From 125ac54e5881bacfd6aa8dab888b4a08a1b2cec7 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 11 Dec 2025 09:17:40 +0200 Subject: [PATCH 01/17] added annotation to app proxy deployment so it wont get deleted during argo deletion --- .../templates/_components/cap-app-proxy/_deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml index e00a55bb2..74bf68dbc 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_deployment.yaml @@ -3,6 +3,8 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "cap-app-proxy.fullname" . }} + annotations: + argocd.argoproj.io/sync-options: Delete=false labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} spec: From 795033c1e3b7e3f6a0d95fb77f2f6695c753a142 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 14 Dec 2025 12:49:35 +0200 Subject: [PATCH 02/17] added annotation to argo controller --- charts/gitops-runtime/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 18feb150e..24f49cb29 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -290,6 +290,9 @@ argo-cd: params: server.insecure: true application.namespaces: 'cf-*' + controller: + statefulsetAnnotations: + argocd.argoproj.io/sync-options: "Delete=false" #----------------------------------------------------------------------------------------------------------------------- # Argo Events #----------------------------------------------------------------------------------------------------------------------- From 20159334f0be297f9eb435f77a251d084d30bc21 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 14 Dec 2025 14:12:14 +0200 Subject: [PATCH 03/17] linting --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index 24f49cb29..4d8f8f352 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -291,8 +291,8 @@ argo-cd: server.insecure: true application.namespaces: 'cf-*' controller: - statefulsetAnnotations: - argocd.argoproj.io/sync-options: "Delete=false" + statefulsetAnnotations: + argocd.argoproj.io/sync-options: "Delete=false" #----------------------------------------------------------------------------------------------------------------------- # Argo Events #----------------------------------------------------------------------------------------------------------------------- From 3dbd7615b44535e0dc6d99d6c1e53a94b875ef20 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 14 Dec 2025 14:47:59 +0200 Subject: [PATCH 04/17] bump From bf04fcd4699bfbe219f70195a272174353916bbd Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 12:09:59 +0200 Subject: [PATCH 05/17] added hook to delete applications --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index ecd385a87..5c4dcf3e4 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,10 +20,7 @@ spec: command: ["sh", "-c"] args: - | - kubectl patch EventBus $(kubectl get eventbus -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ - kubectl patch Eventsource $(kubectl get EventSource -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge && \ - kubectl patch Sensor $(kubectl get Sensor -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge ; - return 0 + kubectl get applications -A -l codefresh.io/internal=true -o name | xargs -r -I{} kubectl patch {} -p '{"metadata":{"finalizers":null}}' --type=merge || true {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From 8238d028db811b7b50dd2e7b0e334db9c05bc7b9 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 15:00:14 +0200 Subject: [PATCH 06/17] adj command to handle namespaced installations --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index 5c4dcf3e4..249aaf094 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,7 +20,8 @@ spec: command: ["sh", "-c"] args: - | - kubectl get applications -A -l codefresh.io/internal=true -o name | xargs -r -I{} kubectl patch {} -p '{"metadata":{"finalizers":null}}' --type=merge || true + kubectl get applications -n {{ .Release.Namespace }} -l codefresh.io/internal=true -o jsonpath='{.items[*].metadata.name}' \ + | xargs -r -n1 -I{} kubectl patch application -n {{ .Release.Namespace }} {} -p '{"metadata":{"finalizers":null}}' --type=merge || true {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From 63f485e0e90a64514052af43b28bda4d3960d47f Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 15:23:26 +0200 Subject: [PATCH 07/17] bump From 90f82f66ee02a590001fa4b68dcbb10f3fb85849 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Mon, 15 Dec 2025 16:17:12 +0200 Subject: [PATCH 08/17] bump From 874f801e45d6817909591d77671d5fb039a79154 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 07:44:47 +0200 Subject: [PATCH 09/17] bump From 786c5985a1d6940ce41db57462d051e168bdbd0e Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 10:09:36 +0200 Subject: [PATCH 10/17] added clean up for codefresh secret and git integration --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index 249aaf094..c3526f92c 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,8 +20,15 @@ spec: command: ["sh", "-c"] args: - | + # Remove finalizers from internal Argo CD Applications in this runtime namespace kubectl get applications -n {{ .Release.Namespace }} -l codefresh.io/internal=true -o jsonpath='{.items[*].metadata.name}' \ | xargs -r -n1 -I{} kubectl patch application -n {{ .Release.Namespace }} {} -p '{"metadata":{"finalizers":null}}' --type=merge || true + + # Delete runtime token secret in this namespace (if present) + kubectl delete secret codefresh-token -n {{ .Release.Namespace }} --ignore-not-found || true + + # Delete default git integration secret in this namespace (if present) + kubectl delete secret -n {{ .Release.Namespace }} -l 'io.codefresh.integration-type=git,io.codefresh.integration-name=default' --ignore-not-found || true {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From eae40380de6214c7970ac0ed129d73084e5de037 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 10:55:12 +0200 Subject: [PATCH 11/17] added loggin --- .../pre-uninstall/cleanup-resources.yaml | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index c3526f92c..f9df4d312 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -20,15 +20,22 @@ spec: command: ["sh", "-c"] args: - | - # Remove finalizers from internal Argo CD Applications in this runtime namespace + set -e + + echo "[cleanup] Namespace: {{ .Release.Namespace }}" + + echo "[cleanup] Patching internal Argo CD Applications finalizers..." kubectl get applications -n {{ .Release.Namespace }} -l codefresh.io/internal=true -o jsonpath='{.items[*].metadata.name}' \ - | xargs -r -n1 -I{} kubectl patch application -n {{ .Release.Namespace }} {} -p '{"metadata":{"finalizers":null}}' --type=merge || true + | xargs -r -n1 -I{} sh -c 'echo "[cleanup] Patching application: {}"; kubectl patch application -n {{ .Release.Namespace }} {} -p '\''{"metadata":{"finalizers":null}}'\'' --type=merge' \ + || echo "[cleanup] Failed to patch applications (see errors above)" - # Delete runtime token secret in this namespace (if present) - kubectl delete secret codefresh-token -n {{ .Release.Namespace }} --ignore-not-found || true + echo "[cleanup] Deleting codefresh-token secret..." + kubectl delete secret codefresh-token -n {{ .Release.Namespace }} --ignore-not-found \ + || echo "[cleanup] Failed to delete codefresh-token (see errors above)" - # Delete default git integration secret in this namespace (if present) - kubectl delete secret -n {{ .Release.Namespace }} -l 'io.codefresh.integration-type=git,io.codefresh.integration-name=default' --ignore-not-found || true + echo "[cleanup] Deleting default git integration secrets..." + kubectl delete secret -n {{ .Release.Namespace }} -l 'io.codefresh.integration-type=git,io.codefresh.integration-name=default' --ignore-not-found \ + || echo "[cleanup] Failed to delete default git integration secrets (see errors above)" {{- with .Values.installer.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} From 9e53626abaab99d8ba6d2a5468f5f071a9efe4ea Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Tue, 16 Dec 2025 11:24:57 +0200 Subject: [PATCH 12/17] debugging --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index f9df4d312..ee1bb7f06 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -5,7 +5,7 @@ metadata: annotations: helm.sh/hook: pre-delete helm.sh/hook-weight: "5" - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-delete-policy: before-hook-creation spec: backoffLimit: 3 template: From 6275bfa7f5a205bb37909704eb0175ae5254d963 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 18 Dec 2025 09:30:28 +0200 Subject: [PATCH 13/17] added annotation --- .../templates/_components/cap-app-proxy/_rbac.yaml | 4 ++++ .../_components/cap-app-proxy/enrichment/_enrichment-rb.yaml | 2 ++ .../cap-app-proxy/enrichment/_enrichment-role.yaml | 2 ++ 3 files changed, 8 insertions(+) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml index aca416800..4a87022b7 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml @@ -5,6 +5,8 @@ kind: Role metadata: labels: app: cap-app-proxy + annotations: + argocd.argoproj.io/sync-options: Delete=false name: cap-app-proxy rules: - apiGroups: @@ -77,6 +79,8 @@ kind: RoleBinding metadata: labels: app: cap-app-proxy + annotations: + argocd.argoproj.io/sync-options: Delete=false name: cap-app-proxy roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml index 0826210ca..14ec8a1bc 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml @@ -6,6 +6,8 @@ metadata: name: {{ include "cap-app-proxy.fullname" . }}-enrichment labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} + annotations: + argocd.argoproj.io/sync-options: Delete=false roleRef: apiGroup: "" kind: Role diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml index b407aa501..ce446bb47 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml @@ -5,6 +5,8 @@ metadata: name: {{ include "cap-app-proxy.fullname" . }}-enrichment labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} + annotations: + argocd.argoproj.io/sync-options: Delete=false rules: - apiGroups: - "*" From 02c6cb88cfdcbc13491b399e81977a75a5c3e759 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Thu, 18 Dec 2025 10:02:51 +0200 Subject: [PATCH 14/17] added serviceaccount to resources of app proxy --- .../templates/_components/cap-app-proxy/_rbac.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml index 4a87022b7..b084e5e2f 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml @@ -15,6 +15,7 @@ rules: - secrets - configmaps - pods + - serviceaccounts verbs: - get - create From 7d079af8fa250cafdbf508f70f2a2982bee76ab7 Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sat, 20 Dec 2025 16:12:50 +0200 Subject: [PATCH 15/17] removed annotations --- .../templates/_components/cap-app-proxy/_rbac.yaml | 5 ----- .../_components/cap-app-proxy/enrichment/_enrichment-rb.yaml | 2 -- .../cap-app-proxy/enrichment/_enrichment-role.yaml | 2 -- 3 files changed, 9 deletions(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml index b084e5e2f..aca416800 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/_rbac.yaml @@ -5,8 +5,6 @@ kind: Role metadata: labels: app: cap-app-proxy - annotations: - argocd.argoproj.io/sync-options: Delete=false name: cap-app-proxy rules: - apiGroups: @@ -15,7 +13,6 @@ rules: - secrets - configmaps - pods - - serviceaccounts verbs: - get - create @@ -80,8 +77,6 @@ kind: RoleBinding metadata: labels: app: cap-app-proxy - annotations: - argocd.argoproj.io/sync-options: Delete=false name: cap-app-proxy roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml index 14ec8a1bc..0826210ca 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-rb.yaml @@ -6,8 +6,6 @@ metadata: name: {{ include "cap-app-proxy.fullname" . }}-enrichment labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} - annotations: - argocd.argoproj.io/sync-options: Delete=false roleRef: apiGroup: "" kind: Role diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml index ce446bb47..b407aa501 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/enrichment/_enrichment-role.yaml @@ -5,8 +5,6 @@ metadata: name: {{ include "cap-app-proxy.fullname" . }}-enrichment labels: {{- include "cap-app-proxy.labels" . | nindent 4 }} - annotations: - argocd.argoproj.io/sync-options: Delete=false rules: - apiGroups: - "*" From b582b5986a215fa70da2cde464859f8ec31b23bc Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 21 Dec 2025 09:58:55 +0200 Subject: [PATCH 16/17] removed debug --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index ee1bb7f06..9083ea6c8 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -5,7 +5,7 @@ metadata: annotations: helm.sh/hook: pre-delete helm.sh/hook-weight: "5" - helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-delete-policy: hook-succeeded, before-hook-creation spec: backoffLimit: 3 template: From 1e2651b7c20cbc8d35e5302a19a921b39e21e9cd Mon Sep 17 00:00:00 2001 From: Philip Kotliyakov Date: Sun, 21 Dec 2025 10:14:08 +0200 Subject: [PATCH 17/17] removed space --- .../templates/hooks/pre-uninstall/cleanup-resources.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml index 9083ea6c8..f9df4d312 100644 --- a/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml +++ b/charts/gitops-runtime/templates/hooks/pre-uninstall/cleanup-resources.yaml @@ -5,7 +5,7 @@ metadata: annotations: helm.sh/hook: pre-delete helm.sh/hook-weight: "5" - helm.sh/hook-delete-policy: hook-succeeded, before-hook-creation + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation spec: backoffLimit: 3 template: