Releases: codefresh-io/gitops-runtime-helm
0.28.1
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.28.1Chart changes
- chore: update app-proxy to v1.4068.0
- fix: fix various security vulnerabilities in app-proxy
- fix: fix various security vulnerabilities in cf-argocd-extras
- chore: updated sealed-secrets-controller to 0.36.0
- fix: fix various security vulnerabilities in sealed-secrets-controller
0.28.0
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.28.0Breaking Changes
Argo CD v3.3.2 Compatibility
Argo CD has been updated to v3.3.2
⚠️ Important Notice
Users who have an Argo CD Application that manages their Argo CD installation must enable the following configurations for the upgrade to succeed:
- Sync option:
ServerSideApply=true - Annotation:
argocd.argoproj.io/compare-options: ServerSideDiff=true
Recommendations
Fresh Installation (v0.28+)
If you install cf-gitops-runtime from scratch, the initial commit in your ISC repository will contain all required settings for the self-managing "cf-gitops-runtime" application. No additional action is needed.
Upgrade from v0.27.x or Earlier
If you are upgrading from version < 0.28, perform the following manual actions in your ISC repository:
-
Update Argo CD Application Configuration
Edit
<path-to-ISC-repo>/resources/codefresh/cf-gitops-runtime.yamland add:metadata: annotations: argocd.argoproj.io/compare-options: ServerSideDiff=true
syncPolicy: syncOptions: - ServerSideApply=true
-
Update Chart Version
Edit
resources/<runtime_name>/chart/Chart.yamland update thegitops-runtimeversion:apiVersion: v2 appVersion: 1.0.0 description: Codefresh gitops runtime umbrella chart name: codefresh-gitops-runtime version: 0.28.0 dependencies: - name: gitops-runtime repository: oci://quay.io/codefresh version: 0.28.0
Security
Migration to Docker Hardened Images (DHI)
We have migrated our core components to Docker Hardened Images (DHI). This transition significantly improves the overall security posture and performance of the runtime:
Reduced Surface Area — DHI images are more lightweight, containing only the necessary binaries.
Enhanced Security — These images are built with stricter security standards, reducing the number of vulnerabilities.
Components Migrated:
runtime-installer images moved to DHI.
app-proxy-init migrated to the DHI base image.
0.27.6
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.6Chart changes
- chore: update tunnel-chart to v0.1.24
- fix: fix multiple security vulnerabilities in codefresh/frps
0.27.5
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.5Chart changes
- bump Node.js to v22.22.0 for cap-app-proxy
- bump alpine/kubectl to v1.35.1
0.27.4
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.4Chart changes
- migrate app-proxy-init and gitops-runtime-installer to DHI base images
- update nginx-unprivileged and codefresh-gitops-operator
- runtime components logs not working for some of components
0.27.3
0.26.8
0.27.2
0.27.1
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.1Chart changes
- cap-app-proxy & cap-app-proxy-init: fix security vulnerability in qs library CVE-2025-15284
0.27.0
Installation
To get Helm chart for this release run:
helm pull oci://quay.io/codefresh/gitops-runtime --version 0.27.0Breaking Changes
Argo Rollouts Removed
Argo Rollouts controller has been removed from the gitops-runtime helm chart (#1051). If you depend on Argo Rollouts, you will need to install it separately.
Argo Events Removed
Argo Events controller has been removed from the gitops-runtime helm chart (#1057). If you depend on Argo Events, you will need to install it separately.
Runtime Redis Disabled by Default
Redis is now disabled by default (#927). Set redis-ha.enabled: true if needed.
What's New
Enhanced Runtime Uninstallation & Cleanup
We have significantly improved the uninstallation process to ensure a "zero-footprint" state:
- Shared Configuration Cleanup - The uninstallation now includes the ability to clean up the desired state stored in the Internal Shared Configuration Repository
- Cluster Hygiene - Improved command execution ensures that no stale runtime components or orphan resources remain on your cluster
ArgoCD Sync & Deletion Guardrails
The App-proxy now supports native ArgoCD resource annotations for Confirmation on Delete and Prune. This acts as a safety gate, requiring manual confirmation in the UI before a sync operation can delete or prune a specific resource (#1046).
- Sync Options - Prune Confirmation support
- Application Deletion - Added support for confirmation prompts before deleting an entire application
Improved Installation Wizard
The newest runtime installation flow features a drastically improved UX and ease of use.
- Expanded Git Support - Full support for Bitbucket, Bitbucket Server, and GitLab is now integrated into the streamlined installation wizard
Other Improvements
- Run without Redis - The runtime can now operate without Redis configured, providing more flexible deployment options (#919)
- MRC change revisions annotations - New support for MRC change revisions annotations in cf-argocd-extras (#1005)
- Event-reporter enhancements - Added deleted field to app event payload for better tracking (#1039)
- Checksum annotations - Config changes now trigger proper pod restarts (#938)
- Namespace-scoped Argo Workflows - Argo Workflows now runs namespace-scoped by default (#920)
Bug Fixes
- Fixed transient error handling on app sync failure (#922)
- Fixed issue where simple runtime applications ended up being out-of-sync
- Removed git commit statuses from gitops-operator (#940)