From e218ccf3ded2e09c77dfd774f8c76b1882787ee7 Mon Sep 17 00:00:00 2001 From: andrii-codefresh Date: Wed, 14 May 2025 12:45:17 +0300 Subject: [PATCH 1/3] Revert "feat: limits enforcement in runtime installation (#457)" This reverts commit c26b05c9 --- .../templates/hooks/pre-install/rbac.yaml | 45 -------------- .../hooks/pre-install/validate-usage.yaml | 59 ------------------- charts/gitops-runtime/values.yaml | 2 - installer-image/Dockerfile | 2 +- 4 files changed, 1 insertion(+), 107 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml index 60250770..48f6eb77 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml @@ -41,48 +41,3 @@ metadata: helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed helm.sh/hook-weight: "-10" {{- end }} - -{{- if not .Values.installer.skipUsageValidation }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: validate-usage-cr - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: validate-usage-crb - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: validate-usage-cr -subjects: - - kind: ServiceAccount - name: validate-usage-sa - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: validate-usage-sa - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -{{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml index d36ca73c..e69de29b 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml @@ -1,59 +0,0 @@ -{{- if not .Values.installer.skipUsageValidation }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: validate-usage-config - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed - helm.sh/hook-weight: "5" -data: - values.yaml: | -{{ .Values | toYaml | indent 4 }} - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: validate-usage - annotations: - helm.sh/hook: pre-install - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation - helm.sh/hook-weight: "10" -spec: - backoffLimit: 0 - ttlSecondsAfterFinished: 300 - template: - spec: - serviceAccountName: validate-usage-sa - restartPolicy: Never - containers: - - name: validate-usage - image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" - imagePullPolicy: {{ .Values.installer.image.pullPolicy }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - command: ["sh", "-c"] - args: - - | - cf account validate-usage --fail-condition=reached --subject=clusters --values /job_tmp/values.yaml --namespace ${NAMESPACE} --hook --log-level debug - volumeMounts: - - name: validate-usage-volume - mountPath: "/job_tmp" - volumes: - - name: validate-usage-volume - configMap: - name: validate-usage-config - {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.installer.tolerations | default .Values.global.tolerations}} - tolerations: {{ toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.installer.affinity }} - affinity: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 9e71e3b4..60b98bc4 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -186,8 +186,6 @@ global: installer: # -- if set to true, pre-install hook will *not* run skipValidation: false - # -- if set to true, pre-install hook will *not* run - skipUsageValidation: false image: repository: quay.io/codefresh/gitops-runtime-installer tag: "" diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index edf4c290..f164c094 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -8,7 +8,7 @@ FROM debian:12.10-slim RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -ARG CF_CLI_VERSION=v0.2.7 +ARG CF_CLI_VERSION=v0.2.6 ARG TARGETARCH RUN apt-get update && apt-get install curl jq -y From ee9559f0912b6beef21f8401f46c836ce14a3e22 Mon Sep 17 00:00:00 2001 From: andrii-codefresh Date: Wed, 14 May 2025 12:46:36 +0300 Subject: [PATCH 2/3] remove empty file --- .../templates/hooks/pre-install/validate-usage.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml deleted file mode 100644 index e69de29b..00000000 From ae6bb5e029d477443fbb273da298b956df60ad62 Mon Sep 17 00:00:00 2001 From: andrii-codefresh Date: Wed, 14 May 2025 13:11:39 +0300 Subject: [PATCH 3/3] remove tests related to the feature --- .../tests/global_constraints_test.yaml | 62 ------------------- 1 file changed, 62 deletions(-) diff --git a/charts/gitops-runtime/tests/global_constraints_test.yaml b/charts/gitops-runtime/tests/global_constraints_test.yaml index dccede4a..4d64f765 100644 --- a/charts/gitops-runtime/tests/global_constraints_test.yaml +++ b/charts/gitops-runtime/tests/global_constraints_test.yaml @@ -436,68 +436,6 @@ tests: value: another-value effect: NoSchedule - - it: validate-usage job should have nodeSelector from .Values.global - values: - - ./values/global-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - some-key: some-value - extra-key: extra-value - - - it: validate-usage job should have nodeSelector from .Values.installer and NOT from .Values.global - values: - - ./values/global-constraints-values.yaml - - ./values/subcharts-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.nodeSelector - value: - some-key: another-value - foo: bar - - - it: validate-usage job should have tolerations from .Values.global - values: - - ./values/global-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.tolerations - value: - - key: some-key - operator: Equal - value: some-value - effect: NoSchedule - - - it: validate-usage job should have tolerations from .Values.installer and NOT from .Values.global - values: - - ./values/global-constraints-values.yaml - - ./values/subcharts-constraints-values.yaml - template: hooks/pre-install/validate-usage.yaml - documentSelector: - path: kind - value: Job - asserts: - - equal: - path: spec.template.spec.tolerations - value: - - key: another-key - operator: Equal - value: another-value - effect: NoSchedule - - it: cleanup-resources job should have nodeSelector from .Values.global values: