From 3e5004f572167e7b28eca76600e4cfcc9416f7b3 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 11 Dec 2025 09:17:40 +0200 Subject: [PATCH 01/14] added annotation to app proxy deployment so it wont get deleted during argo deletion --- .../templates/_components/cap-app-proxy/_deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml index e00a55bb2..74bf68dbc 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml @@ -3,6 +3,8 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "cap-app-proxy.fullname" . }} + annotations: + argocd.argoproj.io/sync-options: Delete=false labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} spec: From ad38b8155019fe9f2684df2b014244b20a18c28e Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 14 Dec 2025 12:49:35 +0200 Subject: [PATCH 02/14] added annotation to argo controller --- charts/gitops-runtime/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 22ff23e99..0d4712947 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -290,6 +290,9 @@ argo-cd: params: server.insecure: true application.namespaces: 'cf-*' + controller: + statefulsetAnnotations: + argocd.argoproj.io/sync-options: "Delete=false" #----------------------------------------------------------------------------------------------------------------------- # Argo Events #----------------------------------------------------------------------------------------------------------------------- From 7b5551bddbad50b80fc5cdf87bb8384b0b4054b5 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 14 Dec 2025 14:12:14 +0200 Subject: [PATCH 03/14] linting --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 0d4712947..405b871b5 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -291,8 +291,8 @@ argo-cd: server.insecure: true application.namespaces: 'cf-*' controller: - statefulsetAnnotations: - argocd.argoproj.io/sync-options: "Delete=false" + statefulsetAnnotations: + argocd.argoproj.io/sync-options: "Delete=false" #----------------------------------------------------------------------------------------------------------------------- # Argo Events #----------------------------------------------------------------------------------------------------------------------- From 5ec57410f4acf36f5cfedb44c3b1d19426a64f72 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 14 Dec 2025 14:47:59 +0200 Subject: [PATCH 04/14] bump From d4e8644c0db831f24b3c55a5c6b79558d3e45a70 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 12:09:59 +0200 Subject: [PATCH 05/14] added hook to delete applications --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index ecd385a87..5c4dcf3e4 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,10 +20,7 @@ spec: command: ["sh", "-c"] args: - | - kubectl patch EventBus $(kubectl get eventbus -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ - kubectl patch Eventsource $(kubectl get EventSource -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ - kubectl patch Sensor $(kubectl get Sensor -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge ; - return 0 + kubectl get applications -A -l codefresh.io/internal=true -o name | xargs -r -I{} kubectl patch {} -p '{"metadata":{"finalizers":null}}' --type=merge || true {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From ee2098d8157a38fe120e430ed8aaefba848e26af Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 15:00:14 +0200 Subject: [PATCH 06/14] adj command to handle namespaced installations --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index 5c4dcf3e4..249aaf094 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,7 +20,8 @@ spec: command: ["sh", "-c"] args: - | - kubectl get applications -A -l codefresh.io/internal=true -o name | xargs -r -I{} kubectl patch {} -p '{"metadata":{"finalizers":null}}' --type=merge || true + kubectl get applications -n {{ .Release.Namespace }} -l codefresh.io/internal=true -o jsonpath='{.items[*].metadata.name}' \ + | xargs -r -n1 -I{} kubectl patch application -n {{ .Release.Namespace }} {} -p '{"metadata":{"finalizers":null}}' --type=merge || true {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From 30e24da837334d0701cc741862d80a0871d5d95a Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 15:23:26 +0200 Subject: [PATCH 07/14] bump From 9cd90922a0416bcde93f3f06c830884bb8daaa05 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 16:17:12 +0200 Subject: [PATCH 08/14] bump From b8ae9dfdfd0e145766f252baacb7afb7555a3ef9 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 07:44:47 +0200 Subject: [PATCH 09/14] bump From 43f3c7ce2fdc17f2d4648f30b4d6f32ecc6ce1ec Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 10:09:36 +0200 Subject: [PATCH 10/14] added clean up for codefresh secret and git integration --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index 249aaf094..c3526f92c 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,8 +20,15 @@ spec: command: ["sh", "-c"] args: - | + # Remove finalizers from internal Argo CD Applications in this runtime namespace kubectl get applications -n {{ .Release.Namespace }} -l codefresh.io/internal=true -o jsonpath='{.items[*].metadata.name}' \ | xargs -r -n1 -I{} kubectl patch application -n {{ .Release.Namespace }} {} -p '{"metadata":{"finalizers":null}}' --type=merge || true + + # Delete runtime token secret in this namespace (if present) + kubectl delete secret codefresh-token -n {{ .Release.Namespace }} --ignore-not-found || true + + # Delete default git integration secret in this namespace (if present) + kubectl delete secret -n {{ .Release.Namespace }} -l 'io.codefresh.integration-type=git,io.codefresh.integration-name=default' --ignore-not-found || true {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From d3c852b07d14128593cd83175afcb32136558a4a Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 10:55:12 +0200 Subject: [PATCH 11/14] added loggin --- .../pre-uninstall/cleanup-resources.yaml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index c3526f92c..f9df4d312 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,15 +20,22 @@ spec: command: ["sh", "-c"] args: - | - # Remove finalizers from internal Argo CD Applications in this runtime namespace + set -e + + echo "[cleanup] Namespace: {{ .Release.Namespace }}" + + echo "[cleanup] Patching internal Argo CD Applications finalizers..." kubectl get applications -n {{ .Release.Namespace }} -l codefresh.io/internal=true -o jsonpath='{.items[*].metadata.name}' \ - | xargs -r -n1 -I{} kubectl patch application -n {{ .Release.Namespace }} {} -p '{"metadata":{"finalizers":null}}' --type=merge || true + | xargs -r -n1 -I{} sh -c 'echo "[cleanup] Patching application: {}"; kubectl patch application -n {{ .Release.Namespace }} {} -p '\''{"metadata":{"finalizers":null}}'\'' --type=merge' \ + || echo "[cleanup] Failed to patch applications (see errors above)" - # Delete runtime token secret in this namespace (if present) - kubectl delete secret codefresh-token -n {{ .Release.Namespace }} --ignore-not-found || true + echo "[cleanup] Deleting codefresh-token secret..." + kubectl delete secret codefresh-token -n {{ .Release.Namespace }} --ignore-not-found \ + || echo "[cleanup] Failed to delete codefresh-token (see errors above)" - # Delete default git integration secret in this namespace (if present) - kubectl delete secret -n {{ .Release.Namespace }} -l 'io.codefresh.integration-type=git,io.codefresh.integration-name=default' --ignore-not-found || true + echo "[cleanup] Deleting default git integration secrets..." + kubectl delete secret -n {{ .Release.Namespace }} -l 'io.codefresh.integration-type=git,io.codefresh.integration-name=default' --ignore-not-found \ + || echo "[cleanup] Failed to delete default git integration secrets (see errors above)" {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From 5109f90275549e0761ba67f2e7cfe2b7b8b03f47 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 11:24:57 +0200 Subject: [PATCH 12/14] debugging --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index f9df4d312..ee1bb7f06 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -5,7 +5,7 @@ metadata: annotations: helm.sh/hook: pre-delete helm.sh/hook-weight: "5" - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-delete-policy: before-hook-creation spec: backoffLimit: 3 template: From 3e64261a77579f5fdb6fc9efcf63f9bde6a53866 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 18 Dec 2025 09:30:28 +0200 Subject: [PATCH 13/14] added annotation --- .../templates/_components/cap-app-proxy/_rbac.yaml | 4 ++++ .../_components/cap-app-proxy/enrichment/_enrichment-rb.yaml | 2 ++ .../cap-app-proxy/enrichment/_enrichment-role.yaml | 2 ++ 3 files changed, 8 insertions(+) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml index aca416800..4a87022b7 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml @@ -5,6 +5,8 @@ kind: Role metadata: labels: app: cap-app-proxy + annotations: + argocd.argoproj.io/sync-options: Delete=false name: cap-app-proxy rules: - apiGroups: @@ -77,6 +79,8 @@ kind: RoleBinding metadata: labels: app: cap-app-proxy + annotations: + argocd.argoproj.io/sync-options: Delete=false name: cap-app-proxy roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml index 0826210ca..14ec8a1bc 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml @@ -6,6 +6,8 @@ metadata: name: {{ include "cap-app-proxy.fullname" . }}-enrichment labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} + annotations: + argocd.argoproj.io/sync-options: Delete=false roleRef: apiGroup: "" kind: Role diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml index b407aa501..ce446bb47 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "cap-app-proxy.fullname" . }}-enrichment labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} + annotations: + argocd.argoproj.io/sync-options: Delete=false rules: - apiGroups: - "*" From 5c0f8cec78f645d34e9661536213961ebcfa752b Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 18 Dec 2025 10:02:51 +0200 Subject: [PATCH 14/14] added serviceaccount to resources of app proxy --- .../templates/_components/cap-app-proxy/_rbac.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml index 4a87022b7..b084e5e2f 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml @@ -15,6 +15,7 @@ rules: - secrets - configmaps - pods + - serviceaccounts verbs: - get - create