codefresh-io · ATGardner · Dec 19, 2024 · Dec 23, 2024 · Dec 24, 2024
@@ -17,6 +17,7 @@ dependencies:
 - name: argo-cd
   repository: https://codefresh-io.github.io/argo-helm
   version: 7.4.7-8-cap-2.12.3-2024.12.17-4d75d35f4
+  condition: argo-cd.enabled
 - name: argo-events
   repository: https://codefresh-io.github.io/argo-helm
   version: 2.4.7-1-cap-CR-24607
@@ -37,8 +38,8 @@ dependencies:
   alias: tunnel-client
   condition: tunnel-client.enabled
 - name: codefresh-gitops-operator
-  repository: oci://quay.io/codefresh/charts
-  version: 0.3.17
+  repository: oci://quay.io/codefresh/charts/dev
+  version: 0.0.0-cr-26342-support-byoacd
   alias: gitops-operator
   condition: gitops-operator.enabled
 - name: garage

@@ -28,4 +28,4 @@ env:
       {{- end }}
     {{- end }}
   {{- end }}
-{{- end -}}
+{{- end -}}
@@ -1,14 +1,14 @@
 {{- define "cap-app-proxy.resources.configmap-documented-configs"}}
-argoCdUrl: {{ .Values.config.argoCdUrl }}
-argoCdUsername: {{ .Values.config.argoCdUsername }}
-argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }}
+argoCdUrl: {{ .Values.argoCdCredentials.url }}
+argoCdUsername: {{ .Values.argoCdCredentials.username }}
 argoWorkflowsUrl: {{ default "" .Values.config.argoWorkflowsUrl }}
+argoWorkflowsInsecure: {{ .Values.config.argoWorkflowsInsecure | quote }}
+skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }}
+logLevel: {{ .Values.config.logLevel | quote }}
 cors: {{ .Values.global.codefresh.url }}
 env: {{ .Values.config.env | quote}}
 isConfigurationRuntime: {{ .Values.global.runtime.isConfigurationRuntime | quote }} 
 runtimeName: {{ required "global.runtime.name is required" .Values.global.runtime.name | quote}}
-skipGitPermissionValidation: {{ .Values.config.skipGitPermissionValidation | quote }}
-logLevel: {{ .Values.config.logLevel | quote }}
   {{- $enrichmentValues := get .Values "image-enrichment" }}
   {{- if $enrichmentValues.enabled }}
 enrichmentConcurrencyCmName: {{ $enrichmentValues.config.concurrencyCmName | quote}}

@@ -11,11 +11,6 @@ ARGO_CD_USERNAME:
       name: cap-app-proxy-cm
       key: argoCdUsername
       optional: true
-ARGO_CD_PASSWORD:
-  valueFrom:
-    secretKeyRef:
-      name: argocd-initial-admin-secret
-      key: password
 ARGO_WORKFLOWS_INSECURE:
   valueFrom:
     configMapKeyRef:

@@ -1,10 +1,11 @@
 {{/* Validation for secretKeyRef to avoid conflicting secret names with secrets created by controllers */}}
-{{- define "codefresh-gitops-runtime.secret-name-validation"}}
+{{- define "codefresh-gitops-runtime.secret-name-validation" }}
   {{- $reservedSecretNames := list "codefresh-token" }}
   {{- if has .name $reservedSecretNames }}
     {{- fail (printf "%s is a reserved name and is not allowed. Please use a different secret name" .name) }}
   {{- end }}
 {{- end }}
+
 {{/*
 Expand the name of the chart.
 */}}
@@ -77,31 +78,48 @@ Determine argocd server service name. Must be called with chart root context
 */}}
 {{- define "codefresh-gitops-runtime.argocd.server.servicename" -}}
 {{/* For now use template from ArgoCD chart until better approach */}}
-{{- template "argo-cd.server.fullname" (dict "Values" (get .Values "argo-cd")) }}
+{{- $argoCDValues := (get .Values "argo-cd") }}
+{{- template "argo-cd.server.fullname" (dict "Values" $argoCDValues) }}
 {{- end }}
 
 {{/*
 Determine argocd repo server service name. Must be called with chart root context
 */}}
 {{- define "codefresh-gitops-runtime.argocd.reposerver.servicename" -}}
 {{/* For now use template from ArgoCD chart until better approach */}}
-{{- template "argo-cd.repoServer.fullname" (dict "Values" (get .Values "argo-cd")) }}
+{{- $argoCDValues := (get .Values "argo-cd") }}
+{{- if $argoCDValues.enabled }}
+  {{- template "argo-cd.repoServer.fullname" (dict "Values" $argoCDValues) }}
+{{- else if $argoCDValues.byoRepoServerName }}
+  {{- $argoCDValues.byoRepoServerName }}
+{{- else }}
+  {{- fail "Must supply byoRepoServerName if argo-cd.enabled is false" }}
+{{- end }}
 {{- end }}
 
 {{/*
 Determine argocd argocd repo server port
 */}}
 {{- define "codefresh-gitops-runtime.argocd.reposerver.serviceport" -}}
 {{/* For now use template from ArgoCD chart until better approach */}}
-  {{- index .Values "argo-cd" "repoServer" "service" "port" }}
+{{- $argoCDValues := (get .Values "argo-cd") }}
+{{- if $argoCDValues.enabled }}
+  {{- index $argoCDValues "repoServer" "service" "port" }}
+{{- else if $argoCDValues.byoRepoServerPort }}
+  {{- $argoCDValues.byoRepoServerPort }}
+{{- else }}
+  {{- fail "Must supply byoRepoServerPort if argo-cd.enabled is false" }}
+{{- end }}
 {{- end }}
 
 {{/*
 Determine argocd servicename. Must be called with chart root context
+NOT BEING USED
 */}}
 {{- define "codefresh-gitops-runtime.argocd.appcontroller.serviceAccountName" -}}
 {{/* For now use template from ArgoCD chart until better approach */}}
-{{- template "argo-cd.controllerServiceAccountName" (dict "Values" (get .Values "argo-cd")) }}
+{{- $argoCDValues := (get .Values "argo-cd") }}
+{{- template "argo-cd.controllerServiceAccountName" (dict "Values" $argoCDValues) }}
 {{- end }}
 
 {{/*
@@ -112,48 +130,68 @@ Determine rollouts name
 {{- template "argo-rollouts.fullname" (dict "Values" (get .Values "argo-rollouts")) }}
 {{- end }}
 
-
 {{/*
 Determine argocd server service port. Must be called with chart root context
 */}}
 {{- define "codefresh-gitops-runtime.argocd.server.serviceport" -}}
 {{- $argoCDValues := (get .Values "argo-cd") }}
-{{- $port := 443 }}
-{{- if hasKey $argoCDValues "configs" }}
-  {{- if hasKey $argoCDValues.configs "params" }}
-    {{- if hasKey $argoCDValues.configs.params "server.insecure" }}
-      {{- if (get $argoCDValues.configs.params "server.insecure") }}
-        {{- $port = 80 }}
+{{- if $argoCDValues.enabled }}
+  {{- $port := 443 }}
+  {{- if hasKey $argoCDValues "configs" }}
+    {{- if hasKey $argoCDValues.configs "params" }}
+      {{- if hasKey $argoCDValues.configs.params "server.insecure" }}
+        {{- if (get $argoCDValues.configs.params "server.insecure") }}
+          {{- $port = 80 }}
+        {{- end }}
       {{- end }}
     {{- end }}
   {{- end }}
+  {{- print $port }}
+{{- else if $argoCDValues.byoServerPort }}
+  {{ $argoCDValues.byoServerPort }}
+{{- else }}
+  {{- fail "Must supply byoServerPort URL if argo-cd.enabled is false" }}
+{{- end }}
 {{- end }}
-{{- print $port }}
-{{- end}}
 
 {{/*
 Determine argocd server url. Must be called with chart root context
 */}}
 {{- define "codefresh-gitops-runtime.argocd.server.url" -}}
-{{- $protocol := "https" }}
-{{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }}
-{{- if (eq $port "80") }}
-  {{- $protocol = "http" }}
-{{- end }}
-{{- $url := include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . }}
-{{- printf "%s://%s" $protocol $url }}
-{{- end}}
+{{- $argoCDValues := (get .Values "argo-cd") }}
+{{- if $argoCDValues.enabled }}
+  {{- $protocol := "https" }}
+  {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }}
+  {{- if (eq $port "80") }}
+    {{- $protocol = "http" }}
+  {{- end }}
+  {{- $url := include "codefresh-gitops-runtime.argocd.server.no-protocol-url" . }}
+  {{- printf "%s://%s" $protocol $url }}
+{{- else if $argoCDValues.byoServerUrl }}
+  {{- printf "%s" $argoCDValues.byoServerUrl }}
+{{- else }}
+  {{- fail "Must supply byoServerUrl if argo-cd.enabled is false" }}
+{{- end }}
+{{- end }}
 
 {{/*
 Determine argocd server url witout the protocol. Must be called with chart root context
 */}}
 {{- define "codefresh-gitops-runtime.argocd.server.no-protocol-url" -}}
 {{- $argoCDValues := (get .Values "argo-cd") }}
-{{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }}
-{{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }}
-{{- $path := (get $argoCDValues.configs.params "server.rootpath") }}
-{{- printf "%s:%s%s" $serverName $port $path }}
-{{- end}}
+{{- if $argoCDValues.enabled }}
+  {{- $serverName := include "codefresh-gitops-runtime.argocd.server.servicename" . }}
+  {{- $port := include "codefresh-gitops-runtime.argocd.server.serviceport" . }}
+  {{- $path := (get $argoCDValues.configs.params "server.rootpath") }}
+  {{- printf "%s:%s%s" $serverName $port $path }}
+{{- else if $argoCDValues.byoServerUrl }}
+  {{- $urlDict := (urlParse $argoCDValues.byoServerUrl) }}
+  {{- $_ := set $urlDict "scheme" "" }}
+  {{- replace "//" "" (urlJoin $urlDict) }}
+{{- else }}
+  {{- fail "Must supply byoServerUrl if argo-cd.enabled is false" }}
+{{- end }}
+{{- end }}
 
 {{/*
 Determine argo worklofws server name
@@ -197,13 +235,12 @@ valueFrom:
     {{- include "codefresh-gitops-runtime.secret-name-validation" .Values.global.codefresh.userToken.secretKeyRef }}
 valueFrom:
   secretKeyRef:
-  {{- .Values.global.codefresh.userToken.secretKeyRef | toYaml | nindent 4 }}
+    {{- .Values.global.codefresh.userToken.secretKeyRef | toYaml | nindent 4 }}
   {{- else }}
     {{- fail "global.codefresh.userToken is mandatory. Set token or secretKeyRef!" }}
   {{- end }}
 {{- end }}
 
-
 {{/*
 Get ingress url for both tunnel based and ingress based runtimes
 */}}
@@ -240,12 +277,15 @@ Get ingress url for both tunnel based and ingress based runtimes
 Output comma separated list of installed runtime components
 */}}
 {{- define "codefresh-gitops-runtime.component-list"}}
-  {{- $argoCD := dict "name" "argocd" "version" (get .Subcharts "argo-cd").Chart.AppVersion }}
   {{- $argoEvents := dict "name" "argo-events" "version" (get .Subcharts "argo-events").Chart.AppVersion }}
   {{- $sealedSecrets := dict "name" "sealed-secrets" "version" (get .Subcharts "sealed-secrets").Chart.AppVersion }}
   {{- $internalRouter := dict "name" "internal-router" "version" .Chart.AppVersion }}
   {{- $appProxy := dict "name" "app-proxy" "version" (index (get .Values "app-proxy") "image" "tag") }}
-  {{- $comptList := list $argoCD $argoEvents $appProxy $sealedSecrets $internalRouter}}
+  {{- $comptList := list $argoEvents $appProxy $sealedSecrets $internalRouter}}
+  {{- if index (get .Values "argo-cd") "enabled" }}
+    {{- $argoCD := dict "name" "argocd" "version" (get .Subcharts "argo-cd").Chart.AppVersion }}
+    {{- $comptList = append $comptList $argoCD }}
+  {{- end }}
   {{- if index (get .Values "argo-rollouts") "enabled" }}
     {{- $rolloutReporter := dict "name" "rollout-reporter" "version" .Chart.AppVersion }}
     {{- $argoRollouts := dict "name" "argo-rollouts" "version" (get .Subcharts "argo-rollouts").Chart.AppVersion }}

@@ -3,35 +3,46 @@ Some app-proxy environment variables are determined by values provided in other
 to keep the separation of components as pseudo library charts, they are defined here to be merged when
 app-proxy components are generated.
 */}}
-{{- define "codefresh-gitops-runtime.app-proxy.calculated-env-vars"}}
+{{- define "codefresh-gitops-runtime.app-proxy.calculated-env-vars" }}
+ARGO_CD_PASSWORD:
+{{- if .Values.argoCdCredentials.password }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Values.argoCdCredentials.secretName }}
+      key: password
+{{- else if .Values.argoCdCredentials.secretKeyRef }}
+  valueFrom:
+    secretKeyRef:
+      {{ .Values.argoCdCredentials.secretKeyRef | toYaml | nindent 6 }}
+{{- end }}
 HELM_RELEASE_NAME: {{ .Release.Name }}
 USER_TOKEN:
   {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }}
   {{- if or .Values.global.runtime.gitCredentials.password.value .Values.global.runtime.gitCredentials.password.secretKeyRef }}
 GIT_USERNAME: {{ .Values.global.runtime.gitCredentials.username }}
 GIT_PASSWORD:
-  {{- include "codefresh-gitops-runtime.runtime-gitcreds.password.env-var-value" . | nindent 2 }}
+    {{- include "codefresh-gitops-runtime.runtime-gitcreds.password.env-var-value" . | nindent 2 }}
   {{- end }}
 WORKFLOW_PIPELINES_WEBHOOKS_TLS_SECRET: codefresh-workflow-pipelines-tls
-{{- /* Target account id, used for hosted runtimes registration. Not used in hybrid */}}
+  {{- /* Target account id, used for hosted runtimes registration. Not used in hybrid */}}
   {{- if .Values.global.runtime.codefreshHosted }}
 INSTALLATION_TYPE: HELM_HOSTED
 CODEFRESH_ADMIN_TOKEN:
-  {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }}
+    {{- include "codefresh-gitops-runtime.installation-token-env-var-value" . | nindent 2 }}
     {{- if .Values.global.codefresh.accountId }}
 TARGET_RUNTIME_ACCOUNT_ID: {{ .Values.global.codefresh.accountId }}
     {{- else }}
       {{- fail "global.codefresh.accountId must be provided for hosted runtimes"}}
     {{- end }}
   {{- end }}
-{{/*
-This will promote argo-rollouts dependency version to app-proxy.
-This will be used when installing argo-rollouts using button.
-*/}}
-{{- range $d := .Chart.Dependencies }}
-{{- if eq $d.Name "argo-rollouts" }}
+  {{/*
+  This will promote argo-rollouts dependency version to app-proxy.
+  This will be used when installing argo-rollouts using button.
+  */}}
+  {{- range $d := .Chart.Dependencies }}
+    {{- if eq $d.Name "argo-rollouts" }}
 ROLLOUTS_HELM_REPOSITORY: {{ $d.Repository | quote }}
 ROLLOUTS_HELM_VERSION: {{ $d.Version | quote }}
-{{- end }}
-{{- end }}
+    {{- end }}
+  {{- end }}
 {{- end }}
@@ -0,0 +1,12 @@
+{{- $appProxyValues := (get .Values "app-proxy") }}
+{{- if $appProxyValues.argoCdCredentials.password -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $appProxyValues.argoCdCredentials.secretName }}
+  labels:
+    {{- include "codefresh-gitops-runtime.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  token: {{ $appProxyValues.argoCdCredentials.password }}
+{{- end }}
@@ -1,9 +1,9 @@
 {{/* Check if installation token is string or secretKeyRef and add the value with currect structure to app-proxy values */}}
-{{ $argoCdUrl := include "codefresh-gitops-runtime.argocd.server.url" . }}
 {{ $appProxyContext := deepCopy . }}
 {{ $_ := set $appProxyContext "Values" (get .Values "app-proxy") }}
 {{ $_ := set $appProxyContext.Values "global" (get .Values "global") }}
 {{- if not $appProxyContext.Values.config.argoCdUrl }}
+  {{ $argoCdUrl := include "codefresh-gitops-runtime.argocd.server.url" . }}
   {{ $_ := set $appProxyContext.Values.config "argoCdUrl" $argoCdUrl }}
 {{- end }}
 {{- if index (get .Values "argo-workflows") "enabled" }}

@@ -3,7 +3,7 @@
 {{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
 
 {{/* Merge environment variables with the ones in _app-proxy-env.yaml */}}
-{{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" . | fromYaml) }}
+{{- $mainContainerMergedValues := mergeOverwrite $appProxyContext.Values.env (include "codefresh-gitops-runtime.app-proxy.calculated-env-vars" $appProxyContext | fromYaml) }}
 {{- $_ := set $appProxyContext.Values "env" $mainContainerMergedValues }}
 
 {{/* Add extra volumes (used for cutom tls) */}}

@@ -1,13 +1,13 @@
 {{- if index (get .Values "gitops-operator") "libraryMode" }}
   {{- $gitopsOperatorContext := (index .Subcharts "gitops-operator")}}
-  {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }}
-  {{- if not $argoCDImageDict.tag }}
-    {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }}
-  {{- end }}
-
 
   {{/* Set ArgoCD image */}}
-  {{- if not (index .Values "gitops-operator" "argoCdNotifications.imageOverride") }}
+  {{- if not (index $gitopsOperatorContext.Values.argoCdNotifications.imageOverride) }}
+    {{- $argoCDImageDict := index .Subcharts "argo-cd" "Values" "global" "image" }}
+    {{- if not $argoCDImageDict.tag }}
+      {{- $_ := set $argoCDImageDict "tag" (get .Subcharts "argo-cd").Chart.AppVersion }}
+    {{- end }}
+
     {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "repository" $argoCDImageDict.repository }}
     {{- $_ := set $gitopsOperatorContext.Values.argoCdNotifications.image "tag" $argoCDImageDict.tag }}
   {{- end }}

@@ -9,7 +9,7 @@ spec:
   backoffLimit: 3
   template:
     spec:
-      serviceAccount: argocd-application-controller
+      serviceAccount: runtime-cleanup-sa
       restartPolicy: Never
       containers:
       - name: cleanup-runtime-resources