Merge branch 'feat/workflows-codefresh-saas-s3' into chore/merge-logs-and-gitops-operator-bump

scme0 · scme0 · commit 61d4818dca5a · 2025-05-12T12:38:47.000+02:00
# Conflicts:
#	charts/gitops-runtime/README.md
diff --git a/charts/gitops-runtime/Chart.yaml b/charts/gitops-runtime/Chart.yaml
@@ -42,11 +42,6 @@ dependencies:
   version: 0.7.1
   alias: gitops-operator
   condition: gitops-operator.enabled
-- name: garage
-  repository: https://codefresh-io.github.io/garage
-  alias: garage-workflows-artifact-storage
-  version: 0.5.0-cf.3
-  condition: garage-workflows-artifact-storage.enabled
 - name: cf-argocd-extras
   repository: oci://quay.io/codefresh/charts
   version: 0.3.21
diff --git a/charts/gitops-runtime/README.md b/charts/gitops-runtime/README.md
@@ -16,6 +16,18 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
 ## Codefresh official documentation:
 Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/
 
+## Argo-workflows artifact and log storage
+> [!NOTE]
+> This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage.
+
+If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration.
+To prevent this please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key`
+to the respective key in your configmap identifying the repository.
+> [!WARNING]
+> It's highly recommended to use your own artifact storage for data privacy reasons.
+> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes.
+> Please refer to the official documentation for more details.
+
 ## Installation with External ArgoCD
 
 If you want to use an existing ArgoCD installation, you can disable the built-in ArgoCD and configure the GitOps Runtime to use the external ArgoCD.
@@ -259,15 +271,19 @@ sealed-secrets:
 | argo-rollouts.enabled | bool | `true` |  |
 | argo-rollouts.fullnameOverride | string | `"argo-rollouts"` |  |
 | argo-rollouts.installCRDs | bool | `true` |  |
+| argo-workflows.codefreshWorkflowLogs | object | `{"endpoint":"gitops-workflow-logs.codefresh.io","insecure":false}` | Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support. |
+| argo-workflows.controller.workflowDefaults.spec.archiveLogs | bool | `true` |  |
+| argo-workflows.controller.workflowDefaults.spec.artifactRepositoryRef | object | `{"configMap":"codefresh-workflows-log-store","key":"codefresh-workflows-log-store"}` | By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository |
 | argo-workflows.crds.install | bool | `true` | Install and upgrade CRDs |
 | argo-workflows.enabled | bool | `true` |  |
 | argo-workflows.executor.resources.requests.ephemeral-storage | string | `"10Mi"` |  |
 | argo-workflows.fullnameOverride | string | `"argo"` |  |
 | argo-workflows.mainContainer.resources.requests.ephemeral-storage | string | `"10Mi"` |  |
 | argo-workflows.server.authModes | list | `["client"]` | auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI |
 | argo-workflows.server.baseHref | string | `"/workflows/"` | Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh. |
-| cf-argocd-extras | object | `{"libraryMode":true}` | Codefresh extra services for ArgoCD |
+| cf-argocd-extras | object | `{"eventReporter":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]},"libraryMode":true,"sourcesServer":{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}}` | Codefresh extra services for ArgoCD |
 | cf-argocd-extras.libraryMode | bool | `true` | Library mode for the chart. Allows to inject values from gitops runtime chart |
+| cf-argocd-extras.sourcesServer | object | `{"affinity":{},"enabled":true,"nodeSelector":{},"tolerations":[]}` | Sources server configuration |
 | event-reporters.rollout.eventSource.affinity | object | `{}` |  |
 | event-reporters.rollout.eventSource.nodeSelector | object | `{}` |  |
 | event-reporters.rollout.eventSource.replicas | int | `1` |  |
@@ -304,14 +320,6 @@ sealed-secrets:
 | event-reporters.workflow.sensor.retryStrategy.steps | int | `3` | Number of retries |
 | event-reporters.workflow.sensor.tolerations | list | `[]` |  |
 | event-reporters.workflow.serviceAccount.create | bool | `true` |  |
-| garage-workflows-artifact-storage | object | `{"deployment":{"kind":"StatefulSet","replicaCount":3},"enabled":false,"fullnameOverride":"garage","garage":{"replicationMode":3},"persistence":{"data":{"size":"100Mi","storageClass":""},"enabled":true,"meta":{"size":"100Mi","storageClass":""}},"resources":{},"tests":{"enabled":false}}` | Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC) |
-| garage-workflows-artifact-storage.deployment.kind | string | `"StatefulSet"` | Only statefulset is supported for Codefresh gitops runtime. Do not change this |
-| garage-workflows-artifact-storage.persistence.data | object | `{"size":"100Mi","storageClass":""}` | Volume that stores artifacts and logs for workflows |
-| garage-workflows-artifact-storage.persistence.data.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used |
-| garage-workflows-artifact-storage.persistence.meta | object | `{"size":"100Mi","storageClass":""}` | Volume that stores cluster metadata |
-| garage-workflows-artifact-storage.persistence.meta.storageClass | string | `""` | When empty value empty the default storage class for the cluster will be used |
-| garage-workflows-artifact-storage.resources | object | `{}` | Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size. |
-| garage-workflows-artifact-storage.tests | object | `{"enabled":false}` | Helm tests |
 | gitops-operator.affinity | object | `{}` |  |
 | gitops-operator.crds | object | `{"additionalLabels":{},"annotations":{},"install":true,"keep":false}` | Codefresh gitops operator crds |
 | gitops-operator.crds.additionalLabels | object | `{}` | Additional labels for gitops operator CRDs |
@@ -369,7 +377,8 @@ sealed-secrets:
 | global.external-argo-rollouts | object | `{"rollout-reporter":{"enabled":false}}` | Configuration for external Argo Rollouts |
 | global.external-argo-rollouts.rollout-reporter | object | `{"enabled":false}` | Rollout reporter settings |
 | global.external-argo-rollouts.rollout-reporter.enabled | bool | `false` | Enable or disable rollout reporter Configuration is defined at .Values.event-reporters.rollout |
-| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","replicas":3}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings |
+| global.nodeSelector | object | `{}` | Global nodeSelector for all components |
+| global.runtime | object | `{"cluster":"https://kubernetes.default.svc","codefreshHosted":false,"eventBus":{"annotations":{},"name":"codefresh-eventbus","nats":{"native":{"affinity":{},"auth":"token","containerTemplate":{"resources":{"limits":{"cpu":"500m","ephemeral-storage":"2Gi","memory":"4Gi"},"requests":{"cpu":"200m","ephemeral-storage":"2Gi","memory":"1Gi"}}},"maxPayload":"4MB","nodeSelector":{},"replicas":3,"tolerations":[]}},"pdb":{"enabled":true,"minAvailable":2}},"gitCredentials":{"password":{"secretKeyRef":{},"value":null},"username":"username"},"ingress":{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]},"ingressUrl":"","isConfigurationRuntime":false,"name":null}` | Runtime level settings |
 | global.runtime.cluster | string | `"https://kubernetes.default.svc"` | Runtime cluster. Should not be changed. |
 | global.runtime.codefreshHosted | bool | `false` | Defines whether this is a Codefresh hosted runtime. Should not be changed. |
 | global.runtime.eventBus.annotations | object | `{}` | Annotations on EventBus resource |
@@ -381,15 +390,17 @@ sealed-secrets:
 | global.runtime.gitCredentials.password.secretKeyRef | object | `{}` | secretKeyReference for Git credentials password. Provide name and key fields. |
 | global.runtime.gitCredentials.password.value | string | `nil` | Plain text password |
 | global.runtime.gitCredentials.username | string | `"username"` | Username. Optional when using token in password. |
-| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings |
+| global.runtime.ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"labels":{},"protocol":"https","skipValidation":false,"tls":[]}` | Ingress settings |
 | global.runtime.ingress.enabled | bool | `false` | Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false. |
 | global.runtime.ingress.hosts | list | `[]` | Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime. |
 | global.runtime.ingress.protocol | string | `"https"` | The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https. |
 | global.runtime.ingress.skipValidation | bool | `false` | if set to true, the pre-install hook will validate the existance of appropriate values, but *will not* attempt to make a web request to the ingress host |
 | global.runtime.ingressUrl | string | `""` | Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false) |
 | global.runtime.isConfigurationRuntime | bool | `false` | is the runtime set as a "configuration runtime". |
 | global.runtime.name | string | `nil` | Runtime name. Must be unique per platform account. |
-| installer | object | `{"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"skipValidation":false}` | Runtime installer used for running hooks and checks on the release |
+| global.tolerations | list | `[]` | Global tolerations for all components |
+| installer | object | `{"affinity":{},"argoCdVersionCheck":{"argoServerLabels":{"app.kubernetes.io/component":"server","app.kubernetes.io/part-of":"argocd"}},"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/gitops-runtime-installer","tag":""},"nodeSelector":{},"skipUsageValidation":false,"skipValidation":false,"tolerations":[]}` | Runtime installer used for running hooks and checks on the release |
+| installer.skipUsageValidation | bool | `false` | if set to true, pre-install hook will *not* run |
 | installer.skipValidation | bool | `false` | if set to true, pre-install hook will *not* run |
 | internal-router.affinity | object | `{}` |  |
 | internal-router.clusterDomain | string | `"cluster.local"` |  |
@@ -424,6 +435,6 @@ sealed-secrets:
 | internal-router.serviceAccount.name | string | `""` |  |
 | internal-router.tolerations | list | `[]` |  |
 | sealed-secrets | object | `{"fullnameOverride":"sealed-secrets-controller","image":{"registry":"quay.io","repository":"codefresh/sealed-secrets-controller","tag":"0.29.0"},"keyrenewperiod":"720h","resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"200m","memory":"512Mi"}}}` | --------------------------------------------------------------------------------------------------------------------- |
-| tunnel-client | object | `{"enabled":true,"libraryMode":true,"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. |
+| tunnel-client | object | `{"affinity":{},"enabled":true,"libraryMode":true,"nodeSelector":{},"tolerations":[],"tunnelServer":{"host":"register-tunnels.cf-cd.com","subdomainHost":"tunnels.cf-cd.com"}}` | Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes. |
 | tunnel-client.enabled | bool | `true` | Will only be used if global.runtime.ingress.enabled = false |
 | tunnel-client.libraryMode | bool | `true` | Do not change this value! Breaks chart logic |
diff --git a/charts/gitops-runtime/README.md.gotmpl b/charts/gitops-runtime/README.md.gotmpl
@@ -16,6 +16,19 @@ See [Use OCI-based registries](https://helm.sh/docs/topics/registries/)
 ## Codefresh official documentation:
 Prior to running the installation please see the official documentation at: https://codefresh.io/docs/docs/installation/gitops/hybrid-gitops-helm-installation/
 
+## Argo-workflows artifact and log storage
+> [!NOTE]
+> This version of the chart includes default configuration for storing workflow artifacts and logs in Codefresh provided s3 compatible storage.
+
+If you have your own storage configuration using the default configmap `artifact-repositories` upgrading the chart will override your artifact storage configuration.
+To prevent this please set `argo-workflows.controller.workflowDefaults.spec.artifactRepository.configMap` to `artifact-repositories` and `argo-workflows.controller.workflowDefaults.spec.artifactRepository.key`
+to the respective key in your configmap identifying the repository.
+> [!WARNING]
+> It's highly recommended to use your own artifact storage for data privacy reasons.
+> Codefresh provided storage has a retention policy of 14 days and limitations on uploaded file sizes.
+> Please refer to the official documentation for more details.
+
+
 ## Installation with External ArgoCD
 
 If you want to use an existing ArgoCD installation, you can disable the built-in ArgoCD and configure the GitOps Runtime to use the external ArgoCD.
diff --git a/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml b/charts/gitops-runtime/templates/codefresh-workflow-log-store.yaml
@@ -0,0 +1,21 @@
+{{- $_ := required "global.codefresh.accountId is required" .Values.global.codefresh.accountId }}
+apiVersion: v1
+data:
+  codefresh-workflows-log-store: |
+    archiveLogs: true
+    s3:
+      bucket: {{ .Values.global.codefresh.accountId }}
+      endpoint: {{ index .Values "argo-workflows" "codefreshWorkflowLogs" "endpoint" }}
+      insecure: {{ index .Values "argo-workflows" "codefreshWorkflowLogs" "insecure" }}
+      keyFormat: {{ .Values.global.runtime.name }}/{{ "{{" }}workflow.name{{ "}}" }}/{{ "{{" }}pod.name{{ "}}" }}
+      accessKeySecret:
+        name: codefresh-token
+        key: token
+      secretKeySecret:
+        name: codefresh-token
+        key: token
+kind: ConfigMap
+metadata:
+  annotations:
+    workflows.argoproj.io/default-artifact-repository: codefresh-workflows-log-store
+  name: codefresh-workflows-log-store
diff --git a/charts/gitops-runtime/templates/tunnel-client.yaml b/charts/gitops-runtime/templates/tunnel-client.yaml
@@ -10,4 +10,4 @@ reduce complexity of installation and number or mandatory values to provide for
 {{ $runtimeName := required "runtime.name is required" .Values.global.runtime.name }}
 {{ $_ := set $tunnelClientContext.Values.tunnel "subdomainPrefix" (printf "%s-%s" $accoundId $runtimeName)}}
 {{- include "codefresh-tunnel-client.resources" $tunnelClientContext }}
-{{- end }}
+{{- end }}
diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml
@@ -315,6 +315,18 @@ argo-workflows:
     resources:
       requests:
         ephemeral-storage: 10Mi
+  controller:
+    workflowDefaults:
+      spec:
+        archiveLogs: true
+        # -- By default artifact repository is set to a Codefresh provided repository. For data privacy it is reccommended to set your own artifact repository. For instructions see: https://argo-workflows.readthedocs.io/en/latest/configure-artifact-repository/#configuring-your-artifact-repository
+        artifactRepositoryRef:
+          configMap: codefresh-workflows-log-store
+          key: codefresh-workflows-log-store
+  # -- Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support.
+  codefreshWorkflowLogs:
+    endpoint: gitops-workflow-logs.codefresh.io
+    insecure: false
 
 #-----------------------------------------------------------------------------------------------------------------------
 # Argo rollouts
@@ -706,38 +718,6 @@ gitops-operator:
       cpu: 100m
       memory: 128Mi
 #-----------------------------------------------------------------------------------------------------------------------
-# Garage
-#-----------------------------------------------------------------------------------------------------------------------
-# -- Builtin Workflows artifacts storage solution. Local S3 backed by local persistence with (PV and PVC)
-garage-workflows-artifact-storage:
-  fullnameOverride: garage
-  enabled: false
-  deployment:
-    # -- Only statefulset is supported for Codefresh gitops runtime. Do not change this
-    kind: StatefulSet
-    replicaCount: 3
-  garage:
-    #-- Default to 3 replicas, see the replication_mode section at https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode
-    replicationMode: 3
-  persistence:
-    enabled: true
-    # -- Volume that stores cluster metadata
-    meta:
-      # -- When empty value empty the default storage class for the cluster will be used
-      storageClass: ""
-      size: 100Mi
-    # -- Volume that stores artifacts and logs for workflows
-    data:
-      # -- When empty value empty the default storage class for the cluster will be used
-      storageClass: ""
-      size: 100Mi
-  # -- Resources for garage pods. For smaller deployments at least 100m CPU and 1024Mi memory is reccommended. For larger deployments double this size.
-  resources: {}
-  # -- Helm tests
-  tests:
-    enabled: false
-
-#-----------------------------------------------------------------------------------------------------------------------
 # cf-argocd-extras
 #-----------------------------------------------------------------------------------------------------------------------
 # -- Codefresh extra services for ArgoCD
