Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Add mirror helm chart and repo certificates#730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
NimRegev merged 4 commits intomasterfromon-prem-gitops-updates
Jun 15, 2023
Merged
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 54 additions & 8 deletions_docs/installation/gitops/on-prem-gitops-runtime-install.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -53,19 +53,41 @@ global:
ingress: # on-prem supports only ingress-based
enabled: true
hosts:
- codefresh.ingress-host.com ## required,should be identicaltocodefresh.url
- codefresh.ingress-host.com ## required,replace with host usedtoaccess the runtime without `https://`

app-proxy:
config:
cors: https://codefresh-onprem.com ## required,replace with host usedtoaccess runtime
cors: https://codefresh-onprem.com ## required,must be identicaltoplatform URL
```

## Mirroring Helm chart in on-premises/air-gapped environments
_After installing the GitOps On-premises Runtime_ in on-premises or air-gapped environments, you can manage it as an Argo Application to establish GitOps as the single source of truth for the Runtime. You can monitor the health and synchronization statuses of your Runtime components.

To manage the on-premises GitOps Runtime as an Argo Application, you need to:
* **Mirror** the Helm chart to a repository that can be accessed by `app-proxy`
* **Set an environment variable** in the `values` file in `.values.app-proxy` to reference the mirrored Helm repository, as shown in the example below.

{% highlight yaml %}
{% raw %}
...
app-proxy:
env:
HELM_REPOSITORY: https://codefresh-airgapped-helm-repo.s3.amazonaws.com/gitops-runtime
...
{% endraw %}
{% endhighlight %}



## Image overrides for private registries
If you use private registries, you need to override specific image values for the different subcharts and container images.

We have a utility to help override image values for GitOps Runtimes. The utility creates values files that match the structure of the subcharts, allowing you to easily replace image registries. During chart installation, you can provide these values files to override the images, as needed.
For more details, see [ArtifactHub](https://artifacthub.io/packages/helm/codefresh-gitops-runtime/gitops-runtime#using-with-private-registries---helper-utility){:target="\_blank"}.




## Argo project CRDs
If you already have Argo project CRDs on your cluster, do one of the following:
* Handle Argo projects CRDs outside of the chart (see [Argo's readme on Helm charts](https://github.com/argoproj/argo-helm/blob/main/README.md){:target="\_blank"})
Expand All@@ -87,13 +109,12 @@ kubectl label --overwrite crds $(kubectl get crd | grep argoproj.io | awk '{prin
kubectl annotate --overwrite crds $(kubectl get crd | grep argoproj.io | awk '{print $1}' | xargs) meta.helm.sh/release-name=$RELEASE
kubectl annotate --overwrite crds $(kubectl get crd | grep argoproj.io | awk '{print $1}' | xargs) meta.helm.sh/release-namespace=$NAMESPACE
```
## Custom certificates for on-premises installations
For on-premises installations, you may need to configure custom platform and repository certificates:
* **Platform** certificates are required for GitOps Runtimes to communicate with the Codefresh platform.
* **Repository** certificates are required to authenticate users to on-premises Git servers.

## Ingress controller configuration
Ingress-based on-premises GitOps Runtimes require an ingress controller to be configured before the installation. For details, see [Ingress controller configuration]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops-helm-installation/#ingress-controller-configuration).
Depending on the ingress controller used, you may need post-installation configuration as well.

## Platform certificates for on-premises installations
Configure platform certificates, required for GitOps Runtimes to communicate with the Codefresh on-premises platform.
### Platform certificates

1. Get your certificate:

Expand DownExpand Up@@ -129,3 +150,28 @@ global:
-----END CERTIFICATE-----
```


### Repository certificates
Add repository certificates to your Codefresh `values` file, in `.values.argo-cd`. These values are used by the argo-cd Codefresh deploys.
For details on adding repository certificates, see this [section](https://github.com/codefresh-io/argo-helm/blob/argo-cd-5.29.2-cap-CR-18430/charts/argo-cd/values.yaml#LL336C7-L336C7){:target="\_blank"}.


```yaml
argo-cd:
configs:
tls:
certificates:
server.example.com: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
```

## Ingress controller configuration
Ingress-based on-premises GitOps Runtimes require an ingress controller to be configured before the installation. For details, see [Ingress controller configuration]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops-helm-installation/#ingress-controller-configuration).
Depending on the ingress controller used, you may need post-installation configuration as well.


## Related articles
[Managing and monitoring GitOps Runtimes]({{site.baseurl}}/docs/installation/gitops/monitor-manage-runtimes/)
[On-premises platform architecture]({{site.baseurl}}/docs/installation/runtime-architecture/#gitops-architecture)
[8]ページ先頭
©2009-2025 Movatter.jp