From 792790fabf19d1517a4702f312de4554ff6ff55d Mon Sep 17 00:00:00 2001 From: oleksandr-codefresh Date: Wed, 12 Jun 2024 13:57:56 +0300 Subject: [PATCH 1/3] event-reporter / statefulset: added codefresh cert secret volumes --- .../templates/event-reporter/statefulset.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/charts/argo-cd/templates/event-reporter/statefulset.yaml b/charts/argo-cd/templates/event-reporter/statefulset.yaml index 811446c0..bccb86e7 100644 --- a/charts/argo-cd/templates/event-reporter/statefulset.yaml +++ b/charts/argo-cd/templates/event-reporter/statefulset.yaml @@ -101,6 +101,12 @@ spec: secretKeyRef: key: token name: codefresh-token + {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} + {{- $name := .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }} + {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} + - name: CODEFRESH_SSL_CERT_FILE + value: /app/config/codefresh-tls-certs/{{ $key }} + {{- end }} # todo: clean up - name: EVENT_REPORTER_INSECURE valueFrom: @@ -227,6 +233,11 @@ spec: {{- with .Values.eventReporter.volumeMounts }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef}} + - name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + {{- end }} - name: argocd-repo-server-tls mountPath: /app/config/server/tls - mountPath: /tmp @@ -265,6 +276,13 @@ spec: {{- with .Values.eventReporter.volumes }} {{- toYaml . | nindent 6 }} {{- end }} + {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} + - name: codefresh-tls-certs + secret: + secretName: {{ .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }} + defaultMode: 420 + optional: true + {{- end }} - emptyDir: { } name: plugins-home - emptyDir: { } From f0aa4c5bdea2654303c49c20e5c9065717ec4335 Mon Sep 17 00:00:00 2001 From: oleksandr-codefresh Date: Wed, 12 Jun 2024 18:15:46 +0300 Subject: [PATCH 2/3] event-reporter / statefulset: changed env CODEFRESH_SSL_CERT_PATH --- charts/argo-cd/templates/event-reporter/statefulset.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/templates/event-reporter/statefulset.yaml b/charts/argo-cd/templates/event-reporter/statefulset.yaml index bccb86e7..be921083 100644 --- a/charts/argo-cd/templates/event-reporter/statefulset.yaml +++ b/charts/argo-cd/templates/event-reporter/statefulset.yaml @@ -104,7 +104,7 @@ spec: {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} {{- $name := .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }} {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} - - name: CODEFRESH_SSL_CERT_FILE + - name: CODEFRESH_SSL_CERT_PATH value: /app/config/codefresh-tls-certs/{{ $key }} {{- end }} # todo: clean up @@ -224,7 +224,7 @@ spec: successThreshold: {{ .Values.eventReporter.readinessProbe.successThreshold }} failureThreshold: {{ .Values.eventReporter.readinessProbe.failureThreshold }} resources: - {{- toYaml .Values.eventReporter.resources | nindent 10 }} + {{- toYaml .Values.eventReporter.resources | nindent 12 }} {{- with .Values.eventReporter.containerSecurityContext }} securityContext: {{- toYaml . | nindent 10 }} From c082d70028aa4d0d99f5e562219f6c97e303172d Mon Sep 17 00:00:00 2001 From: Oleksandr Saulyak Date: Mon, 17 Jun 2024 16:44:51 +0300 Subject: [PATCH 3/3] feat: 2.10 with v2 event-reporter suuport of CA for codefresh --- charts/argo-cd/Chart.yaml | 8 +++----- charts/argo-cd/templates/event-reporter/statefulset.yaml | 1 - 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 129c1e20..05812d2b 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.10-2024.5.14-9315e75e1 +appVersion: v2.10-2024.6.17-77e06d0f6 kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 6.7.18-3-cap-2.10-2024.5.14-9315e75e1 +version: 6.7.18-4-cap-2.10-2024.6.17-77e06d0f6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -27,6 +27,4 @@ annotations: url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - kind: changed - description: Upgrade argo-cd to v2.10-2024.5.14-9315e75e1 - - kind: changed - description: Fix for security vulnerability GHSA-9766-5277-j5hr - Redis authentication + description: Upgrade argo-cd to v2.10-2024.6.17-77e06d0f6 diff --git a/charts/argo-cd/templates/event-reporter/statefulset.yaml b/charts/argo-cd/templates/event-reporter/statefulset.yaml index be921083..11bc9c01 100644 --- a/charts/argo-cd/templates/event-reporter/statefulset.yaml +++ b/charts/argo-cd/templates/event-reporter/statefulset.yaml @@ -102,7 +102,6 @@ spec: key: token name: codefresh-token {{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} - {{- $name := .Values.global.codefresh.tls.caCerts.secret.create | ternary "codefresh-tls-certs" .Values.global.codefresh.tls.caCerts.secretKeyRef.name }} {{- $key := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} - name: CODEFRESH_SSL_CERT_PATH value: /app/config/codefresh-tls-certs/{{ $key }}