diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 7bc16624c..163b1921c 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,8 +1,17 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.107.11] - September 26, 2024 +## [103.107.16] - November 27, 2024 * Added support to read rabbitmq and database secrets from mounted secret files +* **Important changes** +* Upgrade rabbitmq chart version to 14.6.6 +* Added catalog as a dependency chart +* **Breaking changes** +* Upgrade postgres chart version to 15.5.20 + * This has many changes related to key names and path in values yaml + * The effected keys present in default yaml have been aligned to the new path in 15.5.20 + * if you have customised any keys, make sure to validate it with the 15.5.20 chart + * Delete the postgresql statefulset and postgresql secret before the upgrade. for more information, please refer the [xray upgrade docs](https://jfrog.com/help/r/jfrog-installation-setup-documentation/upgrading-xray) ## [103.105.0] - August 22, 2024 * Added support for `serviceAccount.annotations`to be passed to chart [GH-1841](https://github.com/jfrog/charts/pull/1841) diff --git a/stable/xray/Chart.lock b/stable/xray/Chart.lock index c33b1f80b..740413c1a 100644 --- a/stable/xray/Chart.lock +++ b/stable/xray/Chart.lock @@ -1,9 +1,12 @@ dependencies: - name: postgresql repository: https://charts.jfrog.io/ - version: 10.3.18 + version: 15.5.20 - name: rabbitmq repository: https://charts.jfrog.io/ - version: 11.9.3 -digest: sha256:07d819a08ebaae2057071eb70bad38ad8209bd611c73d906e3313cd5c20806d1 -generated: "2023-02-20T19:44:20.844286+05:30" + version: 14.6.6 +- name: catalog + repository: https://charts.jfrog.io/ + version: 101.7.3 +digest: sha256:64d23e13fb197b92e3c3dfe7497a933c87656b575182485b4d28ca8a0b5967ca +generated: "2024-12-02T15:25:33.588122+05:30" diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index 7a5ea04c2..edf0015e2 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,14 +1,18 @@ apiVersion: v2 -appVersion: 3.107.11 +appVersion: 3.107.16 dependencies: - condition: postgresql.enabled name: postgresql repository: https://charts.jfrog.io/ - version: 10.3.18 + version: 15.5.20 - condition: rabbitmq.enabled name: rabbitmq repository: https://charts.jfrog.io/ - version: 11.9.3 + version: 14.6.6 +- condition: catalog.enabled + name: catalog + repository: https://charts.jfrog.io/ + version: 101.7.3 description: Universal component scan for security and license inventory and impact analysis home: https://www.jfrog.com/xray/ @@ -24,4 +28,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.107.11 +version: 103.107.16 diff --git a/stable/xray/ci/default-values.yaml b/stable/xray/ci/default-values.yaml index 1be1f56ae..4c597a8ff 100644 --- a/stable/xray/ci/default-values.yaml +++ b/stable/xray/ci/default-values.yaml @@ -9,9 +9,12 @@ common: enabled: false # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release postgresql: - postgresqlPassword: password - persistence: - enabled: false + auth: + # jfrog-ignore + password: "password1" + primary: + persistence: + enabled: false rabbitmq: auth: diff --git a/stable/xray/files/system.yaml b/stable/xray/files/system.yaml index b7c16140d..76a4d89cb 100644 --- a/stable/xray/files/system.yaml +++ b/stable/xray/files/system.yaml @@ -13,13 +13,13 @@ shared: logging: consoleLog: enabled: {{ .Values.xray.consoleLog }} - jfrogUrl: "{{ tpl (required "\n\nxray.jfrogUrl or global.jfrogUrl is required! This allows to connect to Artifactory.\nYou can copy the JFrog URL from Administration > User Management > Settings > Connection details" (include "xray.jfrogUrl" .)) . }}" + jfrogUrl: "{{ tpl (required "\n\nxray.jfrogUrl or global.jfrogUrl is required! This allows to connect to Artifactory.\nYou can copy the JFrog URL from Administration > Platform Security > General > Connection details" (include "xray.jfrogUrl" .)) . }}" database: {{- if .Values.postgresql.enabled }} type: "postgresql" driver: "org.postgresql.Driver" - username: "{{ .Values.postgresql.postgresqlUsername }}" - url: "postgres://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}?sslmode=disable" + username: "{{ .Values.postgresql.auth.username }}" + url: "postgres://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }}?sslmode=disable" {{- else }} type: {{ .Values.database.type }} driver: {{ .Values.database.driver }} diff --git a/stable/xray/templates/catalog-db-create-hook.yaml b/stable/xray/templates/catalog-db-create-hook.yaml new file mode 100644 index 000000000..bd37921b6 --- /dev/null +++ b/stable/xray/templates/catalog-db-create-hook.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.catalog.createCatalogDb.enabled .Values.catalog.enabled .Values.postgresql.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "xray.fullname" . }}-catalog-create-db + annotations: + "helm.sh/hook": "post-upgrade,post-install" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} + {{- include "xray.imagePullSecrets" . | indent 6 }} + {{- end }} + serviceAccountName: {{ template "xray.serviceAccountName" . }} + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + containers: + - name: catalog-create-db + image: {{ .Values.catalog.createCatalogDb.image }} + imagePullPolicy: IfNotPresent + {{- if .Values.containerSecurityContext.enabled }} + securityContext: + {{- toYaml (omit .Values.containerSecurityContext "enabled") | nindent 12 }} + {{- end }} + {{- if .Values.initContainers.resources }} + resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} + {{- end }} + command: + - 'bash' + - '-c' + - | + echo "Waiting for postgresql to come up" + ready=false; + while ! $ready; do echo waiting; + timeout 2s bash -c "/dev/null + exit_status=$? + if [[ $exit_status -eq 0 ]]; then + ready=true + echo "catalogdb database is available" + exit 0 + fi + + psql -h {{ .Release.Name }}-postgresql --username "{{ .Values.postgresql.auth.username }}" -d {{ .Values.postgresql.auth.database }} -c "CREATE DATABASE catalogdb;" -c "GRANT ALL PRIVILEGES ON DATABASE catalogdb TO {{ .Values.postgresql.auth.username }};" + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-postgresql" + key: password +{{- end -}} \ No newline at end of file diff --git a/stable/xray/templates/keys-warnings.yaml b/stable/xray/templates/keys-warnings.yaml new file mode 100644 index 000000000..a6ceccc56 --- /dev/null +++ b/stable/xray/templates/keys-warnings.yaml @@ -0,0 +1,11 @@ +{{- if .Values.postgresql.enabled }} + {{- if .Values.postgresql.postgresqlPassword }} + {{- fail "\n\nThe key 'postgresql.postgresqlPassword' is not supported in the latest packaged version of Postgres in this chart.\nUse the new key 'postgresql.auth.postgresPassword' to proceed with installation.\n" }} + {{- end }} + {{- if .Values.postgresql.postgresqlExtendedConf }} + {{- fail "\n\nThe key 'postgresql.postgresqlExtendedConf' is not supported in the latest packaged version of postgres in this chart.\nUse the new key 'postgresql.primary.extendedConfiguration' to proceed with installation.\n" }} + {{- end }} + {{- if .Values.global.postgresqlPassword }} + {{- fail "\n\nThe key 'global.postgresqlPassword' is not supported in the latest packaged version of postgres in this chart.\nUse the new key 'global.auth.postgresPassword' to proceed with installation.\n" }} + {{- end }} +{{- end }} diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml index ecc6b6ece..d77251bfb 100644 --- a/stable/xray/templates/xray-ipa-deployment.yaml +++ b/stable/xray/templates/xray-ipa-deployment.yaml @@ -212,7 +212,7 @@ spec: key: db-password {{- else if .Values.postgresql.enabled }} name: {{ .Release.Name }}-postgresql - key: postgresql-password + key: password {{- end }} {{- end }} volumeMounts: @@ -274,7 +274,7 @@ spec: echo "Waiting for postgresql to come up" ready=false; while ! $ready; do echo waiting; - timeout 2s bash -c "/dev/null + exit_status=$? + if [[ $exit_status -eq 0 ]]; then + ready=true + echo "catalogdb database is available" + else + echo "Database not ready, retrying..." + current_time=$(date +%s) + elapsed_time=$(( current_time - start_time )) + if [[ $elapsed_time -ge 600 ]]; then + echo "Timeout reached: PostgreSQL did not become available within 10 minutes." + exit 1 + fi + fi + sleep 1 + done + {{- end -}} + {{- end -}} + enabled: false + ## Catalog db creation in xray bundled postgresql. If set to true, then the catalog db will be created in xray bundled postgresql. + createCatalogDb: + enabled: true + image: releases-docker.jfrog.io/postgres:15.6-alpine + ## Change database connection details to external database. Bundled postgresql is not recomended for production use. + ## When using bundled postgresql, provide the same credentials as used by xray. + ## Xray post upgrade hook will create the catalog db in the bundled postgresql. + ## Catalog customInitContainers will wait for the database to be available before starting the catalog. (Only applicable for bundled postgresql) + database: + url: "postgres://{{ .Release.Name }}-postgresql:5432/catalogdb?sslmode=disable" + user: xray + password: "" \ No newline at end of file