diff --git a/charts/devtron-enterprise/Chart.yaml b/charts/devtron-enterprise/Chart.yaml index 322bb4f0..8da4b7d5 100644 --- a/charts/devtron-enterprise/Chart.yaml +++ b/charts/devtron-enterprise/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: devtron-enterprise -appVersion: 0.7.2 -description: Chart to configure and install Devtron. Devtron is a Kubernetes Orchestration system. +appVersion: 32.1.0 +description: Chart to configure and install Devtron Enterprise Stack. Devtron is a Kubernetes Orchestration system. keywords: - Devtron - Kubernetes @@ -10,19 +10,14 @@ keywords: - Deployment - argocd - Hyperion -engine: gotpl -version: 0.22.75 +version: 32.1.0 sources: - - https://github.com/devtron-labs/charts + - https://github.com/devtron-labs/charts/tree/main/charts/devtron-enterprise dependencies: -- name: argo-cd - version: "5.9.1" - repository: https://argoproj.github.io/argo-helm - condition: argo-cd.enabled -- name: security +- name: devtron-operator version: "0.x.x" - repository: https://helm.devtron.ai - condition: security.enabled + repository: https://helm.devtron.ai/ + alias: devtron maintainers: - email: prakarsh@devtron.ai name: Prakarsh diff --git a/charts/devtron-enterprise/crds/crd-devtron.yaml b/charts/devtron-enterprise/crds/crd-devtron.yaml deleted file mode 100644 index d5dea827..00000000 --- a/charts/devtron-enterprise/crds/crd-devtron.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: installers.installer.devtron.ai -spec: - group: installer.devtron.ai - names: - kind: Installer - listKind: InstallerList - plural: installers - singular: installer - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - description: Installer is the Schema for the installers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallerSpec defines the desired state of Installer - properties: - reSync: - description: Rerun the installation script - type: boolean - url: - description: URL of the BOM version to be installed - type: string - type: object - status: - description: InstallerStatus defines the observed state of Installer - properties: - current_spec_hash: - type: string - sync: - description: SyncStatus is a comparison result of application spec and - deployed application. - properties: - conditions: - items: - description: InstallerCondition contains details about current - application condition - properties: - lastTransitionTime: - description: LastTransitionTime is the time the condition - was first observed. - format: date-time - type: string - message: - description: Message contains human-readable message indicating - details about condition - type: string - type: - description: Type is an application condition type - type: string - required: - - message - - type - type: object - type: array - data: - type: string - health: - properties: - message: - type: string - status: - description: Represents resource health status - type: string - type: object - history: - description: RevisionHistories is a array of history, oldest first - and newest last - items: - description: RevisionHistory contains information relevant to - an application deployment - properties: - deployStartedAt: - description: DeployStartedAt holds the time the deployment - started - format: date-time - type: string - deployedAt: - description: DeployedAt holds the time the deployment completed - format: date-time - type: string - id: - description: ID is an auto incrementing identifier of the - RevisionHistory - format: int64 - type: integer - revision: - description: Revision holds the revision of the sync - type: string - source: - description: ApplicationSource contains information about - github repository, path within repository and target application - environment. - properties: - url: - type: string - type: object - required: - - deployedAt - - id - - revision - type: object - type: array - resources: - items: - description: ResourceStatus holds the current sync and health - status of a resource - properties: - group: - type: string - health: - properties: - message: - type: string - status: - description: Represents resource health status - type: string - type: object - kind: - type: string - name: - type: string - namespace: - type: string - operation: - type: string - status: - type: string - version: - type: string - type: object - type: array - status: - type: string - url: - description: URL of the BOM version pulled - type: string - required: - - status - type: object - required: - - current_spec_hash - - sync - type: object - type: object -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/charts/devtron-enterprise/devtron-bom.yaml b/charts/devtron-enterprise/devtron-bom.yaml new file mode 100644 index 00000000..223ee8d0 --- /dev/null +++ b/charts/devtron-enterprise/devtron-bom.yaml @@ -0,0 +1,99 @@ +global: + podSecurityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + containerSecurityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + runAsNonRoot: true + containerRegistry: "quay.io/devtron" + # The below values can be specified both at global as well as component level + # nodeSelector: + # key: value + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # imagePullSecrets: + # - name: your-image-pull-secret + + # Set the storage class to be used for PVCs (would use default sc if not specified) + storageClass: "" + + # Add Proxy Configs to be propagated to all the Devtron Microservices. + configs: {} + + nodeSelector: {} + tolerations: [] + imagePullSecrets: [] +devtron: + installer: + arch: "multi-arch" + repo: "devtron-labs/charts" + release: "32.1.0" + registry: "" + image: inception + tag: 7beef376-948-31378 + source: "github" # Available options are github and gitee + components: + # Values for dashboard + dashboard: + config: + extraConfigs: + HIDE_DISCORD: "true" + HIDE_RELEASES: "false" + HIDE_RESOURCE_WATCHER: "false" + FEATURE_SCOPED_VARIABLE_ENVIRONMENT_LIST_ENABLE: "true" + FEATURE_IMAGE_PROMOTION_ENABLE: "true" + FEATURE_CLUSTER_MAP_ENABLE: "true" + FEATURE_CONFIG_DRIFT_ENABLE: "true" + image: "dashboard:040c5cf9-30dda7b5-931-31424" + # Values for devtron + devtron: + image: "hyperion:de8076d0-759-31416" + cicdImage: "devtron:de8076d0-930-31412" + imagePullPolicy: IfNotPresent + customOverrides: + PG_ADDR: postgresql-postgresql.devtroncd + USE_CUSTOM_HTTP_TRANSPORT: "false" + ASYNC_BUILDX_CACHE_EXPORT: "false" + BUILDX_CACHE_MODE_MIN: "false" + CLONING_MODE: FULL + SCOPED_VARIABLE_ENABLED: "true" + SCOPED_VARIABLE_HANDLE_PRIMITIVES: "true" + DEVTRON_CHART_ARGO_CD_INSTALL_REQUEST_TIMEOUT: "1" + IS_INTERNAL_USE: "true" + IS_AIR_GAP_ENVIRONMENT: "false" + # Values for ciRunner + ciRunner: + image: "ci-runner:2168a861-882-31228" + # Values for kubelink + kubelink: + image: "kubelink:fd7b49f0-314-31414" + imagePullPolicy: IfNotPresent + # Values for gitsensor + gitsensor: + image: "git-sensor:fd7b49f0-950-31385" + imagePullPolicy: IfNotPresent + chartSync: + image: chart-sync:2168a861-341-31218 + postgres: + armImage: "postgres:14.9" + # values for security integration + security: + imageScanner: + image: "image-scanner:fd7b49f0-109-31386" + configs: + TRIVY_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-java-db + devtronEnterprise: + enabled: true + casbin: + image: "casbin:fd7b49f0-fced3ae3-464-31402" + imagePullPolicy: IfNotPresent + scoop: + enabled: false + image: "scoop:2c6a094c-629-30827" + imagePullPolicy: IfNotPresent \ No newline at end of file diff --git a/charts/devtron-enterprise/installation-script b/charts/devtron-enterprise/installation-script new file mode 100644 index 00000000..0648dd6e --- /dev/null +++ b/charts/devtron-enterprise/installation-script @@ -0,0 +1,4 @@ +LTAG="v1.4.0"; +REPO_RAW_URL="https://raw.githubusercontent.com/devtron-labs/devtron/"; + +log("executed devtron setup installation"); diff --git a/charts/devtron-enterprise/templates/NOTES.txt b/charts/devtron-enterprise/templates/NOTES.txt index 01507091..d7f6fe66 100644 --- a/charts/devtron-enterprise/templates/NOTES.txt +++ b/charts/devtron-enterprise/templates/NOTES.txt @@ -1,59 +1,73 @@ + +─────────────────────────────────────────────────────────────────────────────────────────────────────────────── +✨ Thank you for installing Devtron Enterprise! ✨ +─────────────────────────────────────────────────────────────────────────────────────────────────────────────── + + ____ _______ _______ ____ ___ _ _ _____ _ _ _____ _____ ____ ____ ____ ___ ____ _____ +| _ \| ____\ \ / /_ _| _ \ / _ \| \ | | | ____| \ | |_ _| ____| _ \| _ \| _ \|_ _/ ___|| ____| +| | | | _| \ \ / / | | | |_) | | | | \| | | _| | \| | | | | _| | |_) | |_) | |_) || |\___ \| _| +| |_| | |___ \ V / | | | _ <| |_| | |\ | | |___| |\ | | | | |___| _ <| __/| _ < | | ___) | |___ +|____/|_____| \_/ |_| |_| \_\\___/|_| \_| |_____|_| \_| |_| |_____|_| \_\_| |_| \_\___|____/|_____| + +─────────────────────────────────────────────────────────────────────────────────────────────────────────────── + Please wait for ~1 minute before running any of the following commands. 1. Run the following command to get the password for the default admin user: kubectl -n devtroncd get secret devtron-secret -o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d -{{- if $.Values.components }} -{{- if $.Values.components.devtron }} -{{- if $.Values.components.devtron.ingress }} -{{- if $.Values.components.devtron.ingress.enabled }} -2. The Devtron dashboard URL for +{{- if $.Values.devtron.components }} +{{- if $.Values.devtron.components.devtron }} +{{- if $.Values.devtron.components.devtron.ingress }} +{{- if $.Values.devtron.components.devtron.ingress.enabled }} + +2. The Devtron dashboard URLs are: -- http is: http://{{ .Values.components.devtron.ingress.host }}/dashboard -- https is https://{{ .Values.components.devtron.ingress.host }}/dashboard +- HTTP: http://{{ .Values.devtron.components.devtron.ingress.host }}/dashboard +- HTTPS: https://{{ .Values.devtron.components.devtron.ingress.host }}/dashboard + +{{- else if eq $.Values.devtron.components.devtron.service.type "LoadBalancer" }} + +2. To get the dashboard URL for LoadBalancer: -{{- else if eq $.Values.components.devtron.service.type "LoadBalancer" }} -2. Run the following command to get the dashboard URL for the service type: - LoadBalancer - kubectl get svc -n devtroncd devtron-service -o jsonpath='{.status.loadBalancer.ingress}' - -{{- else if eq $.Values.components.devtron.service.type "NodePort" }} -2. Run the following commands to get the dashboard URL for the service type: - NodePort + +{{- else if eq $.Values.devtron.components.devtron.service.type "NodePort" }} + +2. Run the following commands to get the dashboard URL for NodePort: a. export nodeport=$(kubectl get svc -n devtroncd devtron-service -o jsonpath="{.spec.ports[0].nodePort}") - - b. Run the following command to get Devtron dashboard URL: echo http://HOST_IP:$nodeport/dashboard - - Make sure that your security settings allow incoming connection to your Host machine on the nodeport mentioned. - -{{- else if eq $.Values.components.devtron.service.type "ClusterIP" }} -2. Run the following commands to get the dashboard URL for the service type: - ClusterIP - - kubectl get svc -n devtroncd devtron-service - - You can port-forward devtron-service in namespace devtroncd to access devtron dashboard. You can use the following command to port forward. - - kubectl -n devtroncd port-forward svc/devtron-service 8000:80 - - The dashboard should be accesible on http://localhost:8000/ + + b. echo http://HOST_IP:$nodeport/dashboard + + ➡️ Make sure that your firewall or cloud security group allows incoming connections to the node port. + +{{- else if eq $.Values.devtron.components.devtron.service.type "ClusterIP" }} + +2. To access the dashboard (ClusterIP), you can port-forward: + + kubectl -n devtroncd port-forward svc/devtron-service 8000:80 + + The dashboard will be accessible at http://localhost:8000/dashboard + {{- end }} {{- end }} {{- end }} {{- end }} -{{- if $.Values.installer.modules }} -3. To track the progress of Devtron microservices installation, run the following command: +{{- if $.Values.devtron.installer.modules }} + +3. To track installation progress, run: + + kubectl -n devtroncd get installers installer-devtron -o jsonpath='{.status.sync.status}' - kubectl -n devtroncd get installers installer-devtron -o jsonpath='{.status.sync.status}' - - After running this command, if you get the results as: - 1. "Downloaded" means installation in progress. But you can still start exploring Devtron - 2. "Applied" means installation is successful. + Status meanings: + - Downloaded: Installation is in progress, but you can start exploring Devtron. + - Applied: Installation completed successfully. {{- end }} -Facing issues? Reach out to our team on Discord https://discord.devtron.ai for immediate assistance! +─────────────────────────────────────────────────────────────────────────────────────────────────────────────── +💡 Facing issues? Join our community for quick help: https://discord.devtron.ai +─────────────────────────────────────────────────────────────────────────────────────────────────────────────── diff --git a/charts/devtron-enterprise/templates/_helpers.tpl b/charts/devtron-enterprise/templates/_helpers.tpl deleted file mode 100644 index 97f2766c..00000000 --- a/charts/devtron-enterprise/templates/_helpers.tpl +++ /dev/null @@ -1,88 +0,0 @@ -{{- define "argo-cd.selectorLabels" -}} -{{- if .name -}} -app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} -{{ end -}} -{{ end -}} -{{/* -Returns a secret if it already in Kubernetes, otherwise it creates -it randomly. -*/}} -{{- define "getOrGeneratePass" }} -{{- $len := (default 32 .Length) | int -}} -{{- $obj := (lookup "v1" .Kind .Namespace .Name).data -}} -{{- if $obj }} -{{- index $obj .Key -}} -{{- else if (eq (lower .Kind) "secret") -}} -{{- randAlphaNum $len | b64enc -}} -{{- else -}} -{{- randAlphaNum $len -}} -{{- end -}} -{{- end }} - -{{- define "imagePullSecret" }} -{{- with .Values.imagePullSecret.credentials }} -{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password (printf "%s:%s" .username .password | b64enc) | b64enc }} -{{- end }} -{{- end }} - -{{/* -Expand the node selectors, tolerations, and image pull secrets for a Kubernetes resource. -Usage: -{{ include "common.schedulerConfig" (dict "nodeSelector" .Values.path.to.nodeSelector "tolerations" .Values.path.to.tolerations "imagePullSecrets" .Values.path.to.imagePullSecrets "global" .Values.global ) }} -*/}} - -{{- define "common.schedulerConfig" -}} - {{- if .nodeSelector }} -nodeSelector: -{{ toYaml .nodeSelector | indent 2 }} - {{- else if .global.nodeSelector }} -nodeSelector: -{{ toYaml .global.nodeSelector | indent 2 }} - {{- end }} - {{- if .tolerations }} -tolerations: -{{ toYaml .tolerations | indent 2 }} - {{- else if .global.tolerations }} -tolerations: -{{ toYaml .global.tolerations | indent 2 }} - {{- end }} - {{- if .imagePullSecrets }} -imagePullSecrets: -{{ toYaml .imagePullSecrets | indent 2 }} - {{- else if .global.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .global.imagePullSecrets | indent 2 }} - {{- end }} -{{- end }} - -{{/* -Return full image -{{ include "common.image" ( dict "component" .Values.path.to.the.component "global" .Values.global .extraImage .extraImageTag .extraImageDigest ) }} -*/}} -{{- define "common.image" -}} -{{- $registryName := .component.registry | default .global.containerRegistry -}} -{{- $imageName := .extraImage | default .component.image -}} -{{- $imageTag := .extraImageTag | default .component.tag -}} -{{- $imageDigest := .extraImageDigest | default .component.digest -}} -{{- if $registryName }} - {{- if and $imageTag $imageDigest }} - {{- printf "%s/%s@%s" $registryName $imageName $imageDigest -}} - {{- else if $imageTag }} - {{- printf "%s/%s:%s" $registryName $imageName $imageTag -}} - {{- else if $imageDigest }} - {{- printf "%s/%s@%s" $registryName $imageName $imageDigest -}} - {{- else }} - {{- printf "%s/%s" $registryName $imageName -}} - {{- end }} -{{- else -}} - {{- if and $imageTag $imageDigest }} - {{- printf "%s@%s" $imageName $imageDigest -}} - {{- else if $imageTag }} - {{- printf "%s:%s" $imageName $imageTag -}} - {{- else if $imageDigest }} - {{- printf "%s@%s" $imageName $imageDigest -}} - {{- else }} - {{- printf "%s" $imageName -}} - {{- end }} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/app-sync-job.yaml b/charts/devtron-enterprise/templates/app-sync-job.yaml deleted file mode 100644 index 92da12d5..00000000 --- a/charts/devtron-enterprise/templates/app-sync-job.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- if $.Release.IsInstall }} -{{- if .Capabilities.APIVersions.Has "batch/v1/Job" }} -apiVersion: batch/v1 -{{- else -}} -apiVersion: batch/v1beta1 -{{- end }} -kind: Job -metadata: - name: app-sync-job-{{ randAlphaNum 5 | lower }} -spec: - template: - spec: - serviceAccountName: devtron - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 6 }} - initContainers: - - name: migration-wait - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }} - command: ['sh', '-c', 'while [ ! $(kubectl -n devtroncd get $(kubectl -n devtroncd get job -l job=postgresql-migrate-devtron -o name) -o jsonpath="{.status.succeeded}") ]; do sleep 10; done'] - {{- if .Values.components.migrator }} - {{- if .Values.components.migrator.appSync }} - {{- if .Values.components.migrator.appSync.initContainer }} - {{- if .Values.components.migrator.appSync.initContainer.resources }} - resources: - {{- toYaml .Values.components.migrator.appSync.initContainer.resources | nindent 10 }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: chart-sync - image: {{ include "common.image" (dict "component" $.Values.components.chartSync "global" $.Values.global ) }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 10 }} - {{- end }} - env: - - name: PG_ADDR - value: postgresql-postgresql.devtroncd - - name: PG_DATABASE - value: orchestrator - - name: PG_USER - value: postgres - envFrom: - - secretRef: - name: devtron-secret - {{- if .Values.components.migrator }} - {{- if .Values.components.migrator.appSync }} - {{- if .Values.components.migrator.appSync.resources }} - resources: - {{- toYaml .Values.components.migrator.appSync.resources | nindent 14 }} - {{- end }} - {{- end }} - {{- end }} - restartPolicy: OnFailure - backoffLimit: 4 ---- -{{- end }} -{{- if .Capabilities.APIVersions.Has "batch/v1/CronJob" }} -apiVersion: batch/v1 -{{- else -}} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: app-sync-cronjob - annotations: - "helm.sh/resource-policy": keep -spec: - schedule: "0 19 * * *" - jobTemplate: - spec: - template: - spec: - serviceAccountName: chart-sync - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }} - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 12 }} - {{- end }} - containers: - - name: chart-sync - image: {{ include "common.image" (dict "component" $.Values.components.chartSync "global" $.Values.global ) }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 14 }} - {{- end }} - env: - - name: PG_ADDR - value: postgresql-postgresql.devtroncd - - name: PG_DATABASE - value: orchestrator - - name: PG_USER - value: postgres - envFrom: - - secretRef: - name: devtron-secret - {{- if .Values.components.migrator }} - {{- if .Values.components.migrator.appSync }} - {{- if .Values.components.migrator.appSync.resources }} - resources: - {{- toYaml .Values.components.migrator.appSync.resources | nindent 14 }} - {{- end }} - {{- end }} - {{- end }} - restartPolicy: Never - backoffLimit: 4 diff --git a/charts/devtron-enterprise/templates/argocd-secret.yaml b/charts/devtron-enterprise/templates/argocd-secret.yaml deleted file mode 100644 index b8d7775b..00000000 --- a/charts/devtron-enterprise/templates/argocd-secret.yaml +++ /dev/null @@ -1,233 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/name: argocd-secret - app.kubernetes.io/part-of: argocd - annotations: - "helm.sh/resource-policy": keep - name: argocd-secret - namespace: devtroncd -type: Opaque ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: argocd-cm - app.kubernetes.io/part-of: argocd - annotations: - "helm.sh/resource-policy": keep - name: argocd-cm -data: - timeout.hard.reconciliation: "0" - timeout.reconciliation: 60s - repositories: |- - - name: devtron - type: helm - url: https://helm.devtron.ai - - name: fluent - type: helm - url: https://fluent.github.io/helm-charts - - name: nginx-ingress - type: helm - url: https://kubernetes.github.io/ingress-nginx - - name: elastic - type: helm - url: https://helm.elastic.co - - name: bitnami - type: helm - url: https://charts.bitnami.com/bitnami - - name: prometheus-community - type: helm - url: https://prometheus-community.github.io/helm-charts - - name: jetstack - type: helm - url: https://charts.jetstack.io - - name: metrics-server - type: helm - url: https://kubernetes-sigs.github.io/metrics-server - - name: autoscaler - type: helm - url: https://kubernetes.github.io/autoscaler - - name: external-secrets - type: helm - url: https://charts.external-secrets.io - - name: kedacore - type: helm - url: https://kedacore.github.io/charts - resource.customizations: > - kubernetes-client.io/ExternalSecret: - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.status ~= nil then - hs.status = "Degraded" - hs.message = obj.status.status - else - hs.status = "Healthy" - end - else - hs.status = "Healthy" - end - return hs - argoproj.io/Rollout: - health.lua: | - function checkReplicasStatus(obj) - hs = {} - replicasCount = getNumberValueOrDefault(obj.spec.replicas) - replicasStatus = getNumberValueOrDefault(obj.status.replicas) - updatedReplicas = getNumberValueOrDefault(obj.status.updatedReplicas) - availableReplicas = getNumberValueOrDefault(obj.status.availableReplicas) - - if updatedReplicas < replicasCount then - hs.status = "Progressing" - hs.message = "Waiting for roll out to finish: More replicas need to be updated" - return hs - end - -- Since the scale down delay can be very high, BlueGreen does not wait for all the old replicas to scale - -- down before marking itself healthy. As a result, only evaluate this condition if the strategy is canary. - if obj.spec.strategy.canary ~= nil and replicasStatus > updatedReplicas then - hs.status = "Progressing" - hs.message = "Waiting for roll out to finish: old replicas are pending termination" - return hs - end - if availableReplicas < updatedReplicas then - hs.status = "Progressing" - hs.message = "Waiting for roll out to finish: updated replicas are still becoming available" - return hs - end - return nil - end - - function getNumberValueOrDefault(field) - if field ~= nil then - return field - end - return 0 - end - - function checkPaused(obj) - hs = {} - local paused = false - if obj.status.verifyingPreview ~= nil then - paused = obj.status.verifyingPreview - elseif obj.spec.paused ~= nil then - paused = obj.spec.paused - end - - if paused then - hs.status = "Suspended" - hs.message = "Rollout is paused" - return hs - end - return nil - end - - hs = {} - if obj.status ~= nil then - if obj.status.conditions ~= nil then - for _, condition in ipairs(obj.status.conditions) do - if condition.type == "InvalidSpec" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Progressing" and condition.reason == "RolloutAborted" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Progressing" and condition.reason == "ProgressDeadlineExceeded" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - end - end - if obj.status.currentPodHash ~= nil then - if obj.spec.strategy.blueGreen ~= nil then - isPaused = checkPaused(obj) - if isPaused ~= nil then - return isPaused - end - replicasHS = checkReplicasStatus(obj) - if replicasHS ~= nil then - return replicasHS - end - if obj.status.blueGreen ~= nil and obj.status.blueGreen.activeSelector ~= nil and obj.status.blueGreen.activeSelector == obj.status.currentPodHash then - hs.status = "Healthy" - hs.message = "The active Service is serving traffic to the current pod spec" - return hs - end - hs.status = "Progressing" - hs.message = "The current pod spec is not receiving traffic from the active service" - return hs - end - if obj.spec.strategy.recreate ~= nil then - isPaused = checkPaused(obj) - if isPaused ~= nil then - return isPaused - end - replicasHS = checkReplicasStatus(obj) - if replicasHS ~= nil then - return replicasHS - end - if obj.status.recreate ~= nil and obj.status.recreate.currentRS ~= nil and obj.status.recreate.currentRS == obj.status.currentPodHash then - hs.status = "Healthy" - hs.message = "Rollout is successful" - return hs - end - hs.status = "Progressing" - hs.message = "Rollout is in progress" - return hs - end - if obj.spec.strategy.canary ~= nil then - currentRSIsStable = obj.status.canary.stableRS == obj.status.currentPodHash - if obj.spec.strategy.canary.steps ~= nil and table.getn(obj.spec.strategy.canary.steps) > 0 then - stepCount = table.getn(obj.spec.strategy.canary.steps) - if obj.status.currentStepIndex ~= nil then - currentStepIndex = obj.status.currentStepIndex - isPaused = checkPaused(obj) - if isPaused ~= nil then - return isPaused - end - - if paused then - hs.status = "Suspended" - hs.message = "Rollout is paused" - return hs - end - if currentRSIsStable and stepCount == currentStepIndex then - replicasHS = checkReplicasStatus(obj) - if replicasHS ~= nil then - return replicasHS - end - hs.status = "Healthy" - hs.message = "The rollout has completed all steps" - return hs - end - end - hs.status = "Progressing" - hs.message = "Waiting for rollout to finish steps" - return hs - end - - -- The detecting the health of the Canary deployment when there are no steps - replicasHS = checkReplicasStatus(obj) - if replicasHS ~= nil then - return replicasHS - end - if currentRSIsStable then - hs.status = "Healthy" - hs.message = "The rollout has completed canary deployment" - return hs - end - hs.status = "Progressing" - hs.message = "Waiting for rollout to finish canary deployment" - end - end - end - hs.status = "Progressing" - hs.message = "Waiting for rollout to finish: status has not been reconciled." - return hs \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/casbin.yaml b/charts/devtron-enterprise/templates/casbin.yaml deleted file mode 100644 index 3749168b..00000000 --- a/charts/devtron-enterprise/templates/casbin.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{- if and .Values.devtronEnterprise.enabled }} -{{- with .Values.devtronEnterprise.casbin }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: casbin - release: devtron - name: casbin - namespace: devtroncd -spec: - minReadySeconds: 60 - replicas: 1 - revisionHistoryLimit: 3 - selector: - matchLabels: - app: casbin - release: devtron - template: - metadata: - labels: - app: casbin - release: devtron - spec: - serviceAccountName: devtron-default-sa - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.devtronEnterprise.casbin.nodeSelector "tolerations" $.Values.devtronEnterprise.casbin.tolerations "imagePullSecrets" $.Values.devtronEnterprise.casbin.imagePullSecrets "global" $.Values.global) | indent 6 }} - containers: - - name: casbin - image: {{ include "common.image" (dict "component" $.Values.devtronEnterprise.casbin "global" $.Values.global) }} - {{- if .imagePullPolicy }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- end }} - env: - - name: DEVTRON_APP_NAME - value: casbin - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .dbconfig }} - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .dbconfig.secretName }} - key: {{ .dbconfig.keyName }} - {{- end }} - envFrom: - - configMapRef: - name: casbin-cm - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9000 - name: app - protocol: TCP - {{- if .resources }} - resources: -{{ toYaml .resources | indent 12 }} - {{- end }} - volumeMounts: [] - restartPolicy: Always - terminationGracePeriodSeconds: 30 - volumes: [] ---- -# Casbin ConfigMap -apiVersion: v1 -kind: ConfigMap -metadata: - name: casbin-cm - namespace: devtroncd - labels: - app: casbin - release: devtron -{{- if .configs }} -data: -{{ toYaml .configs | indent 2 }} -{{- end }} ---- -# Casbin Service -apiVersion: v1 -kind: Service -metadata: - labels: - app: casbin - release: devtron - annotations: - "helm.sh/resource-policy": keep - name: casbin-service - namespace: devtroncd -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - - name: app - port: 9000 - protocol: TCP - targetPort: app - selector: - app: casbin - release: devtron - type: ClusterIP -{{- end}} -{{- end}} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/config-overrides.yaml b/charts/devtron-enterprise/templates/config-overrides.yaml deleted file mode 100644 index cb8ea46b..00000000 --- a/charts/devtron-enterprise/templates/config-overrides.yaml +++ /dev/null @@ -1,282 +0,0 @@ -{{- if .Values.components.lens }} -{{- if .Values.components.lens.resources }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: lens-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: lens - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .Values.components.lens.resources | nindent 16 }} -{{- end }} -{{- end }} -{{- if .Values.components.devtron }} -{{- if .Values.components.devtron.resources }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: devtron - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .Values.components.devtron.resources | nindent 16 }} -{{- end }} -{{- end }} -{{- if .Values.components.gitSensor }} -{{- if .Values.components.gitSensor.resources }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: git-sensor-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: git-sensor - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .Values.components.gitSensor.resources | nindent 16 }} -{{- end }} -{{- end }} -{{- if .Values.components.kubewatch }} -{{- if .Values.components.kubewatch.resources }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubewatch-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: kubewatch - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .Values.components.kubewatch.resources | nindent 16 }} -{{- end }} -{{- end }} -{{- if .Values.components.argoRollout }} -{{- if .Values.components.argoRollout.resources }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: rollout-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: argo-rollouts - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .Values.components.argoRollout.resources | nindent 16 }} -{{- end }} -{{- end }} -{{- if .Values.components.migrator }} -{{- with .Values.components.migrator }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: migrator-override-cm - namespace: devtroncd -data: - override: | - {{- if .devtron }} - {{- if .devtron.resources }} - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: postgresql-migrate-devtron - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .devtron.resources | nindent 16 }} - {{- end }} - {{- end }} - {{- if .lens }} - {{- if .lens.resources }} - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: postgresql-migrate-lens - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .lens.resources | nindent 16 }} - {{- end }} - {{- end }} - {{- if .gitSensor }} - {{- if .gitSensor.resources }} - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: postgresql-migrate-gitsensor - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .gitSensor.resources | nindent 16 }} - {{- end }} - {{- end }} - {{- if .casbin }} - {{- if or (.casbin.resources) (.casbin.initContainer.resources) }} - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: postgresql-migrate-casbin - update: - spec: - template: - spec: - {{- if .casbin.resources }} - containers: - - resources: - {{- toYaml .casbin.resources | nindent 16 }} - {{- end }} - {{- if .casbin.initContainer.resources }} - initContainers: - - resources: - {{- toYaml .casbin.initContainer.resources | nindent 16 }} - {{- end }} - {{- end }} - {{- end }} - {{- if .miscellaneous }} - {{- if .miscellaneous.resources }} - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: postgresql-miscellaneous - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .miscellaneous.resources | nindent 16 }} - {{- end }} - {{- end }} - {{- if .appSync }} - {{- if .appSync.resources }} - --- - apiVersion: batch/v1 - kind: CronJob - metadata: - name: app-sync-cronjob - update: - spec: - jobTemplate: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .appSync.resources | nindent 20 }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- if .Values.components.devtronHousekeeping }} -{{- if .Values.components.devtronHousekeeping.resources }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-housekeeping-override-cm - namespace: devtroncd -data: - override: | - apiVersion: batch/v1 - kind: Job - metadata: - name: devtron-housekeeping - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .Values.components.devtronHousekeeping.resources | nindent 16 }} -{{- end }} -{{- end }} -{{- if .Values.components.natsServer }} -{{- if .Values.components.natsServer.nats.resources }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nats-server-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: devtron-nats - update: - spec: - template: - spec: - containers: - - resources: - {{- toYaml .Values.components.natsServer.nats.resources | nindent 16 }} - - resources: - {{- toYaml .Values.components.natsServer.reloader.resources | nindent 16 }} - - resources: - {{- toYaml .Values.components.natsServer.metrics.resources | nindent 16 }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/configmap-secret.yaml b/charts/devtron-enterprise/templates/configmap-secret.yaml deleted file mode 100644 index 3b6127f3..00000000 --- a/charts/devtron-enterprise/templates/configmap-secret.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- $grafanaPwd := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-grafana-cred-secret" "Key" "admin-password") }} -{{- $minioAccessKey := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-minio" "Key" "accesskey") }} -{{- $minioSecretKey := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-minio" "Key" "secretkey") }} -{{- $EXTERNAL_CI_API_SECRET := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "EXTERNAL_CI_API_SECRET") }} -{{- $ORCH_TOKEN := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "ORCH_TOKEN") }} -{{- $DEX_SECRET := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_SECRET") }} -{{- $DEX_JWTKEY := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_JWTKEY") }} -{{- $DEX_CSTOREKEY := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "DEX_CSTOREKEY") }} -{{- $postgresPwd := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "postgresql-postgresql" "Key" "postgresql-password") }} -{{- $WEBHOOK_TOKEN := include "getOrGeneratePass" (dict "Namespace" "devtroncd" "Kind" "Secret" "Name" "devtron-secret" "Key" "WEBHOOK_TOKEN") }} -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -apiVersion: v1 -kind: Secret -metadata: - name: devtron-operator-secret - namespace: devtroncd -type: Opaque -data: -{{- range $k, $v := $.Values.secrets }} - {{ $k }}: {{ $v | b64enc | quote }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-operator-cm - namespace: devtroncd -data: -{{- if $.Values.configs }} -{{ toYaml $.Values.configs | indent 2 }} -{{- end }} - INSTALLATION_THROUGH_HELM: "True" - DEVTRON_HELM_RELEASE_NAME: {{ $.Release.Name }} -{{- if and ($.Values.minio.enabled) (not $.Values.configs.BLOB_STORAGE_PROVIDER) }} - BLOB_STORAGE_PROVIDER: "S3" - BLOB_STORAGE_S3_ENDPOINT: "http://devtron-minio.devtroncd:9000" - BLOB_STORAGE_S3_ENDPOINT_INSECURE: "true" - DEFAULT_BUILD_LOGS_BUCKET: "devtron-ci-log" - DEFAULT_CACHE_BUCKET: "devtron-ci-cache" -{{- end }} -{{- if or ($.Values.minio.enabled) (eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE") }} - DEFAULT_CACHE_BUCKET_REGION: "us-west-2" - DEFAULT_CD_LOGS_BUCKET_REGION: "us-west-2" -{{- end }} -{{- if or ($.Values.minio.enabled) (eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE") }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: devtron-minio - labels: - app: minio - chart: {{ $.Release.Name }}-{{ $.Chart.Version }} - release: devtron - heritage: Helm - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque -{{- if and ($.Values.minio.enabled) (eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE") }} -data: - accesskey: {{ $.Values.configs.AZURE_ACCOUNT_NAME | b64enc }} - secretkey: {{ $.Values.secrets.AZURE_ACCOUNT_KEY | b64enc }} -{{- else if $.Values.minio.enabled }} -data: - accesskey: {{ $minioAccessKey }} - secretkey: {{ $minioSecretKey }} -{{- else if eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE" }} -data: - accesskey: {{ $.Values.configs.AZURE_ACCOUNT_NAME | b64enc }} - secretkey: {{ $.Values.secrets.AZURE_ACCOUNT_KEY | b64enc }} -{{- end }} -{{- end }} -{{- if or ($.Values.minio.enabled) ($.Values.configs.BLOB_STORAGE_PROVIDER) }} ---- -{{- if eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE" }} -apiVersion: v1 -data: - accessKey: {{ $.Values.configs.AZURE_ACCOUNT_NAME | b64enc }} - secretKey: {{ $.Values.secrets.AZURE_ACCOUNT_KEY | b64enc }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-ci - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque ---- -apiVersion: v1 -data: - accessKey: {{ $.Values.configs.AZURE_ACCOUNT_NAME | b64enc }} - secretKey: {{ $.Values.secrets.AZURE_ACCOUNT_KEY | b64enc }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-cd - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque -{{- else if eq $.Values.configs.BLOB_STORAGE_PROVIDER "GCP" }} -apiVersion: v1 -data: - secretKey: {{ $.Values.secrets.BLOB_STORAGE_GCP_CREDENTIALS_JSON }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-ci - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque ---- -apiVersion: v1 -data: - secretKey: {{ $.Values.secrets.BLOB_STORAGE_GCP_CREDENTIALS_JSON }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-cd - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque -{{- else if and (eq $.Values.configs.BLOB_STORAGE_PROVIDER "S3") ($.Values.secrets.BLOB_STORAGE_S3_ACCESS_KEY) ($.Values.secrets.BLOB_STORAGE_S3_SECRET_KEY) }} -apiVersion: v1 -data: - accessKey: {{ $.Values.secrets.BLOB_STORAGE_S3_ACCESS_KEY | b64enc }} - secretKey: {{ $.Values.secrets.BLOB_STORAGE_S3_SECRET_KEY | b64enc }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-ci - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque ---- -apiVersion: v1 -data: - accessKey: {{ $.Values.secrets.BLOB_STORAGE_S3_ACCESS_KEY | b64enc }} - secretKey: {{ $.Values.secrets.BLOB_STORAGE_S3_SECRET_KEY | b64enc }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-cd - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque -{{- else if and ($.Values.minio.enabled) (ne $.Values.configs.BLOB_STORAGE_PROVIDER "S3") }} -apiVersion: v1 -data: - accessKey: {{ $minioAccessKey }} - secretKey: {{ $minioSecretKey }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-ci - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque ---- -apiVersion: v1 -data: - accessKey: {{ $minioAccessKey }} - secretKey: {{ $minioSecretKey }} -kind: Secret -metadata: - name: workflow-minio-cred - namespace: devtron-cd - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque -{{- end }} -{{- end }} -{{- if $.Values.monitoring }} -{{- if $.Values.monitoring.grafana }} -{{- if $.Values.monitoring.grafana.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: devtron-grafana-cred-secret - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/resource-policy": keep -type: Opaque -data: - admin-user: YWRtaW4= - admin-password: {{ $grafanaPwd }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -apiVersion: v1 -kind: Secret -data: - postgresql-password: {{ $postgresPwd }} - POSTGRES_USER: cG9zdGdyZXM= - POSTGRES_DB: b3JjaGVzdHJhdG9y -metadata: - name: postgresql-postgresql - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - "helm.sh/resource-policy": keep -type: Opaque ---- -apiVersion: v1 -kind: Secret -data: - DB_PASSWORD: {{ $postgresPwd }} -metadata: - name: postgresql-migrator - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-4" - "helm.sh/resource-policy": keep -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: "devtron-secret" - labels: - release: devtron - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-3" - "helm.sh/resource-policy": keep -data: - PG_PASSWORD: {{ $postgresPwd }} -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} - ORCH_TOKEN: {{ $ORCH_TOKEN }} - EXTERNAL_CI_API_SECRET: {{ $EXTERNAL_CI_API_SECRET }} - WEBHOOK_TOKEN: {{ $WEBHOOK_TOKEN }} - DEX_SECRET: {{ $DEX_SECRET }} - DEX_JWTKEY: {{ $DEX_JWTKEY }} - DEX_CSTOREKEY: {{ $DEX_CSTOREKEY }} -{{- end }} -{{- end }} -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: "devtron-custom-secret" - labels: - release: devtron - annotations: - "helm.sh/hook": pre-install, pre-upgrade -data: - {{- if $.Values.installer.modules }} - {{- if has "cicd" $.Values.installer.modules }} - {{- if and ($.Values.minio.enabled) (not $.Values.configs.BLOB_STORAGE_PROVIDER) }} - BLOB_STORAGE_S3_ACCESS_KEY: {{ $minioAccessKey }} - BLOB_STORAGE_S3_SECRET_KEY: {{ $minioSecretKey }} - {{- end }} - {{- if $.Values.monitoring }} - {{- if $.Values.monitoring.grafana }} - {{- if $.Values.monitoring.grafana.enabled }} - GRAFANA_PASSWORD: {{ $grafanaPwd }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- range $k, $v := $.Values.secrets }} - {{- if and (eq $k "BLOB_STORAGE_GCP_CREDENTIALS_JSON" ) (eq $.Values.configs.BLOB_STORAGE_PROVIDER "GCP") }} - BLOB_STORAGE_GCP_CREDENTIALS_JSON: {{ $.Values.secrets.BLOB_STORAGE_GCP_CREDENTIALS_JSON }} - {{- else }} - {{ $k }}: {{ $v | b64enc }} - {{- end }} - {{- end }} -type: Opaque - -{{- if $.Values.imagePullSecret }} -{{- if $.Values.imagePullSecret.create }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} - namespace: devtroncd - annotations: - "helm.sh/hook": pre-install,pre-upgrade -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ include "imagePullSecret" . }} - -{{- if eq .Values.imagePullSecret.namespaceScope "all" }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} - namespace: devtron-cd - annotations: - "helm.sh/hook": pre-install,pre-upgrade -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ include "imagePullSecret" . }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} - namespace: devtron-ci - annotations: - "helm.sh/hook": pre-install,pre-upgrade -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ include "imagePullSecret" . }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }} - namespace: argo - annotations: - "helm.sh/hook": pre-install,pre-upgrade -type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: {{ include "imagePullSecret" . }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/templates/dashboard.yaml b/charts/devtron-enterprise/templates/dashboard.yaml deleted file mode 100644 index 8d978e8c..00000000 --- a/charts/devtron-enterprise/templates/dashboard.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{- with .Values.components.dashboard }} -apiVersion: v1 -kind: Secret -metadata: - name: devtron-dashboard-secret - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep -type: Opaque ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: dashboard-cm - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep -data: -{{- if .config }} - GA_ENABLED: {{ .config.analytics | default "false" | quote }} - HOTJAR_ENABLED: {{ .config.hotjar | default "false" | quote }} - SENTRY_ENABLED: {{ .config.sentry | default "false" | quote }} - SENTRY_ENV: {{ .config.sentryEnv | default "PRODUCTION" | quote }} - APPLICATION_METRICS_ENABLED: {{ .config.applicationMetrics | default "true" | quote }} - HIDE_APPLICATION_GROUPS: {{ .config.hideApplicationGroups | default "false" | quote }} - {{- if .config.extraConfigs }} -{{ toYaml .config.extraConfigs | indent 2 }} - {{- end }} -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: dashboard-service - labels: - app: dashboard - release: devtron - annotations: - "helm.sh/resource-policy": keep -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: app - protocol: TCP - name: app - selector: - app: dashboard ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dashboard - labels: - app: dashboard - release: devtron - annotations: - "helm.sh/resource-policy": keep -spec: - selector: - matchLabels: - app: dashboard - release: devtron - replicas: 1 - minReadySeconds: 60 - template: - metadata: - labels: - app: dashboard - release: devtron - spec: - terminationGracePeriodSeconds: 30 - restartPolicy: Always - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.dashboard.nodeSelector "tolerations" $.Values.components.dashboard.tolerations "imagePullSecrets" $.Values.components.dashboard.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - containers: - - name: dashboard - image: {{ include "common.image" (dict "component" $.Values.components.dashboard "global" $.Values.global) }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - ports: - - name: app - containerPort: 8080 - protocol: TCP - env: - - name: DEVTRON_APP_NAME - value: dashboard - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: dashboard-cm - - secretRef: - name: devtron-dashboard-secret - volumeMounts: [] - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - revisionHistoryLimit: 3 -{{- end }} diff --git a/charts/devtron-enterprise/templates/devtron-ingress.yaml b/charts/devtron-enterprise/templates/devtron-ingress.yaml deleted file mode 100644 index f2f280f4..00000000 --- a/charts/devtron-enterprise/templates/devtron-ingress.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{- if $.Values.components }} -{{- if $.Values.components.devtron }} -{{- if $.Values.components.devtron.ingress }} -{{- if $.Values.components.devtron.ingress.enabled }} -{{- with $.Values.components.devtron.ingress }} -{{- if eq $.Values.configs.ENABLE_LEGACY_API "true" }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - labels: - app: devtron - release: devtron - name: devtron-ingress - annotations: - kubernetes.io/ingress.class: {{ .className }} - {{- if .annotations }} -{{ toYaml .annotations | nindent 4 }} - {{- end }} -spec: - rules: - - host: {{ .host }} - http: - paths: - - backend: - serviceName: devtron-service - servicePort: 80 - path: /orchestrator - - backend: - serviceName: devtron-service - servicePort: 80 - path: /dashboard - - backend: - serviceName: devtron-service - servicePort: 80 - path: /grafana - pathType: ImplementationSpecific - {{- if .tls }} - tls: -{{ toYaml .tls | nindent 4 }} - {{- end }} -{{- else }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app: devtron - release: devtron - {{- if .labels }} - {{ toYaml .labels | nindent 4 }} - {{- end }} - name: devtron-ingress - {{- if .annotations }} - annotations: -{{ toYaml .annotations | nindent 4 }} - {{- end }} -spec: - {{- if .className }} - ingressClassName: {{ .className }} - {{- end }} - rules: - - host: {{ .host }} - http: - paths: - - backend: - service: - name: devtron-service - port: - number: 80 - path: /orchestrator - pathType: {{ .pathType }} - - backend: - service: - name: devtron-service - port: - number: 80 - path: /dashboard - pathType: {{ .pathType }} - - backend: - service: - name: devtron-service - port: - number: 80 - path: /grafana - pathType: {{ .pathType }} - {{- if .tls }} - tls: -{{ toYaml .tls | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/templates/devtron-installer.yaml b/charts/devtron-enterprise/templates/devtron-installer.yaml deleted file mode 100644 index 89795b11..00000000 --- a/charts/devtron-enterprise/templates/devtron-installer.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.installer.modules }} -{{- with .Values.installer.modules }} -{{ range . }} -{{- if eq . "cicd" }} -apiVersion: installer.devtron.ai/v1alpha1 -kind: Installer -metadata: - name: installer-devtron - namespace: devtroncd -spec: - {{- if or (eq $.Values.installer.source "gitee") (eq $.Values.installer.source "Gitee")}} - url: https://gitee.com/{{ $.Values.installer.repo }}/raw/{{ $.Values.installer.release }}/manifests/installation-script - {{- else }} - url: https://raw.githubusercontent.com/{{ $.Values.installer.repo }}/{{ $.Values.installer.release }}/manifests/installation-script - {{- end }} - reSync: true -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/devtron-scc.yaml b/charts/devtron-enterprise/templates/devtron-scc.yaml deleted file mode 100644 index 1f5f10d0..00000000 --- a/charts/devtron-enterprise/templates/devtron-scc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if $.Values.installer }} -{{- if $.Values.installer.openshift }} -apiVersion: security.openshift.io/v1 -fsGroup: - type: RunAsAny -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: 'This SCC provides devtron components required permissions to run flawlessly on top of openshift' - name: devtron-scc -readOnlyRootFilesystem: false -allowPrivilegedContainer: true -runAsUser: - type: RunAsAny -seLinuxContext: - type: RunAsAny -seccompProfiles: -- '*' -supplementalGroups: - type: RunAsAny -users: -- system:serviceaccount:argo:argo -- system:serviceaccount:devtroncd:default -- system:serviceaccount:devtroncd:devtron -- system:serviceaccount:devtroncd:argocd-dex-server -- system:serviceaccount:devtroncd:kubewatch -- system:serviceaccount:devtroncd:devtron-grafana -- system:serviceaccount:devtroncd:devtron-grafana-test -- system:serviceaccount:devtroncd:devtron-minio -- system:serviceaccount:devtroncd:argocd-application-controller -- system:serviceaccount:devtroncd:argocd-repo-server -- system:serviceaccount:devtroncd:argocd-server -- system:serviceaccount:devtron-ci:ci-runner -- system:serviceaccount:devtron-cd:cd-runner -- system:serviceaccount:devtroncd:chart-sync -- system:serviceaccount:devtroncd:devtron-default-sa -volumes: -- '*' -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/templates/devtron-service.yaml b/charts/devtron-enterprise/templates/devtron-service.yaml deleted file mode 100644 index 9c365e1d..00000000 --- a/charts/devtron-enterprise/templates/devtron-service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if $.Values.components }} -{{- if $.Values.components.devtron }} -{{- if $.Values.components.devtron.service }} -{{- with $.Values.components.devtron.service }} -apiVersion: v1 -kind: Service -metadata: - labels: - app: devtron - release: devtron - {{- if .labels }} -{{ toYaml .labels | indent 4 }} - {{- end }} - annotations: - "helm.sh/resource-policy": keep - {{- if .annotations }} -{{ toYaml .annotations | indent 4 }} - {{- end }} - name: devtron-service - namespace: devtroncd -spec: - ports: - - name: devtron - port: {{ .port }} - {{- if .nodePort }} - nodePort: {{ .nodePort }} - {{- end }} - protocol: TCP - targetPort: devtron -{{- if .loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .loadBalancerSourceRanges | nindent 4}} -{{- end }} - selector: - app: devtron - sessionAffinity: None - type: {{ .type }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/templates/devtron.yaml b/charts/devtron-enterprise/templates/devtron.yaml deleted file mode 100644 index 391f4906..00000000 --- a/charts/devtron-enterprise/templates/devtron.yaml +++ /dev/null @@ -1,301 +0,0 @@ -{{- with .Values.components.devtron }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: "devtron-cm" - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep -data: - PG_USER: postgres - PG_ADDR: postgresql-postgresql.devtroncd - PG_PORT: "5432" - HELM_CLIENT_URL: kubelink-service:50051 - DASHBOARD_PORT: "80" - DASHBOARD_HOST: dashboard-service.devtroncd - PG_DATABASE: orchestrator - DEX_HOST: http://argocd-dex-server.devtroncd - DEX_PORT: "5556" - APP_SYNC_IMAGE: {{ include "common.image" (dict "component" $.Values.components.chartSync "global" $.Values.global ) }} -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} - CD_HOST: "argocd-server.devtroncd" - CD_PORT: "80" - CD_NAMESPACE: "devtroncd" - EVENT_URL: "http://notifier-service.devtroncd:80/notify" - GIT_SENSOR_PROTOCOL: GRPC - GIT_SENSOR_URL: "git-sensor-service.devtroncd:90" - GIT_SENSOR_TIMEOUT: "300" - LENS_URL: "http://lens-service.devtroncd:80" - LENS_TIMEOUT: "300" - NATS_SERVER_HOST: "nats://devtron-nats.devtroncd:4222" - APP: "orchestrator" - PG_LOG_QUERY: "true" - LOG_LEVEL: "0" - GIT_WORKING_DIRECTORY: "/tmp/gitops/" - ACD_URL: "argocd-server.devtroncd" - ACD_USER: "admin" - ACD_TIMEOUT: "300" - ACD_SKIP_VERIFY: "true" - MODE: "PROD" - CD_LIMIT_CI_CPU: "0.5" - CD_LIMIT_CI_MEM: "3G" - CD_REQ_CI_CPU: "0.5" - CD_REQ_CI_MEM: "1G" - CD_NODE_TAINTS_KEY: "dedicated" - CD_NODE_LABEL_SELECTOR: "kubernetes.io/os=linux" - CD_WORKFLOW_SERVICE_ACCOUNT: "cd-runner" - DEFAULT_BUILD_LOGS_KEY_PREFIX: "devtron" - DEFAULT_CD_ARTIFACT_KEY_LOCATION: "devtron/cd-artifacts" - CD_NODE_TAINTS_VALUE: "ci" - CD_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" - DEFAULT_CD_NAMESPACE: "devtron-cd" - DEFAULT_CI_IMAGE: {{ include "common.image" (dict "component" $.Values.components.ciRunner "global" $.Values.global ) }} - DEFAULT_CD_TIMEOUT: "3600" - WF_CONTROLLER_INSTANCE_ID: "devtron-runner" - CI_LOGS_KEY_PREFIX: "ci-artifacts" - DEFAULT_NAMESPACE: "devtron-ci" - DEFAULT_TIMEOUT: "3600" - LIMIT_CI_CPU: "0.5" - LIMIT_CI_MEM: "3G" - REQ_CI_CPU: "0.5" - REQ_CI_MEM: "1G" - CI_NODE_TAINTS_KEY: "" - CI_NODE_TAINTS_VALUE: "" - CI_NODE_LABEL_SELECTOR: "" - CACHE_LIMIT: "5000000000" - DEFAULT_ARTIFACT_KEY_LOCATION: "devtron/ci-artifacts" - WORKFLOW_SERVICE_ACCOUNT: "ci-runner" - EXTERNAL_CI_PAYLOAD: "{\"ciProjectDetails\":[{\"gitRepository\":\"https://github.com/vikram1601/getting-started-nodejs.git\",\"checkoutPath\":\"./abc\",\"commitHash\":\"239077135f8cdeeccb7857e2851348f558cb53d3\",\"commitTime\":\"2022-10-30T20:00:00\",\"branch\":\"master\",\"message\":\"Update README.md\",\"author\":\"User Name \"}],\"dockerImage\":\"445808685819.dkr.ecr.us-east-2.amazonaws.com/orch:23907713-2\"}" - CI_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" - IMAGE_SCANNER_ENDPOINT: "http://image-scanner-service.devtroncd:80" - ECR_REPO_NAME_PREFIX: "devtron/" - ACD_USERNAME: "admin" - DEX_RURL: "http://argocd-dex-server.devtroncd:8080/callback" - DEX_URL: "http://argocd-dex-server.devtroncd:5556/dex" - CExpirationTime: "600" - JwtExpirationTime: "120" - ACD_CM: "argocd-cm" - ACD_NAMESPACE: "devtroncd" - MINIO_ENDPOINT: http://devtron-minio:9000 - GITOPS_REPO_PREFIX: "devtron" - ENFORCER_CACHE: "true" - ENFORCER_CACHE_EXPIRATION_IN_SEC: "345600" - ENFORCER_MAX_BATCH_SIZE: "1" - DEVTRON_SECRET_NAME: "devtron-secret" - ENABLE_ASYNC_ARGO_CD_INSTALL_DEVTRON_CHART: "false" - USE_ARTIFACT_LISTING_API_V2: "false" - ASYNC_BUILDX_CACHE_EXPORT: "true" - BUILDX_CACHE_MODE_MIN: "false" - DEVTRON_CHART_ARGO_CD_INSTALL_REQUEST_TIMEOUT: "1" - HIDE_SEVERITY_LIST: "" - IN_APP_LOGGING_ENABLED: "true" - PARALLELISM_LIMIT_FOR_TAG_PROCESSING: "2" - SCAN_V2_ENABLED: "false" - TIMEOUT_IN_SECONDS: "60" - SHOW_DOCKER_BUILD_ARGS: "true" - FORCE_SECURITY_SCANNING: "false" - RUN_HELM_INSTALL_IN_ASYNC_MODE_HELM_APPS: "true" - ENABLE_ASYNC_INSTALL_DEVTRON_CHART: "true" - DEVTRON_CHART_INSTALL_REQUEST_TIMEOUT: "6" - USE_IMAGE_TAG_FROM_GIT_PROVIDER_FOR_TAG_BASED_BUILD: "false" - IMAGE_SCAN_MAX_RETRIES: "3" - IMAGE_SCAN_RETRY_DELAY: "5" - CONSUMER_CONFIG_JSON: '{"DEVTRON-CHART-INSTALL-DURABLE":{"natsMsgProcessingBatchSize":1}}' - SKIP_GITOPS_VALIDATION: "false" - SKIP_CREATING_ECR_REPO: "false" - SCOPED_VARIABLE_ENABLED: "true" - SCOPED_VARIABLE_HANDLE_PRIMITIVES: "true" - MAX_CI_WORKFLOW_RETRIES: "0" - MAX_CD_WORKFLOW_RUNNER_RETRIES: "0" - ENABLE_BUILD_CONTEXT: "true" - CI_SUCCESS_AUTO_TRIGGER_BATCH_SIZE: "1" - FEATURE_RESTART_WORKLOAD_BATCH_SIZE: "1" - FEATURE_RESTART_WORKLOAD_WORKER_POOL_SIZE: "5" - USE_GIT_CLI: "false" - PROPAGATE_EXTRA_LABELS: "false" -{{- if $.Values.configs }} -{{- if or ($.Values.minio.enabled) ($.Values.configs.BLOB_STORAGE_PROVIDER) }} - BLOB_STORAGE_ENABLED: "true" -{{- end }} -{{ toYaml $.Values.configs | indent 2 }} -{{- if and ($.Values.minio.enabled) (not $.Values.configs.BLOB_STORAGE_PROVIDER) }} - BLOB_STORAGE_PROVIDER: "S3" - BLOB_STORAGE_S3_ENDPOINT: "http://devtron-minio.devtroncd:9000" - BLOB_STORAGE_S3_ENDPOINT_INSECURE: "true" - DEFAULT_BUILD_LOGS_BUCKET: "devtron-ci-log" - DEFAULT_CACHE_BUCKET: "devtron-ci-cache" -{{- if lt ($.Values.minio.replicaCount | int) 4 }} - BLOB_STORAGE_S3_BUCKET_VERSIONED: "false" -{{- else }} - BLOB_STORAGE_S3_BUCKET_VERSIONED: "true" -{{- end }} -{{- end }} -{{- if or ($.Values.minio.enabled) (eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE") }} - DEFAULT_CACHE_BUCKET_REGION: "us-west-2" - DEFAULT_CD_LOGS_BUCKET_REGION: "us-west-2" -{{- end }} -{{- if and (eq $.Values.configs.BLOB_STORAGE_PROVIDER "S3") (not $.Values.configs.BLOB_STORAGE_S3_ENDPOINT) }} - BLOB_STORAGE_S3_ENDPOINT: "" -{{- end }} -{{- if $.Values.configs.BLOB_STORAGE_PROVIDER }} - BLOB_STORAGE_S3_BUCKET_VERSIONED: "true" -{{- end }} -{{- if $.Values.monitoring }} -{{- if $.Values.monitoring.grafana }} -{{- if $.Values.monitoring.grafana.enabled }} - GRAFANA_URL: "http://%s:%s@devtron-grafana.devtroncd/grafana" - GRAFANA_HOST: "devtron-grafana.devtroncd" - GRAFANA_PORT: "80" - GRAFANA_NAMESPACE: "devtroncd" - GRAFANA_ORG_ID: "2" -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-custom-cm - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep -data: -{{- if .customOverrides }} -{{ toYaml .customOverrides | indent 2}} -{{- end }} - DEFAULT_CI_IMAGE: {{ include "common.image" (dict "component" $.Values.components.ciRunner "global" $.Values.global ) }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-cluster-components - labels: - release: devtron -data: - rollout.yaml: >- - rollout: - resources: - limits: - cpu: 250m - memory: 200Mi - requests: - cpu: 50m - memory: 100Mi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: devtron - labels: - app: devtron - release: devtron - annotations: - "helm.sh/resource-policy": keep -spec: - selector: - matchLabels: - app: devtron - release: devtron - replicas: 1 - minReadySeconds: 60 - template: - metadata: - labels: - app: devtron - release: devtron - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.devtron.nodeSelector "tolerations" $.Values.components.devtron.tolerations "imagePullSecrets" $.Values.components.devtron.imagePullSecrets "global" $.Values.global) | indent 6 }} - terminationGracePeriodSeconds: 30 - restartPolicy: Always - serviceAccountName: devtron - volumes: - - configMap: - name: devtron-cluster-components - name: devtron-cluster-components-vol - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: devtron - {{- if $.Values.installer.modules }} - {{- if (has "cicd" $.Values.installer.modules) }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global "extraImage" $.Values.components.devtron.cicdImage ) }} - {{- else }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global) }} - {{- end }} - {{- else }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global) }} - {{- end }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - ' curl -X POST -H "Content-Type: application/json" -d ''{"eventType": - "SIG_TERM"}'' localhost:8080/orchestrator/telemetry/summary' - ports: - - name: devtron - containerPort: 8080 - protocol: TCP - env: - - name: DEVTRON_APP_NAME - value: devtron - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: "devtron-cm" - - secretRef: - name: "devtron-secret" - - configMapRef: - name: "devtron-custom-cm" - - secretRef: - name: "devtron-custom-secret" - volumeMounts: - - mountPath: /cluster/component - name: devtron-cluster-components-vol - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - revisionHistoryLimit: 3 ---- -{{- if .serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: devtron-sm - labels: - kind: Prometheus - app: devtron - release: devtron - annotations: - "helm.sh/resource-policy": keep -spec: - endpoints: - - port: devtron - path: /metrics - scheme: http - interval: 30s - scrapeTimeout: 3s - selector: - matchLabels: - app: devtron -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/templates/dex.yaml b/charts/devtron-enterprise/templates/dex.yaml deleted file mode 100644 index a95c0379..00000000 --- a/charts/devtron-enterprise/templates/dex.yaml +++ /dev/null @@ -1,193 +0,0 @@ -{{- with .Values.components.argocdDexServer }} -{{- $argocdEnabled := index $.Values "argo-cd" }} -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - app.kubernetes.io/managed-by: {{ $.Release.Service }} - annotations: - "helm.sh/resource-policy": keep - "meta.helm.sh/release-name": {{ $.Release.Name }} - "meta.helm.sh/release-namespace": {{ $.Release.Namespace }} - {{- if and ($argocdEnabled.enabled) ($.Release.IsInstall) }} - "helm.sh/hook": pre-install - {{- end }} - name: argocd-dex-server -spec: - ports: - - name: http - port: 5556 - protocol: TCP - targetPort: 5556 - - name: grpc - port: 5557 - protocol: TCP - targetPort: 5557 - - name: metrics - port: 5558 - protocol: TCP - targetPort: 5558 - selector: - app.kubernetes.io/name: argocd-dex-server ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - app.kubernetes.io/managed-by: {{ $.Release.Service }} - annotations: - "helm.sh/resource-policy": keep - "meta.helm.sh/release-name": {{ $.Release.Name }} - "meta.helm.sh/release-namespace": {{ $.Release.Namespace }} - {{- if and ($argocdEnabled.enabled) ($.Release.IsInstall) }} - "helm.sh/hook": pre-install - {{- end }} - name: argocd-dex-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: argocd-dex-server - minReadySeconds: 60 - template: - metadata: - labels: - app.kubernetes.io/name: argocd-dex-server - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.argocdDexServer.nodeSelector "tolerations" $.Values.components.argocdDexServer.tolerations "imagePullSecrets" $.Values.components.argocdDexServer.imagePullSecrets "global" $.Values.global) | indent 6 }} - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - command: - - /shared/authenticator - - rundex - image: {{ include "common.image" (dict "component" $.Values.components.argocdDexServer "global" $.Values.global ) }} - imagePullPolicy: {{ .imagePullPolicy }} - name: dex - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 10 }} - {{- end }} - ports: - - containerPort: 5556 - - containerPort: 5557 - - containerPort: 5558 - volumeMounts: - - mountPath: /shared - name: static-files - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 10 }} - {{- end }} - initContainers: - - command: - - cp - - -n - - /authenticator - - /shared - image: {{ include "common.image" (dict "component" $.Values.components.argocdDexServer "global" $.Values.global "extraImage" $.Values.components.argocdDexServer.initContainer.authenticator) }} - imagePullPolicy: IfNotPresent - name: copyutil - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 10 }} - {{- end }} - volumeMounts: - - mountPath: /shared - name: static-files - {{- if .initContainer.resources }} - resources: - {{- toYaml .initContainer.resources | nindent 10 }} - {{- end }} - serviceAccountName: argocd-dex-server - volumes: - - emptyDir: {} - name: static-files ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - app.kubernetes.io/managed-by: {{ $.Release.Service }} - annotations: - "helm.sh/resource-policy": keep - "meta.helm.sh/release-name": {{ $.Release.Name }} - "meta.helm.sh/release-namespace": {{ $.Release.Namespace }} - {{- if and ($argocdEnabled.enabled) ($.Release.IsInstall) }} - "helm.sh/hook": pre-install - {{- end }} - name: argocd-dex-server ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - app.kubernetes.io/managed-by: {{ $.Release.Service }} - annotations: - "helm.sh/resource-policy": keep - "meta.helm.sh/release-name": {{ $.Release.Name }} - "meta.helm.sh/release-namespace": {{ $.Release.Namespace }} - {{- if and ($argocdEnabled.enabled) ($.Release.IsInstall) }} - "helm.sh/hook": pre-install - {{- end }} - name: argocd-dex-server -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: dex-server - app.kubernetes.io/name: argocd-dex-server - app.kubernetes.io/part-of: argocd - app.kubernetes.io/managed-by: {{ $.Release.Service }} - annotations: - "helm.sh/resource-policy": keep - "meta.helm.sh/release-name": {{ $.Release.Name }} - "meta.helm.sh/release-namespace": {{ $.Release.Namespace }} - {{- if and ($argocdEnabled.enabled) ($.Release.IsInstall) }} - "helm.sh/hook": pre-install - {{- end }} - name: argocd-dex-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argocd-dex-server -subjects: -- kind: ServiceAccount - name: argocd-dex-server -{{- end }} diff --git a/charts/devtron-enterprise/templates/generic.yaml b/charts/devtron-enterprise/templates/generic.yaml deleted file mode 100644 index d921178c..00000000 --- a/charts/devtron-enterprise/templates/generic.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraManifests }} ---- -{{ toYaml . }} - {{- end -}} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/gitsensor.yaml b/charts/devtron-enterprise/templates/gitsensor.yaml deleted file mode 100644 index 6248b738..00000000 --- a/charts/devtron-enterprise/templates/gitsensor.yaml +++ /dev/null @@ -1,163 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -{{- with .Values.components.gitsensor }} -apiVersion: v1 -kind: Secret -metadata: - name: git-sensor-secret - labels: - app: git-sensor - release: devtron -type: Opaque -{{- if .secrets }} -data: -{{- range $k, $v := .secrets }} - {{ $k }}: {{ $v | b64enc }} -{{- end }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: git-sensor-cm - labels: - app: git-sensor - release: devtron -{{- if .configs }} -data: -{{ toYaml .configs | indent 2 }} -{{- end }} - ---- -# Source: gitsensor/templates/generic.yaml -apiVersion: v1 -kind: Service -metadata: - name: git-sensor-service - labels: - app: git-sensor - release: devtron -spec: - ports: - - name: sensor - port: 80 - protocol: TCP - targetPort: 8080 - - name: grpc - port: 90 - protocol: TCP - targetPort: 8081 - selector: - app: git-sensor ---- -# Source: gitsensor/templates/generic.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: git-sensor - labels: - release: devtron - app: git-sensor -spec: - selector: - matchLabels: - app: git-sensor # has to match .spec.template.metadata.labels - serviceName: git-sensor - replicas: 1 # by default is 1 - template: - metadata: - labels: - app: git-sensor - spec: - terminationGracePeriodSeconds: 10 - securityContext: - runAsGroup: 1000 - runAsUser: 1000 - serviceAccountName: devtron-default-sa - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.gitsensor.nodeSelector "tolerations" $.Values.components.gitsensor.tolerations "imagePullSecrets" $.Values.components.gitsensor.imagePullSecrets "global" $.Values.global) | indent 6 }} - initContainers: - - command: - - /bin/sh - - -c - - mkdir -p /git-base/ssh-keys && chown -R devtron:devtron /git-base && chmod 777 /git-base/ssh-keys - image: {{ include "common.image" (dict "component" $.Values.components.gitsensor "global" $.Values.global) }} - imagePullPolicy: IfNotPresent - name: chown-git-base - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /git-base/ - name: git-volume - containers: - - name: git-sensor - image: {{ include "common.image" (dict "component" $.Values.components.gitsensor "global" $.Values.global) }} - {{- if .imagePullPolicy }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - runAsUser: 1000 - runAsNonRoot: true - ports: - - containerPort: 8080 - name: sensor - - containerPort: 8081 - name: grpc - volumeMounts: - - name: git-volume - mountPath: /git-base/ - env: - - name: DEVTRON_APP_NAME - value: git-sensor - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if $.Values.components.gitsensor.dbconfig }} - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .dbconfig.secretName }} - key: {{ .dbconfig.keyName }} - {{- end }} - envFrom: - - secretRef: - name: git-sensor-secret - - configMapRef: - name: git-sensor-cm - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: git-volume - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .persistence.volumeSize }} ---- -{{- if .serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: git-sensor-sm - labels: - app: git-sensor - kind: Prometheus - release: devtron -spec: - endpoints: - - port: app - path: /metrics - selector: - matchLabels: - app: git-sensor -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/grafana.yaml b/charts/devtron-enterprise/templates/grafana.yaml deleted file mode 100644 index b39233fa..00000000 --- a/charts/devtron-enterprise/templates/grafana.yaml +++ /dev/null @@ -1,682 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -{{- if $.Values.monitoring }} -{{- if $.Values.monitoring.grafana }} -{{- if $.Values.monitoring.grafana.enabled }} -{{- if .Capabilities.APIVersions.Has "batch/v1/Job" }} -apiVersion: batch/v1 -{{- else -}} -apiVersion: batch/v1beta1 -{{- end }} -kind: Job -metadata: - name: grafana-org-job -spec: - template: - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron - containers: - - name: grafana-restart - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }} - command: ["sh", "/tmp/kubectl-grafana.sh"] - volumeMounts: - - name: grafana-org-volume - mountPath: "/tmp/" - initContainers: - - name: grafana-org - image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.grafanaOrgJob.curlImage ) }} - command: ["sh","/tmp/org.sh"] - env: - - name: GRAFANA_PASSWORD - valueFrom: - secretKeyRef: - name: devtron-grafana-cred-secret - key: admin-password - volumeMounts: - - name: grafana-org-volume - mountPath: "/tmp/" - restartPolicy: OnFailure - volumes: - - name: grafana-org-volume - configMap: - name: grafana-org-cm - backoffLimit: 20 ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-org-cm - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -data: - org.sh: |- - - until nc -z devtron-grafana 80 > /dev/null; do echo Waiting for grafana to be ready; sleep 2; done; - grafanaUrl="http://admin:${GRAFANA_PASSWORD}@devtron-grafana.devtroncd/grafana" - echo $grafanaUrl - ORG_ID=$( curl -d '{"name":"devtron-metrics-view"}' -H "Content-Type: application/json" -X POST "${grafanaUrl}/api/orgs" ) - echo $ORG_ID - - curl -X POST "${grafanaUrl}/api/user/using/2"; - - curl -X PUT -H "Content-Type: application/json" -d '{"homeDashboardId":0,"theme":"light","timezone":"browser"}' "${grafanaUrl}/api/org/preferences"; - - curl "${grafanaUrl}/api/datasources" -H 'content-type: application/json' -H 'x-grafana-org-id: 2' --data '{"name":"Prometheus-devtron-demo","type":"prometheus","access":"proxy","isDefault":true}' - - curl "${grafanaUrl}/api/datasources/2" -X PUT \ - -H 'content-type: application/json' \ - -H 'x-grafana-org-id: 2' \ - --data '{"id": 2 , - "orgId": 2, - "name":"Prometheus-devtron-demo","type":"prometheus","access":"proxy", - "basicAuth":false,"jsonData":{},"version":1}' - - kubectl-grafana.sh: |- - cat < "/var/lib/grafana/dashboards/devtron-provider/cpu-usage.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13320/revisions/4/download" > "/var/lib/grafana/dashboards/devtron-provider/latency-status.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13325/revisions/4/download" > "/var/lib/grafana/dashboards/devtron-provider/memory-usage.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13321/revisions/6/download" > "/var/lib/grafana/dashboards/devtron-provider/response-status.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13323/revisions/6/download" > "/var/lib/grafana/dashboards/devtron-provider/memory-usage-below-k8s1-15.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13324/revisions/3/download" > "/var/lib/grafana/dashboards/devtron-provider/cpu-usage-below-k8s1-15.json" - EOF - kubectl get po -n devtroncd -l app.kubernetes.io/name=grafana | awk '{print $1}' | grep -v devtron-grafana-test | grep -v NAME | xargs kubectl delete po -n devtroncd ---- -# Source: grafana/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm - name: devtron-grafana - namespace: devtroncd ---- -# Source: grafana/templates/tests/test-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm - name: devtron-grafana-test - namespace: devtroncd ---- -# Source: grafana/templates/configmap-dashboard-provider.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm - name: devtron-grafana-config-dashboards - namespace: devtroncd -data: - provider.yaml: |- - apiVersion: 1 - providers: - - name: 'sidecarProvider' - orgId: 1 - folder: '' - type: file - disableDeletion: false - allowUiUpdates: false - options: - foldersFromFilesStructure: false - path: /tmp/dashboards ---- -# Source: grafana/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-grafana - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -data: - grafana.ini: | - [analytics] - check_for_updates = true - [auth.anonymous] - enabled = true - org_name = devtron-metrics-view - org_role = Viewer - [grafana_net] - url = https://grafana.net - [log] - mode = console - [paths] - data = /var/lib/grafana/data - logs = /var/log/grafana - plugins = /var/lib/grafana/plugins - provisioning = /etc/grafana/provisioning - [security] - allow_embedding = true - [server] - root_url = /grafana - serve_from_sub_path = true - [users] - allow_org_create = true - dashboardproviders.yaml: | - apiVersion: 1 - providers: [] - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - mkdir -p /var/lib/grafana/dashboards/devtron-provider - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13322/revisions/4/download" > "/var/lib/grafana/dashboards/devtron-provider/cpu-usage.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13320/revisions/4/download" > "/var/lib/grafana/dashboards/devtron-provider/latency-status.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13325/revisions/4/download" > "/var/lib/grafana/dashboards/devtron-provider/memory-usage.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13321/revisions/6/download" > "/var/lib/grafana/dashboards/devtron-provider/response-status.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13323/revisions/6/download" > "/var/lib/grafana/dashboards/devtron-provider/memory-usage-below-k8s1-15.json" - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - "https://grafana.com/api/dashboards/13324/revisions/3/download" > "/var/lib/grafana/dashboards/devtron-provider/cpu-usage-below-k8s1-15.json" ---- -# Source: grafana/templates/dashboards-json-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-grafana-dashboards-devtron-provider - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm - dashboard-provider: devtron-provider -data: - {} ---- -# Source: grafana/templates/tests/test-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-grafana-test - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -data: - run.sh: |- - @test "Test Health" { - url="http://devtron-grafana/api/health" - - code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') - [ "$code" == "200" ] - } ---- -# Source: grafana/templates/pvc.yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: devtron-grafana - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm - finalizers: - - kubernetes.io/pvc-protection -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: {{ $.Values.monitoring.grafana.persistence.storage }} ---- -# Source: grafana/templates/clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm - name: devtron-grafana-clusterrole -rules: -- apiGroups: [""] # "" indicates the core API group - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] ---- -# Source: grafana/templates/clusterrolebinding.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: devtron-grafana-clusterrolebinding - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -subjects: - - kind: ServiceAccount - name: devtron-grafana - namespace: devtroncd -roleRef: - kind: ClusterRole - name: devtron-grafana-clusterrole - apiGroup: rbac.authorization.k8s.io ---- -# Source: grafana/templates/role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: devtron-grafana - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [devtron-grafana] ---- -# Source: grafana/templates/tests/test-role.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: devtron-grafana-test - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [devtron-grafana-test] ---- -# Source: grafana/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: devtron-grafana - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: devtron-grafana -subjects: -- kind: ServiceAccount - name: devtron-grafana - namespace: devtroncd ---- -# Source: grafana/templates/tests/test-rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: devtron-grafana-test - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: devtron-grafana-test -subjects: -- kind: ServiceAccount - name: devtron-grafana-test - namespace: devtroncd ---- -# Source: grafana/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: devtron-grafana - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - ports: - - name: service - port: 80 - protocol: TCP - targetPort: 3000 - - selector: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron ---- -# Source: grafana/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: devtron-grafana - namespace: devtroncd - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - strategy: - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - spec: - serviceAccountName: devtron-grafana - securityContext: - fsGroup: 472 - runAsGroup: 472 - runAsUser: 472 - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 6 }} - initContainers: - - name: init-chown-data - image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.busyboxImage ) }} - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: false - runAsUser: 0 - command: ["chown", "-R", "472:472", "/var/lib/grafana"] - resources: {} - volumeMounts: - - name: storage - mountPath: "/var/lib/grafana" - - name: download-dashboards - image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.grafanaDashboards.curlImage ) }} - imagePullPolicy: IfNotPresent - command: ["/bin/sh"] - args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] - resources: {} - env: - volumeMounts: - - name: config - mountPath: "/etc/grafana/download_dashboards.sh" - subPath: download_dashboards.sh - - name: storage - mountPath: "/var/lib/grafana" - - name: grafana-sc-datasources - image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana.grafanaDashboards "global" $.Values.global ) }} - imagePullPolicy: IfNotPresent - env: - - name: METHOD - value: LIST - - name: LABEL - value: "grafana_datasource" - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - - name: RESOURCE - value: "both" - resources: - {} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" - containers: - {{- with $.Values.monitoring.grafana.grafanaDashboards }} - - name: grafana-sc-dashboard - image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana.grafanaDashboards "global" $.Values.global ) }} - imagePullPolicy: {{ .imagePullPolicy }} - env: - - name: METHOD - value: - - name: LABEL - value: "grafana_dashboard" - - name: FOLDER - value: "/tmp/dashboards" - - name: RESOURCE - value: "both" - {{- if .resources }} - resources: -{{ toYaml .resources | indent 12 }} - {{- end }} - volumeMounts: - - name: sc-dashboard-volume - mountPath: "/tmp/dashboards" - {{- end }} - {{- with $.Values.monitoring.grafana}} - - name: grafana - image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global ) }} - imagePullPolicy: {{ .imagePullPolicy }} - volumeMounts: - - name: config - mountPath: "/etc/grafana/grafana.ini" - subPath: grafana.ini - - name: storage - mountPath: "/var/lib/grafana" - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - - name: sc-dashboard-volume - mountPath: "/tmp/dashboards" - - name: sc-dashboard-provider - mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" - subPath: provider.yaml - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" - ports: - - name: service - containerPort: 80 - protocol: TCP - - name: grafana - containerPort: 3000 - protocol: TCP - env: - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: devtron-grafana-cred-secret - key: admin-user - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: devtron-grafana-cred-secret - key: admin-password - {{- if .resources }} - resources: -{{ toYaml .resources | indent 12 }} - {{- end }} - livenessProbe: - failureThreshold: 10 - httpGet: - path: /api/health - port: 3000 - initialDelaySeconds: 60 - timeoutSeconds: 30 - readinessProbe: - httpGet: - path: /api/health - port: 3000 - volumes: - - name: config - configMap: - name: devtron-grafana - - name: dashboards-devtron-provider - configMap: - name: devtron-grafana-dashboards-devtron-provider - - name: storage - persistentVolumeClaim: - claimName: devtron-grafana - - name: sc-dashboard-volume - emptyDir: {} - - name: sc-dashboard-provider - configMap: - name: devtron-grafana-config-dashboards - - name: sc-datasources-volume - emptyDir: {} - {{- end }} ---- -apiVersion: v1 -kind: Pod -metadata: - name: devtron-grafana-test - labels: - app.kubernetes.io/name: grafana - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "7.3.1" - app.kubernetes.io/managed-by: Helm - namespace: devtroncd -spec: - serviceAccountName: devtron-grafana-test - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.monitoring.grafana.nodeSelector "tolerations" $.Values.monitoring.grafana.tolerations "imagePullSecrets" $.Values.monitoring.grafana.imagePullSecrets "global" $.Values.global) | indent 2 }} - containers: - - name: devtron-test - image: {{ include "common.image" (dict "component" $.Values.monitoring.grafana "global" $.Values.global "extraImage" $.Values.monitoring.grafana.batsImage ) }} - imagePullPolicy: "IfNotPresent" - command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] - volumeMounts: - - mountPath: /tests - name: tests - readOnly: true - volumes: - - name: tests - configMap: - name: devtron-grafana-test - restartPolicy: OnFailure -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/install.yaml b/charts/devtron-enterprise/templates/install.yaml deleted file mode 100644 index e3e61929..00000000 --- a/charts/devtron-enterprise/templates/install.yaml +++ /dev/null @@ -1,119 +0,0 @@ -{{- if .Values.installer.modules }} -{{- with .Values.installer.modules }} -{{- range . }} -{{- if eq . "cicd" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: installer - namespace: devtroncd ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: installer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: installer - namespace: devtroncd ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: installer-editor -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: installer-editor-role -subjects: - - kind: ServiceAccount - name: installer - namespace: devtroncd ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: installer-editor-role -rules: - - apiGroups: - - installer.devtron.ai - resources: - - installers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - installer.devtron.ai - resources: - - installers/status - verbs: - - get ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: inception - name: inception - namespace: devtroncd -spec: - minReadySeconds: 60 - replicas: 1 - strategy: - type: - Recreate - selector: - matchLabels: - app: inception - template: - metadata: - creationTimestamp: null - labels: - app: inception - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.installer.nodeSelector "tolerations" $.Values.installer.tolerations "imagePullSecrets" $.Values.installer.imagePullSecrets "global" $.Values.global) | indent 6 }} - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - image: {{ include "common.image" (dict "component" $.Values.installer "global" $.Values.global ) }} - imagePullPolicy: IfNotPresent - name: inception - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - ports: - - - containerPort: 8080 - name: app - protocol: TCP - {{- if $.Values.installer.resources }} - resources: - {{- toYaml $.Values.installer.resources | nindent 12 }} - {{- else }} - resources: - limits: - cpu: 50m - memory: 500Mi - requests: - cpu: 10m - memory: 100Mi - {{- end }} - restartPolicy: Always - serviceAccountName: installer - terminationGracePeriodSeconds: 30 -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/kubelink.yaml b/charts/devtron-enterprise/templates/kubelink.yaml deleted file mode 100644 index f4e93054..00000000 --- a/charts/devtron-enterprise/templates/kubelink.yaml +++ /dev/null @@ -1,124 +0,0 @@ -{{- with .Values.components.kubelink }} -apiVersion: v1 -kind: Secret -metadata: - name: kubelink-secret - labels: - app: kubelink - release: devtron - annotations: - "helm.sh/resource-policy": keep -type: Opaque -{{- if .secrets }} -data: -{{- range $k, $v := .secrets }} - {{ $k }}: {{ $v | b64enc }} -{{- end }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubelink-cm - labels: - app: kubelink - release: devtron - annotations: - "helm.sh/resource-policy": keep -{{- if .configs }} -data: -{{ toYaml .configs | indent 2 }} -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} - RUN_HELM_INSTALL_IN_ASYNC_MODE: "true" -{{- else }} - RUN_HELM_INSTALL_IN_ASYNC_MODE: "false" -{{- end }} -{{- end }} -{{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubelink - labels: - app: kubelink - chart: kubelink-4.11.1 - annotations: - "helm.sh/resource-policy": keep -spec: - selector: - matchLabels: - app: kubelink - replicas: 1 - minReadySeconds: 60 - template: - metadata: - labels: - app: kubelink - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.kubelink.nodeSelector "tolerations" $.Values.components.kubelink.tolerations "imagePullSecrets" $.Values.components.kubelink.imagePullSecrets "global" $.Values.global) | indent 6 }} - terminationGracePeriodSeconds: 30 - restartPolicy: Always - serviceAccount: devtron - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: kubelink - image: {{ include "common.image" (dict "component" $.Values.components.kubelink "global" $.Values.global ) }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - ports: - - name: app - containerPort: 50051 - protocol: TCP - env: - - name: DEVTRON_APP_NAME - value: kubelink - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .dbconfig }} - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .dbconfig.secretName }} - key: {{ .dbconfig.keyName }} - {{- end }} - envFrom: - - configMapRef: - name: kubelink-cm - - secretRef: - name: kubelink-secret - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - revisionHistoryLimit: 3 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: kubelink - name: kubelink-service - namespace: devtroncd - annotations: - "helm.sh/resource-policy": keep -spec: - ports: - - name: app - port: 50051 - protocol: TCP - targetPort: app - selector: - app: kubelink - sessionAffinity: None - type: ClusterIP -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/kubewatch.yaml b/charts/devtron-enterprise/templates/kubewatch.yaml deleted file mode 100644 index fa199caf..00000000 --- a/charts/devtron-enterprise/templates/kubewatch.yaml +++ /dev/null @@ -1,222 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -{{- with .Values.components.kubewatch }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: kubewatch - release: devtron - name: kubewatch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: kubewatch - release: devtron - name: kubewatch -rules: - - apiGroups: - - "" - resources: - - pods - - namespaces - - services - - deployments - - replicationcontrollers - - replicasets - - daemonsets - - persistentvolumes - - events - - workflows - verbs: - - list - - watch - - get - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - argoproj.io - resources: - - workflows - - applications - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: kubewatch - release: devtron - name: kubewatch -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubewatch -subjects: - - kind: ServiceAccount - name: kubewatch - namespace: devtroncd ---- -apiVersion: v1 -kind: Secret -metadata: - name: kubewatch-secret - labels: - release: devtron - app: kubewatch -type: Opaque -{{- if .secrets }} -data: -{{- range $k, $v := .secrets }} - {{ $k }}: {{ $v | b64enc }} -{{- end }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubewatch-resources-cm - labels: - release: devtron - app: kubewatch -data: - .kubewatch.yaml: | - handler: - webhook: - enabled: false - url: http://devtroncd-event-handler-service-prod.devtroncd/event - - resource: - daemonset: false - deployment: false - events: true - job: false - persistentvolume: false - pod: false - replicaset: false - replicationcontroller: false - services: false ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubewatch-cm - labels: - release: devtron - app: kubewatch -data: -{{- if .configs}} -{{ toYaml .configs | indent 2 }} -{{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubewatch - labels: - app: kubewatch - release: devtron -spec: - selector: - matchLabels: - app: kubewatch - release: devtron - replicas: 1 - minReadySeconds: 60 - template: - metadata: - labels: - app: kubewatch - release: devtron - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.kubewatch.nodeSelector "tolerations" $.Values.components.kubewatch.tolerations "imagePullSecrets" $.Values.components.kubewatch.imagePullSecrets "global" $.Values.global) | indent 6 }} - terminationGracePeriodSeconds: 30 - restartPolicy: Always - serviceAccountName: kubewatch - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: kubewatch - image: {{ include "common.image" (dict "component" $.Values.components.kubewatch "global" $.Values.global) }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - ports: - - name: app - containerPort: 3000 - protocol: TCP - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .dbconfig }} - - name: DB_PWD - valueFrom: - secretKeyRef: - name: {{ .dbconfig.secretName }} - key: {{ .dbconfig.keyName }} - {{- end }} - envFrom: - - configMapRef: - name: kubewatch-cm - - secretRef: - name: kubewatch-secret - volumeMounts: - - name: kubewatch-resources-config - mountPath: /root/.kubewatch.yaml - subPath: .kubewatch.yaml -{{- if .resources }} - resources: -{{ toYaml .resources | indent 12 }} -{{- end }} - volumes: - - name: kubewatch-resources-config - configMap: - name: kubewatch-resources-cm - revisionHistoryLimit: 3 -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/lens.yaml b/charts/devtron-enterprise/templates/lens.yaml deleted file mode 100644 index c3a87b34..00000000 --- a/charts/devtron-enterprise/templates/lens.yaml +++ /dev/null @@ -1,118 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -{{- with .Values.components.lens }} -apiVersion: v1 -kind: Secret -metadata: - name: lens-secret - labels: - app: lens - release: devtron -type: Opaque -{{- if .secrets }} -data: -{{- range $k, $v := .secrets }} - {{ $k }}: {{ $v | b64enc }} -{{- end }} -{{- end }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: lens-cm - labels: - app: lens - release: devtron -{{- if .configs }} -data: -{{ toYaml .configs | indent 2 }} -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: lens-service - labels: - app: lens - release: devtron -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: app - protocol: TCP - name: app - selector: - app: lens ---- -# Source: lens/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: lens - labels: - app: lens - release: devtron -spec: - selector: - matchLabels: - app: lens - release: devtron - replicas: 1 - minReadySeconds: 60 - template: - metadata: - labels: - app: lens - release: devtron - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.lens.nodeSelector "tolerations" $.Values.components.lens.tolerations "imagePullSecrets" $.Values.components.lens.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - terminationGracePeriodSeconds: 30 - restartPolicy: Always - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: lens - image: {{ include "common.image" (dict "component" $.Values.components.lens "global" $.Values.global) }} - {{- if .imagePullPolicy }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- end }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - ports: - - name: app - containerPort: 8080 - protocol: TCP - env: - - name: DEVTRON_APP_NAME - value: lens - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .dbconfig }} - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .dbconfig.secretName }} - key: {{ .dbconfig.keyName }} - {{- end }} - envFrom: - - configMapRef: - name: lens-cm - - secretRef: - name: lens-secret - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - volumeMounts: [] - revisionHistoryLimit: 3 -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/migrator.yaml b/charts/devtron-enterprise/templates/migrator.yaml deleted file mode 100644 index fa88b176..00000000 --- a/charts/devtron-enterprise/templates/migrator.yaml +++ /dev/null @@ -1,422 +0,0 @@ -{{- with .Values.components.migrator }} ---- -{{- if $.Capabilities.APIVersions.Has "batch/v1/Job" }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: Job -metadata: - name: postgresql-migrate-devtron-{{ randAlphaNum 5 | lower }} - annotations: {} - labels: - job: postgresql-migrate-devtron -spec: - template: - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - initContainers: - - env: - - name: DB_TYPE - value: postgres - - name: PG_USER - value: postgres - - name: PG_ADDR - value: postgresql-postgresql.devtroncd - - name: DB_PORT - value: "5432" - - name: PG_DATABASE - value: orchestrator - envFrom: - - secretRef: - name: devtron-secret - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.duplicateChartImage ) }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - name: clean-duplicate-chart - - command: - - /bin/sh - - -c - - cp -r /scripts/. /shared/ - {{- if $.Values.installer.modules }} - {{- if (has "cicd" $.Values.installer.modules) }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global "extraImage" $.Values.components.devtron.cicdImage ) }} - {{- else }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global) }} - {{- end }} - {{- else }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global) }} - {{- end }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - name: init-devtron - volumeMounts: - - mountPath: /shared - name: shared-volume - containers: - - command: - - /bin/sh - - -c - - 'if [ $(MIGRATE_TO_VERSION) -eq "0" ]; then migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable up; else echo $(MIGRATE_TO_VERSION); migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable goto $(MIGRATE_TO_VERSION); fi ' - env: - - name: SCRIPT_LOCATION - value: /shared/sql/ - - name: DB_TYPE - value: postgres - - name: DB_USER_NAME - value: postgres - - name: DB_HOST - value: postgresql-postgresql.devtroncd - - name: DB_PORT - value: "5432" - - name: DB_NAME - value: {{ .envVars.devtron.DB_NAME }} - - name: MIGRATE_TO_VERSION - value: "0" - envFrom: - - secretRef: - name: postgresql-migrator - {{- if .image }} - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} - {{- else }} - image: migrate/migrate - {{- end }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - name: postgresql-migrate-devtron - volumeMounts: - - mountPath: /shared - name: shared-volume - {{- if .devtron }} - {{- if .devtron.resources }} - resources: - {{- toYaml .devtron.resources | nindent 10 }} - {{- end }} - {{- end }} - restartPolicy: OnFailure - volumes: - - emptyDir: {} - name: shared-volume - backoffLimit: 20 - activeDeadlineSeconds: 1500 ---- -{{- if $.Capabilities.APIVersions.Has "batch/v1/Job" }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: Job -metadata: - name: postgresql-migrate-casbin-{{ randAlphaNum 5 | lower }} - annotations: {} -spec: - template: - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: devtron-rollout - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }} - command: ['sh', '-c', 'kubectl rollout restart deployment/devtron -n devtroncd && kubectl rollout restart deployment/kubelink -n devtroncd'] - {{- if .casbin }} - {{- if .casbin.resources }} - resources: - {{- toYaml .casbin.resources | nindent 10 }} - {{- end }} - {{- end }} - initContainers: - - command: - - /bin/sh - - -c - - cp -r /scripts/. /shared/ - {{- if $.Values.installer.modules }} - {{- if (has "cicd" $.Values.installer.modules) }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global "extraImage" $.Values.components.devtron.cicdImage ) }} - {{- else }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global) }} - {{- end }} - {{- else }} - image: {{ include "common.image" (dict "component" $.Values.components.devtron "global" $.Values.global) }} - {{- end }} - name: init-devtron - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /shared - name: shared-volume - - command: - - /bin/sh - - -c - - 'if [ $(MIGRATE_TO_VERSION) -eq "0" ]; then migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable up; else echo $(MIGRATE_TO_VERSION); migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable goto $(MIGRATE_TO_VERSION); fi ' - env: - - name: SCRIPT_LOCATION - value: /shared/casbin/ - - name: DB_TYPE - value: postgres - - name: DB_USER_NAME - value: postgres - - name: DB_HOST - value: postgresql-postgresql.devtroncd - - name: DB_PORT - value: "5432" - - name: DB_NAME - value: {{ .envVars.casbin.DB_NAME }} - - name: MIGRATE_TO_VERSION - value: "0" - envFrom: - - secretRef: - name: postgresql-migrator - {{- if .image }} - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} - {{- else }} - image: migrate/migrate - {{- end }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - {{- if .casbin }} - {{- if .casbin.initContainer.resources }} - resources: -{{- toYaml .casbin.initContainer.resources | nindent 12 }} - {{- end }} - {{- end }} - name: postgresql-migrate-casbin - volumeMounts: - - mountPath: /shared - name: shared-volume - restartPolicy: OnFailure - volumes: - - emptyDir: {} - name: shared-volume - backoffLimit: 20 - activeDeadlineSeconds: 1500 -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} ---- -{{- if $.Capabilities.APIVersions.Has "batch/v1/Job" }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: Job -metadata: - name: postgresql-migrate-gitsensor-{{ randAlphaNum 5 | lower }} -spec: - template: - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - initContainers: - - command: - - /bin/sh - - -c - - cp -r sql /shared/ - image: {{ include "common.image" (dict "component" $.Values.components.gitsensor "global" $.Values.global) }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - name: init-git-sensor - volumeMounts: - - mountPath: /shared - name: shared-volume - containers: - - command: - - /bin/sh - - -c - - 'if [ $(MIGRATE_TO_VERSION) -eq "0" ]; then migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable up; else echo $(MIGRATE_TO_VERSION); migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable goto $(MIGRATE_TO_VERSION); fi ' - env: - - name: SCRIPT_LOCATION - value: /shared/sql/ - - name: DB_TYPE - value: postgres - - name: DB_USER_NAME - value: postgres - - name: DB_HOST - value: postgresql-postgresql.devtroncd - - name: DB_PORT - value: "5432" - - name: DB_NAME - value: {{ .envVars.gitsensor.DB_NAME }} - - name: MIGRATE_TO_VERSION - value: "0" - envFrom: - - secretRef: - name: postgresql-migrator - {{- if .image }} - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} - {{- else }} - image: migrate/migrate - {{- end }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - name: postgresql-migrate-git-sensor - volumeMounts: - - mountPath: /shared - name: shared-volume - {{- if .gitsensor }} - {{- if .gitsensor.resources }} - resources: - {{- toYaml .gitsensor.resources | nindent 10 }} - {{- end }} - {{- end }} - restartPolicy: OnFailure - volumes: - - emptyDir: {} - name: shared-volume - backoffLimit: 20 - activeDeadlineSeconds: 1500 ---- -{{- if $.Capabilities.APIVersions.Has "batch/v1/Job" }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: Job -metadata: - name: postgresql-migrate-lens-{{ randAlphaNum 5 | lower }} -spec: - template: - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - initContainers: - - command: - - /bin/sh - - -c - - cp -r sql /shared/ - image: {{ include "common.image" (dict "component" $.Values.components.lens "global" $.Values.global) }} - name: init-lens - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /shared - name: shared-volume - containers: - - name: postgresql-migrate-lens - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 10 }} - {{- end }} - command: - - /bin/sh - - -c - - 'if [ $(MIGRATE_TO_VERSION) -eq "0" ]; then migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable up; else echo $(MIGRATE_TO_VERSION); migrate -path $(SCRIPT_LOCATION) -database postgres://$(DB_USER_NAME):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable goto $(MIGRATE_TO_VERSION); fi ' - env: - - name: SCRIPT_LOCATION - value: /shared/sql/ - - name: DB_TYPE - value: postgres - - name: DB_USER_NAME - value: postgres - - name: DB_HOST - value: postgresql-postgresql.devtroncd - - name: DB_PORT - value: "5432" - - name: DB_NAME - value: {{ .envVars.lens.DB_NAME }} - - name: MIGRATE_TO_VERSION - value: "0" - envFrom: - - secretRef: - name: postgresql-migrator - {{- if .image }} - image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global) }} - {{- else }} - image: migrate/migrate - {{- end }} - {{- if .lens }} - {{- if .lens.resources }} - resources: - {{- toYaml .lens.resources | nindent 10 }} - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /shared - name: shared-volume - restartPolicy: OnFailure - volumes: - - emptyDir: {} - name: shared-volume - backoffLimit: 20 - activeDeadlineSeconds: 1500 - -{{- end }} ---- -apiVersion: batch/v1 -#this job is added for creating new database(clairv4). -#This database is needed for clair upgrade (v2 to v4), since old database does not support migration for new clair. -#Without this job, database can be created for new users, but not for existing users. -kind: Job -metadata: - name: postgresql-miscellaneous -spec: - template: - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.migrator.nodeSelector "tolerations" $.Values.components.migrator.tolerations "imagePullSecrets" $.Values.components.migrator.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsUser: 1000 - containers: - - name: postgresql-miscellaneous - image: {{ include "common.image" (dict "component" $.Values.components.postgres "global" $.Values.global "extraImage" $.Values.components.postgres.armImage ) }} - securityContext: - allowPrivilegeEscalation: false - runAsUser: 1000 - runAsNonRoot: true - env: - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: postgresql-postgresql - key: postgresql-password - - name: PGHOST - value: postgresql-postgresql - command: - - /bin/sh - - -c - - psql -Upostgres -f /docker-entrypoint-initdb.d/db_create.sql - volumeMounts: - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - volumes: - - name: custom-init-scripts - configMap: - name: postgresql-postgresql-init-scripts - restartPolicy: OnFailure - backoffLimit: 20 - activeDeadlineSeconds: 1800 -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/minio.yaml b/charts/devtron-enterprise/templates/minio.yaml deleted file mode 100644 index 0f76d58f..00000000 --- a/charts/devtron-enterprise/templates/minio.yaml +++ /dev/null @@ -1,418 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -{{- if or ($.Values.minio.enabled) (eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE") }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: devtron-minio-update-prometheus-secret - labels: - app: minio-update-prometheus-secret - release: devtron - heritage: Helm ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "devtron-minio" - namespace: "devtroncd" - labels: - app: minio - release: "devtron" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-minio - labels: - app: minio - release: devtron - heritage: Helm -data: - initialize: |- - #!/bin/sh - set -e ; # Have script exit in the event of a failed command. - MC_CONFIG_DIR="/etc/minio/mc/" - MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" - - # connectToMinio - # Use a check-sleep-check loop to wait for Minio service to be available - connectToMinio() { - SCHEME=$1 - ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts - set -e ; # fail if we can't read the keys. - ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ; - set +e ; # The connections to minio are allowed to fail. - echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="${MC} config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; - $MC_COMMAND ; - STATUS=$? ; - until [ $STATUS = 0 ] - do - ATTEMPTS=`expr $ATTEMPTS + 1` ; - echo \"Failed attempts: $ATTEMPTS\" ; - if [ $ATTEMPTS -gt $LIMIT ]; then - exit 1 ; - fi ; - sleep 2 ; # 1 second intervals between attempts - $MC_COMMAND ; - STATUS=$? ; - done ; - set -e ; # reset `e` as active - return 0 - } - - # checkBucketExists ($bucket) - # Check if the bucket exists, by using the exit code of `mc ls` - checkBucketExists() { - BUCKET=$1 - CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) - return $? - } - - # createBucket ($bucket, $policy, $purge) - # Ensure bucket exists, purging if asked to - createBucket() { - BUCKET=$1 - POLICY=$2 - PURGE=$3 - VERSIONING=$4 - - # Purge the bucket, if set & exists - # Since PURGE is user input, check explicitly for `true` - if [ $PURGE = true ]; then - if checkBucketExists $BUCKET ; then - echo "Purging bucket '$BUCKET'." - set +e ; # don't exit if this fails - ${MC} rm -r --force myminio/$BUCKET - set -e ; # reset `e` as active - else - echo "Bucket '$BUCKET' does not exist, skipping purge." - fi - fi - - # Create the bucket if it does not exist - if ! checkBucketExists $BUCKET ; then - echo "Creating bucket '$BUCKET'" - ${MC} mb myminio/$BUCKET - else - echo "Bucket '$BUCKET' already exists." - fi - - # set versioning for bucket - if [ ! -z $VERSIONING ] ; then - if [ $VERSIONING = true ] ; then - echo "Enabling versioning for '$BUCKET'" - ${MC} version enable myminio/$BUCKET - elif [ $VERSIONING = false ] ; then - echo "Suspending versioning for '$BUCKET'" - ${MC} version suspend myminio/$BUCKET - fi - else - echo "Bucket '$BUCKET' versioning unchanged." - fi - - # At this point, the bucket should exist, skip checking for existence - # Set policy on the bucket - echo "Setting policy of bucket '$BUCKET' to '$POLICY'." - ${MC} policy set $POLICY myminio/$BUCKET - } - - # Try connecting to Minio instance - scheme=http - connectToMinio $scheme - {{- if and ($.Values.minio.enabled) (not $.Values.configs.BLOB_STORAGE_PROVIDER) }} - # Create the buckets - {{- if lt ($.Values.minio.replicaCount | int) 4 }} - createBucket devtron-ci-log none false - createBucket devtron-ci-cache none false - {{- else }} - createBucket devtron-ci-log none false true - createBucket devtron-ci-cache none false true - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: devtron-minio-update-prometheus-secret - labels: - app: minio-update-prometheus-secret - release: devtron - heritage: Helm -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create - - update - - patch - resourceNames: - - devtron-minio-prometheus - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - resourceNames: - - devtron-minio ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: devtron-minio-update-prometheus-secret - labels: - app: minio-update-prometheus-secret - release: devtron - heritage: Helm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: devtron-minio-update-prometheus-secret -subjects: - - kind: ServiceAccount - name: devtron-minio-update-prometheus-secret - namespace: "devtroncd" ---- -apiVersion: v1 -kind: Service -metadata: - name: devtron-minio - labels: - app: minio - release: {{ $.Release.Name }} - heritage: Helm -spec: - type: ClusterIP - ports: - - name: http - port: 9000 - protocol: TCP - targetPort: 9000 - selector: - app: minio - {{- if eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE" }} - release: devtron-minio - {{- else }} - release: {{ $.Release.Name }} - {{- end }} -{{- if and ($.Values.minio.enabled) (not $.Values.configs.BLOB_STORAGE_PROVIDER) }} ---- -apiVersion: v1 -kind: Service -metadata: - name: devtron-minio-svc - labels: - app: minio - release: {{ $.Release.Name }} - heritage: "Helm" -spec: - publishNotReadyAddresses: true - clusterIP: None - ports: - - name: http - port: 9000 - protocol: TCP - selector: - app: minio - release: {{ $.Release.Name }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - {{- if lt ($.Values.minio.replicaCount | int) 4 }} - name: minio-devtron - {{- else }} - name: devtron-minio - {{- end }} - labels: - app: minio - release: {{ $.Release.Name }} - heritage: Helm -spec: - updateStrategy: - type: RollingUpdate - podManagementPolicy: "Parallel" - serviceName: devtron-minio-svc - {{- if lt ($.Values.minio.replicaCount | int) 4 }} - replicas: 1 - {{- else }} - replicas: {{ $.Values.minio.replicaCount }} - {{- end }} - selector: - matchLabels: - app: minio - release: {{ $.Release.Name }} - template: - metadata: - name: devtron-minio - labels: - app: minio - release: {{ $.Release.Name }} - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global "imagePullSecret" $.Values.imagePullSecret ) | indent 6 }} - serviceAccountName: "devtron-minio" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - containers: - - name: minio - image: {{ include "common.image" (dict "component" $.Values.minio "global" $.Values.global ) }} - imagePullPolicy: {{ $.Values.minio.imagePullPolicy }} - - command: [ "/bin/sh", - "-ce", - {{- if lt ($.Values.minio.replicaCount | int) 4 }} - "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs/ server /export" ] - {{- else }} - "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs/ server http://devtron-minio-{0...{{ sub ($.Values.minio.replicaCount | int) 1 }}}.devtron-minio-svc.devtroncd.svc.cluster.local/export" ] - {{- end }} - volumeMounts: - - name: export - mountPath: /export - ports: - - name: http - containerPort: 9000 - env: - - name: MINIO_ACCESS_KEY - valueFrom: - secretKeyRef: - name: devtron-minio - key: accesskey - - name: MINIO_SECRET_KEY - valueFrom: - secretKeyRef: - name: devtron-minio - key: secretkey - resources: {} - volumes: - - name: minio-user - secret: - secretName: devtron-minio - volumeClaimTemplates: - - metadata: - name: export - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ $.Values.minio.persistence.storage }} ---- -# Source: minio/templates/post-install-create-bucket-job.yaml -apiVersion: batch/v1 -kind: Job -metadata: - {{- if lt ($.Values.minio.replicaCount | int) 4 }} - name: devtron-minio-make-bucket-job - {{- else }} - name: devtron-minio-make-bucket - {{- end }} - labels: - app: minio-make-bucket-job - release: {{ $.Release.Name }} - heritage: Helm -spec: - template: - metadata: - labels: - app: minio-job - release: {{ $.Release.Name }} - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global "imagePullSecret" $.Values.imagePullSecret ) | indent 6 }} - restartPolicy: OnFailure - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: devtron-minio - - secret: - name: devtron-minio - serviceAccountName: "devtron-minio" - containers: - - name: minio-mc - image: {{ include "common.image" (dict "component" $.Values.minio "global" $.Values.global "extraImage" $.Values.minio.mbImage ) }} - imagePullPolicy: {{ $.Values.minio.mbImagePullPolicy }} - command: ["/bin/sh", "/config/initialize"] - env: - - name: MINIO_ENDPOINT - value: devtron-minio - - name: MINIO_PORT - value: "9000" - volumeMounts: - - name: minio-configuration - mountPath: /config - resources: {} -{{- end }} -{{- end }} -{{- if eq $.Values.configs.BLOB_STORAGE_PROVIDER "AZURE" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: devtron-minio - labels: - app: minio - chart: minio-8.0.9 - release: devtron-minio - heritage: Helm -spec: - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 100% - maxUnavailable: 0 - replicas: 2 - selector: - matchLabels: - app: minio - release: devtron-minio - template: - metadata: - name: devtron-minio - labels: - app: minio - release: devtron-minio - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.minio.nodeSelector "tolerations" $.Values.minio.tolerations "imagePullSecrets" $.Values.minio.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: "devtron-minio" - containers: - - name: minio - image: {{ include "common.image" (dict "component" $.Values.minio "global" $.Values.global "extraImage" $.Values.minio.gatewayImage ) }} - imagePullPolicy: IfNotPresent - command: - - "/bin/sh" - - "-ce" - - "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs/ gateway azure" - volumeMounts: - ports: - - name: http - containerPort: 9000 - env: - - name: MINIO_ACCESS_KEY - valueFrom: - secretKeyRef: - name: devtron-minio - key: accesskey - - name: MINIO_SECRET_KEY - valueFrom: - secretKeyRef: - name: devtron-minio - key: secretkey - volumes: - - name: minio-user - secret: - secretName: devtron-minio -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/nats-server.yaml b/charts/devtron-enterprise/templates/nats-server.yaml deleted file mode 100644 index fcf7df78..00000000 --- a/charts/devtron-enterprise/templates/nats-server.yaml +++ /dev/null @@ -1,321 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -{{- with .Values.components.nats }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-nats-config - namespace: "devtroncd" - labels: - app.kubernetes.io/name: nats - app.kubernetes.io/instance: devtron-nats - app.kubernetes.io/managed-by: Helm -data: - nats.conf: | - # PID file shared with configuration reloader. - pid_file: "/var/run/nats/nats.pid" - ############### - # # - # Monitoring # - # # - ############### - http: 8222 - server_name:$POD_NAME - ################################### - # # - # NATS JetStream # - # # - ################################### - jetstream { - max_mem: 1Gi - domain: devtron-jet - max_file_store: 5Gi - store_dir: "/data" - - } - lame_duck_duration: 120s ---- -# Source: nats/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: devtron-nats - namespace: "devtroncd" - labels: - app.kubernetes.io/name: nats - app.kubernetes.io/instance: devtron-nats - app.kubernetes.io/managed-by: Helm -spec: - selector: - app.kubernetes.io/name: nats - app.kubernetes.io/instance: devtron-nats - clusterIP: None - ports: - - name: client - port: 4222 - - name: cluster - port: 6222 - - name: monitor - port: 8222 - - name: metrics - port: 7777 - - name: leafnodes - port: 7422 - - name: gateways - port: 7522 ---- -# Source: nats/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: devtron-nats - namespace: "devtroncd" - labels: - app.kubernetes.io/name: nats - app.kubernetes.io/instance: devtron-nats - app.kubernetes.io/managed-by: Helm -spec: - selector: - matchLabels: - app.kubernetes.io/name: nats - app.kubernetes.io/instance: devtron-nats - replicas: 1 - serviceName: devtron-nats - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "7777" - prometheus.io/scrape: "true" - labels: - app.kubernetes.io/name: nats - app.kubernetes.io/instance: devtron-nats - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.nats.nodeSelector "tolerations" $.Values.components.nats.tolerations "imagePullSecrets" $.Values.components.nats.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - # Common volumes for the containers. - volumes: - - name: config-volume - - configMap: - name: devtron-nats-config - - - # Local volume shared with the reloader. - - name: pid - emptyDir: {} - - ################# - # # - # TLS Volumes # - # # - ################# - - - - # Required to be able to HUP signal and apply config - # reload to the server without restarting the pod. - shareProcessNamespace: true - - ################# - # # - # NATS Server # - # # - ################# - terminationGracePeriodSeconds: 120 - containers: - - name: nats - image: {{ include "common.image" (dict "component" $.Values.components.nats "global" $.Values.global) }} - imagePullPolicy: {{ .imagePullPolicy }} - resources: - {} - ports: - - containerPort: 4222 - name: client - - containerPort: 7422 - name: leafnodes - - containerPort: 7522 - name: gateways - - containerPort: 6222 - name: cluster - - containerPort: 8222 - name: monitor - - containerPort: 7777 - name: metrics - - command: - - "nats-server" - - "--config" - - "/etc/nats-config/nats.conf" - - # Required to be able to define an environment variable - # that refers to other environment variables. This env var - # is later used as part of the configuration file. - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SERVER_NAME - value: $(POD_NAME) - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CLUSTER_ADVERTISE - value: $(POD_NAME).devtron-nats.$(POD_NAMESPACE).svc.cluster.local - volumeMounts: - - name: config-volume - mountPath: /etc/nats-config - - name: pid - mountPath: /var/run/nats - - name: data - mountPath: /data - - # Liveness/Readiness probes against the monitoring. - # - livenessProbe: - httpGet: - path: / - port: 8222 - initialDelaySeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 8222 - initialDelaySeconds: 10 - timeoutSeconds: 5 - - # Gracefully stop NATS Server on pod deletion or image upgrade. - # - lifecycle: - preStop: - exec: - # Using the alpine based NATS image, we add an extra sleep that is - # the same amount as the terminationGracePeriodSeconds to allow - # the NATS Server to gracefully terminate the client connections. - # - command: - - "/bin/sh" - - "-c" - - "nats-server -sl=ldm=/var/run/nats/nats.pid && /bin/sleep 120" - - ################################# - # # - # NATS Configuration Reloader # - # # - ################################# - - - name: reloader - image: {{ include "common.image" (dict "component" $.Values.components.nats.reloader "global" $.Values.global) }} - imagePullPolicy: {{ .reloader.imagePullPolicy }} - resources: - null - command: - - "nats-server-config-reloader" - - "-pid" - - "/var/run/nats/nats.pid" - - "-config" - - "/etc/nats-config/nats.conf" - volumeMounts: - - name: config-volume - mountPath: /etc/nats-config - - name: pid - mountPath: /var/run/nats - - - ############################## - # # - # NATS Prometheus Exporter # - # # - ############################## - - - name: metrics - image: {{ include "common.image" (dict "component" $.Values.components.nats.metrics "global" $.Values.global) }} - imagePullPolicy: {{ .metrics.imagePullPolicy }} - resources: - {} - args: - - -connz - - -routez - - -subz - - -varz - - -jsz=all - - -prefix=nats - - -use_internal_server_id - - http://localhost:8222/ - ports: - - containerPort: 7777 - name: metrics - - - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .persistence.storage }} ---- -# Source: nats/templates/tests/test-request-reply.yaml -apiVersion: v1 -kind: Pod -metadata: - name: "devtron-nats-test-request-reply" - labels: - app.kubernetes.io/name: nats - app.kubernetes.io/instance: devtron-nats - app.kubernetes.io/managed-by: Helm -spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.nats.nodeSelector "tolerations" $.Values.components.nats.tolerations "imagePullSecrets" $.Values.components.nats.imagePullSecrets "global" $.Values.global) | indent 2 }} - serviceAccountName: devtron-default-sa - containers: - - name: nats-box - image: {{ include "common.image" (dict "component" $.Values.components.nats.natsBox "global" $.Values.global) }} - env: - - name: NATS_HOST - value: devtron-nats - command: - - /bin/sh - - -ec - - | - nats reply -s nats://$NATS_HOST:4222 'name.>' --command "echo 1" & - - | - "&&" - - | - name=$(nats request -s nats://$NATS_HOST:4222 name.test '' 2>/dev/null) - - | - "&&" - - | - [ $name = test ] - - restartPolicy: Never -{{- if .serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - kind: Prometheus - app: devtron-nats - release: monitoring - name: devtron-nats-server -spec: - endpoints: - - interval: 30s - path: /metrics - port: metrics - jobLabel: nats-server - namespaceSelector: - matchNames: - - devtroncd - selector: - matchLabels: - app.kubernetes.io/instance: devtron-nats - app.kubernetes.io/name: nats -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/notifier.yaml b/charts/devtron-enterprise/templates/notifier.yaml deleted file mode 100644 index 55116ed1..00000000 --- a/charts/devtron-enterprise/templates/notifier.yaml +++ /dev/null @@ -1,123 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} -{{- with .Values.notifier }} -{{- if .enabled }} -# Source: notifier/templates/secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: notifier-secret - labels: - release: devtron - app: notifier -type: Opaque -{{- if .secrets }} -data: -{{- range $k, $v := .secrets }} - {{ $k }}: {{ $v | b64enc }} -{{- end }} -{{- end }} ---- -# Source: notifier/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: notifier-cm - labels: - release: devtron - app: notifier -data: -{{- if .configs}} -{{ toYaml .configs | indent 2 }} -{{- end }} ---- -# Source: notifier/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: notifier-service - labels: - app: notifier - chart: {{ $.Release.Name }}-{{ $.Chart.Version }} - release: devtron -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: app - protocol: TCP - name: app - selector: - app: notifier ---- -# Source: notifier/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: notifier - labels: - app: notifier - chart: {{ $.Release.Name }}-{{ $.Chart.Version }} - release: devtron -spec: - selector: - matchLabels: - app: notifier - release: devtron - replicas: 1 - minReadySeconds: 60 - template: - metadata: - labels: - app: notifier - release: devtron - spec: - serviceAccountName: devtron-default-sa - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.notifier.nodeSelector "tolerations" $.Values.notifier.tolerations "imagePullSecrets" $.Values.notifier.imagePullSecrets "global" $.Values.global) | indent 6 }} - terminationGracePeriodSeconds: 30 - restartPolicy: Always - {{- if and $.Values.global $.Values.global.podSecurityContext }} - securityContext: -{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} - {{- end }} - containers: - - name: notifier - image: {{ include "common.image" (dict "component" $.Values.notifier "global" $.Values.global ) }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - - ports: - - name: app - containerPort: 3000 - protocol: TCP - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .dbconfig }} - - name: DB_PWD - valueFrom: - secretKeyRef: - name: {{ .dbconfig.secretName }} - key: {{ .dbconfig.keyName }} - {{- end }} - envFrom: - - configMapRef: - name: notifier-cm - - secretRef: - name: notifier-secret - volumeMounts: [] -{{- if .resources }} - resources: -{{ toYaml .resources | indent 12 }} -{{- end }} - volumes: [] - revisionHistoryLimit: 3 -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/templates/postgresql.yaml b/charts/devtron-enterprise/templates/postgresql.yaml deleted file mode 100644 index 01e7e974..00000000 --- a/charts/devtron-enterprise/templates/postgresql.yaml +++ /dev/null @@ -1,620 +0,0 @@ -{{- with .Values.components.postgres }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgresql-postgresql-init-scripts - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-2" - "helm.sh/resource-policy": keep -data: - db_create.sql: | - create database casbin; - create database git_sensor; - create database lens; - create database clairv4 -{{- if not $.Values.installer.arch }} ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-postgresql-metrics - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - annotations: - prometheus.io/port: "9187" - prometheus.io/scrape: "true" - "helm.sh/resource-policy": keep -spec: - type: ClusterIP - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app: postgresql - release: devtron - role: master ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-postgresql-headless - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - annotations: - "helm.sh/resource-policy": keep -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app: postgresql - release: "devtron" ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-postgresql - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - annotations: - "helm.sh/resource-policy": keep -spec: - type: ClusterIP - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app: postgresql - release: "devtron" - role: master ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgresql-postgresql - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - annotations: - "helm.sh/resource-policy": keep -spec: - serviceName: postgresql-postgresql-headless - replicas: 1 - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app: postgresql - release: "devtron" - role: master - template: - metadata: - name: postgresql-postgresql - labels: - app: postgresql - chart: postgresql-8.6.4 - release: "devtron" - role: master - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.postgres.nodeSelector "tolerations" $.Values.components.postgres.tolerations "imagePullSecrets" $.Values.components.postgres.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - securityContext: - fsGroup: 1001 - initContainers: - - name: init-chmod-data - image: {{ include "common.image" (dict "component" $.Values.components.postgres "global" $.Values.global "extraImage" $.Values.components.postgres.initImage ) }} - imagePullPolicy: "IfNotPresent" - command: - - /bin/sh - - -cx - - | - - mkdir -p /bitnami/postgresql/data - chmod 700 /bitnami/postgresql/data - find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - xargs chown -R 1001:1001 - chmod -R 777 /dev/shm - {{- if .initContainer }} - {{- if .initContainer.resources }} - resources: - {{- toYaml .initContainer.resources | nindent 12 }} - {{- end }} - {{- end }} - securityContext: - runAsUser: 0 - volumeMounts: - - name: data - mountPath: /bitnami/postgresql - subPath: - - name: dshm - mountPath: /dev/shm - containers: - - name: postgresql-postgresql - image: {{ include "common.image" (dict "component" $.Values.components.postgres "global" $.Values.global ) }} - imagePullPolicy: {{ .imagePullPolicy }} - securityContext: - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - - name: PGDATA - value: "/bitnami/postgresql/data" - - name: POSTGRES_USER - value: postgres - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: postgresql-postgresql - key: postgresql-password - - name: POSTGRES_DB - value: "orchestrator" - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: pgaudit, uuid-ossp - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "postgres" -d "orchestrator" -h 127.0.0.1 -p 5432 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - - | - exec pg_isready -U "postgres" -d "orchestrator" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - - name: dshm - mountPath: /dev/shm - - name: data - mountPath: /bitnami/postgresql - subPath: - - name: metrics - image: {{ include "common.image" (dict "component" $.Values.components.postgres.metrics "global" $.Values.global ) }} - imagePullPolicy: "IfNotPresent" - env: - - name: DATA_SOURCE_URI - value: "127.0.0.1:5432/orchestrator?sslmode=disable" - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: postgresql-postgresql - key: postgresql-password - - name: DATA_SOURCE_USER - value: postgres - {{- if .postgresExporter }} - {{- if .postgresExporter.resources }} - resources: - {{- toYaml .postgresExporter.resources | nindent 12 }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - ports: - - name: http-metrics - containerPort: 9187 - volumes: - - name: custom-init-scripts - configMap: - name: postgresql-postgresql-init-scripts - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: {{ .persistence.volumeSize }} -{{- else }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgresql-postgresql-customscripts - labels: - helm.sh/chart: postgres-0.4.0 - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "14.5" - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-2" - "helm.sh/resource-policy": keep -data: - db_create.sql: | - create database casbin; - create database git_sensor; - create database lens; - create database clairv4; ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgresql-postgresql-scripts - labels: - helm.sh/chart: postgres-0.4.0 - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "14.5" - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-2" - "helm.sh/resource-policy": keep -data: - 01-init-userdb.sh: | - #!/bin/sh - create_user() - { - psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" -v USERDBNAME="$POSTGRES_DB" -v USERDBUSER="$USERDB_USER" -v USERDBPASSWORD="'$USERDB_PASSWORD'" <<-EOSQL - CREATE USER :USERDBUSER WITH PASSWORD :USERDBPASSWORD; - GRANT ALL PRIVILEGES ON DATABASE :USERDBNAME TO :USERDBUSER; - EOSQL - } - set -e - if [ ! -z "$POSTGRES_DB" ] && [ ! -z "$USERDB_USER" ] && [ ! -z "$USERDB_PASSWORD" ]; then - create_user - fi - init.sh: | - #!/bin/sh - echo "Start initialization" - echo "Copy init-userdb script" - cp /initscripts/01-init-userdb.sh /scripts - if [ -d /extrascripts ]; then - echo "Copy extra scripts" - cp /extrascripts/* /scripts - fi - if [ -d /customscripts ]; then - echo "Copy custom scripts" - cp /customscripts/* /scripts - fi - if [ -d /customconfig ]; then - echo "Create postgres config" - cat /customconfig/* >>/configs/postgresql.conf - fi - if [ -d /extraconfigs ]; then - echo "Add extra configs to postgres config" - cat /extraconfigs/* >>/configs/postgresql.conf - fi - echo "Initialization done." ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-postgresql - labels: - helm.sh/chart: postgres-0.4.0 - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "14.5" - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/resource-policy": keep -spec: - type: ClusterIP - ports: - - port: 5432 - targetPort: postgres - protocol: TCP - name: postgres - selector: - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-postgresql-metrics - labels: - helm.sh/chart: postgres-0.4.0 - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "14.5" - app.kubernetes.io/managed-by: Helm - annotations: - prometheus.io/port: "9187" - prometheus.io/scrape: "true" - "helm.sh/resource-policy": keep -spec: - type: ClusterIP - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-postgresql-headless - labels: - helm.sh/chart: postgres-0.4.0 - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "14.5" - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/resource-policy": keep -spec: - type: ClusterIP - clusterIP: None - ports: - - port: 5432 - targetPort: postgres - protocol: TCP - name: postgres - selector: - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: postgresql-postgresql - labels: - helm.sh/chart: postgres-0.4.0 - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - app.kubernetes.io/version: "14.5" - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/resource-policy": keep -spec: - replicas: 1 - serviceName: postgresql-postgresql - podManagementPolicy: OrderedReady - updateStrategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - template: - metadata: - labels: - app.kubernetes.io/name: postgres - app.kubernetes.io/instance: devtron - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.postgres.nodeSelector "tolerations" $.Values.components.postgres.tolerations "imagePullSecrets" $.Values.components.postgres.imagePullSecrets "global" $.Values.global) | indent 6 }} - serviceAccountName: devtron-default-sa - securityContext: - fsGroup: 999 - initContainers: - - name: postgres-init - securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsNonRoot: true - runAsUser: 999 - image: {{ include "common.image" (dict "component" $.Values.components.postgres "global" $.Values.global "extraImage" $.Values.components.postgres.armImage ) }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- if .initContainer }} - {{- if .initContainer.resources }} - resources: - {{- toYaml .initContainer.resources | nindent 12 }} - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /customscripts - name: customscripts-volume - - mountPath: /initscripts - name: initscripts - - mountPath: /scripts - name: scripts - - mountPath: /configs - name: configs - command: [ "/initscripts/init.sh" ] - containers: - - name: postgres - securityContext: - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 999 - runAsNonRoot: true - runAsUser: 999 - image: {{ include "common.image" (dict "component" $.Values.components.postgres "global" $.Values.global "extraImage" $.Values.components.postgres.armImage ) }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - ports: - - name: postgres - containerPort: 5432 - protocol: TCP - env: - - name: PGDATA - value: "/var/lib/postgresql/data/pg" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: postgresql-password - name: postgresql-postgresql - envFrom: - - secretRef: - name: postgresql-postgresql - startupProbe: - exec: - command: - - sh - - -c - - pg_isready -h localhost - initialDelaySeconds: 10 - timeoutSeconds: 5 - failureThreshold: 30 - successThreshold: 1 - periodSeconds: 10 - livenessProbe: - exec: - command: - - sh - - -c - - pg_isready -h localhost - initialDelaySeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - periodSeconds: 10 - readinessProbe: - exec: - command: - - sh - - -c - - pg_isready -h localhost - initialDelaySeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - periodSeconds: 10 - volumeMounts: - - mountPath: /var/run - name: run - - mountPath: /tmp - name: tmp - - mountPath: /var/lib/postgresql/data - name: data - - mountPath: /docker-entrypoint-initdb.d - name: scripts - - mountPath: /etc/postgresql - name: configs - - name: metrics - image: {{ include "common.image" (dict "component" $.Values.components.postgres.metrics "global" $.Values.global "extraImage" $.Values.components.postgres.metrics.armImage ) }} - imagePullPolicy: "IfNotPresent" - env: - - name: DATA_SOURCE_URI - value: "127.0.0.1:5432/orchestrator?sslmode=disable" - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: postgresql-postgresql - key: postgresql-password - - name: DATA_SOURCE_USER - value: postgres - {{- if .postgresExporter }} - {{- if .postgresExporter.resources }} - resources: - {{- toYaml .postgresExporter.resources | nindent 12 }} - {{- end }} - {{- end }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - volumeMounts: - ports: - - name: http-metrics - containerPort: 9187 - volumes: - - name: run - emptyDir: {} - - name: tmp - emptyDir: {} - - name: scripts - emptyDir: {} - - name: configs - emptyDir: {} - - name: initscripts - configMap: - name: postgresql-postgresql-scripts - defaultMode: 0555 - - name: customscripts-volume - configMap: - name: postgresql-postgresql-customscripts - defaultMode: 0555 - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .persistence.volumeSize }} -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/templates/production-overrides.yaml b/charts/devtron-enterprise/templates/production-overrides.yaml deleted file mode 100644 index d60f75c0..00000000 --- a/charts/devtron-enterprise/templates/production-overrides.yaml +++ /dev/null @@ -1,791 +0,0 @@ -{{- if $.Values.installer.modules }} -{{- if $.Values.installer.production_overrides }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: ConfigMap - metadata: - name: argocd-ssh-known-hosts-cm - # update: - # data: - # ssh_known_hosts: | - # ssh-public-key - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: argocd-dex-server - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.02 - memory: 50Mi - requests: - cpu: 0.02 - memory: 50Mi - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: argocd-redis - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.02 - memory: 100Mi - requests: - cpu: 0.02 - memory: 100Mi - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: argocd-repo-server - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.5 - memory: 1Gi - requests: - cpu: 0.5 - memory: 1Gi - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: argocd-server - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.3 - memory: 400Mi - requests: - cpu: 0.3 - memory: 400Mi - --- - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: argocd-application-controller - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 1 - memory: 2Gi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: clair-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: clair - namespace: devtroncd - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.3 - memory: 3Gi - requests: - cpu: 0.3 - memory: 3Gi - --- - apiVersion: v1 - kind: Secret - metadata: - name: clair - # update: - # data: - # config.yaml: |- - # replace-me with key/secret ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: dashboard-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: dashboard - annotations: - name: change-me - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.02 - memory: 50Mi - requests: - cpu: 0.02 - memory: 50Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: external-secret-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: devtron-kubernetes-external-secrets - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.01 - memory: 100Mi - requests: - cpu: 0.01 - memory: 100Mi - # env: - # - name: "LOG_LEVEL" - # value: "info" - # - name: "LOG_MESSAGE_KEY" - # value: "msg" - # - name: "METRICS_PORT" - # value: "3001" - # - name: "POLLER_INTERVAL_MILLISECONDS" - # value: "10000" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: git-sensor-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: ConfigMap - metadata: - name: git-sensor-cm - # update: - # data: - # PG_ADDR: postgresql-postgresql.devtroncd - # PG_USER: change-me - --- - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: git-sensor - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.1 - memory: 2.5Gi - requests: - cpu: 0.1 - memory: 2.5Gi - volumeClaimTemplates: - - spec: - resources: - requests: - storage: 2Gi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: devtron-grafana - update: - spec: - resources: - requests: - storage: "20Gi" - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: devtron-grafana - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.02 - memory: 200Mi - requests: - cpu: 0.02 - memory: 200Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: guard-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: guard - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.01 - memory: 30Mi - requests: - cpu: 0.01 - memory: 30Mi - # env: - # - name: CONFIG_HASH - # value: give-value - # - name: SECRET_HASH - # value: give-value - # - name: DEVTRON_APP_NAME - # value: guard ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: image-scanner-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: ConfigMap - metadata: - name: image-scanner-cm - # update: - # data: - # CLAIR_ADDR: clair.devtroncd:6060 - # NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 - # PG_USER: postgres - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: image-scanner - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 1 - memory: 500Mi - requests: - cpu: 0.5 - memory: 200Mi - # env: - # - name: CONFIG_HASH - # value: 66ea130a3a759ac13165931cc6c106f5a9d40a01171b38982715b5570351134a - # - name: SECRET_HASH - # value: dab9f1b9549ed81db8bca66052d574b870a25e69d1845100d5c0d0368fbf3ee0 - # - name: DEVTRON_APP_NAME - # value: image-scanner - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-ingress-override-cm - namespace: devtroncd -data: - override: | - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: devtron-ingress - # update: - # metadata: - # annotations: - # owner: app1 - # spec: - # rules: - # - http: - # host: http://change-me ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubelink-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: kubelink - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.1 - memory: 100Mi - requests: - cpu: 0.05 - memory: 50Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubewatch-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: kubewatch - update: - spec: - template: - spec: - containers: - - resources: - requests: - cpu: 0.02 - memory: 150Mi - limits: - cpu: 0.02 - memory: 150Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: lens-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: ConfigMap - metadata: - name: lens-cm - # update: - # data: - # GIT_SENSOR_URL: http://git-sensor-service.devtroncd:80 - # NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: lens - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.02 - memory: 50Mi - requests: - cpu: 0.02 - memory: 50Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: minio-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: Secret - metadata: - name: devtron-minio - # update: - # data: - # accesskey: "" - # secretkey: "" - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: devtron-minio - update: - spec: - replicas: 2 - template: - spec: - containers: - - resources: - requests: - memory: 100Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: minio-storage-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: Secret - metadata: - name: devtron-minio - # update: - # data: - # accesskey: "" - # secretkey: "" - --- - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: devtron-minio - update: - spec: - template: - spec: - containers: - - resources: - requests: - memory: 100Mi - --- - apiVersion: batch/v1 - kind: Job - metadata: - name: devtron-minio-make-bucket-job - # update: - # spec: - # template: - # spec: - # containers: - # - resources: - # requests: - # memory: 128Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nats-operator-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: nats-operator - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.01 - memory: 30Mi - requests: - cpu: 0.01 - memory: 30Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nats-server-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: devtron-nats - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.1 - memory: 40Mi - requests: - cpu: 0.05 - memory: 20Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nats-streaming-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: devtron-stan - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.2 - memory: 100Mi - requests: - cpu: 0.1 - memory: 50Mi -# env: -# - name: POD_NAME -# valueFrom: -# fieldRef: -# fieldPath: metadata.name ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: notifier-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: ConfigMap - metadata: - name: notifier-cm - # update: - # data: - # DB_HOST: postgresql-postgresql.devtroncd - # DB_PORT: "5432" - # DB_USER: postgres - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: notifier - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.02 - memory: 100Mi - requests: - cpu: 0.02 - memory: 100Mi - # env: - # - name: CONFIG_HASH - # value: f64a7abec5f850c3393a5f3a1efb3a3c62fbcb6530cc3c6807028c41677fc3ec - # - name: SECRET_HASH - # value: 613cf1b1ff0cf6a867565df5ff0b3585893258f3430f0cccef14cf8c600bc701 - # - name: POD_NAME - # valueFrom: - # fieldRef: - # fieldPath: metadata.name ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: devtron-override-cm - namespace: devtroncd -data: - override: | - apiVersion: v1 - kind: ConfigMap - metadata: - name: devtron-cm - update: - data: - GIT_SENSOR_TIMEOUT: "300" - LENS_TIMEOUT: "300" - DEFAULT_BUILD_LOGS_KEY_PREFIX: "devtron" - DEFAULT_CD_ARTIFACT_KEY_LOCATION: "devtron/cd-artifacts" - DEFAULT_CD_TIMEOUT: "3600" - CI_LOGS_KEY_PREFIX: "ci-artifacts" - DEFAULT_TIMEOUT: "3600" - CD_LIMIT_CI_CPU: "0.5" - CD_LIMIT_CI_MEM: "1G" - CD_REQ_CI_CPU: "0.5" - CD_REQ_CI_MEM: "1G" - LIMIT_CI_CPU: "1.5" - LIMIT_CI_MEM: "3G" - REQ_CI_CPU: "1.5" - REQ_CI_MEM: "3G" - CD_NODE_TAINTS_KEY: "" - CD_NODE_TAINTS_VALUE: "" - CI_NODE_TAINTS_KEY: "" - CI_NODE_TAINTS_VALUE: "" - CI_NODE_LABEL_SELECTOR: "" - CACHE_LIMIT: "5000000000" - DEFAULT_ARTIFACT_KEY_LOCATION: "devtron/ci-artifacts" - EXTERNAL_CI_PAYLOAD: "{\"ciProjectDetails\":[{\"gitRepository\":\"https://github.com/srj92/getting-started-nodejs.git\",\"checkoutPath\":\"./abc\",\"commitHash\":\"239077135f8cdeeccb7857e2851348f558cb53d3\",\"commitTime\":\"2019-10-31T20:55:21+05:30\",\"branch\":\"master\",\"message\":\"Update README.md\",\"author\":\"Devtron Labs \"}],\"dockerImage\":\"445808685819.dkr.ecr.us-east-2.amazonaws.com/orch:23907713-2\",\"digest\":\"test1\",\"dataSource\":\"ext\",\"materialType\":\"git\"}" - ECR_REPO_NAME_PREFIX: "devtron/" - --- - apiVersion: v1 - kind: Secret - metadata: - name: devtron-secret - #update: - # data: - # GRAFANA_PASSWORD: "ssas" - # GRAFANA_USERNAME: "admin" - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: devtron - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 1 - memory: 600Mi - requests: - cpu: 1 - memory: 600Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgresql-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: StatefulSet - metadata: - name: postgresql-postgresql - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.25 - memory: 1.5Gi - requests: - cpu: 0.25 - memory: 800Mi - volumeClaimTemplates: - spec: - resources: - requests: - storage: "5Gi" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: rollout-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: argo-rollouts - update: - spec: - template: - spec: - containers: - - resources: - requests: - cpu: 0.02 - memory: 50Mi - limits: - cpu: 0.02 - memory: 50Mi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: workflow-override-cm - namespace: devtroncd -data: - override: | - apiVersion: apps/v1 - kind: Deployment - metadata: - name: argo-ui - update: - spec: - template: - spec: - containers: - - resources: - limits: - cpu: 0.01 - memory: 30Mi - requests: - cpu: 0.01 - memory: 30Mi - # - env: - # - name: ARGO_NAMESPACE - # valueFrom: - # fieldRef: - # apiVersion: v1 - # fieldPath: metadata.namespace - # - name: IN_CLUSTER - # value: "true" - # - name: ENABLE_WEB_CONSOLE - # value: "false" - # - name: BASE_HREF - # value: / -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/rbac.yaml b/charts/devtron-enterprise/templates/rbac.yaml deleted file mode 100644 index b2d9cacd..00000000 --- a/charts/devtron-enterprise/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: devtron - namespace: devtroncd - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app.kubernetes.io/instance: devtron - name: devtron -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: devtron - annotations: - "helm.sh/resource-policy": keep -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: devtron -subjects: - - kind: ServiceAccount - name: devtron - namespace: devtroncd \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/scoop.yaml b/charts/devtron-enterprise/templates/scoop.yaml deleted file mode 100644 index 9d854423..00000000 --- a/charts/devtron-enterprise/templates/scoop.yaml +++ /dev/null @@ -1,174 +0,0 @@ -{{- if and .Values.devtronEnterprise.enabled .Values.devtronEnterprise.scoop.enabled }} -{{- with .Values.devtronEnterprise.scoop }} -{{- $passKey := randAlphaNum 12 | lower }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: scoop-devtron - namespace: devtroncd - labels: - app: scoop - release: devtron -spec: - minReadySeconds: 60 - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 3 - selector: - matchLabels: - app: scoop - release: devtron - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: scoop - release: devtron - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.devtronEnterprise.scoop.nodeSelector "tolerations" $.Values.devtronEnterprise.scoop.tolerations "imagePullSecrets" $.Values.devtronEnterprise.scoop.imagePullSecrets "global" $.Values.global) | indent 6 }} - terminationGracePeriodSeconds: 30 - restartPolicy: Always - schedulerName: default-scheduler - serviceAccountName: sa-scoop - containers: - - name: scoop - image: {{ include "common.image" (dict "component" $.Values.devtronEnterprise.scoop "global" $.Values.global) }} - {{- if .imagePullPolicy }} - imagePullPolicy: {{ .imagePullPolicy }} - {{- end }} - {{- if and $.Values.global $.Values.global.containerSecurityContext }} - securityContext: -{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} - {{- end }} - env: - - name: X-PASS-KEY - value: qhihdidhwid - - name: PASS_KEY - value: qhihdidhwid - - name: RETENTION - value: "10080" - - name: TOKEN - valueFrom: - secretKeyRef: - name: devtron-secret - key: ORCH_TOKEN - envFrom: - - configMapRef: - name: scoop-cm - ports: - - containerPort: 8080 - name: app - protocol: TCP - {{- if .resources }} - resources: - {{- toYaml .resources | nindent 12 }} - {{- end }} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File ---- -# Scoop-service -apiVersion: v1 -kind: Service -metadata: - labels: - app: scoop - release: devtron - name: scoop-service - namespace: devtroncd -spec: - ports: - - name: app - port: 80 - protocol: TCP - targetPort: app - selector: - app: scoop - sessionAffinity: None - type: ClusterIP - ---- -# Scoop ConfigMap -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: scoop - release: devtron - name: scoop-cm - namespace: devtroncd -{{- if .configs }} -data: -{{ toYaml .configs | indent 2 }} -{{- end }} - ---- -# Scoop ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - labels: - app.kubernetes.io/instance: devtron - name: read-only-cluster-role-scoop -rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - "*" - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - "*" - verbs: - - get - - list - - watch - ---- -# Scoop ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: read-only-user-crb-scoop - annotations: - "helm.sh/resource-policy": keep -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: read-only-cluster-role-scoop -subjects: - - kind: ServiceAccount - name: sa-scoop - namespace: devtroncd - ---- -# Scoop ServiceAccount -apiVersion: v1 -kind: ServiceAccount -metadata: - name: sa-scoop - namespace: devtroncd - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/devtron-enterprise/templates/workflow.yaml b/charts/devtron-enterprise/templates/workflow.yaml deleted file mode 100644 index 79054cb5..00000000 --- a/charts/devtron-enterprise/templates/workflow.yaml +++ /dev/null @@ -1,1337 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: argo - labels: - name: devtron - annotations: - "helm.sh/hook": pre-install - "helm.sh/resource-policy": keep ---- -apiVersion: v1 -kind: Namespace -metadata: - name: devtron-ci - labels: - name: devtron - annotations: - "helm.sh/hook": pre-install - "helm.sh/resource-policy": keep ---- -apiVersion: v1 -kind: Namespace -metadata: - name: devtron-demo - labels: - name: devtron - annotations: - "helm.sh/hook": pre-install - "helm.sh/resource-policy": keep ---- -apiVersion: v1 -kind: Namespace -metadata: - name: devtron-cd - labels: - name: devtron - annotations: - "helm.sh/hook": pre-install - "helm.sh/resource-policy": keep ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: chart-sync - namespace: devtroncd - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": pre-install,pre-upgrade -{{- if $.Values.components.migrator.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.components.migrator.imagePullSecrets | indent 2 }} -{{- else if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} -{{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: devtron-default-sa - namespace: devtroncd - labels: - release: devtron - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": pre-install,pre-upgrade -{{- if $.Values.installer.modules }} -{{- if has "cicd" $.Values.installer.modules }} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io -spec: - conversion: - strategy: None - group: argoproj.io - names: - kind: Workflow - listKind: WorkflowList - plural: workflows - shortNames: - - wf - singular: workflow - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Status of the workflow - jsonPath: .status.phase - name: Status - type: string - - description: When the workflow was started - format: date-time - jsonPath: .status.startedAt - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io -spec: - conversion: - strategy: None - group: argoproj.io - names: - kind: WorkflowTemplate - listKind: WorkflowTemplateList - plural: workflowtemplates - shortNames: - - wftmpl - singular: workflowtemplate - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workfloweventbindings.argoproj.io -spec: - conversion: - strategy: None - group: argoproj.io - names: - kind: WorkflowEventBinding - listKind: WorkflowEventBindingList - plural: workfloweventbindings - shortNames: - - wfeb - singular: workfloweventbinding - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtasksets.argoproj.io -spec: - conversion: - strategy: None - group: argoproj.io - names: - kind: WorkflowTaskSet - listKind: WorkflowTaskSetList - plural: workflowtasksets - shortNames: - - wfts - singular: workflowtaskset - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowtaskresults.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowTaskResult - listKind: WorkflowTaskResultList - plural: workflowtaskresults - singular: workflowtaskresult - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - message: - type: string - metadata: - type: object - outputs: - properties: - artifacts: - items: - properties: - archive: - properties: - none: - type: object - tar: - properties: - compressionLevel: - format: int32 - type: integer - type: object - zip: - type: object - type: object - archiveLogs: - type: boolean - artifactGC: - properties: - podMetadata: - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - serviceAccountName: - type: string - strategy: - enum: - - "" - - OnWorkflowCompletion - - OnWorkflowDeletion - - Never - type: string - type: object - artifactory: - properties: - passwordSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - url: - type: string - usernameSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - required: - - url - type: object - azure: - properties: - accountKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - blob: - type: string - container: - type: string - endpoint: - type: string - useSDKCreds: - type: boolean - required: - - blob - - container - - endpoint - type: object - deleted: - type: boolean - from: - type: string - fromExpression: - type: string - gcs: - properties: - bucket: - type: string - key: - type: string - serviceAccountKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - required: - - key - type: object - git: - properties: - branch: - type: string - depth: - format: int64 - type: integer - disableSubmodules: - type: boolean - fetch: - items: - type: string - type: array - insecureIgnoreHostKey: - type: boolean - passwordSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - repo: - type: string - revision: - type: string - singleBranch: - type: boolean - sshPrivateKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - usernameSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - required: - - repo - type: object - globalName: - type: string - hdfs: - properties: - addresses: - items: - type: string - type: array - force: - type: boolean - hdfsUser: - type: string - krbCCacheSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - krbConfigConfigMap: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - krbKeytabSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - krbRealm: - type: string - krbServicePrincipalName: - type: string - krbUsername: - type: string - path: - type: string - required: - - path - type: object - http: - properties: - auth: - properties: - basicAuth: - properties: - passwordSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - usernameSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - clientCert: - properties: - clientCertSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - clientKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - oauth2: - properties: - clientIDSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - clientSecretSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - endpointParams: - items: - properties: - key: - type: string - value: - type: string - required: - - key - type: object - type: array - scopes: - items: - type: string - type: array - tokenURLSecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - type: object - headers: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - url: - type: string - required: - - url - type: object - mode: - format: int32 - type: integer - name: - type: string - optional: - type: boolean - oss: - properties: - accessKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - bucket: - type: string - createBucketIfNotPresent: - type: boolean - endpoint: - type: string - key: - type: string - lifecycleRule: - properties: - markDeletionAfterDays: - format: int32 - type: integer - markInfrequentAccessAfterDays: - format: int32 - type: integer - type: object - secretKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - securityToken: - type: string - required: - - key - type: object - path: - type: string - raw: - properties: - data: - type: string - required: - - data - type: object - recurseMode: - type: boolean - s3: - properties: - accessKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - bucket: - type: string - createBucketIfNotPresent: - properties: - objectLocking: - type: boolean - type: object - encryptionOptions: - properties: - enableEncryption: - type: boolean - kmsEncryptionContext: - type: string - kmsKeyId: - type: string - serverSideCustomerKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - endpoint: - type: string - insecure: - type: boolean - key: - type: string - region: - type: string - roleARN: - type: string - secretKeySecret: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - useSDKCreds: - type: boolean - type: object - subPath: - type: string - required: - - name - type: object - type: array - exitCode: - type: string - parameters: - items: - properties: - default: - type: string - description: - type: string - enum: - items: - type: string - type: array - globalName: - type: string - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - default: - type: string - event: - type: string - expression: - type: string - jqFilter: - type: string - jsonPath: - type: string - parameter: - type: string - path: - type: string - supplied: - type: object - type: object - required: - - name - type: object - type: array - result: - type: string - type: object - phase: - type: string - progress: - type: string - required: - - metadata - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: workflowartifactgctasks.argoproj.io -spec: - conversion: - strategy: None - group: argoproj.io - names: - kind: WorkflowArtifactGCTask - listKind: WorkflowArtifactGCTaskList - plural: workflowartifactgctasks - shortNames: - - wfat - singular: workflowartifactgctask - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io -spec: - conversion: - strategy: None - group: argoproj.io - names: - kind: CronWorkflow - listKind: CronWorkflowList - plural: cronworkflows - shortNames: - - cwf - - cronwf - singular: cronworkflow - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io -spec: - conversion: - strategy: None - group: argoproj.io - names: - kind: ClusterWorkflowTemplate - listKind: ClusterWorkflowTemplateList - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft - singular: clusterworkflowtemplate - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-map-type: atomic - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - served: true - storage: true ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argo - namespace: argo ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cd-runner - namespace: devtron-cd - labels: - release: devtron -{{- if $.Values.components.ciRunner.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.components.ciRunner.imagePullSecrets | indent 2 }} -{{- else if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} -{{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ci-runner - namespace: devtron-ci - labels: - release: devtron -{{- if $.Values.components.ciRunner.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.components.ciRunner.imagePullSecrets | indent 2 }} -{{- else if $.Values.global.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-role - namespace: argo -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: argo-aggregate-to-admin -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - cronworkflows - - cronworkflows/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: argo-aggregate-to-edit -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - cronworkflows - - cronworkflows/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: argo-aggregate-to-view -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - cronworkflows - - cronworkflows/finalizers - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: argo-cluster-role -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - persistentvolumeclaims/finalizers - verbs: - - create - - update - - delete - - get -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtasksets - - workflowtasksets/finalizers - - workflowartifactgctasks - verbs: - - get - - list - - watch - - update - - patch - - delete - - create -- apiGroups: - - argoproj.io - resources: - - workflowtemplates - - workflowtemplates/finalizers - - clusterworkflowtemplates - - clusterworkflowtemplates/finalizers - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - workflowtaskresults - - workflowtaskresults/finalizers - verbs: - - list - - watch - - deletecollection -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list -- apiGroups: - - argoproj.io - resources: - - cronworkflows - - cronworkflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - get - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: workflow-cluster-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resources: - - secrets - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: workflow-cluster-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: workflow-cluster-role -subjects: -- kind: ServiceAccount - name: ci-runner - namespace: devtron-ci -- kind: ServiceAccount - name: cd-runner - namespace: devtron-cd -- kind: ServiceAccount - name: devtron - namespace: devtroncd ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argo-cluster-role -subjects: -- kind: ServiceAccount - name: argo - namespace: argo ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-binding - namespace: argo -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-role -subjects: -- kind: ServiceAccount - name: argo ---- -apiVersion: v1 -data: - config: |- - parallelism: 50 - artifactRepository: - archiveLogs: false - {{- if not $.Values.workflowController.IMDSv2Enforced }} - containerRuntimeExecutor: pns - {{- end }} - executor: - imagePullPolicy: Always -kind: ConfigMap -metadata: - name: workflow-controller-configmap - namespace: argo ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: workflow-controller - namespace: argo -spec: - selector: - matchLabels: - app: workflow-controller - template: - metadata: - labels: - app: workflow-controller - spec: - {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.workflowController.nodeSelector "tolerations" $.Values.workflowController.tolerations "imagePullSecrets" $.Values.workflowController.imagePullSecrets "global" $.Values.global) | indent 6 }} - containers: - - args: - - --configmap - - workflow-controller-configmap - - --executor-image - {{- if $.Values.workflowController.IMDSv2Enforced }} - - {{ include "common.image" (dict "component" $.Values.workflowController "global" $.Values.global "extraImage" $.Values.workflowController.executorImage ) }} - {{- else }} - - {{ include "common.image" (dict "component" $.Values.workflowController "global" $.Values.global "extraImage" $.Values.workflowController.IMDSv1ExecutorImage ) }} - {{- end }} - command: - - workflow-controller - env: - - name: LEADER_ELECTION_IDENTITY - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - {{- if $.Values.workflowController.IMDSv2Enforced }} - - name: POD_NAMES - value: v1 - {{- end }} - {{- if $.Values.workflowController.IMDSv2Enforced }} - image: {{ include "common.image" (dict "component" $.Values.workflowController "global" $.Values.global ) }} - {{- else }} - image: {{ include "common.image" (dict "component" $.Values.workflowController "global" $.Values.global "extraImage" $.Values.workflowController.IMDSv1Image ) }} - {{- end }} - name: workflow-controller - {{- if $.Values.workflowController.resources }} - resources: - {{- toYaml $.Values.workflowController.resources | nindent 10 }} - {{- end }} - serviceAccountName: argo -{{- end }} -{{- end }} diff --git a/charts/devtron-enterprise/values.yaml b/charts/devtron-enterprise/values.yaml index a087981f..1566d3e8 100644 --- a/charts/devtron-enterprise/values.yaml +++ b/charts/devtron-enterprise/values.yaml @@ -8,505 +8,95 @@ global: runAsUser: 1000 runAsNonRoot: true containerRegistry: "quay.io/devtron" - # The below values can be specified both at global as well as component level. Refer to documentation for more info. + # The below values can be specified both at global as well as component level + # nodeSelector: + # key: value + # tolerations: + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # imagePullSecrets: + # - name: your-image-pull-secret + + # Set the storage class to be used for PVCs (would use default sc if not specified) + storageClass: "" + + # Add Proxy Configs to be propagated to all the Devtron Microservices. + configs: {} + nodeSelector: {} tolerations: [] imagePullSecrets: [] -# Add any extraManifest to be deployed. -extraManifests: [] -installer: - repo: "devtron-labs/devtron" - release: "v0.7.2" - registry: "" - image: inception - tag: 473deaa4-185-21582 - source: "github" # Available options are github and gitee - modules: [] # Available options are cicd - openshift: false # Set this to true if you are installing on openshift - production_overrides: "" # Set true if you want to use this Devtron stack in Production (This will require more resources) -# Change the below values for full mode only - -#Use secrets in plaintext, they'll be encoded to base64 automatically. -secrets: {} -# REQUIRED IF BLOB_STORAGE_PROVIDER=AZURE Token with read write access to AZURE_BLOB_CONTAINER_CI_LOG and AZURE_BLOB_CONTAINER_CI_CACHE -# AZURE_ACCOUNT_KEY: "xxxxxxxxxx" -configs: - BLOB_STORAGE_PROVIDER: "" #AZURE|S3|MINIO|GCP - # Amazon AWS S3 bucket and region for storing Build-cache for faster build process. Mandatory if BLOB_STORAGE_PROVIDER is AWS. - #DEFAULT_CACHE_BUCKET: "change-me" #Do not include s3:// - #DEFAULT_CACHE_BUCKET_REGION: "us-east-1" - # Amazon AWS S3 bucket and region for storing Build-logs. Mandatory if BLOB_STORAGE_PROVIDER is AWS. - #DEFAULT_BUILD_LOGS_BUCKET: "change-me" #Do not include s3:// - #DEFAULT_CD_LOGS_BUCKET_REGION: "us-east-1" - # Amazon AWS Secret Region if you will be using AWS Secret manager for storing secrets. - #EXTERNAL_SECRET_AMAZON_REGION: "" - # Azure Blob storage Info for storing Build Logs and Build cache for faster build process. - #AZURE_ACCOUNT_NAME: "test-account" - #AZURE_BLOB_CONTAINER_CI_LOG: "ci-log-container" - #AZURE_BLOB_CONTAINER_CI_CACHE: "ci-cache-container" -# Change the below values for hyperion only mode (Refer https://docs.devtron.ai/#hyperion ) -components: - # Values for dashboard - dashboard: - config: - analytics: "false" - hotjar: "false" - sentry: "false" - sentryEnv: "PRODUCTION" - applicationMetrics: "true" - extraConfigs: - USE_V2: "true" - ENABLE_BUILD_CONTEXT: "true" - ENABLE_RESTART_WORKLOAD: "true" - HIDE_EXCLUDE_INCLUDE_GIT_COMMITS: "false" - ENABLE_SCOPED_VARIABLES: "true" - ENABLE_CI_JOB: "true" - GLOBAL_API_TIMEOUT: "60000" - TRIGGER_API_TIMEOUT: "60000" - SERVICE_WORKER_TIMEOUT: "1" - API_BATCH_SIZE: "30" - HIDE_GITOPS_OR_HELM_OPTION: "false" - HIDE_DISCORD: "true" - ENABLE_EXTERNAL_ARGO_CD: "true" - ENABLE_RESOURCE_SCAN: "true" - ENABLE_RESOURCE_SCAN_V2: "true" - HIDE_RELEASES: "false" - HIDE_RESOURCE_WATCHER: "false" - FEATURE_SCOPED_VARIABLE_ENVIRONMENT_LIST_ENABLE: "true" - FEATURE_STEP_WISE_LOGS_ENABLE: "true" - FEATURE_EXTERNAL_FLUX_CD_ENABLE: "true" - FEATURE_IMAGE_PROMOTION_ENABLE: "true" - registry: "devtroninc.azurecr.io" - image: "dashboard:fa4680ea-0d80b271-6-25047" - imagePullSecrets: - - name: devtron-image-pull-enterprise - imagePullPolicy: IfNotPresent - # Values for devtron - devtron: - registry: "devtroninc.azurecr.io" - imagePullSecrets: - - name: devtron-image-pull-enterprise - image: "hyperion:3aa7e420-280-23147" - cicdImage: "devtron:6d4f2226-320-25138" - imagePullPolicy: IfNotPresent - customOverrides: - USE_CUSTOM_HTTP_TRANSPORT: "false" - USE_ARTIFACT_LISTING_API_V2: "false" - BUILDX_CACHE_MODE_MIN: "false" - CASBIN_CLIENT_URL: casbin-service.devtroncd:9000 - DEVTRON_INSTALLATION_TYPE: enterprise - CLONING_MODE: FULL - SCOPED_VARIABLE_ENABLED: "true" - SCOPED_VARIABLE_HANDLE_PRIMITIVES: "true" - SCOOP_CLUSTER_CONFIG: '{"1":{"serviceName":"scoop-service","passKey":"qhihdidhwid","namespace":"devtroncd","port":"80"}}' - DEVTRON_CHART_ARGO_CD_INSTALL_REQUEST_TIMEOUT: "1" - IS_INTERNAL_USE: "true" - ASYNC_BUILDX_CACHE_EXPORT: "true" - HIDE_SEVERITY_LIST: "" - IN_APP_LOGGING_ENABLED: "true" - PARALLELISM_LIMIT_FOR_TAG_PROCESSING: "2" - SCAN_V2_ENABLED: "false" - TIMEOUT_IN_SECONDS: "60" - SHOW_DOCKER_BUILD_ARGS: "true" - FORCE_SECURITY_SCANNING: "false" - # CI_NODE_LABEL_SELECTOR: purpose=cicd - # CI_NODE_TAINTS_KEY: dedicated - # CI_NODE_TAINTS_VALUE: ci - serviceMonitor: - enabled: false - service: - type: LoadBalancer - port: 80 - # nodePort: 32080 - labels: {} - annotations: {} - loadBalancerSourceRanges: [] - ingress: - enabled: false - className: nginx - labels: {} - annotations: {} - # kubernetes.io/tls-acme: "true" - pathType: ImplementationSpecific - host: devtron.example.com - tls: [] - # - secretName: devtron-tls - # hosts: - # - devtron.example.com - # Values for ciRunner - ciRunner: - registry: "" - image: "ci-runner:e533dc38-515-24898" - # Values for argocdDexServer - argocdDexServer: - registry: "" - image: "dex:v2.30.2" - imagePullPolicy: IfNotPresent - initContainer: - authenticator: "authenticator:e414faff-393-13273" - # Values for kubelink - kubelink: - registry: "devtroninc.azurecr.io" - image: "kubelink:7a9acf5a-310-25024" - imagePullSecrets: - - name: devtron-image-pull-enterprise - imagePullPolicy: IfNotPresent - configs: - ENABLE_HELM_RELEASE_CACHE: "true" - MANIFEST_FETCH_BATCH_SIZE: "2" - NATS_MSG_PROCESSING_BATCH_SIZE: "1" - NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 - PG_ADDR: postgresql-postgresql.devtroncd - PG_DATABASE: orchestrator - PG_LOG_QUERY: "true" - PG_PORT: "5432" - PG_USER: postgres - USE_CUSTOM_HTTP_TRANSPORT: "true" - dbconfig: - secretName: postgresql-postgresql - keyName: postgresql-password - # Values for kubewatch - kubewatch: - registry: "" - image: "kubewatch:89905aad-370-24802" - imagePullPolicy: IfNotPresent - configs: - devtroncd_NAMESPACE: "devtron-ci" - CI_INFORMER: "true" - ACD_NAMESPACE: "devtroncd" - ACD_INFORMER: "true" - NATS_STREAM_MAX_AGE: "10800" - USE_CUSTOM_HTTP_TRANSPORT: "true" - # Values for postgres - postgres: +devtron: + installer: + arch: "multi-arch" + repo: "devtron-labs/charts" + release: "32.1.0" registry: "" - image: "postgres:11.9.0-debian-10-r26" - armImage: "postgres:11.9" - initImage: "minideb:latest" - imagePullPolicy: "IfNotPresent" - metrics: - image: postgres_exporter:v0.4.7 - armImage: postgres_exporter:v0.10.1 - persistence: - volumeSize: "20Gi" - # Values for gitsensor - gitsensor: - registry: "devtroninc.azurecr.io" - image: "git-sensor:e9175866-535-24800" - imagePullSecrets: - - name: devtron-image-pull-enterprise - imagePullPolicy: IfNotPresent - serviceMonitor: - enabled: false - persistence: - volumeSize: 2Gi - configs: - PG_ADDR: postgresql-postgresql.devtroncd - PG_USER: postgres - COMMIT_STATS_TIMEOUT_IN_SEC: "2" - ENABLE_FILE_STATS: "true" - USE_GIT_CLI: "true" - dbconfig: - secretName: postgresql-postgresql - keyName: postgresql-password - # Values for lens - lens: - registry: "" - image: "lens:d925f072-19-24803" - imagePullPolicy: IfNotPresent - secrets: {} - resources: {} - configs: - GIT_SENSOR_PROTOCOL: GRPC - GIT_SENSOR_URL: git-sensor-service.devtroncd:90 - NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 - PG_ADDR: postgresql-postgresql.devtroncd - PG_PORT: "5432" - PG_USER: postgres - PG_DATABASE: lens - dbconfig: - secretName: postgresql-postgresql - keyName: postgresql-password - # Change below values for nats - nats: - registry: "" - image: nats:2.9.3-alpine - reloader: - image: nats-server-config-reloader:0.6.2 + image: inception + tag: 7beef376-948-31378 + source: "github" # Available options are github and gitee + modules: [] # Available options are cicd + openshift: false # Set this to true if you are installing on openshift + production_overrides: "" # Set true if you want to use this Devtron stack in Production (This will require more resources) + components: + # Values for dashboard + dashboard: + config: + extraConfigs: + HIDE_DISCORD: "true" + HIDE_RELEASES: "false" + HIDE_RESOURCE_WATCHER: "false" + FEATURE_SCOPED_VARIABLE_ENVIRONMENT_LIST_ENABLE: "true" + FEATURE_IMAGE_PROMOTION_ENABLE: "true" + FEATURE_CLUSTER_MAP_ENABLE: "true" + FEATURE_CONFIG_DRIFT_ENABLE: "true" + image: "dashboard:040c5cf9-30dda7b5-931-31424" + # Values for devtron + devtron: + image: "hyperion:de8076d0-759-31416" + cicdImage: "devtron:de8076d0-930-31412" imagePullPolicy: IfNotPresent - metrics: - image: prometheus-nats-exporter:0.9.0 + customOverrides: + PG_ADDR: postgresql-postgresql.devtroncd + USE_CUSTOM_HTTP_TRANSPORT: "false" + ASYNC_BUILDX_CACHE_EXPORT: "false" + BUILDX_CACHE_MODE_MIN: "false" + CLONING_MODE: FULL + SCOPED_VARIABLE_ENABLED: "true" + SCOPED_VARIABLE_HANDLE_PRIMITIVES: "true" + DEVTRON_CHART_ARGO_CD_INSTALL_REQUEST_TIMEOUT: "1" + IS_INTERNAL_USE: "true" + IS_AIR_GAP_ENVIRONMENT: "false" + # Values for ciRunner + ciRunner: + image: "ci-runner:2168a861-882-31228" + # Values for kubelink + kubelink: + image: "kubelink:fd7b49f0-314-31414" imagePullPolicy: IfNotPresent - natsBox: - image: nats-box - serviceMonitor: - enabled: false - persistence: - storage: 5Gi - # Values for migrator - migrator: - registry: "" - image: "migrator:v4.16.2" - imagePullSecrets: - - name: devtron-image-pull-enterprise - kubectlImage: "kubectl:latest" - duplicateChartImage: devtron-utils:dup-chart-repo-v1.1.0 - envVars: - devtron: - DB_NAME: "orchestrator" - casbin: - DB_NAME: "casbin" - gitsensor: - DB_NAME: "git_sensor" - lens: - DB_NAME: "lens" - # Values for chartSync - chartSync: - registry: "" - image: chart-sync:a0296743-341-24807 - imagePullSecrets: - - name: devtron-image-pull-enterprise -# values for argocd integration -argo-cd: - enabled: false - fullnameOverride: "argocd" - global: - image: - # -- If defined, a repository applied to all Argo CD deployments - repository: quay.io/argoproj/argocd - # -- Overrides the global Argo CD image tag whose default is the chart appVersion - tag: "v2.5.2" - # -- If defined, a imagePullPolicy applied to all Argo CD deployments + # Values for gitsensor + gitsensor: + image: "git-sensor:fd7b49f0-950-31385" imagePullPolicy: IfNotPresent - configs: - secret: - createSecret: false - # argocd-application-controller - controller: - args: - # -- define the application controller `--status-processors` - statusProcessors: "50" - # -- define the application controller `--operation-processors` - operationProcessors: "25" - # -- define the application controller `--app-hard-resync` - appHardResyncPeriod: "0" - # -- define the application controller `--app-resync` - appResyncPeriod: "180" - # -- define the application controller `--self-heal-timeout-seconds` - selfHealTimeout: "5" - # -- define the application controller `--repo-server-timeout-seconds` - repoServerTimeoutSeconds: "200" - extraArgs: - - --kubectl-parallelism-limit - - "35" - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: true - runAsNonRoot: true - env: [] - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-application-controller - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - # argocd-dex-server - dex: - enabled: false - # argocd-redis - redis: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - image: - repository: public.ecr.aws/docker/library/redis - tag: 7.0.5-alpine - # argocd-server - server: - configEnabled: false - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: true - runAsNonRoot: true - # argocd-rbac-cm - rbacConfig: - policy.default: role:admin - # argocd-repo-server - repoServer: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-repo-server - topologyKey: kubernetes.io/hostname - weight: 100 - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname - weight: 5 - extraArgs: - - --repo-cache-expiration - - 24h - - --parallelismlimit - - "50" - env: - - name: ARGOCD_EXEC_TIMEOUT - value: 180s - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: true - runAsNonRoot: true - applicationSet: - enabled: false - notifications: - enabled: false -# Values for security integration -security: - enabled: false - imageScanner: - registry: "devtroninc.azurecr.io" - image: "image-scanner:33435d9b-112-25023" - imagePullSecrets: - - name: devtron-image-pull-enterprise - # Values for trivy - trivy: - enabled: false - # Values for clair - clair: - enabled: false - fullnameOverride: clair - image: - repository: clair - tag: 4.3.6 -# Values for notifier integration -notifier: - enabled: false - imagePullPolicy: IfNotPresent - image: "notifier:82856462-74-24804" - configs: - CD_ENVIRONMENT: PROD - DB: orchestrator - DB_HOST: postgresql-postgresql.devtroncd - DB_PORT: "5432" - DB_USER: postgres - secrets: {} - dbconfig: - secretName: postgresql-postgresql - keyName: postgresql-password - resources: {} -# Set enable to true if you want to use minio for storing cache and logs -minio: - enabled: false - replicaCount: 1 - image: "minio:RELEASE.2021-02-14T04-01-33Z" - imagePullPolicy: IfNotPresent - mbImage: "minio-mc:RELEASE.2021-02-14T04-28-06Z" - mbImagePullPolicy: IfNotPresent - gatewayImage: "minio:RELEASE.2020-12-03T05-49-24Z" - persistence: - storage: "50Gi" -# Change below values for workflow controller -workflowController: - registry: "quay.io/argoproj" - # Set this to true if you have IMDSv2 enforced or IMDSv1 and v2 on your AWS EKS cluster and false if you are using IMDSv1 with token hop limit set to 1 - IMDSv2Enforced: true - image: "workflow-controller:v3.4.3" - executorImage: "argoexec:v3.4.3" - IMDSv1Image: "workflow-controller:v3.0.7" - IMDSv1ExecutorImage: "argoexec:v3.0.7" -# Values for grafana integration -monitoring: - grafana: - enabled: false - registry: "" - image: "grafana:7.3.1" - busyboxImage: "busybox:1.31.1" - batsImage: "bats:v1.4.1" - imagePullPolicy: IfNotPresent - resources: {} - grafanaOrgJob: - curlImage: k8s-utils:tutum-curl - grafanaDashboards: - image: "k8s-sidecar:1.1.0" - curlImage: "curl:7.73.0" + chartSync: + image: chart-sync:2168a861-341-31218 + postgres: + armImage: "postgres:14.9" + # values for security integration + security: + imageScanner: + image: "image-scanner:fd7b49f0-109-31386" + configs: + TRIVY_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mirror.gcr.io/aquasec/trivy-java-db + devtronEnterprise: + enabled: true + casbin: + image: "casbin:fd7b49f0-fced3ae3-464-31402" imagePullPolicy: IfNotPresent - resources: {} - persistence: - storage: "2Gi" -devtronEnterprise: - enabled: true - casbin: - registry: "devtroninc.azurecr.io" - image: "casbin:8c38c29f-5bf6fbaa-462-25022" - imagePullSecrets: - - name: devtron-image-pull-enterprise - imagePullPolicy: IfNotPresent - configs: - PG_ADDR: postgresql-postgresql.devtroncd - PG_DATABASE: casbin - PG_PORT: "5432" - PG_USER: postgres - dbconfig: - secretName: postgresql-postgresql - keyName: postgresql-password - resources: {} - scoop: - enabled: false - registry: "devtroninc.azurecr.io" - image: "scoop:296d351d-629-24001" - imagePullSecrets: - - name: devtron-image-pull-enterprise - imagePullPolicy: IfNotPresent - resources: {} - configs: - CLUSTER_ID: "1" - ORCHESTRATOR_URL: http://devtron-service.devtroncd.svc.cluster.local/orchestrator + scoop: + enabled: false + image: "scoop:2c6a094c-629-30827" + imagePullPolicy: IfNotPresent \ No newline at end of file