Releases: codefresh-io/gitops-runtime-helm
0.28.2
0.28.1
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.28.1Chart changes
- chore: update app-proxy to v1.4068.0
- fix: fix various security vulnerabilities in app-proxy
- fix: fix various security vulnerabilities in cf-argocd-extras
- chore: updated sealed-secrets-controller to 0.36.0
- fix: fix various security vulnerabilities in sealed-secrets-controller
0.28.0
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.28.0Breaking Changes
Argo CD v3.3.2 Compatibility
Argo CD has been updated to v3.3.2
Known Issue: Version Validation for BYOA
If you are using BYOA (Bring Your Own Argo) with ArgoCD v3.3.2, you may encounter a version validation error during the upgrade. This is due to a constraint mismatch in the validation hook.
Workaround: Disable the validation by adding the following to your values file:
installer:
skipValidation: trueThis will bypass the version check and allow the installation to proceed. This issue will be addressed in future releases.
⚠️ Important Notice
Users who have an Argo CD Application that manages their Argo CD installation must enable the following configurations for the upgrade to succeed:
- Sync option:
ServerSideApply=true - Annotation:
argocd.argoproj.io/compare-options: ServerSideDiff=true
Recommendations
Fresh Installation (v0.28+)
If you install cf-gitops-runtime from scratch, the initial commit in your ISC repository will contain all required settings for the self-managing "cf-gitops-runtime" application. No additional action is needed.
Upgrade from v0.27.x or Earlier
If you are upgrading from version < 0.28, perform the following manual actions in your ISC repository:
-
Update Argo CD Application Configuration
Edit
<path-to-ISC-repo>/resources/codefresh/cf-gitops-runtime.yamland add:metadata: annotations: argocd.argoproj.io/compare-options: ServerSideDiff=true
syncPolicy: syncOptions: - ServerSideApply=true
-
Update Chart Version
Edit
resources/<runtime_name>/chart/Chart.yamland update thegitops-runtimeversion:apiVersion: v2 appVersion: 1.0.0 description: Codefresh gitops runtime umbrella chart name: codefresh-gitops-runtime version: 0.28.0 dependencies: - name: gitops-runtime repository: oci://quay.io/codefresh version: 0.28.0
Security
Migration to Docker Hardened Images (DHI)
We have migrated our core components to Docker Hardened Images (DHI). This transition significantly improves the overall security posture and performance of the runtime:
Reduced Surface Area — DHI images are more lightweight, containing only the necessary binaries.
Enhanced Security — These images are built with stricter security standards, reducing the number of vulnerabilities.
Components Migrated:
runtime-installer images moved to DHI.
app-proxy-init migrated to the DHI base image.
0.27.6
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.6Chart changes
- chore: update tunnel-chart to v0.1.24
- fix: fix multiple security vulnerabilities in codefresh/frps
0.27.5
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.5Chart changes
- bump Node.js to v22.22.0 for cap-app-proxy
- bump alpine/kubectl to v1.35.1
0.27.4
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.4Chart changes
- migrate app-proxy-init and gitops-runtime-installer to DHI base images
- update nginx-unprivileged and codefresh-gitops-operator
- runtime components logs not working for some of components
0.27.3
0.26.8
0.27.2
0.27.1
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.1Chart changes
- cap-app-proxy & cap-app-proxy-init: fix security vulnerability in qs library CVE-2025-15284