feat: ServiceAccount Addition and Create ImagePullSecrets Function

charts/devtron/Chart.yaml

@@ -11,7 +11,7 @@ keywords:
   - argocd
   - Hyperion
 engine: gotpl
-version: 0.22.73
+version: 0.22.74
 sources:
   - https://github.com/devtron-labs/charts
 dependencies:

charts/devtron/devtron-bom.yaml

@@ -14,7 +14,7 @@ global:
   imagePullSecrets: []
 extraManifests: []
 installer:
-  release: "v0.7.1"
+  release: "v0.7.2"
   registry: ""
   image: "inception"
   tag: "473deaa4-185-21582"
@@ -200,3 +200,34 @@ monitoring:
       image: "k8s-sidecar:1.1.0"
       curlImage: "curl:7.73.0"
       imagePullPolicy: IfNotPresent
+
+devtronEnterprise:
+  enabled: false
+  casbin:
+    registry: ""
+    image: "casbin:8a0c2298-79f9a6ab-462-24808"
+    imagePullPolicy: IfNotPresent
+    configs:
+      PG_ADDR: postgresql-postgresql.devtroncd
+      PG_DATABASE: casbin
+      PG_PORT: "5432"
+      PG_USER: postgres       
+    dbconfig:
+      secretName: postgresql-postgresql
+      keyName: postgresql-password
+    resources:
+      limits:
+        cpu: 0.5m
+        memory: 500Mi
+      requests:
+        cpu: 0.5m
+        memory: 301Mi
+  scoop:
+    enabled: false
+    registry: ""
+    image: "scoop:296d351d-629-24001"
+    imagePullPolicy: IfNotPresent
+    resources: {}
+    configs:
+      CLUSTER_ID: "1"
+      ORCHESTRATOR_URL: http://devtron-service.devtroncd.svc.cluster.local/orchestrator

charts/devtron/templates/_helpers.tpl

@@ -19,13 +19,19 @@ it randomly.
 {{- end -}}
 {{- end }}
 
+{{- define "imagePullSecret" }}
+{{- with .Values.imagePullSecret.credentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
+
 {{/*
 Expand the node selectors, tolerations, and image pull secrets for a Kubernetes resource.
 Usage:
-{{ include "common.nodeSelector" (dict "nodeSelector" .Values.path.to.nodeSelector "tolerations" .Values.path.to.tolerations "imagePullSecrets" .Values.path.to.imagePullSecrets "global" .Values.global ) }}
+{{ include "common.schedulerConfig" (dict "nodeSelector" .Values.path.to.nodeSelector "tolerations" .Values.path.to.tolerations "imagePullSecrets" .Values.path.to.imagePullSecrets "global" .Values.global ) }}
 */}}
 
-{{- define "common.nodeSelector" -}}
+{{- define "common.schedulerConfig" -}}
   {{- if .nodeSelector }}
 nodeSelector:
 {{ toYaml .nodeSelector | indent 2 }}

charts/devtron/templates/app-sync-job.yaml

@@ -11,7 +11,7 @@ spec:
   template:
     spec:
       serviceAccountName: devtron
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 6 }}
       initContainers:
       - name: migration-wait
         image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }}
@@ -75,7 +75,8 @@ spec:
     spec:
       template:
         spec:
-          {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }}
+          serviceAccountName: chart-sync
+          {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }}
           {{- if and $.Values.global $.Values.global.podSecurityContext }}
           securityContext:
 {{- toYaml $.Values.global.podSecurityContext | nindent 12 }}

charts/devtron/templates/casbin.yaml

@@ -0,0 +1,128 @@
+{{- if and .Values.devtronEnterprise.enabled }}
+{{- with .Values.devtronEnterprise.casbin }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: casbin
+    release: devtron
+  name: casbin
+  namespace: devtroncd
+spec:
+  minReadySeconds: 60
+  replicas: 1
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: casbin
+      release: devtron
+  template:
+    metadata:
+      labels:
+        app: casbin
+        release: devtron
+    spec:
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.devtronEnterprise.scoop.nodeSelector "tolerations" $.Values.devtronEnterprise.scoop.tolerations "imagePullSecrets" $.Values.devtronEnterprise.scoop.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      containers:
+          name: casbin
+          image: {{ include "common.image" (dict "component" $.Values.devtronEnterprise.scoop "global" $.Values.global) }}
+          {{- if  .imagePullPolicy }}
+          imagePullPolicy: {{ .imagePullPolicy }}
+          {{- end }}
+          serviceAccountName: devtron-default-sa
+          env:
+            - name: DEVTRON_APP_NAME
+              value: casbin
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- if .dbconfig }}
+            - name: PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .dbconfig.secretName }}
+                  key: {{ .dbconfig.keyName }}
+            {{- end }}
+          envFrom:
+            - configMapRef:
+                name: casbin-cm
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+            - containerPort: 9000
+              name: app
+              protocol: TCP
+          {{- if .resources }}
+          resources:
+{{ toYaml .resources | indent 12 }}
+          {{- end }}
+          volumeMounts: []
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      volumes: []
+---
+# Casbin ConfigMap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: casbin-cm
+  namespace: devtroncd
+  labels:
+    app: casbin
+    release: devtron
+{{- if .configs }}
+data:
+{{ toYaml .configs | indent 2 }}
+{{- end }}
+---
+# Casbin Service 
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: casbin
+    release: devtron
+  name: casbin-service
+  namespace: devtroncd
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+    - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+    - name: app
+      port: 9000
+      protocol: TCP
+      targetPort: app
+  selector:
+    app: casbin
+    release: devtron
+  sessionAffinity: None
+  type: ClusterIP
+{{- end}}
+{{- end}}

charts/devtron/templates/configmap-secret.yaml

@@ -245,11 +245,11 @@ metadata:
     "helm.sh/resource-policy": keep
 data:
   PG_PASSWORD: {{ $postgresPwd }}
+  ORCH_TOKEN: {{ $ORCH_TOKEN }}
 {{- if $.Values.installer.modules }}
 {{- if has "cicd" $.Values.installer.modules }}
   EXTERNAL_CI_API_SECRET: {{ $EXTERNAL_CI_API_SECRET }}
   WEBHOOK_TOKEN: {{ $WEBHOOK_TOKEN }}
-  ORCH_TOKEN: {{ $ORCH_TOKEN }}
   DEX_SECRET: {{ $DEX_SECRET }}
   DEX_JWTKEY: {{ $DEX_JWTKEY }}
   DEX_CSTOREKEY: {{ $DEX_CSTOREKEY }}
@@ -289,3 +289,57 @@ data:
   {{- end }}
   {{- end }}
 type: Opaque
+
+{{- if $.Values.imagePullSecret }}
+{{- if $.Values.imagePullSecret.create }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: devtroncd
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+
+{{- if eq .Values.imagePullSecret.namespaceScope "all" }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: devtron-cd
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: devtron-ci
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: argo
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/devtron/templates/dashboard.yaml

@@ -77,7 +77,8 @@ spec:
       securityContext:
 {{- toYaml $.Values.global.podSecurityContext | nindent 8 }}
       {{- end }}
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.dashboard.nodeSelector "tolerations" $.Values.components.dashboard.tolerations "imagePullSecrets" $.Values.components.dashboard.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.dashboard.nodeSelector "tolerations" $.Values.components.dashboard.tolerations "imagePullSecrets" $.Values.components.dashboard.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      serviceAccountName: devtron-default-sa
       containers:
         - name: dashboard
           image: {{ include "common.image" (dict "component" $.Values.components.dashboard "global" $.Values.global) }}

charts/devtron/templates/devtron-scc.yaml

@@ -32,6 +32,8 @@ users:
 - system:serviceaccount:devtroncd:argocd-server
 - system:serviceaccount:devtron-ci:ci-runner
 - system:serviceaccount:devtron-cd:cd-runner
+- system:serviceaccount:devtroncd:chart-sync
+- system:serviceaccount:devtroncd:devtron-default-sa
 volumes:
 - '*'
 {{- end }}

charts/devtron/templates/devtron.yaml

@@ -201,7 +201,7 @@ spec:
         app: devtron
         release: devtron
     spec:
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.devtron.nodeSelector "tolerations" $.Values.components.devtron.tolerations "imagePullSecrets" $.Values.components.devtron.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.devtron.nodeSelector "tolerations" $.Values.components.devtron.tolerations "imagePullSecrets" $.Values.components.devtron.imagePullSecrets "global" $.Values.global) | indent 6 }}
       terminationGracePeriodSeconds: 30
       restartPolicy: Always
       serviceAccountName: devtron

charts/devtron/templates/dex.yaml

@@ -59,7 +59,7 @@ spec:
       labels:
         app.kubernetes.io/name: argocd-dex-server
     spec:
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.argocdDexServer.nodeSelector "tolerations" $.Values.components.argocdDexServer.tolerations "imagePullSecrets" $.Values.components.argocdDexServer.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.argocdDexServer.nodeSelector "tolerations" $.Values.components.argocdDexServer.tolerations "imagePullSecrets" $.Values.components.argocdDexServer.imagePullSecrets "global" $.Values.global) | indent 6 }}
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:

charts/devtron/templates/gitsensor.yaml

@@ -73,7 +73,8 @@ spec:
       securityContext:
         runAsGroup: 1000
         runAsUser: 1000
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.gitsensor.nodeSelector "tolerations" $.Values.components.gitsensor.tolerations "imagePullSecrets" $.Values.components.gitsensor.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      serviceAccountName: devtron-default-sa
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.gitsensor.nodeSelector "tolerations" $.Values.components.gitsensor.tolerations "imagePullSecrets" $.Values.components.gitsensor.imagePullSecrets "global" $.Values.global) | indent 6 }}
       initContainers:
         - command:
           - /bin/sh

charts/devtron/templates/grafana.yaml

@@ -14,7 +14,7 @@ metadata:
 spec:
   template:
     spec:
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }}
       serviceAccountName: devtron
       containers:
       - name: grafana-restart
@@ -511,7 +511,7 @@ spec:
         fsGroup: 472
         runAsGroup: 472
         runAsUser: 472
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }}
       initContainers:
         - name: init-chown-data
           image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.busyboxImage ) }}
@@ -660,7 +660,7 @@ metadata:
   namespace: devtroncd
 spec:
   serviceAccountName: devtron-grafana-test
-  {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 2 }}
+  {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 2 }}
   containers:
     - name: devtron-test
       image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.batsImage ) }}

charts/devtron/templates/install.yaml

@@ -80,6 +80,7 @@ spec:
       labels:
         app: inception
     spec:
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.installer.nodeSelector "tolerations" $.Values.installer.tolerations "imagePullSecrets" $.Values.installer.imagePullSecrets "global" $.Values.global) | indent 6 }}      
       {{- if and $.Values.global $.Values.global.podSecurityContext }}
       securityContext:
 {{- toYaml $.Values.global.podSecurityContext | nindent 8 }}

charts/devtron/templates/kubelink.yaml

@@ -57,7 +57,7 @@ spec:
       labels:
         app: kubelink
     spec:
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.kubelink.nodeSelector "tolerations" $.Values.components.kubelink.tolerations "imagePullSecrets" $.Values.components.kubelink.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.kubelink.nodeSelector "tolerations" $.Values.components.kubelink.tolerations "imagePullSecrets" $.Values.components.kubelink.imagePullSecrets "global" $.Values.global) | indent 6 }}
       terminationGracePeriodSeconds: 30
       restartPolicy: Always
       serviceAccount: devtron

charts/devtron/templates/kubewatch.yaml

@@ -167,7 +167,7 @@ spec:
         app: kubewatch
         release: devtron
     spec:
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.kubewatch.nodeSelector "tolerations" $.Values.components.kubewatch.tolerations "imagePullSecrets" $.Values.components.kubewatch.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.kubewatch.nodeSelector "tolerations" $.Values.components.kubewatch.tolerations "imagePullSecrets" $.Values.components.kubewatch.imagePullSecrets "global" $.Values.global) | indent 6 }}
       terminationGracePeriodSeconds: 30
       restartPolicy: Always
       serviceAccountName: kubewatch