false" + SCOPED_VARIABLE_ENABLED: "true" + SCOPED_VARIABLE_HANDLE_PRIMITIVES: "true" + MAX_CI_WORKFLOW_RETRIES: "0" + MAX_CD_WORKFLOW_RUNNER_RETRIES: "0" + ENABLE_BUILD_CONTEXT: "true" + CI_SUCCESS_AUTO_TRIGGER_BATCH_SIZE: "1" + FEATURE_RESTART_WORKLOAD_BATCH_SIZE: "1" + FEATURE_RESTART_WORKLOAD_WORKER_POOL_SIZE: "5" + USE_GIT_CLI: "false" + PROPAGATE_EXTRA_LABELS: "false" {{- if $.Values.configs }} {{- if or ($.Values.minio.enabled) ($.Values.configs.BLOB_STORAGE_PROVIDER) }} BLOB_STORAGE_ENABLED: "true" @@ -61,6 +136,10 @@ data: {{- if $.Values.monitoring.grafana }} {{- if $.Values.monitoring.grafana.enabled }} GRAFANA_URL: "http://%s:%s@devtron-grafana.devtroncd/grafana" + GRAFANA_HOST: "devtron-grafana.devtroncd" + GRAFANA_PORT: "80" + GRAFANA_NAMESPACE: "devtroncd" + GRAFANA_ORG_ID: "2" {{- end }} {{- end }} {{- end }} @@ -82,6 +161,23 @@ data: {{- end }} DEFAULT_CI_IMAGE: {{ include "common.image" (dict "component" $.Values.components.ciRunner "global" $.Values.global ) }} --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: devtron-cluster-components + labels: + release: devtron +data: + rollout.yaml: >- + rollout: + resources: + limits: + cpu: 250m + memory: 200Mi + requests: + cpu: 50m + memory: 100Mi +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -107,6 +203,10 @@ spec: terminationGracePeriodSeconds: 30 restartPolicy: Always serviceAccountName: devtron + volumes: + - configMap: + name: devtron-cluster-components + name: devtron-cluster-components-vol {{- if and $.Values.global $.Values.global.podSecurityContext }} securityContext: {{- toYaml $.Values.global.podSecurityContext | nindent 8 }} @@ -155,6 +255,9 @@ spec: name: "devtron-custom-cm" - secretRef: name: "devtron-custom-secret" + volumeMounts: + - mountPath: /cluster/component + name: devtron-cluster-components-vol {{- if .resources }} resources: {{- toYaml .resources | nindent 12 }} diff --git a/charts/devtron/templates/gitsensor.yaml b/charts/devtron/templates/gitsensor.yaml index c0e2219366..8b547ac220 100644 --- a/charts/devtron/templates/gitsensor.yaml +++ b/charts/devtron/templates/gitsensor.yaml @@ -8,6 +8,7 @@ metadata: labels: app: git-sensor release: devtron +type: Opaque {{- if .secrets }} data: {{- range $k, $v := .secrets }} diff --git a/charts/devtron/templates/lens.yaml b/charts/devtron/templates/lens.yaml index 8b34f0534f..1641f88ab9 100644 --- a/charts/devtron/templates/lens.yaml +++ b/charts/devtron/templates/lens.yaml @@ -8,6 +8,7 @@ metadata: labels: app: lens release: devtron +type: Opaque {{- if .secrets }} data: {{- range $k, $v := .secrets }} diff --git a/charts/devtron/templates/workflow.yaml b/charts/devtron/templates/workflow.yaml index 35b9ddffe2..659fc6430f 100644 --- a/charts/devtron/templates/workflow.yaml +++ b/charts/devtron/templates/workflow.yaml @@ -20,6 +20,16 @@ metadata: --- apiVersion: v1 kind: Namespace +metadata: + name: devtron-demo + labels: + name: devtron + annotations: + "helm.sh/hook": pre-install + "helm.sh/resource-policy": keep +--- +apiVersion: v1 +kind: Namespace metadata: name: devtron-cd labels: @@ -919,6 +929,22 @@ metadata: name: argo namespace: argo --- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cd-runner + namespace: devtron-cd + labels: + release: devtron +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ci-runner + namespace: devtron-ci + labels: + release: devtron +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -1123,6 +1149,58 @@ rules: - delete --- apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: workflow-cluster-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: workflow-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: workflow-cluster-role +subjects: +- kind: ServiceAccount + name: ci-runner + namespace: devtron-ci +- kind: ServiceAccount + name: cd-runner + namespace: devtron-cd +- kind: ServiceAccount + name: devtron + namespace: devtroncd +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argo-binding diff --git a/charts/devtron/values.yaml b/charts/devtron/values.yaml index d40bfbcd2b..9716846d94 100644 --- a/charts/devtron/values.yaml +++ b/charts/devtron/values.yaml @@ -8,42 +8,37 @@ global: runAsUser: 1000 runAsNonRoot: true containerRegistry: "quay.io/devtron" - + installer: repo: "devtron-labs/devtron" - release: "v0.6.29" + release: "v0.7.0" registry: "" image: inception tag: 473deaa4-185-21582 source: "github" # Available options are github and gitee -# mode: "dashboard" # Available options are dashboard, full and hyperion (deprecated) NOT USING THIS modules: [] # Available options are cicd openshift: false # Set this to true if you are installing on openshift production_overrides: "" # Set true if you want to use this Devtron stack in Production (This will require more resources) - # Change the below values for full mode only #Use secrets in plaintext, they'll be encoded to base64 automatically. secrets: {} - # REQUIRED IF BLOB_STORAGE_PROVIDER=AZURE Token with read write access to AZURE_BLOB_CONTAINER_CI_LOG and AZURE_BLOB_CONTAINER_CI_CACHE # AZURE_ACCOUNT_KEY: "xxxxxxxxxx" configs: - BLOB_STORAGE_PROVIDER: "" #AZURE|S3|MINIO|GCP - ENABLE_LEGACY_API: "false" # Set to true if you are installing Devtron on a kubernetes version < k8s 1.19 -# Amazon AWS S3 bucket and region for storing Build-cache for faster build process. Mandatory if BLOB_STORAGE_PROVIDER is AWS. + BLOB_STORAGE_PROVIDER: "" #AZURE|S3|MINIO|GCP + # Amazon AWS S3 bucket and region for storing Build-cache for faster build process. Mandatory if BLOB_STORAGE_PROVIDER is AWS. #DEFAULT_CACHE_BUCKET: "change-me" #Do not include s3:// #DEFAULT_CACHE_BUCKET_REGION: "us-east-1" -# Amazon AWS S3 bucket and region for storing Build-logs. Mandatory if BLOB_STORAGE_PROVIDER is AWS. + # Amazon AWS S3 bucket and region for storing Build-logs. Mandatory if BLOB_STORAGE_PROVIDER is AWS. #DEFAULT_BUILD_LOGS_BUCKET: "change-me" #Do not include s3:// #DEFAULT_CD_LOGS_BUCKET_REGION: "us-east-1" -# Amazon AWS Secret Region if you will be using AWS Secret manager for storing secrets. + # Amazon AWS Secret Region if you will be using AWS Secret manager for storing secrets. #EXTERNAL_SECRET_AMAZON_REGION: "" -# Azure Blob storage Info for storing Build Logs and Build cache for faster build process. + # Azure Blob storage Info for storing Build Logs and Build cache for faster build process. #AZURE_ACCOUNT_NAME: "test-account" #AZURE_BLOB_CONTAINER_CI_LOG: "ci-log-container" #AZURE_BLOB_CONTAINER_CI_CACHE: "ci-cache-container" - # Change the below values for hyperion only mode (Refer https://docs.devtron.ai/#hyperion ) components: dashboard: @@ -66,13 +61,13 @@ components: SERVICE_WORKER_TIMEOUT: "1" API_BATCH_SIZE: "30" registry: "" - image: "dashboard:1c86e84e-325-22108" + image: "dashboard:87aaf7ac-690-23135" imagePullPolicy: IfNotPresent - + devtron: registry: "" - image: "hyperion:e7f34f5a-280-22107" - cicdImage: "devtron:e7f34f5a-434-22106" + image: "hyperion:3aa7e420-280-23147" + cicdImage: "devtron:3aa7e420-434-23146" imagePullPolicy: IfNotPresent customOverrides: {} serviceMonitor: @@ -89,28 +84,28 @@ components: className: nginx labels: {} annotations: {} - # kubernetes.io/tls-acme: "true" + # kubernetes.io/tls-acme: "true" pathType: ImplementationSpecific host: devtron.example.com tls: [] # - secretName: devtron-tls # hosts: # - devtron.example.com + ciRunner: registry: "" - image: "ci-runner:f5614d79-541-22176" - - + image: "ci-runner:6e721248-138-23081" + argocdDexServer: registry: "" image: "dex:v2.30.2" imagePullPolicy: IfNotPresent initContainer: authenticator: "authenticator:e414faff-393-13273" - + kubelink: registry: "" - image: "kubelink:2610ac5a-564-22109" + image: "kubelink:a810dbae-564-23055" imagePullPolicy: IfNotPresent configs: ENABLE_HELM_RELEASE_CACHE: "true" @@ -125,10 +120,10 @@ components: dbconfig: secretName: postgresql-postgresql keyName: postgresql-password - + kubewatch: registry: "" - image: "kubewatch:50d4d32d-419-22116" + image: "kubewatch:f8ac0fe6-419-23054" imagePullPolicy: IfNotPresent configs: devtroncd_NAMESPACE: "devtron-ci" @@ -136,7 +131,7 @@ components: ACD_NAMESPACE: "devtroncd" ACD_INFORMER: "true" NATS_STREAM_MAX_AGE: "10800" - + postgres: registry: "" image: "postgres:11.9.0-debian-10-r26" @@ -148,7 +143,7 @@ components: armImage: postgres_exporter:v0.10.1 persistence: volumeSize: "20Gi" - + gitsensor: registry: "" image: "git-sensor:8545feb5-200-22005" @@ -166,10 +161,10 @@ components: dbconfig: secretName: postgresql-postgresql keyName: postgresql-password -# Values for lens + # Values for lens lens: registry: "" - image: "lens:70577aaa-333-21179" + image: "lens:3d3e8f08-333-23057" imagePullPolicy: IfNotPresent secrets: {} resources: {} @@ -184,7 +179,7 @@ components: dbconfig: secretName: postgresql-postgresql keyName: postgresql-password -# Change below values for nats + # Change below values for nats nats: registry: "" image: nats:2.9.3-alpine @@ -200,6 +195,7 @@ components: enabled: false persistence: storage: 5Gi + migrator: registry: "" image: "migrator:v4.16.2" @@ -212,13 +208,12 @@ components: DB_NAME: "casbin" gitsensor: DB_NAME: "git_sensor" - lens: + lens: DB_NAME: "lens" - + chartSync: registry: "" - image: chart-sync:d0dcc590-373-21074 - + image: chart-sync:b67ab589-150-23082 # values for argocd integration argo-cd: enabled: false @@ -250,37 +245,37 @@ argo-cd: # -- define the application controller `--repo-server-timeout-seconds` repoServerTimeoutSeconds: "200" extraArgs: - - --kubectl-parallelism-limit - - "35" + - --kubectl-parallelism-limit + - "35" containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - - all + - all readOnlyRootFilesystem: true runAsNonRoot: true env: - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 # argocd-dex-server dex: enabled: false @@ -289,18 +284,18 @@ argo-cd: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 image: repository: public.ecr.aws/docker/library/redis tag: 7.0.5-alpine @@ -310,23 +305,23 @@ argo-cd: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - - all + - all readOnlyRootFilesystem: true runAsNonRoot: true # argocd-rbac-cm @@ -337,37 +332,37 @@ argo-cd: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 extraArgs: - - --repo-cache-expiration - - 24h - - --parallelismlimit - - "50" + - --repo-cache-expiration + - 24h + - --parallelismlimit + - "50" env: - - name: ARGOCD_RECONCILIATION_TIMEOUT - valueFrom: - configMapKeyRef: - key: timeout.reconciliation - name: argocd-cm - optional: true - - name: ARGOCD_EXEC_TIMEOUT - value: 180s + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_EXEC_TIMEOUT + value: 180s containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - - all + - all readOnlyRootFilesystem: true runAsNonRoot: true applicationSet: @@ -378,7 +373,7 @@ argo-cd: security: enabled: false imageScanner: - image: "image-scanner:c0416bc2-334-22111" + image: "image-scanner:3ab2ba46-141-23064" # Values for trivy trivy: enabled: false @@ -425,8 +420,6 @@ workflowController: executorImage: "argoexec:v3.4.3" IMDSv1Image: "workflow-controller:v3.0.7" IMDSv1ExecutorImage: "argoexec:v3.0.7" - - # Values for grafana integration monitoring: grafana: @@ -445,4 +438,4 @@ monitoring: imagePullPolicy: IfNotPresent resources: {} persistence: - storage: "2Gi" \ No newline at end of file + storage: "2Gi" diff --git a/manifests/install/devtron-installer.yaml b/manifests/install/devtron-installer.yaml index eeb3250ff5..101860fe73 100644 --- a/manifests/install/devtron-installer.yaml +++ b/manifests/install/devtron-installer.yaml @@ -4,4 +4,4 @@ metadata: name: installer-devtron namespace: devtroncd spec: - url: https://raw.githubusercontent.com/devtron-labs/devtron/v0.6.29/manifests/installation-script + url: https://raw.githubusercontent.com/devtron-labs/devtron/v0.7.0/manifests/installation-script diff --git a/manifests/installation-script b/manifests/installation-script index 9dec6a19a3..7f58fe744a 100644 --- a/manifests/installation-script +++ b/manifests/installation-script @@ -1,153 +1,4 @@ -LTAG="v0.6.29"; +LTAG="v0.7.0"; REPO_RAW_URL="https://raw.githubusercontent.com/devtron-labs/devtron/"; -operatorSecret = kubectl get secret -n devtroncd devtron-operator-secret; -operatorConfigMap = kubectl get cm -n devtroncd devtron-operator-cm; -postgresqlPassword = jsonSelect(operatorSecret, "data.POSTGRESQL_PASSWORD"); -webHookToken = jsonSelect(operatorSecret, "data.WEBHOOK_TOKEN"); -postgresSecret = kubectl get secret -n devtroncd postgresql-postgresql; -helmInstallation = jsonSelect(operatorConfigMap, "data.INSTALLATION_THROUGH_HELM"); - -baseURLScheme = jsonSelect(operatorConfigMap, "data.BASE_URL_SCHEME"); -baseURL = jsonSelect(operatorConfigMap, "data.BASE_URL"); -dexConfig = jsonSelect(operatorConfigMap, "data.DEX_CONFIG"); -prometheusUrl = jsonSelect(operatorConfigMap, "data.PROMETHEUS_URL"); - -passwordGen = `#!/bin/bash -openssl rand -base64 20 | base64 | tr -d ':\n' | tr -d '=' | base64 | tr -d ':\n'`; - -shebang = `#!/bin/bash -`; -sleep50 = shebang + ` -sleep 50`; - -base64EncoderPrefix = `#!/bin/bash -`; -base64EncoderSuffix = ` | base64 | tr -d ':\n'`; - -base64DecoderPrefix = `#!/bin/bash -`; -base64DecoderSuffix = ` | base64 -d | tr -d ':\n'`; - -existingPostgresSecret = jsonSelect(postgresSecret, "data.postgresql-password"); - -if existingPostgresSecret { - postgresqlPassword = existingPostgresSecret; -} - -log("postgres pwd"); -log(existingPostgresSecret); -log(existingPostgresSecretPlain); - -if !postgresqlPassword { - postgresqlPassword = shellScript passwordGen; -} -if !baseURL { - log("baseURL is mandatory"); -} - -if !defaultBuildLogsBucket { - defaultBuildLogsBucket = "devtron-ci-log" ; -} - -if !defaultCacheBucket { - defaultCacheBucket = "devtron-ci-cache" ; -} - -######Generating raw urls -argocdResource_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/argocd-resource.json"; -devtronHousekeeping_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/devtron-housekeeping.yaml"; -devtron_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/devtron.yaml"; -serviceAccount_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/serviceaccount.yaml"; -namespace_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/namespace.yaml"; - -######Downloading the manifests -argocdResource = download(argocdResource_raw); -devtronHousekeeping = download(devtronHousekeeping_raw); -devtron = download(devtron_raw); -serviceAccount = download(serviceAccount_raw); -namespace = download(namespace_raw); - -######Downloading the manifests - -devtronHousekeepingOverride = kubectl get cm -n devtroncd devtron-housekeeping-override-cm; -devtronOverride = kubectl get cm -n devtroncd devtron-override-cm; -serviceAccountOverride = kubectl get cm -n devtroncd devtron-service-account-override-cm; -namespaceOverride = kubectl get cm -n devtroncd namespace-override-cm; - -devtronOverride = jsonSelect(devtronOverride, "data.override"); -serviceAccountOverride = jsonSelect(serviceAccountOverride, "data.override"); -namespaceOverride = jsonSelect(namespaceOverride, "data.override"); - -namespaces = kubectl apply namespace; -log("created namespaces"); -sa = kubectl apply serviceAccount; -log("created service account"); - -pa = kubectl patch -n devtroncd cm/argocd-cm --type "application/json-patch+json" -p argocdResource; -log("executed argocd setup command"); - - -migDelete = kubectl delete -n devtroncd job devtron-housekeeping; -if !migDelete { - log("migration job deletion failed"); -} - -# devtron -hasDevtron = kubectl get deployment "devtron" -n devtroncd; -orchToken = shellScript passwordGen; -webHookToken = shellScript passwordGen; -dexSecret = shellScript passwordGen; -dexJwtKey = shellScript passwordGen; -dexCStoreKey = shellScript passwordGen; -externalCIAPISecret = shellScript passwordGen; - -kubeYamlEdit(devtron, "data.PG_PASSWORD", postgresqlPassword, `/Secret//devtron-secret`); - -if hasDevtron { - devtronSecret = kubectl get secret -n devtroncd devtron-secret; - texternalCIAPISecret = jsonSelect(devtronSecret, "data.EXTERNAL_CI_API_SECRET"); - twebHookToken = jsonSelect(devtronSecret, "data.WEBHOOK_TOKEN"); - torchToken = jsonSelect(devtronSecret, "data.ORCH_TOKEN"); - tdexSecret = jsonSelect(devtronSecret, "data.DEX_SECRET"); - tdexJwtKey = jsonSelect(devtronSecret, "data.DEX_JWTKEY"); - tdexCStoreKey = jsonSelect(devtronSecret, "data.DEX_CSTOREKEY"); -} - -if texternalCIAPISecret { - externalCIAPISecret = texternalCIAPISecret; -} -if twebHookToken { - webHookToken = twebHookToken; -} -if torchToken { - orchToken = torchToken; -} -if tdexSecret { - dexSecret = tdexSecret; -} -if tdexJwtKey { - dexJwtKey = tdexJwtKey; -} -if tdexCStoreKey { - dexCStoreKey = tdexCStoreKey; -} - - -kubeYamlEdit(devtron, "data.EXTERNAL_CI_API_SECRET", externalCIAPISecret, `/Secret//devtron-secret`); -kubeYamlEdit(devtron, "data.WEBHOOK_TOKEN", webHookToken, `/Secret//devtron-secret`); -kubeYamlEdit(devtron, "data.ORCH_TOKEN", orchToken, `/Secret//devtron-secret`); -kubeYamlEdit(devtron, "data.DEX_SECRET", dexSecret, `/Secret//devtron-secret`); -kubeYamlEdit(devtron, "data.DEX_JWTKEY", dexJwtKey, `/Secret//devtron-secret`); -kubeYamlEdit(devtron, "data.DEX_CSTOREKEY", dexCStoreKey, `/Secret//devtron-secret`); - -if helmInstallation { - kubeYamlDelete(devtron, filter=`/Service//devtron-service`); -} - -devtron = kubectl apply -n devtroncd devtron -u devtronOverride; -log("executed devtron setup"); - -## Applying Housekeeping Job -appHousekeeping = kubectl apply -n devtroncd devtronHousekeeping -u devtronHousekeepingOverride; -log("executed devtron-housekeeping setup"); +log("executed devtron setup installation"); diff --git a/manifests/release.txt b/manifests/release.txt index 37e928edeb..0dc10a4ee0 100644 --- a/manifests/release.txt +++ b/manifests/release.txt @@ -1 +1 @@ -stable -1 v0.6.29 +stable -1 v0.7.0 diff --git a/manifests/version.txt b/manifests/version.txt index 49d70ca7ec..8b20e48523 100644 --- a/manifests/version.txt +++ b/manifests/version.txt @@ -1 +1 @@ -v0.6.29 +v0.7.0 diff --git a/manifests/yamls/dashboard.yaml b/manifests/yamls/dashboard.yaml index c8ed7bf692..f8a467879f 100644 --- a/manifests/yamls/dashboard.yaml +++ b/manifests/yamls/dashboard.yaml @@ -235,7 +235,7 @@ spec: - name: envoy-config-volume mountPath: /etc/envoy-config/ - name: dashboard - image: "quay.io/devtron/dashboard:1c86e84e-325-22108" + image: "quay.io/devtron/dashboard:5ad103e8-690-23058" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/devtron.yaml b/manifests/yamls/devtron.yaml index 886419955c..591ff0e985 100644 --- a/manifests/yamls/devtron.yaml +++ b/manifests/yamls/devtron.yaml @@ -53,7 +53,7 @@ data: CD_NODE_TAINTS_VALUE: "ci" CD_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" DEFAULT_CD_NAMESPACE: "devtron-cd" - DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:3de666b1-138-22112" + DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:6e721248-138-23081" DEFAULT_CD_TIMEOUT: "3600" WF_CONTROLLER_INSTANCE_ID: "devtron-runner" CI_LOGS_KEY_PREFIX: "ci-artifacts" @@ -89,7 +89,7 @@ data: ENFORCER_CACHE: "true" ENFORCER_CACHE_EXPIRATION_IN_SEC: "345600" ENFORCER_MAX_BATCH_SIZE: "1" - APP_SYNC_IMAGE: "quay.io/devtron/chart-sync:d0dcc590-373-21074" + APP_SYNC_IMAGE: "quay.io/devtron/chart-sync:b67ab589-150-23082" DEVTRON_SECRET_NAME: "devtron-secret" GIT_SENSOR_PROTOCOL: GRPC GIT_SENSOR_URL: git-sensor-service.devtroncd:90 @@ -169,7 +169,7 @@ spec: runAsUser: 1000 containers: - name: devtron - image: "quay.io/devtron/devtron:e7f34f5a-434-22106" + image: "quay.io/devtron/devtron:b331bc91-434-23136" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/image-scanner.yaml b/manifests/yamls/image-scanner.yaml index a88293cebf..d5ed455678 100644 --- a/manifests/yamls/image-scanner.yaml +++ b/manifests/yamls/image-scanner.yaml @@ -73,7 +73,7 @@ spec: runAsUser: 1000 containers: - name: image-scanner - image: "quay.io/devtron/image-scanner:c0416bc2-334-22111" + image: "quay.io/devtron/image-scanner:3ab2ba46-141-23064" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/kubelink.yaml b/manifests/yamls/kubelink.yaml index edf05991ae..268e8732df 100644 --- a/manifests/yamls/kubelink.yaml +++ b/manifests/yamls/kubelink.yaml @@ -25,7 +25,7 @@ spec: runAsUser: 1000 containers: - name: kubelink - image: "quay.io/devtron/kubelink:2610ac5a-564-22109" + image: "quay.io/devtron/kubelink:a810dbae-564-23055" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/kubewatch.yaml b/manifests/yamls/kubewatch.yaml index 8dfdd28262..cd51ffc536 100644 --- a/manifests/yamls/kubewatch.yaml +++ b/manifests/yamls/kubewatch.yaml @@ -164,7 +164,7 @@ spec: runAsUser: 1000 containers: - name: kubewatch - image: "quay.io/devtron/kubewatch:50d4d32d-419-22116" + image: "quay.io/devtron/kubewatch:f8ac0fe6-419-23054" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/lens.yaml b/manifests/yamls/lens.yaml index 4b4adf4115..b28a09fdf9 100644 --- a/manifests/yamls/lens.yaml +++ b/manifests/yamls/lens.yaml @@ -71,7 +71,7 @@ spec: runAsUser: 1000 containers: - name: lens - image: "quay.io/devtron/lens:70577aaa-333-21179" + image: "quay.io/devtron/lens:3d3e8f08-333-23057" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/migrator.yaml b/manifests/yamls/migrator.yaml index 13d9d5efb4..614c6e632b 100644 --- a/manifests/yamls/migrator.yaml +++ b/manifests/yamls/migrator.yaml @@ -47,7 +47,7 @@ spec: - name: MIGRATE_TO_VERSION value: "0" - name: GIT_HASH - value: e7f34f5aec161b8ee94e9b30d64e7475f072ccb6 + value: 1e666e4747c25babd0d027f26844692fdeba5e61 envFrom: - secretRef: name: postgresql-migrator @@ -96,7 +96,7 @@ spec: - name: MIGRATE_TO_VERSION value: "0" - name: GIT_HASH - value: e7f34f5aec161b8ee94e9b30d64e7475f072ccb6 + value: 1e666e4747c25babd0d027f26844692fdeba5e61 - name: GIT_BRANCH value: main envFrom: diff --git a/manifests/yamls/notifier.yaml b/manifests/yamls/notifier.yaml index e423d6e375..3324036646 100644 --- a/manifests/yamls/notifier.yaml +++ b/manifests/yamls/notifier.yaml @@ -66,7 +66,7 @@ spec: restartPolicy: Always containers: - name: notifier - image: quay.io/devtron/notifier:924a17f6-372-22110 + image: quay.io/devtron/notifier:546aaf51-372-23056" imagePullPolicy: IfNotPresent ports: - name: app diff --git a/releasenotes.md b/releasenotes.md index 6c6ccd2e44..0d33664254 100644 --- a/releasenotes.md +++ b/releasenotes.md @@ -1,52 +1,104 @@ -## v0.6.29 + +> **= = = = = IMPORTANT = = = = =** +RUN THE FOLLOWING COMMANDS AS A PRE-REQUISITE BEFORE UPGRADE: +``` +export RELEASE_NAME=devtron +kubectl -n devtron-ci label sa --all "app.kubernetes.io/managed-by=Helm" --overwrite +kubectl -n devtron-ci annotate sa --all "meta.helm.sh/release-name=$RELEASE_NAME" "meta.helm.sh/release-namespace=devtroncd" --overwrite +kubectl -n devtron-cd label sa --all "app.kubernetes.io/managed-by=Helm" --overwrite +kubectl -n devtron-cd annotate sa --all "meta.helm.sh/release-name=$RELEASE_NAME" "meta.helm.sh/release-namespace=devtroncd" --overwrite +``` +> Ignore the message above if you are not using devtron with cicd mode +> Contact Devtron team on [DISCORD](https://discord.devtron.ai) if you have any concerns. + + +## v0.7.0 ## Bugs -- fix: removed unused dependency (#4916) -- fix: release not found alert (#4928) -- fix: link external helm app to chart store (#4919) -- fix: Corrected the error of fetching app name and pipeline name from CI_CD_EVENT (#4911) -- fix:job name support added in input variables (#4863) -- fix:duplicate workflow name fixed (#4841) -- fix: deprecate latest in app store app version (#4896) -- fix: rbac fix in case of project in upper case (#4840) -- fix: use join cookie logic to extract token (#4892) -- fix: chart sync job optimisation (#4631) -- fix: depandabot version upgrade (#4792) -- fix: injected app-serveice dependency into DeployedApplicationEventProcessor service (#4875) -- fix: update argo app repo url in patch (#4876) -- fix: removed code for gitops repo migration in devtron apps (#4838) -- fix: return nil,err on git material fetch error (#4857) -- fix: ns not found in case ips is being injected in cluster (in global config) (#4844) -- fix: helm deployments stucked in queued for devtron apps (#4842) -- fix: panic on re-trigger ci if pod deleted on BuildTriggerObject (#4826) -- fix: hide ldap creds in in get req (#4788) -- fix: 5xx 4.0 iter (#4620) -- fix: rolefilters correction with all applications and particular application selected. (#4820) -- fix: extra check added for mono-repo migraiton (#4764) -- fix: trim space from git repo Url on create and update material (#4787) +- fix: extra labels propagation made env driven (#5274) +- fix: App clone config map fix (#5268) +- fix: latest version in default cluster and on UI (#5259) +- fix: update CVE's severity and store multiple same CVE's in multiple packages (#5168) +- fix: fixing force push for gitops (#5152) +- fix: extra labels propagation based on k8s label regex matching (#5216) +- fix: invalid runner status (#5189) +- fix: revert changes from main (#5206) +- fix: apps and jobs permission (#5110) +- fix: added Copyright (#5172) +- fix:removed unused env var (#5174) +- fix: Handling all cases for 5xx (#5100) +- fix: trivy scan step command fix (#5162) +- fix: added extra args in trivy cmds (#5146) +- fix: proxyRouter empty data err panic handling (#5147) +- fix: handling side-effects for displaying external helm apps with same name across diff namespaces and clusters (#4951) +- fix: fatal log removed (#5043) +- fix: added a check for restricting managers to assign superadmin through permission groups (#5025) +- fix: SHOW_DOCKER_BUILD_ARGS variable not working as expected (#5117) +- fix: dependabot version upgrade (#5089) +- fix: containers are missing from app-details page in argocd app (#4973) +- fix:resolved PR review comments also remove check for virtual cluster (#5095) +- fix:handled namespace case if deleted by kubectl (#5081) +- fix: oci chart were getting deployed through gitops (#5088) +- fix: argocd config update fix (#5074) +- fix: handle 5xx in fetch resource tree api and cd-trigger (#5050) +- fix: gitops update updated (#5055) +- fix: App create api validations (#5019) +- fix: git material saved in transaction (#5040) +- fix: panic while pulling images (#5036) +- fix: terminal stuck in connecting state (#4989) +- fix: handle for wrong format of k8s version in semvercompare func in cronjob template charts (#5016) +- fix: Dockerfile ubuntu version (#5022) +- fix: application status changes to HIBERNATING, when hibernation fails due to some reason (#5005) +- fix: deleted api token can be reused if created again with same name (#4978) +- fix: Kubelink Requests getting Failed for gRPC method GetAppDetails (#5012) +- fix: terminate sync if in progress (#4946) +- fix: grpc error handling for TemplateChart req (#4980) +- fix: removed redundant import (#5004) +- fix: image promotion sql script (#4996) +- fix: image-approval-migartion fix (#4994) +- fix: ci-cd count per day in telemetry data (#4931) ## Enhancements -- perf: memory optimizations and prom metrics on terminal session exposed (#4909) -- feat: Added the Devtron CI Trigger Plugin (#4908) -- feat:MailMaster Plugin v1.0 (#4825) -- feat: Add support for git hash in the app and app group overview section _revised (#4836) -- feat:Github Pull Request Closer (#4833) -- feat: Added Apply job in k8s plugin (#4828) -- feat: Branch Divergence Checker Plugin (#4806) -- feat: added request method in audit logger (#4817) -- feat: active inactive user phase 3 (#4649) +- feat: notifier behind nats (#5185) +- feat: cd pipeline deployment history refactoring (#5200) +- feat: wire nil test in pre ci pipeline (#4858) +- feat: added recovery counter metrics (#5124) +- feat: auto remediation (#5137) +- feat: support for ca cert in trivy (#5064) +- feat: validation for pipeline Type (#4670) +- feat: propagate labels such as envName and projectName (#5063) +- feat: Plugin to trigger Devtron Job (#5053) +- feat: CD Trigger Plugin (#4810) +- feat: Introduction to feasibility in Deployment (#4862) ## Documentation -- doc: Added EnvVariablesFromFieldPath in Deployment Template (#4852) +- doc: Created Resource Watcher Doc (#5193) +- doc: Modified Portforward Section to Kubectl Section (#5236) +- doc: Added enhancements to security doc (#5203) +- docs: update readme to include multi arch flag (#4998) +- docs: config.md updatation for new flag (#5061) +- doc: Fixes in Documentation for May Month (#5150) +- doc: Created Resource Watcher Doc (#5193) +- doc: Modified Portforward Section to Kubectl Section (#5236) +- doc: Added enhancements to security doc (#5203) +- docs: update readme to include multi arch flag (#4998) +- docs: config.md updatation for new flag (#5061) +- doc: Added kubectl port-fwd section in RB (#5139) +- doc: Added Bitbucket Data Center in GitOps doc (#5075) +- doc: Image promotion policy (#4762) +- doc: Revamped Resource Browser Doc (#5035) +- doc: Added Bulk Restart in Application Groups doc (#5080) +- doc: Added new doc in the index (#5029) +- doc: Changes made in the doc according to the newer version (#5024) +- doc: Added Linked CI with Child Info + Runtime Build Parameters (#4991) ## Others -- chore: migration support for notification db changes (#4906) -- chore: App Store refactoring v4 (#4647) -- chore: Resource mapping refactoring (#4813) -- misc: Refactoring Pagerduty Issue Calculator script (#4856) -- misc: Update github_pagerduty_score_calculation.yml (#4853) -- misc: Update pager-duty.yaml (#4850) -- misc: Pagerduty issue template change (#4796) -- chore: Image scanning refactoring (#4802) -- chore: refactoring v4 (#4775) +- chore: updated vendor (#5166) +- chore: gitops validation in api (#5082) +- chore: release v2 migration (#5126) +- chore: migration update for remote connection config (#5113) +- chore: added sql for release and release channels (#4898) +- chore: resource scan migration (#4977) +- chore: image promotion migration (#4992) +- misc: uniform GitHub action (#5069)