devtron-labs · vikramdevtron · Mar 28, 2025 · Mar 24, 2025 · Mar 24, 2025 · Mar 24, 2025
@@ -0,0 +1,20 @@
+## v1.4.0
+
+## Enhancements
+- feat: Made ng labels env driven (#6438)
+- feat: Link helm release (#6454)
+- feat: access manager (#6377)
+- feat: migrate external argo cd application (#6303)
+- feat: Dark Mode v1 (#2348)
+- feat: Dark Mode v2 (#2367)
+- feat: Dark Mode v3 (#2484)
+## Bugs
+- fix: cluster update issue (#6465)
+- fix: in CreateGrafanaDataSource (#6463)
+- fix: onboard acd app (#6457)
+- fix: prom client in chart-sync (#6442)
+- fix: incorrect gitops metrics (#6444)
+- fix: envId check in EventBuilder.go (#6436)
+- fix: createDockerRepoIfNeeded error handling (#6433)
+
+
@@ -80,6 +80,9 @@ func GetTransformedDataForSecretRootJsonData(data string, mode util.SecretTransf
 	}
 
 	for _, configData := range secretsJson.ConfigSecretJson.Secrets {
+		if configData.Data == nil || configData.External {
+			continue
+		}
 		configData.Data, err = util.GetDecodedAndEncodedData(configData.Data, mode)
 		if err != nil {
 			return "", err

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: devtron-operator
-appVersion: 1.3.1
+appVersion: 1.4.0
 description: Chart to configure and install Devtron. Devtron is a Kubernetes Orchestration system.
 keywords:
   - Devtron
@@ -11,7 +11,7 @@ keywords:
   - argocd
   - Hyperion
 engine: gotpl
-version: 0.22.86
+version: 0.22.87
 sources:
   - https://github.com/devtron-labs/charts
 dependencies:

@@ -10,7 +10,7 @@ global:
   containerRegistry: "quay.io/devtron"
 extraManifests: []
 installer:
-  release: "v1.3.1"
+  release: "v1.4.0"
   registry: ""
   image: "inception"
   tag: "473deaa4-185-21582"
@@ -33,18 +33,27 @@ components:
         FEATURE_STEP_WISE_LOGS_ENABLE: "true"
         FEATURE_USER_DEFINED_GITOPS_REPO_ENABLE: "true"
         ENABLE_RESOURCE_SCAN: "true"
+        FEATURE_CODE_MIRROR_ENABLE: "false"
     registry: ""
-    image: "dashboard:1c40d516-690-30089"
+    image: "dashboard:a400ce3c-690-31030"
     imagePullPolicy: IfNotPresent
   devtron:
     registry: ""
-    image: "hyperion:e67c3b76-280-30100"
-    cicdImage: "devtron:e67c3b76-434-30101"
+    image: "hyperion:846c2d90-280-31082"
+    cicdImage: "devtron:846c2d90-434-31081"
     imagePullPolicy: IfNotPresent
     customOverrides: {}
+    podSecurityContext:
+      fsGroup: 1001
+      runAsGroup: 1001
+      runAsUser: 1001
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
+      runAsUser: 1001
   ciRunner:
     registry: ""
-    image: "ci-runner:0dde3b1a-138-30091"
+    image: "ci-runner:d79b15c6-138-31014"
   argocdDexServer:
     registry: ""
     image: "dex:v2.30.2"
@@ -53,7 +62,7 @@ components:
       authenticator: "authenticator:e414faff-393-13273"
   kubelink:
     registry: ""
-    image: "kubelink:0dde3b1a-564-30082"
+    image: "kubelink:ccd98a22-564-31008"
     imagePullPolicy: IfNotPresent
     configs:
       ENABLE_HELM_RELEASE_CACHE: "true"
@@ -69,9 +78,17 @@ components:
     dbconfig:
       secretName: postgresql-postgresql
       keyName: postgresql-password
+    podSecurityContext:
+      fsGroup: 1001
+      runAsGroup: 1001
+      runAsUser: 1001
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
+      runAsUser: 1001
   kubewatch:
     registry: ""
-    image: "kubewatch:0dde3b1a-419-30285"
+    image: "kubewatch:34abb17d-419-31007"
     imagePullPolicy: IfNotPresent
     configs:
       devtroncd_NAMESPACE: "devtron-ci"
@@ -85,6 +102,7 @@ components:
       PG_LOG_QUERY: "true"
       PG_PORT: "5432"
       PG_USER: postgres
+      CLUSTER_ARGO_CD_TYPE: "ALL_CLUSTER"
     dbconfig:
       secretName: postgresql-postgresql
       keyName: postgresql-password
@@ -99,7 +117,7 @@ components:
       armImage: postgres_exporter:v0.10.1
   gitsensor:
     registry: ""
-    image: "git-sensor:0dde3b1a-200-30085"
+    image: "git-sensor:2b4b8363-200-31009"
     imagePullPolicy: IfNotPresent
     serviceMonitor:
       enabled: false
@@ -117,7 +135,7 @@ components:
   # Values for lens
   lens:
     registry: ""
-    image: "lens:0dde3b1a-333-30090"
+    image: "lens:34abb17d-333-31011"
     imagePullPolicy: IfNotPresent
     configs:
       GIT_SENSOR_PROTOCOL: GRPC
@@ -151,6 +169,7 @@ components:
     image: "migrator:v4.16.2"
     kubectlImage: "kubectl:latest"
     duplicateChartImage: devtron-utils:dup-chart-repo-v1.1.0
+    entMigratorImage: "devtron-utils:geni-v1.1.4"
     envVars:
       devtron:
         DB_NAME: "orchestrator"
@@ -162,8 +181,16 @@ components:
         DB_NAME: "lens"
   chartSync:
     registry: ""
-    image: chart-sync:0dde3b1a-836-30095
+    image: chart-sync:34abb17d-836-31017
     schedule: "0 19 * * *"
+    podSecurityContext:
+      fsGroup: 1001
+      runAsGroup: 1001
+      runAsUser: 1001
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
+      runAsUser: 1001
     extraConfigs: {}
 # values for argocd integration
 argo-cd:
@@ -184,7 +211,7 @@ workflowController:
   IMDSv1ExecutorImage: "argoexec:v3.0.7"
 security:
   imageScanner:
-    image: "image-scanner:0dde3b1a-141-30093"
+    image: "image-scanner:34abb17d-141-31016"
     configs:
       TRIVY_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-db
       TRIVY_JAVA_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-java-db
@@ -194,7 +221,7 @@ security:
       tag: 4.3.6
 # Values for notifier integration
 notifier:
-  image: "notifier:5e9c010b-372-30094"
+  image: "notifier:c2173311-372-31015"
 minio:
   image: "minio:RELEASE.2021-02-14T04-01-33Z"
   mbImage: "minio-mc:RELEASE.2021-02-14T04-28-06Z"
@@ -217,7 +244,7 @@ devtronEnterprise:
   enabled: false
   casbin:
     registry: ""
-    image: "casbin:efc28fb2-6de0e914-462-25420"
+    image: "casbin:f6ff5f74-064b67e5-462-30822"
     imagePullPolicy: IfNotPresent
     configs:
       PG_ADDR: postgresql-postgresql.devtroncd
@@ -228,10 +255,18 @@ devtronEnterprise:
       secretName: postgresql-postgresql
       keyName: postgresql-password
     resources: {}
+    podSecurityContext:
+      fsGroup: 1001
+      runAsGroup: 1001
+      runAsUser: 1001
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      runAsNonRoot: true
+      runAsUser: 1001
   scoop:
     enabled: false
     registry: ""
-    image: "scoop:296d351d-629-24001"
+    image: "scoop:289d080a-629-30405"
     imagePullPolicy: IfNotPresent
     resources: {}
     configs:

@@ -96,3 +96,23 @@ If storageClass is defined in values.yaml under global.storageClass, use that.
 storageClassName: {{ $.Values.global.storageClass }}
 {{- end }}
 {{- end -}}
+
+{{- define "common.podSecurityContext" -}}
+  {{- if .podSecurityContext }}
+securityContext:
+{{ toYaml .podSecurityContext | indent 2 }}
+  {{- else if .global.podSecurityContext }}
+securityContext:
+{{ toYaml .global.podSecurityContext | indent 2 }}
+  {{- end }}
+{{- end }}
+
+{{- define "common.containerSecurityContext" -}}
+  {{- if .containerSecurityContext }}
+securityContext:
+{{ toYaml .containerSecurityContext | indent 2 }}
+  {{- else if .global.containerSecurityContext }}
+securityContext:
+{{ toYaml .global.containerSecurityContext | indent 2 }}
+  {{- end }}
+{{- end }}
@@ -26,17 +26,11 @@ spec:
         {{- end }}
         {{- end }}
         {{- end }}
-      {{- if and $.Values.global $.Values.global.podSecurityContext }}
-      securityContext:
-{{- toYaml $.Values.global.podSecurityContext | nindent 8 }}
-      {{- end }}
+      {{- include "common.podSecurityContext" (dict "podSecurityContext" $.Values.components.chartSync.podSecurityContext "global" $.Values.global) | indent 6 }}
       containers:
       - name: chart-sync
         image: {{ include "common.image" (dict "component" $.Values.components.chartSync "global" $.Values.global ) }}
-        {{- if and $.Values.global $.Values.global.containerSecurityContext }}
-        securityContext:
-{{- toYaml $.Values.global.containerSecurityContext | nindent 10 }}
-        {{- end }}
+        {{- include "common.containerSecurityContext" (dict "containerSecurityContext" $.Values.components.chartSync.containerSecurityContext "global" $.Values.global) | indent 8 }}
         env:
         - name: PG_ADDR
           value: postgresql-postgresql.devtroncd
@@ -80,17 +74,11 @@ spec:
           activeDeadlineSeconds: 15000
           serviceAccountName: chart-sync
           {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }}
-          {{- if and $.Values.global $.Values.global.podSecurityContext }}
-          securityContext:
-{{- toYaml $.Values.global.podSecurityContext | nindent 12 }}
-          {{- end }}
+          {{- include "common.podSecurityContext" (dict "podSecurityContext" $.Values.components.chartSync.podSecurityContext "global" $.Values.global) | indent 10 }}
           containers:
           - name: chart-sync
             image: {{ include "common.image" (dict "component" $.Values.components.chartSync "global" $.Values.global ) }}
-            {{- if and $.Values.global $.Values.global.containerSecurityContext }}
-            securityContext:
-{{- toYaml $.Values.global.containerSecurityContext | nindent 14 }}
-           {{- end }}
+            {{- include "common.containerSecurityContext" (dict "containerSecurityContext" $.Values.components.chartSync.containerSecurityContext "global" $.Values.global) | indent 12 }}
             env:
             - name: PG_ADDR
               value: postgresql-postgresql.devtroncd

@@ -31,6 +31,7 @@ spec:
           {{- if  .imagePullPolicy }}
           imagePullPolicy: {{ .imagePullPolicy }}
           {{- end }}
+          {{- include "common.containerSecurityContext" (dict "containerSecurityContext" $.Values.devtronEnterprise.casbin.containerSecurityContext "global" $.Values.global) | indent 10 }}
           env:
             - name: DEVTRON_APP_NAME
               value: casbin
@@ -124,4 +125,4 @@ spec:
     release: casbin
   type: ClusterIP
 {{- end}}
-{{- end}}
+{{- end}}
@@ -10,6 +10,9 @@ metadata:
   annotations:
     "helm.sh/resource-policy": keep
 data:
+  DEVTRON_HELM_RELEASE_NAME: {{ $.Release.Name }}
+  DEVTRON_HELM_RELEASE_NAMESPACE: {{ $.Release.Namespace }}
+  FEATURE_MIGRATE_ARGOCD_APPLICATION_ENABLE: "true"
   PG_USER: postgres
   PG_ADDR: postgresql-postgresql.devtroncd
   PG_PORT: "5432"
@@ -246,10 +249,7 @@ spec:
         - configMap:
             name: devtron-cluster-components
           name: devtron-cluster-components-vol
-      {{- if and $.Values.global $.Values.global.podSecurityContext }}
-      securityContext:
-{{- toYaml $.Values.global.podSecurityContext | nindent 8 }}
-      {{- end }}
+      {{- include "common.podSecurityContext" (dict "podSecurityContext" $.Values.components.devtron.podSecurityContext "global" $.Values.global) | indent 6 }}
       containers:
         - name: devtron
           {{- if $.Values.installer.modules }}
@@ -262,10 +262,7 @@ spec:
           image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global) }}
           {{- end }}
           imagePullPolicy: {{ .imagePullPolicy }}
-          {{- if and $.Values.global $.Values.global.containerSecurityContext }}
-          securityContext:
-{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }}
-          {{- end }}
+          {{- include "common.containerSecurityContext" (dict "containerSecurityContext" $.Values.components.devtron.containerSecurityContext "global" $.Values.global) | indent 10 }}
           lifecycle:
             preStop:
               exec:

@@ -61,18 +61,12 @@ spec:
       terminationGracePeriodSeconds: 30
       restartPolicy: Always
       serviceAccount: devtron
-      {{- if and $.Values.global $.Values.global.podSecurityContext }}
-      securityContext:
-{{- toYaml $.Values.global.podSecurityContext | nindent 8 }}
-      {{- end }}
+      {{- include "common.podSecurityContext" (dict "podSecurityContext" $.Values.components.kubelink.podSecurityContext "global" $.Values.global) | indent 6 }}
       containers:
         - name: kubelink
           image: {{ include "common.image" (dict "component" $.Values.components.kubelink "global" $.Values.global ) }}
           imagePullPolicy: {{ .imagePullPolicy }}
-          {{- if and $.Values.global $.Values.global.containerSecurityContext }}
-          securityContext:
-{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }}
-          {{- end }}
+          {{- include "common.containerSecurityContext" (dict "containerSecurityContext" $.Values.components.kubelink.containerSecurityContext "global" $.Values.global) | indent 10 }}
           ports:
             - name: app
               containerPort: 50051