From 1f7744fcfb7692663b03450936852ab9d6a95cc4 Mon Sep 17 00:00:00 2001 From: Rui Yang Date: Mon, 18 Dec 2023 15:07:49 -0500 Subject: [PATCH 01/16] add CONCOURSE_AWS_SSM_SHARED_PATH env var Signed-off-by: Rui Yang --- templates/web-deployment.yaml | 4 ++++ values.yaml | 3 +++ 2 files changed, 7 insertions(+) diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml index 6c4c7b5..ae749be 100644 --- a/templates/web-deployment.yaml +++ b/templates/web-deployment.yaml @@ -577,6 +577,10 @@ spec: - name: CONCOURSE_AWS_SSM_TEAM_SECRET_TEMPLATE value: {{ .Values.concourse.web.awsSsm.teamSecretTemplate | quote }} {{- end }} + {{- if.Values.concourse.web.awsSsm.sharedPath }} + - name: CONCOURSE_AWS_SSM_SHARED_PATH + value: {{ .Values.concourse.web.awsSsm.sharedPath | quote }} + {{- end }} {{- end }} {{- if .Values.concourse.web.vault.enabled }} - name: CONCOURSE_VAULT_URL diff --git a/values.yaml b/values.yaml index c50cefc..f58c80e 100644 --- a/values.yaml +++ b/values.yaml @@ -583,6 +583,9 @@ concourse: ## teamSecretTemplate: /concourse/{{.Team}}/{{.Secret}} + ## Path under which to lookup shared credentials. + ## + sharedPath: ## Configuration for using Vault as a credential manager. ## Ref: https://concourse-ci.org/creds.html#vault From d449a5fc7b1ac99e9c51c81691422de6d0ee6027 Mon Sep 17 00:00:00 2001 From: Jennifer Moore Date: Fri, 16 Feb 2024 11:07:15 -0600 Subject: [PATCH 02/16] Add Vault token path config option Signed-off-by: Jennifer Moore --- templates/web-deployment.yaml | 6 +++++- values.yaml | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml index 6c4c7b5..5c6ec7f 100644 --- a/templates/web-deployment.yaml +++ b/templates/web-deployment.yaml @@ -603,13 +603,17 @@ spec: - name: CONCOURSE_VAULT_CA_CERT value: "{{ .Values.web.vaultSecretsPath }}/ca.cert" {{- end }} - {{- if eq .Values.concourse.web.vault.authBackend "token" }} + {{- if eq .Values.concourse.web.vault.authBackend "token" and eq .Values.concourse.web.vault.tokenPath ""}} - name: CONCOURSE_VAULT_CLIENT_TOKEN valueFrom: secretKeyRef: name: {{ template "concourse.web.fullname" . }} key: vault-client-token {{- end }} + {{- if not eq .Values.concourse.web.vault.tokenPath ""}} + - name: CONCOURSE_VAULT_CLIENT_TOKEN_PATH + value: "{{ .Values.concourse.web.vault.tokenPath | quote }}" + {{- end }} {{- if eq .Values.concourse.web.vault.authBackend "cert" }} - name: CONCOURSE_VAULT_CLIENT_CERT value: "{{ .Values.web.vaultSecretsPath }}/client.cert" diff --git a/values.yaml b/values.yaml index c50cefc..2558425 100644 --- a/values.yaml +++ b/values.yaml @@ -628,6 +628,13 @@ concourse: ## authBackend: "" + ## Path to file containing a Vault authentication token. This is particularly useful in + ## combination with the Vault Agent sidecar. + ## + ## Example: /vault/secrets/token + ## + tokenPath: "" + ## if the Vault authentication backend requires params from secrets, set this to true, ## and provide a value in secrets (field `vault-client-auth-param`). ## From 78fa2e7aea5f66823cd2bd2fbed9c055dce3e625 Mon Sep 17 00:00:00 2001 From: Jennifer Moore Date: Fri, 16 Feb 2024 11:21:26 -0600 Subject: [PATCH 03/16] Document Vault token path in readme Signed-off-by: Jennifer Moore --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b919d27..ccdd3bf 100644 --- a/README.md +++ b/README.md @@ -250,6 +250,7 @@ The following table lists the configurable parameters of the Concourse chart and | `web.tlsSecretsPath` | Where in the container the web TLS secrets should be mounted | `/concourse-web-tls` | | `web.tolerations` | Tolerations for the web nodes | `[]` | | `web.vaultSecretsPath` | Specify the mount directory of the web vault secrets | `/concourse-vault` | +| `web.vault.tokenPath` | Specify the path to a file containing a vault client authentication token | `nil` | | `worker.additionalAffinities` | Additional affinities to apply to worker pods. E.g: node affinity | `{}` | | `worker.additionalVolumeMounts` | VolumeMounts to be added to the worker pods | `nil` | | `worker.additionalPorts` | Additional ports to be added to worker pods | `[]` | From 8743cf614cde35d3cfaccd16cba410b58396a39e Mon Sep 17 00:00:00 2001 From: Taylor Silva Date: Sun, 25 Feb 2024 18:32:48 -0500 Subject: [PATCH 04/16] add containerd IPv6 env vars From https://github.com/concourse/concourse/pull/8801 Signed-off-by: Taylor Silva --- templates/_helpers.tpl | 12 ++++++++++++ values.yaml | 17 +++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 15f6147..ee1145b 100755 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -296,6 +296,18 @@ Return concourse environment variables for worker configuration - name: CONCOURSE_CONTAINERD_NETWORK_POOL value: {{ .Values.concourse.worker.containerd.networkPool | quote }} {{- end }} +{{- if .Values.concourse.worker.containerd.ipv6.enabled }} +- name: CONCOURSE_CONTAINERD_V6_ENABLE + value: {{ .Values.concourse.worker.containerd.ipv6.enabled | quote }} +{{- end }} +{{- if .Values.concourse.worker.containerd.ipv6.pool }} +- name: CONCOURSE_CONTAINERD_V6_POOL + value: {{ .Values.concourse.worker.containerd.ipv6.pool | quote }} +{{- end }} +{{- if .Values.concourse.worker.containerd.ipv6.disableMasquerade }} +- name: CONCOURSE_CONTAINERD_V6_DISABLE_MASQUERADE + value: {{ .Values.concourse.worker.containerd.ipv6.disableMasquerade | quote }} +{{- end }} {{- if .Values.concourse.worker.containerd.requestTimeout }} - name: CONCOURSE_CONTAINERD_REQUEST_TIMEOUT value: {{ .Values.concourse.worker.containerd.requestTimeout | quote }} diff --git a/values.yaml b/values.yaml index c50cefc..4056067 100644 --- a/values.yaml +++ b/values.yaml @@ -1799,10 +1799,23 @@ concourse: ## Maximum container capacity. 0 means no limit. Defaults to 250. maxContainers: - ## Network range to use for dynamically allocated container subnets, defaults to "10.80.0.0/16" - ## + ## Network range to use for dynamically allocated container subnets + ## defaults to "10.80.0.0/16" networkPool: + ## Enable and configure IPv6 for containers on the worker + ipv6: + + ## Enables IPv6 networking in the Containerd CNI + enabled: false + + ## Network range to use for dynamically allocated container + ## subnets, defaults to "fd9c:31a6:c759::/64" + pool: + + ## Disables masquerading of container traffic with the workers address + disableMasquerade: + ## Time to wait for requests to Containerd to complete. 0 means no timeout. requestTimeout: From 058dfa7d86e7c25f6f1f4994521141712575cb96 Mon Sep 17 00:00:00 2001 From: Jennifer Moore Date: Thu, 29 Feb 2024 16:49:35 -0600 Subject: [PATCH 05/16] Simplify token path template options Signed-off-by: Jennifer Moore --- templates/web-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml index 5c6ec7f..cef6b3a 100644 --- a/templates/web-deployment.yaml +++ b/templates/web-deployment.yaml @@ -603,14 +603,14 @@ spec: - name: CONCOURSE_VAULT_CA_CERT value: "{{ .Values.web.vaultSecretsPath }}/ca.cert" {{- end }} - {{- if eq .Values.concourse.web.vault.authBackend "token" and eq .Values.concourse.web.vault.tokenPath ""}} + {{- if eq .Values.concourse.web.vault.authBackend "token" and not .Values.concourse.web.vault.tokenPath }} - name: CONCOURSE_VAULT_CLIENT_TOKEN valueFrom: secretKeyRef: name: {{ template "concourse.web.fullname" . }} key: vault-client-token {{- end }} - {{- if not eq .Values.concourse.web.vault.tokenPath ""}} + {{- if .Values.concourse.web.vault.tokenPath }} - name: CONCOURSE_VAULT_CLIENT_TOKEN_PATH value: "{{ .Values.concourse.web.vault.tokenPath | quote }}" {{- end }} From 09761edea85e8a755d7947dccd18e3b0cd1ff178 Mon Sep 17 00:00:00 2001 From: Taylor Silva Date: Sun, 13 Oct 2024 20:27:42 -0400 Subject: [PATCH 06/16] make containerd the default runtime when setting up the topgun tests to run on Linode's k8s I found that the guardian runtime didn't work because the OS Linode uses for k8s has cgroups v1 disabled already Signed-off-by: Taylor Silva --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 276c54c..b4fb50c 100644 --- a/values.yaml +++ b/values.yaml @@ -1715,7 +1715,7 @@ concourse: ## Runtime to use with the worker. Possible values: guardian, containerd, houdini. ## Please note that Houdini is insecure and doesn't run 'tasks' in containers. - runtime: + runtime: containerd tsa: From 3fa18048ee2148ece797c714e4ab3e1cd435e8d4 Mon Sep 17 00:00:00 2001 From: Taylor Silva Date: Tue, 15 Oct 2024 21:33:20 -0400 Subject: [PATCH 07/16] Add CONCOURSE_POSTGRES_BINARY_PARAMETERS Signed-off-by: Taylor Silva --- templates/_helpers.tpl | 4 ++++ templates/web-deployment.yaml | 2 +- values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index d5f3e99..b95ea9a 100755 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -497,5 +497,9 @@ Return concourse environment variables for postgresql configuration - name: CONCOURSE_POSTGRES_DATABASE value: {{ .Values.concourse.web.postgres.database | quote }} {{- end }} +{{- if .Values.concourse.web.postgres.binaryParameter }} +- name: CONCOURSE_POSTGRES_BINARY_PARAMETERS + value: {{ .Values.concourse.web.postgres.binaryParameter | quote }} +{{- end }} {{- end -}} {{- end -}} diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml index fa22154..d0920b4 100644 --- a/templates/web-deployment.yaml +++ b/templates/web-deployment.yaml @@ -65,7 +65,7 @@ spec: {{- if .Values.web.securityContext }} securityContext: {{- toYaml .Values.web.securityContext | nindent 12 }} - {{- end }} + {{- end }} env: {{- include "concourse.postgresql.env" . | indent 12 }} volumeMounts: diff --git a/values.yaml b/values.yaml index b4fb50c..0b71a8c 100644 --- a/values.yaml +++ b/values.yaml @@ -495,6 +495,10 @@ concourse: ## database: atc + ## Whether or not to use the binary_parameter option + ## + binaryParameter: false + kubernetes: ## Enable the use of Kubernetes Secrets as the credential provider for From bdf30bbf9a771d6f9116508396b6aa70318900fa Mon Sep 17 00:00:00 2001 From: Taylor Silva Date: Tue, 15 Oct 2024 21:35:11 -0400 Subject: [PATCH 08/16] add CONCOURSE_RESOURCE_TYPE_CHECKING_INTERVAL Signed-off-by: Taylor Silva --- templates/web-deployment.yaml | 4 ++++ values.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml index d0920b4..0e379eb 100644 --- a/templates/web-deployment.yaml +++ b/templates/web-deployment.yaml @@ -395,6 +395,10 @@ spec: - name: CONCOURSE_RESOURCE_CHECKING_INTERVAL value: {{ .Values.concourse.web.resourceCheckingInterval | quote }} {{- end }} + {{- if .Values.concourse.web.resourceTypeCheckingInterval }} + - name: CONCOURSE_RESOURCE_TYPE_CHECKING_INTERVAL + value: {{ .Values.concourse.web.resourceTypeCheckingInterval | quote }} + {{- end }} {{- if .Values.concourse.web.resourceWithWebhookCheckingInterval }} - name: CONCOURSE_RESOURCE_WITH_WEBHOOK_CHECKING_INTERVAL value: {{ .Values.concourse.web.resourceWithWebhookCheckingInterval | quote }} diff --git a/values.yaml b/values.yaml index 0b71a8c..dd7124b 100644 --- a/values.yaml +++ b/values.yaml @@ -305,6 +305,10 @@ concourse: ## resourceCheckingInterval: 1m + ## Interval on which to check for new versions of resource types. + ## + resourceCheckingInterval: 1m + ## Interval on which to check for new versions of any resources that have ## configured a webhook token ## From e1eb45cc64a5f17a4f09db0e09bcaa36ec0225b7 Mon Sep 17 00:00:00 2001 From: Taylor Silva Date: Sun, 20 Oct 2024 20:54:29 -0400 Subject: [PATCH 09/16] add more details about the binary_parameter option Signed-off-by: Taylor Silva --- values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index dd7124b..ea763e9 100644 --- a/values.yaml +++ b/values.yaml @@ -499,7 +499,8 @@ concourse: ## database: atc - ## Whether or not to use the binary_parameter option + ## Whether to use the binary_parameter option from the lib/pq driver that + ## Concourse uses to connect to PostgreSQL ## binaryParameter: false From d12648a35747284a25737a168cead8ff94aad796 Mon Sep 17 00:00:00 2001 From: CI Bot Date: Fri, 15 Nov 2024 20:14:52 +0000 Subject: [PATCH 10/16] bump app version and image tag Signed-off-by: CI Bot --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 8ed0af2..1753d25 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: concourse type: application version: 17.2.1 -appVersion: 7.11.0 +appVersion: 7.12.0 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 keywords: diff --git a/README.md b/README.md index ccdd3bf..2ba4afa 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ The following table lists the configurable parameters of the Concourse chart and | `imageDigest` | Specific image digest to use in place of a tag. | `nil` | | `imagePullPolicy` | Concourse image pull policy | `IfNotPresent` | | `imagePullSecrets` | Array of imagePullSecrets in the namespace for pulling images | `[]` | -| `imageTag` | Concourse image version | `7.11.0` | +| `imageTag` | Concourse image version | `7.12.0` | | `image` | Concourse image | `concourse/concourse` | | `nameOverride` | Provide a name in place of `concourse` for `app:` labels | `nil` | | `persistence.enabled` | Enable Concourse persistence using Persistent Volume Claims | `true` | diff --git a/values.yaml b/values.yaml index ea763e9..02b80ae 100644 --- a/values.yaml +++ b/values.yaml @@ -21,7 +21,7 @@ image: concourse/concourse ## of `concourse/concourse`. ## Ref: https://hub.docker.com/r/concourse/concourse/tags/ ## -imageTag: "7.11.0" +imageTag: "7.12.0" ## Specific image digest to use in place of a tag. ## Ref: https://kubernetes.io/docs/concepts/configuration/overview/#container-images From 8f784864b03062421d9d8ea91f699dd1e558946f Mon Sep 17 00:00:00 2001 From: CI Bot Date: Fri, 15 Nov 2024 20:19:41 +0000 Subject: [PATCH 11/16] bump chart version Signed-off-by: CI Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 1753d25..6a10fdf 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: concourse type: application -version: 17.2.1 +version: 17.4.0 appVersion: 7.12.0 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 From e3f8dad533245dc53b452ba80658a676da80e4e1 Mon Sep 17 00:00:00 2001 From: CI Bot Date: Wed, 18 Dec 2024 14:48:25 +0000 Subject: [PATCH 12/16] bump postgres version Signed-off-by: CI Bot --- Chart.lock | 6 +++--- Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Chart.lock b/Chart.lock index 726f13f..65746e8 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 11.9.8 -digest: sha256:2ade0110105c9a1cb864c813473cdbfddb4eee4c9bbf79dee9a4da90fe82bb44 -generated: "2022-10-08T15:03:27.191417208Z" + version: 16.3.2 +digest: sha256:913828a3b53fb4f5a9730250296bc1fd159f5f7cb5dbb972e92d90958ed81ecb +generated: "2024-12-18T14:48:15.95980588Z" diff --git a/Chart.yaml b/Chart.yaml index 6a10fdf..334143e 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ sources: - https://github.com/concourse/concourse dependencies: - name: postgresql - version: 11.9.8 + version: 16.3.2 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled maintainers: From 8dd774cf2f21b5be9c54eaa74cd4db2269868ce1 Mon Sep 17 00:00:00 2001 From: CI Bot Date: Thu, 19 Dec 2024 19:23:11 +0000 Subject: [PATCH 13/16] bump chart version Signed-off-by: CI Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 334143e..f303a4b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: concourse type: application -version: 17.4.0 +version: 18.0.0 appVersion: 7.12.0 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 From dbb2fe6c26a548b315b8bcaf882af6d94102bbdf Mon Sep 17 00:00:00 2001 From: Claus-Theodor Riegg Date: Thu, 9 Jan 2025 11:43:54 +0100 Subject: [PATCH 14/16] fix vault conditional for web-deployment --- templates/web-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml index 0e379eb..c1981cb 100644 --- a/templates/web-deployment.yaml +++ b/templates/web-deployment.yaml @@ -611,7 +611,7 @@ spec: - name: CONCOURSE_VAULT_CA_CERT value: "{{ .Values.web.vaultSecretsPath }}/ca.cert" {{- end }} - {{- if eq .Values.concourse.web.vault.authBackend "token" and not .Values.concourse.web.vault.tokenPath }} + {{- if and (eq .Values.concourse.web.vault.authBackend "token") (not .Values.concourse.web.vault.tokenPath) }} - name: CONCOURSE_VAULT_CLIENT_TOKEN valueFrom: secretKeyRef: From de76613bcf56da5074e56e999bc167e1f79f3584 Mon Sep 17 00:00:00 2001 From: CI Bot Date: Thu, 6 Feb 2025 21:44:49 +0000 Subject: [PATCH 15/16] bump app version and image tag Signed-off-by: CI Bot --- Chart.yaml | 2 +- README.md | 2 +- values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index f303a4b..75862de 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: concourse type: application version: 18.0.0 -appVersion: 7.12.0 +appVersion: 7.12.1 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 keywords: diff --git a/README.md b/README.md index 2ba4afa..ef2ee4b 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ The following table lists the configurable parameters of the Concourse chart and | `imageDigest` | Specific image digest to use in place of a tag. | `nil` | | `imagePullPolicy` | Concourse image pull policy | `IfNotPresent` | | `imagePullSecrets` | Array of imagePullSecrets in the namespace for pulling images | `[]` | -| `imageTag` | Concourse image version | `7.12.0` | +| `imageTag` | Concourse image version | `7.12.1` | | `image` | Concourse image | `concourse/concourse` | | `nameOverride` | Provide a name in place of `concourse` for `app:` labels | `nil` | | `persistence.enabled` | Enable Concourse persistence using Persistent Volume Claims | `true` | diff --git a/values.yaml b/values.yaml index 02b80ae..46e3def 100644 --- a/values.yaml +++ b/values.yaml @@ -21,7 +21,7 @@ image: concourse/concourse ## of `concourse/concourse`. ## Ref: https://hub.docker.com/r/concourse/concourse/tags/ ## -imageTag: "7.12.0" +imageTag: "7.12.1" ## Specific image digest to use in place of a tag. ## Ref: https://kubernetes.io/docs/concepts/configuration/overview/#container-images From 07c89c54842ee646d789770612dbd507876253bd Mon Sep 17 00:00:00 2001 From: CI Bot Date: Thu, 6 Feb 2025 22:05:05 +0000 Subject: [PATCH 16/16] bump chart version Signed-off-by: CI Bot --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 75862de..0088980 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: concourse type: application -version: 18.0.0 +version: 18.0.1 appVersion: 7.12.1 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479