diff --git a/charts/cf-runtime/Chart.yaml b/charts/cf-runtime/Chart.yaml index 34614998..34a2b8a2 100644 --- a/charts/cf-runtime/Chart.yaml +++ b/charts/cf-runtime/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for Codefresh Runner name: cf-runtime -version: 6.3.26 +version: 6.3.34 keywords: - codefresh - runner diff --git a/charts/cf-runtime/README.md b/charts/cf-runtime/README.md index adaff903..faa93a3a 100644 --- a/charts/cf-runtime/README.md +++ b/charts/cf-runtime/README.md @@ -20,6 +20,7 @@ Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/insta - [Configuration](#configuration) - [EBS backend volume configuration in AWS](#ebs-backend-volume-configuration) - [Azure Disks backend volume configuration in AKS](#azure-disks-backend-volume-configuration) + - [GCE Disks backend volume configuration in GKE](#gce-disks-backend-volume-configuration-in-gke) - [Custom volume mounts](#custom-volume-mounts) - [Custom global environment variables](#custom-global-environment-variables) - [Volume reuse policy](#volume-reuse-policy) @@ -440,6 +441,113 @@ runtime: topology.kubernetes.io/zone: northeurope-1 ``` +### GCE Disks backend volume configuration in GKE + +`dind-volume-provisioner` should have `ComputeEngine.StorageAdmin` permissions + +There are three options: + +1. Run `dind-volume-provisioner` pod on the node/node-group with IAM Service Account + +```yaml +storage: + # -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`) + backend: gcedisk + + gcedisk: + # -- Set GCP volume backend type (`pd-ssd`/`pd-standard`) + volumeType: "pd-standard" + # -- Set GCP volume availability zone + availabilityZone: "us-central1-c" + +volumeProvisioner: + # -- Set node selector + nodeSelector: {} + # -- Set tolerations + tolerations: [] + +# -- Set runtime parameters +runtime: + # -- Parameters for DinD (docker-in-docker) pod + dind: + # -- Set node selector. + nodeSelector: + topology.kubernetes.io/zone: us-central1-c +``` + +2. Pass static credentials in `.Values.storage.gcedisk.serviceAccountJson` (inline) or `.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef` (from your own secret) + +```yaml +storage: + # -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`) + backend: gcedisk + + gcedisk: + # -- Set GCP volume backend type (`pd-ssd`/`pd-standard`) + volumeType: "`pd-standard" + # -- Set GCP volume availability zone + availabilityZone: "us-central1-c" + # -- Set Google SA JSON key for volume-provisioner (optional) + serviceAccountJson: | + { + "type": "service_account", + "project_id": "...", + "private_key_id": "...", + "private_key": "...", + "client_email": "...", + "client_id": "...", + "auth_uri": "...", + "token_uri": "...", + "auth_provider_x509_cert_url": "...", + "client_x509_cert_url": "..." + } + # -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional) + serviceAccountJsonSecretKeyRef: {} + # E.g.: + # serviceAccountJsonSecretKeyRef: + # name: gce-service-account + # key: service-account.json + +# -- Set runtime parameters +runtime: + # -- Parameters for DinD (docker-in-docker) pod + dind: + # -- Set node selector. + nodeSelector: + topology.kubernetes.io/zone: us-central1-c +``` + +3. Assign IAM role to `dind-volume-provisioner` service account + +```yaml +storage: + # -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`) + backend: gcedisk + + gcedisk: + # -- Set GCP volume backend type (`pd-ssd`/`pd-standard`) + volumeType: "`pd-standard" + # -- Set GCP volume availability zone + availabilityZone: "us-central1-c" + +volumeProvisioner: + # -- Service Account parameters + serviceAccount: + # -- Create service account + create: true + # -- Additional service account annotations + annotations: + iam.gke.io/gcp-service-account: @.iam.gserviceaccount.com + +# -- Set runtime parameters +runtime: + # -- Parameters for DinD (docker-in-docker) pod + dind: + # -- Set node selector. + nodeSelector: + topology.kubernetes.io/zone: us-central1-c +``` + ### Custom global environment variables You can add your own environment variables to the runtime environment. All pipeline steps have access to the global variables. @@ -1013,10 +1121,10 @@ Go to [https:///admin/runtime-environments/system](http | runtime.accounts | list | `[]` | (for On-Premise only) Assign accounts to runtime (list of account ids) | | runtime.agent | bool | `true` | (for On-Premise only) Enable agent | | runtime.description | string | `""` | Runtime description | -| runtime.dind | object | `{"affinity":{},"env":{"DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE":"true"},"image":{"registry":"quay.io","repository":"codefresh/dind","tag":"26.0.0-1.28.6"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"pvcs":{"dind":{"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). | +| runtime.dind | object | `{"affinity":{},"env":{"DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE":"true"},"image":{"pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"26.0.0-1.28.6"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"pvcs":{"dind":{"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). | | runtime.dind.affinity | object | `{}` | Set affinity | | runtime.dind.env | object | `{"DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE":"true"}` | Set additional env vars. | -| runtime.dind.image | object | `{"registry":"quay.io","repository":"codefresh/dind","tag":"26.0.0-1.28.6"}` | Set dind image. | +| runtime.dind.image | object | `{"pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"26.0.0-1.28.6"}` | Set dind image. | | runtime.dind.nodeSelector | object | `{}` | Set node selector. | | runtime.dind.podAnnotations | object | `{}` | Set pod annotations. | | runtime.dind.podLabels | object | `{}` | Set pod labels. | @@ -1051,6 +1159,16 @@ Go to [https:///admin/runtime-environments/system](http | runtime.engine.serviceAccount | string | `"codefresh-engine"` | Set service account for pod. | | runtime.engine.tolerations | list | `[]` | Set tolerations. | | runtime.engine.userEnvVars | list | `[]` | Set extra env vars | +| runtime.engine.workflowLimits | object | `{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}` | Set workflow limits. | +| runtime.engine.workflowLimits.MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS | int | `600` | Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds. | +| runtime.engine.workflowLimits.MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION | int | `86400` | Maximum time for workflow execution; seconds. | +| runtime.engine.workflowLimits.MAXIMUM_ELECTED_STATE_AGE_ALLOWED | int | `900` | Maximum time allowed to workflow to spend in "elected" state; seconds. | +| runtime.engine.workflowLimits.MAXIMUM_RETRY_ATTEMPTS_ALLOWED | int | `20` | Maximum retry attempts allowed for workflow. | +| runtime.engine.workflowLimits.MAXIMUM_TERMINATING_STATE_AGE_ALLOWED | int | `900` | Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds. | +| runtime.engine.workflowLimits.MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE | int | `300` | Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds. | +| runtime.engine.workflowLimits.TIME_ENGINE_INACTIVE_UNTIL_TERMINATION | int | `300` | Time since the last health check report after which workflow is terminated; seconds. | +| runtime.engine.workflowLimits.TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY | int | `60` | Time since the last health check report after which the engine is considered unhealthy; seconds. | +| runtime.engine.workflowLimits.TIME_INACTIVE_UNTIL_TERMINATION | int | `2700` | Time since the last workflow logs activity after which workflow is terminated; seconds. | | runtime.gencerts | object | See below | Parameters for `gencerts-dind` post-upgrade/install hook | | runtime.inCluster | bool | `true` | (for On-Premise only) Set inCluster runtime | | runtime.patch | object | See below | Parameters for `runtime-patch` post-upgrade/install hook | diff --git a/charts/cf-runtime/README.md.gotmpl b/charts/cf-runtime/README.md.gotmpl index 9b3bdd93..b6ba58f8 100644 --- a/charts/cf-runtime/README.md.gotmpl +++ b/charts/cf-runtime/README.md.gotmpl @@ -20,6 +20,7 @@ Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/insta - [Configuration](#configuration) - [EBS backend volume configuration in AWS](#ebs-backend-volume-configuration) - [Azure Disks backend volume configuration in AKS](#azure-disks-backend-volume-configuration) + - [GCE Disks backend volume configuration in GKE](#gce-disks-backend-volume-configuration-in-gke) - [Custom volume mounts](#custom-volume-mounts) - [Custom global environment variables](#custom-global-environment-variables) - [Volume reuse policy](#volume-reuse-policy) @@ -440,6 +441,112 @@ runtime: topology.kubernetes.io/zone: northeurope-1 ``` +### GCE Disks backend volume configuration in GKE + +`dind-volume-provisioner` should have `ComputeEngine.StorageAdmin` permissions + +There are three options: + +1. Run `dind-volume-provisioner` pod on the node/node-group with IAM Service Account + +```yaml +storage: + # -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`) + backend: gcedisk + + gcedisk: + # -- Set GCP volume backend type (`pd-ssd`/`pd-standard`) + volumeType: "pd-standard" + # -- Set GCP volume availability zone + availabilityZone: "us-central1-c" + +volumeProvisioner: + # -- Set node selector + nodeSelector: {} + # -- Set tolerations + tolerations: [] + +# -- Set runtime parameters +runtime: + # -- Parameters for DinD (docker-in-docker) pod + dind: + # -- Set node selector. + nodeSelector: + topology.kubernetes.io/zone: us-central1-c +``` + +2. Pass static credentials in `.Values.storage.gcedisk.serviceAccountJson` (inline) or `.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef` (from your own secret) + +```yaml +storage: + # -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`) + backend: gcedisk + + gcedisk: + # -- Set GCP volume backend type (`pd-ssd`/`pd-standard`) + volumeType: "`pd-standard" + # -- Set GCP volume availability zone + availabilityZone: "us-central1-c" + # -- Set Google SA JSON key for volume-provisioner (optional) + serviceAccountJson: | + { + "type": "service_account", + "project_id": "...", + "private_key_id": "...", + "private_key": "...", + "client_email": "...", + "client_id": "...", + "auth_uri": "...", + "token_uri": "...", + "auth_provider_x509_cert_url": "...", + "client_x509_cert_url": "..." + } + # -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional) + serviceAccountJsonSecretKeyRef: {} + # E.g.: + # serviceAccountJsonSecretKeyRef: + # name: gce-service-account + # key: service-account.json + +# -- Set runtime parameters +runtime: + # -- Parameters for DinD (docker-in-docker) pod + dind: + # -- Set node selector. + nodeSelector: + topology.kubernetes.io/zone: us-central1-c +``` + +3. Assign IAM role to `dind-volume-provisioner` service account + +```yaml +storage: + # -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`) + backend: gcedisk + + gcedisk: + # -- Set GCP volume backend type (`pd-ssd`/`pd-standard`) + volumeType: "`pd-standard" + # -- Set GCP volume availability zone + availabilityZone: "us-central1-c" + +volumeProvisioner: + # -- Service Account parameters + serviceAccount: + # -- Create service account + create: true + # -- Additional service account annotations + annotations: + iam.gke.io/gcp-service-account: @.iam.gserviceaccount.com + +# -- Set runtime parameters +runtime: + # -- Parameters for DinD (docker-in-docker) pod + dind: + # -- Set node selector. + nodeSelector: + topology.kubernetes.io/zone: us-central1-c +``` ### Custom global environment variables diff --git a/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml b/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml index 5ece4cd9..e1f5dfe6 100644 --- a/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml +++ b/charts/cf-runtime/templates/_components/volume-provisioner/_env-vars.yaml @@ -34,7 +34,7 @@ AWS_SECRET_ACCESS_KEY: {{- end }} {{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }} -GOOGLE_APPLICATION_CREDENTIALS: /etc/dind-volume-provisioner/credentials/google-service-account.json +GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }} {{- end }} {{- if and .Values.storage.mountAzureJson }} @@ -62,7 +62,7 @@ CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json optional: true {{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }} - name: credentials - secrete: + secret: secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }} optional: true {{- end }} @@ -85,4 +85,4 @@ CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json readOnly: true mountPath: "/etc/kubernetes/azure.json" {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cf-runtime/templates/_components/volume-provisioner/_secret.yaml b/charts/cf-runtime/templates/_components/volume-provisioner/_secret.yaml index 9da7987b..f361a799 100644 --- a/charts/cf-runtime/templates/_components/volume-provisioner/_secret.yaml +++ b/charts/cf-runtime/templates/_components/volume-provisioner/_secret.yaml @@ -9,7 +9,8 @@ metadata: {{- include "dind-volume-provisioner.labels" . | nindent 4 }} stringData: {{- with .Values.storage.gcedisk.serviceAccountJson }} - google-service-account.json: {{ . }} + google-service-account.json: | +{{- . | nindent 4 }} {{- end }} {{- with .Values.storage.ebs.accessKeyId }} aws_access_key_id: {{ . }} diff --git a/charts/cf-runtime/templates/runtime/runtime-env-spec-tmpl.yaml b/charts/cf-runtime/templates/runtime/runtime-env-spec-tmpl.yaml index f55a04d5..ce517fd3 100644 --- a/charts/cf-runtime/templates/runtime/runtime-env-spec-tmpl.yaml +++ b/charts/cf-runtime/templates/runtime/runtime-env-spec-tmpl.yaml @@ -13,6 +13,7 @@ runtimeScheduler: {{- if $engineContext.image }} image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }} {{- end }} + imagePullPolicy: {{ $engineContext.image.pullPolicy }} {{- with $engineContext.command }} command: {{- toYaml . | nindent 4 }} {{- end }} @@ -37,7 +38,7 @@ runtimeScheduler: userEnvVars: {{- toYaml . | nindent 4 }} {{- end }} {{- with $engineContext.workflowLimits }} - workflowLimits: {{ toYaml . | nindent 4 }} + workflowLimits: {{- toYaml . | nindent 4 }} {{- end }} cluster: namespace: {{ .Release.Namespace }} @@ -85,6 +86,7 @@ dockerDaemonScheduler: {{- if $dindContext.image }} dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }} {{- end }} + imagePullPolicy: {{ $dindContext.image.pullPolicy }} {{- with $dindContext.userAccess }} userAccess: {{ . }} {{- end }} @@ -192,4 +194,4 @@ appProxy: {{- if not .Values.runtime.agent }} systemHybrid: true {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/cf-runtime/tests/private-registry/private_registry_test.yaml b/charts/cf-runtime/tests/private-registry/private_registry_test.yaml index 13bb32df..1f600d9a 100644 --- a/charts/cf-runtime/tests/private-registry/private_registry_test.yaml +++ b/charts/cf-runtime/tests/private-registry/private_registry_test.yaml @@ -32,14 +32,17 @@ tests: runtimeScheduler: type: KubernetesPod image: 'somedomain.io/codefresh/engine:tagoverride' + imagePullPolicy: IfNotPresent command: - npm - run - start envVars: CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: '1000' + FORCE_COMPOSE_SERIAL_PULL: 'false' LOGGER_LEVEL: 'debug' LOG_OUTGOING_HTTP_REQUESTS: 'false' + METRICS_PROMETHEUS_ENABLED: 'true' COMPOSE_IMAGE: 'somedomain.io/codefresh/compose:tagoverride' CONTAINER_LOGGER_IMAGE: 'somedomain.io/codefresh/cf-container-logger:tagoverride' DOCKER_BUILDER_IMAGE: 'somedomain.io/codefresh/cf-docker-builder:tagoverride' @@ -51,6 +54,16 @@ tests: KUBE_DEPLOY: 'somedomain.io/codefresh/cf-deploy-kubernetes:tagoverride' PIPELINE_DEBUGGER_IMAGE: 'somedomain.io/codefresh/cf-debugger:tagoverride' TEMPLATE_ENGINE: 'somedomain.io/codefresh/pikolo:tagoverride' + workflowLimits: + MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600 + MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400 + MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900 + MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20 + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900 + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300 + TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300 + TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60 + TIME_INACTIVE_UNTIL_TERMINATION: 2700 cluster: namespace: codefresh serviceAccount: codefresh-engine @@ -67,6 +80,7 @@ tests: dockerDaemonScheduler: type: DindKubernetesPod dindImage: 'somedomain.io/codefresh/dind:tagoverride' + imagePullPolicy: IfNotPresent userAccess: true envVars: DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: 'true' diff --git a/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml b/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml index 93027c5c..4c9e03f1 100644 --- a/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml +++ b/charts/cf-runtime/tests/runtime/runtime_onprem_test.yaml @@ -39,6 +39,7 @@ tests: runtimeScheduler: type: KubernetesPod image: 'quay.io/codefresh/engine:tagoverride' + imagePullPolicy: IfNotPresent command: - one - two @@ -46,6 +47,8 @@ tests: envVars: CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: '1000' FOO: 'BAR' + FORCE_COMPOSE_SERIAL_PULL: 'false' + LOG_OUTGOING_HTTP_REQUESTS: 'false' LOGGER_LEVEL: 'debug' LOG_OUTGOING_HTTP_REQUESTS: 'false' COMPOSE_IMAGE: 'quay.io/codefresh/compose:tagoverride' @@ -59,6 +62,16 @@ tests: KUBE_DEPLOY: 'quay.io/codefresh/cf-deploy-kubernetes:tagoverride' PIPELINE_DEBUGGER_IMAGE: 'quay.io/codefresh/cf-debugger:tagoverride' TEMPLATE_ENGINE: 'quay.io/codefresh/pikolo:tagoverride' + workflowLimits: + MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600 + MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400 + MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900 + MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20 + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900 + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300 + TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300 + TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60 + TIME_INACTIVE_UNTIL_TERMINATION: 2700 cluster: namespace: codefresh serviceAccount: service-account-override @@ -92,6 +105,7 @@ tests: dockerDaemonScheduler: type: DindKubernetesPod dindImage: 'quay.io/codefresh/dind:tagoverride' + imagePullPolicy: IfNotPresent userAccess: true envVars: ALICE: 'BOB' diff --git a/charts/cf-runtime/tests/runtime/runtime_test.yaml b/charts/cf-runtime/tests/runtime/runtime_test.yaml index 50b0aaeb..530062fc 100644 --- a/charts/cf-runtime/tests/runtime/runtime_test.yaml +++ b/charts/cf-runtime/tests/runtime/runtime_test.yaml @@ -40,6 +40,7 @@ tests: runtimeScheduler: type: KubernetesPod image: 'quay.io/codefresh/engine:tagoverride' + imagePullPolicy: Always command: - one - two @@ -48,6 +49,8 @@ tests: CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: '1000' FOO: 'BAR' LOGGER_LEVEL: 'debug' + FORCE_COMPOSE_SERIAL_PULL: 'false' + LOG_OUTGOING_HTTP_REQUESTS: 'false' LOG_OUTGOING_HTTP_REQUESTS: 'false' COMPOSE_IMAGE: 'quay.io/codefresh/compose:tagoverride' CONTAINER_LOGGER_IMAGE: 'quay.io/codefresh/cf-container-logger:tagoverride' @@ -66,6 +69,16 @@ tests: secretKeyRef: key: token name: alice-secret + workflowLimits: + MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600 + MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400 + MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900 + MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20 + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900 + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300 + TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300 + TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60 + TIME_INACTIVE_UNTIL_TERMINATION: 2700 cluster: namespace: codefresh serviceAccount: service-account-override @@ -102,6 +115,7 @@ tests: dockerDaemonScheduler: type: DindKubernetesPod dindImage: 'quay.io/codefresh/dind:tagoverride' + imagePullPolicy: Always userAccess: true envVars: ALICE: 'BOB' diff --git a/charts/cf-runtime/tests/runtime/runtime_values.yaml b/charts/cf-runtime/tests/runtime/runtime_values.yaml index 57758dc0..1616e21a 100644 --- a/charts/cf-runtime/tests/runtime/runtime_values.yaml +++ b/charts/cf-runtime/tests/runtime/runtime_values.yaml @@ -2,6 +2,7 @@ runtime: dind: image: tag: tagoverride + pullPolicy: Always resources: requests: null limits: @@ -51,6 +52,7 @@ runtime: engine: image: tag: tagoverride + pullPolicy: Always command: - one - two @@ -102,4 +104,4 @@ runtime: key: codefresh.io operator: Equal value: engine - serviceAccount: service-account-override \ No newline at end of file + serviceAccount: service-account-override diff --git a/charts/cf-runtime/values.yaml b/charts/cf-runtime/values.yaml index d4134642..229f67b9 100644 --- a/charts/cf-runtime/values.yaml +++ b/charts/cf-runtime/values.yaml @@ -432,6 +432,7 @@ runtime: registry: quay.io repository: codefresh/dind tag: 26.0.0-1.28.6 # use `latest-rootless/rootless/26.0.0-1.28.6-rootless` tags for rootless-dind + pullPolicy: IfNotPresent # -- Set dind resources. resources: requests: null @@ -500,7 +501,8 @@ runtime: image: registry: quay.io repository: codefresh/engine - tag: 1.169.12 + tag: 1.170.0 + pullPolicy: IfNotPresent # -- Set container command. command: - npm @@ -518,9 +520,9 @@ runtime: # @default -- See below. runtimeImages: COMPOSE_IMAGE: quay.io/codefresh/compose:v2.20.3-1.4.0 - CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.10.3 + CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.4 DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.11 - DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.16 + DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.17 DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.15 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.13 FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3 @@ -534,10 +536,34 @@ runtime: env: # -- Interval to check the exec status in the container-logger CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000 + # -- If "true", composition images will be pulled sequentially + FORCE_COMPOSE_SERIAL_PULL: false # -- Level of logging for engine LOGGER_LEVEL: debug # -- Enable debug-level logging of outgoing HTTP/HTTPS requests LOG_OUTGOING_HTTP_REQUESTS: false + # -- Enable emitting metrics from engine + METRICS_PROMETHEUS_ENABLED: true + # -- Set workflow limits. + workflowLimits: + # -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds. + MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600 + # -- Maximum time for workflow execution; seconds. + MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400 + # -- Maximum time allowed to workflow to spend in "elected" state; seconds. + MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900 + # -- Maximum retry attempts allowed for workflow. + MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20 + # -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds. + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900 + # -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds. + MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300 + # -- Time since the last health check report after which workflow is terminated; seconds. + TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300 + # -- Time since the last health check report after which the engine is considered unhealthy; seconds. + TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60 + # -- Time since the last workflow logs activity after which workflow is terminated; seconds. + TIME_INACTIVE_UNTIL_TERMINATION: 2700 # -- Set pod annotations. podAnnotations: {} # -- Set pod labels.