diff --git a/CHANGELOG/release-notes-v1.3.0.md b/CHANGELOG/release-notes-v1.3.0.md new file mode 100644 index 0000000000..ebe2db1225 --- /dev/null +++ b/CHANGELOG/release-notes-v1.3.0.md @@ -0,0 +1,37 @@ +## v1.3.0 + +## Bugs +- fix: panic fixes (#6411) +- fix: auto pre-cd not getting triggered (if cd is manual) after webhook ci event is captured (#6407) +- fix: Base update (#6405) +- fix: devtron apps deployed via helm showing in helm apps list (#6397) +- fix: when a helm app is managed by argocd then skip argo app update when same name ext helm app is installed (#6389) +- fix: upgraded to go-git/v5 v5.13.0 (#6388) +- fix: fix for ci cd workflow fake success status and multiple post/pre cd success notifications (#6370) +- fix: fix for while cloning app or workflow when external secret is present in any pipeline then that pipeline is not cloned (#6368) +- fix: fix for while cloning app or workflow when external secret is present in any pipeline then that pipeline is not cloned (#6366) +- fix: buildx driver opt using k8s driver even if not enabled (#6349) +- fix: Auto trigger even if pre-cd fails (#6338) +- fix: role group listing fix (#6343) +- fix: sql injection fixes (#6334) +- fix: role group k8s permissions duplication (#6336) +## Enhancements +- feat: hibernate devtron app (#6356) +- feat: separate build worker status timeline (#6320) +- feat: send notification with chosen config (#6331) +- feat: sql script changes for operation audit (#6342) +## Documentation +- doc: updated devtron user list in users.md (#6363) +## Others +- misc: pipeline listing in app Group (#6410) +- misc: Notif back com (#6398) +- sync: Main sync develop (#6396) +- sync: vendor update on release 29 (#6395) +- sync: Release candidate v0.29.0 (#6394) +- sync: Main sync develop (#6375) +- misc: common-lib change (#6347) +- sync: Release candidate v0.28.0 (#6340) +- misc: Fix typo: Cronjob → CronJob (#6335) +- sync: Main sync develop (#6358) + + diff --git a/charts/devtron/Chart.yaml b/charts/devtron/Chart.yaml index 8deba3c33a..1d2cdb8e87 100644 --- a/charts/devtron/Chart.yaml +++ b/charts/devtron/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: devtron-operator -appVersion: 1.2.2 +appVersion: 1.3.0 description: Chart to configure and install Devtron. Devtron is a Kubernetes Orchestration system. keywords: - Devtron @@ -11,7 +11,7 @@ keywords: - argocd - Hyperion engine: gotpl -version: 0.22.82 +version: 0.22.83 sources: - https://github.com/devtron-labs/charts dependencies: diff --git a/charts/devtron/devtron-bom.yaml b/charts/devtron/devtron-bom.yaml index 364534e714..7520d67dc2 100644 --- a/charts/devtron/devtron-bom.yaml +++ b/charts/devtron/devtron-bom.yaml @@ -10,7 +10,7 @@ global: containerRegistry: "quay.io/devtron" extraManifests: [] installer: - release: "v1.2.2" + release: "v1.3.0" registry: "" image: "inception" tag: "473deaa4-185-21582" @@ -34,17 +34,17 @@ components: FEATURE_USER_DEFINED_GITOPS_REPO_ENABLE: "true" ENABLE_RESOURCE_SCAN: "true" registry: "" - image: "dashboard:4eb1a17a-690-28956" + image: "dashboard:1c40d516-690-30089" imagePullPolicy: IfNotPresent devtron: registry: "" - image: "hyperion:a9968961-280-29449" - cicdImage: "devtron:a9968961-434-29448" + image: "hyperion:e67c3b76-280-30100" + cicdImage: "devtron:e67c3b76-434-30101" imagePullPolicy: IfNotPresent customOverrides: {} ciRunner: registry: "" - image: "ci-runner:343b24f5-138-29387" + image: "ci-runner:0dde3b1a-138-30091" argocdDexServer: registry: "" image: "dex:v2.30.2" @@ -53,7 +53,7 @@ components: authenticator: "authenticator:e414faff-393-13273" kubelink: registry: "" - image: "kubelink:0a3d5e84-564-28948" + image: "kubelink:0dde3b1a-564-30082" imagePullPolicy: IfNotPresent configs: ENABLE_HELM_RELEASE_CACHE: "true" @@ -71,7 +71,7 @@ components: keyName: postgresql-password kubewatch: registry: "" - image: "kubewatch:0a3d5e84-419-28949" + image: "kubewatch:0dde3b1a-419-30080" imagePullPolicy: IfNotPresent configs: devtroncd_NAMESPACE: "devtron-ci" @@ -80,6 +80,14 @@ components: ACD_NAMESPACE: "devtroncd" ACD_INFORMER: "true" NATS_STREAM_MAX_AGE: "10800" + PG_ADDR: postgresql-postgresql.devtroncd + PG_DATABASE: orchestrator + PG_LOG_QUERY: "true" + PG_PORT: "5432" + PG_USER: postgres + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password postgres: registry: "" image: "postgres:11.9.0-debian-10-r26" @@ -91,7 +99,7 @@ components: armImage: postgres_exporter:v0.10.1 gitsensor: registry: "" - image: "git-sensor:0a3d5e84-200-28960" + image: "git-sensor:0dde3b1a-200-30085" imagePullPolicy: IfNotPresent serviceMonitor: enabled: false @@ -109,7 +117,7 @@ components: # Values for lens lens: registry: "" - image: "lens:0a3d5e84-333-28951" + image: "lens:0dde3b1a-333-30090" imagePullPolicy: IfNotPresent configs: GIT_SENSOR_PROTOCOL: GRPC @@ -154,7 +162,7 @@ components: DB_NAME: "lens" chartSync: registry: "" - image: chart-sync:0a3d5e84-836-28979 + image: chart-sync:0dde3b1a-836-30095 schedule: "0 19 * * *" extraConfigs: {} # values for argocd integration @@ -176,7 +184,7 @@ workflowController: IMDSv1ExecutorImage: "argoexec:v3.0.7" security: imageScanner: - image: "image-scanner:0a3d5e84-141-28953" + image: "image-scanner:0dde3b1a-141-30093" configs: TRIVY_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-db TRIVY_JAVA_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-java-db @@ -186,7 +194,7 @@ security: tag: 4.3.6 # Values for notifier integration notifier: - image: "notifier:9aa5e510-372-28961" + image: "notifier:5e9c010b-372-30094" minio: image: "minio:RELEASE.2021-02-14T04-01-33Z" mbImage: "minio-mc:RELEASE.2021-02-14T04-28-06Z" diff --git a/charts/devtron/templates/_helpers.tpl b/charts/devtron/templates/_helpers.tpl index 97f2766cc7..7ef828f737 100644 --- a/charts/devtron/templates/_helpers.tpl +++ b/charts/devtron/templates/_helpers.tpl @@ -10,7 +10,7 @@ it randomly. {{- define "getOrGeneratePass" }} {{- $len := (default 32 .Length) | int -}} {{- $obj := (lookup "v1" .Kind .Namespace .Name).data -}} -{{- if $obj }} +{{- if and ($obj) (index $obj .Key) }} {{- index $obj .Key -}} {{- else if (eq (lower .Kind) "secret") -}} {{- randAlphaNum $len | b64enc -}} @@ -85,4 +85,14 @@ Return full image {{- printf "%s" $imageName -}} {{- end }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Get the storage class name. +If storageClass is defined in values.yaml under global.storageClass, use that. +*/}} +{{- define "common.storageclass" -}} +{{- if $.Values.global.storageClass }} +storageClassName: {{ $.Values.global.storageClass }} +{{- end }} +{{- end -}} diff --git a/charts/devtron/templates/app-sync-job.yaml b/charts/devtron/templates/app-sync-job.yaml index 67b55e84cd..8c0bbcef48 100644 --- a/charts/devtron/templates/app-sync-job.yaml +++ b/charts/devtron/templates/app-sync-job.yaml @@ -47,6 +47,8 @@ spec: envFrom: - secretRef: name: devtron-secret + - configMapRef: + name: devtron-common-cm {{- if .Values.components.migrator }} {{- if .Values.components.migrator.appSync }} {{- if .Values.components.migrator.appSync.resources }} @@ -101,6 +103,8 @@ spec: name: devtron-secret - configMapRef: name: app-sync-cm + - configMapRef: + name: devtron-common-cm {{- if .Values.components.migrator }} {{- if .Values.components.migrator.appSync }} {{- if .Values.components.migrator.appSync.resources }} diff --git a/charts/devtron/templates/casbin.yaml b/charts/devtron/templates/casbin.yaml index 1a21f32143..adb73a905b 100644 --- a/charts/devtron/templates/casbin.yaml +++ b/charts/devtron/templates/casbin.yaml @@ -48,6 +48,8 @@ spec: envFrom: - configMapRef: name: casbin-cm + - configMapRef: + name: devtron-common-cm livenessProbe: failureThreshold: 3 httpGet: diff --git a/charts/devtron/templates/configmap-secret.yaml b/charts/devtron/templates/configmap-secret.yaml index 3b6127f3cc..62f7b3d568 100644 --- a/charts/devtron/templates/configmap-secret.yaml +++ b/charts/devtron/templates/configmap-secret.yaml @@ -2,7 +2,7 @@ {{- $minioAccessKey := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-minio" "Key" "accesskey") }} {{- $minioSecretKey := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-minio" "Key" "secretkey") }} {{- $EXTERNAL_CI_API_SECRET := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "EXTERNAL_CI_API_SECRET") }} -{{- $ORCH_TOKEN := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "ORCH_TOKEN") }} +{{- $ORCH_TOKEN := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-custom-secret" "Key" "ORCH_TOKEN") }} {{- $DEX_SECRET := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_SECRET") }} {{- $DEX_JWTKEY := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_JWTKEY") }} {{- $DEX_CSTOREKEY := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_CSTOREKEY") }} @@ -247,7 +247,6 @@ data: PG_PASSWORD: {{ $postgresPwd }} {{- if $.Values.installer.modules }} {{- if has "cicd" $.Values.installer.modules }} - ORCH_TOKEN: {{ $ORCH_TOKEN }} EXTERNAL_CI_API_SECRET: {{ $EXTERNAL_CI_API_SECRET }} WEBHOOK_TOKEN: {{ $WEBHOOK_TOKEN }} DEX_SECRET: {{ $DEX_SECRET }} @@ -266,6 +265,7 @@ metadata: annotations: "helm.sh/hook": pre-install, pre-upgrade data: + ORCH_TOKEN: {{ $ORCH_TOKEN }} {{- if $.Values.installer.modules }} {{- if has "cicd" $.Values.installer.modules }} {{- if and ($.Values.minio.enabled) (not $.Values.configs.BLOB_STORAGE_PROVIDER) }} @@ -289,6 +289,34 @@ data: {{- end }} {{- end }} type: Opaque +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: devtron-common-cm + namespace: devtroncd + labels: + release: devtron + annotations: + "helm.sh/resource-policy": keep +data: +{{- if $.Values.global.configs }} +{{- toYaml $.Values.global.configs | nindent 2 }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: devtron-common-cm + namespace: argo + labels: + release: devtron + annotations: + "helm.sh/resource-policy": keep +data: +{{- if $.Values.global.configs }} +{{- toYaml $.Values.global.configs | nindent 2 }} +{{- end }} {{- if $.Values.imagePullSecret }} {{- if $.Values.imagePullSecret.create }} diff --git a/charts/devtron/templates/dashboard.yaml b/charts/devtron/templates/dashboard.yaml index 8d978e8cac..c2c9961fb9 100644 --- a/charts/devtron/templates/dashboard.yaml +++ b/charts/devtron/templates/dashboard.yaml @@ -103,6 +103,8 @@ spec: name: dashboard-cm - secretRef: name: devtron-dashboard-secret + - configMapRef: + name: devtron-common-cm volumeMounts: [] {{- if .resources }} resources: diff --git a/charts/devtron/templates/devtron.yaml b/charts/devtron/templates/devtron.yaml index bf7a44d304..87568fadb2 100644 --- a/charts/devtron/templates/devtron.yaml +++ b/charts/devtron/templates/devtron.yaml @@ -287,13 +287,15 @@ spec: fieldPath: metadata.name envFrom: - configMapRef: - name: "devtron-cm" + name: devtron-cm - secretRef: - name: "devtron-secret" + name: devtron-secret - configMapRef: - name: "devtron-custom-cm" + name: devtron-custom-cm - secretRef: - name: "devtron-custom-secret" + name: devtron-custom-secret + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /cluster/component name: devtron-cluster-components-vol diff --git a/charts/devtron/templates/dex.yaml b/charts/devtron/templates/dex.yaml index a95c0379b7..685e6788b4 100644 --- a/charts/devtron/templates/dex.yaml +++ b/charts/devtron/templates/dex.yaml @@ -88,6 +88,9 @@ spec: - containerPort: 5556 - containerPort: 5557 - containerPort: 5558 + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /shared name: static-files @@ -108,6 +111,9 @@ spec: securityContext: {{- toYaml $.Values.global.containerSecurityContext | nindent 10 }} {{- end }} + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /shared name: static-files diff --git a/charts/devtron/templates/gitsensor.yaml b/charts/devtron/templates/gitsensor.yaml index 6248b7381b..eed39814f6 100644 --- a/charts/devtron/templates/gitsensor.yaml +++ b/charts/devtron/templates/gitsensor.yaml @@ -84,6 +84,9 @@ spec: imagePullPolicy: IfNotPresent name: chown-git-base resources: {} + envFrom: + - configMapRef: + name: devtron-common-cm securityContext: runAsUser: 0 terminationMessagePath: /dev/termination-log @@ -128,6 +131,8 @@ spec: name: git-sensor-secret - configMapRef: name: git-sensor-cm + - configMapRef: + name: devtron-common-cm {{- if .resources }} resources: {{- toYaml .resources | nindent 12 }} @@ -137,6 +142,7 @@ spec: name: git-volume spec: accessModes: [ "ReadWriteOnce" ] + {{- include "common.storageclass" $ | indent 8 }} resources: requests: storage: {{ .persistence.volumeSize }} diff --git a/charts/devtron/templates/grafana.yaml b/charts/devtron/templates/grafana.yaml index b07062fc2f..a849eb8e9c 100644 --- a/charts/devtron/templates/grafana.yaml +++ b/charts/devtron/templates/grafana.yaml @@ -21,6 +21,9 @@ spec: - name: grafana-restart image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }} command: ["sh", "/tmp/kubectl-grafana.sh"] + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - name: grafana-org-volume mountPath: "/tmp/" @@ -346,6 +349,7 @@ metadata: spec: accessModes: - "ReadWriteOnce" + {{- include "common.storageclass" $ | indent 2 }} resources: requests: storage: {{ $.Values.monitoring.grafana.persistence.storage }} @@ -521,6 +525,9 @@ spec: runAsNonRoot: false runAsUser: 0 command: ["chown", "-R", "472:472", "/var/lib/grafana"] + envFrom: + - configMapRef: + name: devtron-common-cm resources: {} volumeMounts: - name: storage @@ -532,6 +539,9 @@ spec: args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] resources: {} env: + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - name: config mountPath: "/etc/grafana/download_dashboards.sh" @@ -569,10 +579,16 @@ spec: value: "/tmp/dashboards" - name: RESOURCE value: "both" + envFrom: + - configMapRef: + name: devtron-common-cm {{- if .resources }} resources: {{ toYaml .resources | indent 12 }} {{- end }} + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - name: sc-dashboard-volume mountPath: "/tmp/dashboards" @@ -615,6 +631,9 @@ spec: secretKeyRef: name: devtron-grafana-cred-secret key: admin-password + envFrom: + - configMapRef: + name: devtron-common-cm {{- if .resources }} resources: {{ toYaml .resources | indent 12 }} diff --git a/charts/devtron/templates/install.yaml b/charts/devtron/templates/install.yaml index e3e6192910..eee44da372 100644 --- a/charts/devtron/templates/install.yaml +++ b/charts/devtron/templates/install.yaml @@ -98,6 +98,9 @@ spec: containerPort: 8080 name: app protocol: TCP + envFrom: + - configMapRef: + name: devtron-common-cm {{- if $.Values.installer.resources }} resources: {{- toYaml $.Values.installer.resources | nindent 12 }} diff --git a/charts/devtron/templates/kubelink.yaml b/charts/devtron/templates/kubelink.yaml index f4e93054f0..9e83079755 100644 --- a/charts/devtron/templates/kubelink.yaml +++ b/charts/devtron/templates/kubelink.yaml @@ -96,6 +96,8 @@ spec: name: kubelink-cm - secretRef: name: kubelink-secret + - configMapRef: + name: devtron-common-cm {{- if .resources }} resources: {{- toYaml .resources | nindent 12 }} diff --git a/charts/devtron/templates/kubewatch.yaml b/charts/devtron/templates/kubewatch.yaml index fa199caf3c..fc2d3646c2 100644 --- a/charts/devtron/templates/kubewatch.yaml +++ b/charts/devtron/templates/kubewatch.yaml @@ -193,7 +193,7 @@ spec: fieldRef: fieldPath: metadata.name {{- if .dbconfig }} - - name: DB_PWD + - name: PG_PASSWORD valueFrom: secretKeyRef: name: {{ .dbconfig.secretName }} @@ -204,6 +204,8 @@ spec: name: kubewatch-cm - secretRef: name: kubewatch-secret + - configMapRef: + name: devtron-common-cm volumeMounts: - name: kubewatch-resources-config mountPath: /root/.kubewatch.yaml diff --git a/charts/devtron/templates/lens.yaml b/charts/devtron/templates/lens.yaml index c3a87b3462..6b7afc7aee 100644 --- a/charts/devtron/templates/lens.yaml +++ b/charts/devtron/templates/lens.yaml @@ -107,6 +107,8 @@ spec: name: lens-cm - secretRef: name: lens-secret + - configMapRef: + name: devtron-common-cm {{- if .resources }} resources: {{- toYaml .resources | nindent 12 }} diff --git a/charts/devtron/templates/migrator.yaml b/charts/devtron/templates/migrator.yaml index 5e350121d8..19b3d273c9 100644 --- a/charts/devtron/templates/migrator.yaml +++ b/charts/devtron/templates/migrator.yaml @@ -35,6 +35,8 @@ spec: envFrom: - secretRef: name: devtron-secret + - configMapRef: + name: devtron-common-cm image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.duplicateChartImage ) }} {{- if and $.Values.global $.Values.global.containerSecurityContext }} securityContext: @@ -59,6 +61,9 @@ spec: {{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} {{- end }} name: init-devtron + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /shared name: shared-volume @@ -85,6 +90,8 @@ spec: envFrom: - secretRef: name: postgresql-migrator + - configMapRef: + name: devtron-common-cm {{- if .image }} image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} {{- else }} @@ -133,6 +140,9 @@ spec: - name: devtron-rollout image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }} command: ['sh', '-c', 'kubectl rollout restart deployment/devtron -n devtroncd && kubectl rollout restart deployment/kubelink -n devtroncd'] + envFrom: + - configMapRef: + name: devtron-common-cm {{- if .casbin }} {{- if .casbin.resources }} resources: @@ -158,6 +168,9 @@ spec: securityContext: {{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} {{- end }} + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /shared name: shared-volume @@ -183,6 +196,8 @@ spec: envFrom: - secretRef: name: postgresql-migrator + - configMapRef: + name: devtron-common-cm {{- if .image }} image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} {{- else }} @@ -239,6 +254,9 @@ spec: {{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} {{- end }} name: init-git-sensor + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /shared name: shared-volume @@ -265,6 +283,8 @@ spec: envFrom: - secretRef: name: postgresql-migrator + - configMapRef: + name: devtron-common-cm {{- if .image }} image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} {{- else }} @@ -319,6 +339,9 @@ spec: securityContext: {{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} {{- end }} + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /shared name: shared-volume @@ -350,6 +373,8 @@ spec: envFrom: - secretRef: name: postgresql-migrator + - configMapRef: + name: devtron-common-cm {{- if .image }} image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} {{- else }} @@ -408,6 +433,9 @@ spec: key: postgresql-password - name: PGHOST value: postgresql-postgresql + envFrom: + - configMapRef: + name: devtron-common-cm command: - /bin/sh - -c diff --git a/charts/devtron/templates/minio.yaml b/charts/devtron/templates/minio.yaml index 4d6dc0e640..c8a24d442a 100644 --- a/charts/devtron/templates/minio.yaml +++ b/charts/devtron/templates/minio.yaml @@ -294,6 +294,9 @@ spec: secretKeyRef: name: devtron-minio key: secretkey + envFrom: + - configMapRef: + name: devtron-common-cm resources: {} volumes: - name: minio-user @@ -304,6 +307,7 @@ spec: name: export spec: accessModes: [ "ReadWriteOnce" ] + {{- include "common.storageclass" $ | indent 8 }} resources: requests: storage: {{ $.Values.minio.persistence.storage }} @@ -350,6 +354,9 @@ spec: value: devtron-minio - name: MINIO_PORT value: "9000" + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - name: minio-configuration mountPath: /config @@ -410,6 +417,9 @@ spec: secretKeyRef: name: devtron-minio key: secretkey + envFrom: + - configMapRef: + name: devtron-common-cm volumes: - name: minio-user secret: diff --git a/charts/devtron/templates/nats-server.yaml b/charts/devtron/templates/nats-server.yaml index e6aa25f71e..7ec336cee7 100644 --- a/charts/devtron/templates/nats-server.yaml +++ b/charts/devtron/templates/nats-server.yaml @@ -162,6 +162,9 @@ spec: fieldPath: metadata.namespace - name: CLUSTER_ADVERTISE value: $(POD_NAME).devtron-nats.$(POD_NAMESPACE).svc.cluster.local + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - name: config-volume mountPath: /etc/nats-config @@ -216,6 +219,9 @@ spec: - "/var/run/nats/nats.pid" - "-config" - "/etc/nats-config/nats.conf" + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - name: config-volume mountPath: /etc/nats-config @@ -246,6 +252,9 @@ spec: ports: - containerPort: 7777 name: metrics + envFrom: + - configMapRef: + name: devtron-common-cm volumeClaimTemplates: @@ -253,6 +262,7 @@ spec: name: data spec: accessModes: [ "ReadWriteOnce" ] + {{- include "common.storageclass" $ | indent 6 }} resources: requests: storage: {{ .persistence.storage }} diff --git a/charts/devtron/templates/networkpolicies.yaml b/charts/devtron/templates/networkpolicies.yaml new file mode 100644 index 0000000000..1a262d8c9c --- /dev/null +++ b/charts/devtron/templates/networkpolicies.yaml @@ -0,0 +1,235 @@ +{{- if $.Values.global.networkpolices }} +{{- if $.Values.devtronEnterprise.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: casbin + name: netpol-devtron-casbin + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 8000 + - port: 9000 + podSelector: + matchLabels: + app: casbin +{{- end }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: postgresql + name: netpol-devtron-postgress + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 5432 + podSelector: + matchLabels: + app: postgresql + release: devtron +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: dashboard + name: netpol-devtron-dashboard + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 8080 + podSelector: + matchLabels: + app: dashboard +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: argocd-dex-server + name: netpol-devtron-argocddex + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 5556 + - port: 5557 + - port: 5558 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: kubelink + name: netpol-devtron-kubelink + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 50051 + - port: 50052 + podSelector: + matchLabels: + app: kubelink + +{{- if has "cicd" $.Values.installer.modules }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: lens + name: netpol-devtron-lens + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 8080 + podSelector: + matchLabels: + app: lens +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: git-sensor + name: netpol-devtron-gitsensor + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 8080 + - port: 8081 + podSelector: + matchLabels: + app: git-sensor +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: kubewatch + name: netpol-devtron-kubewatch + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 3000 + podSelector: + matchLabels: + app: kubewatch +--- +{{- if $.Values.monitoring.grafana.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: grafana + name: netpol-devtron-grafana + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: devtroncd + ports: + - port: 3000 + - port: 80 + podSelector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: devtron +{{- end }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app: nats + name: netpol-devtron-nats + namespace: devtroncd +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: name + operator: In + values: + - devtroncd + - devtron + ports: + - port: 4222 + - port: 7422 + - port: 7522 + - port: 6222 + - port: 8222 + podSelector: + matchLabels: + app.kubernetes.io/name: nats + app.kubernetes.io/instance: devtron-nats +{{- end }} +{{- end }} diff --git a/charts/devtron/templates/notifier.yaml b/charts/devtron/templates/notifier.yaml index 55116ed143..282e2c5266 100644 --- a/charts/devtron/templates/notifier.yaml +++ b/charts/devtron/templates/notifier.yaml @@ -110,6 +110,8 @@ spec: name: notifier-cm - secretRef: name: notifier-secret + - configMapRef: + name: devtron-common-cm volumeMounts: [] {{- if .resources }} resources: diff --git a/charts/devtron/templates/postgresql.yaml b/charts/devtron/templates/postgresql.yaml index 01e7e97486..2f82fdaab0 100644 --- a/charts/devtron/templates/postgresql.yaml +++ b/charts/devtron/templates/postgresql.yaml @@ -137,6 +137,9 @@ spec: {{- toYaml .initContainer.resources | nindent 12 }} {{- end }} {{- end }} + envFrom: + - configMapRef: + name: devtron-common-cm securityContext: runAsUser: 0 volumeMounts: @@ -173,6 +176,9 @@ spec: value: "no" - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES value: pgaudit, uuid-ossp + envFrom: + - configMapRef: + name: devtron-common-cm {{- if .resources }} resources: {{- toYaml .resources | nindent 12 }} @@ -226,6 +232,9 @@ spec: key: postgresql-password - name: DATA_SOURCE_USER value: postgres + envFrom: + - configMapRef: + name: devtron-common-cm {{- if .postgresExporter }} {{- if .postgresExporter.resources }} resources: @@ -268,6 +277,7 @@ spec: spec: accessModes: - "ReadWriteOnce" + {{- include "common.storageclass" $ | indent 8 }} resources: requests: storage: {{ .persistence.volumeSize }} @@ -465,6 +475,9 @@ spec: {{- toYaml .initContainer.resources | nindent 12 }} {{- end }} {{- end }} + envFrom: + - configMapRef: + name: devtron-common-cm volumeMounts: - mountPath: /customscripts name: customscripts-volume @@ -505,6 +518,8 @@ spec: envFrom: - secretRef: name: postgresql-postgresql + - configMapRef: + name: devtron-common-cm startupProbe: exec: command: @@ -560,6 +575,9 @@ spec: secretKeyRef: name: postgresql-postgresql key: postgresql-password + envFrom: + - configMapRef: + name: devtron-common-cm - name: DATA_SOURCE_USER value: postgres {{- if .postgresExporter }} @@ -613,6 +631,7 @@ spec: spec: accessModes: - ReadWriteOnce + {{- include "common.storageclass" $ | indent 8 }} resources: requests: storage: {{ .persistence.volumeSize }} diff --git a/charts/devtron/templates/scoop.yaml b/charts/devtron/templates/scoop.yaml index 53a7587db1..ec7fbe3b0e 100644 --- a/charts/devtron/templates/scoop.yaml +++ b/charts/devtron/templates/scoop.yaml @@ -57,6 +57,8 @@ spec: envFrom: - configMapRef: name: scoop-cm + - configMapRef: + name: devtron-common-cm ports: - containerPort: 8080 name: app diff --git a/charts/devtron/templates/workflow.yaml b/charts/devtron/templates/workflow.yaml index e20c28be17..38a299546e 100644 --- a/charts/devtron/templates/workflow.yaml +++ b/charts/devtron/templates/workflow.yaml @@ -1306,6 +1306,9 @@ spec: {{- end }} command: - workflow-controller + envFrom: + - configMapRef: + name: devtron-common-cm env: - name: LEADER_ELECTION_IDENTITY valueFrom: diff --git a/charts/devtron/values.yaml b/charts/devtron/values.yaml index 447466fe16..9ec74ad409 100644 --- a/charts/devtron/values.yaml +++ b/charts/devtron/values.yaml @@ -18,13 +18,20 @@ global: # effect: "NoSchedule" # imagePullSecrets: # - name: your-image-pull-secret + + # Set the storage class to be used for PVCs (would use default sc if not specified) + storageClass: "" + + # Add Proxy Configs to be propagated to all the Devtron Microservices. + configs: {} + nodeSelector: {} tolerations: [] imagePullSecrets: [] extraManifests: [] installer: repo: "devtron-labs/devtron" - release: "v1.2.2" + release: "v1.3.0" registry: "" image: inception tag: 473deaa4-185-21582 @@ -77,12 +84,12 @@ components: FEATURE_USER_DEFINED_GITOPS_REPO_ENABLE: "true" ENABLE_RESOURCE_SCAN: "true" registry: "" - image: "dashboard:4eb1a17a-690-28956" + image: "dashboard:1c40d516-690-30089" imagePullPolicy: IfNotPresent devtron: registry: "" - image: "hyperion:a9968961-280-29449" - cicdImage: "devtron:a9968961-434-29448" + image: "hyperion:e67c3b76-280-30100" + cicdImage: "devtron:e67c3b76-434-30101" imagePullPolicy: IfNotPresent customOverrides: {} serviceMonitor: @@ -108,7 +115,7 @@ components: # - devtron.example.com ciRunner: registry: "" - image: "ci-runner:343b24f5-138-29387" + image: "ci-runner:0dde3b1a-138-30091" argocdDexServer: registry: "" image: "dex:v2.30.2" @@ -117,7 +124,7 @@ components: authenticator: "authenticator:e414faff-393-13273" kubelink: registry: "" - image: "kubelink:0a3d5e84-564-28948" + image: "kubelink:0dde3b1a-564-30082" imagePullPolicy: IfNotPresent configs: ENABLE_HELM_RELEASE_CACHE: "true" @@ -135,7 +142,7 @@ components: keyName: postgresql-password kubewatch: registry: "" - image: "kubewatch:0a3d5e84-419-28949" + image: "kubewatch:0dde3b1a-419-30080" imagePullPolicy: IfNotPresent configs: devtroncd_NAMESPACE: "devtron-ci" @@ -144,6 +151,14 @@ components: ACD_NAMESPACE: "devtroncd" ACD_INFORMER: "true" NATS_STREAM_MAX_AGE: "10800" + PG_ADDR: postgresql-postgresql.devtroncd + PG_DATABASE: orchestrator + PG_LOG_QUERY: "true" + PG_PORT: "5432" + PG_USER: postgres + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password postgres: registry: "" image: "postgres:11.9.0-debian-10-r26" @@ -157,7 +172,7 @@ components: volumeSize: "20Gi" gitsensor: registry: "" - image: "git-sensor:0a3d5e84-200-28960" + image: "git-sensor:0dde3b1a-200-30085" imagePullPolicy: IfNotPresent serviceMonitor: enabled: false @@ -175,7 +190,7 @@ components: # Values for lens lens: registry: "" - image: "lens:0a3d5e84-333-28951" + image: "lens:0dde3b1a-333-30090" imagePullPolicy: IfNotPresent secrets: {} resources: {} @@ -222,7 +237,7 @@ components: DB_NAME: "lens" chartSync: registry: "" - image: chart-sync:0a3d5e84-836-28979 + image: chart-sync:0dde3b1a-836-30095 schedule: "0 19 * * *" extraConfigs: {} # values for argocd integration @@ -368,7 +383,7 @@ argo-cd: security: enabled: false imageScanner: - image: "image-scanner:0a3d5e84-141-28953" + image: "image-scanner:0dde3b1a-141-30093" configs: TRIVY_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-db TRIVY_JAVA_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-java-db @@ -386,7 +401,7 @@ security: notifier: enabled: false imagePullPolicy: IfNotPresent - image: "notifier:9aa5e510-372-28961" + image: "notifier:5e9c010b-372-30094" configs: CD_ENVIRONMENT: PROD DB: orchestrator diff --git a/manifests/install/devtron-installer.yaml b/manifests/install/devtron-installer.yaml index a9fde68b76..ffc07d0b73 100644 --- a/manifests/install/devtron-installer.yaml +++ b/manifests/install/devtron-installer.yaml @@ -4,4 +4,4 @@ metadata: name: installer-devtron namespace: devtroncd spec: - url: https://raw.githubusercontent.com/devtron-labs/devtron/v1.2.2/manifests/installation-script + url: https://raw.githubusercontent.com/devtron-labs/devtron/v1.3.0/manifests/installation-script diff --git a/manifests/installation-script b/manifests/installation-script index 450b001610..4123c16d21 100644 --- a/manifests/installation-script +++ b/manifests/installation-script @@ -1,4 +1,4 @@ -LTAG="v1.2.2"; +LTAG="v1.3.0"; REPO_RAW_URL="https://raw.githubusercontent.com/devtron-labs/devtron/"; log("executed devtron setup installation"); diff --git a/manifests/release.txt b/manifests/release.txt index 0a456fa5ca..94c5812989 100644 --- a/manifests/release.txt +++ b/manifests/release.txt @@ -1 +1 @@ -stable -1 v1.2.2 +stable -1 v1.3.0 diff --git a/manifests/version.txt b/manifests/version.txt index cc904638af..18fa8e74f9 100644 --- a/manifests/version.txt +++ b/manifests/version.txt @@ -1 +1 @@ -v1.2.2 +v1.3.0 diff --git a/manifests/yamls/dashboard.yaml b/manifests/yamls/dashboard.yaml index ab2f5cd98e..014ca8ffb5 100644 --- a/manifests/yamls/dashboard.yaml +++ b/manifests/yamls/dashboard.yaml @@ -235,7 +235,7 @@ spec: - name: envoy-config-volume mountPath: /etc/envoy-config/ - name: dashboard - image: "quay.io/devtron/dashboard:4eb1a17a-690-28956" + image: "quay.io/devtron/dashboard:1c40d516-690-30089" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/devtron.yaml b/manifests/yamls/devtron.yaml index c655421e97..fde34332d2 100644 --- a/manifests/yamls/devtron.yaml +++ b/manifests/yamls/devtron.yaml @@ -53,7 +53,7 @@ data: CD_NODE_TAINTS_VALUE: "ci" CD_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" DEFAULT_CD_NAMESPACE: "devtron-cd" - DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:343b24f5-138-29387" + DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:0dde3b1a-138-30091" DEFAULT_CD_TIMEOUT: "3600" WF_CONTROLLER_INSTANCE_ID: "devtron-runner" CI_LOGS_KEY_PREFIX: "ci-artifacts" @@ -89,7 +89,7 @@ data: ENFORCER_CACHE: "true" ENFORCER_CACHE_EXPIRATION_IN_SEC: "345600" ENFORCER_MAX_BATCH_SIZE: "1" - APP_SYNC_IMAGE: "quay.io/devtron/chart-sync:0a3d5e84-836-28979" + APP_SYNC_IMAGE: "quay.io/devtron/chart-sync:0dde3b1a-836-30095" DEVTRON_SECRET_NAME: "devtron-secret" GIT_SENSOR_PROTOCOL: GRPC GIT_SENSOR_URL: git-sensor-service.devtroncd:90 @@ -169,7 +169,7 @@ spec: runAsUser: 1000 containers: - name: devtron - image: "quay.io/devtron/devtron:a9968961-434-29448" + image: "quay.io/devtron/devtron:e67c3b76-434-30101" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/gitsensor.yaml b/manifests/yamls/gitsensor.yaml index b7f421a068..aaa689ad5d 100644 --- a/manifests/yamls/gitsensor.yaml +++ b/manifests/yamls/gitsensor.yaml @@ -67,7 +67,7 @@ spec: - /bin/sh - -c - mkdir -p /git-base/ssh-keys && chown -R devtron:devtron /git-base && chmod 777 /git-base/ssh-keys - image: "quay.io/devtron/git-sensor:0a3d5e84-200-28960" + image: "quay.io/devtron/git-sensor:0dde3b1a-200-30085" imagePullPolicy: IfNotPresent name: chown-git-base resources: {} @@ -80,7 +80,7 @@ spec: name: git-volume containers: - name: git-sensor - image: "quay.io/devtron/git-sensor:0a3d5e84-200-28960" + image: "quay.io/devtron/git-sensor:0dde3b1a-200-30085" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/image-scanner.yaml b/manifests/yamls/image-scanner.yaml index 812a9ce7b4..9c271b5c22 100644 --- a/manifests/yamls/image-scanner.yaml +++ b/manifests/yamls/image-scanner.yaml @@ -73,7 +73,7 @@ spec: runAsUser: 1000 containers: - name: image-scanner - image: "quay.io/devtron/image-scanner:0a3d5e84-141-28953" + image: "quay.io/devtron/image-scanner:0dde3b1a-141-30093" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/kubelink.yaml b/manifests/yamls/kubelink.yaml index 2322ebd13e..d2a5c4f2b8 100644 --- a/manifests/yamls/kubelink.yaml +++ b/manifests/yamls/kubelink.yaml @@ -25,7 +25,7 @@ spec: runAsUser: 1000 containers: - name: kubelink - image: "quay.io/devtron/kubelink:0a3d5e84-564-28948" + image: "quay.io/devtron/kubelink:0dde3b1a-564-30082" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/kubewatch.yaml b/manifests/yamls/kubewatch.yaml index ba56d645ad..17ae6a5f09 100644 --- a/manifests/yamls/kubewatch.yaml +++ b/manifests/yamls/kubewatch.yaml @@ -164,7 +164,7 @@ spec: runAsUser: 1000 containers: - name: kubewatch - image: "quay.io/devtron/kubewatch:0a3d5e84-419-28949" + image: "quay.io/devtron/kubewatch:0dde3b1a-419-30080" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/lens.yaml b/manifests/yamls/lens.yaml index 7c24573643..3aef222718 100644 --- a/manifests/yamls/lens.yaml +++ b/manifests/yamls/lens.yaml @@ -71,7 +71,7 @@ spec: runAsUser: 1000 containers: - name: lens - image: "quay.io/devtron/lens:0a3d5e84-333-28951" + image: "quay.io/devtron/lens:0dde3b1a-333-30090" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/notifier.yaml b/manifests/yamls/notifier.yaml index 51f28d882c..0f177a030e 100644 --- a/manifests/yamls/notifier.yaml +++ b/manifests/yamls/notifier.yaml @@ -66,7 +66,7 @@ spec: restartPolicy: Always containers: - name: notifier - image: quay.io/devtron/notifier:9aa5e510-372-28961" + image: quay.io/devtron/notifier:5e9c010b-372-30094" imagePullPolicy: IfNotPresent ports: - name: app diff --git a/releasenotes.md b/releasenotes.md index 0b9d51b6f7..ebe2db1225 100644 --- a/releasenotes.md +++ b/releasenotes.md @@ -1,6 +1,37 @@ -## v1.2.2 +## v1.3.0 ## Bugs -- fix: Failure to trigger cd set on auto after pre-cd is success which is also on auto which got triggered after ci (#6361) +- fix: panic fixes (#6411) +- fix: auto pre-cd not getting triggered (if cd is manual) after webhook ci event is captured (#6407) +- fix: Base update (#6405) +- fix: devtron apps deployed via helm showing in helm apps list (#6397) +- fix: when a helm app is managed by argocd then skip argo app update when same name ext helm app is installed (#6389) +- fix: upgraded to go-git/v5 v5.13.0 (#6388) +- fix: fix for ci cd workflow fake success status and multiple post/pre cd success notifications (#6370) +- fix: fix for while cloning app or workflow when external secret is present in any pipeline then that pipeline is not cloned (#6368) +- fix: fix for while cloning app or workflow when external secret is present in any pipeline then that pipeline is not cloned (#6366) +- fix: buildx driver opt using k8s driver even if not enabled (#6349) +- fix: Auto trigger even if pre-cd fails (#6338) +- fix: role group listing fix (#6343) +- fix: sql injection fixes (#6334) +- fix: role group k8s permissions duplication (#6336) +## Enhancements +- feat: hibernate devtron app (#6356) +- feat: separate build worker status timeline (#6320) +- feat: send notification with chosen config (#6331) +- feat: sql script changes for operation audit (#6342) +## Documentation +- doc: updated devtron user list in users.md (#6363) +## Others +- misc: pipeline listing in app Group (#6410) +- misc: Notif back com (#6398) +- sync: Main sync develop (#6396) +- sync: vendor update on release 29 (#6395) +- sync: Release candidate v0.29.0 (#6394) +- sync: Main sync develop (#6375) +- misc: common-lib change (#6347) +- sync: Release candidate v0.28.0 (#6340) +- misc: Fix typo: Cronjob → CronJob (#6335) +- sync: Main sync develop (#6358)