diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml index fd148306..81b869e9 100644 --- a/charts/gitops-runtime/Chart.yaml +++ b/charts/gitops-runtime/Chart.yaml @@ -44,4 +44,4 @@ dependencies: condition: gitops-operator.enabled - name: cf-argocd-extras repository: oci://quay.io/codefresh/charts - version: 0.5.3 + version: 0.5.4 diff --git a/charts/gitops-runtime/templates/event-reporter.yaml b/charts/gitops-runtime/templates/event-reporter.yaml index 640883ae..be24301f 100644 --- a/charts/gitops-runtime/templates/event-reporter.yaml +++ b/charts/gitops-runtime/templates/event-reporter.yaml @@ -18,4 +18,11 @@ {{- $_ := set $cfArgoCdExtrasContext.Values.eventReporter.container.env "ARGOCD_SERVER_ROOTPATH" (index .Values "global" "external-argo-cd" "server" "rootpath") }} {{- end }} +{{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} + {{- $secretName := .Values.global.codefresh.tls.caCerts.secretKeyRef.name | default "codefresh-tls-certs" }} + {{- $secretKey := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} + {{- $_ := set $cfArgoCdExtrasContext.Values.eventReporter.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $secretKey ) }} + {{- $_ := set (index $cfArgoCdExtrasContext.Values.eventReporter.volumes "codefresh-tls-certs") "nameOverride" $secretName }} +{{- end }} + {{ include "cf-argocd-extras.event-reporter.resources" $cfArgoCdExtrasContext }} diff --git a/charts/gitops-runtime/templates/sources-server.yaml b/charts/gitops-runtime/templates/sources-server.yaml index c1358d33..5a728723 100644 --- a/charts/gitops-runtime/templates/sources-server.yaml +++ b/charts/gitops-runtime/templates/sources-server.yaml @@ -10,12 +10,19 @@ {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" (index .Values "global" "external-argo-cd" "auth" "tokenSecretKeyRef" "key" )) }} {{- else }} {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }} - {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }} + {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }} {{- end }} {{- end }} {{- if and (index .Values "global" "external-argo-cd" "server" "rootpath") }} - {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGOCD_SERVER_ROOTPATH" (index .Values "global" "external-argo-cd" "server" "rootpath") }} + {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "ARGOCD_SERVER_ROOTPATH" (index .Values "global" "external-argo-cd" "server" "rootpath") }} +{{- end }} + +{{- if or .Values.global.codefresh.tls.caCerts.secret.create .Values.global.codefresh.tls.caCerts.secretKeyRef }} + {{- $secretName := .Values.global.codefresh.tls.caCerts.secretKeyRef.name | default "codefresh-tls-certs" }} + {{- $secretKey := .Values.global.codefresh.tls.caCerts.secret.create | ternary (default "ca-bundle.crt" .Values.global.codefresh.tls.caCerts.secret.key) .Values.global.codefresh.tls.caCerts.secretKeyRef.key }} + {{- $_ := set $cfArgoCdExtrasContext.Values.sourcesServer.container.env "CODEFRESH_SSL_CERT_PATH" (printf "/app/config/codefresh-tls-certs/%s" $secretKey ) }} + {{- $_ := set (index $cfArgoCdExtrasContext.Values.sourcesServer.volumes "codefresh-tls-certs") "nameOverride" $secretName }} {{- end }} {{- include "cf-argocd-extras.sources-server.hpa" $cfArgoCdExtrasContext }} diff --git a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml index 7d5c4fe8..304ae0fb 100644 --- a/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml +++ b/charts/gitops-runtime/tests/cf-argocd-extras_test.yaml @@ -154,3 +154,187 @@ tests: - equal: path: data["redis.server"] value: RELEASE-NAME-redis-ha-haproxy:6379 + + - it: Sources-Server should have an OPTIONAL codefresh-tls-certs volume and volumeMount by default + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Sources-Server should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secret: + create: true + key: ca-bundle.crt + content: | + -----BEGIN CERTIFICATE----- + MIID... + -----END CERTIFICATE----- + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Sources-Server should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secretKeyRef is set + template: sources-server.yaml + documentSelector: + path: kind + value: Deployment + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secretKeyRef: + name: my-codefresh-tls-certs + key: my-ca-bundle.crt + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/my-ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: my-codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Event-Reporter should have an OPTIONAL codefresh-tls-certs volume and volumeMount by default + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + values: + - ./values/mandatory-values-ingress.yaml + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Event-Reporter should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secret.create is true + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secret: + create: true + key: ca-bundle.crt + content: | + -----BEGIN CERTIFICATE----- + MIID... + -----END CERTIFICATE----- + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true + + - it: Event-Reporter should have CODEFRESH_SSL_CERT_PATH env var when .Values.global.codefresh.tls.caCerts.secretKeyRef is set + template: event-reporter.yaml + documentSelector: + path: kind + value: StatefulSet + values: + - ./values/mandatory-values-ingress.yaml + set: + global: + codefresh: + tls: + caCerts: + secretKeyRef: + name: my-codefresh-tls-certs + key: my-ca-bundle.crt + asserts: + - equal: + path: spec.template.spec.containers[0].env[?(@.name == 'CODEFRESH_SSL_CERT_PATH')].value + value: /app/config/codefresh-tls-certs/my-ca-bundle.crt + - contains: + path: spec.template.spec.volumes + content: + name: codefresh-tls-certs + secret: + secretName: my-codefresh-tls-certs + optional: true + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: codefresh-tls-certs + mountPath: /app/config/codefresh-tls-certs + readOnly: true