diff --git a/CHANGELOG/release-notes-v0.6.23.md b/CHANGELOG/release-notes-v0.6.23.md new file mode 100644 index 0000000000..e7cc215a5c --- /dev/null +++ b/CHANGELOG/release-notes-v0.6.23.md @@ -0,0 +1,74 @@ +## v0.6.23 + + + +## Bugs +- fix: DT19-v1 bug fixes (#3962) +- fix: ci pod request correction (#3980) +- fix: pipelineOverride id being sent instead of pipelineId (#3984) +- fix: Iam role handling script for plugin pull image from CR (#3955) +- fix: Deployment Template HCL parsing with % keyword (#4012) +- fix: handled releaseNotExists case for helm type cd pipeline resource tree fetch (#4016) +- fix: auto post cd not working in case of multiple parallel gitOps pipeline (#4018) +- fix: handled error in bulk trigger deploy (#4034) +- fix: The manager(non-admin user) of the application is unable to select a list of apps when assigning permissions (#4053) +- fix: ci job handling in app create api (#4054) +- fix: Deploying currently Active image using TriggerDeploy API from devtctl tool is broken (#4056) +- fix: Unable to delete ci pipeline in case you configure multi git (#4072) +- fix: env for specific deployment (#4085) +- fix: update build configuration fix (#4093) +- fix: Artifacts filter in CD trigger view (#4064) +- fix: Bugathon DT-19 version-2 fixes (#4105) +- fix: App Labels node selector not getting attach in ci-workflow (#4084) +- fix: Update cd pipeline create empty pre post cd steps (#4113) +- fix: normal Refresh after triggering gitops deployment to avoid sync delay in argo (#4066) +- fix: helm chart delete when no rows are found (#4124) +- fix: Unable to abort pre-cd and post-cd workflow (#4121) +- fix: Helm Apps permissions do not allow Terminal or Logs view (#4110) +- fix: port service mapping (#4132) +## Enhancements +- feat: Helm async install (#3856) +- feat: handle CI success event auto trigger in batch (#3951) +- feat: added env variable to skip gitops validation on create/update (#3956) +- feat: added flag to configure ecr repo creation (#3963) +- feat: Ability to change branch for all selected applications during bulk build from Application Groups (#3955) +- feat: Variables support in pre-post CI, CD and Jobs (#3911) +- feat: Poll Images from ECR Container Repository Plugin (#3971) +- feat: resource groups CRUD and environment filtering (#3974) +- feat: Scoped variables primitive handling (#4033) +- feat: adding DEVTRON_APP_NAME system variable for deployment template (#4041) +- feat: wf pod restart (#3892) +- feat: added deduction for system variables (#4075) +- feat: manifest comparision (#3844) +- feat: multiple images handling for single workflow for ECR Plugin Poll Images (#4027) +- feat: Jenkins plugin migration (#4039) +- feat: clone cd pipelines while cloning app across project (#4087) +## Documentation +- doc: Glossary of jargonish terms for layman in the context of Devtron (#3820) +- docs: Ephemeral Container Doc (#3912) +- docs: New Image Alignment in Ephemeral doc (#3959) +- docs: Snapshot updation in PVC docs + PreBuild CI-CD (#3964) +- doc: Fixed issuer url in okta docs (#4062) +- docs: Config Approval Draft (#3981) +- docs: Modified Existing Container Registry Doc (#4048) +- docs: Added OCI Pull in Usecases (#4112) +## Others +- chore: added workflow to escalate pager-duty issue (#3927) +- chore: changed loop from for to while (#3928) +- chore: scheduled escalate pager duty issue workflow (#3933) +- chore: added log config for dev mode (#3953) +- chore: minor correction in devtron reference charts (#3957) +- chore: workflow refactoring (#3714) +- chore: pr-issue-validator permissions fix (#3967) +- chore: added CODEOWNERS (#3966) +- chore: Scoped variable refactoring (#3977) +- chore: modified labels of keda autoscale object in deployment chart (#3999) +- chore: Update pr-issue-validator.yaml (#3854) +- chore: refactoring around PipelineBuilder (#4043) +- chore: moved k8s library to common-lib and added scripts for adding sshTunnel config to clusters (#3848) +- chore: Add pager-duty issue template (#3988) +- chore: first cut refactor ci-pipeline (#4091) +- chore: refactored appartifact manager and cimaterialconfigservice (#4096) +- chore: Remove the EnvVariablesFromFieldPath from values.yaml in refcharts (#4111) +- chore: Updated schema for Scope Variable (#4079) +- chore: skip validation for release PRs (#4128) diff --git a/charts/devtron/Chart.yaml b/charts/devtron/Chart.yaml index 4dff6167c4..ef73f6ed80 100644 --- a/charts/devtron/Chart.yaml +++ b/charts/devtron/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: devtron-operator -appVersion: 0.6.22 +appVersion: 0.6.23 description: Chart to configure and install Devtron. Devtron is a Kubernetes Orchestration system. keywords: - Devtron @@ -11,7 +11,7 @@ keywords: - argocd - Hyperion engine: gotpl -version: 0.22.61 +version: 0.22.62 sources: - https://github.com/devtron-labs/charts dependencies: diff --git a/charts/devtron/devtron-bom.yaml b/charts/devtron/devtron-bom.yaml index d106022999..0af4a2b095 100644 --- a/charts/devtron/devtron-bom.yaml +++ b/charts/devtron/devtron-bom.yaml @@ -9,32 +9,38 @@ global: runAsNonRoot: true installer: - release: "v0.6.22" + release: "v0.6.23" image: "quay.io/devtron/inception" tag: "44b30917-185-13275" components: dashboard: - image: "quay.io/devtron/dashboard:12717798-325-16265" + image: "quay.io/devtron/dashboard:ba04f4f4-325-18824" config: extraConfigs: USE_V2: "true" ENABLE_BUILD_CONTEXT: "true" ENABLE_RESTART_WORKLOAD: "true" HIDE_EXCLUDE_INCLUDE_GIT_COMMITS: "false" + ENABLE_SCOPED_VARIABLES: "true" + ENABLE_CI_JOB: "true" devtron: - image: "quay.io/devtron/hyperion:3c1ba1ad-280-16262" - cicdImage: "quay.io/devtron/devtron:3c1ba1ad-434-16260" + image: "quay.io/devtron/hyperion:65577374-280-18804" + cicdImage: "quay.io/devtron/devtron:50ac85e6-434-18829" customOverrides: - DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:d8d774c3-138-16238" + DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:ad3af321-138-18662" argocdDexServer: image: "ghcr.io/dexidp/dex:v2.30.2" initContainer: authenticator: "quay.io/devtron/authenticator:e414faff-393-13273" kubelink: - image: "quay.io/devtron/kubelink:aefc1baf-318-16208" + image: "quay.io/devtron/kubelink:25052130-318-18795" configs: ENABLE_HELM_RELEASE_CACHE: "true" + MANIFEST_FETCH_BATCH_SIZE: "2" + NATS_MSG_PROCESSING_BATCH_SIZE: "1" + NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 + RUN_HELM_INSTALL_IN_ASYNC_MODE: "true" PG_ADDR: postgresql-postgresql.devtroncd PG_DATABASE: orchestrator PG_LOG_QUERY: "true" @@ -47,7 +53,34 @@ components: image: "quay.io/devtron/postgres:11.9.0-debian-10-r26" armImage: "quay.io/devtron/postgres:11.9" gitsensor: - image: "quay.io/devtron/git-sensor:46b8f0f1-200-16195" + image: "quay.io/devtron/git-sensor:b6c3ea0e-200-16327" + imagePullPolicy: "IfNotPresent" + serviceMonitor: + enabled: false + persistence: + volumeSize: 2Gi + configs: + PG_ADDR: postgresql-postgresql.devtroncd + PG_USER: postgres + COMMIT_STATS_TIMEOUT_IN_SEC: "2" + ENABLE_FILE_STATS: "true" + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password + lens: + image: "quay.io/devtron/lens:8803028b-333-16178" + imagePullPolicy: IfNotPresent + configs: + GIT_SENSOR_PROTOCOL: GRPC + GIT_SENSOR_URL: git-sensor-service.devtroncd:90 + NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 + PG_ADDR: postgresql-postgresql.devtroncd + PG_PORT: "5432" + PG_USER: postgres + PG_DATABASE: lens + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password migrator: image: "quay.io/devtron/migrator:v4.16.2" envVars: @@ -66,13 +99,14 @@ argo-cd: repository: quay.io/argoproj/argocd tag: "v2.5.2" imagePullPolicy: IfNotPresent - -lens: - image: "quay.io/devtron/lens:8803028b-333-16178" + +workflowController: + image: "quay.io/argoproj/workflow-controller:v3.4.3" + executorImage: "quay.io/argoproj/argoexec:v3.4.3" security: imageScanner: image: "quay.io/devtron/image-scanner:ea03b0af-334-15158" notifier: - image: "quay.io/devtron/notifier:d9c72180-372-14306" + image: "quay.io/devtron/notifier:d71bcbcd-372-18717" diff --git a/charts/devtron/templates/NOTES.txt b/charts/devtron/templates/NOTES.txt index ddf0fea2f9..0150709137 100644 --- a/charts/devtron/templates/NOTES.txt +++ b/charts/devtron/templates/NOTES.txt @@ -55,3 +55,5 @@ Please wait for ~1 minute before running any of the following commands. 2. "Applied" means installation is successful. {{- end }} + +Facing issues? Reach out to our team on Discord https://discord.devtron.ai for immediate assistance! diff --git a/charts/devtron/templates/gitsensor.yaml b/charts/devtron/templates/gitsensor.yaml new file mode 100644 index 0000000000..356dec9ee6 --- /dev/null +++ b/charts/devtron/templates/gitsensor.yaml @@ -0,0 +1,160 @@ +{{- if $.Values.installer.modules }} +{{- if has "cicd" $.Values.installer.modules }} +{{- with .Values.components.gitsensor }} +apiVersion: v1 +kind: Secret +metadata: + name: git-sensor-secret + labels: + app: git-sensor + release: devtron +{{- if .secrets }} +data: +{{- range $k, $v := .secrets }} + {{ $k }}: {{ $v | b64enc }} +{{- end }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: git-sensor-cm + labels: + app: git-sensor + release: devtron +{{- if .configs }} +data: +{{ toYaml .configs | indent 2 }} +{{- end }} + +--- +# Source: gitsensor/templates/generic.yaml +apiVersion: v1 +kind: Service +metadata: + name: git-sensor-service + labels: + app: git-sensor + release: devtron +spec: + ports: + - name: sensor + port: 80 + protocol: TCP + targetPort: 8080 + - name: grpc + port: 90 + protocol: TCP + targetPort: 8081 + selector: + app: git-sensor +--- +# Source: gitsensor/templates/generic.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: git-sensor + labels: + release: devtron + app: git-sensor +spec: + selector: + matchLabels: + app: git-sensor # has to match .spec.template.metadata.labels + serviceName: git-sensor + replicas: 1 # by default is 1 + template: + metadata: + labels: + app: git-sensor + spec: + terminationGracePeriodSeconds: 10 + securityContext: + runAsGroup: 1000 + runAsUser: 1000 + initContainers: + - command: + - /bin/sh + - -c + - mkdir -p /git-base/ssh-keys && chown -R devtron:devtron /git-base && chmod 777 /git-base/ssh-keys + image: {{ .image }} + imagePullPolicy: IfNotPresent + name: chown-git-base + resources: {} + securityContext: + runAsUser: 0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /git-base/ + name: git-volume + containers: + - name: git-sensor + image: {{ .image }} + {{- if .imagePullPolicy }} + imagePullPolicy: {{ .imagePullPolicy }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + runAsUser: 1000 + runAsNonRoot: true + ports: + - containerPort: 8080 + name: sensor + - containerPort: 8081 + name: grpc + volumeMounts: + - name: git-volume + mountPath: /git-base/ + env: + - name: DEVTRON_APP_NAME + value: git-sensor + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- if $.Values.components.gitsensor.dbconfig }} + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .dbconfig.secretName }} + key: {{ .dbconfig.keyName }} + {{- end }} + envFrom: + - secretRef: + name: git-sensor-secret + - configMapRef: + name: git-sensor-cm + {{- if .resources }} + resources: + {{- toYaml .resources | nindent 12 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: git-volume + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .persistence.volumeSize }} +--- +{{- if .serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: git-sensor-sm + labels: + app: git-sensor + kind: Prometheus + release: devtron +spec: + endpoints: + - port: app + path: /metrics + selector: + matchLabels: + app: git-sensor +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/devtron/templates/lens.yaml b/charts/devtron/templates/lens.yaml new file mode 100644 index 0000000000..76328fb7dc --- /dev/null +++ b/charts/devtron/templates/lens.yaml @@ -0,0 +1,115 @@ +{{- if $.Values.installer.modules }} +{{- if has "cicd" $.Values.installer.modules }} +{{- with .Values.components.lens }} +apiVersion: v1 +kind: Secret +metadata: + name: lens-secret + labels: + app: lens + release: devtron +{{- if .secrets }} +data: +{{- range $k, $v := .secrets }} + {{ $k }}: {{ $v | b64enc }} +{{- end }} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: lens-cm + labels: + app: lens + release: devtron +{{- if .configs }} +data: +{{ toYaml .configs | indent 2 }} +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: lens-service + labels: + app: lens + release: devtron +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: app + protocol: TCP + name: app + selector: + app: lens +--- +# Source: lens/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lens + labels: + app: lens + release: devtron +spec: + selector: + matchLabels: + app: lens + release: devtron + replicas: 1 + minReadySeconds: 60 + template: + metadata: + labels: + app: lens + release: devtron + spec: + terminationGracePeriodSeconds: 30 + restartPolicy: Always + {{- if and $.Values.global $.Values.global.podSecurityContext }} + securityContext: +{{- toYaml $.Values.global.podSecurityContext | nindent 8 }} + {{- end }} + containers: + - name: lens + image: {{ .image }} + {{- if .imagePullPolicy }} + imagePullPolicy: {{ .imagePullPolicy }} + {{- end }} + {{- if and $.Values.global $.Values.global.containerSecurityContext }} + securityContext: +{{- toYaml $.Values.global.containerSecurityContext | nindent 12 }} + {{- end }} + ports: + - name: app + containerPort: 8080 + protocol: TCP + env: + - name: DEVTRON_APP_NAME + value: lens + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- if .dbconfig }} + - name: PG_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .dbconfig.secretName }} + key: {{ .dbconfig.keyName }} + {{- end }} + envFrom: + - configMapRef: + name: lens-cm + - secretRef: + name: lens-secret + {{- if .resources }} + resources: + {{- toYaml .resources | nindent 12 }} + {{- end }} + volumeMounts: [] + revisionHistoryLimit: 3 +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/devtron/templates/migrator.yaml b/charts/devtron/templates/migrator.yaml index 6a9b014380..f663ee208e 100644 --- a/charts/devtron/templates/migrator.yaml +++ b/charts/devtron/templates/migrator.yaml @@ -270,7 +270,7 @@ spec: - /bin/sh - -c - cp -r sql /shared/ - image: {{ $.Values.lens.image }} + image: {{ $.Values.components.lens.image }} name: init-lens {{- if and $.Values.global $.Values.global.containerSecurityContext }} securityContext: diff --git a/charts/devtron/templates/workflow.yaml b/charts/devtron/templates/workflow.yaml index 1548e27533..aeb8b66196 100644 --- a/charts/devtron/templates/workflow.yaml +++ b/charts/devtron/templates/workflow.yaml @@ -35,6 +35,8 @@ kind: CustomResourceDefinition metadata: name: workflows.argoproj.io spec: + conversion: + strategy: None group: argoproj.io names: kind: Workflow @@ -67,12 +69,12 @@ spec: type: object spec: type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true status: type: object - x-kubernetes-preserve-unknown-fields: true x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true required: - metadata - spec @@ -86,6 +88,8 @@ kind: CustomResourceDefinition metadata: name: workflowtemplates.argoproj.io spec: + conversion: + strategy: None group: argoproj.io names: kind: WorkflowTemplate @@ -116,6 +120,799 @@ spec: served: true storage: true --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtasksets.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowtaskresults.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactGC: + properties: + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + enum: + - "" + - OnWorkflowCompletion + - OnWorkflowDeletion + - Never + type: string + type: object + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + azure: + properties: + accountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + blob: + type: string + container: + type: string + endpoint: + type: string + useSDKCreds: + type: boolean + required: + - blob + - container + - endpoint + type: object + deleted: + type: boolean + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + branch: + type: string + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + singleBranch: + type: boolean + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + auth: + properties: + basicAuth: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + clientCert: + properties: + clientCertSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + clientKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + oauth2: + properties: + clientIDSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + clientSecretSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + endpointParams: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + scopes: + items: + type: string + type: array + tokenURLSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: workflowartifactgctasks.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: WorkflowArtifactGCTask + listKind: WorkflowArtifactGCTaskList + plural: workflowartifactgctasks + shortNames: + - wfat + singular: workflowartifactgctask + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -228,15 +1025,6 @@ rules: - update - patch - delete -- apiGroups: - - argoproj.io - resources: - - workflowtemplates - - workflowtemplates/finalizers - verbs: - - get - - list - - watch - apiGroups: - "" resources: @@ -249,8 +1037,10 @@ rules: - "" resources: - persistentvolumeclaims + - persistentvolumeclaims/finalizers verbs: - create + - update - delete - get - apiGroups: @@ -258,6 +1048,9 @@ rules: resources: - workflows - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowartifactgctasks verbs: - get - list @@ -265,15 +1058,27 @@ rules: - update - patch - delete + - create - apiGroups: - argoproj.io resources: - workflowtemplates - workflowtemplates/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers verbs: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + - workflowtaskresults/finalizers + verbs: + - list + - watch + - deletecollection - apiGroups: - "" resources: @@ -341,7 +1146,9 @@ data: parallelism: 50 artifactRepository: archiveLogs: false + {{- if not $.Values.workflowController.IMDSv2Enforced }} containerRuntimeExecutor: pns + {{- end }} executor: imagePullPolicy: Always kind: ConfigMap @@ -368,7 +1175,11 @@ spec: - --configmap - workflow-controller-configmap - --executor-image + {{- if $.Values.workflowController.IMDSv2Enforced }} - {{ $.Values.workflowController.executorImage }} + {{- else }} + - quay.io/argoproj/argoexec:v3.0.7 + {{- end }} command: - workflow-controller env: @@ -377,7 +1188,15 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name + {{- if $.Values.workflowController.IMDSv2Enforced }} + - name: POD_NAMES + value: v1 + {{- end }} + {{- if $.Values.workflowController.IMDSv2Enforced }} image: {{ $.Values.workflowController.image }} + {{- else }} + image: quay.io/argoproj/workflow-controller:v3.0.7 + {{- end }} name: workflow-controller {{- if $.Values.workflowController.resources }} resources: @@ -385,4 +1204,4 @@ spec: {{- end }} serviceAccountName: argo {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/devtron/values.yaml b/charts/devtron/values.yaml index 6ff484957c..c9da3f93e6 100644 --- a/charts/devtron/values.yaml +++ b/charts/devtron/values.yaml @@ -10,7 +10,7 @@ global: installer: repo: "devtron-labs/devtron" # For Kubernetes version < 1.16, set release: legacy. You won't be able to upgrade Devtron unless you upgrade the K8s version to 1.16 or above. - release: "v0.6.22" #You can use a branch name or a release tag name as a release, for gitee as source only "main" is supported as of now + release: "v0.6.23" #You can use a branch name or a release tag name as a release, for gitee as source only "main" is supported as of now image: quay.io/devtron/inception tag: 44b30917-185-13275 source: "github" # Available options are github and gitee @@ -55,15 +55,17 @@ components: ENABLE_BUILD_CONTEXT: "true" ENABLE_RESTART_WORKLOAD: "true" HIDE_EXCLUDE_INCLUDE_GIT_COMMITS: "false" - image: "quay.io/devtron/dashboard:12717798-325-16265" + ENABLE_SCOPED_VARIABLES: "true" + ENABLE_CI_JOB: "true" + image: "quay.io/devtron/dashboard:ba04f4f4-325-18824" imagePullPolicy: IfNotPresent devtron: - image: "quay.io/devtron/hyperion:3c1ba1ad-280-16262" - cicdImage: "quay.io/devtron/devtron:3c1ba1ad-434-16260" + image: "quay.io/devtron/hyperion:65577374-280-18804" + cicdImage: "quay.io/devtron/devtron:50ac85e6-434-18829" imagePullPolicy: IfNotPresent customOverrides: - DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:d8d774c3-138-16238" + DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:ad3af321-138-18662" serviceMonitor: enabled: false service: @@ -93,10 +95,14 @@ components: authenticator: "quay.io/devtron/authenticator:e414faff-393-13273" kubelink: - image: "quay.io/devtron/kubelink:aefc1baf-318-16208" + image: "quay.io/devtron/kubelink:25052130-318-18795" imagePullPolicy: IfNotPresent configs: ENABLE_HELM_RELEASE_CACHE: "true" + MANIFEST_FETCH_BATCH_SIZE: "2" + NATS_MSG_PROCESSING_BATCH_SIZE: "1" + NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 + RUN_HELM_INSTALL_IN_ASYNC_MODE: "true" PG_ADDR: postgresql-postgresql.devtroncd PG_DATABASE: orchestrator PG_LOG_QUERY: "true" @@ -113,7 +119,34 @@ components: persistence: volumeSize: "20Gi" gitsensor: - image: "quay.io/devtron/git-sensor:46b8f0f1-200-16195" + image: "quay.io/devtron/git-sensor:b6c3ea0e-200-16327" + imagePullPolicy: "IfNotPresent" + serviceMonitor: + enabled: false + persistence: + volumeSize: 2Gi + configs: + PG_ADDR: postgresql-postgresql.devtroncd + PG_USER: postgres + COMMIT_STATS_TIMEOUT_IN_SEC: "2" + ENABLE_FILE_STATS: "true" + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password + lens: + image: "quay.io/devtron/lens:8803028b-333-16178" + imagePullPolicy: IfNotPresent + configs: + GIT_SENSOR_PROTOCOL: GRPC + GIT_SENSOR_URL: git-sensor-service.devtroncd:90 + NATS_SERVER_HOST: nats://devtron-nats.devtroncd:4222 + PG_ADDR: postgresql-postgresql.devtroncd + PG_PORT: "5432" + PG_USER: postgres + PG_DATABASE: lens + dbconfig: + secretName: postgresql-postgresql + keyName: postgresql-password migrator: image: "quay.io/devtron/migrator:v4.16.2" envVars: @@ -294,7 +327,7 @@ security: notifier: enabled: false imagePullPolicy: IfNotPresent - image: "quay.io/devtron/notifier:d9c72180-372-14306" + image: "quay.io/devtron/notifier:d71bcbcd-372-18717" configs: CD_ENVIRONMENT: PROD DB: orchestrator @@ -318,11 +351,11 @@ minio: storage: "50Gi" # Change below values for workflow controller workflowController: - image: "quay.io/argoproj/workflow-controller:v3.0.7" - executorImage: "quay.io/argoproj/argoexec:v3.0.7" + # Set this to true if you have IMDSv2 enforced or IMDSv1 and v2 on your AWS EKS cluster and false if you are using IMDSv1 with token hop limit set to 1 + IMDSv2Enforced: true + image: "quay.io/argoproj/workflow-controller:v3.4.3" + executorImage: "quay.io/argoproj/argoexec:v3.4.3" -lens: - image: "quay.io/devtron/lens:8803028b-333-16178" # Values for grafana integration monitoring: grafana: diff --git a/manifests/install/devtron-installer.yaml b/manifests/install/devtron-installer.yaml index a035d78329..101cec01c3 100644 --- a/manifests/install/devtron-installer.yaml +++ b/manifests/install/devtron-installer.yaml @@ -4,4 +4,4 @@ metadata: name: installer-devtron namespace: devtroncd spec: - url: https://raw.githubusercontent.com/devtron-labs/devtron/v0.6.22/manifests/installation-script + url: https://raw.githubusercontent.com/devtron-labs/devtron/v0.6.23/manifests/installation-script diff --git a/manifests/installation-script b/manifests/installation-script index 3d9964e8f3..1c30ab92be 100644 --- a/manifests/installation-script +++ b/manifests/installation-script @@ -1,4 +1,4 @@ -LTAG="v0.6.22"; +LTAG="v0.6.23"; REPO_RAW_URL="https://raw.githubusercontent.com/devtron-labs/devtron/"; operatorSecret = kubectl get secret -n devtroncd devtron-operator-secret; @@ -60,11 +60,7 @@ if !defaultCacheBucket { ######Generating raw urls argocdResource_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/argocd-resource.json"; devtronHousekeeping_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/devtron-housekeeping.yaml"; -dashboard_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/dashboard.yaml"; -gitSensor_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/gitsensor.yaml"; -kubelink_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/kubelink.yaml"; kubewatch_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/kubewatch.yaml"; -lens_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/lens.yaml"; natsServer_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/nats-server.yaml"; devtron_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/devtron.yaml"; devtronIngress_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/devtron-ingress.yaml"; @@ -74,49 +70,33 @@ devtronIngress_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/devtron-ingress-leg log(devtronIngress_raw); serviceAccount_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/serviceaccount.yaml"; namespace_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/namespace.yaml"; -rollout_raw = REPO_RAW_URL + LTAG + "/manifests/yamls/rollout.yaml"; ######Downloading the manifests argocdResource = download(argocdResource_raw); devtronHousekeeping = download(devtronHousekeeping_raw); -dashboard = download(dashboard_raw); -gitSensor = download(gitSensor_raw); -kubelink = download(kubelink_raw); kubewatch = download(kubewatch_raw); -lens = download(lens_raw); natsServer = download(natsServer_raw); devtron = download(devtron_raw); devtronIngress = download(devtronIngress_raw); serviceAccount = download(serviceAccount_raw); namespace = download(namespace_raw); -rollout = download(rollout_raw); ######Downloading the manifests devtronHousekeepingOverride = kubectl get cm -n devtroncd devtron-housekeeping-override-cm; -dashboardOverride = kubectl get cm -n devtroncd dashboard-override-cm; -gitSensorOverride = kubectl get cm -n devtroncd git-sensor-override-cm; -kubelinkOverride = kubectl get cm -n devtroncd kubelink-override-cm; kubewatchOverride = kubectl get cm -n devtroncd kubewatch-override-cm; -lensOverride = kubectl get cm -n devtroncd lens-override-cm; natsServerOverride = kubectl get cm -n devtroncd nats-server-override-cm; devtronOverride = kubectl get cm -n devtroncd devtron-override-cm; devtronIngressOverride = kubectl get cm -n devtroncd devtron-ingress-override-cm; serviceAccountOverride = kubectl get cm -n devtroncd devtron-service-account-override-cm; namespaceOverride = kubectl get cm -n devtroncd namespace-override-cm; -rolloutOverride = kubectl get cm -n devtroncd rollout-override-cm; -dashboardOverride = jsonSelect(dashboardOverride, "data.override"); -gitSensorOverride = jsonSelect(gitSensorOverride, "data.override"); -kubelinkOverride = jsonSelect(kubelinkOverride, "data.override"); kubewatchOverride = jsonSelect(kubewatchOverride, "data.override"); -lensOverride = jsonSelect(lensOverride, "data.override"); natsServerOverride = jsonSelect(natsServerOverride, "data.override"); devtronOverride = jsonSelect(devtronOverride, "data.override"); devtronIngressOverride = jsonSelect(devtronIngressOverride, "data.override"); serviceAccountOverride = jsonSelect(serviceAccountOverride, "data.override"); namespaceOverride = jsonSelect(namespaceOverride, "data.override"); -rolloutOverride = jsonSelect(rolloutOverride, "data.override"); namespaces = kubectl apply namespace; log("created namespaces"); @@ -126,15 +106,6 @@ log("created service account"); pa = kubectl patch -n devtroncd cm/argocd-cm --type "application/json-patch+json" -p argocdResource; log("executed argocd setup command"); -#rollout -rollout = kubectl apply -n devtroncd rollout -u rolloutOverride; -log("executed rollout setup command"); - -#git-sensor -kubeYamlEdit(gitSensor, "data.PG_PASSWORD", postgresqlPassword, `/Secret//git-sensor-secret`); - -#lens -kubeYamlEdit(lens, "data.PG_PASSWORD", postgresqlPassword, `/Secret//lens-secret`); migDelete = kubectl delete -n devtroncd job devtron-housekeeping; if !migDelete { @@ -230,50 +201,8 @@ if !helmInstallation { devtron = kubectl apply -n devtroncd devtron -u devtronOverride; log("executed devtron setup"); -if !helmInstallation { - if devtronIngressAnnotations { - log("editing ingress"); - kubeYamlEdit(devtronIngress, "metadata.annotations", devtronIngressAnnotations, `extensions/Ingress//devtron-ingress`, "asObject"); - } - - if setupDevtronIngress { - log("fetch ingress"); - existingIngress = kubectl get -n devtroncd ing devtron-ingress; - } - - if existingIngress { - annotations = jsonSelect(existingIngress, "metadata.annotations"); - } - - if annotations { - kubeYamlEdit(devtronIngress, "metadata.annotations", annotations, `extensions/Ingress//devtron-ingress`, "asObject"); - } - - if setupDevtronIngress { - log("setup ingress"); - log(devtronIngress); - devtronIngress = kubectl apply -n devtroncd devtronIngress -u devtronIngressOverride; - } - - log("executed devtron ingress setup"); -} - -if !helmInstallation { - dashboard = kubectl apply -n devtroncd dashboard -u dashboardOverride; - log("executed dashboard setup"); -} -gitSensor = kubectl apply -n devtroncd gitSensor -u gitSensorOverride; -log("executed git sensor setup"); -##imageScanner = kubectl apply -n devtroncd imageScanner -u imageScannerOverride; -log("executed image scanner setup"); -if !helmInstallation { - kubelink = kubectl apply -n devtroncd kubelink -u kubelinkOverride; - log("executed kubelink setup"); -} kubewatch = kubectl apply -n devtroncd kubewatch -u kubewatchOverride; log("executed kubewatch setup"); -lens = kubectl apply -n devtroncd lens -u lensOverride; -log("executed lens setup"); ## Applying Housekeeping Job appHousekeeping = kubectl apply -n devtroncd devtronHousekeeping -u devtronHousekeepingOverride; diff --git a/manifests/release.txt b/manifests/release.txt index 5b8cfb00ed..9543b3f3f9 100644 --- a/manifests/release.txt +++ b/manifests/release.txt @@ -1 +1 @@ -stable -1 v0.6.22 +stable -1 v0.6.23 diff --git a/manifests/version.txt b/manifests/version.txt index 635026fb80..d44996fff6 100644 --- a/manifests/version.txt +++ b/manifests/version.txt @@ -1 +1 @@ -v0.6.22 +v0.6.23 diff --git a/manifests/yamls/dashboard.yaml b/manifests/yamls/dashboard.yaml index 585154c84f..4113536571 100644 --- a/manifests/yamls/dashboard.yaml +++ b/manifests/yamls/dashboard.yaml @@ -235,7 +235,7 @@ spec: - name: envoy-config-volume mountPath: /etc/envoy-config/ - name: dashboard - image: "quay.io/devtron/dashboard:12717798-325-16265" + image: "quay.io/devtron/dashboard:ba04f4f4-325-18824" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/manifests/yamls/devtron.yaml b/manifests/yamls/devtron.yaml index dbb58c74e8..efc37b5e90 100644 --- a/manifests/yamls/devtron.yaml +++ b/manifests/yamls/devtron.yaml @@ -53,7 +53,7 @@ data: CD_NODE_TAINTS_VALUE: "ci" CD_ARTIFACT_LOCATION_FORMAT: "%d/%d.zip" DEFAULT_CD_NAMESPACE: "devtron-cd" - DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:d8d774c3-138-16238" + DEFAULT_CI_IMAGE: "quay.io/devtron/ci-runner:ad3af321-138-18662" DEFAULT_CD_TIMEOUT: "3600" WF_CONTROLLER_INSTANCE_ID: "devtron-runner" CI_LOGS_KEY_PREFIX: "ci-artifacts" @@ -94,6 +94,13 @@ data: GIT_SENSOR_PROTOCOL: GRPC GIT_SENSOR_URL: git-sensor-service.devtroncd:90 ENABLE_BUILD_CONTEXT: "true" + CI_SUCCESS_AUTO_TRIGGER_BATCH_SIZE: "1" + SKIP_GITOPS_VALIDATION: "false" + SKIP_CREATING_ECR_REPO: "false" + SCOPED_VARIABLE_ENABLED: "true" + SCOPED_VARIABLE_HANDLE_PRIMITIVES: "true" + MAX_CI_WORKFLOW_RETRIES: "0" + MAX_CD_WORKFLOW_RUNNER_RETRIES: "0" --- apiVersion: v1 kind: ConfigMap @@ -162,7 +169,7 @@ spec: runAsUser: 1000 containers: - name: devtron - image: "quay.io/devtron/devtron:3c1ba1ad-434-16260" + image: "quay.io/devtron/devtron:50ac85e6-434-18829" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/gitsensor.yaml b/manifests/yamls/gitsensor.yaml index 69d499c96f..b274a4bb12 100644 --- a/manifests/yamls/gitsensor.yaml +++ b/manifests/yamls/gitsensor.yaml @@ -67,7 +67,7 @@ spec: - /bin/sh - -c - mkdir -p /git-base/ssh-keys && chown -R devtron:devtron /git-base && chmod 777 /git-base/ssh-keys - image: "quay.io/devtron/git-sensor:46b8f0f1-200-16195" + image: "quay.io/devtron/git-sensor:b6c3ea0e-200-16327" imagePullPolicy: IfNotPresent name: chown-git-base resources: {} @@ -80,7 +80,7 @@ spec: name: git-volume containers: - name: git-sensor - image: "quay.io/devtron/git-sensor:46b8f0f1-200-16195" + image: "quay.io/devtron/git-sensor:b6c3ea0e-200-16327" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/kubelink.yaml b/manifests/yamls/kubelink.yaml index 0db8070821..b8eb486fe1 100644 --- a/manifests/yamls/kubelink.yaml +++ b/manifests/yamls/kubelink.yaml @@ -25,7 +25,7 @@ spec: runAsUser: 1000 containers: - name: kubelink - image: "quay.io/devtron/kubelink:aefc1baf-318-16208" + image: "quay.io/devtron/kubelink:25052130-318-18795" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/kubewatch.yaml b/manifests/yamls/kubewatch.yaml index 96a2c34f0e..65db0c5d12 100644 --- a/manifests/yamls/kubewatch.yaml +++ b/manifests/yamls/kubewatch.yaml @@ -164,7 +164,7 @@ spec: runAsUser: 1000 containers: - name: kubewatch - image: "quay.io/devtron/kubewatch:49f906a5-419-14814" + image: "quay.io/devtron/kubewatch:79d44ddc-370-18559" securityContext: allowPrivilegeEscalation: false runAsUser: 1000 diff --git a/manifests/yamls/migrator.yaml b/manifests/yamls/migrator.yaml index 009c28505a..c9971d3008 100644 --- a/manifests/yamls/migrator.yaml +++ b/manifests/yamls/migrator.yaml @@ -47,7 +47,7 @@ spec: - name: MIGRATE_TO_VERSION value: "0" - name: GIT_HASH - value: 3c1ba1ad06cf134743c08667e8589dbd2f97c57d + value: 50ac85e68d6e020797b0db342527c79a89c9c969 envFrom: - secretRef: name: postgresql-migrator @@ -96,7 +96,7 @@ spec: - name: MIGRATE_TO_VERSION value: "0" - name: GIT_HASH - value: 3c1ba1ad06cf134743c08667e8589dbd2f97c57d + value: 50ac85e68d6e020797b0db342527c79a89c9c969 - name: GIT_BRANCH value: main envFrom: @@ -148,7 +148,7 @@ spec: - name: GIT_BRANCH value: main - name: GIT_HASH - value: 46b8f0f18a3402234663ba963496e2b8ced271ae + value: b6c3ea0ef2d3dff004b572916ff804914b8d938a envFrom: - secretRef: name: postgresql-migrator diff --git a/manifests/yamls/notifier.yaml b/manifests/yamls/notifier.yaml index 8424138a09..5c7cd4f2a9 100644 --- a/manifests/yamls/notifier.yaml +++ b/manifests/yamls/notifier.yaml @@ -66,7 +66,7 @@ spec: restartPolicy: Always containers: - name: notifier - image: quay.io/devtron/notifier:d9c72180-372-14306 + image: quay.io/devtron/notifier:d71bcbcd-372-18717 imagePullPolicy: IfNotPresent ports: - name: app diff --git a/manifests/yamls/serviceaccount.yaml b/manifests/yamls/serviceaccount.yaml index 6b9bee776f..b29127e812 100644 --- a/manifests/yamls/serviceaccount.yaml +++ b/manifests/yamls/serviceaccount.yaml @@ -158,15 +158,6 @@ rules: - update - patch - delete -- apiGroups: - - argoproj.io - resources: - - workflowtemplates - - workflowtemplates/finalizers - verbs: - - get - - list - - watch - apiGroups: - "" resources: @@ -179,8 +170,10 @@ rules: - "" resources: - persistentvolumeclaims + - persistentvolumeclaims/finalizers verbs: - create + - update - delete - get - apiGroups: @@ -188,6 +181,9 @@ rules: resources: - workflows - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowartifactgctasks verbs: - get - list @@ -195,15 +191,27 @@ rules: - update - patch - delete + - create - apiGroups: - argoproj.io resources: - workflowtemplates - workflowtemplates/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers verbs: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + - workflowtaskresults/finalizers + verbs: + - list + - watch + - deletecollection - apiGroups: - "" resources: diff --git a/releasenotes.md b/releasenotes.md index 56918bb5d4..e7cc215a5c 100644 --- a/releasenotes.md +++ b/releasenotes.md @@ -1,38 +1,74 @@ -## v0.6.22 +## v0.6.23 ## Bugs -- fix: updated adapter for cluster object (#3900) -- fix: rbac-modification for cluster list (#3767) -- fix: Helm app deployment history page breaking due to user details not found (#3873) -- fix: ci pip status query optmization (#3877) -- fix: migration script for virtual cluster v3 (#3870) -- fix: cloning app cmcs global boolean value fix (#3862) -- fix: Makefile correction (#3852) -- fix: deleting pipeline stage and related data if no stage steps are found (#3832) -- fix: Port number fix in helm app (#3843) -- fix: External cm and secret in jobs not getting added as env variable in container (#3815) -- fix: pre-cd pod not getting scheduled when node affinity is not present in external cluster. (#3806) -- fix: k8s permission and chart-group permission not getting deleted from orchestrator (#3824) -- fix: added missing audit logs while deleting cd pipeline (#3822) +- fix: DT19-v1 bug fixes (#3962) +- fix: ci pod request correction (#3980) +- fix: pipelineOverride id being sent instead of pipelineId (#3984) +- fix: Iam role handling script for plugin pull image from CR (#3955) +- fix: Deployment Template HCL parsing with % keyword (#4012) +- fix: handled releaseNotExists case for helm type cd pipeline resource tree fetch (#4016) +- fix: auto post cd not working in case of multiple parallel gitOps pipeline (#4018) +- fix: handled error in bulk trigger deploy (#4034) +- fix: The manager(non-admin user) of the application is unable to select a list of apps when assigning permissions (#4053) +- fix: ci job handling in app create api (#4054) +- fix: Deploying currently Active image using TriggerDeploy API from devtctl tool is broken (#4056) +- fix: Unable to delete ci pipeline in case you configure multi git (#4072) +- fix: env for specific deployment (#4085) +- fix: update build configuration fix (#4093) +- fix: Artifacts filter in CD trigger view (#4064) +- fix: Bugathon DT-19 version-2 fixes (#4105) +- fix: App Labels node selector not getting attach in ci-workflow (#4084) +- fix: Update cd pipeline create empty pre post cd steps (#4113) +- fix: normal Refresh after triggering gitops deployment to avoid sync delay in argo (#4066) +- fix: helm chart delete when no rows are found (#4124) +- fix: Unable to abort pre-cd and post-cd workflow (#4121) +- fix: Helm Apps permissions do not allow Terminal or Logs view (#4110) +- fix: port service mapping (#4132) ## Enhancements -- feat: added new statefulset-5-0-0 chart in reference chart (#3909) -- feat: added configurable provenance flag for buildx builds (#3905) -- feat: deployment history release not found err handling (#3811) -- feat: added validation for create app workflow API (#3842) -- feat: custom chart download (#3801) -- feat: Virtual cluster v3 (#3764) -- feat: Maintaining audit logs (#3763) -- feat: Capability to block deployments in case of vulnerabilities only if FIXED IN VERSION available (#3796) +- feat: Helm async install (#3856) +- feat: handle CI success event auto trigger in batch (#3951) +- feat: added env variable to skip gitops validation on create/update (#3956) +- feat: added flag to configure ecr repo creation (#3963) +- feat: Ability to change branch for all selected applications during bulk build from Application Groups (#3955) +- feat: Variables support in pre-post CI, CD and Jobs (#3911) +- feat: Poll Images from ECR Container Repository Plugin (#3971) +- feat: resource groups CRUD and environment filtering (#3974) +- feat: Scoped variables primitive handling (#4033) +- feat: adding DEVTRON_APP_NAME system variable for deployment template (#4041) +- feat: wf pod restart (#3892) +- feat: added deduction for system variables (#4075) +- feat: manifest comparision (#3844) +- feat: multiple images handling for single workflow for ECR Plugin Poll Images (#4027) +- feat: Jenkins plugin migration (#4039) +- feat: clone cd pipelines while cloning app across project (#4087) ## Documentation -- doc: draft version of Graviton benchmark (#3890) -- doc: Okta SSO Configuration Doc (#3876) +- doc: Glossary of jargonish terms for layman in the context of Devtron (#3820) +- docs: Ephemeral Container Doc (#3912) +- docs: New Image Alignment in Ephemeral doc (#3959) +- docs: Snapshot updation in PVC docs + PreBuild CI-CD (#3964) +- doc: Fixed issuer url in okta docs (#4062) +- docs: Config Approval Draft (#3981) +- docs: Modified Existing Container Registry Doc (#4048) +- docs: Added OCI Pull in Usecases (#4112) ## Others -- chore: changes for migration no conflict (#3919) -- chore: Changed in Docker file for SQL file (#3904) -- chore: adjust duplicate action threshold (#3879) -- chore: find potential-duplicate issues (#3858) -- chore: Update pr-issue-validator.yaml (#3849) - - +- chore: added workflow to escalate pager-duty issue (#3927) +- chore: changed loop from for to while (#3928) +- chore: scheduled escalate pager duty issue workflow (#3933) +- chore: added log config for dev mode (#3953) +- chore: minor correction in devtron reference charts (#3957) +- chore: workflow refactoring (#3714) +- chore: pr-issue-validator permissions fix (#3967) +- chore: added CODEOWNERS (#3966) +- chore: Scoped variable refactoring (#3977) +- chore: modified labels of keda autoscale object in deployment chart (#3999) +- chore: Update pr-issue-validator.yaml (#3854) +- chore: refactoring around PipelineBuilder (#4043) +- chore: moved k8s library to common-lib and added scripts for adding sshTunnel config to clusters (#3848) +- chore: Add pager-duty issue template (#3988) +- chore: first cut refactor ci-pipeline (#4091) +- chore: refactored appartifact manager and cimaterialconfigservice (#4096) +- chore: Remove the EnvVariablesFromFieldPath from values.yaml in refcharts (#4111) +- chore: Updated schema for Scope Variable (#4079) +- chore: skip validation for release PRs (#4128)