Runtime values file validation
Review how Codefresh GitOps validates Runtime’s values file
values.yaml file validation
The Codefresh values.yaml file available here, contains all the arguments you can configure, including optional ones.
Before initiating the installation, Codefresh automatically validates the values.yaml file to verify that the supplied values are correct.
A validation error will automatically terminate the installation.
You can disable automated validation globally for all installation settings, or for only the ingress controller for example, and run validation manually.
Validated settings
The table below lists the settings validated in the values file.
| Setting | Validation |
|---|---|
| userToken | If explicitly defined, or defined as a secretKeyRef which exists in the current K8s context and the defined namespace. |
| Account permissions | If the user has admin permissions for the account in which they are installing the runtime. |
| Runtime name | If defined, and is unique to the account. |
| Access mode |
|
| gitCredentials |
|
Validation failures
If validation failes, Codefresh terminates the installation with the error:
Job has reached the specified backoff limit
For detailed information on the reason for the validation failure, run:
kubectl logs jobs/validate-values -n ${NAMESPACE}
where:
{NAMESPACE}must be replaced with the namespace of the Hybrid GitOps Runtime.
Disable installation validation globally
You may want to disable automated validation globally for specific scenarios, such as to address false-negatives.
To disable validation globally, use either of these methods:
- Add the
--set installer.skipValidation=trueflag to the Helm install command - Add
installer.skipValidation: trueto thevalues.yamlfile
In install command
--set installer.skipValidation=true
In values file
...
installer: skipValidation: true
... Disable ingress validation
Ingress validation checks if the ingress URL exists and responds to web requests. During a GitOps Runtime installation, the ingress might not be active yet, causing DNS errors despite correct configuration. Disabling ingress validation allows the installation to proceed, assuming the ingress will work once the Runtime is fully operational.
To disable only ingress validation, use either of these methods:
- Add the
--set global.runtime.ingress.skipValidation=trueflag to the Helm install command - Add
global.runtime.ingress.skipValidation: trueto thevalues.yamlfile.
In install command
--set global.runtime.ingress.skipValidation=true
In values file
...
global:
runtime:
ingress:
skipValidation: true
... Disable validation for custom/fine-grained Git tokens
When using token with custom scopes, or GitHub’s fine-grained tokens (currently not officially supported by Codefresh), for Runtime version v0.18.0 or lower, skip token validation to avoid validation failures during installation.
- Add the
skipGitPermissionValidationflag to yourvalues.yamlfile:
app-proxy:
config:
skipGitPermissionValidation: "true"
If you set this flag, make sure that:
- The Git user token defined for the GitOps Runtime (the token defined for
runtime-repo-creds-secret), has read and write access to the Shared Configuration Repository. - The Git user tokens for the different Git repositories associated with the Runtimes have read and write permissions to those Git repositories they expect to write to and read from.
For details on using multiplerepo-credssecrets, see Argo CD Repositories.
For details on Git token usage, see Git tokens.
Manually validate values.yaml file
To manually validate the values file, run:
cf helm validate --values <values_file> --namespace <namespace> --version <version>
where:
<values_file>is the name of thevalues.yamlfile used by the Helm installation.<namespace>is the namespace in which to install the Hybrid GitOps runtime, either the defaultcodefresh, or the custom name you intend to use for the installation. The Namespace must conform to the naming conventions for Kubernetes objects.<version>is the version of the runtime to install.