You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Add mirror helm chart and repo certificates (#730)
* Add mirror helm chart and repo certificates* Update on-prem-gitops-runtime-install.mdChanged link to repo certificate example; added related articles* Update on-prem-gitops-runtime-install.mdAdded to mirroring section that it is required post install and reason* Update on-prem-gitops-runtime-install.mdRewrote mirror section and added value of configuring as argo app
Copy file name to clipboardExpand all lines: _docs/installation/gitops/on-prem-gitops-runtime-install.md
+54-8Lines changed: 54 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,19 +53,41 @@ global:
53
53
ingress:# on-prem supports only ingress-based
54
54
enabled:true
55
55
hosts:
56
-
-codefresh.ingress-host.com## required,should be identicaltocodefresh.url
56
+
-codefresh.ingress-host.com## required,replace with host usedtoaccess the runtime without `https://`
57
57
58
58
app-proxy:
59
59
config:
60
-
cors:https://codefresh-onprem.com## required,replace with host usedtoaccess runtime
60
+
cors:https://codefresh-onprem.com## required,must be identicaltoplatform URL
61
61
```
62
62
63
+
## Mirroring Helm chart in on-premises/air-gapped environments
64
+
_After installing the GitOps On-premises Runtime_ in on-premises or air-gapped environments, you can manage it as an Argo Application to establish GitOps as the single source of truth for the Runtime. You can monitor the health and synchronization statuses of your Runtime components.
65
+
66
+
To manage the on-premises GitOps Runtime as an Argo Application, you need to:
67
+
* **Mirror** the Helm chart to a repository that can be accessed by`app-proxy`
68
+
* **Set an environment variable** in the `values` file in `.values.app-proxy` to reference the mirrored Helm repository, as shown in the example below.
If you use private registries, you need to override specific image values for the different subcharts and container images.
84
+
65
85
We have a utility to help override image values for GitOps Runtimes. The utility creates values files that match the structure of the subcharts, allowing you to easily replace image registries. During chart installation, you can provide these values files to override the images, as needed.
66
86
For more details, see [ArtifactHub](https://artifacthub.io/packages/helm/codefresh-gitops-runtime/gitops-runtime#using-with-private-registries---helper-utility){:target="\_blank"}.
67
87
68
88
89
+
90
+
69
91
## Argo project CRDs
70
92
If you already have Argo project CRDs on your cluster, do one of the following:
71
93
* Handle Argo projects CRDs outside of the chart (see [Argo's readme on Helm charts](https://github.com/argoproj/argo-helm/blob/main/README.md){:target="\_blank"})
## Custom certificates for on-premises installations
113
+
For on-premises installations, you may need to configure custom platform and repository certificates:
114
+
* **Platform** certificates are required for GitOps Runtimes to communicate with the Codefresh platform.
115
+
* **Repository** certificates are required to authenticate users to on-premises Git servers.
90
116
91
-
## Ingress controller configuration
92
-
Ingress-based on-premises GitOps Runtimes require an ingress controller to be configured before the installation. For details, see [Ingress controller configuration]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops-helm-installation/#ingress-controller-configuration).
93
-
Depending on the ingress controller used, you may need post-installation configuration as well.
94
-
95
-
## Platform certificates for on-premises installations
96
-
Configure platform certificates, required for GitOps Runtimes to communicate with the Codefresh on-premises platform.
117
+
### Platform certificates
97
118
98
119
1. Get your certificate:
99
120
@@ -129,3 +150,28 @@ global:
129
150
-----END CERTIFICATE-----
130
151
```
131
152
153
+
154
+
### Repository certificates
155
+
Add repository certificates to your Codefresh`values` file, in `.values.argo-cd`. These values are used by the argo-cd Codefresh deploys.
156
+
For details on adding repository certificates, see this [section](https://github.com/codefresh-io/argo-helm/blob/argo-cd-5.29.2-cap-CR-18430/charts/argo-cd/values.yaml#LL336C7-L336C7){:target="\_blank"}.
157
+
158
+
159
+
```yaml
160
+
argo-cd:
161
+
configs:
162
+
tls:
163
+
certificates:
164
+
server.example.com: |
165
+
-----BEGIN CERTIFICATE-----
166
+
...
167
+
-----END CERTIFICATE-----
168
+
```
169
+
170
+
## Ingress controller configuration
171
+
Ingress-based on-premises GitOps Runtimes require an ingress controller to be configured before the installation. For details, see [Ingress controller configuration]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops-helm-installation/#ingress-controller-configuration).
172
+
Depending on the ingress controller used, you may need post-installation configuration as well.
173
+
174
+
175
+
## Related articles
176
+
[Managing and monitoring GitOps Runtimes]({{site.baseurl}}/docs/installation/gitops/monitor-manage-runtimes/)