[pipelines] 1.40.1 release

jfrog · Jun 14, 2023 · 1c03d81 · 1c03d81
1 parent 32ac37d
commit 1c03d81
Show file tree

Hide file tree

Showing 14 changed files with 541 additions and 126 deletions.
diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md
@@ -1,6 +1,23 @@
 # JFrog Pipelines Chart Changelog
 All changes to this chart to be documented in this file.
 
+## [101.40.1] - May 31, 2023
+* Handle jfrogUrlUI if nothing is set
+* Added log-service
+* Added step-service
+* Enabled nodepoolservice by default
+* Fix migration script failures on ssl enforced database
+* Fix database SSL details not being passed to nodepoolservice as expected in split mode
+* Fix vault issue with enforced SSL on azure database
+* Opens grpc port for nodepoolservice apis.
+* Opens http health check port for nodepoolservice 
+* Add ability to use redis with password
+* Add support to pass db metric parameters in system.yaml
+* Change hpa api version to autoscaling/v2
+* Enable probes on router
+* Add readiness to api container
+* Fix port for router readiness probe
+
 ## [101.38.1] - Apr 18, 2023
 * Handle jfrogUrlUI if nothing is set
 * Fix migration script failures on ssl enforced database

diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.38.1
+appVersion: 1.40.1
 dependencies:
 - condition: postgresql.enabled
   name: postgresql
@@ -32,4 +32,4 @@ name: pipelines
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 101.38.1
+version: 101.40.1
diff --git a/stable/pipelines/ci/default-values.yaml b/stable/pipelines/ci/default-values.yaml
@@ -7,6 +7,12 @@ pipelines:
   unifiedSecretInstallation: true
   nodepoolservice:
     enabled: true
+  runservice:
+    enabled: true
+  logservice:
+    enabled: true
+  stepservice:
+    enabled: true
   api:
     resources:
       limits:

diff --git a/stable/pipelines/icon/pipelines-logo.png b/stable/pipelines/icon/pipelines-logo.png
diff --git a/stable/pipelines/templates/_helpers.tpl b/stable/pipelines/templates/_helpers.tpl
@@ -107,6 +107,30 @@ The nodepoolservice name
 {{- printf "%s-%s-nodepoolservice" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+The runservice name
+*/}}
+{{- define "pipelines.runservice.name" -}}
+{{- $name := .Release.Name | trunc 29 -}}
+{{- printf "%s-%s-runservice" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+The logservice name
+*/}}
+{{- define "pipelines.logservice.name" -}}
+{{- $name := .Release.Name | trunc 29 -}}
+{{- printf "%s-%s-logservice" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+The stepservice name
+*/}}
+{{- define "pipelines.stepservice.name" -}}
+{{- $name := .Release.Name | trunc 29 -}}
+{{- printf "%s-%s-stepservice" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 The msg name
 */}}

diff --git a/stable/pipelines/templates/pipelines-cron-statefulset.yaml b/stable/pipelines/templates/pipelines-cron-statefulset.yaml
@@ -132,6 +132,27 @@ spec:
           - name: ca-certs
             mountPath: "/tmp/certs"
       {{- end }}
+        - name: change-ownership
+          image: "{{ .Values.initContainer.image }}"
+          imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              add:
+                - CHOWN
+              drop:
+                - NET_RAW
+          resources:
+{{ toYaml .Values.initContainers.resources | nindent 12 }}
+          command:
+          - '/bin/sh'
+          - '-c'
+          - >
+            echo "change ownership of {{ .Values.pipelines.mountPath }} directory";
+            chown -R 1066:1066 {{ .Values.pipelines.mountPath }};
+          volumeMounts:
+          - name: jfrog-pipelines-folder
+            mountPath: {{ .Values.pipelines.mountPath }}
         - name: pipelines-installer
           image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }}
           imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }}
@@ -143,7 +164,7 @@ spec:
               drop:
                 - NET_RAW
           resources:
-{{ toYaml .Values.initContainers.resources | nindent 12 }}
+{{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }}
           env:
             {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }}
             - name: NODE_EXTRA_CA_CERTS
@@ -207,6 +228,7 @@ spec:
             mkdir -p {{ .Values.pipelines.mountPath }}/security;
             echo -n ${PIPELINES_JOIN_KEY} > {{ .Values.pipelines.mountPath }}/security/join.key;
           {{- end }}
+            ./pipelines-k8s initDBdetails;
           volumeMounts:
           - name: jfrog-pipelines-folder
             mountPath: {{ .Values.pipelines.mountPath }}
@@ -236,27 +258,6 @@ spec:
             mountPath: {{ .Values.pipelines.mountPath }}/buildplane-config
             readOnly: true
           {{- end }}
-        - name: change-ownership
-          image: "{{ .Values.initContainer.image }}"
-          imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              add:
-                - CHOWN
-              drop:
-                - NET_RAW
-          resources:
-{{ toYaml .Values.initContainers.resources | nindent 12 }}
-          command:
-          - '/bin/sh'
-          - '-c'
-          - >
-            echo "change ownership of {{ .Values.pipelines.mountPath }} directory";
-            chown -R 1066:1066 {{ .Values.pipelines.mountPath }};
-          volumeMounts:
-          - name: jfrog-pipelines-folder
-            mountPath: {{ .Values.pipelines.mountPath }}
           {{- if or .Values.pipelines.cron.customInitContainers .Values.global.customInitContainers }}
 {{ tpl (include "pipelines.cron.customInitContainers" .)  . | indent 8 }}
           {{- end }}

diff --git a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml
@@ -136,6 +136,27 @@ spec:
           - name: ca-certs
             mountPath: "/tmp/certs"
       {{- end }}
+        - name: change-ownership
+          image: "{{ .Values.initContainer.image }}"
+          imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              add:
+                - CHOWN
+              drop:
+                - NET_RAW
+          resources:
+{{ toYaml .Values.initContainers.resources | nindent 12 }}
+          command:
+          - '/bin/sh'
+          - '-c'
+          - >
+            echo "change ownership of {{ .Values.pipelines.mountPath }} directory";
+            chown -R 1066:1066 {{ .Values.pipelines.mountPath }};
+          volumeMounts:
+          - name: jfrog-pipelines-folder
+            mountPath: {{ .Values.pipelines.mountPath }}
         - name: pipelines-installer
           image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }}
           imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }}
@@ -147,7 +168,7 @@ spec:
               drop:
                 - NET_RAW
           resources:
-{{ toYaml .Values.initContainers.resources | nindent 12 }}
+{{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }}
           env:
             {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }}
             - name: NODE_EXTRA_CA_CERTS
@@ -211,7 +232,7 @@ spec:
             mkdir -p {{ .Values.pipelines.mountPath }}/security;
             echo -n ${PIPELINES_JOIN_KEY} > {{ .Values.pipelines.mountPath }}/security/join.key;
           {{- end }}
-            sleep 5;
+            ./pipelines-k8s initDBdetails;
           volumeMounts:
           - name: jfrog-pipelines-folder
             mountPath: {{ .Values.pipelines.mountPath }}
@@ -241,27 +262,6 @@ spec:
             mountPath: {{ .Values.pipelines.mountPath }}/buildplane-config
             readOnly: true
           {{- end }}
-        - name: change-ownership
-          image: "{{ .Values.initContainer.image }}"
-          imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              add:
-                - CHOWN
-              drop:
-                - NET_RAW
-          resources:
-{{ toYaml .Values.initContainers.resources | nindent 12 }}
-          command:
-          - '/bin/sh'
-          - '-c'
-          - >
-            echo "change ownership of {{ .Values.pipelines.mountPath }} directory";
-            chown -R 1066:1066 {{ .Values.pipelines.mountPath }};
-          volumeMounts:
-          - name: jfrog-pipelines-folder
-            mountPath: {{ .Values.pipelines.mountPath }}
           {{- if or .Values.pipelines.hookHandler.customInitContainers .Values.global.customInitContainers }}
 {{ tpl (include "pipelines.hookhandler.customInitContainers" .)  . | indent 8 }}
           {{- end }}

diff --git a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml
@@ -538,6 +538,10 @@ spec:
           {{- if .Values.pipelines.internalapi.startupProbe.enabled }}
           startupProbe:
 {{ tpl .Values.pipelines.internalapi.startupProbe.config . | indent 12 }}
+          {{- end }}
+          {{- if .Values.pipelines.internalapi.readinessProbe.enabled }}
+          readinessProbe:
+{{ tpl .Values.pipelines.internalapi.readinessProbe.config . | indent 12 }}
           {{- end }}
           resources:
             {{- toYaml .Values.pipelines.internalapi.resources | nindent 12 }}

diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml
@@ -565,6 +565,10 @@ spec:
           {{- if .Values.pipelines.api.startupProbe.enabled }}
           startupProbe:
 {{ tpl .Values.pipelines.api.startupProbe.config . | indent 12 }}
+          {{- end }}
+          {{- if .Values.pipelines.api.readinessProbe.enabled }}
+          readinessProbe:
+{{ tpl .Values.pipelines.api.readinessProbe.config . | indent 12 }}
           {{- end }}
           resources:
             {{- toYaml .Values.pipelines.api.resources | nindent 12 }}
@@ -703,6 +707,50 @@ spec:
 {{- end }}
           resources:
             {{- toYaml .Values.pipelines.nodepoolservice.resources | nindent 12 }}
+          ports:
+            - name: nps-api
+              containerPort: 30300
+            - name: nps-health-api
+              containerPort: 30301
+          volumeMounts:
+            - name: jfrog-pipelines-folder
+              mountPath: {{ .Values.pipelines.mountPath }}
+            - name: jfrog-pipelines-logs
+              mountPath: {{ .Values.pipelines.logPath }}
+{{- with .Values.pipelines.customVolumeMounts }}
+{{ tpl . $ | nindent 10 }}
+{{- end }}
+{{- end }}
+{{- if .Values.pipelines.runservice.enabled }}
+        - name: runservice
+          image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "runservice" ) }}
+          imagePullPolicy: {{ .Values.pipelines.runservice.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - NET_RAW
+          env:
+            {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }}
+            - name: NODE_EXTRA_CA_CERTS
+              value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt"
+            {{- end }}
+            - name: PIPELINES_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: "metadata.name"
+{{- if .Values.pipelines.extraEnvironmentVariables }}
+{{- with .Values.pipelines.extraEnvironmentVariables }}
+{{ tpl (toYaml .) $ | indent 12 }}
+{{- end }}
+{{- end }}
+{{- if .Values.pipelines.runservice.extraEnvironmentVariables }}
+{{- with .Values.pipelines.runservice.extraEnvironmentVariables }}
+{{ tpl (toYaml .) $ | indent 12 }}
+{{- end }}
+{{- end }}
+          resources:
+            {{- toYaml .Values.pipelines.runservice.resources | nindent 12 }}
           volumeMounts:
             - name: jfrog-pipelines-folder
               mountPath: {{ .Values.pipelines.mountPath }}
@@ -712,6 +760,87 @@ spec:
 {{ tpl . $ | nindent 10 }}
 {{- end }}
 {{- end }}
+
+{{- if .Values.pipelines.logservice.enabled }}
+        - name: logservice
+          image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "logservice" ) }}
+          imagePullPolicy: {{ .Values.pipelines.logservice.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - NET_RAW
+          env:
+            {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }}
+            - name: NODE_EXTRA_CA_CERTS
+              value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt"
+            {{- end }}
+            - name: PIPELINES_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: "metadata.name"
+{{- if .Values.pipelines.extraEnvironmentVariables }}
+{{- with .Values.pipelines.extraEnvironmentVariables }}
+{{ tpl (toYaml .) $ | indent 12 }}
+{{- end }}
+{{- end }}
+{{- if .Values.pipelines.logservice.extraEnvironmentVariables }}
+{{- with .Values.pipelines.logservice.extraEnvironmentVariables }}
+{{ tpl (toYaml .) $ | indent 12 }}
+{{- end }}
+{{- end }}
+          resources:
+            {{- toYaml .Values.pipelines.logservice.resources | nindent 12 }}
+          volumeMounts:
+            - name: jfrog-pipelines-folder
+              mountPath: {{ .Values.pipelines.mountPath }}
+            - name: jfrog-pipelines-logs
+              mountPath: {{ .Values.pipelines.logPath }}
+{{- with .Values.pipelines.customVolumeMounts }}
+{{ tpl . $ | nindent 10 }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.pipelines.stepservice.enabled }}
+        - name: stepservice
+          image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "stepservice" ) }}
+          imagePullPolicy: {{ .Values.pipelines.stepservice.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - NET_RAW
+          env:
+            {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }}
+            - name: NODE_EXTRA_CA_CERTS
+              value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt"
+            {{- end }}
+            - name: PIPELINES_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: "metadata.name"
+{{- if .Values.pipelines.extraEnvironmentVariables }}
+{{- with .Values.pipelines.extraEnvironmentVariables }}
+{{ tpl (toYaml .) $ | indent 12 }}
+{{- end }}
+{{- end }}
+{{- if .Values.pipelines.stepservice.extraEnvironmentVariables }}
+{{- with .Values.pipelines.stepservice.extraEnvironmentVariables }}
+{{ tpl (toYaml .) $ | indent 12 }}
+{{- end }}
+{{- end }}
+          resources:
+            {{- toYaml .Values.pipelines.stepservice.resources | nindent 12 }}
+          volumeMounts:
+            - name: jfrog-pipelines-folder
+              mountPath: {{ .Values.pipelines.mountPath }}
+            - name: jfrog-pipelines-logs
+              mountPath: {{ .Values.pipelines.logPath }}
+{{- with .Values.pipelines.customVolumeMounts }}
+{{ tpl . $ | nindent 10 }}
+{{- end }}
+{{- end }}
+
         - name: pipelinesync
           image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelineSync" ) }}
           imagePullPolicy: {{ .Values.pipelines.pipelineSync.image.pullPolicy }}
@@ -1252,4 +1381,4 @@ spec:
       - name: {{ .Values.pipelines.customPersistentVolumeClaim.name }}
         persistentVolumeClaim:
           claimName: {{ .Values.pipelines.customPersistentVolumeClaim.name }}
-      {{- end }}
+      {{- end }}