diff --git a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml index 48f6eb77..60250770 100644 --- a/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-install/rbac.yaml @@ -41,3 +41,48 @@ metadata: helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed helm.sh/hook-weight: "-10" {{- end }} + +{{- if not .Values.installer.skipUsageValidation }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: validate-usage-cr + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: validate-usage-crb + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: validate-usage-cr +subjects: + - kind: ServiceAccount + name: validate-usage-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: validate-usage-sa + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +{{- end }} diff --git a/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml new file mode 100644 index 00000000..07541041 --- /dev/null +++ b/charts/gitops-runtime/templates/hooks/pre-install/validate-usage.yaml @@ -0,0 +1,50 @@ +{{- if not .Values.installer.skipUsageValidation }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: validate-usage-config + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation,hook-failed + helm.sh/hook-weight: "5" +data: + values.yaml: | +{{ .Values | toYaml | indent 4 }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: validate-usage + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "10" +spec: + backoffLimit: 0 + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: validate-usage-sa + restartPolicy: Never + containers: + - name: validate-usage + image: "{{ .Values.installer.image.repository }}:{{ .Values.installer.image.tag | default .Chart.Version }}" + imagePullPolicy: {{ .Values.installer.image.pullPolicy }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: ["sh", "-c"] + args: + - | + cf account validate-usage --fail-condition=reached --subject=clusters --values /job_tmp/values.yaml --namespace ${NAMESPACE} --hook --log-level debug + volumeMounts: + - name: validate-usage-volume + mountPath: "/job_tmp" + volumes: + - name: validate-usage-volume + configMap: + name: validate-usage-config +{{- end }} diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index f79d168f..2e03566b 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -177,6 +177,8 @@ global: installer: # -- if set to true, pre-install hook will *not* run skipValidation: false + # -- if set to true, pre-install hook will *not* run + skipUsageValidation: false image: repository: quay.io/codefresh/gitops-runtime-installer tag: "" diff --git a/installer-image/Dockerfile b/installer-image/Dockerfile index f164c094..edf4c290 100644 --- a/installer-image/Dockerfile +++ b/installer-image/Dockerfile @@ -8,7 +8,7 @@ FROM debian:12.10-slim RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections -ARG CF_CLI_VERSION=v0.2.6 +ARG CF_CLI_VERSION=v0.2.7 ARG TARGETARCH RUN apt-get update && apt-get install curl jq -y