From dce3804be778236647af22bca4cfb5bf5267a5ef Mon Sep 17 00:00:00 2001 From: Ji Date: Fri, 27 Oct 2023 17:27:51 +1300 Subject: [PATCH 01/47] Add support for custom labels in the Nginx pods --- stable/artifactory-ha/CHANGELOG.md | 3 +++ stable/artifactory-ha/templates/nginx-deployment.yaml | 4 ++++ stable/artifactory/CHANGELOG.md | 3 +++ stable/artifactory/Chart.yaml | 4 ++-- stable/artifactory/templates/nginx-deployment.yaml | 4 ++++ 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 047545b2d..596ec37d3 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,6 +1,9 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file +## [107.71.4] - Oct 27, 2023 +* Added support for custom labels in the Nginx pods + ## [107.71.3] - Sep 18, 2023 * Adjust rtfs context * Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815) diff --git a/stable/artifactory-ha/templates/nginx-deployment.yaml b/stable/artifactory-ha/templates/nginx-deployment.yaml index 80e2def21..7cf5400fd 100644 --- a/stable/artifactory-ha/templates/nginx-deployment.yaml +++ b/stable/artifactory-ha/templates/nginx-deployment.yaml @@ -41,6 +41,10 @@ spec: component: {{ .Values.nginx.name }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 8 }} +{{- end }} +{{- with .Values.nginx.deployment.annotations }} spec: securityContext: runAsUser: {{ .Values.nginx.uid }} diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 4dd59a269..50c214fc9 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,6 +1,9 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. +## [107.71.4] - Oct 27, 2023 +* Added support for custom labels in the Nginx pods + ## [107.71.3] - Sep 18, 2023 * Adjust rtfs context * Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815) diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index b67e42de4..c4f4dbe9f 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.3 +appVersion: 7.71.4 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.71.3 +version: 107.71.4 diff --git a/stable/artifactory/templates/nginx-deployment.yaml b/stable/artifactory/templates/nginx-deployment.yaml index ff7c78c5d..313499589 100644 --- a/stable/artifactory/templates/nginx-deployment.yaml +++ b/stable/artifactory/templates/nginx-deployment.yaml @@ -44,6 +44,10 @@ spec: component: {{ .Values.nginx.name }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} +{{- if .Values.nginx.labels }} +{{ toYaml .Values.nginx.labels | indent 8 }} +{{- end }} +{{- with .Values.nginx.deployment.annotations }} spec: securityContext: runAsUser: {{ .Values.nginx.uid }} From 7a040695904443ac60d9c528af248f7d0fa15d0b Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 6 Dec 2023 20:43:03 +0530 Subject: [PATCH 02/47] [artifactory] 7.71.5 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +++--- stable/artifactory-ha/CHANGELOG.md | 5 +++-- stable/artifactory-ha/Chart.yaml | 4 ++-- .../templates/artifactory-primary-service.yaml | 2 +- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +++--- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +++--- stable/artifactory/CHANGELOG.md | 2 +- stable/artifactory/Chart.yaml | 4 ++-- 11 files changed, 21 insertions(+), 20 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 942bca1d0..e04209c6b 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.71.4] - Jul 20, 2023 +## [107.71.5] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 1789b2afb..dda4d24a2 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.4 +appVersion: 7.71.5 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.4 + version: 107.71.5 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.71.4 +version: 107.71.5 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index a2458c707..d3e8acd1a 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,9 +1,10 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.71.4] - Oct 31, 2023 +## [107.71.5] - Nov 15, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) -* Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml. +* Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml +* Fixed - Artifactory primary service condition ## [107.69.0] - Sep 18, 2023 * Adjust rtfs context diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index 9c7641205..abb1bfb81 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.4 +appVersion: 7.71.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.71.4 +version: 107.71.5 diff --git a/stable/artifactory-ha/templates/artifactory-primary-service.yaml b/stable/artifactory-ha/templates/artifactory-primary-service.yaml index 2c1eeac1a..0298cbb3d 100644 --- a/stable/artifactory-ha/templates/artifactory-primary-service.yaml +++ b/stable/artifactory-ha/templates/artifactory-primary-service.yaml @@ -1,4 +1,4 @@ -{{- if gt (.Values.artifactory.node.replicaCount | int) 0 -}} +{{- if gt (.Values.artifactory.primary.replicaCount | int) 0 -}} # Internal service for Artifactory primary node only! # Used by member nodes to check readiness of primary node before starting up apiVersion: v1 diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index c053cc9c5..ae04ca06c 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.71.4] - Jul 20, 2023 +## [107.71.5] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index d40feb50e..678582029 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.4 +appVersion: 7.71.5 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.4 + version: 107.71.5 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.71.4 +version: 107.71.5 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 151fa288c..46ad96296 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.71.4] - Jul 20, 2023 +## [107.71.5] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index d4231d10f..82e24670e 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.4 +appVersion: 7.71.5 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.4 + version: 107.71.5 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.71.4 +version: 107.71.5 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 8bf3d1b54..e454ed0a4 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.71.4] - Oct 31, 2023 +## [107.71.5] - Oct 31, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml. diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index c4f4dbe9f..bafd4c95f 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.4 +appVersion: 7.71.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.71.4 +version: 107.71.5 From 151c237db5a7fef35bb2944a709e3c23b0cb0624 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 6 Dec 2023 20:43:36 +0530 Subject: [PATCH 03/47] [insight] 1.16.2 release --- stable/insight/CHANGELOG.md | 5 ++++- stable/insight/Chart.yaml | 4 ++-- stable/insight/ci/test-values.yaml | 2 +- stable/insight/templates/insight-statefulset.yaml | 4 ++-- stable/insight/values.yaml | 6 +++--- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/stable/insight/CHANGELOG.md b/stable/insight/CHANGELOG.md index 80354d75d..d31a665ae 100644 --- a/stable/insight/CHANGELOG.md +++ b/stable/insight/CHANGELOG.md @@ -1,7 +1,10 @@ # JFrog Insights Chart Changelog All changes to this chart will be documented in this file. -## [101.15.4] - Mar 21, 2023 +## [101.16.2] - Oct 17, 2023 +* Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) + +## [101.15.0] - Sep 18, 2023 * Updated postgresql multi-arch tag version to `13.10.0-debian-11-r14` ## [101.14.0] - Mar 02, 2023 diff --git a/stable/insight/Chart.yaml b/stable/insight/Chart.yaml index 79446a5d2..f82834b18 100644 --- a/stable/insight/Chart.yaml +++ b/stable/insight/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.15.4 +appVersion: 1.16.2 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: insight sources: - https://github.com/jfrog/charts type: application -version: 101.15.4 +version: 101.16.2 diff --git a/stable/insight/ci/test-values.yaml b/stable/insight/ci/test-values.yaml index 0c94b3b57..fe40cef2f 100644 --- a/stable/insight/ci/test-values.yaml +++ b/stable/insight/ci/test-values.yaml @@ -5,7 +5,7 @@ unifiedUpgradeAllowed: true databaseUpgradeReady: true insightServer: jfrogUrl: http://artifactory.rt:8082 - unifiedSecretInstallation: true + unifiedSecretInstallation: false openMetrics: enabled: true extraEnvironmentVariables: diff --git a/stable/insight/templates/insight-statefulset.yaml b/stable/insight/templates/insight-statefulset.yaml index 3bdc10f73..ad10a4c48 100644 --- a/stable/insight/templates/insight-statefulset.yaml +++ b/stable/insight/templates/insight-statefulset.yaml @@ -47,8 +47,8 @@ spec: {{- else }} checksum/insightServer-unified-secret: {{ include (print $.Template.BasePath "/insightServer-unified-secret.yaml") . | sha256sum }} {{- end }} - {{- range $key, $value := .Values.insightServer.annotations }} - {{ $key }}: {{ $value | quote }} + {{- with .Values.insightServer.annotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.insightServer.schedulerName }} diff --git a/stable/insight/values.yaml b/stable/insight/values.yaml index ef6b4fc47..357945c81 100644 --- a/stable/insight/values.yaml +++ b/stable/insight/values.yaml @@ -40,7 +40,7 @@ global: ## Fully override insight.fullname template # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1793 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 # For supporting pulling from private registries imagePullSecrets: # - myRegistryKeySecretName @@ -396,7 +396,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.1.0.1793 + tag: 9.2.750.1697534106 insightServer: name: insight-server ## Note that by default we use appVersion to get image tag/version @@ -727,7 +727,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.78.0 + tag: 7.79.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled From b2910079890d7cda71d4785b5798e9b2b15abb44 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 6 Dec 2023 20:49:38 +0530 Subject: [PATCH 04/47] [pipelines] 1.49.6 release --- stable/pipelines/CHANGELOG.md | 40 ++++++---- stable/pipelines/Chart.yaml | 4 +- stable/pipelines/templates/_helpers.tpl | 61 ++++++++++++++ .../templates/pipelines-cron-statefulset.yaml | 2 + .../pipelines-hookhandler-statefulset.yaml | 2 + .../pipelines-internalapi-statefulset.yaml | 2 + .../templates/pipelines-statefulset.yaml | 70 ++++++++-------- .../pipelines-steptrigger-statefulset.yaml | 80 ++++++++++--------- .../templates/pipelines-sync-statefulset.yaml | 4 +- .../pipelines-trigger-statefulset.yaml | 56 ++++++------- stable/pipelines/values.yaml | 65 +++++++-------- 11 files changed, 230 insertions(+), 156 deletions(-) diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md index 63b168ed0..136c745bf 100644 --- a/stable/pipelines/CHANGELOG.md +++ b/stable/pipelines/CHANGELOG.md @@ -1,8 +1,19 @@ # JFrog Pipelines Chart Changelog All changes to this chart to be documented in this file. -## [101.44.5] - Aug 7, 2023 +## [101.49.6] - Oct 16, 2023 +* Defined router required service types for pods + +## [101.46.2] - Oct 12, 2023 +* Added sidecar container for stepservice logs + +## [101.46.0] - Aug 7, 2023 +* Remove nexec microservice + +## [101.45.0] - Aug 7, 2023 * Upadate chart version of vault to 0.25.0 to work with 1.25 of kubernetes + +## [101.44.0] - Jul 27, 2023 * Added option to stream logs in json * Add support to work without vault on modifying corresponding flags * Remove steptrigger from pipelines @@ -10,22 +21,13 @@ All changes to this chart to be documented in this file. * Add ability to pass filebeat metric configuration * Updated nodePollerInterval from 15 seconds to 5 seconds * Fixed #adding colon in image registry breaks deployment with meta label error + +## [101.42.0] - Jun 16, 2023 * Add observability container to non api pods * Add terminationGracePeriodSeconds for all the pods - -## [101.41.3] - Jun 16, 2023 * Add ability to work with redis.fullnameOverride -* Add support to pass db metric parameters in system.yaml -* Add hpa api version to autoscaling/v2 for missing conf -## [101.40.1] - May 31, 2023 -* Handle jfrogUrlUI if nothing is set -* Added log-service -* Added step-service -* Enabled nodepoolservice by default -* Fix migration script failures on ssl enforced database -* Fix database SSL details not being passed to nodepoolservice as expected in split mode -* Fix vault issue with enforced SSL on azure database +## [101.41.0] - May 31, 2023 * Opens grpc port for nodepoolservice apis. * Opens http health check port for nodepoolservice * Add ability to use redis with password @@ -34,15 +36,21 @@ All changes to this chart to be documented in this file. * Enable probes on router * Add readiness to api container * Fix port for router readiness probe +* Adds toggle for enabling/disabling anti-affinity spec for k8s node -## [101.38.1] - Apr 18, 2023 -* Handle jfrogUrlUI if nothing is set +## [101.40.0] - Apr 25, 2023 +* Added log-service +* Added step-service +* Enabled nodepoolservice by default * Fix migration script failures on ssl enforced database +* Fix database SSL details not being passed to nodepoolservice as expected in split mode +* Fix vault issue with enforced SSL on azure database -## [101.37.3] - Feb 20, 2023 +## [101.36.0] - Feb 23, 2023 * Added build badge feature for pipelines * Added configuration to use access instead of vault to store secrets * Retained installer metrics only for db migrations +* Handle jfrogUrlUI if nothing is set ## [101.35.0] - Feb 06, 2023 * Fixed indentation in nodepoolservice container definition diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml index eabb61289..7d0e71c08 100644 --- a/stable/pipelines/Chart.yaml +++ b/stable/pipelines/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.44.5 +appVersion: 1.49.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -32,4 +32,4 @@ name: pipelines sources: - https://github.com/jfrog/charts type: application -version: 101.44.5 +version: 101.49.6 diff --git a/stable/pipelines/templates/_helpers.tpl b/stable/pipelines/templates/_helpers.tpl index b1b36a8f1..2100eec3d 100644 --- a/stable/pipelines/templates/_helpers.tpl +++ b/stable/pipelines/templates/_helpers.tpl @@ -126,6 +126,14 @@ The stepservice name {{- printf "%s-%s-stepservice" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +The analyticsservice name +*/}} +{{- define "pipelines.analyticsservice.name" -}} +{{- $name := .Release.Name | trunc 29 -}} +{{- printf "%s-%s-analyticsservice" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* The msg name */}} @@ -810,10 +818,63 @@ chown -R 1066:1066 {{ .Values.pipelines.mountPath }} Resolve pipelines requiredServiceTypes value */}} {{- define "pipelines.router.requiredServiceTypes" -}} +{{- if .Values.splitServicesToPods }} +{{- $requiredTypes := "jfpip,jfob,jfpipwww,jfpipfrontend" -}} +{{- $requiredTypes -}} +{{- else -}} +{{- $requiredTypes := "jfpip,jfob,jfpipwww,jfpipfrontend,jfpnps" -}} +{{- $requiredTypes -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve pipelines requiredServiceTypes value +*/}} +{{- define "pipelines.cron.router.requiredServiceTypes" -}} +{{- $requiredTypes := "jfob" -}} +{{- $requiredTypes -}} +{{- end -}} + +{{/* +Resolve pipelines requiredServiceTypes value +*/}} +{{- define "pipelines.sync.router.requiredServiceTypes" -}} +{{- $requiredTypes := "jfob" -}} +{{- $requiredTypes -}} +{{- end -}} + +{{/* +Resolve pipelines requiredServiceTypes value +*/}} +{{- define "pipelines.hookhandler.router.requiredServiceTypes" -}} +{{- $requiredTypes := "jfob" -}} +{{- $requiredTypes -}} +{{- end -}} + +{{/* +Resolve pipelines requiredServiceTypes value +*/}} +{{- define "pipelines.trigger.router.requiredServiceTypes" -}} +{{- $requiredTypes := "jfob,jfpnps" -}} +{{- $requiredTypes -}} +{{- end -}} + +{{/* +Resolve pipelines requiredServiceTypes value +*/}} +{{- define "pipelines.internalapi.router.requiredServiceTypes" -}} {{- $requiredTypes := "jfpip,jfob" -}} {{- $requiredTypes -}} {{- end -}} +{{/* +Resolve pipelines requiredServiceTypes value +*/}} +{{- define "pipelines.stepservice.router.requiredServiceTypes" -}} +{{- $requiredTypes := "jfob" -}} +{{- $requiredTypes -}} +{{- end -}} + {{/* Resolve Pipelines pod node selector value */}} diff --git a/stable/pipelines/templates/pipelines-cron-statefulset.yaml b/stable/pipelines/templates/pipelines-cron-statefulset.yaml index c92f19c70..f8f41a76c 100644 --- a/stable/pipelines/templates/pipelines-cron-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-cron-statefulset.yaml @@ -301,6 +301,8 @@ spec: drop: - NET_RAW env: + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "pipelines.cron.router.requiredServiceTypes" . }} {{- if not .Values.router.routerConfiguration }} - name: JF_SHARED_JFROGURL value: "{{ tpl (include "pipelines.jfrogUrl" .) . }}" diff --git a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml index e401a333d..876c78e3b 100644 --- a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml @@ -305,6 +305,8 @@ spec: drop: - NET_RAW env: + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "pipelines.hookhandler.router.requiredServiceTypes" . }} {{- if not .Values.router.routerConfiguration }} - name: JF_SHARED_JFROGURL value: "{{ tpl (include "pipelines.jfrogUrl" .) . }}" diff --git a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml index 925a5c4fd..50041f788 100644 --- a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml @@ -388,6 +388,8 @@ spec: drop: - NET_RAW env: + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "pipelines.internalapi.router.requiredServiceTypes" . }} {{- if not .Values.router.routerConfiguration }} - name: JF_SHARED_JFROGURL value: "{{ tpl (include "pipelines.jfrogUrl" .) . }}" diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml index a11dcd2e1..069788347 100644 --- a/stable/pipelines/templates/pipelines-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-statefulset.yaml @@ -869,55 +869,57 @@ spec: {{- with .Values.pipelines.customVolumeMounts }} {{ tpl . $ | nindent 10 }} {{- end }} - - name: pipelinesync - image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelineSync" ) }} - imagePullPolicy: {{ .Values.pipelines.pipelineSync.image.pullPolicy }} +{{- if .Values.pipelines.analyticsservice.enabled }} + - name: analyticsservice + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "analyticsservice" ) }} + imagePullPolicy: {{ .Values.pipelines.analyticsservice.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - NET_RAW - workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync env: - - name: COMPONENT - value: pipelinesync - - name: PIPELINES_NODE_ID - valueFrom: - fieldRef: - fieldPath: "metadata.name" {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" {{- end }} + - name: PIPELINES_NODE_ID + valueFrom: + fieldRef: + fieldPath: "metadata.name" {{- if .Values.pipelines.extraEnvironmentVariables }} {{- with .Values.pipelines.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} -{{- if .Values.pipelines.pipelineSync.extraEnvironmentVariables }} -{{- with .Values.pipelines.pipelineSync.extraEnvironmentVariables }} +{{- if .Values.pipelines.analyticsservice.extraEnvironmentVariables }} +{{- with .Values.pipelines.analyticsservice.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} resources: - {{- toYaml .Values.pipelines.pipelineSync.resources | nindent 12 }} + {{- toYaml .Values.pipelines.analyticsservice.resources | nindent 12 }} volumeMounts: - - name: jfrog-pipelines-folder - mountPath: {{ .Values.pipelines.mountPath }} - - name: jfrog-pipelines-logs - mountPath: {{ .Values.pipelines.logPath }} - - name: cron - image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "cron" ) }} - imagePullPolicy: {{ .Values.pipelines.cron.image.pullPolicy }} + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: jfrog-pipelines-logs + mountPath: {{ .Values.pipelines.logPath }} +{{- with .Values.pipelines.customVolumeMounts }} +{{ tpl . $ | nindent 10 }} +{{- end }} +{{- end }} + - name: pipelinesync + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelineSync" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelineSync.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - NET_RAW - workingDir: /opt/jfrog/pipelines/app/micro/cron + workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync env: - name: COMPONENT - value: cron + value: pipelinesync - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -931,31 +933,30 @@ spec: {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} -{{- if .Values.pipelines.cron.extraEnvironmentVariables }} -{{- with .Values.pipelines.cron.extraEnvironmentVariables }} +{{- if .Values.pipelines.pipelineSync.extraEnvironmentVariables }} +{{- with .Values.pipelines.pipelineSync.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} resources: - {{- toYaml .Values.pipelines.cron.resources | nindent 12 }} + {{- toYaml .Values.pipelines.pipelineSync.resources | nindent 12 }} volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} - {{- if .Values.pipelines.nexec.enabled }} - - name: nexec - image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "nexec" ) }} - imagePullPolicy: {{ .Values.pipelines.nexec.image.pullPolicy }} + - name: cron + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "cron" ) }} + imagePullPolicy: {{ .Values.pipelines.cron.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - NET_RAW - workingDir: /opt/jfrog/pipelines/app/micro/nexec + workingDir: /opt/jfrog/pipelines/app/micro/cron env: - name: COMPONENT - value: nexec + value: cron - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -969,19 +970,18 @@ spec: {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} -{{- if .Values.pipelines.nexec.extraEnvironmentVariables }} -{{- with .Values.pipelines.nexec.extraEnvironmentVariables }} +{{- if .Values.pipelines.cron.extraEnvironmentVariables }} +{{- with .Values.pipelines.cron.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} resources: - {{- toYaml .Values.pipelines.nexec.resources | nindent 12 }} + {{- toYaml .Values.pipelines.cron.resources | nindent 12 }} volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} - {{- end }} - name: hookhandler image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "hookHandler" ) }} imagePullPolicy: {{ .Values.pipelines.hookHandler.image.pullPolicy }} diff --git a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml index 676ecbc6b..a57352b36 100644 --- a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml @@ -301,6 +301,8 @@ spec: drop: - NET_RAW env: + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "pipelines.stepservice.router.requiredServiceTypes" . }} {{- if not .Values.router.routerConfiguration }} - name: JF_SHARED_JFROGURL value: "{{ tpl (include "pipelines.jfrogUrl" .) . }}" @@ -370,43 +372,6 @@ spec: readinessProbe: {{ tpl .Values.pipelines.router.readinessProbe.config . | indent 12 }} {{- end }} - - name: stepservice - image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "stepservice" ) }} - imagePullPolicy: {{ .Values.pipelines.stepservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW - env: - {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - - name: NODE_EXTRA_CA_CERTS - value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" - {{- end }} - - name: PIPELINES_NODE_ID - valueFrom: - fieldRef: - fieldPath: "metadata.name" -{{- if .Values.pipelines.extraEnvironmentVariables }} -{{- with .Values.pipelines.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 12 }} -{{- end }} -{{- end }} -{{- if .Values.pipelines.stepservice.extraEnvironmentVariables }} -{{- with .Values.pipelines.stepservice.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 12 }} -{{- end }} -{{- end }} - resources: - {{- toYaml .Values.pipelines.stepservice.resources | nindent 12 }} - volumeMounts: - - name: jfrog-pipelines-folder - mountPath: {{ .Values.pipelines.mountPath }} - - name: jfrog-pipelines-logs - mountPath: {{ .Values.pipelines.logPath }} -{{- with .Values.pipelines.customVolumeMounts }} -{{ tpl . $ | nindent 10 }} -{{- end }} - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} @@ -464,6 +429,47 @@ spec: livenessProbe: {{ tpl .Values.pipelines.observability.livenessProbe.config . | indent 12 }} {{- end }} + - name: stepservice + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "stepservice" ) }} + imagePullPolicy: {{ .Values.pipelines.stepservice.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + env: + - name: PIPELINES_INTERNAL_API + value: "true" + - name: COMPONENT + value: stepservice + - name: PIPELINES_NODE_ID + valueFrom: + fieldRef: + fieldPath: "metadata.name" + {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: NODE_EXTRA_CA_CERTS + value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" + {{- end }} +{{- if .Values.pipelines.extraEnvironmentVariables }} +{{- with .Values.pipelines.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 12 }} +{{- end }} +{{- end }} +{{- if .Values.pipelines.stepservice.extraEnvironmentVariables }} +{{- with .Values.pipelines.stepservice.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 12 }} +{{- end }} +{{- end }} + resources: + {{- toYaml .Values.pipelines.stepservice.resources | nindent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: jfrog-pipelines-logs + mountPath: {{ .Values.pipelines.logPath }} + {{- if or .Values.pipelines.stepservice.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "pipelines.stepservice.customSidecarContainers" .) . | nindent 8 }} + {{- end }} {{- if or .Values.pipelines.nodeSelector .Values.global.nodeSelector }} {{ tpl (include "pipelines.nodeSelector" .) . | indent 6 }} {{- end }} diff --git a/stable/pipelines/templates/pipelines-sync-statefulset.yaml b/stable/pipelines/templates/pipelines-sync-statefulset.yaml index a80d00ca6..e0828a3db 100644 --- a/stable/pipelines/templates/pipelines-sync-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-sync-statefulset.yaml @@ -303,8 +303,8 @@ spec: drop: - NET_RAW env: -# - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES -# value: {{ include "pipelines.router.requiredServiceTypes" . }} + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "pipelines.sync.router.requiredServiceTypes" . }} {{- if not .Values.router.routerConfiguration }} - name: JF_SHARED_JFROGURL value: "{{ tpl (include "pipelines.jfrogUrl" .) . }}" diff --git a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml index 347224ec7..44d3f1adf 100644 --- a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml @@ -303,6 +303,8 @@ spec: drop: - NET_RAW env: + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "pipelines.trigger.router.requiredServiceTypes" . }} {{- if not .Values.router.routerConfiguration }} - name: JF_SHARED_JFROGURL value: "{{ tpl (include "pipelines.jfrogUrl" .) . }}" @@ -512,10 +514,10 @@ spec: {{ tpl . $ | nindent 10 }} {{- end }} {{- end }} -{{- if .Values.pipelines.logservice.enabled }} - - name: logservice - image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "logservice" ) }} - imagePullPolicy: {{ .Values.pipelines.logservice.image.pullPolicy }} +{{- if .Values.pipelines.analyticsservice.enabled }} + - name: analyticsservice + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "analyticsservice" ) }} + imagePullPolicy: {{ .Values.pipelines.analyticsservice.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -535,13 +537,13 @@ spec: {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} -{{- if .Values.pipelines.logservice.extraEnvironmentVariables }} -{{- with .Values.pipelines.logservice.extraEnvironmentVariables }} +{{- if .Values.pipelines.analyticsservice.extraEnvironmentVariables }} +{{- with .Values.pipelines.analyticsservice.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} resources: - {{- toYaml .Values.pipelines.logservice.resources | nindent 12 }} + {{- toYaml .Values.pipelines.analyticsservice.resources | nindent 12 }} volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} @@ -551,47 +553,45 @@ spec: {{ tpl . $ | nindent 10 }} {{- end }} {{- end }} - {{- if .Values.pipelines.nexec.enabled }} - - name: nexec - image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "nexec" ) }} - imagePullPolicy: {{ .Values.pipelines.nexec.image.pullPolicy }} +{{- if .Values.pipelines.logservice.enabled }} + - name: logservice + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "logservice" ) }} + imagePullPolicy: {{ .Values.pipelines.logservice.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - NET_RAW - workingDir: /opt/jfrog/pipelines/app/micro/nexec env: - - name: PIPELINES_INTERNAL_API - value: "true" - - name: COMPONENT - value: nexec - - name: PIPELINES_NODE_ID - valueFrom: - fieldRef: - fieldPath: "metadata.name" {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" {{- end }} + - name: PIPELINES_NODE_ID + valueFrom: + fieldRef: + fieldPath: "metadata.name" {{- if .Values.pipelines.extraEnvironmentVariables }} {{- with .Values.pipelines.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} -{{- if .Values.pipelines.nexec.extraEnvironmentVariables }} -{{- with .Values.pipelines.nexec.extraEnvironmentVariables }} +{{- if .Values.pipelines.logservice.extraEnvironmentVariables }} +{{- with .Values.pipelines.logservice.extraEnvironmentVariables }} {{ tpl (toYaml .) $ | indent 12 }} {{- end }} {{- end }} resources: - {{- toYaml .Values.pipelines.nexec.resources | nindent 12 }} + {{- toYaml .Values.pipelines.logservice.resources | nindent 12 }} volumeMounts: - - name: jfrog-pipelines-folder - mountPath: {{ .Values.pipelines.mountPath }} - - name: jfrog-pipelines-logs - mountPath: {{ .Values.pipelines.logPath }} - {{- end }} + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: jfrog-pipelines-logs + mountPath: {{ .Values.pipelines.logPath }} +{{- with .Values.pipelines.customVolumeMounts }} +{{ tpl . $ | nindent 10 }} +{{- end }} +{{- end }} - name: reqsealer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "reqSealer" ) }} imagePullPolicy: {{ .Values.pipelines.reqSealer.image.pullPolicy }} diff --git a/stable/pipelines/values.yaml b/stable/pipelines/values.yaml index b33c6ef48..e715c7fbf 100644 --- a/stable/pipelines/values.yaml +++ b/stable/pipelines/values.yaml @@ -835,6 +835,26 @@ pipelines: # - name: MY_ENV_VAR # value: "example_value" + analyticsservice: + image: + # registry: + repository: jfrog/pipelines-analytics-service + # tag: + pullPolicy: IfNotPresent + resources: {} + ## This service will be enabled in split deployment design (splitServicesToPods) as a mandatory service + enabled: true + # limits: + # cpu: 500m + # memory: 500Mi + # requests: + # cpu: 5m + # memory: 40Mi + + extraEnvironmentVariables: + # - name: MY_ENV_VAR + # value: "example_value" + stepservice: image: # registry: @@ -889,27 +909,6 @@ pipelines: # customInitContainers: | # customSidecarContainers: | - nexec: - image: - # registry: - repository: jfrog/pipelines-micro - # tag: - pullPolicy: IfNotPresent - - resources: {} - # limits: - # cpu: 500m - # memory: 500Mi - # requests: - # cpu: 5m - # memory: 40Mi - - enabled: true - - extraEnvironmentVariables: - # - name: MY_ENV_VAR - # value: "example_value" - hookHandler: image: # registry: @@ -1314,9 +1313,6 @@ pipelines: - "core.pipelineSync" - "cluster.init" - "www.signals" - {{- if .Values.pipelines.nexec.enabled }} - - "core.nexec" - {{- end }} - "core.nodePoolService" - "core.hookHandler" - "core.extensionSync" @@ -1325,6 +1321,7 @@ pipelines: - "core.runService" - "core.logService" - "core.stepService" + - "core.analyticsService" ui: {{- if .Values.rabbitmq.enabled }} username: {{ .Values.pipelines.msg.uiUser }} @@ -1565,10 +1562,6 @@ pipelines: name: stepservice cron: name: cron - {{- if .Values.pipelines.nexec.enabled }} - nexec: - name: nexec - {{- end }} hookHandler: name: hookHandler extensionSync: @@ -1613,7 +1606,7 @@ pipelines: language: go registryUrl: releases-docker.jfrog.io image: jfrog/pipelines-u18go - defaultVersion: 1.19 + defaultVersion: 1.21 - architecture: x86_64 os: Ubuntu_18.04 language: java @@ -1630,16 +1623,16 @@ pipelines: os: Ubuntu_20.04 language: node registryUrl: releases-docker.jfrog.io - image: jfrog/pipelines-u20node-arm64 + image: jfrog/pipelines-u20arm isDefault: true - defaultVersion: 18 + defaultVersion: 2.6.3 - architecture: x86_64 os: Ubuntu_20.04 language: node registryUrl: releases-docker.jfrog.io image: jfrog/pipelines-u20node isDefault: true - defaultVersion: 16 + defaultVersion: 18 - architecture: x86_64 os: Ubuntu_20.04 language: java @@ -1657,7 +1650,7 @@ pipelines: language: go registryUrl: releases-docker.jfrog.io image: jfrog/pipelines-u20go - defaultVersion: 1.19 + defaultVersion: 1.21 - architecture: x86_64 os: CentOS_7 language: node @@ -1682,7 +1675,7 @@ pipelines: language: go registryUrl: releases-docker.jfrog.io image: jfrog/pipelines-c7go - defaultVersion: 1.19 + defaultVersion: 1.21 - architecture: x86_64 os: CentOS_8 language: node @@ -1713,7 +1706,7 @@ pipelines: language: node registryUrl: releases-docker.jfrog.io image: jfrog/pipelines-w19node - defaultVersion: 18 + defaultVersion: 16 - architecture: x86_64 os: WindowsServer_2019 language: java @@ -1769,7 +1762,7 @@ pipelines: language: go registryUrl: releases-docker.jfrog.io image: jfrog/pipelines-c7go - defaultVersion: 1.19 + defaultVersion: 1.21 - architecture: x86_64 os: RHEL_8 language: node From e79b979479ea7bcca06133e69d80d9b9243fb3bf Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 6 Dec 2023 20:50:17 +0530 Subject: [PATCH 05/47] [xray] 3.86.4 release --- stable/xray/CHANGELOG.md | 5 ++++- stable/xray/Chart.yaml | 4 ++-- stable/xray/templates/xray-statefulset.yaml | 4 ++-- stable/xray/values.yaml | 6 +++--- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index f895c1514..24da09490 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,10 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.85.5] - Sep 15,2023 +## [103.86.4] - Nov 14,2023 +* Fixed - containerSecurityContext on loggers + +## [103.83.0] - Sep 15,2023 * Fixed - Support to configure privateRegistry for pre-upgrade-hook ## [103.80.0] - Jul 16, 2023 diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index 6edd30228..2a6672a9f 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.85.5 +appVersion: 3.86.4 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.85.5 +version: 103.86.4 diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index cd54fb0df..b1bb2814d 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -1120,8 +1120,8 @@ spec: {{- range .Values.xray.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "xray.getImageInfoByValue" (list $ "logger") }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} command: - 'sh' diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index 310c24ec0..70dcb306a 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -52,7 +52,7 @@ global: ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.717 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 imagePullPolicy: IfNotPresent # Init containers @@ -379,7 +379,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.2.717 + tag: 9.2.750.1697534106 ## Service Account ## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ @@ -1186,7 +1186,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.81.0 + tag: 7.87.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled. From 03c59e6df72e15966ce0ffc18b340d1e0dd4062a Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 6 Dec 2023 20:50:31 +0530 Subject: [PATCH 06/47] [jfrog-platform] 10.16.3 release --- stable/jfrog-platform/CHANGELOG.md | 7 +++++++ stable/jfrog-platform/Chart.lock | 12 ++++++------ stable/jfrog-platform/Chart.yaml | 12 ++++++------ stable/jfrog-platform/files/setupPostgres.sh | 2 +- stable/jfrog-platform/values.yaml | 4 ++-- 5 files changed, 22 insertions(+), 15 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 6d9e72b42..3c1658f3c 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,13 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.16.3] - Dec 6, 2023 +* Update dependency artifactory chart version to 107.71.5 +* Update dependency xray chart version to 103.86.4 +* Update dependency insight chart version to 101.16.2 +* Update global.versions.router version to `7.87.0` +* Fixed an issue to use custom postgres DB port other than default 5432 + ## [10.16.2] - Nov 10, 2023 * Update dependency artifactory chart version to 107.71.4 * Update dependency xray chart version to 103.85.5 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 2db93c8c3..3cdcc50b5 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -10,18 +10,18 @@ dependencies: version: 12.10.1 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.4 + version: 107.71.5 - name: xray repository: https://charts.jfrog.io/ - version: 103.85.5 + version: 103.86.4 - name: distribution repository: https://charts.jfrog.io/ version: 102.20.3 - name: insight repository: https://charts.jfrog.io/ - version: 101.15.4 + version: 101.16.2 - name: pipelines repository: https://charts.jfrog.io/ - version: 101.44.5 -digest: sha256:15d219e1983ce1ab5c8d759f2814c645ab359c4e779a9e0c79b3caa529945d31 -generated: "2023-11-09T11:25:20.649655+05:30" + version: 101.49.6 +digest: sha256:4847f218a834270716d385021c95ecda71d7c05793bc6ee8a15068fa265e7080 +generated: "2023-12-06T16:59:30.106029+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index e22bd3174..c80a57f72 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.4 +appVersion: 7.71.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -16,11 +16,11 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.4 + version: 107.71.5 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.85.5 + version: 103.86.4 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ @@ -28,11 +28,11 @@ dependencies: - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ - version: 101.15.4 + version: 101.16.2 - condition: pipelines.enabled name: pipelines repository: https://charts.jfrog.io/ - version: 101.44.5 + version: 101.49.6 description: The Helm chart for JFrog Platform (Universal, hybrid, end-to-end DevOps automation) home: https://jfrog.com/platform/ @@ -55,4 +55,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.16.2 +version: 10.16.3 diff --git a/stable/jfrog-platform/files/setupPostgres.sh b/stable/jfrog-platform/files/setupPostgres.sh index 3a7c879f8..69cd53661 100644 --- a/stable/jfrog-platform/files/setupPostgres.sh +++ b/stable/jfrog-platform/files/setupPostgres.sh @@ -115,7 +115,7 @@ setupDB(){ ## Set Postgres options [[ -z "${POSTGRES_PATH}" ]] && PSQL=psql || PSQL=${POSTGRES_PATH}/psql -POSTGRES_OPTIONS="sslmode=${DB_SSL_MODE} --host=${DB_HOST} -U ${PGUSERNAME} -w" +POSTGRES_OPTIONS="sslmode=${DB_SSL_MODE} --host=${DB_HOST} -p ${DB_PORT} -U ${PGUSERNAME} -w" init diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index 10a2094db..bf0131311 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -23,7 +23,7 @@ global: ## For example : For artifactory, using global.versions.artifactory ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion versions: - router: 7.81.0 + router: 7.87.0 # artifactory: # xray: # distribution: @@ -224,7 +224,7 @@ redis: artifactory: enabled: true unifiedUpgradeAllowed: true - installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.16.2-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' + installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.16.3-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' postgresql: enabled: false waitForDatabase: false From 5718884b3a4653ec97b40212fb555459a1e0ee2c Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 21 Dec 2023 19:39:56 +0530 Subject: [PATCH 07/47] [artifactory] 7.71.9 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +++--- stable/artifactory-ha/CHANGELOG.md | 2 +- stable/artifactory-ha/Chart.yaml | 4 ++-- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +++--- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +++--- stable/artifactory/CHANGELOG.md | 2 +- stable/artifactory/Chart.yaml | 4 ++-- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index e04209c6b..9b2886ca5 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.71.5] - Jul 20, 2023 +## [107.71.9] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index dda4d24a2..7831a8759 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.5 +appVersion: 7.71.9 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.5 + version: 107.71.9 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.71.5 +version: 107.71.9 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index d3e8acd1a..5aee730c2 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.71.5] - Nov 15, 2023 +## [107.71.9] - Nov 15, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml * Fixed - Artifactory primary service condition diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index abb1bfb81..81e39c3ac 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.5 +appVersion: 7.71.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.71.5 +version: 107.71.9 diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index ae04ca06c..c1f8a69af 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.71.5] - Jul 20, 2023 +## [107.71.9] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 678582029..4413cf101 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.5 +appVersion: 7.71.9 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.5 + version: 107.71.9 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.71.5 +version: 107.71.9 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 46ad96296..4ed42b9fe 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.71.5] - Jul 20, 2023 +## [107.71.9] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 82e24670e..9d1b2907e 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.5 +appVersion: 7.71.9 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.5 + version: 107.71.9 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.71.5 +version: 107.71.9 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index e454ed0a4..4c1e33d3e 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.71.5] - Oct 31, 2023 +## [107.71.9] - Oct 31, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml. diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index bafd4c95f..404aee31e 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.5 +appVersion: 7.71.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.71.5 +version: 107.71.9 From 6295d4f226911af0b5aec131fcf41512e76dc098 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 21 Dec 2023 19:40:44 +0530 Subject: [PATCH 08/47] [distribution] 2.21.3 release --- stable/distribution/.helmignore | 4 +- stable/distribution/CHANGELOG.md | 10 +- stable/distribution/Chart.yaml | 4 +- stable/distribution/ci/newrelic-values.yaml | 56 ++++++++ stable/distribution/ci/test-values.yaml | 2 +- .../templates/distribution-newrelic.yaml | 129 ++++++++++++++++++ .../templates/distribution-statefulset.yaml | 68 +++++---- stable/distribution/values.yaml | 25 +++- 8 files changed, 263 insertions(+), 35 deletions(-) create mode 100644 stable/distribution/ci/newrelic-values.yaml create mode 100644 stable/distribution/templates/distribution-newrelic.yaml diff --git a/stable/distribution/.helmignore b/stable/distribution/.helmignore index c7eb1e274..b6e97f07f 100644 --- a/stable/distribution/.helmignore +++ b/stable/distribution/.helmignore @@ -19,4 +19,6 @@ .project .idea/ *.tmproj -OWNERS \ No newline at end of file +OWNERS + +tests/ \ No newline at end of file diff --git a/stable/distribution/CHANGELOG.md b/stable/distribution/CHANGELOG.md index 5daf66593..2a8e75dfb 100644 --- a/stable/distribution/CHANGELOG.md +++ b/stable/distribution/CHANGELOG.md @@ -1,7 +1,15 @@ # JFrog Distribution Chart Changelog All changes to this project chart be documented in this file. -## [102.20.3] - Aug 29, 2023 +## [102.21.3] - Nov 22, 2023 +* Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) +* Removed default hardcoded javaOpts `-Xms2g -Xmx4g` from distribution.sh file + +## [102.20.1] - Sep 18, 2023 +* Reverted - Enabled `unifiedSecretInstallation` by default [GH-1819](https://github.com/jfrog/charts/issues/1819) +* Added NewRelic APM agent integration + +## [102.20.0] - Aug 29, 2023 * Updated redis version tag to `7.2.0-debian-11-r2` * Enabled `unifiedSecretInstallation` by default diff --git a/stable/distribution/Chart.yaml b/stable/distribution/Chart.yaml index 7a425b364..ed420b2e0 100644 --- a/stable/distribution/Chart.yaml +++ b/stable/distribution/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.20.3 +appVersion: 2.21.3 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: distribution sources: - https://github.com/jfrog/charts type: application -version: 102.20.3 +version: 102.21.3 diff --git a/stable/distribution/ci/newrelic-values.yaml b/stable/distribution/ci/newrelic-values.yaml new file mode 100644 index 000000000..861bcc50e --- /dev/null +++ b/stable/distribution/ci/newrelic-values.yaml @@ -0,0 +1,56 @@ +newRelic: + apm: + enabled: true + appName: "ci-test" + licenseKey: "123456789" + version: 8.6.0 + logLevel: severe + downloadUrl: https://download.newrelic.com + downloadPath: newrelic/java-agent/newrelic-agent/{{ .Values.newRelic.apm.version }} + downloadFile: newrelic-agent-{{ .Values.newRelic.apm.version }}.jar + +distribution: + jfrogUrl: http://artifactory.rt:8082 + persistence: + enabled: false + resources: + requests: + memory: "1Gi" + cpu: "1" + limits: + memory: "3Gi" + cpu: "2" + +postgresql: + postgresqlPassword: password + persistence: + enabled: false + +redis: + persistence: + enabled: false + resources: + requests: + memory: "512Mi" + cpu: "1" + limits: + memory: "1Gi" + cpu: "1" + +router: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" + +observability: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" diff --git a/stable/distribution/ci/test-values.yaml b/stable/distribution/ci/test-values.yaml index be3e92f30..812b1210a 100644 --- a/stable/distribution/ci/test-values.yaml +++ b/stable/distribution/ci/test-values.yaml @@ -29,7 +29,7 @@ redis: distribution: jfrogUrl: http://artifactory.rt:8082 - unifiedSecretInstallation: true + unifiedSecretInstallation: false persistence: enabled: false annotations: diff --git a/stable/distribution/templates/distribution-newrelic.yaml b/stable/distribution/templates/distribution-newrelic.yaml new file mode 100644 index 000000000..269efea03 --- /dev/null +++ b/stable/distribution/templates/distribution-newrelic.yaml @@ -0,0 +1,129 @@ +{{- if .Values.newRelic.apm.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "distribution.fullname" . }}-newrelic-apm-config + labels: + app: {{ template "distribution.name" . }} + chart: {{ template "distribution.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + newrelic.yml: |- + common: &default_settings + license_key: {{ .Values.newRelic.apm.licenseKey }} + agent_enabled: {{ .Values.newRelic.apm.enabled }} + app_name: {{ .Values.newRelic.apm.appName }} + high_security: false + enable_auto_app_naming: false + enable_auto_transaction_naming: true + audit_mode: false + log_level: {{ .Values.newRelic.apm.logLevel }} + log_file_count: 1 + log_limit_in_kbytes: 100000 + log_daily: false + log_file_path: {{ .Values.distribution.persistence.mountPath }}/log + log_file_name: newrelic_apm_agent.log + + application_logging: + enabled: true + forwarding: + enabled: true + context_data: + enabled: false + metrics: + enabled: true + code_level_metrics: + enabled: true + + max_stack_trace_lines: 30 + attributes: + enabled: true + + transaction_tracer: + enabled: true + transaction_threshold: apdex_f + record_sql: obfuscated + log_sql: false + stack_trace_threshold: 0.5 + explain_enabled: true + explain_threshold: 0.5 + top_n: 20 + + error_collector: + enabled: true + ignore_classes: + - "akka.actor.ActorKilledException" + ignore_status_codes: 404 + + transaction_events: + enabled: true + max_samples_stored: 2000 + + distributed_tracing: + enabled: true + exclude_newrelic_header: false + + span_events: + enabled: true + max_samples_stored: 2000 + attributes: + enabled: true + + thread_profiler: + enabled: true + + browser_monitoring: + auto_instrument: true + + class_transformer: + com.newrelic.instrumentation.servlet-user: + enabled: false + + com.newrelic.instrumentation.spring-aop-2: + enabled: false + + com.newrelic.instrumentation.jdbc-resultset: + enabled: false + + classloader_excludes: + groovy.lang.GroovyClassLoader$InnerLoader, + org.codehaus.groovy.runtime.callsite.CallSiteClassLoader, + com.collaxa.cube.engine.deployment.BPELClassLoader, + org.springframework.data.convert.ClassGeneratingEntityInstantiator$ObjectInstantiatorClassGenerator, + org.mvel2.optimizers.impl.asm.ASMAccessorOptimizer$ContextClassLoader, + gw.internal.gosu.compiler.SingleServingGosuClassLoader, + + jfr: + enabled: false + audit_logging: false + + labels: + # An example label + #label_name: label_value + + security: + enabled: false + mode: IAST + validator_service_url: wss://csec.nr-data.net + agent: + enabled: false + detection: + rci: + enabled: true + rxss: + enabled: true + deserialization: + enabled: true + + development: + <<: *default_settings + app_name: My Application (Development) + + staging: + <<: *default_settings + app_name: My Application (Staging) + + production: + <<: *default_settings +{{- end }} diff --git a/stable/distribution/templates/distribution-statefulset.yaml b/stable/distribution/templates/distribution-statefulset.yaml index 68021fe0c..b0e5ca638 100644 --- a/stable/distribution/templates/distribution-statefulset.yaml +++ b/stable/distribution/templates/distribution-statefulset.yaml @@ -49,8 +49,8 @@ spec: {{- else }} checksum/distribution-unified-secret: {{ include (print $.Template.BasePath "/distribution-unified-secret.yaml") . | sha256sum }} {{- end }} - {{- range $key, $value := .Values.distribution.annotations }} - {{ $key }}: {{ $value | quote }} + {{- with .Values.distribution.annotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.distribution.schedulerName }} @@ -81,7 +81,7 @@ spec: {{- if or .Values.common.customInitContainersBegin .Values.global.customInitContainersBegin }} {{ tpl (include "distribution.customInitContainersBegin" .) . | indent 6 }} {{- end }} - - name: 'copy-system-yaml' + - name: 'copy-system-configurations' image: '{{ .Values.initContainerImage }}' securityContext: runAsNonRoot: true @@ -94,28 +94,36 @@ spec: command: - '/bin/bash' - '-c' - - > - sleep 30; - if [[ -e "{{ .Values.distribution.persistence.mountPath }}/etc/filebeat.yaml" ]]; then chmod 644 {{ .Values.distribution.persistence.mountPath }}/etc/filebeat.yaml; fi; - echo "Copy system.yaml to {{ .Values.distribution.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.distribution.persistence.mountPath }}/etc; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.distribution.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.distribution.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.distribution.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.distribution.persistence.mountPath }}/lost+found; - {{- if or .Values.distribution.joinKey .Values.distribution.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.distribution.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.distribution.persistence.mountPath }}/etc/security; - echo ${DISTRIBUTION_JOIN_KEY} > {{ .Values.distribution.persistence.mountPath }}/etc/security/join.key; - {{- end }} - {{- if or .Values.distribution.masterKey .Values.distribution.masterKeySecretName .Values.global.masterKey .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.distribution.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.distribution.persistence.mountPath }}/etc/security; - echo ${DISTRIBUTION_MASTER_KEY} > {{ .Values.distribution.persistence.mountPath }}/etc/security/master.key; - {{- end }} + - | + if [[ -e "{{ .Values.distribution.persistence.mountPath }}/etc/filebeat.yaml" ]]; then + chmod 644 {{ .Values.distribution.persistence.mountPath }}/etc/filebeat.yaml + fi + echo "Copy system.yaml to {{ .Values.distribution.persistence.mountPath }}/etc" + mkdir -p {{ .Values.distribution.persistence.mountPath }}/etc + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.distribution.persistence.mountPath }}/etc/system.yaml + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.distribution.persistence.mountPath }}/etc/system.yaml + {{- end }} + echo "Remove {{ .Values.distribution.persistence.mountPath }}/lost+found folder if exists" + rm -rfv {{ .Values.distribution.persistence.mountPath }}/lost+found + {{- if or .Values.distribution.joinKey .Values.distribution.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.distribution.persistence.mountPath }}/etc/security" + mkdir -p {{ .Values.distribution.persistence.mountPath }}/etc/security + echo ${DISTRIBUTION_JOIN_KEY} > {{ .Values.distribution.persistence.mountPath }}/etc/security/join.key + {{- end }} + {{- if or .Values.distribution.masterKey .Values.distribution.masterKeySecretName .Values.global.masterKey .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.distribution.persistence.mountPath }}/etc/security" + mkdir -p {{ .Values.distribution.persistence.mountPath }}/etc/security + echo ${DISTRIBUTION_MASTER_KEY} > {{ .Values.distribution.persistence.mountPath }}/etc/security/master.key + {{- end }} + {{- if .Values.newRelic.apm.enabled }} + echo "Download NewRelic Java APM agent" + mkdir -p {{ .Values.distribution.persistence.mountPath }}/etc/newrelic/ + curl {{ .Values.newRelic.apm.downloadUrl }}/{{ tpl .Values.newRelic.apm.downloadPath . }}/{{ tpl .Values.newRelic.apm.downloadFile . }} \ + -o {{ .Values.distribution.persistence.mountPath }}/etc/newrelic/newrelic.jar + cp -f /tmp/newrelic/newrelic.yml {{ .Values.distribution.persistence.mountPath }}/etc/newrelic/ + {{- end }} env: {{- if or .Values.distribution.joinKey .Values.distribution.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} - name: DISTRIBUTION_JOIN_KEY @@ -142,6 +150,11 @@ spec: volumeMounts: - name: distribution-data mountPath: {{ .Values.distribution.persistence.mountPath | quote }} + {{- if .Values.newRelic.apm.enabled }} + - name: newrelic-config + mountPath: /tmp/newrelic/newrelic.yml + subPath: newrelic.yml + {{- end }} {{- if or .Values.systemYamlOverride.existingSecret .Values.distribution.systemYaml }} {{- if not .Values.distribution.unifiedSecretInstallation }} - name: systemyaml @@ -635,6 +648,11 @@ spec: configMap: name: {{ template "distribution.fullname" . }}-logger {{- end }} + {{- if .Values.newRelic.apm.enabled }} + - name: newrelic-config + configMap: + name: {{ template "distribution.fullname" . }}-newrelic-apm-config + {{- end }} {{- if .Values.filebeat.enabled }} - name: filebeat-config configMap: diff --git a/stable/distribution/values.yaml b/stable/distribution/values.yaml index 1445b9fa9..b7c9e0bde 100644 --- a/stable/distribution/values.yaml +++ b/stable/distribution/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override distribution.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1793 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 # Init containers initContainers: resources: @@ -332,7 +332,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.1.0.1793 + tag: 9.2.750.1697534106 distribution: name: distribution ## Note that by default we use appVersion to get image tag/version @@ -342,7 +342,7 @@ distribution: # tag: imagePullPolicy: IfNotPresent # unifiedSecretInstallation flag enables single unified secret holding all the distribution secrets - unifiedSecretInstallation: true + unifiedSecretInstallation: false ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ schedulerName: # Create a priority class for the Distribution pod or use an existing one @@ -420,6 +420,9 @@ distribution: {{- end }} distribution: extraJavaOpts: > + {{- if .Values.newRelic.apm.enabled }} + -javaagent:{{ .Values.distribution.persistence.mountPath }}/etc/newrelic/newrelic.jar + {{- end }} {{- with .Values.distribution.javaOpts }} {{- if .xms }} -Xms{{ .xms }} @@ -553,7 +556,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.73.0 + tag: 7.87.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -634,7 +637,7 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.13.6 + tag: 1.17.0 imagePullPolicy: IfNotPresent internalPort: 8036 resources: {} @@ -777,3 +780,15 @@ serviceMonitor: kubePromFullName: "" namespaceSelector: {} selector: {} +## @param newRelic Specify NewRelic APM integration settings +## https://docs.newrelic.com/docs/apm/agents/java-agent/configuration/java-agent-configuration-config-file/ +newRelic: + apm: + enabled: false + appName: "" + version: 8.6.0 + licenseKey: "" + logLevel: info + downloadUrl: https://download.newrelic.com + downloadPath: newrelic/java-agent/newrelic-agent/{{ .Values.newRelic.apm.version }} + downloadFile: newrelic-agent-{{ .Values.newRelic.apm.version }}.jar From e9aea48ecd6a3627207050ad3d4483e6c39dc235 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 21 Dec 2023 19:41:00 +0530 Subject: [PATCH 09/47] [xray] 3.86.9 release --- stable/xray/CHANGELOG.md | 2 +- stable/xray/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 24da09490..1a5772ca5 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.86.4] - Nov 14,2023 +## [103.86.9] - Nov 14,2023 * Fixed - containerSecurityContext on loggers ## [103.83.0] - Sep 15,2023 diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index 2a6672a9f..cd10d54ac 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.86.4 +appVersion: 3.86.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.86.4 +version: 103.86.9 From 951dd7f242077b90883f43c3757e00840d10b5cb Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 21 Dec 2023 19:41:30 +0530 Subject: [PATCH 10/47] [jfrog-platform] 10.16.4 release --- stable/jfrog-platform/CHANGELOG.md | 5 +++++ stable/jfrog-platform/Chart.lock | 10 +++++----- stable/jfrog-platform/Chart.yaml | 10 +++++----- stable/jfrog-platform/values.yaml | 2 +- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 3c1658f3c..4094bdefd 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,11 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.16.4] - Dec 21, 2023 +* Update dependency artifactory chart version to 107.71.9 +* Update dependency xray chart version to 103.86.9 +* Update dependency distribution chart version to 102.21.3 + ## [10.16.3] - Dec 6, 2023 * Update dependency artifactory chart version to 107.71.5 * Update dependency xray chart version to 103.86.4 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 3cdcc50b5..6d43c45e5 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -10,18 +10,18 @@ dependencies: version: 12.10.1 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.5 + version: 107.71.9 - name: xray repository: https://charts.jfrog.io/ - version: 103.86.4 + version: 103.86.9 - name: distribution repository: https://charts.jfrog.io/ - version: 102.20.3 + version: 102.21.3 - name: insight repository: https://charts.jfrog.io/ version: 101.16.2 - name: pipelines repository: https://charts.jfrog.io/ version: 101.49.6 -digest: sha256:4847f218a834270716d385021c95ecda71d7c05793bc6ee8a15068fa265e7080 -generated: "2023-12-06T16:59:30.106029+05:30" +digest: sha256:32c61749367e1641633c90e19e843f78154bb4ac2f4dd089c96189554efd17aa +generated: "2023-12-21T17:50:18.22187+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index c80a57f72..130b59833 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.5 +appVersion: 7.71.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -16,15 +16,15 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.5 + version: 107.71.9 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.86.4 + version: 103.86.9 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ - version: 102.20.3 + version: 102.21.3 - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ @@ -55,4 +55,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.16.3 +version: 10.16.4 diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index bf0131311..871206965 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -224,7 +224,7 @@ redis: artifactory: enabled: true unifiedUpgradeAllowed: true - installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.16.3-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' + installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.16.4-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' postgresql: enabled: false waitForDatabase: false From 7d30090d8e61a0d883c46c0ddb34b109f6c801fb Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:43:09 +0530 Subject: [PATCH 11/47] [artifactory] 7.71.11 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +++--- stable/artifactory-ha/CHANGELOG.md | 2 +- stable/artifactory-ha/Chart.yaml | 4 ++-- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +++--- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +++--- stable/artifactory/CHANGELOG.md | 2 +- stable/artifactory/Chart.yaml | 4 ++-- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 9b2886ca5..806b281f2 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.71.9] - Jul 20, 2023 +## [107.71.11] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 7831a8759..0006d064c 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.9 +appVersion: 7.71.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.9 + version: 107.71.11 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.71.9 +version: 107.71.11 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 5aee730c2..9987e6dec 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.71.9] - Nov 15, 2023 +## [107.71.11] - Nov 15, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml * Fixed - Artifactory primary service condition diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index 81e39c3ac..c2551830f 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.9 +appVersion: 7.71.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.71.9 +version: 107.71.11 diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index c1f8a69af..d1b60c7ee 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.71.9] - Jul 20, 2023 +## [107.71.11] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 4413cf101..264340db5 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.9 +appVersion: 7.71.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.9 + version: 107.71.11 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.71.9 +version: 107.71.11 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 4ed42b9fe..8c6b9f09e 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.71.9] - Jul 20, 2023 +## [107.71.11] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 9d1b2907e..af8301701 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.9 +appVersion: 7.71.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.9 + version: 107.71.11 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.71.9 +version: 107.71.11 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 4c1e33d3e..67a048985 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.71.9] - Oct 31, 2023 +## [107.71.11] - Oct 31, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml. diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index 404aee31e..753e010e1 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.9 +appVersion: 7.71.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.71.9 +version: 107.71.11 From c5a3064a15a9e9fbcb984785b4d3fc43f23bf526 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:43:35 +0530 Subject: [PATCH 12/47] [insight] 1.16.5 release --- stable/insight/.helmignore | 4 +++- stable/insight/CHANGELOG.md | 2 +- stable/insight/Chart.yaml | 4 ++-- stable/insight/values.yaml | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/stable/insight/.helmignore b/stable/insight/.helmignore index c7eb1e274..b6e97f07f 100644 --- a/stable/insight/.helmignore +++ b/stable/insight/.helmignore @@ -19,4 +19,6 @@ .project .idea/ *.tmproj -OWNERS \ No newline at end of file +OWNERS + +tests/ \ No newline at end of file diff --git a/stable/insight/CHANGELOG.md b/stable/insight/CHANGELOG.md index d31a665ae..8b9531213 100644 --- a/stable/insight/CHANGELOG.md +++ b/stable/insight/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Insights Chart Changelog All changes to this chart will be documented in this file. -## [101.16.2] - Oct 17, 2023 +## [101.16.5] - Oct 17, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) ## [101.15.0] - Sep 18, 2023 diff --git a/stable/insight/Chart.yaml b/stable/insight/Chart.yaml index f82834b18..8c8554d15 100644 --- a/stable/insight/Chart.yaml +++ b/stable/insight/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.16.2 +appVersion: 1.16.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: insight sources: - https://github.com/jfrog/charts type: application -version: 101.16.2 +version: 101.16.5 diff --git a/stable/insight/values.yaml b/stable/insight/values.yaml index 357945c81..bb72dd2a4 100644 --- a/stable/insight/values.yaml +++ b/stable/insight/values.yaml @@ -727,7 +727,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.79.0 + tag: 7.87.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled From af7d8bc13833bc961449665dd46706187fcddbc8 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:43:53 +0530 Subject: [PATCH 13/47] [xray] 3.86.10 release --- stable/xray/CHANGELOG.md | 2 +- stable/xray/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 1a5772ca5..7d91455ef 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.86.9] - Nov 14,2023 +## [103.86.10] - Nov 14,2023 * Fixed - containerSecurityContext on loggers ## [103.83.0] - Sep 15,2023 diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index cd10d54ac..167ca895f 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.86.9 +appVersion: 3.86.10 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.86.9 +version: 103.86.10 From aff8937f1b2131cf3037c4eebf060184e63436d5 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:44:19 +0530 Subject: [PATCH 14/47] [jfrog-platform] 10.16.5 release --- stable/jfrog-platform/CHANGELOG.md | 6 ++++++ stable/jfrog-platform/Chart.lock | 10 +++++----- stable/jfrog-platform/Chart.yaml | 10 +++++----- stable/jfrog-platform/values.yaml | 4 ++-- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 4094bdefd..19aef4d29 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,12 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.16.5] - Jan 05, 2024 +* Update dependency artifactory chart version to 107.71.11 +* Update dependency xray chart version to 103.86.10 +* Update dependency insight chart version to 101.16.5 +* Update global.versions.router version to `7.91.0` + ## [10.16.4] - Dec 21, 2023 * Update dependency artifactory chart version to 107.71.9 * Update dependency xray chart version to 103.86.9 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 6d43c45e5..2b9589401 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -10,18 +10,18 @@ dependencies: version: 12.10.1 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.9 + version: 107.71.11 - name: xray repository: https://charts.jfrog.io/ - version: 103.86.9 + version: 103.86.10 - name: distribution repository: https://charts.jfrog.io/ version: 102.21.3 - name: insight repository: https://charts.jfrog.io/ - version: 101.16.2 + version: 101.16.5 - name: pipelines repository: https://charts.jfrog.io/ version: 101.49.6 -digest: sha256:32c61749367e1641633c90e19e843f78154bb4ac2f4dd089c96189554efd17aa -generated: "2023-12-21T17:50:18.22187+05:30" +digest: sha256:e58b9782fa5370c28b3dbb208985e1935a142acf4332b4ae51afd16a7ee34e02 +generated: "2024-01-05T12:11:36.43401+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 130b59833..9461f40e9 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.9 +appVersion: 7.71.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -16,11 +16,11 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.9 + version: 107.71.11 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.86.9 + version: 103.86.10 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ @@ -28,7 +28,7 @@ dependencies: - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ - version: 101.16.2 + version: 101.16.5 - condition: pipelines.enabled name: pipelines repository: https://charts.jfrog.io/ @@ -55,4 +55,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.16.4 +version: 10.16.5 diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index 871206965..6d6b815cd 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -23,7 +23,7 @@ global: ## For example : For artifactory, using global.versions.artifactory ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion versions: - router: 7.87.0 + router: 7.91.0 # artifactory: # xray: # distribution: @@ -224,7 +224,7 @@ redis: artifactory: enabled: true unifiedUpgradeAllowed: true - installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.16.4-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' + installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.16.5-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' postgresql: enabled: false waitForDatabase: false From d9f16937a21f2a1338a8561eddae8073feee08d2 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 24 Jan 2024 20:10:10 +0530 Subject: [PATCH 15/47] [artifactory] 7.77.3 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 6 +- stable/artifactory-cpp-ce/Chart.yaml | 8 +- stable/artifactory-cpp-ce/README.md | 2 +- stable/artifactory-cpp-ce/values.yaml | 6 +- stable/artifactory-ha/.helmignore | 4 +- stable/artifactory-ha/CHANGELOG.md | 22 +++- stable/artifactory-ha/Chart.yaml | 6 +- stable/artifactory-ha/README.md | 9 +- stable/artifactory-ha/ci/large-values.yaml | 8 -- stable/artifactory-ha/ci/medium-values.yaml | 8 -- .../ci/rtsplit-access-tls-values.yaml | 8 -- stable/artifactory-ha/ci/rtsplit-values.yaml | 15 --- stable/artifactory-ha/ci/small-values.yaml | 8 -- stable/artifactory-ha/files/binarystore.xml | 6 + .../artifactory-2xlarge-extra-config.yaml | 40 ++++++ .../sizing/artifactory-2xlarge.yaml | 118 +++++++++++++++++ .../artifactory-large-extra-config.yaml | 40 ++++++ .../sizing/artifactory-large.yaml | 118 +++++++++++++++++ .../artifactory-medium-extra-config.yaml | 40 ++++++ .../sizing/artifactory-medium.yaml | 118 +++++++++++++++++ .../artifactory-small-extra-config.yaml | 40 ++++++ .../sizing/artifactory-small.yaml | 118 +++++++++++++++++ .../artifactory-xlarge-extra-config.yaml | 39 ++++++ .../sizing/artifactory-xlarge.yaml | 118 +++++++++++++++++ .../artifactory-xsmall-extra-config.yaml | 40 ++++++ .../sizing/artifactory-xsmall.yaml | 118 +++++++++++++++++ stable/artifactory-ha/templates/_helpers.tpl | 29 +---- .../artifactory-node-statefulset.yaml | 45 +------ .../artifactory-primary-statefulset.yaml | 45 +------ .../templates/nginx-deployment.yaml | 16 +-- stable/artifactory-ha/values-large.yaml | 82 ------------ stable/artifactory-ha/values-medium.yaml | 82 ------------ stable/artifactory-ha/values-small.yaml | 82 ------------ stable/artifactory-ha/values.yaml | 119 ++++++----------- stable/artifactory-jcr/CHANGELOG.md | 6 +- stable/artifactory-jcr/Chart.yaml | 8 +- stable/artifactory-jcr/README.md | 2 +- stable/artifactory-jcr/values.yaml | 6 +- stable/artifactory-oss/CHANGELOG.md | 6 +- stable/artifactory-oss/Chart.yaml | 6 +- stable/artifactory-oss/README.md | 2 +- stable/artifactory-oss/values.yaml | 6 +- stable/artifactory/.helmignore | 4 +- stable/artifactory/CHANGELOG.md | 25 +++- stable/artifactory/Chart.yaml | 6 +- stable/artifactory/README.md | 9 +- stable/artifactory/ci/large-values.yaml | 8 -- stable/artifactory/ci/medium-values.yaml | 8 -- .../ci/rtsplit-values-access-tls-values.yaml | 8 -- stable/artifactory/ci/rtsplit-values.yaml | 16 --- stable/artifactory/ci/small-values.yaml | 8 -- stable/artifactory/files/binarystore.xml | 6 + .../artifactory-2xlarge-extra-config.yaml | 38 ++++++ .../sizing/artifactory-2xlarge.yaml | 117 +++++++++++++++++ .../artifactory-large-extra-config.yaml | 38 ++++++ .../artifactory/sizing/artifactory-large.yaml | 117 +++++++++++++++++ .../artifactory-medium-extra-config.yaml | 38 ++++++ .../sizing/artifactory-medium.yaml | 117 +++++++++++++++++ .../artifactory-small-extra-config.yaml | 38 ++++++ .../artifactory/sizing/artifactory-small.yaml | 117 +++++++++++++++++ .../artifactory-xlarge-extra-config.yaml | 38 ++++++ .../sizing/artifactory-xlarge.yaml | 117 +++++++++++++++++ .../artifactory-xsmall-extra-config.yaml | 39 ++++++ .../sizing/artifactory-xsmall.yaml | 118 +++++++++++++++++ stable/artifactory/templates/_helpers.tpl | 29 +---- .../templates/artifactory-statefulset.yaml | 45 +------ .../templates/nginx-deployment.yaml | 14 +- stable/artifactory/values-large.yaml | 80 ------------ stable/artifactory/values-medium.yaml | 80 ------------ stable/artifactory/values-small.yaml | 80 ------------ stable/artifactory/values.yaml | 123 ++++++------------ 71 files changed, 2095 insertions(+), 991 deletions(-) create mode 100644 stable/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-2xlarge.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-large-extra-config.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-large.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-medium-extra-config.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-medium.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-small-extra-config.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-small.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-xlarge.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml create mode 100644 stable/artifactory-ha/sizing/artifactory-xsmall.yaml delete mode 100644 stable/artifactory-ha/values-large.yaml delete mode 100644 stable/artifactory-ha/values-medium.yaml delete mode 100644 stable/artifactory-ha/values-small.yaml create mode 100644 stable/artifactory/sizing/artifactory-2xlarge-extra-config.yaml create mode 100644 stable/artifactory/sizing/artifactory-2xlarge.yaml create mode 100644 stable/artifactory/sizing/artifactory-large-extra-config.yaml create mode 100644 stable/artifactory/sizing/artifactory-large.yaml create mode 100644 stable/artifactory/sizing/artifactory-medium-extra-config.yaml create mode 100644 stable/artifactory/sizing/artifactory-medium.yaml create mode 100644 stable/artifactory/sizing/artifactory-small-extra-config.yaml create mode 100644 stable/artifactory/sizing/artifactory-small.yaml create mode 100644 stable/artifactory/sizing/artifactory-xlarge-extra-config.yaml create mode 100644 stable/artifactory/sizing/artifactory-xlarge.yaml create mode 100644 stable/artifactory/sizing/artifactory-xsmall-extra-config.yaml create mode 100644 stable/artifactory/sizing/artifactory-xsmall.yaml delete mode 100644 stable/artifactory/values-large.yaml delete mode 100644 stable/artifactory/values-medium.yaml delete mode 100644 stable/artifactory/values-small.yaml diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 806b281f2..f09476ed7 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,11 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.71.11] - Jul 20, 2023 +## [107.77.3] - Nov 23, 2023 +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml + +## [107.66.0] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 0006d064c..fc88c8950 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.3 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.11 + version: 107.77.3 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -13,7 +13,7 @@ keywords: - container - registry - devops -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: helm@jfrog.com name: Chart Maintainers at JFrog @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.3 diff --git a/stable/artifactory-cpp-ce/README.md b/stable/artifactory-cpp-ce/README.md index e54180b58..5f2f6105c 100644 --- a/stable/artifactory-cpp-ce/README.md +++ b/stable/artifactory-cpp-ce/README.md @@ -6,7 +6,7 @@ JFrog Artifactory CE for C++ is a free Artifactory edition to host C/C++ package ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ ## Chart Details This chart will do the following: diff --git a/stable/artifactory-cpp-ce/values.yaml b/stable/artifactory-cpp-ce/values.yaml index dc7bfc450..54ee180ca 100644 --- a/stable/artifactory-cpp-ce/values.yaml +++ b/stable/artifactory-cpp-ce/values.yaml @@ -69,8 +69,8 @@ postgresql: enabled: true router: image: - tag: 7.81.0 + tag: 7.91.0 logger: image: - tag: 9.2.750.1697534106 -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 + tag: 9.3.1475 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 diff --git a/stable/artifactory-ha/.helmignore b/stable/artifactory-ha/.helmignore index c7eb1e274..b6e97f07f 100644 --- a/stable/artifactory-ha/.helmignore +++ b/stable/artifactory-ha/.helmignore @@ -19,4 +19,6 @@ .project .idea/ *.tmproj -OWNERS \ No newline at end of file +OWNERS + +tests/ \ No newline at end of file diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 2c0869acb..84a52a4ec 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,11 +1,29 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.71.11] - Nov 15, 2023 +## [107.77.3] - Jan 16, 2024 +* Removed integration service +* Added recommended postgresql sizing configurations under sizing directory +* Updated artifactory-federation (probes, port, embedded mode) + +## [107.76.0] - Dec 13, 2023 +* Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section +* Reduced nginx startupProbe initialDelaySeconds + +## [107.74.0] - Nov 30, 2023 +* Added recommended sizing configurations under sizing directory, please refer [here](README.md/#apply-sizing-configurations-to-the-chart) +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml + +## [107.70.0] - Nov 30, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml * Fixed - Artifactory primary service condition -* Added support for custom labels in the Nginx pods +* Fixed - SecurityContext with runAsGroup in artifactory-ha [GH-1838](https://github.com/jfrog/charts/issues/1838) +* Added support for custom labels in the Nginx pods [GH-1836](https://github.com/jfrog/charts/pull/1836) +* Added podSecurityContext and containerSecurityContext for nginx +* Added support for nginx on openshift, set `podSecurityContext` and `containerSecurityContext` to false +* Renamed nginx internalPort 80,443 to 8080,8443 to support openshift ## [107.69.0] - Sep 18, 2023 * Adjust rtfs context diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index c2551830f..30018756c 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.3 dependencies: - condition: postgresql.enabled name: postgresql @@ -13,7 +13,7 @@ keywords: - artifactory - jfrog - devops -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.3 diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md index de40eebce..ea332fc19 100644 --- a/stable/artifactory-ha/README.md +++ b/stable/artifactory-ha/README.md @@ -8,7 +8,7 @@ Below you will find the basic instructions for installing, uninstalling, and del ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ * Artifactory HA license ## Chart Details @@ -40,6 +40,13 @@ To install the chart with the release name `artifactory`: helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha ``` +### Apply Sizing configurations to the Chart +To apply the chart with recommended sizing configurations : +For small configurations : +```bash +helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml +``` + ## Uninstalling Artifactory Uninstall is supported only on Helm v3 and on. diff --git a/stable/artifactory-ha/ci/large-values.yaml b/stable/artifactory-ha/ci/large-values.yaml index 8c1bacd34..153307aa2 100644 --- a/stable/artifactory-ha/ci/large-values.yaml +++ b/stable/artifactory-ha/ci/large-values.yaml @@ -75,14 +75,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory-ha/ci/medium-values.yaml b/stable/artifactory-ha/ci/medium-values.yaml index 3f04f68df..115e7d460 100644 --- a/stable/artifactory-ha/ci/medium-values.yaml +++ b/stable/artifactory-ha/ci/medium-values.yaml @@ -75,14 +75,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml b/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml index 7ab2221da..58a8cb207 100644 --- a/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml +++ b/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml @@ -105,14 +105,6 @@ event: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory-ha/ci/rtsplit-values.yaml b/stable/artifactory-ha/ci/rtsplit-values.yaml index 2b88d70a8..ef334e5e6 100644 --- a/stable/artifactory-ha/ci/rtsplit-values.yaml +++ b/stable/artifactory-ha/ci/rtsplit-values.yaml @@ -155,21 +155,6 @@ event: preStop: exec: command: ["/bin/sh", "-c", "echo Hello from the event postStart handler >> /tmp/message"] -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] - preStop: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] observability: resources: requests: diff --git a/stable/artifactory-ha/ci/small-values.yaml b/stable/artifactory-ha/ci/small-values.yaml index 501d357b9..b4557289e 100644 --- a/stable/artifactory-ha/ci/small-values.yaml +++ b/stable/artifactory-ha/ci/small-values.yaml @@ -77,14 +77,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory-ha/files/binarystore.xml b/stable/artifactory-ha/files/binarystore.xml index f6b99dbe0..dc13eb870 100644 --- a/stable/artifactory-ha/files/binarystore.xml +++ b/stable/artifactory-ha/files/binarystore.xml @@ -261,6 +261,12 @@ {{- with .maxConnections }} {{ . }} {{- end }} + {{- with .connectionTimeout }} + {{ . }} + {{- end }} + {{- with .socketTimeout }} + {{ . }} + {{- end }} {{- with .kmsServerSideEncryptionKeyId }} {{ . }} {{- end }} diff --git a/stable/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml b/stable/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml new file mode 100644 index 000000000..d3891eca4 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-2xlarge-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=200 + -Dartifactory.async.poolMaxQueueSize=100000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=200 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + + tomcat: + connector: + maxThreads: 800 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 200 + +access: + tomcat: + connector: + maxThreads: 200 + + database: + maxOpenConnections: 200 + +metadata: + database: + maxOpenConnections: 200 + diff --git a/stable/artifactory-ha/sizing/artifactory-2xlarge.yaml b/stable/artifactory-ha/sizing/artifactory-2xlarge.yaml new file mode 100644 index 000000000..ef809864f --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-2xlarge.yaml @@ -0,0 +1,118 @@ +############################################################## +# The 2xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 6 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "4" + memory: 20Gi + limits: + # cpu: "20" + memory: 24Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: "1" + memory: 1Gi + limits: + # cpu: "6" + memory: 2Gi + +frontend: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 1Gi + +metadata: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 2Gi + +event: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +observability: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +jfconnect: + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + # cpu: "1" + memory: 250Mi + +nginx: + replicaCount: 3 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "6Gi" + limits: + # cpu: "14" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 256Gi + cpu: "64" + limits: + memory: 256Gi + # cpu: "128" diff --git a/stable/artifactory-ha/sizing/artifactory-large-extra-config.yaml b/stable/artifactory-ha/sizing/artifactory-large-extra-config.yaml new file mode 100644 index 000000000..038c2ac4a --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-large-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=80 + -Dartifactory.async.poolMaxQueueSize=20000 + -Dartifactory.http.client.max.total.connections=100 + -Dartifactory.http.client.max.connections.per.route=100 + -Dartifactory.access.client.max.connections=125 + -Dartifactory.metadata.event.operator.threads=4 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=524288 + -XX:MaxDirectMemorySize=512m + + tomcat: + connector: + maxThreads: 500 + extraConfig: 'acceptCount="800" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 100 + +access: + tomcat: + connector: + maxThreads: 125 + + database: + maxOpenConnections: 100 + +metadata: + database: + maxOpenConnections: 100 + diff --git a/stable/artifactory-ha/sizing/artifactory-large.yaml b/stable/artifactory-ha/sizing/artifactory-large.yaml new file mode 100644 index 000000000..083643ca2 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-large.yaml @@ -0,0 +1,118 @@ +############################################################## +# The large sizing +# This size is intended for large organizations. It can be increased with adding replicas or moving to the xlarge sizing +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 3 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 10Gi + limits: + # cpu: "14" + memory: 12Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "8" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 400Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "1" + memory: "500Mi" + limits: + # cpu: "4" + memory: "1Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "1000" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 64Gi + cpu: "16" + limits: + memory: 64Gi + # cpu: "32" diff --git a/stable/artifactory-ha/sizing/artifactory-medium-extra-config.yaml b/stable/artifactory-ha/sizing/artifactory-medium-extra-config.yaml new file mode 100644 index 000000000..47a4004df --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-medium-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/stable/artifactory-ha/sizing/artifactory-medium.yaml b/stable/artifactory-ha/sizing/artifactory-medium.yaml new file mode 100644 index 000000000..a9f0756d2 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-medium.yaml @@ -0,0 +1,118 @@ +############################################################## +# The medium sizing +# This size is just 2 replicas of the small size. Vertical sizing of all services is not changed +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 2 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 32Gi + cpu: "8" + limits: + memory: 32Gi + # cpu: "16" \ No newline at end of file diff --git a/stable/artifactory-ha/sizing/artifactory-small-extra-config.yaml b/stable/artifactory-ha/sizing/artifactory-small-extra-config.yaml new file mode 100644 index 000000000..47a4004df --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-small-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/stable/artifactory-ha/sizing/artifactory-small.yaml b/stable/artifactory-ha/sizing/artifactory-small.yaml new file mode 100644 index 000000000..3a3db7c89 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-small.yaml @@ -0,0 +1,118 @@ +############################################################## +# The small sizing +# This is the size recommended for running Artifactory for small teams +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 16Gi + cpu: "4" + limits: + memory: 16Gi + # cpu: "10" diff --git a/stable/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml b/stable/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml new file mode 100644 index 000000000..e266e0638 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-xlarge-extra-config.yaml @@ -0,0 +1,39 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=160 + -Dartifactory.async.poolMaxQueueSize=50000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=150 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + tomcat: + connector: + maxThreads: 600 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 150 + +access: + tomcat: + connector: + maxThreads: 150 + + database: + maxOpenConnections: 150 + +metadata: + database: + maxOpenConnections: 150 + diff --git a/stable/artifactory-ha/sizing/artifactory-xlarge.yaml b/stable/artifactory-ha/sizing/artifactory-xlarge.yaml new file mode 100644 index 000000000..ccd336589 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-xlarge.yaml @@ -0,0 +1,118 @@ +############################################################## +# The xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 4 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 14Gi + limits: + # cpu: "14" + memory: 16Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 500Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "4Gi" + limits: + # cpu: "12" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 128Gi + cpu: "32" + limits: + memory: 128Gi + # cpu: "64" diff --git a/stable/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml b/stable/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml new file mode 100644 index 000000000..cc557abd5 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-xsmall-extra-config.yaml @@ -0,0 +1,40 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + primary: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=10 + -Dartifactory.async.poolMaxQueueSize=2000 + -Dartifactory.http.client.max.total.connections=20 + -Dartifactory.http.client.max.connections.per.route=20 + -Dartifactory.access.client.max.connections=15 + -Dartifactory.metadata.event.operator.threads=2 + -XX:MaxMetaspaceSize=400m + -XX:CompressedClassSpaceSize=96m + -Djdk.nio.maxCachedBufferSize=131072 + -XX:MaxDirectMemorySize=128m + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 15 + +access: + tomcat: + connector: + maxThreads: 15 + + database: + maxOpenConnections: 15 + +metadata: + database: + maxOpenConnections: 15 + diff --git a/stable/artifactory-ha/sizing/artifactory-xsmall.yaml b/stable/artifactory-ha/sizing/artifactory-xsmall.yaml new file mode 100644 index 000000000..e46ee61b6 --- /dev/null +++ b/stable/artifactory-ha/sizing/artifactory-xsmall.yaml @@ -0,0 +1,118 @@ +############################################################## +# The xsmall sizing +# This is the minimum size recommended for running Artifactory +############################################################## +splitServicesToContainers: true +artifactory: + primary: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 3Gi + limits: + # cpu: "10" + memory: 4Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 50m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "50m" + memory: "50Mi" + limits: + # cpu: "1" + memory: "250Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "100" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 8Gi + cpu: "2" + limits: + memory: 8Gi + # cpu: "8" \ No newline at end of file diff --git a/stable/artifactory-ha/templates/_helpers.tpl b/stable/artifactory-ha/templates/_helpers.tpl index c6ef87daf..0456a7b9a 100644 --- a/stable/artifactory-ha/templates/_helpers.tpl +++ b/stable/artifactory-ha/templates/_helpers.tpl @@ -372,9 +372,6 @@ Resolve requiredServiceTypes value {{- if .Values.event.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfevt" -}} {{- end -}} -{{- if .Values.integration.enabled -}} - {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfint" -}} -{{- end -}} {{- if .Values.frontend.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jffe" -}} {{- end -}} @@ -402,20 +399,7 @@ nginx scheme (http/https) {{- end -}} {{/* -nginx command -*/}} -{{- define "nginx.command" -}} -{{- if .Values.nginx.customCommand }} -{{ toYaml .Values.nginx.customCommand }} -{{ else }} -- nginx -- -g -- 'daemon off;' -{{- end }} -{{- end -}} - -{{/* -nginx port (80/443) based on http/https enabled +nginx port (8080/8443) based on http/https enabled */}} {{- define "nginx.port" -}} {{- if .Values.nginx.http.enabled -}} @@ -496,14 +480,3 @@ nodeSelector: {{ toYaml .Values.nginx.nodeSelector | indent 2 }} {{- end -}} {{- end -}} - -{{/* -Resolve fsGroup and runAsGroup on cluster based -*/}} -{{- define "artifactory.isOpenshiftCompatible" -}} -{{- if (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}} -{{- printf "%s" "true" -}} -{{- else -}} -{{- printf "%s" "false" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml index a0f738f72..8fab72a32 100644 --- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -71,11 +71,8 @@ spec: securityContext: runAsNonRoot: true runAsUser: {{ .Values.artifactory.uid }} - {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }} runAsGroup: {{ .Values.artifactory.gid }} - {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }} fsGroup: {{ .Values.artifactory.gid }} - {{- end }} {{- if .Values.artifactory.fsGroupChangePolicy }} fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} {{- end }} @@ -707,45 +704,7 @@ spec: {{ tpl .Values.jfconnect.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} - {{- if .Values.integration.enabled }} - - name: {{ .Values.integration.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/integration/bin/jf-integration start - {{- with .Values.integration.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.integration.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.integration.resources | indent 10 }} - {{- if .Values.integration.startupProbe.enabled }} - startupProbe: -{{ tpl .Values.integration.startupProbe.config . | indent 10 }} - {{- end }} - {{- if .Values.integration.livenessProbe.enabled }} - livenessProbe: -{{ tpl .Values.integration.livenessProbe.config . | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.federation.enabled }} + {{- if and .Values.federation.enabled .Values.federation.embedded }} - name: {{ .Values.federation.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} @@ -911,8 +870,6 @@ spec: value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_INTEGRATION_ENABLED - value: "false" {{- end }} {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml index b13bf5cc6..19e04a29a 100644 --- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -89,11 +89,8 @@ spec: securityContext: runAsNonRoot: true runAsUser: {{ .Values.artifactory.uid }} - {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }} runAsGroup: {{ .Values.artifactory.gid }} - {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }} fsGroup: {{ .Values.artifactory.gid }} - {{- end }} {{- if .Values.artifactory.fsGroupChangePolicy }} fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} {{- end }} @@ -797,45 +794,7 @@ spec: {{ tpl .Values.jfconnect.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} - {{- if .Values.integration.enabled }} - - name: {{ .Values.integration.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/integration/bin/jf-integration start - {{- with .Values.integration.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.integration.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.integration.resources | indent 10 }} - {{- if .Values.integration.startupProbe.enabled }} - startupProbe: -{{ tpl .Values.integration.startupProbe.config . | indent 10 }} - {{- end }} - {{- if .Values.integration.livenessProbe.enabled }} - livenessProbe: -{{ tpl .Values.integration.livenessProbe.config . | indent 10 }} - {{- end }} - {{- end }} - {{- if .Values.federation.enabled }} + {{- if and .Values.federation.enabled .Values.federation.embedded }} - name: {{ .Values.federation.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} @@ -995,8 +954,6 @@ spec: value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_INTEGRATION_ENABLED - value: "false" {{- end }} {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB diff --git a/stable/artifactory-ha/templates/nginx-deployment.yaml b/stable/artifactory-ha/templates/nginx-deployment.yaml index 7cf5400fd..a086fe9f2 100644 --- a/stable/artifactory-ha/templates/nginx-deployment.yaml +++ b/stable/artifactory-ha/templates/nginx-deployment.yaml @@ -44,11 +44,10 @@ spec: {{- if .Values.nginx.labels }} {{ toYaml .Values.nginx.labels | indent 8 }} {{- end }} -{{- with .Values.nginx.deployment.annotations }} spec: - securityContext: - runAsUser: {{ .Values.nginx.uid }} - runAsGroup: {{ .Values.nginx.gid }} + {{- if .Values.nginx.podSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} @@ -84,12 +83,9 @@ spec: - name: {{ .Values.nginx.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }} imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - {{- with .Values.nginx.securityContext }} - securityContext: -{{ toYaml . | indent 10 }} + {{- if .Values.nginx.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} - command: -{{- tpl (include "nginx.command" .) . | indent 10 }} ports: {{ if .Values.nginx.customPorts }} {{ toYaml .Values.nginx.customPorts | indent 8 }} @@ -215,4 +211,4 @@ spec: secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate {{- end }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/artifactory-ha/values-large.yaml b/stable/artifactory-ha/values-large.yaml deleted file mode 100644 index 2d0ee5789..000000000 --- a/stable/artifactory-ha/values-large.yaml +++ /dev/null @@ -1,82 +0,0 @@ -artifactory: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 300 - primary: - replicaCount: 4 - resources: - requests: - memory: "6Gi" - cpu: "2" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "8g" - xmx: "10g" -access: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 100 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 150 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/stable/artifactory-ha/values-medium.yaml b/stable/artifactory-ha/values-medium.yaml deleted file mode 100644 index c2d26ee38..000000000 --- a/stable/artifactory-ha/values-medium.yaml +++ /dev/null @@ -1,82 +0,0 @@ -artifactory: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 200 - primary: - replicaCount: 3 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "6g" - xmx: "8g" -access: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 100 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/stable/artifactory-ha/values-small.yaml b/stable/artifactory-ha/values-small.yaml deleted file mode 100644 index aa97312a1..000000000 --- a/stable/artifactory-ha/values-small.yaml +++ /dev/null @@ -1,82 +0,0 @@ -artifactory: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - primary: - replicaCount: 2 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "6g" -access: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 80 - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml index 34b9c53dd..e36b3600e 100644 --- a/stable/artifactory-ha/values.yaml +++ b/stable/artifactory-ha/values.yaml @@ -41,7 +41,7 @@ global: ## String to fully override artifactory-ha.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 installer: type: platform: @@ -174,19 +174,12 @@ postgresql: enabled: true containerSecurityContext: enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" + # requests: + # memory: "512Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "500m" ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## you MUST specify custom database details here or Artifactory will NOT start database: @@ -214,7 +207,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.2.750.1697534106 + tag: 9.3.1475 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -239,7 +232,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.81.0 + tag: 7.91.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -787,6 +780,7 @@ artifactory: {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} federation: enabled: true + embedded: {{ .Values.federation.embedded }} extraJavaOpts: {{ .Values.federation.extraJavaOpts }} port: {{ .Values.federation.internalPort }} rtfs: @@ -971,6 +965,8 @@ artifactory: port: useHttp: maxConnections: 50 + connectionTimeout: + socketTimeout: kmsServerSideEncryptionKeyId: kmsKeyRegion: kmsCryptoMode: @@ -1429,62 +1425,12 @@ jfconnect: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: 5 -integration: - name: integration - enabled: true - internalPort: 8071 - ## Extra environment variables that can be used to tune integration to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: MY_ENV_VAR - # value: "" - resources: {} - # requests: - # memory: "100Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "1" - - # Add lifecycle hooks for integration container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - - ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true - livenessProbe: - enabled: true - config: | - exec: - command: - - sh - - -c - - curl --fail --max-time 1 http://localhost:{{ .Values.integration.internalPort }}/api/v1/system/liveness - initialDelaySeconds: {{ if semverCompare "= 1.19.0-0" in chart.yaml + +## [107.66.0] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 264340db5..5ebc7c924 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.3 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.11 + version: 107.77.3 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -14,7 +14,7 @@ keywords: - registry - devops - jfrog-container-registry -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: helm@jfrog.com name: Chart Maintainers at JFrog @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.3 diff --git a/stable/artifactory-jcr/README.md b/stable/artifactory-jcr/README.md index 7df9d9348..307a46b3a 100644 --- a/stable/artifactory-jcr/README.md +++ b/stable/artifactory-jcr/README.md @@ -6,7 +6,7 @@ JFrog Container Registry is a free Artifactory edition with Docker and Helm repo ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ ## Chart Details This chart will do the following: diff --git a/stable/artifactory-jcr/values.yaml b/stable/artifactory-jcr/values.yaml index b2b2cb3e8..3065f24a4 100644 --- a/stable/artifactory-jcr/values.yaml +++ b/stable/artifactory-jcr/values.yaml @@ -69,8 +69,8 @@ postgresql: enabled: true router: image: - tag: 7.81.0 + tag: 7.91.0 logger: image: - tag: 9.2.750.1697534106 -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 + tag: 9.3.1475 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 8c6b9f09e..a45009589 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,11 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.71.11] - Jul 20, 2023 +## [107.77.3] - Nov 23, 2023 +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml + +## [107.66.0] - Jul 20, 2023 * Disabled federation services when splitServicesToContainers=true ## [107.45.0] - Aug 25, 2022 diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index af8301701..8c240c5df 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.3 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.71.11 + version: 107.77.3 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.3 diff --git a/stable/artifactory-oss/README.md b/stable/artifactory-oss/README.md index 36d1a2d2c..ef040a86e 100644 --- a/stable/artifactory-oss/README.md +++ b/stable/artifactory-oss/README.md @@ -6,7 +6,7 @@ JFrog Artifactory OSS is a free Artifactory edition to host Generic repositories ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ ## Chart Details This chart will do the following: diff --git a/stable/artifactory-oss/values.yaml b/stable/artifactory-oss/values.yaml index 51885f553..e90cb04f7 100644 --- a/stable/artifactory-oss/values.yaml +++ b/stable/artifactory-oss/values.yaml @@ -69,8 +69,8 @@ postgresql: enabled: true router: image: - tag: 7.81.0 + tag: 7.91.0 logger: image: - tag: 9.2.750.1697534106 -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 + tag: 9.3.1475 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 diff --git a/stable/artifactory/.helmignore b/stable/artifactory/.helmignore index c7eb1e274..b6e97f07f 100644 --- a/stable/artifactory/.helmignore +++ b/stable/artifactory/.helmignore @@ -19,4 +19,6 @@ .project .idea/ *.tmproj -OWNERS \ No newline at end of file +OWNERS + +tests/ \ No newline at end of file diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 9786d1eb1..8b82dd1db 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,10 +1,29 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.71.11] - Oct 31, 2023 +## [107.77.3] - Jan 16, 2024 +* Removed integration service +* Added recommended postgresql sizing configurations under sizing directory +* Updated artifactory-federation (probes, port, embedded mode) +* Fixed - Removed duplicate keys of the sizing yaml file + +## [107.76.0] - Dec 13, 2023 +* Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section +* Reduced nginx startupProbe initialDelaySeconds + +## [107.74.0] - Nov 30, 2023 +* Added recommended sizing configurations under sizing directory, please refer [here](README.md/#apply-sizing-configurations-to-the-chart) +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml + +## [107.70.0] - Nov 30, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) -* Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml -* Added support for custom labels in the Nginx pods +* Fixed - Invalid format for awsS3V3 `multiPartLimit,multipartElementSize` in binarystore.xml. +* Fixed - SecurityContext with runAsGroup in artifactory [GH-1838](https://github.com/jfrog/charts/issues/1838) +* Added support for custom labels in the Nginx pods [GH-1836](https://github.com/jfrog/charts/pull/1836) +* Added podSecurityContext and containerSecurityContext for nginx +* Added support for nginx on openshift, set `podSecurityContext` and `containerSecurityContext` to false +* Renamed nginx internalPort 80,443 to 8080,8443 to support openshift ## [107.69.0] - Sep 18, 2023 * Adjust rtfs context diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index 753e010e1..e224a9577 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.3 dependencies: - condition: postgresql.enabled name: postgresql @@ -13,7 +13,7 @@ keywords: - artifactory - jfrog - devops -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.71.11 +version: 107.77.3 diff --git a/stable/artifactory/README.md b/stable/artifactory/README.md index b77f68437..27dddac45 100644 --- a/stable/artifactory/README.md +++ b/stable/artifactory/README.md @@ -3,7 +3,7 @@ **IMPORTANT!** Our Helm Chart docs have moved to our main documentation site. Below you will find the basic instructions for installing, uninstalling, and deleting Artifactory. For all other information, refer to [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory#InstallingArtifactory-HelmInstallation). ## Prerequisites -* Kubernetes 1.14+ +* Kubernetes 1.19+ * Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) ## Chart Details @@ -31,6 +31,13 @@ To install the chart with the release name `artifactory`: helm upgrade --install artifactory --namespace artifactory jfrog/artifactory ``` +### Apply Sizing configurations to the Chart +To apply the chart with recommended sizing configurations : +For small configurations : +```bash +helm upgrade --install artifactory --namespace artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml +``` + ## Uninstalling Artifactory Uninstall is supported only on Helm v3 and on. diff --git a/stable/artifactory/ci/large-values.yaml b/stable/artifactory/ci/large-values.yaml index a832906df..94a485d6f 100644 --- a/stable/artifactory/ci/large-values.yaml +++ b/stable/artifactory/ci/large-values.yaml @@ -72,14 +72,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory/ci/medium-values.yaml b/stable/artifactory/ci/medium-values.yaml index 979b7c3da..35044dc36 100644 --- a/stable/artifactory/ci/medium-values.yaml +++ b/stable/artifactory/ci/medium-values.yaml @@ -72,14 +72,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml b/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml index 52861f86e..a81162f0d 100644 --- a/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml +++ b/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml @@ -95,14 +95,6 @@ event: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory/ci/rtsplit-values.yaml b/stable/artifactory/ci/rtsplit-values.yaml index 5c2e4b366..5306e00e0 100644 --- a/stable/artifactory/ci/rtsplit-values.yaml +++ b/stable/artifactory/ci/rtsplit-values.yaml @@ -151,22 +151,6 @@ event: exec: command: ["/bin/sh", "-c", "echo Hello from the event postStart handler >> /tmp/message"] -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] - preStop: - exec: - command: ["/bin/sh", "-c", "echo Hello from the integration postStart handler >> /tmp/message"] - observability: resources: requests: diff --git a/stable/artifactory/ci/small-values.yaml b/stable/artifactory/ci/small-values.yaml index 1abc64e67..70d77790a 100644 --- a/stable/artifactory/ci/small-values.yaml +++ b/stable/artifactory/ci/small-values.yaml @@ -72,14 +72,6 @@ jfconnect: limits: memory: "1Gi" cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" observability: resources: requests: diff --git a/stable/artifactory/files/binarystore.xml b/stable/artifactory/files/binarystore.xml index 43dd1cd95..4ecdf50fe 100644 --- a/stable/artifactory/files/binarystore.xml +++ b/stable/artifactory/files/binarystore.xml @@ -247,6 +247,12 @@ {{- with .maxConnections }} {{ . }} {{- end }} + {{- with .connectionTimeout }} + {{ . }} + {{- end }} + {{- with .socketTimeout }} + {{ . }} + {{- end }} {{- with .kmsServerSideEncryptionKeyId }} {{ . }} {{- end }} diff --git a/stable/artifactory/sizing/artifactory-2xlarge-extra-config.yaml b/stable/artifactory/sizing/artifactory-2xlarge-extra-config.yaml new file mode 100644 index 000000000..7eb8729d6 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-2xlarge-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=200 + -Dartifactory.async.poolMaxQueueSize=100000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=200 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + tomcat: + connector: + maxThreads: 800 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 200 + +access: + tomcat: + connector: + maxThreads: 200 + + database: + maxOpenConnections: 200 + +metadata: + database: + maxOpenConnections: 200 + diff --git a/stable/artifactory/sizing/artifactory-2xlarge.yaml b/stable/artifactory/sizing/artifactory-2xlarge.yaml new file mode 100644 index 000000000..a4e0f9505 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-2xlarge.yaml @@ -0,0 +1,117 @@ +############################################################## +# The 2xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 6 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "4" + memory: 20Gi + limits: + # cpu: "20" + memory: 24Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: "1" + memory: 1Gi + limits: + # cpu: "6" + memory: 2Gi + +frontend: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 1Gi + +metadata: + resources: + requests: + cpu: "1" + memory: 500Mi + limits: + # cpu: "5" + memory: 2Gi + +event: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +observability: + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +jfconnect: + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + # cpu: "1" + memory: 250Mi + +nginx: + replicaCount: 3 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "6Gi" + limits: + # cpu: "14" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 256Gi + cpu: "64" + limits: + memory: 256Gi + # cpu: "128" \ No newline at end of file diff --git a/stable/artifactory/sizing/artifactory-large-extra-config.yaml b/stable/artifactory/sizing/artifactory-large-extra-config.yaml new file mode 100644 index 000000000..4714acb38 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-large-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=80 + -Dartifactory.async.poolMaxQueueSize=20000 + -Dartifactory.http.client.max.total.connections=100 + -Dartifactory.http.client.max.connections.per.route=100 + -Dartifactory.access.client.max.connections=125 + -Dartifactory.metadata.event.operator.threads=4 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=524288 + -XX:MaxDirectMemorySize=512m + tomcat: + connector: + maxThreads: 500 + extraConfig: 'acceptCount="800" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 100 + +access: + tomcat: + connector: + maxThreads: 125 + + database: + maxOpenConnections: 100 + +metadata: + database: + maxOpenConnections: 100 + diff --git a/stable/artifactory/sizing/artifactory-large.yaml b/stable/artifactory/sizing/artifactory-large.yaml new file mode 100644 index 000000000..7212ba52a --- /dev/null +++ b/stable/artifactory/sizing/artifactory-large.yaml @@ -0,0 +1,117 @@ +############################################################## +# The large sizing +# This size is intended for large organizations. It can be increased with adding replicas or moving to the xlarge sizing +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 3 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 10Gi + limits: + # cpu: "14" + memory: 12Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "8" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 400Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "1" + memory: "500Mi" + limits: + # cpu: "4" + memory: "1Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "1000" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 64Gi + cpu: "16" + limits: + memory: 64Gi + # cpu: "32" diff --git a/stable/artifactory/sizing/artifactory-medium-extra-config.yaml b/stable/artifactory/sizing/artifactory-medium-extra-config.yaml new file mode 100644 index 000000000..6e0f72cb7 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-medium-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/stable/artifactory/sizing/artifactory-medium.yaml b/stable/artifactory/sizing/artifactory-medium.yaml new file mode 100644 index 000000000..c32007fc3 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-medium.yaml @@ -0,0 +1,117 @@ +############################################################## +# The medium sizing +# This size is just 2 replicas of the small size. Vertical sizing of all services is not changed +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 2 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 32Gi + cpu: "8" + limits: + memory: 32Gi + # cpu: "16" \ No newline at end of file diff --git a/stable/artifactory/sizing/artifactory-small-extra-config.yaml b/stable/artifactory/sizing/artifactory-small-extra-config.yaml new file mode 100644 index 000000000..6e0f72cb7 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-small-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=40 + -Dartifactory.async.poolMaxQueueSize=10000 + -Dartifactory.http.client.max.total.connections=50 + -Dartifactory.http.client.max.connections.per.route=50 + -Dartifactory.access.client.max.connections=75 + -Dartifactory.metadata.event.operator.threads=3 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + tomcat: + connector: + maxThreads: 300 + extraConfig: 'acceptCount="600" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 50 + +access: + tomcat: + connector: + maxThreads: 75 + + database: + maxOpenConnections: 50 + +metadata: + database: + maxOpenConnections: 50 + diff --git a/stable/artifactory/sizing/artifactory-small.yaml b/stable/artifactory/sizing/artifactory-small.yaml new file mode 100644 index 000000000..5640049d7 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-small.yaml @@ -0,0 +1,117 @@ +############################################################## +# The small sizing +# This is the size recommended for running Artifactory for small teams +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 4Gi + limits: + # cpu: "10" + memory: 5Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 100m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 100m + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + # cpu: "2" + memory: "500Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "350" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 16Gi + cpu: "4" + limits: + memory: 16Gi + # cpu: "10" \ No newline at end of file diff --git a/stable/artifactory/sizing/artifactory-xlarge-extra-config.yaml b/stable/artifactory/sizing/artifactory-xlarge-extra-config.yaml new file mode 100644 index 000000000..9589afc24 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-xlarge-extra-config.yaml @@ -0,0 +1,38 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=65 + -Dartifactory.async.corePoolSize=160 + -Dartifactory.async.poolMaxQueueSize=50000 + -Dartifactory.http.client.max.total.connections=150 + -Dartifactory.http.client.max.connections.per.route=150 + -Dartifactory.access.client.max.connections=150 + -Dartifactory.metadata.event.operator.threads=5 + -XX:MaxMetaspaceSize=512m + -Djdk.nio.maxCachedBufferSize=1048576 + -XX:MaxDirectMemorySize=1024m + tomcat: + connector: + maxThreads: 600 + extraConfig: 'acceptCount="1200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 150 + +access: + tomcat: + connector: + maxThreads: 150 + + database: + maxOpenConnections: 150 + +metadata: + database: + maxOpenConnections: 150 + diff --git a/stable/artifactory/sizing/artifactory-xlarge.yaml b/stable/artifactory/sizing/artifactory-xlarge.yaml new file mode 100644 index 000000000..002d9891c --- /dev/null +++ b/stable/artifactory/sizing/artifactory-xlarge.yaml @@ -0,0 +1,117 @@ +############################################################## +# The xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 4 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "2" + memory: 14Gi + limits: + # cpu: "14" + memory: 16Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "16" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 200m + memory: 500Mi + limits: + # cpu: "4" + memory: 1Gi + +frontend: + resources: + requests: + cpu: 200m + memory: 300Mi + limits: + # cpu: "3" + memory: 1Gi + +metadata: + resources: + requests: + cpu: 200m + memory: 200Mi + limits: + # cpu: "4" + memory: 1Gi + +event: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 2 + disableProxyBuffering: true + resources: + requests: + cpu: "4" + memory: "4Gi" + limits: + # cpu: "12" + memory: "8Gi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "2500" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 128Gi + cpu: "32" + limits: + memory: 128Gi + # cpu: "64" \ No newline at end of file diff --git a/stable/artifactory/sizing/artifactory-xsmall-extra-config.yaml b/stable/artifactory/sizing/artifactory-xsmall-extra-config.yaml new file mode 100644 index 000000000..874ee8391 --- /dev/null +++ b/stable/artifactory/sizing/artifactory-xsmall-extra-config.yaml @@ -0,0 +1,39 @@ +#################################################################################### +# [WARNING] The configuration mentioned in this file are taken inside system.yaml +# hence this configuration will be overridden when enabling systemYamlOverride +#################################################################################### +artifactory: + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -Dartifactory.async.corePoolSize=10 + -Dartifactory.async.poolMaxQueueSize=2000 + -Dartifactory.http.client.max.total.connections=20 + -Dartifactory.http.client.max.connections.per.route=20 + -Dartifactory.access.client.max.connections=15 + -Dartifactory.metadata.event.operator.threads=2 + -XX:MaxMetaspaceSize=400m + -XX:CompressedClassSpaceSize=96m + -Djdk.nio.maxCachedBufferSize=131072 + -XX:MaxDirectMemorySize=128m + tomcat: + connector: + maxThreads: 50 + extraConfig: 'acceptCount="200" acceptorThreadCount="2" compression="off" connectionLinger="-1" connectionTimeout="120000" enableLookups="false"' + + database: + maxOpenConnections: 15 + +access: + tomcat: + connector: + maxThreads: 15 + + database: + maxOpenConnections: 15 + +metadata: + database: + maxOpenConnections: 15 + diff --git a/stable/artifactory/sizing/artifactory-xsmall.yaml b/stable/artifactory/sizing/artifactory-xsmall.yaml new file mode 100644 index 000000000..213cbb42c --- /dev/null +++ b/stable/artifactory/sizing/artifactory-xsmall.yaml @@ -0,0 +1,118 @@ +############################################################## +# The xsmall sizing +# This is the minimum size recommended for running Artifactory +############################################################## +splitServicesToContainers: true +artifactory: + # Enterprise and above licenses are required for setting replicaCount greater than 1. + # Count should be equal or above the total number of licenses available for artifactory. + replicaCount: 1 + + # Require multiple Artifactory pods to run on separate nodes + podAntiAffinity: + type: "hard" + + resources: + requests: + cpu: "1" + memory: 3Gi + limits: + # cpu: "10" + memory: 4Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + - name : JF_SHARED_NODE_HAENABLED + value: "true" + - name: SKIP_WAIT_FOR_EXTERNAL_DB + value: "true" + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 500Mi + +frontend: + resources: + requests: + cpu: 50m + memory: 150Mi + limits: + # cpu: "2" + memory: 250Mi + +metadata: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "2" + memory: 1Gi + +event: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +observability: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +jfconnect: + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + # cpu: 500m + memory: 250Mi + +nginx: + replicaCount: 1 + disableProxyBuffering: true + resources: + requests: + cpu: "50m" + memory: "50Mi" + limits: + # cpu: "1" + memory: "250Mi" + +postgresql: + postgresqlExtendedConf: + maxConnections: "100" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Artifactory pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - artifactory + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 8Gi + cpu: "2" + limits: + memory: 8Gi + # cpu: "8" + diff --git a/stable/artifactory/templates/_helpers.tpl b/stable/artifactory/templates/_helpers.tpl index a28776f87..33df663a1 100644 --- a/stable/artifactory/templates/_helpers.tpl +++ b/stable/artifactory/templates/_helpers.tpl @@ -320,9 +320,6 @@ Resolve requiredServiceTypes value {{- if .Values.event.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfevt" -}} {{- end -}} -{{- if .Values.integration.enabled -}} - {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfint" -}} -{{- end -}} {{- if .Values.frontend.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jffe" -}} {{- end -}} @@ -372,20 +369,7 @@ nginx scheme (http/https) {{- end -}} {{/* -nginx command -*/}} -{{- define "nginx.command" -}} -{{- if .Values.nginx.customCommand }} -{{ toYaml .Values.nginx.customCommand }} -{{ else }} -- nginx -- -g -- 'daemon off;' -{{- end }} -{{- end -}} - -{{/* -nginx port (80/443) based on http/https enabled +nginx port (8080/8443) based on http/https enabled */}} {{- define "nginx.port" -}} {{- if .Values.nginx.http.enabled -}} @@ -476,14 +460,3 @@ if the volume exists in customVolume then an extra volume with the same name wil {{- printf "%s" "false" -}} {{- end -}} {{- end -}} - -{{/* -Resolve fsGroup and runAsGroup on cluster based -*/}} -{{- define "artifactory.isOpenshiftCompatible" -}} -{{- if (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}} -{{- printf "%s" "true" -}} -{{- else -}} -{{- printf "%s" "false" -}} -{{- end -}} -{{- end -}} diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml index 5a63f9c46..bfbc58698 100644 --- a/stable/artifactory/templates/artifactory-statefulset.yaml +++ b/stable/artifactory/templates/artifactory-statefulset.yaml @@ -91,11 +91,8 @@ spec: securityContext: runAsNonRoot: true runAsUser: {{ .Values.artifactory.uid }} - {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }} runAsGroup: {{ .Values.artifactory.gid }} - {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }} fsGroup: {{ .Values.artifactory.gid }} - {{- end }} {{- if .Values.artifactory.fsGroupChangePolicy }} fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} {{- end }} @@ -771,45 +768,7 @@ spec: {{ tpl .Values.jfconnect.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} - {{- if .Values.integration.enabled }} - - name: {{ .Values.integration.name }} - image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/integration/bin/jf-integration start - {{- with .Values.integration.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.integration.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.integration.resources | indent 10 }} - {{- if .Values.integration.startupProbe.enabled }} - startupProbe: -{{ tpl .Values.integration.startupProbe.config . | indent 10 }} - {{- end }} - {{- if .Values.integration.livenessProbe.enabled }} - livenessProbe: -{{ tpl .Values.integration.livenessProbe.config . | indent 10 }} - {{- end }} - {{- end }} - {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} + {{- if and .Values.federation.enabled .Values.federation.embedded (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} - name: {{ .Values.federation.name }} image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} @@ -973,8 +932,6 @@ spec: value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_INTEGRATION_ENABLED - value: "false" {{- end}} {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB diff --git a/stable/artifactory/templates/nginx-deployment.yaml b/stable/artifactory/templates/nginx-deployment.yaml index 313499589..ec0b8fa6e 100644 --- a/stable/artifactory/templates/nginx-deployment.yaml +++ b/stable/artifactory/templates/nginx-deployment.yaml @@ -47,11 +47,10 @@ spec: {{- if .Values.nginx.labels }} {{ toYaml .Values.nginx.labels | indent 8 }} {{- end }} -{{- with .Values.nginx.deployment.annotations }} spec: - securityContext: - runAsUser: {{ .Values.nginx.uid }} - runAsGroup: {{ .Values.nginx.gid }} + {{- if .Values.nginx.podSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} serviceAccountName: {{ template "artifactory.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} @@ -87,12 +86,9 @@ spec: - name: {{ .Values.nginx.name }} image: {{ include "artifactory.getImageInfoByValue" (list . "nginx") }} imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - {{- with .Values.nginx.securityContext }} - securityContext: -{{ toYaml . | indent 10 }} + {{- if .Values.nginx.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.nginx.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} - command: -{{- tpl (include "nginx.command" .) . | indent 10 }} ports: {{ if .Values.nginx.customPorts }} {{ toYaml .Values.nginx.customPorts | indent 8 }} diff --git a/stable/artifactory/values-large.yaml b/stable/artifactory/values-large.yaml deleted file mode 100644 index 43b1b53e4..000000000 --- a/stable/artifactory/values-large.yaml +++ /dev/null @@ -1,80 +0,0 @@ -artifactory: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 300 - resources: - requests: - memory: "6Gi" - cpu: "2" - limits: - memory: "10Gi" - cpu: "8" - javaOpts: - xms: "8g" - xmx: "10g" -access: - database: - maxOpenConnections: 150 - tomcat: - connector: - maxThreads: 100 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 150 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/stable/artifactory/values-medium.yaml b/stable/artifactory/values-medium.yaml deleted file mode 100644 index 48970ef65..000000000 --- a/stable/artifactory/values-medium.yaml +++ /dev/null @@ -1,80 +0,0 @@ -artifactory: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 200 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "8Gi" - cpu: "6" - javaOpts: - xms: "6g" - xmx: "8g" -access: - database: - maxOpenConnections: 100 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 100 - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "200Mi" - cpu: "200m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/stable/artifactory/values-small.yaml b/stable/artifactory/values-small.yaml deleted file mode 100644 index 898119539..000000000 --- a/stable/artifactory/values-small.yaml +++ /dev/null @@ -1,80 +0,0 @@ -artifactory: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 200 - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "6g" -access: - database: - maxOpenConnections: 80 - tomcat: - connector: - maxThreads: 50 -router: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - database: - maxOpenConnections: 80 - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -jfconnect: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml index 02311d737..ab7c1d12c 100644 --- a/stable/artifactory/values.yaml +++ b/stable/artifactory/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override artifactory.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 # Init containers initContainers: resources: @@ -162,7 +162,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.2.750.1697534106 + tag: 9.3.1475 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -187,7 +187,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.81.0 + tag: 7.91.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -737,6 +737,7 @@ artifactory: {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} federation: enabled: true + embedded: {{ .Values.federation.embedded }} extraJavaOpts: {{ .Values.federation.extraJavaOpts }} port: {{ .Values.federation.internalPort }} rtfs: @@ -980,6 +981,8 @@ artifactory: port: useHttp: maxConnections: 50 + connectionTimeout: + socketTimeout: kmsServerSideEncryptionKeyId: kmsKeyRegion: kmsCryptoMode: @@ -1291,62 +1294,12 @@ jfconnect: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} -integration: - name: integration - enabled: true - internalPort: 8071 - ## Extra environment variables that can be used to tune integration to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: MY_ENV_VAR - # value: "" - resources: {} - # requests: - # memory: "100Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "1" - - # Add lifecycle hooks for integration container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - - ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true - livenessProbe: - enabled: true - config: | - exec: - command: - - sh - - -c - - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.integration.internalPort }}/api/v1/system/liveness - initialDelaySeconds: {{ if semverCompare " Date: Wed, 24 Jan 2024 20:10:44 +0530 Subject: [PATCH 16/47] [distribution] 2.22.1 release --- stable/distribution/CHANGELOG.md | 8 +- stable/distribution/Chart.yaml | 6 +- stable/distribution/README.md | 9 ++- .../sizing/distribution-2xlarge.yaml | 81 +++++++++++++++++++ .../sizing/distribution-small.yaml | 81 +++++++++++++++++++ .../sizing/distribution-xlarge.yaml | 81 +++++++++++++++++++ .../sizing/distribution-xsmall.yaml | 81 +++++++++++++++++++ .../sizing/distrubution-large.yaml | 81 +++++++++++++++++++ .../sizing/distrubution-medium.yaml | 81 +++++++++++++++++++ stable/distribution/values-large.yaml | 22 ----- stable/distribution/values-medium.yaml | 22 ----- stable/distribution/values-small.yaml | 22 ----- stable/distribution/values.yaml | 6 +- 13 files changed, 507 insertions(+), 74 deletions(-) create mode 100644 stable/distribution/sizing/distribution-2xlarge.yaml create mode 100644 stable/distribution/sizing/distribution-small.yaml create mode 100644 stable/distribution/sizing/distribution-xlarge.yaml create mode 100644 stable/distribution/sizing/distribution-xsmall.yaml create mode 100644 stable/distribution/sizing/distrubution-large.yaml create mode 100644 stable/distribution/sizing/distrubution-medium.yaml delete mode 100644 stable/distribution/values-large.yaml delete mode 100644 stable/distribution/values-medium.yaml delete mode 100644 stable/distribution/values-small.yaml diff --git a/stable/distribution/CHANGELOG.md b/stable/distribution/CHANGELOG.md index 2a8e75dfb..b9ad2fbc8 100644 --- a/stable/distribution/CHANGELOG.md +++ b/stable/distribution/CHANGELOG.md @@ -1,9 +1,15 @@ # JFrog Distribution Chart Changelog All changes to this project chart be documented in this file. -## [102.21.3] - Nov 22, 2023 +## [102.22.1] - Dec 22, 2023 +* Added recommended sizing configurations under sizing directory, please refer [here](README.md/#apply-sizing-configurations-to-the-chart) + +## [102.21.0] - Nov 22, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Removed default hardcoded javaOpts `-Xms2g -Xmx4g` from distribution.sh file +* Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml ## [102.20.1] - Sep 18, 2023 * Reverted - Enabled `unifiedSecretInstallation` by default [GH-1819](https://github.com/jfrog/charts/issues/1819) diff --git a/stable/distribution/Chart.yaml b/stable/distribution/Chart.yaml index ed420b2e0..c004dcd7f 100644 --- a/stable/distribution/Chart.yaml +++ b/stable/distribution/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.21.3 +appVersion: 2.22.1 dependencies: - condition: postgresql.enabled name: postgresql @@ -11,7 +11,7 @@ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/distribution/ keywords: - distribution - jfrog -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -19,4 +19,4 @@ name: distribution sources: - https://github.com/jfrog/charts type: application -version: 102.21.3 +version: 102.22.1 diff --git a/stable/distribution/README.md b/stable/distribution/README.md index 62297a025..6702be881 100644 --- a/stable/distribution/README.md +++ b/stable/distribution/README.md @@ -3,7 +3,7 @@ **IMPORTANT!** Our Helm Chart docs have moved to our main documentation site. Below you will find the basic instructions for installing Distribution. For all other information, refer to [Installing Distribution](https://www.jfrog.com/confluence/display/JFROG/Installing+Distribution). ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ ## Chart Details This chart does the following: @@ -40,6 +40,13 @@ helm upgrade --install distribution --set distribution.joinKey= --namespace distribution jfrog/distribution ``` +### Apply Sizing configurations to the Chart +To apply the chart with recommended sizing configurations : +For small configurations : +```bash +helm upgrade --install distribution --namespace distribution jfrog/distribution -f sizing/distribution-small.yaml +``` + ## Uninstalling Distribution **IMPORTANT:** Uninstalling distribution using the commands below will also delete your data volumes and you will lose all of your data. You must back up all this information before deletion. diff --git a/stable/distribution/sizing/distribution-2xlarge.yaml b/stable/distribution/sizing/distribution-2xlarge.yaml new file mode 100644 index 000000000..4fd235b98 --- /dev/null +++ b/stable/distribution/sizing/distribution-2xlarge.yaml @@ -0,0 +1,81 @@ +############################################################## +# The 2xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## + +unifiedUpgradeAllowed: true +databaseUpgradeReady: true + +replicaCount: 3 + +distribution: + resources: + requests: + cpu: 1 + memory: 2Gi + limits: + # cpu: "4" + memory: 3Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -XX:+UseStringDeduplication + -XX:MaxMetaspaceSize=300m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: 25m + memory: 50Mi + limits: + # cpu: "1" + memory: 250Mi + +redis: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +postgresql: + postgresqlExtendedConf: + maxConnections: "300" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than distribution pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - distribution + topologyKey: kubernetes.io/hostname + resources: + requests: + cpu: "150m" + memory: 1Gi + limits: + # cpu: "2" + memory: 8Gi \ No newline at end of file diff --git a/stable/distribution/sizing/distribution-small.yaml b/stable/distribution/sizing/distribution-small.yaml new file mode 100644 index 000000000..012b4d7c9 --- /dev/null +++ b/stable/distribution/sizing/distribution-small.yaml @@ -0,0 +1,81 @@ +############################################################## +# The small sizing +# This is the size recommended for running Distribution for small teams +############################################################## + +unifiedUpgradeAllowed: true +databaseUpgradeReady: true + +replicaCount: 1 + +distribution: + resources: + requests: + cpu: 100m + memory: 700Mi + limits: + # cpu: "3" + memory: 1200Mi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + + javaOpts: + other: > + -XX:InitialRAMPercentage=30 + -XX:MaxRAMPercentage=60 + -XX:+UseStringDeduplication + -XX:MaxMetaspaceSize=300m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: 30m + memory: 30Mi + limits: + # cpu: "1" + memory: 50Mi + +redis: + resources: + requests: + cpu: 30m + memory: 50Mi + limits: + # cpu: "1" + memory: 150Mi + +postgresql: + postgresqlExtendedConf: + maxConnections: "50" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than distribution pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - distribution + topologyKey: kubernetes.io/hostname + resources: + requests: + cpu: "50m" + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi \ No newline at end of file diff --git a/stable/distribution/sizing/distribution-xlarge.yaml b/stable/distribution/sizing/distribution-xlarge.yaml new file mode 100644 index 000000000..3ad386c18 --- /dev/null +++ b/stable/distribution/sizing/distribution-xlarge.yaml @@ -0,0 +1,81 @@ +############################################################## +# The xlarge sizing +# This size is intended for very large organizations. It can be increased with adding replicas +############################################################## + +unifiedUpgradeAllowed: true +databaseUpgradeReady: true + +replicaCount: 2 + +distribution: + resources: + requests: + cpu: 1 + memory: 2Gi + limits: + # cpu: "4" + memory: 3Gi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + + javaOpts: + other: > + -XX:InitialRAMPercentage=40 + -XX:MaxRAMPercentage=70 + -XX:+UseStringDeduplication + -XX:MaxMetaspaceSize=300m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: 25m + memory: 50Mi + limits: + # cpu: "1" + memory: 250Mi + +redis: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +postgresql: + postgresqlExtendedConf: + maxConnections: "200" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than distribution pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - distribution + topologyKey: kubernetes.io/hostname + resources: + requests: + cpu: "100m" + memory: 1Gi + limits: + # cpu: "2" + memory: 8Gi \ No newline at end of file diff --git a/stable/distribution/sizing/distribution-xsmall.yaml b/stable/distribution/sizing/distribution-xsmall.yaml new file mode 100644 index 000000000..d54618932 --- /dev/null +++ b/stable/distribution/sizing/distribution-xsmall.yaml @@ -0,0 +1,81 @@ +############################################################## +# The xsmall sizing +# This is the minimum size recommended for running Distribution +############################################################## + +unifiedUpgradeAllowed: true +databaseUpgradeReady: true + +replicaCount: 1 + +distribution: + resources: + requests: + cpu: 50m + memory: 700Mi + limits: + # cpu: "3" + memory: 1200Mi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + + javaOpts: + other: > + -XX:InitialRAMPercentage=30 + -XX:MaxRAMPercentage=60 + -XX:+UseStringDeduplication + -XX:MaxMetaspaceSize=300m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + +router: + resources: + requests: + cpu: 30m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: 20m + memory: 20Mi + limits: + # cpu: "1" + memory: 50Mi + +redis: + resources: + requests: + cpu: 20m + memory: 20Mi + limits: + # cpu: "1" + memory: 100Mi + +postgresql: + postgresqlExtendedConf: + maxConnections: "50" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than distribution pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - distribution + topologyKey: kubernetes.io/hostname + resources: + requests: + cpu: "20m" + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi \ No newline at end of file diff --git a/stable/distribution/sizing/distrubution-large.yaml b/stable/distribution/sizing/distrubution-large.yaml new file mode 100644 index 000000000..f775168f5 --- /dev/null +++ b/stable/distribution/sizing/distrubution-large.yaml @@ -0,0 +1,81 @@ +############################################################## +# The large sizing +# This is identical to the medium sizing, but with an extra Distribution replica +############################################################## + +unifiedUpgradeAllowed: true +databaseUpgradeReady: true + +replicaCount: 2 + +distribution: + resources: + requests: + cpu: 100m + memory: 700Mi + limits: + # cpu: "3" + memory: 1200Mi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + + javaOpts: + other: > + -XX:InitialRAMPercentage=30 + -XX:MaxRAMPercentage=60 + -XX:+UseStringDeduplication + -XX:MaxMetaspaceSize=300m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: 30m + memory: 30Mi + limits: + # cpu: "1" + memory: 50Mi + +redis: + resources: + requests: + cpu: 30m + memory: 50Mi + limits: + # cpu: "1" + memory: 150Mi + +postgresql: + postgresqlExtendedConf: + maxConnections: "100" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than distribution pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - distribution + topologyKey: kubernetes.io/hostname + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "2" + memory: 1Gi \ No newline at end of file diff --git a/stable/distribution/sizing/distrubution-medium.yaml b/stable/distribution/sizing/distrubution-medium.yaml new file mode 100644 index 000000000..3dea6d21a --- /dev/null +++ b/stable/distribution/sizing/distrubution-medium.yaml @@ -0,0 +1,81 @@ +############################################################## +# The medium sizing +# This is identical to the small sizing +############################################################## + +unifiedUpgradeAllowed: true +databaseUpgradeReady: true + +replicaCount: 1 + +distribution: + resources: + requests: + cpu: 100m + memory: 700Mi + limits: + # cpu: "3" + memory: 1200Mi + + extraEnvironmentVariables: + - name: MALLOC_ARENA_MAX + value: "2" + + javaOpts: + other: > + -XX:InitialRAMPercentage=30 + -XX:MaxRAMPercentage=60 + -XX:+UseStringDeduplication + -XX:MaxMetaspaceSize=300m + -Djdk.nio.maxCachedBufferSize=262144 + -XX:MaxDirectMemorySize=256m + +router: + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: 30m + memory: 30Mi + limits: + # cpu: "1" + memory: 50Mi + +redis: + resources: + requests: + cpu: 30m + memory: 50Mi + limits: + # cpu: "1" + memory: 150Mi + +postgresql: + postgresqlExtendedConf: + maxConnections: "50" + primary: + affinity: + # Require PostgreSQL pod to run on a different node than distribution pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - distribution + topologyKey: kubernetes.io/hostname + resources: + requests: + cpu: "50m" + memory: 200Mi + limits: + # cpu: "2" + memory: 1Gi \ No newline at end of file diff --git a/stable/distribution/values-large.yaml b/stable/distribution/values-large.yaml deleted file mode 100644 index 0048a2484..000000000 --- a/stable/distribution/values-large.yaml +++ /dev/null @@ -1,22 +0,0 @@ -replicaCount: 4 - -redis: - resources: - requests: - memory: "512Mi" - cpu: "1" - limits: - memory: "2Gi" - cpu: "2" - -distribution: - resources: - requests: - memory: "3Gi" - cpu: "2" - limits: - memory: "9Gi" - cpu: "6" - javaOpts: - xms: "3g" - xmx: "9g" diff --git a/stable/distribution/values-medium.yaml b/stable/distribution/values-medium.yaml deleted file mode 100644 index 82772ac2e..000000000 --- a/stable/distribution/values-medium.yaml +++ /dev/null @@ -1,22 +0,0 @@ -replicaCount: 3 - -redis: - resources: - requests: - memory: "512Mi" - cpu: "1" - limits: - memory: "1Gi" - cpu: "1" - -distribution: - resources: - requests: - memory: "2Gi" - cpu: "1" - limits: - memory: "6Gi" - cpu: "3" - javaOpts: - xms: "2g" - xmx: "6g" diff --git a/stable/distribution/values-small.yaml b/stable/distribution/values-small.yaml deleted file mode 100644 index 9fb57641c..000000000 --- a/stable/distribution/values-small.yaml +++ /dev/null @@ -1,22 +0,0 @@ -replicaCount: 2 - -redis: - resources: - requests: - memory: "512Mi" - cpu: "1" - limits: - memory: "1Gi" - cpu: "1" - -distribution: - resources: - requests: - memory: "1Gi" - cpu: "1" - limits: - memory: "3Gi" - cpu: "2" - javaOpts: - xms: "1g" - xmx: "3g" diff --git a/stable/distribution/values.yaml b/stable/distribution/values.yaml index b7c9e0bde..6cd702659 100644 --- a/stable/distribution/values.yaml +++ b/stable/distribution/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override distribution.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1361.1699548032 # Init containers initContainers: resources: @@ -332,7 +332,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.2.750.1697534106 + tag: 9.3.1361.1699548032 distribution: name: distribution ## Note that by default we use appVersion to get image tag/version @@ -556,7 +556,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.87.0 + tag: 7.89.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled From fbea381027a5cf0ba801a49679d94d878d2e4323 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 24 Jan 2024 20:11:01 +0530 Subject: [PATCH 17/47] [insight] 1.16.6 release --- stable/insight/CHANGELOG.md | 2 +- stable/insight/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/insight/CHANGELOG.md b/stable/insight/CHANGELOG.md index 8b9531213..c7b7e5481 100644 --- a/stable/insight/CHANGELOG.md +++ b/stable/insight/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Insights Chart Changelog All changes to this chart will be documented in this file. -## [101.16.5] - Oct 17, 2023 +## [101.16.6] - Oct 17, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) ## [101.15.0] - Sep 18, 2023 diff --git a/stable/insight/Chart.yaml b/stable/insight/Chart.yaml index 8c8554d15..61f1d7b7d 100644 --- a/stable/insight/Chart.yaml +++ b/stable/insight/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.16.5 +appVersion: 1.16.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: insight sources: - https://github.com/jfrog/charts type: application -version: 101.16.5 +version: 101.16.6 From 6f146b62760efade07feeb5c2b5f38accb6a939e Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 24 Jan 2024 20:11:50 +0530 Subject: [PATCH 18/47] [pipelines] 1.53.4 release --- stable/pipelines/CHANGELOG.md | 20 +- stable/pipelines/Chart.lock | 8 +- stable/pipelines/Chart.yaml | 10 +- stable/pipelines/templates/_helpers.tpl | 44 ++++ .../pipelines/templates/migration-hook.yaml | 116 +++++++++ .../templates/pipelines-cron-statefulset.yaml | 4 +- .../pipelines-hookhandler-statefulset.yaml | 4 +- .../pipelines-internalapi-statefulset.yaml | 10 +- .../templates/pipelines-statefulset.yaml | 10 +- .../pipelines-steptrigger-statefulset.yaml | 4 +- .../templates/pipelines-sync-statefulset.yaml | 4 +- .../pipelines-trigger-statefulset.yaml | 4 +- stable/pipelines/values.yaml | 242 ++++++++++++++---- 13 files changed, 397 insertions(+), 83 deletions(-) create mode 100644 stable/pipelines/templates/migration-hook.yaml diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md index 136c745bf..f0863c0dc 100644 --- a/stable/pipelines/CHANGELOG.md +++ b/stable/pipelines/CHANGELOG.md @@ -1,7 +1,24 @@ # JFrog Pipelines Chart Changelog All changes to this chart to be documented in this file. -## [101.49.6] - Oct 16, 2023 +## [101.53.4] - Nov 14, 2023 +* Updated rabbitmq version to 3.12.10-debian-11-r1 +* Updated redis version to 7.2.0-debian-11-r2 + +## [101.51.0] - Nov 14, 2023 +* Update minimum supported kubernetes version to 1.19 +* Updated postgresql tag version to `13.13.0-debian-11-r4` +* Updated hashicorp tag version to `1.15` +* Changed default replicacount to 1 for redis +* Updated sentinel port and master group name + +## [101.50.0] - Oct 20, 2023 +* Added sentinel redis +* Upgrade redis, redis-sentinel and redis-exporter to latest versions +* Upgrade rabbitmq container and chart version to 3.11.10-debian-11-r5 and 11.9.3 +* Use multiarch supported image for init container + +## [101.49.0] - Oct 16, 2023 * Defined router required service types for pods ## [101.46.2] - Oct 12, 2023 @@ -13,6 +30,7 @@ All changes to this chart to be documented in this file. ## [101.45.0] - Aug 7, 2023 * Upadate chart version of vault to 0.25.0 to work with 1.25 of kubernetes + ## [101.44.0] - Jul 27, 2023 * Added option to stream logs in json * Add support to work without vault on modifying corresponding flags diff --git a/stable/pipelines/Chart.lock b/stable/pipelines/Chart.lock index 2a1dd2970..61aec15ed 100644 --- a/stable/pipelines/Chart.lock +++ b/stable/pipelines/Chart.lock @@ -4,12 +4,12 @@ dependencies: version: 10.3.18 - name: rabbitmq repository: https://charts.jfrog.io/ - version: 8.31.6 + version: 11.9.3 - name: redis repository: https://charts.jfrog.io/ - version: 12.10.1 + version: 17.13.2 - name: vault repository: https://charts.jfrog.io/ version: 0.25.0 -digest: sha256:9d9b9eaa7258294872a09b31aae9d39fb4f0970ce5c17220d2d6ab889562e3b5 -generated: "2023-08-07T15:59:25.511241+05:30" +digest: sha256:dd3150c4f1f61d956c9ddb58ea16803748aec1427c69efb60551274611ddccd0 +generated: "2023-12-05T15:54:45.066391+05:30" diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml index 7d0e71c08..acc31475d 100644 --- a/stable/pipelines/Chart.yaml +++ b/stable/pipelines/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.49.6 +appVersion: 1.53.4 dependencies: - condition: postgresql.enabled name: postgresql @@ -8,11 +8,11 @@ dependencies: - condition: rabbitmq.enabled name: rabbitmq repository: https://charts.jfrog.io/ - version: 8.31.6 + version: 11.9.3 - condition: redis.enabled name: redis repository: https://charts.jfrog.io/ - version: 12.10.1 + version: 17.13.2 - condition: vault.enabled name: vault repository: https://charts.jfrog.io/ @@ -24,7 +24,7 @@ keywords: - pipelines - jfrog - devops -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -32,4 +32,4 @@ name: pipelines sources: - https://github.com/jfrog/charts type: application -version: 101.49.6 +version: 101.53.4 diff --git a/stable/pipelines/templates/_helpers.tpl b/stable/pipelines/templates/_helpers.tpl index 2100eec3d..603625d7b 100644 --- a/stable/pipelines/templates/_helpers.tpl +++ b/stable/pipelines/templates/_helpers.tpl @@ -32,6 +32,50 @@ The services name {{- printf "%s-%s-services" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Expand the name of rabbit chart. +*/}} +{{- define "rabbitmq.name" -}} +{{- default (printf "%s" "rabbitmq") .Values.rabbitmq.nameOverride -}} +{{- end -}} + +{{/* +Return the registry of a service +*/}} +{{- define "pipelines.getRegistryByService" -}} +{{- $dot := index . 0 }} +{{- $service := index . 1 }} +{{- if $dot.Values.global.imageRegistry }} + {{- $dot.Values.global.imageRegistry }} +{{- else -}} + {{- if (eq $service "migrationHook") -}} + {{- index $dot.Values.rabbitmq.migration.image.registry -}} + {{- else -}} + {{- index $dot.Values $service "image" "registry" -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{- define "pipelines.rabbitmq.migration.fullname" -}} +{{- $name := default "rabbitmq-migration" -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use for rabbitmq migration +*/}} +{{- define "pipelines.rabbitmq.migration.serviceAccountName" -}} +{{- if .Values.rabbitmq.migration.serviceAccount.create -}} +{{ default (include "pipelines.rabbitmq.migration.fullname" .) .Values.rabbitmq.migration.serviceAccount.name }} +{{- else -}} +{{ default "rabbitmq-migration" .Values.rabbitmq.migration.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{- define "pipelines.sync.name" -}} {{- $name := .Release.Name | trunc 29 -}} {{- printf "%s-%s-sync" $name .Chart.Name | trunc 63 | trimSuffix "-" -}} diff --git a/stable/pipelines/templates/migration-hook.yaml b/stable/pipelines/templates/migration-hook.yaml new file mode 100644 index 000000000..44d823a82 --- /dev/null +++ b/stable/pipelines/templates/migration-hook.yaml @@ -0,0 +1,116 @@ +{{- if .Values.rabbitmq.enabled }} +{{- if .Values.rabbitmq.migration.enabled }} +{{- if .Values.rabbitmq.migration.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "pipelines.name" . }} + chart: {{ template "pipelines.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "pipelines.rabbitmq.migration.serviceAccountName" . }} + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-weight: "-10" +automountServiceAccountToken: {{ .Values.rabbitmq.migration.serviceAccount.automountServiceAccountToken }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- if .Values.rabbitmq.enabled }} +{{- if .Values.rabbitmq.migration.enabled }} +{{- if .Values.rabbitmq.migration.serviceAccount.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "pipelines.name" . }} + chart: {{ template "pipelines.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "pipelines.rabbitmq.migration.fullname" . }} + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-weight: "-10" +rules: +{{ toYaml .Values.rabbitmq.migration.serviceAccount.rbac.role.rules }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- if .Values.rabbitmq.enabled }} +{{- if .Values.rabbitmq.migration.enabled }} +{{- if .Values.rabbitmq.migration.serviceAccount.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "pipelines.name" . }} + chart: {{ template "pipelines.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "pipelines.rabbitmq.migration.fullname" . }} + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-weight: "-10" +subjects: + - kind: ServiceAccount + name: {{ template "pipelines.rabbitmq.migration.serviceAccountName" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ template "pipelines.rabbitmq.migration.fullname" . }} +{{- end }} +{{- end }} +{{- end }} +--- +{{- if .Values.rabbitmq.enabled }} +{{- if .Values.rabbitmq.migration.enabled }} +apiVersion: v1 +kind: Pod +metadata: + labels: + app: {{ template "pipelines.name" . }} + chart: {{ template "pipelines.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "pipelines.fullname" . }}-pre-upgrade-hook + annotations: + "helm.sh/hook": "pre-upgrade" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + {{- if .Values.rabbitmq.podSecurityContext.enabled }} + securityContext: {{- omit .Values.rabbitmq.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} + {{- include "pipelines.imagePullSecrets" . | indent 2 }} + {{- end }} + serviceAccountName: {{ template "pipelines.rabbitmq.migration.serviceAccountName" . }} + containers: + - name: pre-upgrade-container + image: "{{ include "pipelines.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" + imagePullPolicy: IfNotPresent + {{- if .Values.rabbitmq.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + command: + - sh + - -c + - | + #!/bin/sh + if [ "$(kubectl get pods -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }}" -o jsonpath='{.items[?(@.metadata.name=="{{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0")].status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then + kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all + if [ "$?" -ne 0 ]; then + echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] " + exit 1 + else + echo Feature flags executed successfully! + fi + else + echo "Rabbitmq pod is not in running state. Ignoring feature flag migration for rabbitmq" + fi + restartPolicy: Never + terminationGracePeriodSeconds: 0 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/pipelines/templates/pipelines-cron-statefulset.yaml b/stable/pipelines/templates/pipelines-cron-statefulset.yaml index f8f41a76c..f66a28ace 100644 --- a/stable/pipelines/templates/pipelines-cron-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-cron-statefulset.yaml @@ -62,8 +62,8 @@ spec: {{ tpl (include "pipelines.cron.customInitContainersBegin" .) . | indent 8 }} {{- end }} - name: wait-for-pipelines-internalapi - image: '{{ .Values.initContainer.image }}' - imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: diff --git a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml index 876c78e3b..400bc0fe0 100644 --- a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml @@ -66,8 +66,8 @@ spec: {{ tpl (include "pipelines.hookhandler.customInitContainersBegin" .) . | indent 8 }} {{- end }} - name: wait-for-pipelines-internalapi - image: '{{ .Values.initContainer.image }}' - imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: diff --git a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml index 50041f788..cae1473d5 100644 --- a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml @@ -171,8 +171,8 @@ spec: {{- end }} {{- if and .Values.vault.enabled (.Values.access.shouldReadFromVault) (not .Values.access.shouldJustUpdateAccess) }} - name: wait-for-vault - image: "{{ .Values.initContainer.image }}" - imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -290,16 +290,16 @@ spec: export PIP_METRIC_FILE_PREFIX="internalapi-pipelines-installer"; {{- if .Values.rabbitmq.enabled }} echo "Waiting for RabbitMQ to come up..."; - until nc -z -w 2 {{ .Release.Name }}-rabbitmq {{ .Values.rabbitmq.service.port }} && echo rabbitmq ok; do + until nc -z -w 2 {{ .Release.Name }}-rabbitmq {{ .Values.rabbitmq.service.ports.amqp }} && echo rabbitmq ok; do sleep 1; done; {{- end }} {{- if .Values.redis.enabled }} echo "Waiting for Redis to come up..."; {{- if .Values.redis.fullnameOverride }} - until nc -z -w 2 {{ .Values.redis.fullnameOverride }}-master {{ .Values.redis.redisPort }} && echo redis ok; do + until nc -z -w 2 {{ .Values.redis.fullnameOverride }} {{ .Values.redis.redisPort }} && echo redis ok; do {{- else }} - until nc -z -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.redisPort }} && echo redis ok; do + until nc -z -w 2 {{ .Release.Name }}-redis {{ .Values.redis.redisPort }} && echo redis ok; do {{- end }} sleep 1; done; diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml index 069788347..8477136c2 100644 --- a/stable/pipelines/templates/pipelines-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-statefulset.yaml @@ -219,8 +219,8 @@ spec: {{- end }} {{- if and .Values.vault.enabled (.Values.access.shouldReadFromVault) (not .Values.access.shouldJustUpdateAccess) }} - name: wait-for-vault - image: "{{ .Values.initContainer.image }}" - imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -338,16 +338,16 @@ spec: export PIP_METRIC_FILE_PREFIX="services-pipelines-installer"; {{- if .Values.rabbitmq.enabled }} echo "Waiting for RabbitMQ to come up..."; - until nc -z -w 2 {{ .Release.Name }}-rabbitmq {{ .Values.rabbitmq.service.port }} && echo rabbitmq ok; do + until nc -z -w 2 {{ .Release.Name }}-rabbitmq {{ .Values.rabbitmq.service.ports.amqp }} && echo rabbitmq ok; do sleep 1; done; {{- end }} {{- if .Values.redis.enabled }} echo "Waiting for Redis to come up..."; {{- if .Values.redis.fullnameOverride }} - until nc -z -w 2 {{ .Values.redis.fullnameOverride }}-master {{ .Values.redis.redisPort }} && echo redis ok; do + until nc -z -w 2 {{ .Values.redis.fullnameOverride }} {{ .Values.redis.redisPort }} && echo redis ok; do {{- else }} - until nc -z -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.redisPort }} && echo redis ok; do + until nc -z -w 2 {{ .Release.Name }}-redis {{ .Values.redis.redisPort }} && echo redis ok; do {{- end }} sleep 1; done; diff --git a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml index a57352b36..b7c72985f 100644 --- a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml @@ -62,8 +62,8 @@ spec: {{ tpl (include "pipelines.stepservice.customInitContainersBegin" .) . | indent 8 }} {{- end }} - name: wait-for-pipelines-internalapi - image: '{{ .Values.initContainer.image }}' - imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: diff --git a/stable/pipelines/templates/pipelines-sync-statefulset.yaml b/stable/pipelines/templates/pipelines-sync-statefulset.yaml index e0828a3db..d7c2d0168 100644 --- a/stable/pipelines/templates/pipelines-sync-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-sync-statefulset.yaml @@ -64,8 +64,8 @@ spec: {{ tpl (include "pipelines.sync.customInitContainersBegin" .) . | indent 8 }} {{- end }} - name: wait-for-pipelines-internalapi - image: '{{ .Values.initContainer.image }}' - imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: diff --git a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml index 44d3f1adf..6e434161c 100644 --- a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml @@ -64,8 +64,8 @@ spec: {{ tpl (include "pipelines.trigger.customInitContainersBegin" .) . | indent 8 }} {{- end }} - name: wait-for-pipelines-internalapi - image: '{{ .Values.initContainer.image }}' - imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} + imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: diff --git a/stable/pipelines/values.yaml b/stable/pipelines/values.yaml index e715c7fbf..a98907689 100644 --- a/stable/pipelines/values.yaml +++ b/stable/pipelines/values.yaml @@ -68,7 +68,7 @@ global: ## Common initContainer: - image: "releases-docker.jfrog.io/alpine:3.14.2" + image: "releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.691" pullPolicy: IfNotPresent # Init containers @@ -1289,8 +1289,8 @@ pipelines: msg: {{- if .Values.rabbitmq.enabled }} ip: {{ .Release.Name }}-rabbitmq - port: {{ .Values.rabbitmq.service.port }} - adminPort: {{ .Values.rabbitmq.service.managerPort }} + port: {{ .Values.rabbitmq.service.ports.amqp }} + adminPort: {{ .Values.rabbitmq.service.ports.manager }} erlangCookie: {{ .Values.rabbitmq.auth.erlangCookie }} username: {{ .Values.rabbitmq.auth.username }} password: "{{ .Values.rabbitmq.auth.password }}" @@ -1382,16 +1382,16 @@ pipelines: ## redis: {{- if .Values.redis.fullnameOverride }} - ip: {{ .Values.redis.fullnameOverride }}-master + ip: {{ .Values.redis.fullnameOverride }} {{- else }} - ip: {{ .Release.Name }}-redis-master + ip: {{ .Release.Name }}-redis {{- end }} port: {{ .Values.redis.redisPort }} - {{- if .Values.redis.usePassword }} - password: {{ .Values.redis.password }} - {{- end }} - + password: {{ .Values.redis.auth.password }} clusterEnabled: false + sentinel: + port: {{ .Values.redis.sentinel.containerPorts.sentinel }} + masterGroupName: {{ .Values.redis.sentinel.masterSet }} ## Metrics logging metrics: @@ -1623,9 +1623,33 @@ pipelines: os: Ubuntu_20.04 language: node registryUrl: releases-docker.jfrog.io - image: jfrog/pipelines-u20arm + image: jfrog/pipelines-ubuntu20arm-node isDefault: true - defaultVersion: 2.6.3 + defaultVersion: 18 + - architecture: ARM64 + os: Ubuntu_20.04 + language: java + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu20arm-java + defaultVersion: 17 + - architecture: ARM64 + os: Ubuntu_20.04 + language: cpp + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu20arm-cpp + defaultVersion: 13 + - architecture: ARM64 + os: Ubuntu_20.04 + language: go + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu20arm-go + defaultVersion: 1.21 + - architecture: ARM64 + os: Ubuntu_20.04 + language: dotnet + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu20arm-dotnet + defaultVersion: 6.0 - architecture: x86_64 os: Ubuntu_20.04 language: node @@ -1813,6 +1837,68 @@ pipelines: registryUrl: releases-docker.jfrog.io image: jfrog/pipelines-c8go defaultVersion: 1.19 + - architecture: x86_64 + os: Ubuntu_22.04 + language: node + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-node + isDefault: true + defaultVersion: 18 + - architecture: x86_64 + os: Ubuntu_22.04 + language: java + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-java + defaultVersion: 17 + - architecture: x86_64 + os: Ubuntu_22.04 + language: cpp + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-cpp + defaultVersion: 13 + - architecture: x86_64 + os: Ubuntu_22.04 + language: go + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-go + defaultVersion: 1.21 + - architecture: x86_64 + os: Ubuntu_22.04 + language: dotnet + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-dotnet + defaultVersion: 6.0 + - architecture: ARM64 + os: Ubuntu_22.04 + language: node + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-node + isDefault: true + defaultVersion: 18 + - architecture: ARM64 + os: Ubuntu_22.04 + language: java + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-java + defaultVersion: 17 + - architecture: ARM64 + os: Ubuntu_22.04 + language: cpp + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-cpp + defaultVersion: 13 + - architecture: ARM64 + os: Ubuntu_22.04 + language: go + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-go + defaultVersion: 1.21 + - architecture: ARM64 + os: Ubuntu_22.04 + language: dotnet + registryUrl: releases-docker.jfrog.io + image: jfrog/pipelines-ubuntu22-dotnet + defaultVersion: 6.0 ## Runtime Override Properties Section runtimeOverride: {} @@ -1842,7 +1928,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.9.0-debian-11-r11 + tag: 13.13.0-debian-11-r4 postgresqlDatabase: "pipelinesdb" postgresqlUsername: "apiuser" # Password must be set @@ -1889,14 +1975,14 @@ rabbitmq: image: registry: releases-docker.jfrog.io repository: bitnami/rabbitmq - tag: 3.9.21-debian-11-r0 + tag: 3.12.10-debian-11-r1 auth: username: admin ## RabbitMQ application password ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables - # Password must be set - password: "" + # Password must be changed for production use + password: password # existingPasswordSecret: name-of-existing-secret ## Erlang cookie to determine whether different nodes are allowed to communicate with each other @@ -1920,6 +2006,39 @@ rabbitmq: affinity: {} + ## Upgrade of rabbitmq to 3.12.x needs the feature flags to be enabled. + ## Ref: (https://www.rabbitmq.com/feature-flags.html#list-of-feature-flags) + ## migration enable will perform `rabbitmqctl enable_feature_flag all` command on the existing rabbitmq before starting the upgrade + migration: + ## Migration is required to be performed only once hence this option can be disabled once the feature flags are enabled in rabbitmq. + enabled: true + image: + registry: releases-docker.jfrog.io + repository: bitnami/kubectl + tag: 1.24.12 + ## Service account for the pre-upgrade hook to perform rabbitmq migration + serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + name: + ## Explicitly mounts the API credentials for the Service Account + automountServiceAccountToken: true + rbac: + create: true + role: + ## Rules to create. It follows the role specification + rules: + - apiGroups: + - "" + resources: + - pods/exec + - pods + verbs: + - create + - get + - list + ## Platform config access configuration access: enableVaultToAccessMigration: false @@ -1937,44 +2056,61 @@ redis: image: registry: releases-docker.jfrog.io repository: bitnami/redis - tag: 6.2.1-debian-10-r9 - redisPort: 6379 - ## Redis will come up with auth only if redis.usePassword is set to true - ## Change this value for production use - password: "password" - - cluster: - enabled: false - slaveCount: 2 - - usePassword: false - + tag: 7.2.0-debian-11-r2 fullnameOverride: - + redisPort: 6379 + auth: + ## @param auth.enabled Enable password authentication + ## + enabled: true + ## @param auth.sentinel Enable password authentication on sentinels too + ## + sentinel: true + ## @param auth.password Redis® password + ## Defaults to a random 10-character alphanumeric string if not set + ## + password: "password" + commonConfiguration: |- + appendonly yes + maxmemory-policy volatile-lru + architecture: "replication" master: - configmap: |- - appendonly yes - loglevel notice - resources: {} - # requests: - # memory: 100Mi - # cpu: 25m - # limits: - # memory: 4Gi - # cpu: "1" - - affinity: {} - - slave: - resources: {} - # requests: - # memory: 100Mi - # cpu: 25m - # limits: - # memory: 4Gi - # cpu: "1" + persistence: + enabled: true + containerPorts: + redis: 6379 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 20m + memory: 512Mi + replica: + replicaCount: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 20m + memory: 512Mi + sentinel: + enabled: true + containerPorts: + sentinel: 26379 + image: + registry: releases-docker.jfrog.io + repository: bitnami/redis-sentinel + tag: 7.2.0-debian-11-r2 + masterSet: pipelines-master + metrics: + enabled: true + image: + registry: releases-docker.jfrog.io + repository: bitnami/redis-exporter + tag: 1.55.0-debian-11-r0 - affinity: {} ## Vault vault: @@ -1991,7 +2127,7 @@ vault: server: image: repository: "releases-docker.jfrog.io/hashicorp/vault" - tag: 1.8.6 + tag: "1.15" # resources: {} # requests: @@ -2038,7 +2174,7 @@ vault: extraInitContainers: # wait-for-db is checking if postgresql server up - name: vault-wait-for-db - image: "releases-docker.jfrog.io/bitnami/postgresql:13.9.0-debian-11-r11" + image: "releases-docker.jfrog.io/bitnami/postgresql:13.13.0-debian-11-r4" imagePullPolicy: IfNotPresent env: - name: CONNECTION_DETAILS @@ -2068,7 +2204,7 @@ vault: # create-vault-table is creating vault schema changes in postgres db - name: create-vault-table - image: releases-docker.jfrog.io/bitnami/postgresql:13.9.0-debian-11-r11 + image: releases-docker.jfrog.io/bitnami/postgresql:13.13.0-debian-11-r4 imagePullPolicy: IfNotPresent env: - name: DATABASE_URL From 974b54db3d1e99024e8f5d05de447cf3ecdae271 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 24 Jan 2024 20:12:31 +0530 Subject: [PATCH 19/47] [xray] 3.87.9 release --- stable/xray/CHANGELOG.md | 8 +- stable/xray/Chart.yaml | 6 +- stable/xray/README.md | 7 + stable/xray/ci/default-values.yaml | 10 + .../ci/test-rabbitmq-haQuorum-values.yaml | 65 +++++++ stable/xray/rabbitmq/ha-quorum.yaml | 9 + stable/xray/sizing/xray-sizing-2xlarge.yaml | 173 ++++++++++++++++++ stable/xray/sizing/xray-sizing-large.yaml | 173 ++++++++++++++++++ stable/xray/sizing/xray-sizing-medium.yaml | 173 ++++++++++++++++++ stable/xray/sizing/xray-sizing-small.yaml | 173 ++++++++++++++++++ stable/xray/sizing/xray-sizing-tiny.yaml | 169 +++++++++++++++++ stable/xray/sizing/xray-sizing-xlarge.yaml | 173 ++++++++++++++++++ stable/xray/sizing/xray-sizing-xsmall.yaml | 173 ++++++++++++++++++ stable/xray/templates/_helpers.tpl | 9 +- stable/xray/templates/migration-hook.yaml | 70 +++---- stable/xray/templates/xray-statefulset.yaml | 69 +++++++ stable/xray/values-large.yaml | 75 -------- stable/xray/values-medium.yaml | 75 -------- stable/xray/values-small.yaml | 75 -------- stable/xray/values.yaml | 135 ++++++++++++-- 20 files changed, 1547 insertions(+), 273 deletions(-) create mode 100644 stable/xray/ci/test-rabbitmq-haQuorum-values.yaml create mode 100644 stable/xray/rabbitmq/ha-quorum.yaml create mode 100644 stable/xray/sizing/xray-sizing-2xlarge.yaml create mode 100644 stable/xray/sizing/xray-sizing-large.yaml create mode 100644 stable/xray/sizing/xray-sizing-medium.yaml create mode 100644 stable/xray/sizing/xray-sizing-small.yaml create mode 100644 stable/xray/sizing/xray-sizing-tiny.yaml create mode 100644 stable/xray/sizing/xray-sizing-xlarge.yaml create mode 100644 stable/xray/sizing/xray-sizing-xsmall.yaml delete mode 100644 stable/xray/values-large.yaml delete mode 100644 stable/xray/values-medium.yaml delete mode 100644 stable/xray/values-small.yaml diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 7d91455ef..0c102ebcc 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,13 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.86.10] - Nov 14,2023 +## [103.87.9] - Dec 7,2023 +* Update minimum supported kubernetes version to 1.19 +* Added recommended t-shirt sizing configurations under sizing folder +* Added support for rabbitmq high-availability quorum queues clean install setup +* Fix the pre-upgrade-hook for rabbitmq migration to support installations on openshift platforms + +## [103.86.0] - Nov 14,2023 * Fixed - containerSecurityContext on loggers ## [103.83.0] - Sep 15,2023 diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index 167ca895f..f781957e0 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.86.10 +appVersion: 3.87.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -16,7 +16,7 @@ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/xray/logo/xra keywords: - xray - jfrog -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.86.10 +version: 103.87.9 diff --git a/stable/xray/README.md b/stable/xray/README.md index 99f0e088e..adbcb72e5 100644 --- a/stable/xray/README.md +++ b/stable/xray/README.md @@ -48,6 +48,13 @@ helm upgrade --install xray --set xray.joinKey= --namespace xray jfrog/xray ``` +### Apply Sizing configurations to the Chart +To apply the chart with recommended sizing configurations : +For small configurations : +```bash +helm upgrade --install xray --namespace xray jfrog/xray -f sizing/xray-sizing-small.yaml +``` + ## Uninstalling Xray **IMPORTANT:** Uninstalling Xray using the commands below will also delete your data volumes and you will lose all of your data. You must back up all this information before deletion. diff --git a/stable/xray/ci/default-values.yaml b/stable/xray/ci/default-values.yaml index 9984d735b..0e447dbfb 100644 --- a/stable/xray/ci/default-values.yaml +++ b/stable/xray/ci/default-values.yaml @@ -55,3 +55,13 @@ indexer: limits: memory: "4Gi" cpu: "4" + +sbom: + enabled: true + resources: + requests: + memory: "300Mi" + cpu: "50m" + limits: + memory: "4Gi" + cpu: "3" diff --git a/stable/xray/ci/test-rabbitmq-haQuorum-values.yaml b/stable/xray/ci/test-rabbitmq-haQuorum-values.yaml new file mode 100644 index 000000000..574908369 --- /dev/null +++ b/stable/xray/ci/test-rabbitmq-haQuorum-values.yaml @@ -0,0 +1,65 @@ +# CI values for Xray +# If this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade. +unifiedUpgradeAllowed: true +databaseUpgradeReady: true +xray: + jfrogUrl: http://artifactory.rt:8082 +common: + persistence: + enabled: false + +postgresql: + postgresqlPassword: xray + persistence: + enabled: false + +rabbitmq: + replicaCount: 3 + auth: + username: guest + password: password + persistence: + enabled: false + podManagementPolicy: Parallel + +global: + xray: + rabbitmq: + haQuorum: + enabled: true + +server: + resources: + requests: + memory: "300Mi" + cpu: "100m" + limits: + memory: "4Gi" + cpu: "3" + +analysis: + resources: + requests: + memory: "300Mi" + cpu: "50m" + limits: + memory: "4Gi" + cpu: "3" + +persist: + resources: + requests: + memory: "300Mi" + cpu: "50m" + limits: + memory: "4Gi" + cpu: "3" + +indexer: + resources: + requests: + memory: "300Mi" + cpu: "50m" + limits: + memory: "4Gi" + cpu: "4" diff --git a/stable/xray/rabbitmq/ha-quorum.yaml b/stable/xray/rabbitmq/ha-quorum.yaml new file mode 100644 index 000000000..99d8bffc9 --- /dev/null +++ b/stable/xray/rabbitmq/ha-quorum.yaml @@ -0,0 +1,9 @@ +rabbitmq: + replicaCount: 3 + podManagementPolicy: Parallel + +global: + xray: + rabbitmq: + haQuorum: + enabled: true \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-2xlarge.yaml b/stable/xray/sizing/xray-sizing-2xlarge.yaml new file mode 100644 index 000000000..b8b7987cf --- /dev/null +++ b/stable/xray/sizing/xray-sizing-2xlarge.yaml @@ -0,0 +1,173 @@ +############################################################## +# The 2xlarge sizing +# This size is intended for large organizations. It can be increased with adding replicas +############################################################## + +replicaCount: 3 +databaseUpgradeReady: true +waitForDatabase: true +unifiedUpgradeAllowed: true + +xray: + masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA + joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA + + ## Artifactory URL. Mandatory + jfrogUrl: + + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" + +# For enabling advanced security features, enable rbac.create and serviceAccount.create +rbac: + create: false +serviceAccount: + create: false + +autoscaling: + enabled: true + minReplicas: 3 + maxReplicas: 12 + targetCPUUtilizationPercentage: 200 + targetMemoryUtilizationPercentage: 800 + +# Common Xray settings +common: + persistence: + enabled: false + size: 100Gi + +analysis: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +indexer: + resources: + requests: + cpu: "300m" + memory: 550Mi + limits: + # cpu: "6" + memory: 8Gi + +persist: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +server: + resources: + requests: + cpu: "200m" + memory: 500Mi + limits: + # cpu: "4" + memory: 6Gi + +router: + resources: + requests: + cpu: "60m" + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: "10m" + memory: 25Mi + limits: + # cpu: "1" + memory: 250Mi + +panoramic: + enabled: true + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +sbom: + enabled: false + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + postgresqlUsername: "xray" + postgresqlPassword: "bPa$$w0rd!" + postgresqlDatabase: "xraydb" + postgresqlExtendedConf: + listenAddresses: "*" + maxConnections: "2000" + persistence: + enabled: true + size: 2500Gi + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Xray pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 128Gi + cpu: "32" + limits: + memory: 128Gi + # cpu: "64" + +rabbitmq: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + extraConfiguration: |- + vm_memory_high_watermark.absolute = 6G + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} + raft.wal_max_size_bytes = 1048576 + {{- end }} + resources: + requests: + cpu: "500m" + memory: 1Gi + limits: + # cpu: "8" + memory: 7Gi \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-large.yaml b/stable/xray/sizing/xray-sizing-large.yaml new file mode 100644 index 000000000..df52c7c37 --- /dev/null +++ b/stable/xray/sizing/xray-sizing-large.yaml @@ -0,0 +1,173 @@ +############################################################## +# The large sizing +# This size is intended for large organizations. It can be increased with adding replicas or moving to the xlarge sizing +############################################################## + +replicaCount: 2 +databaseUpgradeReady: true +waitForDatabase: true +unifiedUpgradeAllowed: true + +xray: + masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA + joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA + + ## Artifactory URL. Mandatory + jfrogUrl: + + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" + +# For enabling advanced security features, enable rbac.create and serviceAccount.create +rbac: + create: false +serviceAccount: + create: false + +autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 6 + targetCPUUtilizationPercentage: 200 + targetMemoryUtilizationPercentage: 800 + +# Common Xray settings +common: + persistence: + enabled: false + size: 100Gi + +analysis: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +indexer: + resources: + requests: + cpu: "300m" + memory: 550Mi + limits: + # cpu: "6" + memory: 8Gi + +persist: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +server: + resources: + requests: + cpu: "200m" + memory: 500Mi + limits: + # cpu: "4" + memory: 6Gi + +router: + resources: + requests: + cpu: "60m" + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: "10m" + memory: 25Mi + limits: + # cpu: "1" + memory: 250Mi + +panoramic: + enabled: true + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +sbom: + enabled: false + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + postgresqlUsername: "xray" + postgresqlPassword: "bPa$$w0rd!" + postgresqlDatabase: "xraydb" + postgresqlExtendedConf: + listenAddresses: "*" + maxConnections: "600" + persistence: + enabled: true + size: 800Gi + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Xray pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 32Gi + cpu: "16" + limits: + memory: 32Gi + # cpu: "32" + +rabbitmq: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + extraConfiguration: |- + vm_memory_high_watermark.absolute = 3G + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} + raft.wal_max_size_bytes = 1048576 + {{- end }} + resources: + requests: + cpu: "200m" + memory: 500Mi + limits: + # cpu: "2" + memory: 4Gi \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-medium.yaml b/stable/xray/sizing/xray-sizing-medium.yaml new file mode 100644 index 000000000..5edcdc22e --- /dev/null +++ b/stable/xray/sizing/xray-sizing-medium.yaml @@ -0,0 +1,173 @@ +############################################################## +# The medium sizing +# This size is just more replicas of the small size. Vertical sizing of all services is not changed +############################################################## + +replicaCount: 1 +databaseUpgradeReady: true +waitForDatabase: true +unifiedUpgradeAllowed: true + +xray: + masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA + joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA + + ## Artifactory URL. Mandatory + jfrogUrl: + + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" + +# For enabling advanced security features, enable rbac.create and serviceAccount.create +rbac: + create: false +serviceAccount: + create: false + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 200 + targetMemoryUtilizationPercentage: 800 + +# Common Xray settings +common: + persistence: + enabled: false + size: 100Gi + +analysis: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +indexer: + resources: + requests: + cpu: "300m" + memory: 550Mi + limits: + # cpu: "6" + memory: 8Gi + +persist: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +server: + resources: + requests: + cpu: "200m" + memory: 500Mi + limits: + # cpu: "4" + memory: 6Gi + +router: + resources: + requests: + cpu: "60m" + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: "10m" + memory: 25Mi + limits: + # cpu: "1" + memory: 250Mi + +panoramic: + enabled: true + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +sbom: + enabled: false + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + postgresqlUsername: "xray" + postgresqlPassword: "bPa$$w0rd!" + postgresqlDatabase: "xraydb" + postgresqlExtendedConf: + listenAddresses: "*" + maxConnections: "500" + persistence: + enabled: true + size: 500Gi + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Xray pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 32Gi + cpu: "8" + limits: + memory: 32Gi + # cpu: "18" + +rabbitmq: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + extraConfiguration: |- + vm_memory_high_watermark.absolute = 3G + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} + raft.wal_max_size_bytes = 1048576 + {{- end }} + resources: + requests: + cpu: "100m" + memory: 500Mi + limits: + # cpu: "2" + memory: 4Gi \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-small.yaml b/stable/xray/sizing/xray-sizing-small.yaml new file mode 100644 index 000000000..4759053bd --- /dev/null +++ b/stable/xray/sizing/xray-sizing-small.yaml @@ -0,0 +1,173 @@ +############################################################## +# The small sizing +# This is the size recommended for running Xray for small teams +############################################################## + +replicaCount: 1 +databaseUpgradeReady: true +waitForDatabase: true +unifiedUpgradeAllowed: true + +xray: + masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA + joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA + + ## Artifactory URL. Mandatory + jfrogUrl: + + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" + +# For enabling advanced security features, enable rbac.create and serviceAccount.create +rbac: + create: false +serviceAccount: + create: false + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 200 + targetMemoryUtilizationPercentage: 800 + +# Common Xray settings +common: + persistence: + enabled: false + size: 100Gi + +analysis: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +indexer: + resources: + requests: + cpu: "300m" + memory: 550Mi + limits: + # cpu: "6" + memory: 8Gi + +persist: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +server: + resources: + requests: + cpu: "200m" + memory: 500Mi + limits: + # cpu: "4" + memory: 6Gi + +router: + resources: + requests: + cpu: "60m" + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: "10m" + memory: 25Mi + limits: + # cpu: "1" + memory: 250Mi + +panoramic: + enabled: true + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +sbom: + enabled: false + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + postgresqlUsername: "xray" + postgresqlPassword: "bPa$$w0rd!" + postgresqlDatabase: "xraydb" + postgresqlExtendedConf: + listenAddresses: "*" + maxConnections: "200" + persistence: + enabled: true + size: 500Gi + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Xray pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 16Gi + cpu: "6" + limits: + memory: 16Gi + # cpu: "18" + +rabbitmq: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + extraConfiguration: |- + vm_memory_high_watermark.absolute = 2G + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} + raft.wal_max_size_bytes = 1048576 + {{- end }} + resources: + requests: + cpu: "50m" + memory: 300Mi + limits: + # cpu: "2" + memory: 3Gi \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-tiny.yaml b/stable/xray/sizing/xray-sizing-tiny.yaml new file mode 100644 index 000000000..544d1a84a --- /dev/null +++ b/stable/xray/sizing/xray-sizing-tiny.yaml @@ -0,0 +1,169 @@ +############################################################## +# The tiny sizing +# This is a demo template with very small sizing to allow testing in resource limited environments +############################################################## + +replicaCount: 1 +databaseUpgradeReady: true +waitForDatabase: true +unifiedUpgradeAllowed: true + +xray: + masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA + joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA + + ## Artifactory URL. Mandatory + jfrogUrl: + + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "soft" + topologyKey: "kubernetes.io/hostname" + +# For enabling advanced security features, enable rbac.create and serviceAccount.create +rbac: + create: false +serviceAccount: + create: false + +autoscaling: + enabled: false + +# Common Xray settings +common: + persistence: + enabled: false + size: 50Gi + +analysis: + resources: + requests: + cpu: "10m" + memory: 250Mi + limits: + # cpu: "3" + memory: 2Gi + +indexer: + resources: + requests: + cpu: "10m" + memory: 250Mi + limits: + # cpu: "4" + memory: 2Gi + +persist: + resources: + requests: + cpu: "10m" + memory: 250Mi + limits: + # cpu: "3" + memory: 2Gi + +server: + resources: + requests: + cpu: "10m" + memory: 250Mi + limits: + # cpu: "3" + memory: 2Gi + +router: + resources: + requests: + cpu: "10m" + memory: 50Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: "10m" + memory: 25Mi + limits: + # cpu: "1" + memory: 250Mi + +panoramic: + enabled: true + resources: + requests: + cpu: "10m" + memory: 250Mi + limits: + # cpu: "3" + memory: 2Gi + +sbom: + enabled: false + resources: + requests: + cpu: "10m" + memory: 250Mi + limits: + # cpu: "3" + memory: 2Gi + +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + postgresqlUsername: "xray" + postgresqlPassword: "bPa$$w0rd!" + postgresqlDatabase: "xraydb" + postgresqlExtendedConf: + listenAddresses: "*" + maxConnections: "100" + persistence: + enabled: true + size: 50Gi +# primary: +# affinity: +# # Require PostgreSQL pod to run on a different node than Xray pods +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchExpressions: +# - key: app +# operator: In +# values: +# - xray +# topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 1Gi + cpu: "50m" + limits: + memory: 2Gi + # cpu: "2" + +rabbitmq: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + extraConfiguration: |- + vm_memory_high_watermark.absolute = 1G + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} + raft.wal_max_size_bytes = 1048576 + {{- end }} + resources: + requests: + cpu: "50m" + memory: 150Mi + limits: + # cpu: "2" + memory: 1500Mi \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-xlarge.yaml b/stable/xray/sizing/xray-sizing-xlarge.yaml new file mode 100644 index 000000000..e8819019a --- /dev/null +++ b/stable/xray/sizing/xray-sizing-xlarge.yaml @@ -0,0 +1,173 @@ +############################################################## +# The xlarge sizing +# This size is intended for large organizations. It can be increased with adding replicas or moving to the 2xlarge sizing +############################################################## + +replicaCount: 2 +databaseUpgradeReady: true +waitForDatabase: true +unifiedUpgradeAllowed: true + +xray: + masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA + joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA + + ## Artifactory URL. Mandatory + jfrogUrl: + + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" + +# For enabling advanced security features, enable rbac.create and serviceAccount.create +rbac: + create: false +serviceAccount: + create: false + +autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 8 + targetCPUUtilizationPercentage: 200 + targetMemoryUtilizationPercentage: 800 + +# Common Xray settings +common: + persistence: + enabled: false + size: 100Gi + +analysis: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +indexer: + resources: + requests: + cpu: "300m" + memory: 550Mi + limits: + # cpu: "6" + memory: 8Gi + +persist: + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +server: + resources: + requests: + cpu: "200m" + memory: 500Mi + limits: + # cpu: "4" + memory: 6Gi + +router: + resources: + requests: + cpu: "60m" + memory: 100Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: "10m" + memory: 25Mi + limits: + # cpu: "1" + memory: 250Mi + +panoramic: + enabled: true + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 8Gi + +sbom: + enabled: false + resources: + requests: + cpu: "100m" + memory: 250Mi + limits: + # cpu: "4" + memory: 10Gi + +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + postgresqlUsername: "xray" + postgresqlPassword: "bPa$$w0rd!" + postgresqlDatabase: "xraydb" + postgresqlExtendedConf: + listenAddresses: "*" + maxConnections: "1200" + persistence: + enabled: true + size: 1000Gi + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Xray pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 64Gi + cpu: "16" + limits: + memory: 64Gi + # cpu: "32" + +rabbitmq: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + extraConfiguration: |- + vm_memory_high_watermark.absolute = 4G + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} + raft.wal_max_size_bytes = 1048576 + {{- end }} + resources: + requests: + cpu: "200m" + memory: 500Mi + limits: + # cpu: "4" + memory: 5Gi \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-xsmall.yaml b/stable/xray/sizing/xray-sizing-xsmall.yaml new file mode 100644 index 000000000..9e88aa7fd --- /dev/null +++ b/stable/xray/sizing/xray-sizing-xsmall.yaml @@ -0,0 +1,173 @@ +############################################################## +# The xsmall sizing +# This is the minimum size recommended for running JFrog Xray +############################################################## + +replicaCount: 1 +databaseUpgradeReady: true +waitForDatabase: true +unifiedUpgradeAllowed: true + +xray: + masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA + joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA + + ## Artifactory URL. Mandatory + jfrogUrl: + + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" + +# For enabling advanced security features, enable rbac.create and serviceAccount.create +rbac: + create: false +serviceAccount: + create: false + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 200 + targetMemoryUtilizationPercentage: 800 + +# Common Xray settings +common: + persistence: + enabled: false + size: 50Gi + +analysis: + resources: + requests: + cpu: "30m" + memory: 250Mi + limits: + # cpu: "3" + memory: 4Gi + +indexer: + resources: + requests: + cpu: "40m" + memory: 250Mi + limits: + # cpu: "4" + memory: 4Gi + +persist: + resources: + requests: + cpu: "30m" + memory: 250Mi + limits: + # cpu: "3" + memory: 4Gi + +server: + resources: + requests: + cpu: "60m" + memory: 250Mi + limits: + # cpu: "3" + memory: 4Gi + +router: + resources: + requests: + cpu: "20m" + memory: 50Mi + limits: + # cpu: "1" + memory: 1Gi + +observability: + resources: + requests: + cpu: "10m" + memory: 25Mi + limits: + # cpu: "1" + memory: 250Mi + +panoramic: + enabled: true + resources: + requests: + cpu: "30m" + memory: 250Mi + limits: + # cpu: "3" + memory: 4Gi + +sbom: + enabled: false + resources: + requests: + cpu: "30m" + memory: 250Mi + limits: + # cpu: "3" + memory: 4Gi + +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + postgresqlUsername: "xray" + postgresqlPassword: "bPa$$w0rd!" + postgresqlDatabase: "xraydb" + postgresqlExtendedConf: + listenAddresses: "*" + maxConnections: "100" + persistence: + enabled: true + size: 500Gi + primary: + affinity: + # Require PostgreSQL pod to run on a different node than Xray pods + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + resources: + requests: + memory: 8Gi + cpu: "4" + limits: + memory: 8Gi + # cpu: "12" + +rabbitmq: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname + extraConfiguration: |- + vm_memory_high_watermark.absolute = 2G + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} + raft.wal_max_size_bytes = 1048576 + {{- end }} + resources: + requests: + cpu: "50m" + memory: 300Mi + limits: + # cpu: "2" + memory: 3Gi \ No newline at end of file diff --git a/stable/xray/templates/_helpers.tpl b/stable/xray/templates/_helpers.tpl index 1b708e4a5..f079f9a2c 100644 --- a/stable/xray/templates/_helpers.tpl +++ b/stable/xray/templates/_helpers.tpl @@ -558,6 +558,9 @@ Resolve autoscalingQueues value queueName: {{ .name }} mode: QueueLength value: "{{ .value }}" +{{- if $.Values.global.xray.rabbitmq.haQuorum.enabled }} + vhostName: "{{ $.Values.global.xray.rabbitmq.haQuorum.vhost }}" +{{- end }} authenticationRef: name: keda-trigger-auth-rabbitmq-conn-xray {{- end }} @@ -582,10 +585,14 @@ Return the secret name of rabbitmq TLS certs. {{/* Prints value of Values.rabbitmq.auth.tls.enabled. */}} -{{- define "xray.rabbitmq.isTlsEnabled" -}} +{{- define "xray.rabbitmq.isManagementListenerTlsEnabledInContext" -}} {{- printf "%t" $.Values.auth.tls.enabled -}} {{- end -}} +{{- define "xray.rabbitmq.isManagementListenerTlsEnabled" -}} +{{- printf "%t" $.Values.rabbitmq.auth.tls.enabled -}} +{{- end -}} + {{/* Set xray env variables if rabbitmq.tls is enabled. */}} diff --git a/stable/xray/templates/migration-hook.yaml b/stable/xray/templates/migration-hook.yaml index 9f747ab51..b2011c1c4 100644 --- a/stable/xray/templates/migration-hook.yaml +++ b/stable/xray/templates/migration-hook.yaml @@ -70,8 +70,8 @@ roleRef: --- {{- if .Values.rabbitmq.enabled }} {{- if .Values.rabbitmq.migration.enabled }} -apiVersion: v1 -kind: Pod +apiVersion: batch/v1 +kind: Job metadata: labels: app: {{ template "xray.name" . }} @@ -83,37 +83,45 @@ metadata: "helm.sh/hook": "pre-upgrade" "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: - {{- if .Values.rabbitmq.podSecurityContext.enabled }} - securityContext: {{- omit .Values.rabbitmq.podSecurityContext "enabled" | toYaml | nindent 4 }} - {{- end }} - {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} - {{- include "xray.imagePullSecrets" . | indent 2 }} - {{- end }} - serviceAccountName: {{ template "xray.rabbitmq.migration.serviceAccountName" . }} - containers: - - name: pre-upgrade-container - image: "{{ include "xray.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" - imagePullPolicy: IfNotPresent - {{- if .Values.rabbitmq.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml | nindent 8 }} + template: + metadata: + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + {{- if .Values.rabbitmq.podSecurityContext.enabled }} + securityContext: {{- omit .Values.rabbitmq.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} + {{- include "xray.imagePullSecrets" . | indent 6 }} {{- end }} - command: - - sh - - -c - - | - #!/bin/sh - if [ "$(kubectl get pods -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }}" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then - kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all - if [ "$?" -ne 0 ]; then - echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] " - exit 1 + serviceAccountName: {{ template "xray.rabbitmq.migration.serviceAccountName" . }} + containers: + - name: pre-upgrade-container + image: "{{ include "xray.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" + imagePullPolicy: IfNotPresent + {{- if .Values.rabbitmq.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - sh + - -c + - | + #!/bin/sh + if [ "$(kubectl get pods -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }}" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then + kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all + if [ "$?" -ne 0 ]; then + echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] " + exit 1 + else + echo Feature flags executed successfully! + fi else - echo Feature flags executed successfully! + echo "Rabbitmq pod is not in running state. Ignoring feature flag migration for rabbitmq" fi - else - echo "Rabbitmq pod is not in running state. Ignoring feature flag migration for rabbitmq" - fi - restartPolicy: Never - terminationGracePeriodSeconds: 0 + restartPolicy: Never + terminationGracePeriodSeconds: 0 {{- end }} {{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index b1bb2814d..9f5fedbd5 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -218,6 +218,75 @@ spec: if [[ $exit_status -eq 0 ]]; then ready=true; echo "database ok"; fi; sleep 1; done {{- end }} + {{- end }} + {{- if and .Values.global.xray.rabbitmq.haQuorum.enabled .Values.common.rabbitmq.waitForReplicasQuorumOnStartup }} + {{- if .Values.rabbitmq.enabled }} + - name: "wait-for-rabbitmq-replicas-quorum" + image: "{{ .Values.initContainerImage }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'bash' + - '-c' + - -ecx + - | + echo "Waiting for rabbitmq replicas quorum to be running" + ready=false; + amqpPort={{ .Values.rabbitmq.service.ports.amqp }} + amqpTlsPort={{ .Values.rabbitmq.service.ports.amqpTls }} + managerPort={{ .Values.rabbitmq.service.ports.manager }} + managerSchema="http" + additionalFlags="" + if [[ "$JF_SHARED_RABBITMQ_MANAGEMENT_LISTENER_TLS_ENABLED" = "true" ]]; then + managerSchema="https" + additionalFlags="--insecure" + fi + rabbitMqManagementUrl=$(echo $JF_SHARED_RABBITMQ_URL | sed -e "s/amqp:/${managerSchema}:/" -e "s/amqps:/${managerSchema}:/" -e "s/:${amqpPort}/:${managerPort}/" -e "s/:${amqpTlsPort}/:${managerPort}/") + while ! $ready; do echo waiting; + # This would be better done with jq instead of grep -o + # jq 'map(select ( .running == true )) | length') + # but currently we do not have jq in the UBI-minimal base image approved by the installer team + nodesNum=$(curl -s ${additionalFlags} -u${JF_SHARED_RABBITMQ_USERNAME}:${JF_SHARED_RABBITMQ_PASSWORD} ${rabbitMqManagementUrl}api/nodes | grep -o '"running"\s*:true' | wc -l | tr -d '[:space:]') + echo $nodesNum + if [[ "$nodesNum" -ge "{{ add 1 (div .Values.rabbitmq.replicaCount 2) }}" ]]; then ready=true; echo "rabbitmq ok"; fi; sleep 5; + done + env: + {{- if eq (include "xray.rabbitmq.isManagementListenerTlsEnabled" .) "true" }} + - name: JF_SHARED_RABBITMQ_MANAGEMENT_LISTENER_TLS_ENABLED + value: {{ include "xray.rabbitmq.isManagementListenerTlsEnabled" . | quote }} + {{- end }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + {{- end }} {{- end }} {{- if or .Values.common.customInitContainers .Values.global.customInitContainers }} {{ tpl (include "xray.customInitContainers" .) . | indent 6 }} diff --git a/stable/xray/values-large.yaml b/stable/xray/values-large.yaml deleted file mode 100644 index 41081ae08..000000000 --- a/stable/xray/values-large.yaml +++ /dev/null @@ -1,75 +0,0 @@ -replicaCount: 7 -common: - persistence: - size: 500Gi -rabbitmq: - replicaCount: 3 - memoryHighWatermark: - enabled: true - type: "absolute" - value: 2500MB - maxAvailableSchedulers: "4" - onlineSchedulers: "4" - resources: - requests: - memory: "512Mi" - cpu: "500m" - limits: - memory: "3Gi" - cpu: "3" - -postgresql: - postgresqlExtendedConf: - maxConnections: "600" - resources: - requests: - memory: "1Gi" - cpu: "1" - limits: - memory: "6Gi" - cpu: "6" - -server: - resources: - requests: - memory: "300Mi" - cpu: "100m" - limits: - memory: "10Gi" - cpu: "10" - -analysis: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "10Gi" - cpu: "10" - -sbom: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "10Gi" - cpu: "10" - -persist: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "10Gi" - cpu: "10" - -indexer: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "10Gi" - cpu: "10" diff --git a/stable/xray/values-medium.yaml b/stable/xray/values-medium.yaml deleted file mode 100644 index 1894caa84..000000000 --- a/stable/xray/values-medium.yaml +++ /dev/null @@ -1,75 +0,0 @@ -replicaCount: 3 -common: - persistence: - size: 200Gi -rabbitmq: - replicaCount: 3 - memoryHighWatermark: - enabled: true - type: "absolute" - value: 1700MB - maxAvailableSchedulers: "2" - onlineSchedulers: "2" - resources: - requests: - memory: "512Mi" - cpu: "500m" - limits: - memory: "2Gi" - cpu: "2" - -postgresql: - postgresqlExtendedConf: - maxConnections: "400" - resources: - requests: - memory: "1Gi" - cpu: "1" - limits: - memory: "4Gi" - cpu: "4" - -server: - resources: - requests: - memory: "300Mi" - cpu: "100m" - limits: - memory: "8Gi" - cpu: "6" - -analysis: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "8Gi" - cpu: "6" - -sbom: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "8Gi" - cpu: "6" - -persist: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "8Gi" - cpu: "6" - -indexer: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "8Gi" - cpu: "8" diff --git a/stable/xray/values-small.yaml b/stable/xray/values-small.yaml deleted file mode 100644 index ec021db5b..000000000 --- a/stable/xray/values-small.yaml +++ /dev/null @@ -1,75 +0,0 @@ -replicaCount: 2 -common: - persistence: - size: 100Gi -rabbitmq: - replicaCount: 3 - memoryHighWatermark: - enabled: true - type: "absolute" - value: 700MB - maxAvailableSchedulers: "1" - onlineSchedulers: "1" - resources: - requests: - memory: "512Mi" - cpu: "500m" - limits: - memory: "1Gi" - cpu: "1" - -postgresql: - postgresqlExtendedConf: - maxConnections: "200" - resources: - requests: - memory: "1Gi" - cpu: "1" - limits: - memory: "2Gi" - cpu: "2" - -server: - resources: - requests: - memory: "300Mi" - cpu: "100m" - limits: - memory: "4Gi" - cpu: "3" - -analysis: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "4Gi" - cpu: "3" - -sbom: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "4Gi" - cpu: "3" - -persist: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "4Gi" - cpu: "3" - -indexer: - resources: - requests: - memory: "300Mi" - cpu: "50m" - limits: - memory: "4Gi" - cpu: "4" diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index 70dcb306a..128daaeee 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -44,6 +44,14 @@ global: enabled: autoGenerated: + xray: + # Rabbitmq settings that are specific to Xray + rabbitmq: + haQuorum: + enabled: false + waitForPreviousPodsOnInitialStartup: true + vhost: xray_haq + ## String to partially override xray.fullname template (will maintain the release name) ## # nameOverride: @@ -52,7 +60,7 @@ global: ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.2.750.1697534106 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1361.1699548032 imagePullPolicy: IfNotPresent # Init containers @@ -203,6 +211,11 @@ xray: {{- end }} {{- if and (not .Values.rabbitmq.enabled) (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} rabbitMq: + {{- if .Values.global.xray.rabbitmq.haQuorum.enabled }} + ha_quorum: true + vhost: {{ .Values.global.xray.rabbitmq.haQuorum.vhost }} + replicasCount: 3 + {{- end }} erlangCookie: value: "{{ .Values.rabbitmq.external.erlangCookie }}" {{- if not .Values.rabbitmq.external.secrets }} @@ -210,6 +223,11 @@ xray: username: "{{ .Values.rabbitmq.external.username }}" password: "{{ .Values.rabbitmq.external.password }}" {{- end }} + {{- else if and .Values.rabbitmq.enabled .Values.global.xray.rabbitmq.haQuorum.enabled }} + rabbitMq: + ha_quorum: true + vhost: {{ .Values.global.xray.rabbitmq.haQuorum.vhost }} + replicasCount: {{ .Values.rabbitmq.replicaCount }} {{- end }} {{- if .Values.xray.mongoUrl }} mongo: @@ -217,7 +235,7 @@ xray: username: "{{ .Values.xray.mongoUsername }}" password: "{{ .Values.xray.mongoPassword }}" {{- end }} - {{- if or .Values.server.mailServer .Values.server.indexAllBuilds }} + {{- if or .Values.server.mailServer .Values.server.indexAllBuilds .Values.common.rabbitmq.migrateMessagesFromOtherRabbitMq }} server: {{- if .Values.server.mailServer }} mailServer: "{{ .Values.server.mailServer }}" @@ -225,6 +243,10 @@ xray: {{- if .Values.server.indexAllBuilds }} indexAllBuilds: {{ .Values.server.indexAllBuilds }} {{- end }} + {{- if .Values.common.rabbitmq.migrateMessagesFromOtherRabbitMq }} + dataMigrations: + migrate_msgs_from_other_rabbitmq: {{ toYaml .Values.common.rabbitmq.migrateMessagesFromOtherRabbitMq | nindent 6 }} + {{- end }} {{- end }} {{- if (include "xray.imagePullSecretsStrList" .) }} executionService: @@ -379,7 +401,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.2.750.1697534106 + tag: 9.3.1361.1699548032 ## Service Account ## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ @@ -606,6 +628,13 @@ rabbitmq: "configure": ".*", "write": ".*", "read": ".*" + }, + { + "user": "{{ .Values.auth.username }}", + "vhost": "{{ .Values.global.xray.rabbitmq.haQuorum.vhost }}", + "configure": ".*", + "write": ".*", + "read": ".*" } ], "users": [ @@ -618,6 +647,9 @@ rabbitmq: "vhosts": [ { "name": "/" + }, + { + "name": "{{ .Values.global.xray.rabbitmq.haQuorum.vhost }}" } ], "policies": [ @@ -675,7 +707,83 @@ rabbitmq: # This is automatically set based on rabbitmqTLS enabled flag. extraConfiguration: |- - management.listener.ssl = {{ template "xray.rabbitmq.isTlsEnabled" . }} + management.listener.ssl = {{ template "xray.rabbitmq.isManagementListenerTlsEnabledInContext" . }} + + initContainers: | + {{- if and .Values.global.xray.rabbitmq.haQuorum.enabled .Values.global.xray.rabbitmq.haQuorum.waitForPreviousPodsOnInitialStartup }} + - name: "wait-for-previous-pods" + image: "{{ template "rabbitmq.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: RABBITMQ_ERL_COOKIE + valueFrom: + secretKeyRef: + name: {{ template "rabbitmq.secretErlangName" . }} + key: rabbitmq-erlang-cookie + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_SERVICE_NAME + value: {{ printf "%s-%s" (include "common.names.fullname" .) (default "headless" .Values.servicenameOverride) }} + {{- if (eq "hostname" .Values.clustering.addressType) }} + - name: RABBITMQ_NODE_NAME + value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + - name: K8S_HOSTNAME_SUFFIX + value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" + {{- else }} + - name: RABBITMQ_NODE_NAME + value: "rabbit@$(MY_POD_NAME)" + {{- end }} + - name: RABBITMQ_MNESIA_DIR + value: "{{ .Values.persistence.mountPath }}/$(RABBITMQ_NODE_NAME)" + command: + - /bin/bash + args: + - -ecx + - | + echo $HOSTNAME + if [[ $HOSTNAME == *-0 ]]; then + exit 0 + fi + if [ -d "$RABBITMQ_MNESIA_DIR" ]; then + exit 0 + fi + + # wait for zero pod to start running and accept requests + zero_pod_name=$(echo $MY_POD_NAME | sed -E "s/-[[:digit:]]$/-0/") + zero_pod_node_name=$(echo "$RABBITMQ_NODE_NAME" | sed -E "s/^rabbit@$MY_POD_NAME/rabbit@$zero_pod_name/") + maxIterations=60 + i=1 + while true; do + rabbitmq-diagnostics -q check_running -n $zero_pod_node_name --longnames --erlang-cookie $RABBITMQ_ERL_COOKIE && \ + rabbitmq-diagnostics -q check_local_alarms -n $zero_pod_node_name --longnames --erlang-cookie $RABBITMQ_ERL_COOKIE && \ + break || sleep 5; + if [ "$i" == "$maxIterations" ]; then exit 1; fi + i=$((i+1)) + done; + + # node x waits for x previous nodes to join cluster (since node number is zero based) + nodeSerialNum=$(echo "$MY_POD_NAME" | grep -o "[0-9]*$") + timeoutSeconds=180 + rabbitmqctl --erlang-cookie $RABBITMQ_ERL_COOKIE \ + --node $zero_pod_node_name --longnames \ + await_online_nodes $nodeSerialNum \ + --timeout $timeoutSeconds || exit 1 + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- end }} # Common Xray settings common: @@ -707,6 +815,7 @@ common: # When using external rabbitmq, set this to false rabbitmq: connectionConfigFromEnvironment: true + waitForReplicasQuorumOnStartup: true ## Custom command to run before Xray startup. Runs BEFORE any microservice-specific preStartCommand preStartCommand: @@ -879,10 +988,10 @@ analysis: - sh - -c - curl -s -k --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.analysis.internalPort }}/api/v1/system/readiness - initialDelaySeconds: 30 + initialDelaySeconds: {{ .Values.probes.xrayStartup.initialDelaySeconds }} failureThreshold: 30 - periodSeconds: {{ .Values.probes.timeoutSeconds }} - timeoutSeconds: 1 + periodSeconds: 5 + timeoutSeconds: {{ .Values.probes.timeoutSeconds }} ## Custom command to run before Xray Analysis startup. Runs AFTER the common.preStartCommand preStartCommand: @@ -944,7 +1053,7 @@ sbom: - sh - -c - curl -s -k --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.sbom.internalPort }}/api/v1/system/readiness - initialDelaySeconds: 30 + initialDelaySeconds: {{ .Values.probes.xrayStartup.initialDelaySeconds }} failureThreshold: 30 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} @@ -1009,7 +1118,7 @@ indexer: - sh - -c - curl -s -k --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.indexer.internalPort }}/api/v1/system/readiness - initialDelaySeconds: 30 + initialDelaySeconds: {{ .Values.probes.xrayStartup.initialDelaySeconds }} failureThreshold: 30 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} @@ -1074,7 +1183,7 @@ persist: - sh - -c - curl -s -k --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.persist.internalPort }}/api/v1/system/readiness - initialDelaySeconds: 30 + initialDelaySeconds: {{ .Values.probes.xrayStartup.initialDelaySeconds }} failureThreshold: 30 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} @@ -1155,7 +1264,7 @@ server: - sh - -c - curl -s -k --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.server.internalPort }}/api/v1/system/readiness - initialDelaySeconds: 30 + initialDelaySeconds: {{ .Values.probes.xrayStartup.initialDelaySeconds }} failureThreshold: 30 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} @@ -1186,7 +1295,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.87.0 + tag: 7.92.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled. @@ -1411,6 +1520,8 @@ hostAliases: [] ## Specify common probes parameters probes: timeoutSeconds: 5 + xrayStartup: + initialDelaySeconds: 30 ## To limit the amount of jobs created by xray execution service quota: From 1970a33bcc361378a6e648f41d94db09de63bdcf Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 24 Jan 2024 20:13:31 +0530 Subject: [PATCH 20/47] [jfrog-platform] 10.17.0 release --- stable/jfrog-platform/.helmignore | 3 +- stable/jfrog-platform/CHANGELOG.md | 16 ++++ stable/jfrog-platform/Chart.lock | 17 ++-- stable/jfrog-platform/Chart.yaml | 20 ++--- .../jfrog-platform/ci/platform-ha-values.yaml | 6 +- stable/jfrog-platform/ci/rt-ha-values.yaml | 37 --------- stable/jfrog-platform/templates/NOTES.txt | 80 +++++++++---------- stable/jfrog-platform/templates/_helpers.tpl | 5 +- .../templates/migration-hook.yaml | 70 +++++++++------- stable/jfrog-platform/values.yaml | 18 +---- 10 files changed, 114 insertions(+), 158 deletions(-) delete mode 100644 stable/jfrog-platform/ci/rt-ha-values.yaml diff --git a/stable/jfrog-platform/.helmignore b/stable/jfrog-platform/.helmignore index d5c2e4aab..fa55f6aa1 100644 --- a/stable/jfrog-platform/.helmignore +++ b/stable/jfrog-platform/.helmignore @@ -22,4 +22,5 @@ *.tmproj .vscode/ -logo/ \ No newline at end of file +logo/ +tests/ \ No newline at end of file diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 19aef4d29..dc1226344 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,22 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.17.0] - Jan 24, 2023 +* **IMPORTANT** +* Added min kubeVersion ">= 1.19.0-0" in chart.yaml +* Removed "Waiting for artifactory to start" conditional check in `postgres-setup-init` init container +* Update pipelines to use its internal redis chart +* Removed obsolete dependency redis chart from chart.yaml +* Update `global.database.initContainerImagePullPolicy` to `IfNotPresent` +* Updated the chart Notes.txt content +* Fix the pre-upgrade-hook for rabbitmq migration +* Update dependency artifactory chart version to 107.77.3 +* Update dependency xray chart version to 103.87.9 +* Update dependency distribution chart version to 102.22.1 +* Update dependency insight chart version to 101.16.6 +* Update dependency pipelines chart version to 101.53.4 +* Update global.versions.router version to `7.95.0` + ## [10.16.5] - Jan 05, 2024 * Update dependency artifactory chart version to 107.71.11 * Update dependency xray chart version to 103.86.10 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 2b9589401..10ebceb3c 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -5,23 +5,20 @@ dependencies: - name: rabbitmq repository: https://charts.jfrog.io/ version: 11.9.3 -- name: redis - repository: https://charts.jfrog.io/ - version: 12.10.1 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.11 + version: 107.77.3 - name: xray repository: https://charts.jfrog.io/ - version: 103.86.10 + version: 103.87.9 - name: distribution repository: https://charts.jfrog.io/ - version: 102.21.3 + version: 102.22.1 - name: insight repository: https://charts.jfrog.io/ - version: 101.16.5 + version: 101.16.6 - name: pipelines repository: https://charts.jfrog.io/ - version: 101.49.6 -digest: sha256:e58b9782fa5370c28b3dbb208985e1935a142acf4332b4ae51afd16a7ee34e02 -generated: "2024-01-05T12:11:36.43401+05:30" + version: 101.53.4 +digest: sha256:f9cf10d922803ead6cfb196700de26f21ff54d13e3b616dd1df1cecc2fac9e44 +generated: "2024-01-24T15:31:40.815967+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 9461f40e9..d71aa6920 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.71.11 +appVersion: 7.77.3 dependencies: - condition: postgresql.enabled name: postgresql @@ -9,30 +9,26 @@ dependencies: name: rabbitmq repository: https://charts.jfrog.io/ version: 11.9.3 -- condition: redis.enabled - name: redis - repository: https://charts.jfrog.io/ - version: 12.10.1 - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.71.11 + version: 107.77.3 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.86.10 + version: 103.87.9 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ - version: 102.21.3 + version: 102.22.1 - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ - version: 101.16.5 + version: 101.16.6 - condition: pipelines.enabled name: pipelines repository: https://charts.jfrog.io/ - version: 101.49.6 + version: 101.53.4 description: The Helm chart for JFrog Platform (Universal, hybrid, end-to-end DevOps automation) home: https://jfrog.com/platform/ @@ -47,7 +43,7 @@ keywords: - pipelines - jfrog - devops -kubeVersion: '>= 1.14.0-0' +kubeVersion: '>= 1.19.0-0' maintainers: - email: installers@jfrog.com name: Chart Maintainers at JFrog @@ -55,4 +51,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.16.5 +version: 10.17.0 diff --git a/stable/jfrog-platform/ci/platform-ha-values.yaml b/stable/jfrog-platform/ci/platform-ha-values.yaml index 9ba8b0b40..1f59538cd 100644 --- a/stable/jfrog-platform/ci/platform-ha-values.yaml +++ b/stable/jfrog-platform/ci/platform-ha-values.yaml @@ -10,7 +10,7 @@ artifactory: persistence: enabled: false xray: - replicaCount: 2 + replicaCount: 1 common: persistence: enabled: false @@ -35,10 +35,6 @@ pipelines: pipelines: replicaCount: 2 -pdnServer: - enabled: true - replicaCount: 2 - rabbitmq: replicaCount: 3 persistence: diff --git a/stable/jfrog-platform/ci/rt-ha-values.yaml b/stable/jfrog-platform/ci/rt-ha-values.yaml deleted file mode 100644 index 142b39ca7..000000000 --- a/stable/jfrog-platform/ci/rt-ha-values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# If this is an upgrade over an existing platform chart , explicitly pass 'gaUpgradeReady=true' to upgrade -gaUpgradeReady: true - -postgresql: - persistence: - enabled: false -artifactory: - artifactory: - replicaCount: 3 - persistence: - enabled: false -xray: - common: - persistence: - enabled: false -distribution: - distribution: - persistence: - enabled: false - redis: - persistence: - enabled: false -insight: - insightServer: - persistence: - enabled: false - elasticsearch: - persistence: - enabled: false - -rabbitmq: - persistence: - enabled: false -redis: - master: - persistence: - enabled: false diff --git a/stable/jfrog-platform/templates/NOTES.txt b/stable/jfrog-platform/templates/NOTES.txt index e3841ab73..8271a00f9 100644 --- a/stable/jfrog-platform/templates/NOTES.txt +++ b/stable/jfrog-platform/templates/NOTES.txt @@ -1,65 +1,57 @@ -Congratulations. You have just deployed JFrog Platform Chart with following products: - +Congratulations, you have just deployed JFrog Platform Chart with the following products:{{- if .Values.artifactory.enabled }} Artifactory{{- end }}{{- if .Values.xray.enabled }}, Xray {{- end }}{{- if .Values.distribution.enabled }}, Distribution{{- end }}{{- if index .Values "insight" "enabled" }}, Insight{{- end }}{{- if .Values.pipelines.enabled }}, Pipelines{{- end }} {{- if .Values.artifactory.enabled }} -- artifactory -{{- end }} - -{{- if .Values.xray.enabled }} -- xray -{{- end }} +--------------------------------------------------------------------------------------------------------------------------------------------------- +Instructions for accessing the JFrog Platform +--------------------------------------------------------------------------------------------------------------------------------------------------- -{{- if index .Values "insight" "enabled" }} -- insight -{{- end }} +1. The JFrog Platform Chart is being deployed. This process may take up to 10 minutes, depending on your internet connection speed. + You can monitor the deployment status by running the following command: -{{- if .Values.distribution.enabled }} -- distribution -{{- end }} + $ kubectl get pods -w --namespace {{ .Release.Namespace }} -{{- if .Values.pipelines.enabled }} -- pipelines -{{- end }} - -{{- if .Values.artifactory.enabled }} - -1. Get the Artifactory URL by running these commands: +2. Retrieve the JFrog Platform URL: {{- if .Values.artifactory.ingress.enabled }} {{- range .Values.artifactory.ingress.hosts }} http://{{ . }} {{- end }} - + {{- else if contains "NodePort" .Values.artifactory.nginx.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ + $ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }}) + $ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + $ echo http://$NODE_IP:$NODE_PORT/ {{- else if contains "LoadBalancer" .Values.artifactory.nginx.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of the service by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP/ + + - Method 1: LoadBalancer Connection (preferred) + It may take a few minutes for the LoadBalancer service to be available. + You can monitor the service status by running this command: + + $ kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }} + + Extract the LoadBalancer IP / Hostname: + + $ export SERVICE_HOSTNAME=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + $ echo http://$SERVICE_HOSTNAME/ + + - Method 2: Port Forwarding + + $ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }} 8080:{{ .Values.artifactory.nginx.http.internalPort }} & + $ echo http://localhost:8080/ {{- else if contains "ClusterIP" .Values.artifactory.nginx.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.artifactory.nginx.name }}" -o jsonpath="{.items[0].metadata.name}") - echo http://127.0.0.1:{{ .Values.artifactory.nginx.externalPortHttp }} - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.artifactory.nginx.externalPortHttp }}:{{ .Values.artifactory.nginx.internalPortHttp }} + $ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "call-nested" (list . "artifactory" "artifactory.nginx.fullname") }} 8080:{{ .Values.artifactory.nginx.http.internalPort }} & + $ echo http://localhost:8080/ {{- end }} -2. Open Artifactory in your browser - Default credential for Artifactory: - user: admin - password: password -Open Artifactory URL in your browser. +3. Once you have the URL, open your preferred web browser and access the JFrog Platform. + Default credentials for Artifactory: + - Username: admin + - Password: password {{- end }} -{{- if .Values.postgresql.enabled }} -To extract the database password, run the following -export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode) -echo ${DB_PASSWORD} --------------------------------------------------------------------------------------------------------------------------------------------------- -***WARNING*** You are using the bundled postgresql database from the chart. Bundled postgresql database is not supported for production use cases. -Use an external postgresql database for production deployments. +***WARNING*** You are using the bundled PostgreSQL database from the chart. This bundled database is not suitable for production use cases. +Use an external PostgreSQL database for production deployments. --------------------------------------------------------------------------------------------------------------------------------------------------- -{{- end }} \ No newline at end of file diff --git a/stable/jfrog-platform/templates/_helpers.tpl b/stable/jfrog-platform/templates/_helpers.tpl index 8fdf0e4c2..8209d7576 100644 --- a/stable/jfrog-platform/templates/_helpers.tpl +++ b/stable/jfrog-platform/templates/_helpers.tpl @@ -95,7 +95,7 @@ imagePullSecrets: Custom init container for Postgres setup */}} {{- define "initdb" -}} -{{- if and .Values.global.database.initDBCreation (ne .Chart.Name "pdn-server") }} +{{- if .Values.global.database.initDBCreation }} - name: postgres-setup-init image: {{ .Values.global.database.initContainerSetupDBImage }} imagePullPolicy: {{ .Values.global.database.initContainerImagePullPolicy }} @@ -107,9 +107,6 @@ Custom init container for Postgres setup - '/bin/bash' - '-c' - > - {{- if (ne .Chart.Name "artifactory") }} - until nc -z -w 5 {{ .Release.Name }}-artifactory 8082; do echo "Waiting for artifactory to start"; sleep 10; done; - {{- end }} echo "Running init db scripts"; bash /scripts/setupPostgres.sh {{- if eq .Chart.Name "pipelines" }} diff --git a/stable/jfrog-platform/templates/migration-hook.yaml b/stable/jfrog-platform/templates/migration-hook.yaml index 3a52f1ab6..bc2c8ac17 100644 --- a/stable/jfrog-platform/templates/migration-hook.yaml +++ b/stable/jfrog-platform/templates/migration-hook.yaml @@ -68,8 +68,8 @@ roleRef: --- {{- if .Values.rabbitmq.enabled }} {{- if .Values.rabbitmq.migration.enabled }} -apiVersion: v1 -kind: Pod +apiVersion: batch/v1 +kind: Job metadata: labels: app: {{ template "jfrog-platform.name" . }} @@ -81,37 +81,45 @@ metadata: "helm.sh/hook": "pre-upgrade" "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: - serviceAccountName: {{ template "jfrog-platform.rabbitmq.migration.serviceAccountName" . }} - {{- if .Values.rabbitmq.podSecurityContext.enabled }} - securityContext: {{- omit .Values.rabbitmq.podSecurityContext "enabled" | toYaml | nindent 4 }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - {{- include "jfrog-platform.imagePullSecrets" . | indent 2 }} - {{- end }} - containers: - - name: pre-upgrade-container - image: "{{ include "jfrog-platform.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" - imagePullPolicy: IfNotPresent - {{- if .Values.rabbitmq.containerSecurityContext.enabled }} - securityContext: {{- tpl (omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + template: + metadata: + labels: + app: {{ template "jfrog-platform.name" . }} + chart: {{ template "jfrog-platform.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "jfrog-platform.rabbitmq.migration.serviceAccountName" . }} + {{- if .Values.rabbitmq.podSecurityContext.enabled }} + securityContext: {{- omit .Values.rabbitmq.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + {{- include "jfrog-platform.imagePullSecrets" . | indent 6 }} {{- end }} - command: - - sh - - -c - - | - #!/bin/sh - if [ "$(kubectl get pods -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }}" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then - kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all - if [ "$?" -ne 0 ]; then - echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] " - exit 1 + containers: + - name: pre-upgrade-container + image: "{{ include "jfrog-platform.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" + imagePullPolicy: IfNotPresent + {{- if .Values.rabbitmq.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml) . | nindent 12 }} + {{- end }} + command: + - sh + - -c + - | + #!/bin/sh + if [ "$(kubectl get pods -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }}" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then + kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all + if [ "$?" -ne 0 ]; then + echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] " + exit 1 + else + echo Feature flags executed successfully! + fi else - echo Feature flags executed successfully! + echo "Rabbitmq pod is not in running state. Ignoring feature flag migration for rabbitmq" fi - else - echo "Rabbitmq pod is not in running state. Ignoring feature flag migration for rabbitmq" - fi - restartPolicy: Never - terminationGracePeriodSeconds: 0 + restartPolicy: Never + terminationGracePeriodSeconds: 0 {{- end }} {{- end }} \ No newline at end of file diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index 6d6b815cd..493efb0e4 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -23,7 +23,7 @@ global: ## For example : For artifactory, using global.versions.artifactory ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion versions: - router: 7.91.0 + router: 7.95.0 # artifactory: # xray: # distribution: @@ -46,7 +46,7 @@ global: initContainerSetupDBImage: releases-docker.jfrog.io/postgres:13.10-alpine # Run the postgres init container as a non-default uid initContainerSetupDBUser: - initContainerImagePullPolicy: Always + initContainerImagePullPolicy: IfNotPresent # If you are using external postgresql, set initDBCreation: false initDBCreation: true ## certificates added to this secret will be copied to $JFROG_HOME//var/etc/security/keys/trusted directory @@ -211,20 +211,10 @@ rabbitmq: # extraConfiguration: |- # management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled }} -## This Redis is used by pipelines only, set redis.enabled: false, when pipelines is not enabled -redis: - enabled: true - image: - repository: bitnami/redis - tag: 7.2.0-debian-11-r2 - cluster: - enabled: false - usePassword: false - artifactory: enabled: true unifiedUpgradeAllowed: true - installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.16.5-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' + installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.17.0-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' postgresql: enabled: false waitForDatabase: false @@ -323,7 +313,7 @@ pipelines: msg: uiUserPassword: password redis: - enabled: false + enabled: true rabbitmq: enabled: false internal_ip: "{{ .Release.Name }}-rabbitmq" From c4bad2b31c3bb1aa8f0d3fb291d4116257e3be7e Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Wed, 24 Jan 2024 21:02:55 +0530 Subject: [PATCH 21/47] Update --- stable/pdn-node/.helmignore | 21 - stable/pdn-node/CHANGELOG.md | 66 -- stable/pdn-node/Chart.lock | 9 - stable/pdn-node/Chart.yaml | 27 - stable/pdn-node/LICENSE | 201 ---- stable/pdn-node/README.md | 27 - stable/pdn-node/ci/default-values.yaml | 4 - stable/pdn-node/logo/pdn-node-logo.png | Bin 16756 -> 0 bytes stable/pdn-node/templates/NOTES.txt | 13 - stable/pdn-node/templates/_helpers.tpl | 101 -- .../templates/additional-resources.yaml | 3 - stable/pdn-node/templates/hpa.yaml | 47 - stable/pdn-node/templates/ingress.yaml | 59 -- stable/pdn-node/templates/networkpolicy.yaml | 32 - stable/pdn-node/templates/pdb.yaml | 20 - stable/pdn-node/templates/role.yaml | 18 - stable/pdn-node/templates/rolebinding.yaml | 18 - stable/pdn-node/templates/secrets.yaml | 36 - stable/pdn-node/templates/serviceaccount.yaml | 14 - stable/pdn-node/templates/servicemonitor.yaml | 31 - stable/pdn-node/templates/statefulset.yaml | 238 ----- stable/pdn-node/templates/svc.yaml | 45 - stable/pdn-node/templates/system-yaml.yaml | 15 - stable/pdn-node/values.yaml | 674 ------------ stable/pdn-server/.helmignore | 21 - stable/pdn-server/CHANGELOG.md | 71 -- stable/pdn-server/Chart.lock | 9 - stable/pdn-server/Chart.yaml | 27 - stable/pdn-server/LICENSE | 201 ---- stable/pdn-server/README.md | 27 - stable/pdn-server/ci/default-values.yaml | 4 - stable/pdn-server/logo/pdn-node-logo.png | Bin 16756 -> 0 bytes stable/pdn-server/templates/NOTES.txt | 13 - stable/pdn-server/templates/_helpers.tpl | 207 ---- .../templates/additional-resources.yaml | 3 - stable/pdn-server/templates/deployment.yaml | 361 ------- stable/pdn-server/templates/filebeat.yaml | 13 - stable/pdn-server/templates/hpa.yaml | 47 - stable/pdn-server/templates/ingress.yaml | 59 -- .../pdn-server/templates/networkpolicy.yaml | 34 - stable/pdn-server/templates/pdb.yaml | 20 - stable/pdn-server/templates/role.yaml | 18 - stable/pdn-server/templates/rolebinding.yaml | 18 - stable/pdn-server/templates/secrets.yaml | 46 - .../pdn-server/templates/serviceaccount.yaml | 14 - .../pdn-server/templates/servicemonitor.yaml | 34 - stable/pdn-server/templates/svc.yaml | 34 - stable/pdn-server/templates/system-yaml.yaml | 15 - stable/pdn-server/values.yaml | 971 ------------------ 49 files changed, 3986 deletions(-) delete mode 100644 stable/pdn-node/.helmignore delete mode 100644 stable/pdn-node/CHANGELOG.md delete mode 100644 stable/pdn-node/Chart.lock delete mode 100644 stable/pdn-node/Chart.yaml delete mode 100644 stable/pdn-node/LICENSE delete mode 100644 stable/pdn-node/README.md delete mode 100644 stable/pdn-node/ci/default-values.yaml delete mode 100644 stable/pdn-node/logo/pdn-node-logo.png delete mode 100644 stable/pdn-node/templates/NOTES.txt delete mode 100644 stable/pdn-node/templates/_helpers.tpl delete mode 100644 stable/pdn-node/templates/additional-resources.yaml delete mode 100644 stable/pdn-node/templates/hpa.yaml delete mode 100644 stable/pdn-node/templates/ingress.yaml delete mode 100644 stable/pdn-node/templates/networkpolicy.yaml delete mode 100644 stable/pdn-node/templates/pdb.yaml delete mode 100644 stable/pdn-node/templates/role.yaml delete mode 100644 stable/pdn-node/templates/rolebinding.yaml delete mode 100644 stable/pdn-node/templates/secrets.yaml delete mode 100644 stable/pdn-node/templates/serviceaccount.yaml delete mode 100644 stable/pdn-node/templates/servicemonitor.yaml delete mode 100644 stable/pdn-node/templates/statefulset.yaml delete mode 100644 stable/pdn-node/templates/svc.yaml delete mode 100644 stable/pdn-node/templates/system-yaml.yaml delete mode 100644 stable/pdn-node/values.yaml delete mode 100644 stable/pdn-server/.helmignore delete mode 100644 stable/pdn-server/CHANGELOG.md delete mode 100644 stable/pdn-server/Chart.lock delete mode 100644 stable/pdn-server/Chart.yaml delete mode 100644 stable/pdn-server/LICENSE delete mode 100644 stable/pdn-server/README.md delete mode 100644 stable/pdn-server/ci/default-values.yaml delete mode 100644 stable/pdn-server/logo/pdn-node-logo.png delete mode 100644 stable/pdn-server/templates/NOTES.txt delete mode 100644 stable/pdn-server/templates/_helpers.tpl delete mode 100644 stable/pdn-server/templates/additional-resources.yaml delete mode 100644 stable/pdn-server/templates/deployment.yaml delete mode 100644 stable/pdn-server/templates/filebeat.yaml delete mode 100644 stable/pdn-server/templates/hpa.yaml delete mode 100644 stable/pdn-server/templates/ingress.yaml delete mode 100644 stable/pdn-server/templates/networkpolicy.yaml delete mode 100644 stable/pdn-server/templates/pdb.yaml delete mode 100644 stable/pdn-server/templates/role.yaml delete mode 100644 stable/pdn-server/templates/rolebinding.yaml delete mode 100644 stable/pdn-server/templates/secrets.yaml delete mode 100644 stable/pdn-server/templates/serviceaccount.yaml delete mode 100644 stable/pdn-server/templates/servicemonitor.yaml delete mode 100644 stable/pdn-server/templates/svc.yaml delete mode 100644 stable/pdn-server/templates/system-yaml.yaml delete mode 100644 stable/pdn-server/values.yaml diff --git a/stable/pdn-node/.helmignore b/stable/pdn-node/.helmignore deleted file mode 100644 index c13e3c8fb..000000000 --- a/stable/pdn-node/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj \ No newline at end of file diff --git a/stable/pdn-node/CHANGELOG.md b/stable/pdn-node/CHANGELOG.md deleted file mode 100644 index e6ccef64b..000000000 --- a/stable/pdn-node/CHANGELOG.md +++ /dev/null @@ -1,66 +0,0 @@ -# JFrog PDN Node Chart Changelog -All changes to this chart will be documented in this file - -## [101.8.4] - Jun 21, 2023 -* Bump PDN node version -* Bump router version to 7.67.0 - -## [101.7.6] - May 25, 2023 -* Updated base image `ubi9/ubi-micro:9.2.5` -* Updated initContainerImage `ubi9/ubi-minimal:9.2.484` -* Changed podAntiAffinityPreset default value to hard -* Added ServiceMinotor object - -## [101.7.3] - May 09, 2023 -* Added checksum annotation to pod to auto-restart upon change to system.yaml - -## [101.7.2] - May 07, 2023 -* Upgraded common chart dependency up to 0.0.6 -* Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1829` -* Fixed network policy template issue -* Added ingress object - -## [101.6.4] - Mar 06, 2023 -* Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1793` -* Removed unused global values -* Added `logLevel` option to systemYaml.pdnServer -* Added Bitnami nginx sub chart -* Unify system.yaml - -## [101.5.5] - Jan 20, 2023 -* Fixed empty updateStrategyType -* Aligned network policy with Artifactory helm chart - -## [101.5.2] - Jan 17, 2023 -* Aligned variables name with JFrog Platform helm chart -* Updated initContainerImage to `ubi8/ubi-minimal:8.7.1049` - -## [101.5.1] - Jan 06, 2023 -* Aligned values.yaml parameters between node and server charts -* Replaced readinessProbe with startupProbe -* Moved parameters from pdnNode scope to a main scope - -## [101.5.0] - Dec 20, 2022 -* Renamed common chart to jfrog-common to avoid conflicts with Bitnami common chart - -## [101.3.6] - Dec 5, 2022 -* Added additionaResorces and hostAliases - -## [101.3.5] - Dec 1, 2022 -* Upgraded common chart dependency up to 0.0.4 -* Increased persistence storage size up to 64 Gb -* Added containerSecurityContext to initContainers -* Updated fsGroup/runAsUser to 11045 to avoid host conflict -* Updated initContainerImage to `ubi8/ubi-micro:8.7.1` - -## [101.3.4] - Nov 22, 2022 -* Removed unused parameters from values.yaml - -## [101.3.0] - Nov 16, 2022 -* Added Bitnami nginx sub chart -* Changed from deployment to statefulset -* Aligned persistence storage size with maximumMbToKeep -* Increased persistence storage size up to 20 Gb - -## [101.2.0] - Sep 01, 2022 -* Initial release diff --git a/stable/pdn-node/Chart.lock b/stable/pdn-node/Chart.lock deleted file mode 100644 index 5a387b3aa..000000000 --- a/stable/pdn-node/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: jfrog-common - repository: https://charts.jfrog.io/ - version: 0.0.6 -- name: nginx - repository: https://charts.jfrog.io/ - version: 13.2.13 -digest: sha256:e66497241d7d5eaefd6561077d1e18aaa82644184ab29d5a817a273ff04a97f0 -generated: "2023-05-06T22:58:05.261752+03:00" diff --git a/stable/pdn-node/Chart.yaml b/stable/pdn-node/Chart.yaml deleted file mode 100644 index 18fbfa4e7..000000000 --- a/stable/pdn-node/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.4 -dependencies: -- name: jfrog-common - repository: https://charts.jfrog.io/ - version: 0.0.6 -- condition: nginx.enabled - name: nginx - repository: https://charts.jfrog.io/ - version: 13.2.13 -description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/pdn-node-logo.png -keywords: -- pdn-node -- jfrog -- devops -kubeVersion: '>= 1.19.0-0' -maintainers: -- email: dev-distribution-pdn@jfrog.com - name: Chart Maintainers at JFrog -name: pdn-node -sources: -- https://github.com/jfrog/charts -type: application -version: 101.8.4 diff --git a/stable/pdn-node/LICENSE b/stable/pdn-node/LICENSE deleted file mode 100644 index 8dada3eda..000000000 --- a/stable/pdn-node/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/stable/pdn-node/README.md b/stable/pdn-node/README.md deleted file mode 100644 index bb71db8c5..000000000 --- a/stable/pdn-node/README.md +++ /dev/null @@ -1,27 +0,0 @@ - -# PDN-node - - -## TL;DR - -```bash -$ helm repo add jfrog https://charts.jfrog.io -$ helm install my-release jfrog/pdn-node -``` - -## Introduction - - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release jfrog/pdn-node -``` - diff --git a/stable/pdn-node/ci/default-values.yaml b/stable/pdn-node/ci/default-values.yaml deleted file mode 100644 index 4dcde576e..000000000 --- a/stable/pdn-node/ci/default-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. - -pdnServerUrl: pdnserver-pdn-server:8095 -pdnJoinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE diff --git a/stable/pdn-node/logo/pdn-node-logo.png b/stable/pdn-node/logo/pdn-node-logo.png deleted file mode 100644 index 686b9deccd949430a1018036a97699008002f015..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16756 zcmeHvS5Ons*Jl8+fPfVQ1XLh&P-!AnEEob(r8nsv4H$Y=K$N115JN`-2uQD?BTWPX zhTc(13{?q5`ri28{bu&<+lSq!WrhJVx14s*Irp63B})5|8WRHt0|WwLf<3&a3xUuY zQNK?f2cI<9f0zJ2PCb2S>;tJnX%^pCIfY-rnBgPVO$A zHcy_~iF+U%l2#QsAdo8%*u6XYKFQ0I{>c+|zK4I74hgGJ8WiM|AnVyX;OmqL9Sq6r z|CRPEi}|C+zh7<+I2Ra$qSaO2eEjI61UdDR z?q&5? z(`+JqNMqmzM+o~zFyL61jJb~nX>LFm)A&^PThe=tz5BW)M+}bIfVPviWF|Q2`AX_E zns4ii7h>HSQ^VKuH#+5=TL>9-Ls zsPigrI>nH5=AeU9P5$KvH$Ay5m&#N$g&|yZZh^-<(gv3fO_oKUOG>@Bt@SW@l4?^Bwf5;OTU{Sv+6wq2`lAlps8#cidb zh3i%AF)-)315M>mb8obwxoDf3OTy??Q18VY;!q0;aHlcevQ!~5c_FoW<7<_5N&+rT zR1PsqZ1R z>#Kf=o##gzP|sfF{TXpa?R+xpjqjvuEx@|&gsH*Nn40m6x!I|sW@LWsw-R2+t@3Q2 z+T-amyRsWRwKsV7WPzEbTj3rqx3sbXKrg_^^H`}0Sh4>PiX4x4tVU|DqIi70x0jug2^a1ry%^15RDz)BL2(=$4rg?kv?_E=4&&o>JSuRYGU z#!&tsaM8A1Nt8^y(!a&4Ja*JA^`~oI)=XII(a5%P?Wl|)m&qb^I(^*9P^h8c#Yg!j z>*tKubvtJZMm{utL~-tHYtNR>#|yxNa%(ND*ZWm_VjS}_6UE(M#j8Rh?={mV_BGXn z%CQizeyP}lcevFNU+z)?G_+B9tn5edk{r$fN5bW5tWTp720S0p?K<;Y1{f@#fiP>G zlZS+~R9V-pl}y?ktc@sE?Mh1SNk~7!qj2~^zJrMdO8H{Wfaz{-=aR`!j(1%n!SqsR zx2$M1t=fEg^$HT}+Vg7E*X2qmms`>Ak%9M!^P87{%IpYl7Xk(3qj6C=53(1Xv-;->2MPQybB&Rduww-eE z6A?Vao)0T0D5Bf86SzV!SEY8|k2K{gKi!;xQ!%?Bn$EnQc|g+dQ6@ez#9x-76!BEe z|FUxtHbuU@RziiiUuJ9ry=oaJNbc~y^EQ@<>SuBmF)!Da!wgMoivJP#k7R-Rk5mT zS@WYA*L%3f*O*NU?KL^H=R$+Ju6bOfqwT7a;M%T1<%GBKvZzY!6MDuES^r_t^ZWF- z%?CQ4vzsfSN;~BxUq&Pr<@ilk{a>5O=JqJzcjPr(BnKA?R;|m`8?iiK6K!avN!h(E8(5P0Sh8S!o13#IuSYf^ zq0Do#wvdEQX?*7Jvj*{5yY4FTO!`IOY@NO)_@_audf~UFkqK|j)HQ1~-7iYUqrDbu zzNdcow;?4Krt0A?_XI2&sRr!$YyjakW@J8D=3q%xX=epESF}^93Nup_I>KU znF2k4EsJh$^a&3ZAP(ZNLkX0&o)XDHII?_ug@r38^oSyF7KiS71Xw-BE z1d(JZEUaPV%N{aMJSK6+;pU*1TkU5n+pbaO?Lr-NHQ&w?v&4ruS+Ll48-Z3zo`Ll# zWHKwhx0vss6nEa*A@@bmw|z-n5=j{U+`EnWe9L;wfq-rHJ}WFPHYJND&_w1>sd{0l z01%Wh5Y)lfguTNia~_Wp-bi7V!-oD$AjM{y zT)_-AAX>{M_qEC)yt;E4jAu&HnW0K7Y znnWggMxU=Ui_L{%Z;<=7-If>R;Y`an$u=;Pz$3@rUtD0S6vnP&w=kakaYTn>KpbuU zn7|TDRVP-v7y=tbYzgipOTa8%rPw7@epo($-QEmEjuu-m{!7X_=H|puj{tvn@Mgir zLKmjFfkZ_GjU4^Mb)S6KM;SX1C2btALYN@I;acdzN?k-ph$LEUJ5{7=iLWOrB})gt z(eNjRbdVbnK^!p-d7##;YHHe0a`e*no9qWKgJn_44N2?~rEZezsPZsu)88i22?^X) zkyQT)8p5MxHgdE(0jkqIsHx`|(vC*_W^$GR(-WusKf>40QtXbapRxPp1Gn4#ANW0@dP6=ye)z>% zMXjJ;B{R=T$}Yc#=XOskk4kSxs~7&w8u1+)tyAnw!*5jh_1@6(Hi%Ao;sB+$?%iAMDRq-l1!_#{a^HP za5v|&MZ81r#sFBqKMv#_8^aGPSPSsa4`& z&r{{>uGL=;a}0iyRm;HU@jFh1urMV7C*-8^_)U^#4?CPa!X zx-~F7-|pAzJ*vi^VzG4k`ESk9dzGmC2_E^AXW%W3oV51V|LzzXnnA`)7KIvzorN&5 z3^VD5Z`qWopSmSOMN0{>T!i6x3h!_iG!?q-T|My2a4=bHZR{;bpkH$xdli0Bv^=?a z@C8=vO;zw6s#Cq(I=Sli$0ws&33=vngKF;YPq}=aZ(wn`gDyxMIX5en$dW@*-1*)R zFu0KhmEIEA*5IWe9SokuoF6+YV&o`i%I0zOmZRDXUtTiyL@UQkIt@73+8!dDUvuym zf3U(Nf*)oR{?o`oS`l8TH7KYSSnbD?EWde5&ST+w5I8PElQ#9iE5yMP&&wgT%PIEf z!!<=Bf-lOSw$Db1m3BJ5VL!w~rby{2sz4T0}E8ZgpN9tX$)7Xlf-~att>rHRM zUg}(7FV<_w)iU2=Vl(fL>YuwH)6S5ZP`=lsaY0?A7qx_rF)rNSigqAmm{puXd+YaO z)N4Fhi+<{H2@hX;#BaF28fNa9@NFg0q|QR|137T#`&0uUM%$=awI7(`8|vB9xXq7D zP($Q8$~+U|G4#+3Cw?o-Mr}Mm$9`z83a&*-C}j;{5jKGm-sA(+ZI^>F>EeFduCARQ z9_`Gu1EwwY<0rChI(y)^b5PyEvex*UWXm3?IL@r1@OvuLk;_6+%6HkMVcX5cci(n? zM%uyBaAKQ22gZqM--^r|o~8dN`b=y8CM-M~IS_k)P1foD^5wYecEtRyou6s?hAd8Q~DkM_87C0wZvQXpNu)0}xL~VtIr2RJ>8kM`~P&V(X22u(|o#MXo8W8eb ziCs1%pO^L7b3~B4G>_alqg}ck-!CdT=xk`1^~i}2==`}dIdOd+aiFD0>V66H-IiN> zl|uJPfPpnpmwJuGHYy`y)vBlUmc&T1``*h}PUfTXmvuhE`P`JdJ@A_~^OmCqy&5R} zWr@|>t5e~<&vJh-GEG24=q#Kk-%8`otYGU@I6qzqO18!eV*zffe zOn}G8^@`hSG}4__FnAiM{3mx6Yvvs`RPK3LA1prl{KRe`26|fnO?Mci7*Ae#WSOnxMfx*WC2tB&6mNDy3Hl@3 zI{2C4R}B_f3&BF^tX?PF(({SH>mbud0jo0sQA9`-?+bH~&JFq)x@A5o)HNrJ-&Bs{ zIu?_IGCiWS9?U{tiu_esp zoP3AU;dx`?UHq5k=!*|t+wYD~AEZc)9N&JCJEuM@q-mfÍ=H}<_t50Nv0@P_Ny zCwc}}4h#3s9#I;>?DCO(_zk!*)U?y>@3Uo5$AI`hl*31*KOzr^g|n5HDHV>P+)wHp zT4JJ>uED-@8!LU$TUf>R?ie|qnz;WeLZ;Z=im-|wOyVEhCseYJh*Lz%Na0%G`+oRSTU34-H!;<6^#C6z9~HZ8qtzPjCX>k5+>mmd`Y~ z{(g0a$?55))v)55wZ@98%on8VKZ7fn6!LUA1k=epi`#xx)3JLvfb;GkT`+^+kp#yopKk2-_YT{_z|RTeNPRdx0Sxz zGX2iIbM)<*DQklqlHp1@qVO*imKK|Gx3uHA#*>7pP5~_;l55n*3>( zrx0(eDecUBZCAHM!iLJ6APFha_#^I`10*{fZ1G(VPm+7r{IrKrXW~uzp+;-y~^l)xA2K zZA-RGGWa}w?gm|7pD_NL{@4=?tVYE8bQ#})fLx?)<{zEnGng*XKh=>OHB-&fx0*8C zOm6Ip7$fkw4(zk;f({E`a0aKq4^M`j}@Q?IQYd5R?*$&;xcT~{1b29oG&$d;w z*1efObAC84N%vIng6KWTYQO8Vt9Q@xE^Er?85ZDed+xQKR_TA1tt(PivU6mhzYC$hj8r`|=-#HG{i_SvfA!Gd7C>$C6Wf-=E~P-pC2+ZM;JP>2@C! zX1OE`acbdEu@U)>BdK=R8ErwMlkSHE8%t{(4#jG z``6YI*Bf6;aXR_}S6(&Gy@bY7^0D16*Lsd`0W-G(>SFwu;%}z}qRiBJJDENxl+?Y) zi3wu2sjRh#7jv+&xWuv#tR?K35JBnGus4#>xb{NFp3ZG<*KTI8w#1N-Cw5lcG3w)m(&v3TB)-^#p2&Uj&mVE{P)QVq65Qy z+Nf_998VCBvwd>lbZ+i8-hb5W4}YA@)O5c*8uClf=u`fxo$Q5=mqiy%^g1s#at4Tp zO#ezOZbX-h?AtcxIp7?g{KYpNWmshtqN2^Yo_x;XA}infz&P{d^+B7z?XLFA?`oRQ zN334rn>@6OwPi;U$dX!R`M*}fY%)lUJEIa?)7n@4{51r*dFF*8Uih!Z%oDI{TKUp_ z)WWgUMfLqPy53_?A=DB?(zx0etu2ZnaBw&F&8&DBSQpzhB~B|1lxKik<-u<}g!$80 zuJ^++E}zf*x#sLX(BGVZ$@`TP+ZWIT2F2lgKdoO_2(x?t>mQb|-Fv^A3-hI@diW{&z6Og@B`A4+`h$rOkHyn0bXrH_q*Mpq?+PV5FEG&G?6WcA$q$K-Yx$BE% zFU?Hf1OK6EalOB?D!FB&TsnY1&z+KndDJ6jg{@WJTFEpfh4W1tbrKsYvWgy7lTBfL zo-_=s&V|kl4SsgSjv>q9Adg>wYD>HQy632%Gl*=M+A=mtNnlPx1;p(kGke`%WknM` zN~}K65Hbgc`utXCpN(D?TV(1fu$kVddhZ(i_Kn{oKh)iC{i?NwNJ`2%5Y#~UM&=cm zRUik?K5_UssZ*?NnoDo_+B*)BAsWJ79W+`Yueq!76$|D1)AY{YPnB>CNL-B3wAies z1Jzk^)q(ayN-J-26n_Z|;~g+tGMw1Nj(WtRuvHdsW+(hx15$Q9L1Id9c>6BFi$DLk zA&b2#;hsN8ckJ^F>aYCmliJb$jfL2E%-OU4T`QEBs`-0p2PjDaYsqIHrc=zOd4SDs zrc2Tcy!2g|We6&*{o|y1>~6EFrozUll)g1)o8?)EHXSuvd{=&BPQ!tRl@ zWlEe#zk5DV>6Zee!fw}gCMwSI#?)SGljQeoz{V*weW1dx^>L5`c;6))(>CSOBa_S% zPs&N^RhWJCb+iNq@oGCf+1}mqv>c1dO1vL@yhn-~kzEVi15mNCX~VObTiDbK2>Y>j zL09J#AkR@_6<0g(LK2wp$Bw+Rd6o5)hm+~)rq4tYLAc_S@R(j$bk7s7{A`5yLb2ZB5QuKT(Wl} zl<_@(nM4}K00vrm=(IiJm%qyLA6%RHdOzGwR*`>3q5LW!L15GKZmgseA7F%Ld0fx< zlw4_Iu9D=OLOD1-_8k|>tzb`jyJ^lu)Y2c+y1A2HCP!}FZT=!kZ{9pMD}$GtQGkT{ zsF|F)tp(&?C}{Md1h~_Or5)i(zhoaH;uU`^(44fh+5WnH5y>+&3U{|4vOnb>J5A3h znE++=IeJ_w1a@wIOiM`gpDVNpn^FngQU%K!eVt{0Uo(9P!5vbpy4IpjeA)5x6DOdk z+s@%-G6rey&J46;#HDm`_oo9m=MiDySVXf^2zNQb{0DjLigL^Mj_g78+WLCcTY9(?N&%QaISU|+Z*#8vEhP^- zxAm3+Y1Qe`f59p$3k;eKsOzD%UqI6{7FRQ!ecvWu$Tb)-cMW(UXA5C@=>gGlHZZ+a zQ{Y4r|Kwrcf+0k#5S6ddxo`Rdn*G@-LmUW|ouw)){%a$bGi%7-i52+_dv+0{Pv^n3 z#X0R4x})27duY#CUaOUysTTNZM?=cc)Gog6My+v0<1zt5{c);bKw46ysF9lZ^uW=t z5K12uEL+Jp$+;hCPkrm4#-81mnKPzU8L?4^4E1Ry*cDz~>jBljofiYQaUgM+Y#l za9d_XlyUnmtIF)d`5#*r9Q2G8YG8A`)17Lkc0hDQH~J~P$V}x4ss^%qE)-h%=IsGi z`&7;u6!%R44rN%3iqDl<@eCgCyM@xf8s{MA2l8vfCSOOo3!)lHRCTLQdPgMEr$5tp zj=R&_INtEozj&#!j~h&mvZ5C`|GW4OB!+h=LeBDkVF6&ZVXU8}U?d=mAu2hi3%R== zGHksN)C^GjWDMa@8*bI_8(fMKPdbm_HUV9Z{`Dpu7B677x!Eic$tTipXn1KZGs#Kl zX^y-IPyA^0#01$pKFN-lvURY(364Wd2GBn&FCys|s7`4DNtoX;EUtkPYmP#C63X6C zGU;-L{Fy_@&xB@#S%FM0Zt%dR8lCMe9PEWBlD_4}7DkygE`Yje_fXq-+Je0z!g9Va z># z8DhQ-Ud1lYOv?=#Z)y$jiH4XkZn+cmSaxZ+%ay>UStEu4*G*UR)xW*`fPrG^xShvL zmjk=+LCLbdY0K^0oorhET;D35;5_CqWznb7mBI>y`4dk4jk-^5O=Ne>arD!nSR*cx z685vLs3~Obtg-saHSDH_I_blH27Mm8(hvB?cayne+AK02?ZH(!LYwb-pJ?lWGu+Bd zFKncK;53R@8%1r_=8xlenK!#VI98|Rj;4wRmIomNMtw1)tFoAnOw`jSKJEK8MYF>C zFx65*chK)6ENvuU)qbjiHbw-c5toCYYUnP25lOV;x=oH3<@MO~C6$Uw$f;j4_+Rm0RvfnjYJ`G_O zg$cai-Y2K%u>ddq&or?DJ%_KJ4%?C@221WjZe6E1&!7i^-*A3Sol40TH-cIQ9+bKy z1zluzw8Q3!os{#Ka-ThW_1^$Vk5xq@cf#zQ^dDJq%yMqcvGl+nW#7uCi4;@5{nYvK zppq=pvD>%|?gqoogu*y#=N&(qNjG(-#-)ef1sbM#*EHSgN62o(UTpHO(k%6UZtNy5 zPu%IJH9zd;PDk|!yJNtrpGH%ftm&5+)mkvN3P3x0z54G1A&V4T-xfD68_t{lkhu6z ziCz9!$X&^8HTu0#n@9f~#F!bVbN}&|uQRn*M2RDIY=Y_=`fpY&UKKa3a%%fs1O)cf z(H*H;opz^EdPK0CiNPSL6EuIawso=ZUYHxgn*{id3mZI+ zusLwZUROeIb_IsdQO0n3iWBDYtghy4fP@wsVrEzm0-T&JK_jtG+QOph=vYAs**lR1A|WUCiWJQ1;(3<2U>fdm}xn zdMR4FOk+0#v^caWeM*379BTacY^>L!0@ghm^g#Hi1~U4AR_U5lpz?@l`9%hUH|&6@ zDi_uIn+0(x{4$uy8wnD+GNI7Ywd=Mi7hJ6tKksIOuqO6t#BzdPQ(=5O$g}F`1e-iv zPg?+ijJnx;910ALx>p|XgfXPo66ihU4#K%koH2EjW_wTCIYcTRB*fffC+PFzv30ta zd|z~1l5}g`ewrC}7R>6!tMvbI2v1JHk*ib*|M&}4cb}`buhG>VH@i4n7}rjKSnW=% z)IIHYU2^OdRFg^v6uEr_<(9EII`NfPDf}U|JVrii5hGV28d}tj3N+=Sb86R-EQr`V z3RPB-asl6g?%1iv`_UySxwO;UL(F%uQ4283SO`bl4ENR$uV5pn; zci}Ci&jOH^hcflXjNYrVZ2=piJQ4DJ$!5^9w<1RVNG^N~@EA<=`7t2nI9!q*4jwYLzlyxU^QswIW?Phor zZzG4#zYJ}UnXl*Kv>;^|*5h9hUHix9jH7OX<)SnN34)HnxaYQ<)!#Z-P97w`uI$ns!Q1=BHc2La4h{gmT z`&^v7je{ItzX{c%F>tn*$qw#GK;8Zyf!AqgSX$Ev$TKaBXn6ER?-`I6jvC%{h~%pd ziBVzUHJMgF(%Ttq8nthhe94LdO^v1^QLGUUIONz)ed$X+bCdHEzgI#XJ~HVPKYa-L z%ZI#Mw!0kbD!Tn0B6xL5;Nsa3zRpQ;M)|&>uEgzI98w?)VeZ;x99mNhTKaDIVIyP2 znES_U2_57EmRc#jsVF_CAzAV>=8B-vEmzR?*ApYXDMF1V**Lu8!^jvQ+Sb|$G*%J1 z;pX+IJoEFy^r=xY)WG=|(X#e-=gq|(6BLm9oh)ENMA9{cex!v6RTl2hCriA0yf%I*E0*rgwW~$YpJZ zKMTQ~bKrq+Fzh!LRwKTl@$X`ig%X*34@0}dlo{oQ#peH9>B9jKkr_@u z9fogq7Upk@mc0b}$Knf_6^UkPOp51MV#2}`@$Nf@l|AF=jfcCcTpb!Ptk&?KO_~9n z4ECCYmR)u{v%u8lm_YLP zfn1S6s&TD|h;ZJ7vfOe71Wq>4!O%3Yafd%QSFsz39QSF@j10BOOC)$X&y>`j+gSuF z!kT3{KBm}p1!}!>smGmn_`Nb4A8^BT_929p%)L}Qg`;HexcT$BdG5%d-Ow&cSP!_} zcz1k7)C->k`4# z?iF`xB@wn0qsxjypcPbXRKlWr7BU96;!fVWH@0d&&hLg<4ic(Y)+`TPJRNuPET*f}CeS0ETyWy=YY)Tq zwwz-<#~@9jC1K&!8lYJhso}SB$jrCtXO5?XsBnR*^%>Bn+B-MO?>7>P6W0V4TCMxh z^pK`#P@}&7ZRdvsUm>IU*i{&`V6xo$AYlX#fqW1LO@(hp8MhX&URZdel-$3~L4AzL z0ko@SdL2i97N~iaNd6bJl=_PlKwo)WMIMK!EZLyt#~yg+Dw9ej=G9I-qGEsg#z5nd zGvRMOKUchoUra>A-!c}+C(grncTA}us0YNd?E_iMgq4QFxXk0Uka8&o*0C@8YU>QJ zl*S$Uswxu5ZK5$JA${M#I=%pvT5A@x$s6SBE_^hCO2T-pZYKe{K{Lc;O7YEVa05>&EZv5K8VU2P(qoUz;~>gxfCg^a_2eao=Gjq(FAZHUXP51n2=v_K|V<+|6UwCl7r?t zZ-PADZb`zZv1;{Qh)nU^0)I-!L~yrF&P}WyZbQRcz6Gaeb~{Tr#aewkFar)ncTI80 z-q1D$4f)Tma{lGDg}1sTl((DlgWmAl$*RX^u8yuZMZruI#o|-4TeUDtF!2<7`Hkw_ zd+c}@%kVLhN}T37a#H9ux;sFNr4zLluEckddz;XDVfnFO)2!?J9-H0tQc0oD={&c( zHPhbu`9<(|3atjchB>I;hFhehCGz3t_8Nkq{#q0J31j@nf7-CHnxMOCx(=qLcbxk7 z37xGK0N!&sA1z__VC4d_-*H0rJ{Ijq-EVUk__p~el}WG+2)nkj;U zV)S(ljhHLlAE6g`9Jnae_19?u=_j1xPITIK+=FHFjaEs2<2=#{U(!~~g=j{Gg(u9e z7D)+7?y>2v>BzI1XJ%xuIRk|79Vx3ZzXyJ-29llUb+`3IVUKQT^?Hr63omU9WXIk_ z&t(Uu4UXshU>xM-gUVEA&I3j1{zEEh53&s|Zfewg^lxL@j`IwlTl{6k*`32ZX60^= zs!g;~bgs!$TS@dZT|V=V3tePyQq9CfY|*?+;zk|_hN%EeAzKk(UY=&@aUHX)5j^tl z1R_N)-f^{ocCb!FNAkz|T7h}RRx`Cn3Cw=5E>FB@k>gwJ*0ib6>BdI!qPPT5XeSA; znDF)^G#`miRAo)@mqmi3&9aFMjDRSpA7o0I$XlbHt+pNE$+rKx2p z^$j-EpC?fVU}b(FCFIN^f|00!1pwKO7-mX6UP6n(pY>(ZUA|;=Cwyp)m%V@ ziyvg_ZBTRFH906hV$W#Xaav?ak+C2P;4iZsh}^K`g01WB=!rY867DstzWG4Wg?Z93 zNn)o!`?*21PoexjNjABRf8{lR9qoTc<-5jk(SAAs+S^m$!X7e}j2R>AK4ZRg9}YC)H0d)HQ>$rmUcMtJd2v0dbiRSq${eXbxPwr_qt>}OJ^H=js;}w9=o=0}(i3Z*uTt8L5N$#ez10Z5kj)S_wKH3uf!l zLk|ETgL=Ihes6|ruMe9e66*bB9J=bYK+n1-LsziDys$AUB{LRTyK-Ow44sN|IQI=; zU*TrG&z!Cy6Ao@F>bT3=b=4QeaM4p|Fk?63N<0TTj|>p;l?sWpE1>b1aKk{*U8=up zusZ1_>FbJRX=Y#=yOC`1733wU1^|=5ApAX+FF$XZy;H6L_)rG`lIn>=K4k2Ro90_H z6N_$Cn9Z^vXq4~&PD=zir<`+VtH8nrkylr8}Xh6jikg&7%Mq%ZzOUZWKynU^D?yDi7%N=Wkfl0&K{+TV#e$OEuc zkyc)fIlvoHx)VC9XV~3B0fm)26Fuk-5A*AS{cIrl*JvcI_d0a=9SN9P_#&3Czsj#I zN95Km*<%jMOsqE5QMO>W6NSH3OpSo!B<#qu20qa3|ICcvNXJfzY1U<;@)gd=vwR`5 zljWRlqW3dlnEbY&M*@XkK&;0Mek{6IoU_+*$=)kq$sq|yL3!n)@Jvx_T;wOGb zjNH*SrRD&u#^ncD_PZ`HfmVW^@*!G1Xl`yqC^RIRV9uXX-;m|guT=`*)aQIJ8n+}L7fFCI0MGaT?{4s~ukngbwr%YW=4&WL( z2w`L@A*lrXMECSH@~INaF&mD&xz_~&QPR{tSb4>S(R3P)=>Hk7tRpX8R%KY)(oz~x zA9)t_4}BcVyVWqDQDi9p*+?<0Q$n1imiS}jg4Gb9(;w&!ZgzMI<_ToOgqe2F-hPNq z%bOGSwy(_7d9}SXta{P=9Xr%QJK_9jeSAQPTNnQr3&4gx%qU;~?5taF zP};A@EhtdQahnvMIB6+MV`EJfr0h+ z^)6ZF%a~k)#w&(!^M+-jR?kLBZ0?3Kygn-pj769w@GO~HNSpJMSxlbrmoI3n0daXm zbJ3j)52IK3LItLRf==UfR=$lxt~5p$J$YrA^xjsfm$!A)_{J2)Hh;_x>Yst@=pgie z{SSsLxQ#&bQni_uIo-c}EpFTVac1m@@gi=K=yNSl9F}j%4cv`9GTpuy^n=N;M1|hT zG>1}2YmyVI6I9U#B(CyQv>5;zzW^|9Rzpt9`dVZDa{~MaEl~4j*4Wn0n34BQ~mF$uV#vZ3|2P3{(gF(PUM14zEhu; z?cYWZ1PN&#UehGjiU7!lVk8SFRg`(hK6;yS@!qIO3bw+`xOys|sgX<5h)6Ry#%7ZYS+9d#=3SND>K} zP}tNT&zk$yIx!KD`o3FQOVS+~T^lRie*>Z1Zr72xA-J-~!u$fxqF&RE!{j%ly-z`D zc9V9Y<)F*;4@9pwvH1*5h)SWq<(kb2g4P=KQ%;<`$fe zR?G4b`wURJS_-A#R)X7mBn+HOYWPmv`nufH;bvSNQ0}n74C9c9{``)dB|bQB#4I~$ z5;siG!3ADH#DJ1(&~#QD{I(*Jb;kRHyOfrN8NuW4)L~F9Fw%JY-4N&fwJ>-QPcPfF zUf1xkL>lU>_msAxZ_w0*^~S*ltx=lq06U2r=B~2)u}&8+0`|I~%vUu$tf1mN{b|RA zRx{)xc>Pd1e<<*EGpKXV#^Da9=YiH(hN0WC_~G)?Mt<3$JwMEWXTdp*=ScAyYAImw z*Jeoeoo3p_PyXc|@mM86a_fk3pTX+;Q5RwS4<^Z-h1HU&#v7xi&TnVc;sf60hxaA; z+&ek&9l%lzWd7)5lmv4N9aLygNbGV!X;e;kIe0VU6Es&K?oayM|G`J$Rb?9k>zRk{ zuJh!ZNAli0(JAx=ZCO$`_QJBTvauJ34sZrVNt{dmIdG5U`^Alg7hZehKjx+)%R`#h zGXr<>$Z5Ca87rP-mToY`Pdr>Pd}Ed%vK`ozWk{GC*F@^bDeuRdbkHW!fJabG?F?-t z04lE7VrvMy4Ybn48_;FWroY~z_*}>kWxKxKPO;#vaU>HlK7>{w?PPVur zQ^9oVTJ}TcqY4Koq$4CX3r_)d?fMpKun|b<&Cg_y2@+{WBU)R?A2lV?|p4t@r{SR>6B~CEZ>QErx$hN2K$2pGo<=r|2|=oilU+*b8)*SXbV9ni)DpRT$t5&%ZUW%O}c*o zZIaw&>T7`Q!Y63Lc(2D=o~we#9o~XEnhd}ww7)UqXe3HJ_>OS>0Im!Kt!O;lPBQRs zwHRY#HSn3|OXxHWsj$sl4PBJiYD@5B7H2!9jl$bTOU2VTTK{`Xp|Q!2s5K*g8S#B; zRQYw|k4DArI|HAWL)69V&6S|!Wy_;PIM3x?HcPG>tY^5uM4J4e!rMPXc?AHJP=vo% z{aY*H<#Z{Wh|$=>axqr2%BI!&-bALGm;ls4b+>+nC|LuB+8G2@<=|FL`d0AR#iYAI z?N!a!$rE-aLb<%iY?;UL`ZA*e0yPT(f2d%iXs%DG)CNr2FYWu;0s`*vc7~R!R>HAX z@W{@@C_~>zKhZXIjmVEmh>9=p8y6Zb?kY@?&n-GlEiNL{-H|`@D(h3rAXGc5 ziFd_qDl2LRsJM%mA8Md$tUH{~ZNoWaois|ngFC=@2_2220(cT@;@3j-r67BQA0#^B zag@pD4KPM)lJn`x$Lfv3a2emh_Si;`L$Q*g&oq61!CTXyj(-L`yBeH_qr^kC&^!J7 ziuZ}hU%xN972!Fqr-$U|3aWvhJWdT|nS-&~kTWOf8Jj+zrrNc?#pWMW>P(?P;<7$Q zd1~U(+nr2)uA-(i3ojvQr#HB?&P^N1gNMX8{-b9o zX>3<)Cj30&7P%lAd;7Mbn+}f#=^&7xm?m1t$@Ad90X(5)gj~_EqJg|TB?<|-9!d{6 z11*L?z8qtPsC@W88+7#xPb6TOO#QzA|D9F;ABpGx(l$+@O8iMyGy(D#`lvg=?mxO$ JsA?7VKL9kOL!$ry diff --git a/stable/pdn-node/templates/NOTES.txt b/stable/pdn-node/templates/NOTES.txt deleted file mode 100644 index b50ce6721..000000000 --- a/stable/pdn-node/templates/NOTES.txt +++ /dev/null @@ -1,13 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash diff --git a/stable/pdn-node/templates/_helpers.tpl b/stable/pdn-node/templates/_helpers.tpl deleted file mode 100644 index 8f051dd6e..000000000 --- a/stable/pdn-node/templates/_helpers.tpl +++ /dev/null @@ -1,101 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* - Expand the name of the chart. -*/}} -{{- define "pdn-node.name" -}} -{{- include "common.names.name" . -}} -{{- end -}} - -{{/* - Create a default fully qualified app name. - We truncate at 63 chars because some Kubernetes name - fields are limited to this (by the DNS naming spec). - If release name contains chart name it will be used as a full name. -*/}} -{{- define "pdn-node.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* - pdnnode liveness probe -*/}} -{{- define "pdn-node.livenessProbe" -}} -{{- printf "%s" "/api/v1/system/liveness" -}} -{{- end -}} - -{{/* - pdnnode startup probe -*/}} -{{- define "pdn-node.startupProbe" -}} -{{- printf "%s" "/api/v1/system/readiness" -}} -{{- end -}} - -{{/* - Return the proper pdnnode image name -*/}} -{{- define "pdn-node.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global "appVer" .Chart.AppVersion) }} -{{- end -}} - -{{/* - Return the proper init container image name -*/}} -{{- define "pdn-node.initContainers.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.initContainers.image "global" .Values.global) }} -{{- end -}} - -{{/* - Return the proper Docker Image Registry Secret Names -*/}} -{{- define "pdn-node.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.initContainers.image) "global" .Values.global) }} -{{- end -}} - -{{/* - Return podAnnotations -*/}} -{{- define "pdn-node.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* - Create the name of the service account to use -*/}} -{{- define "pdn-node.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "pdn-node.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* - Resolve pdnJoinKeySecretName value -*/}} -{{- define "pdn-node.pdnJoinKeySecretName" -}} -{{- if .Values.pdnJoinKeySecretName -}} -{{- .Values.pdnJoinKeySecretName -}} -{{- else -}} -{{ include "pdn-node.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* - Custom certificate copy command -*/}} -{{- define "pdn-node.copyCustomCertsCmd" -}} -echo "Copy custom certificates to {{ .Values.persistence.mountPath }}/etc/security/keys/trusted" -mkdir -p {{ .Values.persistence.mountPath }}/etc/security/keys/trusted - -for file in $(ls -1 /tmp/certs/* | grep -v .key | grep -v ":" | grep -v grep) -do - if [[ -f "${file}" ]]; then - cp -v "${file}" {{ .Values.persistence.mountPath }}/etc/security/keys/trusted/ - fi -done -{{- end -}} diff --git a/stable/pdn-node/templates/additional-resources.yaml b/stable/pdn-node/templates/additional-resources.yaml deleted file mode 100644 index c4d06f08a..000000000 --- a/stable/pdn-node/templates/additional-resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.additionalResources }} -{{ tpl .Values.additionalResources . }} -{{- end -}} diff --git a/stable/pdn-node/templates/hpa.yaml b/stable/pdn-node/templates/hpa.yaml deleted file mode 100644 index 17a19f1b5..000000000 --- a/stable/pdn-node/templates/hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "pdn-node.fullname" . }}-hpa - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ include "pdn-node.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- end }} -{{- end }} diff --git a/stable/pdn-node/templates/ingress.yaml b/stable/pdn-node/templates/ingress.yaml deleted file mode 100644 index 1e64bc1ba..000000000 --- a/stable/pdn-node/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http-server" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http-server" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/stable/pdn-node/templates/networkpolicy.yaml b/stable/pdn-node/templates/networkpolicy.yaml deleted file mode 100644 index b14e3676c..000000000 --- a/stable/pdn-node/templates/networkpolicy.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ include "pdn-node.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - {{- if not .Values.networkPolicy.allowExternal }} - - ports: - - port: 8088 - protocol: TCP - - port: 8089 - protocol: TCP - from: - - podSelector: - matchLabels: - {{ template "pdn-node.fullname" . }}-client: "true" - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- if .Values.networkPolicy.additionalRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/stable/pdn-node/templates/pdb.yaml b/stable/pdn-node/templates/pdb.yaml deleted file mode 100644 index 00b5a855d..000000000 --- a/stable/pdn-node/templates/pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "pdn-node.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/stable/pdn-node/templates/role.yaml b/stable/pdn-node/templates/role.yaml deleted file mode 100644 index 45ffe945a..000000000 --- a/stable/pdn-node/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "pdn-node.fullname" . }}-endpoint-reader - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] -{{- end }} diff --git a/stable/pdn-node/templates/rolebinding.yaml b/stable/pdn-node/templates/rolebinding.yaml deleted file mode 100644 index 043253f44..000000000 --- a/stable/pdn-node/templates/rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "pdn-node.fullname" . }}-endpoint-reader - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ template "pdn-node.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "pdn-node.fullname" . }}-endpoint-reader -{{- end }} diff --git a/stable/pdn-node/templates/secrets.yaml b/stable/pdn-node/templates/secrets.yaml deleted file mode 100644 index 4afb93940..000000000 --- a/stable/pdn-node/templates/secrets.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "pdn-node.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.pdnJoinKey }} - {{- if not .Values.pdnJoinKeySecretName }} - pdn-join-key: {{ .Values.pdnJoinKey | b64enc | quote }} - {{- end }} - {{- end }} - -{{- $extraSecretsPrependReleaseName := .Values.extraSecretsPrependReleaseName }} -{{- range $key, $value := .Values.extraSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - {{- if $extraSecretsPrependReleaseName }} - name: {{ $.Release.Name }}-{{ $key }} - {{- else }} - name: {{ $key }} - {{- end }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -stringData: {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 2 }} -{{- end }} diff --git a/stable/pdn-node/templates/serviceaccount.yaml b/stable/pdn-node/templates/serviceaccount.yaml deleted file mode 100644 index 905c66efc..000000000 --- a/stable/pdn-node/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "pdn-node.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -secrets: - - name: {{ include "pdn-node.fullname" . }} -{{- end }} diff --git a/stable/pdn-node/templates/servicemonitor.yaml b/stable/pdn-node/templates/servicemonitor.yaml deleted file mode 100644 index 377296423..000000000 --- a/stable/pdn-node/templates/servicemonitor.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "pdn-node.name" . }}-metrics-service - namespace: {{ .Values.serviceMonitor.kubePromFullName }} - labels: - app: {{ .Values.serviceMonitor.kubePromApp }} - release: {{ .Values.serviceMonitor.kubePromFullName }} - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.serviceMonitor.jobLabel }} - endpoints: - - path: /api/v1/metrics - honorLabels: true - honorTimestamps: false - interval: {{ .Values.serviceMonitor.interval }} - scheme: http - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} - port: {{ .Values.serviceMonitor.port }} - targetPort: {{ .Values.serviceMonitor.targetPort }} - tlsConfig: - insecureSkipVerify: true - namespaceSelector: -{{ toYaml .Values.serviceMonitor.namespaceSelector | indent 4 }} - selector: -{{ toYaml .Values.serviceMonitor.selector | indent 4 }} -{{- end }} diff --git a/stable/pdn-node/templates/statefulset.yaml b/stable/pdn-node/templates/statefulset.yaml deleted file mode 100644 index 43760363a..000000000 --- a/stable/pdn-node/templates/statefulset.yaml +++ /dev/null @@ -1,238 +0,0 @@ -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "pdn-node.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.statefulsetLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.statefulsetLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - serviceName: {{ template "pdn-node.fullname" . }}-headless - podManagementPolicy: {{ .Values.podManagementPolicy }} - replicas: {{ .Values.replicaCount }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - systemYaml/checksum: {{ include (print $.Template.BasePath "/system-yaml.yaml") . | sha256sum }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.extraSecrets }} - checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if or .Values.podAnnotations }} - {{- include "pdn-node.podAnnotations" . | nindent 8 }} - {{- end }} - spec: - {{- include "pdn-node.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "pdn-node.serviceAccountName" . }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" .) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - initContainers: - - name: 'copy-system-yaml' - image: {{ include "pdn-node.initContainers.image" . }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy | quote }} - {{- if .Values.initContainers.containerSecurityContext }} - securityContext: {{- toYaml .Values.initContainers.containerSecurityContext | nindent 12 }} - {{- end }} - {{- if .Values.initContainers.resources }} - resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.persistence.mountPath }}/etc; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.persistence.mountPath }}/lost+found - {{- if or .Values.pdnJoinKey .Values.pdnJoinKeySecretName }} - echo "Copy pdnJoinKey to {{ .Values.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.persistence.mountPath }}/etc/security; - echo -n ${PDN_JOIN_KEY} > {{ .Values.persistence.mountPath }}/etc/security/pdn_join.key; - {{- end }} - env: - {{- if or .Values.pdnJoinKey .Values.pdnJoinKeySecretName}} - - name: PDN_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-node.pdnJoinKeySecretName" . }} - key: pdn-join-key - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if .Values.customCertificates.enabled }} - - name: 'copy-custom-certificates' - image: {{ include "pdn-node.initContainers.image" . }} - {{- if .Values.initContainers.containerSecurityContext }} - securityContext: {{- toYaml .Values.initContainers.containerSecurityContext | nindent 12 }} - {{- end }} - {{- if .Values.initContainers.resources }} - resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - | - {{ include "pdn-node.copyCustomCertsCmd" . | nindent 14 }} - volumeMounts: - - name: ca-certs - mountPath: "/tmp/certs" - - name: data - mountPath: {{ .Values.persistence.mountPath | quote }} - {{- end }} - containers: - - name: pdn-node - image: {{ template "pdn-node.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- end }} - {{- with .Values.lifecycle }} - lifecycle: -{{ toYaml . | indent 12 }} - {{- end }} - env: - - name: JF_PDNNODE_JOINKEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-node.pdnJoinKeySecretName" . }} - key: pdn-join-key - - name: POD_LOCAL_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: JF_PDNNODE_SELFGRPCADDRESS - value: "{{ tpl .Values.selfGrpcAddress . }}" - - name: JF_PDNNODE_SELFHTTPADDRESS - value: "{{ tpl .Values.selfHttpAddress . }}" - - name: JF_PDNNODE_PDNSERVERURL - value: "{{ .Values.pdnServerUrl }}" - - name: JF_PDNNODE_PDNSERVERINITIALCONNECTIONURL - value: "{{ .Values.pdnServerInitialConnectionUrl }}" -{{- with .Values.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 12 }} -{{- end }} - ports: - - name: secure-grpc - containerPort: 8088 - - name: http-server - containerPort: 8089 - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.startupProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.livenessProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: systemyaml - secret: - secretName: {{ default ( default (printf "%s-%s" (include "pdn-node.fullname" .) "systemyaml") ) .Values.systemYamlOverride.existingSecret }} - {{- if .Values.persistence.volumes }} - {{- toYaml .Values.persistence.volumes | nindent 8 }} - {{- end }} - {{- if .Values.customCertificates.enabled }} - - name: ca-certs - secret: - secretName: {{ .Values.customCertificates.certificateSecretName }} - {{- end }} - {{- if not (contains "data" (quote .Values.persistence.volumes)) }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: - sizeLimit: {{ .Values.diskSize }} - {{- else if .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - {{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.diskSize | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} - {{- end }} diff --git a/stable/pdn-node/templates/svc.yaml b/stable/pdn-node/templates/svc.yaml deleted file mode 100644 index b05879bed..000000000 --- a/stable/pdn-node/templates/svc.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "pdn-node.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }} - {{- end }} - {{- if or (.Values.service.annotations) (.Values.commonAnnotations) }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end -}} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end -}} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if eq .Values.service.type "LoadBalancer" }} - {{- if not (empty .Values.service.loadBalancerIP) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - ports: - - name: secure-grpc - port: 8088 - targetPort: secure-grpc - - name: http-server - port: 8089 - targetPort: http-server - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/stable/pdn-node/templates/system-yaml.yaml b/stable/pdn-node/templates/system-yaml.yaml deleted file mode 100644 index 72b279a78..000000000 --- a/stable/pdn-node/templates/system-yaml.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not .Values.systemYamlOverride.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "pdn-node.fullname" . }}-systemyaml - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.systemYaml . | indent 4 }} -{{- end }} diff --git a/stable/pdn-node/values.yaml b/stable/pdn-node/values.yaml deleted file mode 100644 index a9d965e4f..000000000 --- a/stable/pdn-node/values.yaml +++ /dev/null @@ -1,674 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, -## including dependencies, configured to use the global value - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global PVC Storage Class for data volume -global: - ## Docker image registry, default: releases-docker.jfrog.io - imageRegistry: "" - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## imagePullSecrets: - ## - myRegistryKeySecretName - imagePullSecrets: [] - ## PVC Storage Class for pdnnode data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, - ## choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) - storageClass: "" -## PDN Join key value generated in the Artifactory node and used for establishing a connection -## between the PDNs to the PDN Server. You can copy the key from JFrog UI under -## Admin -> User Management -> Settings -> PDN Access Token -> Join Key -## IMPORTANT: You MUST NOT use the example pdnJoinKey for a production deployment! -pdnJoinKey: "aa34bd4dc7902a65f14900fc47ec6b5a" -## Alternatively, you can use a pre-existing secret with a key -## called join-key by specifying pdnJoinKeySecretName -pdnJoinKeySecretName: "" -## PDN Server URL on which the PDN Server accepts insecure gRPC connections. -## Note: .Values.pdnServerInitialConnectionUrl value will be injected as environment variable -## so it will take precedence over .Values.systemYaml.pdnNode.pdnServerInitialConnectionUrl -## Example: -## abcdefg-1234567.us-east-1.elb.amazonaws.com:8093 -## pdn-server.us-east-1-prod.svc.cluster.local:8093 -pdnServerInitialConnectionUrl: "pdn-server:8093" -## PDN Server application settings -## URL on which the PDN Server accepts secure gRPC connections. -## Note: .Values.pdnServerUrl value will be injected as environment variable -## so it will take precedence over .Values.systemYaml.pdnNode.pdnServerUrl -## Example: -## abcdefg-1234567.us-east-1.elb.amazonaws.com:8095 -## pdn-server.us-east-1-prod.svc.cluster.local:8095 -pdnServerUrl: "pdn-server:8095" -## The PDN gRPC server settings -## gRPC address to expose for other PDNs node. -## The address MUST be unique as we use it as node id -## $(POD_LOCAL_IP) will be replaced with pod local ip adderess. -## Note: selfGrpcAddress value will be injected as environment variable -## so it will take precedence over .Values.systemYaml.pdnNode.selfGrpcAddress -## Example: -## selfGrpcAddress: "abcdefg-1234567.us-east-1.elb.amazonaws.com:8088" -selfGrpcAddress: "$(POD_LOCAL_IP):8088" -## The PDN http(s) server settings -## HTTP address to expose for external clients. -## The address MUST be accessible to a clients -## Note: selfHttpAddress value will be injected as environment variable -## so it will take precedence over .Values.systemYaml.pdnNode.selfHttpAddress -## Example: -## selfHttpAddress: "https://abcdefg-1234567.us-east-1.elb.amazonaws.com:443" -## selfHttpAddress: "http://nginx-ingress.pdn-node.svc.cluster.local:8089" -selfHttpAddress: 'http://{{ include "pdn-node.fullname" . }}:8089' -## @param diskSize Storage limit for PDN Node data volume -## Must be aligned with dynamic config value `pdnNode.maximumMbToKeep` -diskSize: 64Gi -## PDN Node system configuration file -## Ref: https://www.jfrog.com/confluence/display/JFROG/Advanced+Private+Distribution+Network+%28PDN%29+Configurations -systemYaml: | - pdnNode: - disableBasicAuth: true - http: true - logLevel: info - metrics: - enabled: true -## PDN Node systemYaml override -## This is for advanced usecases where users wants to provide their own systemYaml -## Ref: https://www.jfrog.com/confluence/display/JFROG/Advanced+Private+Distribution+Network+%28PDN%29+Configurations -## Note: This will override existing (default) .Values.systemYaml in values.yaml -## Alternatively, systemYaml can be overidden via customInitContainers using external sources -## like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is: -## 1. customInitContainers -## 2. systemYamlOverride.existingSecret -## 3. default systemYaml in values.yaml -systemYamlOverride: - ## You can use a pre-existing secret by specifying existingSecret. - existingSecret: "" - ## The dataKey should be the name of the secret data key created. - dataKey: "" -## If enabled certificates added to this secret will be copied -## to $JFROG_HOME/pdnnode/var/etc/security/keys/trusted directory -customCertificates: - enabled: false - certificateSecretName: "" -## pdnnode containers' resource requests and limits -## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for pdnnode containers -## @param resources.requests The requested resources for pdnnode containers -resources: {} -## limits: -## cpu: "1" -## memory: "2Gi" -## requests: -## cpu: "1" -## memory: "2Gi" - -## @param extraEnvironmentVariables that can be used to tune pdnnode to your needs. -## Example: -## extraEnvironmentVariables: -## - name: POD_LOCAL_IP -## valueFrom: -## fieldRef: -## fieldPath: status.podIP -extraEnvironmentVariables: -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts -## Examples: -## extraVolumeMounts: -## - name: extras -## mountPath: /usr/share/extras -## readOnly: true -## -extraVolumeMounts: [] -## @param extraSecrets Optionally specify extra secrets to be created by the chart. -## This can be useful when combined with load_definitions to automatically create -## the secret containing the definitions to be loaded. -## Example: -## extraSecrets: -## load-definition: -## load_definition.json: | -## { -## ... -## } -## -extraSecrets: {} -## @param extraSecretsPrependReleaseName Add release-name to a secret name -## Set this flag to true if extraSecrets should be created with prepended. -## -extraSecretsPrependReleaseName: false -## Specify common probes parameters -probes: - timeoutSeconds: 5 -## The following settings are to configure the frequency of the liveness and readiness probes -livenessProbe: - enabled: true - config: | - exec: - command: - - sh - - -c - - curl -k -s --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:8089{{ include "pdn-node.livenessProbe" . }} - initialDelaySeconds: {{ if semverCompare " - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, - ## choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) - storageClass: "" - ## @param persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - selector: {} - ## @param persistence.accessMode PVC Access Mode for pdnnode data volume - accessMode: ReadWriteOnce - ## @param persistence.existingClaim Provide an existing PersistentVolumeClaims - ## The value is evaluated as a template - ## So, for example, the name can depend on .Release or .Chart - existingClaim: "" - ## @param persistence.mountPath The path the volume will be mounted at - ## Note: useful when using custom pdnnode images - mountPath: /var/opt/jfrog/pdnnode - ## @param persistence.subPath The subdirectory of the volume to mount to - ## Useful in dev environments and one PV for multiple services - subPath: "" - ## @param persistence.volumes Additional volumes without creating PVC - ## - name: volume_name - ## emptyDir: {} - volumes: [] - ## @param persistence.annotations Persistence annotations. Evaluated as a template - ## Example: - ## annotations: - ## example.io/disk-volume-type: SSD - annotations: {} -## @section Exposure parameters -## Kubernetes service type -service: - ## @param service.type Kubernetes Service type - type: ClusterIP - ## @param service.extraPorts Extra ports to expose in the service - ## E.g.: - ## extraPorts: - ## - name: new_svc_name - ## port: 1234 - ## targetPort: 1234 - extraPorts: [] - ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is `LoadBalancer` - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - loadBalancerSourceRanges: [] - ## @param service.externalIPs Set the ExternalIPs - externalIPs: [] - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - externalTrafficPolicy: Cluster - ## @param service.loadBalancerIP Set the LoadBalancerIP - loadBalancerIP: "" - ## @param service.labels Service labels. Evaluated as a template - labels: {} - ## @param service.annotations Service annotations. Evaluated as a template - ## Example: - ## annotations: - ## service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 - annotations: {} - ## @param service.annotationsHeadless Headless Service annotations. Evaluated as a template - ## Example: - ## annotations: - ## external-dns.alpha.kubernetes.io/internal-hostname: pdnnode.example.com - annotationsHeadless: {} -## @section pdn-node ingress parameters -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for pdn-node - ## - enabled: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: pdnnode.local - ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate auto-generation, place here your cert-manager annotations. - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: pdnnode.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - pdnnode.local - ## secretName: pdnnode.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set, and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set, and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: pdnnode.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## Network Policy configuration -## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the ports PDN is listening on. - ## When set to true, integration will accept connections from any source - ## (with the correct destination port). - allowExternal: true - ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set. - ## Note: All rules are OR-ed. - ## Example: - ## additionalRules: - ## - matchLabels: - ## - app.kubernetes.io/name: pdn-node - ## - matchExpressions: - ## - key: app.kubernetes.io/name - ## operator: In - ## values: - ## - pdn-node - additionalRules: [] -## @section Init Container Parameters -## Init Container parameters -initContainers: - ## Add init containers to the pdnnode pod - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## pullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## @param initContainers.image.registry Init container volume-permissions image registry - ## @param initContainers.image.repository Init container volume-permissions image repository - ## @param initContainers.image.tag Init container volume-permissions image tag - ## @param initContainers.image.pullPolicy Init container volume-permissions image pull policy - ## @param initContainers.image.pullSecrets Specify docker-registry secret names as an array - image: - registry: releases-docker.jfrog.io - repository: ubi9/ubi-minimal - tag: 9.2.484 - ## Specify an image PullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - pullSecrets: [] - ## Init Container resource requests and limits - ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param initContainers.resources.limits The resources limits for Init containers - ## @param initContainers.resources.requests The requested resources for Init containers - resources: {} - ## limits: - ## cpu: "1" - ## memory: "1Gi" - ## requests: - ## cpu: "10m" - ## memory: "50Mi" - - ## @param containerSecurityContext init containers' Security Context - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## Example: - ## containerSecurityContext: - ## capabilities: - ## drop: ["NET_RAW"] - ## readOnlyRootFilesystem: true - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true -## @param sidecars Add sidecar containers to the pdnnode pod -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## pullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecars: [] -## All values are under the 'nginx' sub chart. -nginx: - enabled: false - image: - registry: releases-docker.jfrog.io - repository: bitnami/nginx - tag: 1.23.2-debian-11-r2 - containerPorts: - http: 8089 - service: - loadBalancerSourceRanges: [] - ports: - http: 8089 - serverBlock: |- - upstream backend { - server pdn-node:8089; - } - - server { - server_name _; - listen 0.0.0.0:8089 default_server; - - location / { - proxy_pass http://backend; - } - } -## Allows to add additional kubernetes resources -## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml -additionalResources: "" -## @section Common parameters -## @param nameOverride String to partially override pdnnode.fullname template (will maintain the release name) -nameOverride: "" -## @param fullnameOverride String to fully override pdnnode.fullname template -fullnameOverride: -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -kubeVersion: "" -## @param clusterDomain Kubernetes Cluster Domain -clusterDomain: cluster.local -## @param hostAliases Adding entries to a Pod's /etc/hosts file -## For an example, refer - https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ -## If you do want to specify additional aliases, uncomment the following lines, -## adjust them as necessary, and remove the square braces after 'hostAliases:'. -hostAliases: [] -## - ip: "127.0.0.1" -## hostnames: -## - "foo.local" -## - "bar.local" -## - ip: "10.1.2.3" -## hostnames: -## - "foo.remote" -## - "bar.remote" - -## @param commonAnnotations Annotations to add to all deployed objects -commonAnnotations: {} -## @param command Override default container command (useful when using custom images) -command: [] -## @param args Override default container args (useful when using custom images) -args: [] -## @param terminationGracePeriodSeconds Default duration in seconds k8s waits for container to exit before sending kill signal. -## Any time in excess of 10 seconds will be spent waiting for any synchronization necessary for cluster not to lose data. -terminationGracePeriodSeconds: 120 -## @param podLabels pdnnode Pod labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -podLabels: {} -## @param podAnnotations pdnnode Pod annotations. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -podAnnotations: {} -## @param statefulsetLabels PDN Node statefulset labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -statefulsetLabels: {} -## @param priorityClassName Name of the priority class to be used by pdnnode pods, priority class needs to be created beforehand -## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## We recommend to use the value `hard` to run one pod per node -podAntiAffinityPreset: hard -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods -topologySpreadConstraints: [] -## @param serviceMonitor Declaratively specifies how groups of Kubernetes services should be monitored. -## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md -serviceMonitor: - enabled: false - interval: 30s - jobLabel: pdnnode-metrics - port: http-server - targetPort: 8089 - scrapeTimeout: 15s - kubePromApp: "" - kubePromFullName: "" - namespaceSelector: - any: true - selector: - matchLabels: - app: pdnnode diff --git a/stable/pdn-server/.helmignore b/stable/pdn-server/.helmignore deleted file mode 100644 index c13e3c8fb..000000000 --- a/stable/pdn-server/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj \ No newline at end of file diff --git a/stable/pdn-server/CHANGELOG.md b/stable/pdn-server/CHANGELOG.md deleted file mode 100644 index 79ad7da4a..000000000 --- a/stable/pdn-server/CHANGELOG.md +++ /dev/null @@ -1,71 +0,0 @@ -# JFrog PDN Server Chart Changelog -All changes to this chart will be documented in this file. - -## [101.8.4] - Jun 21, 2023 -* Request metrics via router -* Aligned router port name -* Aligned serviceMonitor scheme -* Bump router version to 7.67.0 - -## [101.7.6] - May 25, 2023 -* Updated base image `ubi9/ubi-micro:9.2.5` -* Updated initContainerImage `ubi9/ubi-minimal:9.2.484` -* Changed podAntiAffinityPreset default value to hard -* Added ServiceMinotor object - -## [101.7.3] - May 09, 2023 -* Added checksum annotation to pod to auto-restart upon change to system.yaml -* Fixed HPA template issue - -## [101.7.2] - May 07, 2023 -* Upgraded common chart dependency up to 0.0.6 -* Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1829` -* Fixed network policy template issue - -## [101.6.4] - Mar 06, 2023 -* Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1793` -* Removed unused global values -* Added `logLevel` option to systemYaml.pdnServer -* Added Bitnami nginx sub chart -* Unify system.yaml - -## [101.5.5] - Jan 17, 2023 -* Aligned variables name with JFrog Platform helm chart -* Updated initContainerImage to `ubi8/ubi-minimal:8.7.1049` -* Aligned network policy with Artifactory helm chart - -## [101.5.1] - Jan 06, 2023 -* Aligned values.yaml parameters between node and server charts -* Replaced readinessProbe with startupProbe - -## [101.5.0] - Dec 26, 2022 -* Renamed common chart to jfrog-common to avoid conflicts with Bitnami common chart -* Changed selfAddress value from localhost:8095 to pdn-server:8095 - -## [101.3.6] - Dec 7, 2022 -* Upgraded Filebeat version up to 7.17.7 -* Added additionaResorces and hostAliases - -## [101.3.5] - Dec 1, 2022 -* Upgraded common chart dependency up to 0.0.4 -* Added containerSecurityContext to initContainers -* Updated fsGroup/runAsUser to 11055 to avoid host conflict -* Increased persistence storage size up to 16 Gb -* Updated initContainerImage to `ubi8/ubi-micro:8.7.1` - -## [101.3.4] - Nov 22, 2022 -* Updated chart to use jfrog common chart as dependency hence the prefix of `pdnServer.` is no more required when setting any flags -* Updated router version to 7.51.0 and observability to 1.12.0 -* Removed unused parameters from values.yaml -* Added resources requests and limits to initContainers - -## [101.1.3] - Aug 2, 2022 -* Updated router version to 7.45.0 -* Use an alternate command for `find` to copy custom certificates -* Updated initContainerImage and logger Image to `ubi8/ubi-minimal:8.6-854` -* Added `.Values.pdnServer.openMetrics.enabled` flag to enable metrics (defaults to `false`) -* Added flag `pdnServer.schedulerName` to set for the pods the value of schedulerName field [GH-1606](https://github.com/jfrog/charts/issues/1606) -* Updated Observability version to `1.9.3` - -## [101.0.0] - May 04, 2022 -* Initial support for Jfrog PDN Server diff --git a/stable/pdn-server/Chart.lock b/stable/pdn-server/Chart.lock deleted file mode 100644 index c0bc5a6dd..000000000 --- a/stable/pdn-server/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: jfrog-common - repository: https://charts.jfrog.io/ - version: 0.0.6 -- name: nginx - repository: https://charts.jfrog.io/ - version: 13.2.13 -digest: sha256:e66497241d7d5eaefd6561077d1e18aaa82644184ab29d5a817a273ff04a97f0 -generated: "2023-05-06T22:58:29.56475+03:00" diff --git a/stable/pdn-server/Chart.yaml b/stable/pdn-server/Chart.yaml deleted file mode 100644 index 92f7f5b36..000000000 --- a/stable/pdn-server/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -appVersion: 1.8.4 -dependencies: -- name: jfrog-common - repository: https://charts.jfrog.io/ - version: 0.0.6 -- condition: nginx.enabled - name: nginx - repository: https://charts.jfrog.io/ - version: 13.2.13 -description: Universal Repository Manager supporting all major packaging formats, - build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/pdn-node-logo.png -keywords: -- pdnserver -- jfrog -- devops -kubeVersion: '>= 1.19.0-0' -maintainers: -- email: dev-distribution-pdn@jfrog.com - name: Chart Maintainers at JFrog -name: pdn-server -sources: -- https://github.com/jfrog/charts -type: application -version: 101.8.4 diff --git a/stable/pdn-server/LICENSE b/stable/pdn-server/LICENSE deleted file mode 100644 index 8dada3eda..000000000 --- a/stable/pdn-server/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/stable/pdn-server/README.md b/stable/pdn-server/README.md deleted file mode 100644 index 15a075163..000000000 --- a/stable/pdn-server/README.md +++ /dev/null @@ -1,27 +0,0 @@ - -# PDN-node - - -## TL;DR - -```bash -$ helm repo add jfrog https://charts.jfrog.io -$ helm install my-release jfrog/pdn-server -``` - -## Introduction - - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release jfrog/pdn-server -``` - diff --git a/stable/pdn-server/ci/default-values.yaml b/stable/pdn-server/ci/default-values.yaml deleted file mode 100644 index 6d1d665f7..000000000 --- a/stable/pdn-server/ci/default-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. - -pdnServerUrl: pdnserver-pdn-server:8095 -pdnNodeJoinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE diff --git a/stable/pdn-server/logo/pdn-node-logo.png b/stable/pdn-server/logo/pdn-node-logo.png deleted file mode 100644 index 686b9deccd949430a1018036a97699008002f015..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16756 zcmeHvS5Ons*Jl8+fPfVQ1XLh&P-!AnEEob(r8nsv4H$Y=K$N115JN`-2uQD?BTWPX zhTc(13{?q5`ri28{bu&<+lSq!WrhJVx14s*Irp63B})5|8WRHt0|WwLf<3&a3xUuY zQNK?f2cI<9f0zJ2PCb2S>;tJnX%^pCIfY-rnBgPVO$A zHcy_~iF+U%l2#QsAdo8%*u6XYKFQ0I{>c+|zK4I74hgGJ8WiM|AnVyX;OmqL9Sq6r z|CRPEi}|C+zh7<+I2Ra$qSaO2eEjI61UdDR z?q&5? z(`+JqNMqmzM+o~zFyL61jJb~nX>LFm)A&^PThe=tz5BW)M+}bIfVPviWF|Q2`AX_E zns4ii7h>HSQ^VKuH#+5=TL>9-Ls zsPigrI>nH5=AeU9P5$KvH$Ay5m&#N$g&|yZZh^-<(gv3fO_oKUOG>@Bt@SW@l4?^Bwf5;OTU{Sv+6wq2`lAlps8#cidb zh3i%AF)-)315M>mb8obwxoDf3OTy??Q18VY;!q0;aHlcevQ!~5c_FoW<7<_5N&+rT zR1PsqZ1R z>#Kf=o##gzP|sfF{TXpa?R+xpjqjvuEx@|&gsH*Nn40m6x!I|sW@LWsw-R2+t@3Q2 z+T-amyRsWRwKsV7WPzEbTj3rqx3sbXKrg_^^H`}0Sh4>PiX4x4tVU|DqIi70x0jug2^a1ry%^15RDz)BL2(=$4rg?kv?_E=4&&o>JSuRYGU z#!&tsaM8A1Nt8^y(!a&4Ja*JA^`~oI)=XII(a5%P?Wl|)m&qb^I(^*9P^h8c#Yg!j z>*tKubvtJZMm{utL~-tHYtNR>#|yxNa%(ND*ZWm_VjS}_6UE(M#j8Rh?={mV_BGXn z%CQizeyP}lcevFNU+z)?G_+B9tn5edk{r$fN5bW5tWTp720S0p?K<;Y1{f@#fiP>G zlZS+~R9V-pl}y?ktc@sE?Mh1SNk~7!qj2~^zJrMdO8H{Wfaz{-=aR`!j(1%n!SqsR zx2$M1t=fEg^$HT}+Vg7E*X2qmms`>Ak%9M!^P87{%IpYl7Xk(3qj6C=53(1Xv-;->2MPQybB&Rduww-eE z6A?Vao)0T0D5Bf86SzV!SEY8|k2K{gKi!;xQ!%?Bn$EnQc|g+dQ6@ez#9x-76!BEe z|FUxtHbuU@RziiiUuJ9ry=oaJNbc~y^EQ@<>SuBmF)!Da!wgMoivJP#k7R-Rk5mT zS@WYA*L%3f*O*NU?KL^H=R$+Ju6bOfqwT7a;M%T1<%GBKvZzY!6MDuES^r_t^ZWF- z%?CQ4vzsfSN;~BxUq&Pr<@ilk{a>5O=JqJzcjPr(BnKA?R;|m`8?iiK6K!avN!h(E8(5P0Sh8S!o13#IuSYf^ zq0Do#wvdEQX?*7Jvj*{5yY4FTO!`IOY@NO)_@_audf~UFkqK|j)HQ1~-7iYUqrDbu zzNdcow;?4Krt0A?_XI2&sRr!$YyjakW@J8D=3q%xX=epESF}^93Nup_I>KU znF2k4EsJh$^a&3ZAP(ZNLkX0&o)XDHII?_ug@r38^oSyF7KiS71Xw-BE z1d(JZEUaPV%N{aMJSK6+;pU*1TkU5n+pbaO?Lr-NHQ&w?v&4ruS+Ll48-Z3zo`Ll# zWHKwhx0vss6nEa*A@@bmw|z-n5=j{U+`EnWe9L;wfq-rHJ}WFPHYJND&_w1>sd{0l z01%Wh5Y)lfguTNia~_Wp-bi7V!-oD$AjM{y zT)_-AAX>{M_qEC)yt;E4jAu&HnW0K7Y znnWggMxU=Ui_L{%Z;<=7-If>R;Y`an$u=;Pz$3@rUtD0S6vnP&w=kakaYTn>KpbuU zn7|TDRVP-v7y=tbYzgipOTa8%rPw7@epo($-QEmEjuu-m{!7X_=H|puj{tvn@Mgir zLKmjFfkZ_GjU4^Mb)S6KM;SX1C2btALYN@I;acdzN?k-ph$LEUJ5{7=iLWOrB})gt z(eNjRbdVbnK^!p-d7##;YHHe0a`e*no9qWKgJn_44N2?~rEZezsPZsu)88i22?^X) zkyQT)8p5MxHgdE(0jkqIsHx`|(vC*_W^$GR(-WusKf>40QtXbapRxPp1Gn4#ANW0@dP6=ye)z>% zMXjJ;B{R=T$}Yc#=XOskk4kSxs~7&w8u1+)tyAnw!*5jh_1@6(Hi%Ao;sB+$?%iAMDRq-l1!_#{a^HP za5v|&MZ81r#sFBqKMv#_8^aGPSPSsa4`& z&r{{>uGL=;a}0iyRm;HU@jFh1urMV7C*-8^_)U^#4?CPa!X zx-~F7-|pAzJ*vi^VzG4k`ESk9dzGmC2_E^AXW%W3oV51V|LzzXnnA`)7KIvzorN&5 z3^VD5Z`qWopSmSOMN0{>T!i6x3h!_iG!?q-T|My2a4=bHZR{;bpkH$xdli0Bv^=?a z@C8=vO;zw6s#Cq(I=Sli$0ws&33=vngKF;YPq}=aZ(wn`gDyxMIX5en$dW@*-1*)R zFu0KhmEIEA*5IWe9SokuoF6+YV&o`i%I0zOmZRDXUtTiyL@UQkIt@73+8!dDUvuym zf3U(Nf*)oR{?o`oS`l8TH7KYSSnbD?EWde5&ST+w5I8PElQ#9iE5yMP&&wgT%PIEf z!!<=Bf-lOSw$Db1m3BJ5VL!w~rby{2sz4T0}E8ZgpN9tX$)7Xlf-~att>rHRM zUg}(7FV<_w)iU2=Vl(fL>YuwH)6S5ZP`=lsaY0?A7qx_rF)rNSigqAmm{puXd+YaO z)N4Fhi+<{H2@hX;#BaF28fNa9@NFg0q|QR|137T#`&0uUM%$=awI7(`8|vB9xXq7D zP($Q8$~+U|G4#+3Cw?o-Mr}Mm$9`z83a&*-C}j;{5jKGm-sA(+ZI^>F>EeFduCARQ z9_`Gu1EwwY<0rChI(y)^b5PyEvex*UWXm3?IL@r1@OvuLk;_6+%6HkMVcX5cci(n? zM%uyBaAKQ22gZqM--^r|o~8dN`b=y8CM-M~IS_k)P1foD^5wYecEtRyou6s?hAd8Q~DkM_87C0wZvQXpNu)0}xL~VtIr2RJ>8kM`~P&V(X22u(|o#MXo8W8eb ziCs1%pO^L7b3~B4G>_alqg}ck-!CdT=xk`1^~i}2==`}dIdOd+aiFD0>V66H-IiN> zl|uJPfPpnpmwJuGHYy`y)vBlUmc&T1``*h}PUfTXmvuhE`P`JdJ@A_~^OmCqy&5R} zWr@|>t5e~<&vJh-GEG24=q#Kk-%8`otYGU@I6qzqO18!eV*zffe zOn}G8^@`hSG}4__FnAiM{3mx6Yvvs`RPK3LA1prl{KRe`26|fnO?Mci7*Ae#WSOnxMfx*WC2tB&6mNDy3Hl@3 zI{2C4R}B_f3&BF^tX?PF(({SH>mbud0jo0sQA9`-?+bH~&JFq)x@A5o)HNrJ-&Bs{ zIu?_IGCiWS9?U{tiu_esp zoP3AU;dx`?UHq5k=!*|t+wYD~AEZc)9N&JCJEuM@q-mfÍ=H}<_t50Nv0@P_Ny zCwc}}4h#3s9#I;>?DCO(_zk!*)U?y>@3Uo5$AI`hl*31*KOzr^g|n5HDHV>P+)wHp zT4JJ>uED-@8!LU$TUf>R?ie|qnz;WeLZ;Z=im-|wOyVEhCseYJh*Lz%Na0%G`+oRSTU34-H!;<6^#C6z9~HZ8qtzPjCX>k5+>mmd`Y~ z{(g0a$?55))v)55wZ@98%on8VKZ7fn6!LUA1k=epi`#xx)3JLvfb;GkT`+^+kp#yopKk2-_YT{_z|RTeNPRdx0Sxz zGX2iIbM)<*DQklqlHp1@qVO*imKK|Gx3uHA#*>7pP5~_;l55n*3>( zrx0(eDecUBZCAHM!iLJ6APFha_#^I`10*{fZ1G(VPm+7r{IrKrXW~uzp+;-y~^l)xA2K zZA-RGGWa}w?gm|7pD_NL{@4=?tVYE8bQ#})fLx?)<{zEnGng*XKh=>OHB-&fx0*8C zOm6Ip7$fkw4(zk;f({E`a0aKq4^M`j}@Q?IQYd5R?*$&;xcT~{1b29oG&$d;w z*1efObAC84N%vIng6KWTYQO8Vt9Q@xE^Er?85ZDed+xQKR_TA1tt(PivU6mhzYC$hj8r`|=-#HG{i_SvfA!Gd7C>$C6Wf-=E~P-pC2+ZM;JP>2@C! zX1OE`acbdEu@U)>BdK=R8ErwMlkSHE8%t{(4#jG z``6YI*Bf6;aXR_}S6(&Gy@bY7^0D16*Lsd`0W-G(>SFwu;%}z}qRiBJJDENxl+?Y) zi3wu2sjRh#7jv+&xWuv#tR?K35JBnGus4#>xb{NFp3ZG<*KTI8w#1N-Cw5lcG3w)m(&v3TB)-^#p2&Uj&mVE{P)QVq65Qy z+Nf_998VCBvwd>lbZ+i8-hb5W4}YA@)O5c*8uClf=u`fxo$Q5=mqiy%^g1s#at4Tp zO#ezOZbX-h?AtcxIp7?g{KYpNWmshtqN2^Yo_x;XA}infz&P{d^+B7z?XLFA?`oRQ zN334rn>@6OwPi;U$dX!R`M*}fY%)lUJEIa?)7n@4{51r*dFF*8Uih!Z%oDI{TKUp_ z)WWgUMfLqPy53_?A=DB?(zx0etu2ZnaBw&F&8&DBSQpzhB~B|1lxKik<-u<}g!$80 zuJ^++E}zf*x#sLX(BGVZ$@`TP+ZWIT2F2lgKdoO_2(x?t>mQb|-Fv^A3-hI@diW{&z6Og@B`A4+`h$rOkHyn0bXrH_q*Mpq?+PV5FEG&G?6WcA$q$K-Yx$BE% zFU?Hf1OK6EalOB?D!FB&TsnY1&z+KndDJ6jg{@WJTFEpfh4W1tbrKsYvWgy7lTBfL zo-_=s&V|kl4SsgSjv>q9Adg>wYD>HQy632%Gl*=M+A=mtNnlPx1;p(kGke`%WknM` zN~}K65Hbgc`utXCpN(D?TV(1fu$kVddhZ(i_Kn{oKh)iC{i?NwNJ`2%5Y#~UM&=cm zRUik?K5_UssZ*?NnoDo_+B*)BAsWJ79W+`Yueq!76$|D1)AY{YPnB>CNL-B3wAies z1Jzk^)q(ayN-J-26n_Z|;~g+tGMw1Nj(WtRuvHdsW+(hx15$Q9L1Id9c>6BFi$DLk zA&b2#;hsN8ckJ^F>aYCmliJb$jfL2E%-OU4T`QEBs`-0p2PjDaYsqIHrc=zOd4SDs zrc2Tcy!2g|We6&*{o|y1>~6EFrozUll)g1)o8?)EHXSuvd{=&BPQ!tRl@ zWlEe#zk5DV>6Zee!fw}gCMwSI#?)SGljQeoz{V*weW1dx^>L5`c;6))(>CSOBa_S% zPs&N^RhWJCb+iNq@oGCf+1}mqv>c1dO1vL@yhn-~kzEVi15mNCX~VObTiDbK2>Y>j zL09J#AkR@_6<0g(LK2wp$Bw+Rd6o5)hm+~)rq4tYLAc_S@R(j$bk7s7{A`5yLb2ZB5QuKT(Wl} zl<_@(nM4}K00vrm=(IiJm%qyLA6%RHdOzGwR*`>3q5LW!L15GKZmgseA7F%Ld0fx< zlw4_Iu9D=OLOD1-_8k|>tzb`jyJ^lu)Y2c+y1A2HCP!}FZT=!kZ{9pMD}$GtQGkT{ zsF|F)tp(&?C}{Md1h~_Or5)i(zhoaH;uU`^(44fh+5WnH5y>+&3U{|4vOnb>J5A3h znE++=IeJ_w1a@wIOiM`gpDVNpn^FngQU%K!eVt{0Uo(9P!5vbpy4IpjeA)5x6DOdk z+s@%-G6rey&J46;#HDm`_oo9m=MiDySVXf^2zNQb{0DjLigL^Mj_g78+WLCcTY9(?N&%QaISU|+Z*#8vEhP^- zxAm3+Y1Qe`f59p$3k;eKsOzD%UqI6{7FRQ!ecvWu$Tb)-cMW(UXA5C@=>gGlHZZ+a zQ{Y4r|Kwrcf+0k#5S6ddxo`Rdn*G@-LmUW|ouw)){%a$bGi%7-i52+_dv+0{Pv^n3 z#X0R4x})27duY#CUaOUysTTNZM?=cc)Gog6My+v0<1zt5{c);bKw46ysF9lZ^uW=t z5K12uEL+Jp$+;hCPkrm4#-81mnKPzU8L?4^4E1Ry*cDz~>jBljofiYQaUgM+Y#l za9d_XlyUnmtIF)d`5#*r9Q2G8YG8A`)17Lkc0hDQH~J~P$V}x4ss^%qE)-h%=IsGi z`&7;u6!%R44rN%3iqDl<@eCgCyM@xf8s{MA2l8vfCSOOo3!)lHRCTLQdPgMEr$5tp zj=R&_INtEozj&#!j~h&mvZ5C`|GW4OB!+h=LeBDkVF6&ZVXU8}U?d=mAu2hi3%R== zGHksN)C^GjWDMa@8*bI_8(fMKPdbm_HUV9Z{`Dpu7B677x!Eic$tTipXn1KZGs#Kl zX^y-IPyA^0#01$pKFN-lvURY(364Wd2GBn&FCys|s7`4DNtoX;EUtkPYmP#C63X6C zGU;-L{Fy_@&xB@#S%FM0Zt%dR8lCMe9PEWBlD_4}7DkygE`Yje_fXq-+Je0z!g9Va z># z8DhQ-Ud1lYOv?=#Z)y$jiH4XkZn+cmSaxZ+%ay>UStEu4*G*UR)xW*`fPrG^xShvL zmjk=+LCLbdY0K^0oorhET;D35;5_CqWznb7mBI>y`4dk4jk-^5O=Ne>arD!nSR*cx z685vLs3~Obtg-saHSDH_I_blH27Mm8(hvB?cayne+AK02?ZH(!LYwb-pJ?lWGu+Bd zFKncK;53R@8%1r_=8xlenK!#VI98|Rj;4wRmIomNMtw1)tFoAnOw`jSKJEK8MYF>C zFx65*chK)6ENvuU)qbjiHbw-c5toCYYUnP25lOV;x=oH3<@MO~C6$Uw$f;j4_+Rm0RvfnjYJ`G_O zg$cai-Y2K%u>ddq&or?DJ%_KJ4%?C@221WjZe6E1&!7i^-*A3Sol40TH-cIQ9+bKy z1zluzw8Q3!os{#Ka-ThW_1^$Vk5xq@cf#zQ^dDJq%yMqcvGl+nW#7uCi4;@5{nYvK zppq=pvD>%|?gqoogu*y#=N&(qNjG(-#-)ef1sbM#*EHSgN62o(UTpHO(k%6UZtNy5 zPu%IJH9zd;PDk|!yJNtrpGH%ftm&5+)mkvN3P3x0z54G1A&V4T-xfD68_t{lkhu6z ziCz9!$X&^8HTu0#n@9f~#F!bVbN}&|uQRn*M2RDIY=Y_=`fpY&UKKa3a%%fs1O)cf z(H*H;opz^EdPK0CiNPSL6EuIawso=ZUYHxgn*{id3mZI+ zusLwZUROeIb_IsdQO0n3iWBDYtghy4fP@wsVrEzm0-T&JK_jtG+QOph=vYAs**lR1A|WUCiWJQ1;(3<2U>fdm}xn zdMR4FOk+0#v^caWeM*379BTacY^>L!0@ghm^g#Hi1~U4AR_U5lpz?@l`9%hUH|&6@ zDi_uIn+0(x{4$uy8wnD+GNI7Ywd=Mi7hJ6tKksIOuqO6t#BzdPQ(=5O$g}F`1e-iv zPg?+ijJnx;910ALx>p|XgfXPo66ihU4#K%koH2EjW_wTCIYcTRB*fffC+PFzv30ta zd|z~1l5}g`ewrC}7R>6!tMvbI2v1JHk*ib*|M&}4cb}`buhG>VH@i4n7}rjKSnW=% z)IIHYU2^OdRFg^v6uEr_<(9EII`NfPDf}U|JVrii5hGV28d}tj3N+=Sb86R-EQr`V z3RPB-asl6g?%1iv`_UySxwO;UL(F%uQ4283SO`bl4ENR$uV5pn; zci}Ci&jOH^hcflXjNYrVZ2=piJQ4DJ$!5^9w<1RVNG^N~@EA<=`7t2nI9!q*4jwYLzlyxU^QswIW?Phor zZzG4#zYJ}UnXl*Kv>;^|*5h9hUHix9jH7OX<)SnN34)HnxaYQ<)!#Z-P97w`uI$ns!Q1=BHc2La4h{gmT z`&^v7je{ItzX{c%F>tn*$qw#GK;8Zyf!AqgSX$Ev$TKaBXn6ER?-`I6jvC%{h~%pd ziBVzUHJMgF(%Ttq8nthhe94LdO^v1^QLGUUIONz)ed$X+bCdHEzgI#XJ~HVPKYa-L z%ZI#Mw!0kbD!Tn0B6xL5;Nsa3zRpQ;M)|&>uEgzI98w?)VeZ;x99mNhTKaDIVIyP2 znES_U2_57EmRc#jsVF_CAzAV>=8B-vEmzR?*ApYXDMF1V**Lu8!^jvQ+Sb|$G*%J1 z;pX+IJoEFy^r=xY)WG=|(X#e-=gq|(6BLm9oh)ENMA9{cex!v6RTl2hCriA0yf%I*E0*rgwW~$YpJZ zKMTQ~bKrq+Fzh!LRwKTl@$X`ig%X*34@0}dlo{oQ#peH9>B9jKkr_@u z9fogq7Upk@mc0b}$Knf_6^UkPOp51MV#2}`@$Nf@l|AF=jfcCcTpb!Ptk&?KO_~9n z4ECCYmR)u{v%u8lm_YLP zfn1S6s&TD|h;ZJ7vfOe71Wq>4!O%3Yafd%QSFsz39QSF@j10BOOC)$X&y>`j+gSuF z!kT3{KBm}p1!}!>smGmn_`Nb4A8^BT_929p%)L}Qg`;HexcT$BdG5%d-Ow&cSP!_} zcz1k7)C->k`4# z?iF`xB@wn0qsxjypcPbXRKlWr7BU96;!fVWH@0d&&hLg<4ic(Y)+`TPJRNuPET*f}CeS0ETyWy=YY)Tq zwwz-<#~@9jC1K&!8lYJhso}SB$jrCtXO5?XsBnR*^%>Bn+B-MO?>7>P6W0V4TCMxh z^pK`#P@}&7ZRdvsUm>IU*i{&`V6xo$AYlX#fqW1LO@(hp8MhX&URZdel-$3~L4AzL z0ko@SdL2i97N~iaNd6bJl=_PlKwo)WMIMK!EZLyt#~yg+Dw9ej=G9I-qGEsg#z5nd zGvRMOKUchoUra>A-!c}+C(grncTA}us0YNd?E_iMgq4QFxXk0Uka8&o*0C@8YU>QJ zl*S$Uswxu5ZK5$JA${M#I=%pvT5A@x$s6SBE_^hCO2T-pZYKe{K{Lc;O7YEVa05>&EZv5K8VU2P(qoUz;~>gxfCg^a_2eao=Gjq(FAZHUXP51n2=v_K|V<+|6UwCl7r?t zZ-PADZb`zZv1;{Qh)nU^0)I-!L~yrF&P}WyZbQRcz6Gaeb~{Tr#aewkFar)ncTI80 z-q1D$4f)Tma{lGDg}1sTl((DlgWmAl$*RX^u8yuZMZruI#o|-4TeUDtF!2<7`Hkw_ zd+c}@%kVLhN}T37a#H9ux;sFNr4zLluEckddz;XDVfnFO)2!?J9-H0tQc0oD={&c( zHPhbu`9<(|3atjchB>I;hFhehCGz3t_8Nkq{#q0J31j@nf7-CHnxMOCx(=qLcbxk7 z37xGK0N!&sA1z__VC4d_-*H0rJ{Ijq-EVUk__p~el}WG+2)nkj;U zV)S(ljhHLlAE6g`9Jnae_19?u=_j1xPITIK+=FHFjaEs2<2=#{U(!~~g=j{Gg(u9e z7D)+7?y>2v>BzI1XJ%xuIRk|79Vx3ZzXyJ-29llUb+`3IVUKQT^?Hr63omU9WXIk_ z&t(Uu4UXshU>xM-gUVEA&I3j1{zEEh53&s|Zfewg^lxL@j`IwlTl{6k*`32ZX60^= zs!g;~bgs!$TS@dZT|V=V3tePyQq9CfY|*?+;zk|_hN%EeAzKk(UY=&@aUHX)5j^tl z1R_N)-f^{ocCb!FNAkz|T7h}RRx`Cn3Cw=5E>FB@k>gwJ*0ib6>BdI!qPPT5XeSA; znDF)^G#`miRAo)@mqmi3&9aFMjDRSpA7o0I$XlbHt+pNE$+rKx2p z^$j-EpC?fVU}b(FCFIN^f|00!1pwKO7-mX6UP6n(pY>(ZUA|;=Cwyp)m%V@ ziyvg_ZBTRFH906hV$W#Xaav?ak+C2P;4iZsh}^K`g01WB=!rY867DstzWG4Wg?Z93 zNn)o!`?*21PoexjNjABRf8{lR9qoTc<-5jk(SAAs+S^m$!X7e}j2R>AK4ZRg9}YC)H0d)HQ>$rmUcMtJd2v0dbiRSq${eXbxPwr_qt>}OJ^H=js;}w9=o=0}(i3Z*uTt8L5N$#ez10Z5kj)S_wKH3uf!l zLk|ETgL=Ihes6|ruMe9e66*bB9J=bYK+n1-LsziDys$AUB{LRTyK-Ow44sN|IQI=; zU*TrG&z!Cy6Ao@F>bT3=b=4QeaM4p|Fk?63N<0TTj|>p;l?sWpE1>b1aKk{*U8=up zusZ1_>FbJRX=Y#=yOC`1733wU1^|=5ApAX+FF$XZy;H6L_)rG`lIn>=K4k2Ro90_H z6N_$Cn9Z^vXq4~&PD=zir<`+VtH8nrkylr8}Xh6jikg&7%Mq%ZzOUZWKynU^D?yDi7%N=Wkfl0&K{+TV#e$OEuc zkyc)fIlvoHx)VC9XV~3B0fm)26Fuk-5A*AS{cIrl*JvcI_d0a=9SN9P_#&3Czsj#I zN95Km*<%jMOsqE5QMO>W6NSH3OpSo!B<#qu20qa3|ICcvNXJfzY1U<;@)gd=vwR`5 zljWRlqW3dlnEbY&M*@XkK&;0Mek{6IoU_+*$=)kq$sq|yL3!n)@Jvx_T;wOGb zjNH*SrRD&u#^ncD_PZ`HfmVW^@*!G1Xl`yqC^RIRV9uXX-;m|guT=`*)aQIJ8n+}L7fFCI0MGaT?{4s~ukngbwr%YW=4&WL( z2w`L@A*lrXMECSH@~INaF&mD&xz_~&QPR{tSb4>S(R3P)=>Hk7tRpX8R%KY)(oz~x zA9)t_4}BcVyVWqDQDi9p*+?<0Q$n1imiS}jg4Gb9(;w&!ZgzMI<_ToOgqe2F-hPNq z%bOGSwy(_7d9}SXta{P=9Xr%QJK_9jeSAQPTNnQr3&4gx%qU;~?5taF zP};A@EhtdQahnvMIB6+MV`EJfr0h+ z^)6ZF%a~k)#w&(!^M+-jR?kLBZ0?3Kygn-pj769w@GO~HNSpJMSxlbrmoI3n0daXm zbJ3j)52IK3LItLRf==UfR=$lxt~5p$J$YrA^xjsfm$!A)_{J2)Hh;_x>Yst@=pgie z{SSsLxQ#&bQni_uIo-c}EpFTVac1m@@gi=K=yNSl9F}j%4cv`9GTpuy^n=N;M1|hT zG>1}2YmyVI6I9U#B(CyQv>5;zzW^|9Rzpt9`dVZDa{~MaEl~4j*4Wn0n34BQ~mF$uV#vZ3|2P3{(gF(PUM14zEhu; z?cYWZ1PN&#UehGjiU7!lVk8SFRg`(hK6;yS@!qIO3bw+`xOys|sgX<5h)6Ry#%7ZYS+9d#=3SND>K} zP}tNT&zk$yIx!KD`o3FQOVS+~T^lRie*>Z1Zr72xA-J-~!u$fxqF&RE!{j%ly-z`D zc9V9Y<)F*;4@9pwvH1*5h)SWq<(kb2g4P=KQ%;<`$fe zR?G4b`wURJS_-A#R)X7mBn+HOYWPmv`nufH;bvSNQ0}n74C9c9{``)dB|bQB#4I~$ z5;siG!3ADH#DJ1(&~#QD{I(*Jb;kRHyOfrN8NuW4)L~F9Fw%JY-4N&fwJ>-QPcPfF zUf1xkL>lU>_msAxZ_w0*^~S*ltx=lq06U2r=B~2)u}&8+0`|I~%vUu$tf1mN{b|RA zRx{)xc>Pd1e<<*EGpKXV#^Da9=YiH(hN0WC_~G)?Mt<3$JwMEWXTdp*=ScAyYAImw z*Jeoeoo3p_PyXc|@mM86a_fk3pTX+;Q5RwS4<^Z-h1HU&#v7xi&TnVc;sf60hxaA; z+&ek&9l%lzWd7)5lmv4N9aLygNbGV!X;e;kIe0VU6Es&K?oayM|G`J$Rb?9k>zRk{ zuJh!ZNAli0(JAx=ZCO$`_QJBTvauJ34sZrVNt{dmIdG5U`^Alg7hZehKjx+)%R`#h zGXr<>$Z5Ca87rP-mToY`Pdr>Pd}Ed%vK`ozWk{GC*F@^bDeuRdbkHW!fJabG?F?-t z04lE7VrvMy4Ybn48_;FWroY~z_*}>kWxKxKPO;#vaU>HlK7>{w?PPVur zQ^9oVTJ}TcqY4Koq$4CX3r_)d?fMpKun|b<&Cg_y2@+{WBU)R?A2lV?|p4t@r{SR>6B~CEZ>QErx$hN2K$2pGo<=r|2|=oilU+*b8)*SXbV9ni)DpRT$t5&%ZUW%O}c*o zZIaw&>T7`Q!Y63Lc(2D=o~we#9o~XEnhd}ww7)UqXe3HJ_>OS>0Im!Kt!O;lPBQRs zwHRY#HSn3|OXxHWsj$sl4PBJiYD@5B7H2!9jl$bTOU2VTTK{`Xp|Q!2s5K*g8S#B; zRQYw|k4DArI|HAWL)69V&6S|!Wy_;PIM3x?HcPG>tY^5uM4J4e!rMPXc?AHJP=vo% z{aY*H<#Z{Wh|$=>axqr2%BI!&-bALGm;ls4b+>+nC|LuB+8G2@<=|FL`d0AR#iYAI z?N!a!$rE-aLb<%iY?;UL`ZA*e0yPT(f2d%iXs%DG)CNr2FYWu;0s`*vc7~R!R>HAX z@W{@@C_~>zKhZXIjmVEmh>9=p8y6Zb?kY@?&n-GlEiNL{-H|`@D(h3rAXGc5 ziFd_qDl2LRsJM%mA8Md$tUH{~ZNoWaois|ngFC=@2_2220(cT@;@3j-r67BQA0#^B zag@pD4KPM)lJn`x$Lfv3a2emh_Si;`L$Q*g&oq61!CTXyj(-L`yBeH_qr^kC&^!J7 ziuZ}hU%xN972!Fqr-$U|3aWvhJWdT|nS-&~kTWOf8Jj+zrrNc?#pWMW>P(?P;<7$Q zd1~U(+nr2)uA-(i3ojvQr#HB?&P^N1gNMX8{-b9o zX>3<)Cj30&7P%lAd;7Mbn+}f#=^&7xm?m1t$@Ad90X(5)gj~_EqJg|TB?<|-9!d{6 z11*L?z8qtPsC@W88+7#xPb6TOO#QzA|D9F;ABpGx(l$+@O8iMyGy(D#`lvg=?mxO$ JsA?7VKL9kOL!$ry diff --git a/stable/pdn-server/templates/NOTES.txt b/stable/pdn-server/templates/NOTES.txt deleted file mode 100644 index b50ce6721..000000000 --- a/stable/pdn-server/templates/NOTES.txt +++ /dev/null @@ -1,13 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash diff --git a/stable/pdn-server/templates/_helpers.tpl b/stable/pdn-server/templates/_helpers.tpl deleted file mode 100644 index 655c00438..000000000 --- a/stable/pdn-server/templates/_helpers.tpl +++ /dev/null @@ -1,207 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* - Expand the name of the chart. -*/}} -{{- define "pdn-server.name" -}} -{{- include "common.names.name" . -}} -{{- end -}} - -{{/* - Create chart name and version as used by the chart label. -*/}} -{{- define "pdn-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* - Create a default fully qualified app name. - We truncate at 63 chars because some Kubernetes name fields - are limited to this (by the DNS naming spec). - If release name contains chart name it will be used as a full name. -*/}} -{{- define "pdn-server.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* - Return the proper PDN Server image name -*/}} -{{- define "pdn-server.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global "appVer" .Chart.AppVersion) }} -{{- end -}} - -{{/* - Return the proper init container image name -*/}} -{{- define "pdn-server.initContainers.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.initContainers.image "global" .Values.global) }} -{{- end -}} - -{{/* - Return the proper Docker Image Registry Secret Names -*/}} -{{- define "pdn-server.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.initContainers.image) "global" .Values.global) }} -{{- end -}} - -{{/* - Return podAnnotations -*/}} -{{- define "pdn-server.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* - Create the name of the service account to use - */}} -{{- define "pdn-server.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "pdn-server.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* - Resolve joinKey value -*/}} -{{- define "pdn-server.joinKey" -}} -{{- if .Values.global.joinKey -}} -{{- .Values.global.joinKey -}} -{{- else if .Values.joinKey -}} -{{- .Values.joinKey -}} -{{- end -}} -{{- end -}} - -{{/* - Resolve joinKeySecretName value -*/}} -{{- define "pdn-server.joinKeySecretName" -}} -{{- if .Values.global.joinKeySecretName -}} -{{- .Values.global.joinKeySecretName -}} -{{- else if .Values.joinKeySecretName -}} -{{- .Values.joinKeySecretName -}} -{{- else -}} -{{ include "pdn-server.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* - Resolve masterKey value -*/}} -{{- define "pdn-server.masterKey" -}} -{{- if .Values.global.masterKey -}} -{{- .Values.global.masterKey -}} -{{- else if .Values.masterKey -}} -{{- .Values.masterKey -}} -{{- end -}} -{{- end -}} - -{{/* - Resolve masterKeySecretName value -*/}} -{{- define "pdn-server.masterKeySecretName" -}} -{{- if .Values.global.masterKeySecretName -}} -{{- .Values.global.masterKeySecretName -}} -{{- else if .Values.masterKeySecretName -}} -{{- .Values.masterKeySecretName -}} -{{- else -}} -{{ include "pdn-server.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* - Resolve pdnJoinKeySecretName value -*/}} -{{- define "pdn-server.pdnJoinKeySecretName" -}} -{{- if .Values.global.pdnJoinKeySecretName -}} -{{- .Values.global.pdnJoinKeySecretName -}} -{{- else if .Values.pdnJoinKeySecretName -}} -{{- .Values.pdnJoinKeySecretName -}} -{{- else -}} -{{ include "pdn-server.fullname" . }} -{{- end -}} -{{- end -}} - -{{/* - Scheme (http/https) based on Access TLS enabled/disabled -*/}} -{{- define "pdn-server.scheme" -}} -{{- if .Values.router.tlsEnabled -}} -{{- printf "%s" "https" -}} -{{- else -}} -{{- printf "%s" "http" -}} -{{- end -}} -{{- end -}} - -{{/* - Resolve jfrogUrl value -*/}} -{{- define "pdn-server.jfrogUrl" -}} -{{- if .Values.global.jfrogUrl -}} -{{- .Values.global.jfrogUrl -}} -{{- else if .Values.jfrogUrl -}} -{{- .Values.jfrogUrl -}} -{{- end -}} -{{- end -}} - -{{/* - Return the proper observability image name -*/}} -{{- define "observability.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.observability.image "global" .Values.global) }} -{{- end -}} - -{{/* - Return the proper router image name -*/}} -{{- define "router.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.router.image "global" .Values.global) }} -{{- end -}} - -{{/* - Custom certificate copy command -*/}} -{{- define "pdn-server.copyCustomCertsCmd" -}} -echo "Copy custom certificates to {{ .Values.persistence.mountPath }}/etc/security/keys/trusted" -mkdir -p {{ .Values.persistence.mountPath }}/etc/security/keys/trusted - -for file in $(ls -1 /tmp/certs/* | grep -v .key | grep -v ":" | grep -v grep) -do - if [[ -f "${file}" ]]; then - cp -v "${file}" {{ .Values.persistence.mountPath }}/etc/security/keys/trusted - fi -done - -if [[ -f {{ .Values.persistence.mountPath }}/etc/security/keys/trusted/tls.crt ]]; then - mv -v {{ .Values.persistence.mountPath }}/etc/security/keys/trusted/tls.crt \ - {{ .Values.persistence.mountPath }}/etc/security/keys/trusted/ca.crt -fi -{{- end -}} - -{{/* - pdnserver liveness probe -*/}} -{{- define "pdn-server.livenessProbe" -}} -{{- printf "%s" "/api/v1/system/liveness" -}} -{{- end -}} - -{{/* - pdnserver startup probe -*/}} -{{- define "pdn-server.startupProbe" -}} -{{- printf "%s" "/api/v1/system/readiness" -}} -{{- end -}} - -{{/* - Resolve pdnserver requiredServiceTypes value -*/}} -{{- define "pdn-server.router.requiredServiceTypes" -}} -{{- $requiredTypes := "jftrk,jfob" -}} -{{- $requiredTypes -}} -{{- end -}} diff --git a/stable/pdn-server/templates/additional-resources.yaml b/stable/pdn-server/templates/additional-resources.yaml deleted file mode 100644 index c4d06f08a..000000000 --- a/stable/pdn-server/templates/additional-resources.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{ if .Values.additionalResources }} -{{ tpl .Values.additionalResources . }} -{{- end -}} diff --git a/stable/pdn-server/templates/deployment.yaml b/stable/pdn-server/templates/deployment.yaml deleted file mode 100644 index 61f7654ee..000000000 --- a/stable/pdn-server/templates/deployment.yaml +++ /dev/null @@ -1,361 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "pdn-server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.deploymentLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.deploymentLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - systemYaml/checksum: {{ include (print $.Template.BasePath "/system-yaml.yaml") . | sha256sum }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.extraSecrets }} - checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if or .Values.podAnnotations }} - {{- include "pdn-server.podAnnotations" . | nindent 8 }} - {{- end }} - spec: - {{- include "pdn-server.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "pdn-server.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" .) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - initContainers: - - name: 'copy-system-yaml' - image: {{ include "pdn-server.initContainers.image" . }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy | quote }} - {{- if .Values.initContainers.containerSecurityContext }} - securityContext: {{- toYaml .Values.initContainers.containerSecurityContext | nindent 12 }} - {{- end }} - {{- if .Values.initContainers.resources }} - resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - echo "Copy system.yaml to {{ .Values.persistence.mountPath }}/etc"; - mkdir -p {{ .Values.persistence.mountPath }}/etc; - mkdir -p {{ .Values.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYamlOverride.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.persistence.mountPath }}/etc/system.yaml; - {{- else }} - cp -fv /tmp/etc/system.yaml {{ .Values.persistence.mountPath }}/etc/system.yaml; - {{- end }} - echo "Remove {{ .Values.persistence.mountPath }}/lost+found folder if exists"; - rm -rfv {{ .Values.persistence.mountPath }}/lost+found; - {{- if not .Values.systemYamlOverride.existingSecret }} - {{- if or .Values.joinKey .Values.global.joinKey .Values.joinKeySecretName .Values.global.joinKeySecretName }} - echo "Copy joinKey to {{ .Values.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.persistence.mountPath }}/etc/security; - echo -n "${ARTIFACTORY_JOIN_KEY}" > {{ .Values.persistence.mountPath }}/etc/security/join.key; - {{- end }} - {{- if or .Values.masterKey .Values.global.masterKey .Values.masterKeySecretName .Values.global.masterKeySecretName }} - echo "Copy masterKey to {{ .Values.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.persistence.mountPath }}/etc/security; - echo -n "${ARTIFACTORY_MASTER_KEY}" > {{ .Values.persistence.mountPath }}/etc/security/master.key; - {{- end }} - {{- if or .Values.pdnJoinKey .Values.pdnJoinKeySecretName }} - echo "Copy pdnJoinKey to {{ .Values.persistence.mountPath }}/etc/security"; - mkdir -p {{ .Values.persistence.mountPath }}/etc/security; - echo -n "${PDN_JOIN_KEY}" > {{ .Values.persistence.mountPath }}/etc/security/pdn_join.key; - {{- end }} - {{- end }} - env: - {{- if not .Values.systemYamlOverride.existingSecret }} - {{- if or .Values.joinKey .Values.global.joinKey .Values.joinKeySecretName .Values.global.joinKeySecretName }} - - name: ARTIFACTORY_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-server.joinKeySecretName" . }} - key: join-key - {{- end }} - {{- if or .Values.masterKey .Values.global.masterKey .Values.masterKeySecretName .Values.global.masterKeySecretName }} - - name: ARTIFACTORY_MASTER_KEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-server.masterKeySecretName" . }} - key: master-key - {{- end }} - {{- if or .Values.pdnJoinKey .Values.pdnJoinKeySecretName }} - - name: PDN_JOIN_KEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-server.pdnJoinKeySecretName" . }} - key: pdn-join-key - {{- end }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.systemYaml }} - - name: systemyaml - {{- if .Values.systemYamlOverride.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" - subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.systemYaml }} - mountPath: "/tmp/etc/system.yaml" - subPath: system.yaml - {{- end }} - {{- end }} - {{- if .Values.customCertificates.enabled }} - - name: copy-custom-certificates - image: {{ include "pdn-server.initContainers.image" . }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy | quote }} - {{- if .Values.initContainers.containerSecurityContext }} - securityContext: {{- toYaml .Values.initContainers.containerSecurityContext | nindent 12 }} - {{- end }} - {{- if .Values.initContainers.resources }} - resources: {{- toYaml .Values.initContainers.resources | nindent 12 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - | - {{ include "pdn-server.copyCustomCertsCmd" . | nindent 14 }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - - name: ca-certs - mountPath: "/tmp/certs" - {{- end }} - containers: - - name: pdnserver - image: {{ template "pdn-server.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - exec /opt/jfrog/pdnserver/app/pdnserver/bin/pdnserver.sh - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: JF_PDNSERVER_SELFADDRESS - value: "{{ tpl .Values.selfAddress . }}" -{{- with .Values.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 12 }} -{{- end }} - ports: - - name: insecure-grpc - containerPort: 8093 - - name: secure-grpc - containerPort: 8095 - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.startupProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.livenessProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- with .Values.lifecycle }} - lifecycle: -{{ toYaml . | indent 12 }} - {{- end }} - {{- if .Values.observability.enabled }} - - name: observability - image: {{ template "observability.image" . }} - imagePullPolicy: {{ .Values.observability.image.pullPolicy | quote }} - resources: {{- toYaml .Values.observability.resources | nindent 12 }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NEW_PLATFORM_SERVICES_ARCH - value: "true" - {{- if not .Values.systemYamlOverride.existingSecret }} - - name: JF_SHARED_SECURITY_MASTERKEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-server.masterKeySecretName" . }} - key: master-key - - name: JF_SHARED_SECURITY_JOINKEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-server.joinKeySecretName" . }} - key: join-key - {{- end }} -{{- with .Values.observability.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 12 }} -{{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.observability.persistence.mountPath }} - {{- if .Values.observability.persistence.subPath }} - subPath: {{ .Values.observability.persistence.subPath }} - {{- end }} - {{- if .Values.observability.extraVolumeMounts }} - {{- toYaml .Values.observability.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.observability.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.observability.startupProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.observability.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.observability.livenessProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- with .Values.observability.lifecycle }} - lifecycle: -{{ toYaml . | indent 12 }} - {{- end }} - {{- end }} - - name: router - image: {{ template "router.image" . }} - imagePullPolicy: {{ .Values.router.image.pullPolicy }} - resources: {{- toYaml .Values.router.resources | nindent 12 }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/router/app/bin/entrypoint-router.sh - env: - - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES - value: {{ include "pdn-server.router.requiredServiceTypes" . }} - - name: JF_SHARED_JFROGURL - value: {{ include "pdn-server.jfrogUrl" . }} - {{- if not .Values.systemYamlOverride.existingSecret }} - - name: JF_SHARED_SECURITY_MASTERKEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-server.masterKeySecretName" . }} - key: master-key - - name: JF_SHARED_SECURITY_JOINKEY - valueFrom: - secretKeyRef: - name: {{ include "pdn-server.joinKeySecretName" . }} - key: join-key - {{- end }} -{{- with .Values.router.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 12 }} -{{- end }} - ports: - - name: http-router - containerPort: 8082 - volumeMounts: - - name: data - mountPath: {{ .Values.router.persistence.mountPath | quote }} - {{- if .Values.router.extraVolumeMounts }} - {{- toYaml .Values.router.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.router.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.livenessProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.router.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.router.startupProbe.config "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- with .Values.router.lifecycle }} - lifecycle: -{{ toYaml . | indent 12 }} - {{- end }} - {{- if .Values.filebeat.enabled }} - - name: {{ .Values.filebeat.name }} - image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" - imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - resources: {{- toYaml .Values.filebeat.resources | nindent 12 }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- end }} - args: - - "-e" - - "-E" - - "http.enabled=true" - volumeMounts: - - name: filebeat-config - mountPath: /usr/share/filebeat/filebeat.yml - readOnly: true - subPath: filebeat.yml - - name: data - mountPath: {{ .Values.persistence.mountPath | quote }} - livenessProbe: {{ toYaml .Values.filebeat.livenessProbe | nindent 12 }} - readinessProbe: {{ toYaml .Values.filebeat.readinessProbe | nindent 12 }} - {{- end }} - volumes: - {{- if .Values.customCertificates.enabled }} - - name: ca-certs - secret: - secretName: {{ .Values.customCertificates.certificateSecretName }} - {{- end }} - - name: systemyaml - secret: - secretName: {{ default ( default (printf "%s-%s" (include "pdn-server.fullname" .) "systemyaml") ) .Values.systemYamlOverride.existingSecret }} - {{- if .Values.persistence.volumes }} - {{- toYaml .Values.persistence.volumes | nindent 8 }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} - - name: data - emptyDir: {} - {{- if .Values.filebeat.enabled }} - - name: filebeat-config - configMap: - name: {{ template "pdn-server.fullname" . }}-filebeat-config - {{- end }} diff --git a/stable/pdn-server/templates/filebeat.yaml b/stable/pdn-server/templates/filebeat.yaml deleted file mode 100644 index 11f207bbd..000000000 --- a/stable/pdn-server/templates/filebeat.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.filebeat.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "pdn-server.fullname" . }}-filebeat-config - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.statefulsetLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.statefulsetLabels "context" $) | nindent 4 }} - {{- end }} -data: - filebeat.yml: | -{{ tpl .Values.filebeat.filebeatYml . | indent 4 }} -{{- end -}} diff --git a/stable/pdn-server/templates/hpa.yaml b/stable/pdn-server/templates/hpa.yaml deleted file mode 100644 index 7db267cd7..000000000 --- a/stable/pdn-server/templates/hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "pdn-server.fullname" . }}-hpa - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "pdn-server.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- end }} -{{- end }} diff --git a/stable/pdn-server/templates/ingress.yaml b/stable/pdn-server/templates/ingress.yaml deleted file mode 100644 index f358fdd2d..000000000 --- a/stable/pdn-server/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "secure-grpc" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "secure-grpc" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/stable/pdn-server/templates/networkpolicy.yaml b/stable/pdn-server/templates/networkpolicy.yaml deleted file mode 100644 index d0cd376bb..000000000 --- a/stable/pdn-server/templates/networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ include "pdn-server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - {{- if not .Values.networkPolicy.allowExternal }} - - ports: - - port: 8082 - protocol: TCP - - port: 8093 - protocol: TCP - - port: 8095 - protocol: TCP - from: - - podSelector: - matchLabels: - {{ template "pdn-server.fullname" . }}-client: "true" - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- if .Values.networkPolicy.additionalRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/stable/pdn-server/templates/pdb.yaml b/stable/pdn-server/templates/pdb.yaml deleted file mode 100644 index e7bc6ba88..000000000 --- a/stable/pdn-server/templates/pdb.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "pdn-server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/stable/pdn-server/templates/role.yaml b/stable/pdn-server/templates/role.yaml deleted file mode 100644 index 3a588df72..000000000 --- a/stable/pdn-server/templates/role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "pdn-server.fullname" . }}-endpoint-reader - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] -{{- end }} diff --git a/stable/pdn-server/templates/rolebinding.yaml b/stable/pdn-server/templates/rolebinding.yaml deleted file mode 100644 index 873f83cbd..000000000 --- a/stable/pdn-server/templates/rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "pdn-server.fullname" . }}-endpoint-reader - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ template "pdn-server.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "pdn-server.fullname" . }}-endpoint-reader -{{- end }} diff --git a/stable/pdn-server/templates/secrets.yaml b/stable/pdn-server/templates/secrets.yaml deleted file mode 100644 index 0cdf14186..000000000 --- a/stable/pdn-server/templates/secrets.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "pdn-server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if or .Values.joinKey .Values.global.joinKey }} - {{- if not (or .Values.joinKeySecretName .Values.global.joinKeySecretName) }} - join-key: {{ include "pdn-server.joinKey" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if or .Values.masterKey .Values.global.masteKey }} - {{- if not (or .Values.masterKeySecretName .Values.global.masterKeySecretName) }} - master-key: {{ include "pdn-server.masterKey" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if .Values.pdnJoinKey }} - {{- if not .Values.pdnJoinKeySecretName }} - pdn-join-key: {{ .Values.pdnJoinKey | b64enc | quote }} - {{- end }} - {{- end }} - -{{- $extraSecretsPrependReleaseName := .Values.extraSecretsPrependReleaseName }} -{{- range $key, $value := .Values.extraSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - {{- if $extraSecretsPrependReleaseName }} - name: {{ $.Release.Name }}-{{ $key }} - {{- else }} - name: {{ $key }} - {{- end }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -stringData: {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 2 }} -{{- end }} diff --git a/stable/pdn-server/templates/serviceaccount.yaml b/stable/pdn-server/templates/serviceaccount.yaml deleted file mode 100644 index 2f23161bb..000000000 --- a/stable/pdn-server/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "pdn-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -secrets: - - name: {{ include "pdn-server.fullname" . }} -{{- end }} diff --git a/stable/pdn-server/templates/servicemonitor.yaml b/stable/pdn-server/templates/servicemonitor.yaml deleted file mode 100644 index 99e8a9e4b..000000000 --- a/stable/pdn-server/templates/servicemonitor.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "pdn-server.name" . }}-metrics-service - namespace: {{ .Values.serviceMonitor.kubePromFullName }} - labels: - app: {{ .Values.serviceMonitor.kubePromApp }} - release: {{ .Values.serviceMonitor.kubePromFullName }} - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.serviceMonitor.jobLabel }} - endpoints: - - path: /pdnserver/api/v1/metrics - bearerTokenSecret: - key: token - name: {{ .Values.serviceMonitor.tokenName }} - honorLabels: true - honorTimestamps: false - interval: {{ .Values.serviceMonitor.interval }} - scheme: {{ include "pdn-server.scheme" . }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} - port: {{ .Values.serviceMonitor.port }} - targetPort: {{ .Values.serviceMonitor.targetPort }} - tlsConfig: - insecureSkipVerify: true - namespaceSelector: -{{ toYaml .Values.serviceMonitor.namespaceSelector | indent 4 }} - selector: -{{ toYaml .Values.serviceMonitor.selector | indent 4 }} -{{- end }} diff --git a/stable/pdn-server/templates/svc.yaml b/stable/pdn-server/templates/svc.yaml deleted file mode 100644 index 90c305efa..000000000 --- a/stable/pdn-server/templates/svc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "pdn-server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }} - {{- end }} - {{- if or (.Values.service.annotations) (.Values.commonAnnotations) }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end -}} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end -}} - {{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - name: http-router - port: 8082 - targetPort: http-router - - name: insecure-grpc - port: 8093 - targetPort: insecure-grpc - - name: secure-grpc - port: 8095 - targetPort: secure-grpc - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/stable/pdn-server/templates/system-yaml.yaml b/stable/pdn-server/templates/system-yaml.yaml deleted file mode 100644 index 25d71d7d7..000000000 --- a/stable/pdn-server/templates/system-yaml.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if not .Values.systemYamlOverride.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "pdn-server.fullname" . }}-systemyaml - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -stringData: - system.yaml: | -{{ tpl .Values.systemYaml . | indent 4 }} -{{- end }} diff --git a/stable/pdn-server/values.yaml b/stable/pdn-server/values.yaml deleted file mode 100644 index 2271406ba..000000000 --- a/stable/pdn-server/values.yaml +++ /dev/null @@ -1,971 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.jfrogUrl Global Base URL of the JFrog Platform Deployment (JPD) -## @param global.masterKey Global Master key for the PDN Server -## @param global.joinKey Global Join Key to connect other services to Artifactory -global: - ## Docker image registry, default: releases-docker.jfrog.io - imageRegistry: "" - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## imagePullSecrets: - ## - myRegistryKeySecretName - imagePullSecrets: [] - ## PVC Storage Class for pdnnode data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, - ## choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) - storageClass: "" - ## Base URL of the JFrog Platform Deployment (JPD). This is the URL to the machine - ## where JFrog Artifactory is deployed, or the load balancer pointing to it. - ## You can copy the JFrog URL from Admin -> User Management -> Settings -> Connection details - ## It is recommended to use DNS names rather than direct IPs. - ## IMPORTANT: jfrogUrl value will be injected as environment variable - ## so it will take precedence over .Values.systemYaml.shared.jfrogUrl - ## Example: - ## http://abcdefg-1234567.us-east-1.elb.amazonaws.com - ## http://artifactory.us-east-1-prod.svc.cluster.local:8082 - jfrogUrl: "" - ## PDN Server requires a unique master key. - ## You can generate one with the command: "openssl rand -hex 32" - ## An initial one is auto generated on first startup. - masterKey: "" - ## Alternatively, you can use a pre-existing secret with a key - ## called "master-key" by specifying "masterKeySecretName" - masterKeySecretName: "" - ## Join Key to connect other services to Artifactory - ## IMPORTANT: Setting this value overrides the existing joinKey - joinKey: "" - ## Alternatively, you can use a pre-existing secret with a key - ## called "join-key" by specifying "joinKeySecretName" - joinKeySecretName: "" -## PDN Server requires a unique master key. -## You can generate one with the command: "openssl rand -hex 32" -## IMPORTANT: You MUST NOT use the example masterKey for a production deployment! -masterKey: "bca2fafd3b39649b24269de29300ce21" -## Alternatively, you can use a pre-existing secret with a key -## called "master-key" by specifying "masterKeySecretName" -masterKeySecretName: "" -## Join Key to connect other services to Artifactory -## IMPORTANT: Setting this value overrides the existing joinKey -## IMPORTANT: You MUST NOT use the example joinKey for a production deployment! -joinKey: "" -## Alternatively, you can use a pre-existing secret with a key -## called "join-key" by specifying "joinKeySecretName" -joinKeySecretName: "" -## Join Key to connect PDN Node(s) to PDN Server -## If not specified or empty value, a random join key will be generated -## upon PDN Server startup. You can copy the key from JFrog UI under -# Admin -> User Management -> Settings -> PDN Access Token -> Join Key -## You can generate one with the command: "openssl rand -hex 16" -## The PDN join key must be 16 bytes in length (a 32 characters long hexadecimal value) -pdnJoinKey: "aa34bd4dc7902a65f14900fc47ec6b5a" -## Alternatively, you can use a pre-existing secret with a key -## called "pdn-join-key" by specifying "pdnJoinKeySecretName" -pdnJoinKeySecretName: "" -## The external address to be used from outside -## the PDN Server service for the PDN Server to be reached. -## Note: selfAddress value will be injected as environment variable -## so it will take precedence over .Values.systemYaml.pdnServer.selfAddress -selfAddress: '{{ include "pdn-server.fullname" . }}:8095' -## Base URL of the JFrog Platform Deployment (JPD). This is the URL to the machine -## where JFrog Artifactory is deployed, or the load balancer pointing to it. -## You can copy the JFrog URL from Admin -> User Management -> Settings -> Connection details -## It is recommended to use DNS names rather than direct IPs. -## Note: jfrogUrl value will be injected as environment variable -## so it will take precedence over .Values.systemYaml.shared.jfrogUrl -## Example: -## http://abcdefg-1234567.us-east-1.elb.amazonaws.com -## http://artifactory.us-east-1-prod.svc.cluster.local:8082 -jfrogUrl: "" -## PDN Server system configuration file -## Ref: https://www.jfrog.com/confluence/display/JFROG/Advanced+Private+Distribution+Network+%28PDN%29+Configurations -systemYaml: | - router: - serviceRegistry: - insecure: {{ .Values.router.serviceRegistry.insecure }} - pdnServer: - logLevel: info - metrics: - enabled: true -## PDN Server systemYaml override -## This is for advanced usecases where users wants to provide their own systemYaml -## Ref: https://www.jfrog.com/confluence/display/JFROG/Advanced+Private+Distribution+Network+%28PDN%29+Configurations -## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml -## Alternatively, systemYaml can be overidden via customInitContainers using external sources -## like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is: -## 1. customInitContainers -## 2. systemYamlOverride.existingSecret -## 3. default systemYaml in values.yaml -systemYamlOverride: - ## You can use a pre-existing secret by specifying existingSecret - existingSecret: "" - ## The dataKey should be the name of the secret data key created. - dataKey: "" -## If enabled certificates added to this secret will be copied -## to $JFROG_HOME/pdnserver/var/etc/security/keys/trusted directory -customCertificates: - enabled: false - certificateSecretName: "" -## PDN Server containers' resource requests and limits -## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for PDN Server containers -## @param resources.requests The requested resources for PDN Server containers -resources: {} -## limits: -## cpu: "1" -## memory: "2Gi" -## requests: -## cpu: "2" -## memory: "4Gi" - -## @section PDN Server Image parameters -## @param image.registry PDN Server image registry -## @param image.repository PDN Server image repository -## @param image.tag PDN Server image tag (immutable tags are recommended) -## @param image.pullPolicy PDN Server image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -image: - registry: releases-docker.jfrog.io - repository: jfrog/pdn/server - # tag: - - ## Specify a image PullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - pullSecrets: [] -## PDN Server pods' Security Context -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable PDN Server pods' Security Context -## @param podSecurityContext.fsGroup Group ID for the filesystem used by the containers -## @param podSecurityContext.runAsUser User ID for the service user running the pod -podSecurityContext: - enabled: true - fsGroup: 11055 - runAsUser: 11055 -## @param containerSecurityContext PDN Server containers' Security Context -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Example: -## containerSecurityContext: -## capabilities: -## drop: ["NET_RAW"] -## readOnlyRootFilesystem: true -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["NET_RAW"] - runAsNonRoot: true -## @section Exposure parameters -## Kubernetes service type -service: - ## @param service.type Kubernetes Service type - type: ClusterIP - ## @param service.portEnabled Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. - portEnabled: true - ## @param service.extraPorts Extra ports to expose in the service - ## E.g.: - ## extraPorts: - ## - name: new_svc_name - ## port: 1234 - ## targetPort: 1234 - extraPorts: [] - ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is `LoadBalancer` - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - loadBalancerSourceRanges: [] - ## @param service.externalIPs Set the ExternalIPs - externalIPs: [] - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - externalTrafficPolicy: Cluster - ## @param service.loadBalancerIP Set the LoadBalancerIP - loadBalancerIP: "" - ## @param service.labels Service labels. Evaluated as a template - labels: {} - ## @param service.annotations Service annotations. Evaluated as a template - ## Example: - ## annotations: - ## service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 - annotations: {} - ## @param service.annotationsHeadless Headless Service annotations. Evaluated as a template - ## Example: - ## annotations: - ## external-dns.alpha.kubernetes.io/internal-hostname: pdnserver.example.com - annotationsHeadless: {} -## @section pdn-server ingress parameters -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for pdn-server - ## - enabled: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: pdnserver.local - ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate auto-generation, place here your cert-manager annotations. - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - ## ** Note that backend-protocol annotation is required to support GRPC traffic. If you are using a non-nginx ingress controller, this annotation - ## ** must be changed accordingly. For examples and more information see: https://kubernetes.github.io/ingress-nginx/examples/grpc/ - ## - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: pdnserver.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - pdnserver.local - ## secretName: pdnserver.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set, and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set, and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: pdnserver.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## Specify common probes parameters -probes: - timeoutSeconds: 5 -## The following settings are to configure the frequency of the liveness and startup probes -livenessProbe: - enabled: true - config: | - exec: - command: - - sh - - -c - - curl -s --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:8092{{ include "pdn-server.livenessProbe" .}} - initialDelaySeconds: {{ if semverCompare " - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, - ## choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) - storageClass: "" - ## @param persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - selector: {} - ## @param persistence.accessMode PVC Access Mode for PDN Server data volume - accessMode: ReadWriteOnce - ## @param persistence.existingClaim Provide an existing PersistentVolumeClaims - ## The value is evaluated as a template - ## So, for example, the name can depend on .Release or .Chart - existingClaim: "" - ## @param persistence.mountPath The path the volume will be mounted at - ## Note: useful when using custom PDN Server images - mountPath: /var/opt/jfrog/pdnserver - ## @param persistence.subPath The subdirectory of the volume to mount to - ## Useful in dev environments and one PV for multiple services - subPath: "" - ## @param persistence.size PVC Storage Request for PDN Server data volume - size: 16Gi - ## @param persistence.volumes Additional volumes without creating PVC - ## - name: volume_name - ## emptyDir: {} - volumes: [] - ## @param persistence.annotations Persistence annotations. Evaluated as a template - ## Example: - ## annotations: - ## example.io/disk-volume-type: SSD - annotations: {} -## Network Policy configuration -## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the ports PDN is listening on. - ## When set to true, integration will accept connections from any source - ## (with the correct destination port). - allowExternal: true - ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set. - ## Note: All rules are OR-ed. - ## Example: - ## additionalRules: - ## - matchLabels: - ## - app.kubernetes.io/name: pdn-server - ## - matchExpressions: - ## - key: app.kubernetes.io/name - ## operator: In - ## values: - ## - pdn-server - additionalRules: [] -## @section Init Container Parameters -## Init Container parameters -initContainers: - ## @param initContainers Add init containers to the PDN Server pod - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## pullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## @param initContainers.image.registry Init container volume-permissions image registry - ## @param initContainers.image.repository Init container volume-permissions image repository - ## @param initContainers.image.tag Init container volume-permissions image tag - ## @param initContainers.image.pullPolicy Init container volume-permissions image pull policy - ## @param initContainers.image.pullSecrets Specify docker-registry secret names as an array - image: - registry: releases-docker.jfrog.io - repository: ubi9/ubi-minimal - tag: 9.2.484 - ## Specify a image PullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - pullSecrets: [] - ## Init Container resource requests and limits - ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param initContainers.resources.limits The resources limits for Init containers - ## @param initContainers.resources.requests The requested resources for Init containers - resources: {} - ## limits: - ## cpu: "1" - ## memory: "1Gi" - ## requests: - ## cpu: "100m" - ## memory: "50Mi" - ## @param containerSecurityContext init containers' Security Context - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## Example: - ## containerSecurityContext: - ## capabilities: - ## drop: ["NET_RAW"] - ## readOnlyRootFilesystem: true - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - readOnlyRootFilesystem: true - runAsNonRoot: true -## @param sidecars Add sidecar containers to the PDN Server pod -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## pullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecars: [] -## Filebeat Sidecar container -## The provided filebeat configuration is for Pdn server logs. -## It assumes you have a logstash installed and configured properly. -filebeat: - enabled: false - name: pdnserver-filebeat - image: - pullPolicy: IfNotPresent - repository: docker.elastic.co/beats/filebeat - version: 7.17.7 - logstashUrl: "logstash:5044" - livenessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl -s --fail 127.0.0.1:5066 - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - filebeat test output - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - ## Filebeat container resource requests and limits - ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param filebeat.resources.limits The resources limits for filebeat container - ## @param filebeat.resources.requests The requested resources for filebeat container - resources: {} - ## limits: - ## cpu: "100m" - ## memory: "100Mi" - ## requests: - ## cpu: "100m" - ## memory: "100Mi" - filebeatYml: | - logging.level: info - path.data: {{ .Values.persistence.mountPath }}/log/filebeat - name: pdnserver-filebeat - queue.spool: - file: - permissions: 0760 - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.persistence.mountPath }}/log/*.log - fields: - service: "jftr" - log_type: "pdnserver" - output: - logstash: - hosts: ["{{ .Values.filebeat.logstashUrl }}"] -## Allows to add additional kubernetes resources -## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml -additionalResources: "" -## All values are under the 'nginx' sub chart. -nginx: - ## If you enable nginx you have to manually create pdn-server-nginx-tls - ## tls secret and provide certificate, private key, root certficate - enabled: false - image: - registry: releases-docker.jfrog.io - repository: bitnami/nginx - tag: 1.23.2-debian-11-r2 - containerPorts: - http: 8095 - service: - loadBalancerSourceRanges: [] - ports: - http: 8095 - extraVolumes: - - name: pdn-server-nginx-tls - secret: - secretName: pdn-server-nginx-tls - extraVolumeMounts: - - name: pdn-server-nginx-tls - mountPath: "/etc/ssl/nginx" - readOnly: true - serverBlock: |- - chunked_transfer_encoding on; - proxy_request_buffering off; - - grpc_send_timeout 180; - grpc_read_timeout 180; - - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:1m; - ssl_certificate /etc/ssl/nginx/tls.crt; - ssl_certificate_key /etc/ssl/nginx/tls.key; - - server { - server_name _; - listen 0.0.0.0:8095 default_server http2 ssl; - - location / { - grpc_pass grpcs://pdn-server:8095; - } - } -## @section Common parameters -## @param nameOverride String to partially override PDN Server.fullname template (will maintain the release name) -nameOverride: "" -## @param fullnameOverride String to fully override PDN Server.fullname template -fullnameOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -kubeVersion: "" -## @param clusterDomain Kubernetes Cluster Domain -clusterDomain: cluster.local -## @param hostAliases Adding entries to a Pod's /etc/hosts file -## For an example, refer - https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ -## If you do want to specify additional aliases, uncomment the following lines, -## adjust them as necessary, and remove the square braces after 'hostAliases:'. -hostAliases: [] -## - ip: "127.0.0.1" -## hostnames: -## - "foo.local" -## - "bar.local" -## - ip: "10.1.2.3" -## hostnames: -## - "foo.remote" -## - "bar.remote" - -## @param commonAnnotations Annotations to add to all deployed objects -commonAnnotations: {} -## @param command Override default container command (useful when using custom images) -command: [] -## @param args Override default container args (useful when using custom images) -args: [] -## @param terminationGracePeriodSeconds Default duration in seconds k8s waits -## for container to exit before sending kill signal. Any time in excess of 10 seconds -## will be spent waiting for any synchronization necessary for cluster not to lose data. -terminationGracePeriodSeconds: 120 -## @param extraEnvironmentVariables that can be used to tune PDN Server to your needs. -## Example: -## extraEnvironmentVariables: -## - name: MY_ENV_VAR -## value: "" -extraEnvironmentVariables: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts -## Examples: -## extraVolumeMounts: -## - name: extras -## mountPath: /usr/share/extras -## readOnly: true -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes . -## Example: -## extraVolumes: -## - name: extras -## emptyDir: {} -extraVolumes: [] -## @param extraSecrets Optionally specify extra secrets to be created by the chart. -## This can be useful when combined with load_definitions to automatically create the secret containing the definitions to be loaded. -## Example: -## extraSecrets: -## load-definition: -## load_definition.json: | -## { -## ... -## } -extraSecrets: {} -## @param extraSecretsPrependReleaseName Set this flag to true if extraSecrets should be created with prepended. -extraSecretsPrependReleaseName: false -## @section Statefulset parameters - -## @param replicaCount Number of PDN Server replicas to deploy -replicaCount: 1 -## @param schedulerName Use an alternate scheduler, e.g. "stork". -## Ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -schedulerName: "" -## @param podLabels PDN Server Pod labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -podLabels: {} -## @param podAnnotations PDN Server Pod annotations. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -podAnnotations: {} -## @param updateStrategyType Update strategy type for PDN Server statefulset -## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategyType: RollingUpdate -## @param deploymentLabels PDN Server deployment labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -deploymentLabels: {} -## @param priorityClassName Name of the priority class to be used by PDN Server pods, priority class needs to be created beforehand -## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: "" -## @param affinity Affinity for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] -## @param podAffinityPreset Pod affinity preset. -## Ignored if `affinity` is set and not empty. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. -## Ignored if `affinity` is set and not empty. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## We recommend to use the value `hard` to run one pod per node -podAntiAffinityPreset: hard -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. - ## Ignored if `affinity` is set and not empty. Allowed values: `soft` or `hard` - type: "" - ## @param nodeAffinityPreset.key Node label key to match. - ## Ignored if `affinity` is set. - ## Example: - ## key: "kubernetes.io/e2e-az-name" - key: "" - ## @param nodeAffinityPreset.values Node label values to match. - ## Ignored if `affinity` is set and not empty. - ## Example: - ## values: - ## - e2e-az1 - ## - e2e-az2 - values: [] -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment -## spread across your cluster among failure-domains. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods -topologySpreadConstraints: [] -## @param serviceMonitor Declaratively specifies how groups of Kubernetes services should be monitored. -## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md -serviceMonitor: - enabled: false - interval: 30s - jobLabel: pdnserver-metrics - port: http-router - targetPort: 8082 - scrapeTimeout: 15s - tokenName: "" - kubePromApp: "" - kubePromFullName: "" - namespaceSelector: - any: true - selector: - matchLabels: - app: pdnserver From 85a9d7e8630314968c0228d92529656c72a23c1a Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:50:25 +0530 Subject: [PATCH 22/47] [artifactory] 7.77.6 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +++--- stable/artifactory-ha/CHANGELOG.md | 3 ++- stable/artifactory-ha/Chart.yaml | 4 ++-- stable/artifactory-ha/values.yaml | 9 +++++++-- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +++--- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +++--- stable/artifactory/CHANGELOG.md | 3 ++- stable/artifactory/Chart.yaml | 4 ++-- stable/artifactory/values.yaml | 7 +++++-- 12 files changed, 32 insertions(+), 22 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index f09476ed7..81ddff28b 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.77.3] - Nov 23, 2023 +## [107.77.6] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index fc88c8950..c7c9dd6df 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.3 +appVersion: 7.77.6 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.3 + version: 107.77.6 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.77.3 +version: 107.77.6 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 84a52a4ec..70610745b 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,10 +1,11 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.77.3] - Jan 16, 2024 +## [107.77.6] - Feb 20, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) +* Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860) ## [107.76.0] - Dec 13, 2023 * Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index 30018756c..e4dd5e3ca 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.3 +appVersion: 7.77.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.77.3 +version: 107.77.6 diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml index e36b3600e..5b35ef337 100644 --- a/stable/artifactory-ha/values.yaml +++ b/stable/artifactory-ha/values.yaml @@ -1740,6 +1740,10 @@ nginx: if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } + set $host_port {{ .Values.nginx.https.externalPort }}; + if ( $scheme = "http" ) { + set $host_port {{ .Values.nginx.http.externalPort }}; + } ## Application specific logs ## access_log /var/log/nginx/artifactory-access.log timing; ## error_log /var/log/nginx/artifactory-error.log; @@ -1749,7 +1753,6 @@ nginx: } chunked_transfer_encoding on; client_max_body_size 0; - location / { proxy_read_timeout 900; proxy_pass_header Server; @@ -1758,7 +1761,7 @@ nginx: {{- if .Values.nginx.service.ssloffload}} proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$host_port; proxy_set_header X-Forwarded-Port $server_port; {{- end }} proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; @@ -1822,6 +1825,8 @@ nginx: # targetPort: 8066 # protocol: TCP # name: docker + + annotations: {} ## Renamed nginx internalPort 80,443 to 8080,8443 to support openshift http: enabled: true diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index 8a5768666..cd1b89946 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.77.3] - Nov 23, 2023 +## [107.77.6] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 5ebc7c924..9a50500a0 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.3 +appVersion: 7.77.6 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.3 + version: 107.77.6 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.77.3 +version: 107.77.6 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index a45009589..2e96c35ef 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.77.3] - Nov 23, 2023 +## [107.77.6] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 8c240c5df..45f86b117 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.3 +appVersion: 7.77.6 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.3 + version: 107.77.6 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.77.3 +version: 107.77.6 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 8b82dd1db..203fae3aa 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,11 +1,12 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.77.3] - Jan 16, 2024 +## [107.77.6] - Feb 20, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) * Fixed - Removed duplicate keys of the sizing yaml file +* Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860) ## [107.76.0] - Dec 13, 2023 * Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index e224a9577..f951a6e78 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.3 +appVersion: 7.77.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.77.3 +version: 107.77.6 diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml index ab7c1d12c..4b21be599 100644 --- a/stable/artifactory/values.yaml +++ b/stable/artifactory/values.yaml @@ -1612,6 +1612,10 @@ nginx: if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } + set $host_port {{ .Values.nginx.https.externalPort }}; + if ( $scheme = "http" ) { + set $host_port {{ .Values.nginx.http.externalPort }}; + } ## Application specific logs ## access_log /var/log/nginx/artifactory-access.log timing; ## error_log /var/log/nginx/artifactory-error.log; @@ -1630,7 +1634,7 @@ nginx: {{- if .Values.nginx.service.ssloffload}} proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$host_port; proxy_set_header X-Forwarded-Port $server_port; {{- end }} proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; @@ -1642,7 +1646,6 @@ nginx: proxy_buffering off; {{- end }} add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - location /artifactory/ { if ( $request_uri ~ ^/artifactory/(.*)$ ) { proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; From b08657ad4baa95220836e86fcd33d42a47a2cb9c Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:50:43 +0530 Subject: [PATCH 23/47] [distribution] 2.22.2 release --- stable/distribution/CHANGELOG.md | 2 +- stable/distribution/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/distribution/CHANGELOG.md b/stable/distribution/CHANGELOG.md index b9ad2fbc8..a0229ff16 100644 --- a/stable/distribution/CHANGELOG.md +++ b/stable/distribution/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Distribution Chart Changelog All changes to this project chart be documented in this file. -## [102.22.1] - Dec 22, 2023 +## [102.22.2] - Dec 22, 2023 * Added recommended sizing configurations under sizing directory, please refer [here](README.md/#apply-sizing-configurations-to-the-chart) ## [102.21.0] - Nov 22, 2023 diff --git a/stable/distribution/Chart.yaml b/stable/distribution/Chart.yaml index c004dcd7f..4263aa2a3 100644 --- a/stable/distribution/Chart.yaml +++ b/stable/distribution/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.22.1 +appVersion: 2.22.2 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: distribution sources: - https://github.com/jfrog/charts type: application -version: 102.22.1 +version: 102.22.2 From 52d68e8c72903278ea834937fefe62ea214eb552 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:50:58 +0530 Subject: [PATCH 24/47] [insight] 1.16.7 release --- stable/insight/CHANGELOG.md | 2 +- stable/insight/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/insight/CHANGELOG.md b/stable/insight/CHANGELOG.md index c7b7e5481..aed485d11 100644 --- a/stable/insight/CHANGELOG.md +++ b/stable/insight/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Insights Chart Changelog All changes to this chart will be documented in this file. -## [101.16.6] - Oct 17, 2023 +## [101.16.7] - Oct 17, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) ## [101.15.0] - Sep 18, 2023 diff --git a/stable/insight/Chart.yaml b/stable/insight/Chart.yaml index 61f1d7b7d..94e8cc17a 100644 --- a/stable/insight/Chart.yaml +++ b/stable/insight/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.16.6 +appVersion: 1.16.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: insight sources: - https://github.com/jfrog/charts type: application -version: 101.16.6 +version: 101.16.7 From 323d2f7a60d8b656927e30b79ba9899f017c0a66 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:51:43 +0530 Subject: [PATCH 25/47] [pipelines] 1.55.6 release --- stable/pipelines/CHANGELOG.md | 8 +- stable/pipelines/Chart.yaml | 4 +- stable/pipelines/templates/_helpers.tpl | 82 ++++++++++++++++ .../templates/pipelines-cron-statefulset.yaml | 31 +++++++ .../pipelines-hookhandler-statefulset.yaml | 31 +++++++ .../pipelines-internalapi-statefulset.yaml | 38 +++++++- .../templates/pipelines-statefulset.yaml | 75 ++++++++++++++- .../pipelines-steptrigger-statefulset.yaml | 31 +++++++ .../templates/pipelines-sync-statefulset.yaml | 36 +++++++ .../pipelines-trigger-statefulset.yaml | 42 +++++++++ stable/pipelines/values.yaml | 93 +++++++++++++++---- 11 files changed, 438 insertions(+), 33 deletions(-) diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md index f0863c0dc..e49e1ce52 100644 --- a/stable/pipelines/CHANGELOG.md +++ b/stable/pipelines/CHANGELOG.md @@ -1,7 +1,13 @@ # JFrog Pipelines Chart Changelog All changes to this chart to be documented in this file. -## [101.53.4] - Nov 14, 2023 +## [101.55.6] - Dec 28, 2023 +* Handled #redis postfix is ommited from redis service name if it contains redis + +## [101.54.0] - Dec 21, 2023 +* Removed hardcoding of redis resources in default values + +## [101.53.0] - Nov 14, 2023 * Updated rabbitmq version to 3.12.10-debian-11-r1 * Updated redis version to 7.2.0-debian-11-r2 diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml index acc31475d..8e4e3a349 100644 --- a/stable/pipelines/Chart.yaml +++ b/stable/pipelines/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.53.4 +appVersion: 1.55.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -32,4 +32,4 @@ name: pipelines sources: - https://github.com/jfrog/charts type: application -version: 101.53.4 +version: 101.55.6 diff --git a/stable/pipelines/templates/_helpers.tpl b/stable/pipelines/templates/_helpers.tpl index 603625d7b..049cc5f49 100644 --- a/stable/pipelines/templates/_helpers.tpl +++ b/stable/pipelines/templates/_helpers.tpl @@ -431,6 +431,37 @@ Set grcp url {{- end }} {{- end -}} +{{/* +Create rabbitmq URL +*/}} +{{- define "rabbitmq.url" -}} +{{- if index .Values "rabbitmq" "enabled" -}} +{{- if .Values.rabbitmq.auth.tls.enabled -}} +{{- $rabbitmqPort := .Values.rabbitmq.service.ports.amqpTls -}} +{{- $name := default (printf "%s" "rabbitmq") .Values.rabbitmq.nameOverride -}} +{{- printf "%s://%s-%s:%g/" "amqps" .Release.Name $name $rabbitmqPort -}} +{{- else -}} +{{- $rabbitmqPort := .Values.rabbitmq.service.ports.amqp -}} +{{- $name := default (printf "%s" "rabbitmq") .Values.rabbitmq.nameOverride -}} +{{- printf "%s://%s-%s:%g/" "amqp" .Release.Name $name $rabbitmqPort -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Custom Rabbitmq certificate copy command +*/}} +{{- define "pipelines.copyRabbitmqCustomCerts" -}} +{{- if .Values.rabbitmq.auth.tls.enabled -}} +echo "Copy rabbitmq custom certificates to {{ .Values.pipelines.mountPath }}/etc/security/keys/trusted"; +mkdir -p {{ .Values.pipelines.mountPath }}/etc/security/keys/trusted {{ .Values.pipelines.mountPath }}/data/rabbitmq/certs/; +cd /tmp/rabbitmqcerts/; +for file in $(ls * | grep -v ".key" | grep -v ":" | grep -v grep); do if [ -f "${file}" ]; then cp -v ${file} {{ .Values.pipelines.mountPath }}/etc/security/keys/trusted/rabbitmq_${file}; fi done; +for file in $(ls * | grep -v ":" | grep -v grep); do if [ -f "${file}" ]; then cp -v ${file} {{ .Values.pipelines.mountPath }}/data/rabbitmq/certs/rabbitmq_${file}; fi done; +{{- end -}} +{{- end -}} + {{/* Resolve jfrogUrl value */}} @@ -949,3 +980,54 @@ if the volume exists in customVolume then an extra volume with the same name wil {{- printf "%s" "false" -}} {{- end -}} {{- end -}} + +{{/* +Construct Redis service name +*/}} +{{- define "pipelines.redisServiceName" -}} +{{- if .Values.redis.fullnameOverride -}} +{{- .Values.redis.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- if contains "redis" .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-redis" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret name of rabbitmq TLS certs. +*/}} +{{- define "pipelines.rabbitmqCustomCertificateshandler" -}} +{{- if .Values.rabbitmq.auth.tls.enabled -}} +{{- $secretName := printf "%s-%s" .Release.Name "rabbitmq-certs" -}} +{{- $val := default $secretName .Values.rabbitmq.auth.tls.existingSecret -}} +{{- $val -}} +{{- end -}} +{{- end -}} + +{{/* +Prints value of Values.rabbitmq.auth.tls.enabled. +*/}} +{{- define "pipelines.rabbitmq.isTlsEnabled" -}} +{{- printf "%t" $.Values.auth.tls.enabled -}} +{{- end -}} + +{{/* +Set pipelines env variables if rabbitmq.tls is enabled. +*/}} +{{- define "pipelines.rabbitmqTlsEnvVariables" -}} +{{- if .Values.rabbitmq.auth.tls.enabled }} +- name: GODEBUG + value: "x509ignoreCN=0" +- name: enableTlsConnectionToRabbitMQ + value: "true" +- name: JF_SHARED_MSG_TLSCERT + value: {{.Values.pipelines.mountPath }}/data/rabbitmq/certs/rabbitmq_tls.crt +- name: JF_SHARED_MSG_TLSKEY + value: {{.Values.pipelines.mountPath }}/data/rabbitmq/certs/rabbitmq_tls.key +- name: JF_SHARED_MSG_TLSCA + value: {{.Values.pipelines.mountPath }}/data/rabbitmq/certs/rabbitmq_ca.crt +{{- end }} +{{- end -}} diff --git a/stable/pipelines/templates/pipelines-cron-statefulset.yaml b/stable/pipelines/templates/pipelines-cron-statefulset.yaml index f66a28ace..492c278f0 100644 --- a/stable/pipelines/templates/pipelines-cron-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-cron-statefulset.yaml @@ -133,6 +133,28 @@ spec: - name: ca-certs mountPath: "/tmp/certs" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: copy-rabbitmq-certs + image: "{{ .Values.initContainer.image }}" + imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + resources: +{{ toYaml .Values.initContainers.resources | nindent 12 }} + command: + - '/bin/bash' + - '-c' + - > +{{ include "pipelines.copyRabbitmqCustomCerts" . | indent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{ end }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -439,6 +461,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/cron env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_INTERNAL_API value: "true" - name: COMPONENT @@ -596,4 +621,10 @@ spec: persistentVolumeClaim: claimName: {{ .Values.pipelines.customPersistentVolumeClaim.name }} {{- end }} + + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "pipelines.rabbitmqCustomCertificateshandler" . }} + {{- end}} {{- end -}} diff --git a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml index 400bc0fe0..34310ce19 100644 --- a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml @@ -137,6 +137,28 @@ spec: - name: ca-certs mountPath: "/tmp/certs" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: copy-rabbitmq-certs + image: "{{ .Values.initContainer.image }}" + imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + resources: +{{ toYaml .Values.initContainers.resources | nindent 12 }} + command: + - '/bin/bash' + - '-c' + - > +{{ include "pipelines.copyRabbitmqCustomCerts" . | indent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{ end }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -443,6 +465,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/hookHandler env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_INTERNAL_API value: "true" - name: COMPONENT @@ -600,4 +625,10 @@ spec: persistentVolumeClaim: claimName: {{ .Values.pipelines.customPersistentVolumeClaim.name }} {{- end }} + + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "pipelines.rabbitmqCustomCertificateshandler" . }} + {{- end}} {{- end -}} diff --git a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml index cae1473d5..2e902002e 100644 --- a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml @@ -219,6 +219,28 @@ spec: done; {{- end }} {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: copy-rabbitmq-certs + image: "{{ .Values.initContainer.image }}" + imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + resources: +{{ toYaml .Values.initContainers.resources | nindent 12 }} + command: + - '/bin/bash' + - '-c' + - > +{{ include "pipelines.copyRabbitmqCustomCerts" . | indent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{ end }} - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} @@ -296,11 +318,7 @@ spec: {{- end }} {{- if .Values.redis.enabled }} echo "Waiting for Redis to come up..."; - {{- if .Values.redis.fullnameOverride }} - until nc -z -w 2 {{ .Values.redis.fullnameOverride }} {{ .Values.redis.redisPort }} && echo redis ok; do - {{- else }} - until nc -z -w 2 {{ .Release.Name }}-redis {{ .Values.redis.redisPort }} && echo redis ok; do - {{- end }} + until nc -z -w 2 {{ template "pipelines.redisServiceName" . }} {{ .Values.redis.redisPort }} && echo redis ok; do sleep 1; done; {{- end }} @@ -314,7 +332,9 @@ spec: mkdir -p {{ .Values.pipelines.mountPath }}/security; echo -n ${PIPELINES_JOIN_KEY} > {{ .Values.pipelines.mountPath }}/security/join.key; {{- end }} + set -e; ./pipelines-k8s; + set +e; {{ include "pipelines.addMetrics" . | nindent 12 }} {{ include "pipelines.changeOwnershipMetrics" . | nindent 12 }} volumeMounts: @@ -521,6 +541,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_INTERNAL_API value: "true" - name: PIPELINES_NODE_ID @@ -701,4 +724,9 @@ spec: persistentVolumeClaim: claimName: {{ .Values.pipelines.customPersistentVolumeClaim.name }} {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "pipelines.rabbitmqCustomCertificateshandler" . }} + {{- end}} {{- end -}} diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml index 8477136c2..1a126acf2 100644 --- a/stable/pipelines/templates/pipelines-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-statefulset.yaml @@ -267,6 +267,28 @@ spec: done; {{- end }} {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: copy-rabbitmq-certs + image: "{{ .Values.initContainer.image }}" + imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + resources: +{{ toYaml .Values.initContainers.resources | nindent 12 }} + command: + - '/bin/bash' + - '-c' + - > +{{ include "pipelines.copyRabbitmqCustomCerts" . | indent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{ end }} - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} @@ -344,11 +366,7 @@ spec: {{- end }} {{- if .Values.redis.enabled }} echo "Waiting for Redis to come up..."; - {{- if .Values.redis.fullnameOverride }} - until nc -z -w 2 {{ .Values.redis.fullnameOverride }} {{ .Values.redis.redisPort }} && echo redis ok; do - {{- else }} - until nc -z -w 2 {{ .Release.Name }}-redis {{ .Values.redis.redisPort }} && echo redis ok; do - {{- end }} + until nc -z -w 2 {{ template "pipelines.redisServiceName" . }} {{ .Values.redis.redisPort }} && echo redis ok; do sleep 1; done; {{- end }} @@ -362,7 +380,9 @@ spec: mkdir -p {{ .Values.pipelines.mountPath }}/security; echo -n ${PIPELINES_JOIN_KEY} > {{ .Values.pipelines.mountPath }}/security/join.key; {{- end }} + set -e; ./pipelines-k8s; + set +e; {{ include "pipelines.addMetrics" . | nindent 12 }} {{ include "pipelines.changeOwnershipMetrics" . | nindent 12 }} volumeMounts: @@ -569,6 +589,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -629,6 +652,9 @@ spec: - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -719,6 +745,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" @@ -763,6 +792,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" @@ -807,6 +839,9 @@ spec: - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -841,6 +876,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" @@ -883,6 +921,9 @@ spec: - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -918,6 +959,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: COMPONENT value: pipelinesync - name: PIPELINES_NODE_ID @@ -957,6 +1001,9 @@ spec: env: - name: COMPONENT value: cron + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -992,6 +1039,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/hookHandler env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: COMPONENT value: hookhandler - name: PIPELINES_NODE_ID @@ -1031,6 +1081,9 @@ spec: env: - name: COMPONENT value: extensionsync + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -1066,6 +1119,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/reqSealer env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: COMPONENT value: reqsealer - name: PIPELINES_NODE_ID @@ -1103,6 +1159,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/templateSync env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: COMPONENT value: templatesync - name: PIPELINES_NODE_ID @@ -1197,6 +1256,12 @@ spec: secretName: {{ .Values.buildPlane.dynamic.provider.k8s.existingSecret }} {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "pipelines.rabbitmqCustomCertificateshandler" . }} + {{- end}} + ######### unifiedSecretInstallation ########### {{- if and .Values.pipelines.unifiedSecretInstallation (eq (include "pipelines.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} diff --git a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml index b7c72985f..28e03f42e 100644 --- a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml @@ -133,6 +133,28 @@ spec: - name: ca-certs mountPath: "/tmp/certs" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: copy-rabbitmq-certs + image: "{{ .Values.initContainer.image }}" + imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + resources: +{{ toYaml .Values.initContainers.resources | nindent 12 }} + command: + - '/bin/bash' + - '-c' + - > +{{ include "pipelines.copyRabbitmqCustomCerts" . | indent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{ end }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -438,6 +460,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_INTERNAL_API value: "true" - name: COMPONENT @@ -595,4 +620,10 @@ spec: persistentVolumeClaim: claimName: {{ .Values.pipelines.customPersistentVolumeClaim.name }} {{- end }} + + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "pipelines.rabbitmqCustomCertificateshandler" . }} + {{- end}} {{- end -}} \ No newline at end of file diff --git a/stable/pipelines/templates/pipelines-sync-statefulset.yaml b/stable/pipelines/templates/pipelines-sync-statefulset.yaml index d7c2d0168..20737d7c3 100644 --- a/stable/pipelines/templates/pipelines-sync-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-sync-statefulset.yaml @@ -135,6 +135,28 @@ spec: - name: ca-certs mountPath: "/tmp/certs" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: copy-rabbitmq-certs + image: "{{ .Values.initContainer.image }}" + imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + resources: +{{ toYaml .Values.initContainers.resources | nindent 12 }} + command: + - '/bin/bash' + - '-c' + - > +{{ include "pipelines.copyRabbitmqCustomCerts" . | indent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{ end }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -443,6 +465,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_INTERNAL_API value: "true" - name: COMPONENT @@ -486,6 +511,9 @@ spec: value: "true" - name: COMPONENT value: extensionsync + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -525,6 +553,9 @@ spec: value: "true" - name: COMPONENT value: templatesync + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_NODE_ID valueFrom: fieldRef: @@ -678,4 +709,9 @@ spec: persistentVolumeClaim: claimName: {{ .Values.pipelines.customPersistentVolumeClaim.name }} {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "pipelines.rabbitmqCustomCertificateshandler" . }} + {{- end}} {{- end -}} diff --git a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml index 6e434161c..5b4d41038 100644 --- a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml @@ -135,6 +135,28 @@ spec: - name: ca-certs mountPath: "/tmp/certs" {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: copy-rabbitmq-certs + image: "{{ .Values.initContainer.image }}" + imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + resources: +{{ toYaml .Values.initContainers.resources | nindent 12 }} + command: + - '/bin/bash' + - '-c' + - > +{{ include "pipelines.copyRabbitmqCustomCerts" . | indent 12 }} + volumeMounts: + - name: jfrog-pipelines-folder + mountPath: {{ .Values.pipelines.mountPath }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{ end }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -441,6 +463,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" @@ -485,6 +510,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" @@ -524,6 +552,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} + {{ end }} {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" @@ -563,6 +594,9 @@ spec: drop: - NET_RAW env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS value: "{{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt" @@ -602,6 +636,9 @@ spec: - NET_RAW workingDir: /opt/jfrog/pipelines/app/micro/reqSealer env: + {{- if .Values.rabbitmq.auth.tls.enabled }} + {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} + {{ end }} - name: PIPELINES_INTERNAL_API value: "true" - name: COMPONENT @@ -759,4 +796,9 @@ spec: persistentVolumeClaim: claimName: {{ .Values.pipelines.customPersistentVolumeClaim.name }} {{- end }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "pipelines.rabbitmqCustomCertificateshandler" . }} + {{- end}} {{- end -}} diff --git a/stable/pipelines/values.yaml b/stable/pipelines/values.yaml index a98907689..d6973fc55 100644 --- a/stable/pipelines/values.yaml +++ b/stable/pipelines/values.yaml @@ -1289,7 +1289,13 @@ pipelines: msg: {{- if .Values.rabbitmq.enabled }} ip: {{ .Release.Name }}-rabbitmq + {{- if .Values.rabbitmq.auth.tls.enabled }} + port: {{ .Values.rabbitmq.service.ports.amqpTls }} + protocol: {{ .Values.rabbitmq.protocol }} + {{- else }} port: {{ .Values.rabbitmq.service.ports.amqp }} + protocol: amqp + {{- end }} adminPort: {{ .Values.rabbitmq.service.ports.manager }} erlangCookie: {{ .Values.rabbitmq.auth.erlangCookie }} username: {{ .Values.rabbitmq.auth.username }} @@ -1327,7 +1333,6 @@ pipelines: username: {{ .Values.pipelines.msg.uiUser }} password: "{{ .Values.pipelines.msg.uiUserPassword }}" {{- else }} - protocol: http username: {{ .Values.rabbitmq.cp_username }} password: "{{ .Values.rabbitmq.cp_password }}" {{- end }} @@ -1336,7 +1341,12 @@ pipelines: {{- if .Values.rabbitmq.externalUrl }} url: {{ .Values.rabbitmq.externalUrl }} {{- else if .Values.rabbitmq.enabled }} + {{- if .Values.rabbitmq.auth.tls.enabled }} + url: amqps://{{ tpl .Release.Name . }}-rabbitmq + protocol: {{ .Values.rabbitmq.protocol }} + {{- else }} url: amqp://{{ tpl .Release.Name . }}-rabbitmq + {{- end }} {{- else }} url: {{ .Values.rabbitmq.protocol }}://{{ tpl .Values.rabbitmq.msg_hostname . }}:{{ .Values.rabbitmq.port }} {{- end }} @@ -1381,11 +1391,7 @@ pipelines: ## Redis configuration ## redis: - {{- if .Values.redis.fullnameOverride }} - ip: {{ .Values.redis.fullnameOverride }} - {{- else }} - ip: {{ .Release.Name }}-redis - {{- end }} + ip: {{ template "pipelines.redisServiceName" . }} port: {{ .Values.redis.redisPort }} password: {{ .Values.redis.auth.password }} clusterEnabled: false @@ -1977,6 +1983,45 @@ rabbitmq: repository: bitnami/rabbitmq tag: 3.12.10-debian-11-r1 auth: + ## Enable encryption to rabbitmq + ## ref: https://www.rabbitmq.com/ssl.html + ## @param auth.tls.enabled Enable TLS support on RabbitMQ + ## @param auth.tls.autoGenerated Generate automatically self-signed TLS certificates + ## @param auth.tls.failIfNoPeerCert When set to true, TLS connection will be rejected if client fails to provide a certificate + ## @param auth.tls.sslOptionsVerify Should [peer verification](https://www.rabbitmq.com/ssl.html#peer-verification) be enabled? + ## @param auth.tls.sslOptionsPassword.enabled Enable usage of password for private Key + ## @param auth.tls.sslOptionsPassword.existingSecret Name of existing Secret containing the sslOptionsPassword + ## @param auth.tls.sslOptionsPassword.key Enable Key referring to sslOptionsPassword in Secret specified in auth.tls.sslOptionsPassword.existingSecret + ## @param auth.tls.sslOptionsPassword.password Use this string as Password. If set, auth.tls.sslOptionsPassword.existingSecret and auth.tls.sslOptionsPassword.key are ignored + ## @param auth.tls.caCertificate Certificate Authority (CA) bundle content + ## @param auth.tls.serverCertificate Server certificate content + ## @param auth.tls.serverKey Server private key content + ## @param auth.tls.existingSecret Existing secret with certificate content to RabbitMQ credentials + ## @param auth.tls.existingSecretFullChain Whether or not the existing secret contains the full chain in the certificate (`tls.crt`). Will be used in place of `ca.cert` if `true`. + ## @param auth.tls.overrideCaCertificate Existing secret with certificate content be mounted instead of the `ca.crt` coming from caCertificate or existingSecret/existingSecretFullChain. + ## + tls: + enabled: false + # By default TLS certs are autogenerated, if you wish to add your own certs, please set this to false. + autoGenerated: true + failIfNoPeerCert: false + sslOptionsVerify: verify_peer + failIfNoCert: false + sslOptionsPassword: + enabled: false + existingSecret: "" + key: "" + password: "" + + caCertificate: + serverCertificate: + serverKey: + + # Rabbitmq tls-certs secret name, as by default it will have {{ .Release.Name }}-rabbitmq-certs. + existingSecret: + existingSecretFullChain: false + overrideCaCertificate: "" + username: admin ## RabbitMQ application password @@ -1998,6 +2043,12 @@ rabbitmq: - name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS value: "+S 2:2 +sbwt none +sbwtdcpu none +sbwtdio none" + service: + ports: + amqp: 5672 + amqpTls: 5671 + manager: 15672 + persistence: enabled: true size: 20Gi @@ -2038,6 +2089,8 @@ rabbitmq: - create - get - list + extraConfiguration: |- + management.listener.ssl = {{ template "pipelines.rabbitmq.isTlsEnabled" . }} ## Platform config access configuration access: @@ -2079,22 +2132,22 @@ redis: enabled: true containerPorts: redis: 6379 - resources: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 20m - memory: 512Mi + resources: {} + # limits: + # cpu: 1 + # memory: 2Gi + # requests: + # cpu: 20m + # memory: 512Mi replica: replicaCount: 1 - resources: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 20m - memory: 512Mi + resources: {} + # limits: + # cpu: 1 + # memory: 2Gi + # requests: + # cpu: 20m + # memory: 512Mi sentinel: enabled: true containerPorts: From cd6dac4b7051afdecac9f969702ecd0afcdc1840 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:52:55 +0530 Subject: [PATCH 26/47] [xray] 3.90.1 release --- stable/xray/CHANGELOG.md | 8 +- stable/xray/Chart.yaml | 4 +- stable/xray/rabbitmq/ha-quorum.yaml | 1 + .../xray/rabbitmq/migration-to-ha-quorum.yaml | 12 + stable/xray/sizing/xray-sizing-2xlarge.yaml | 71 +- stable/xray/sizing/xray-sizing-large.yaml | 71 +- stable/xray/sizing/xray-sizing-medium.yaml | 71 +- stable/xray/sizing/xray-sizing-small.yaml | 71 +- stable/xray/sizing/xray-sizing-tiny.yaml | 169 --- stable/xray/sizing/xray-sizing-xlarge.yaml | 71 +- stable/xray/sizing/xray-sizing-xsmall.yaml | 71 +- stable/xray/templates/_helpers.tpl | 57 + stable/xray/templates/migration-hook.yaml | 81 +- stable/xray/templates/xray-hpa-ipa.yaml | 31 + stable/xray/templates/xray-hpa-server.yaml | 31 + stable/xray/templates/xray-hpa.yaml | 2 + .../xray/templates/xray-ipa-deployment.yaml | 1188 +++++++++++++++++ stable/xray/templates/xray-keda-hpa-ipa.yaml | 38 + .../xray/templates/xray-keda-hpa-server.yaml | 38 + stable/xray/templates/xray-keda-hpa.yaml | 5 +- stable/xray/templates/xray-keda-secret.yaml | 2 +- .../xray-keda-trigger-authentication.yaml | 2 +- .../templates/xray-server-deployment.yaml | 702 ++++++++++ stable/xray/templates/xray-statefulset.yaml | 22 +- stable/xray/templates/xray-svc.yaml | 3 + stable/xray/values.yaml | 118 +- 26 files changed, 2455 insertions(+), 485 deletions(-) create mode 100644 stable/xray/rabbitmq/migration-to-ha-quorum.yaml delete mode 100644 stable/xray/sizing/xray-sizing-tiny.yaml create mode 100644 stable/xray/templates/xray-hpa-ipa.yaml create mode 100644 stable/xray/templates/xray-hpa-server.yaml create mode 100644 stable/xray/templates/xray-ipa-deployment.yaml create mode 100644 stable/xray/templates/xray-keda-hpa-ipa.yaml create mode 100644 stable/xray/templates/xray-keda-hpa-server.yaml create mode 100644 stable/xray/templates/xray-server-deployment.yaml diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 0c102ebcc..c75c6753c 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,13 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.87.9] - Dec 7,2023 +## [103.89.0] - Jan 18,2023 +* Remove fallback section from keda. + +## [103.88.0] - Dec 20,2023 +* Added support for migrating rabbitmq to high-availability quorum queues setup + +## [103.87.0] - Dec 7,2023 * Update minimum supported kubernetes version to 1.19 * Added recommended t-shirt sizing configurations under sizing folder * Added support for rabbitmq high-availability quorum queues clean install setup diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index f781957e0..cf493cd93 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.87.9 +appVersion: 3.90.1 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.87.9 +version: 103.90.1 diff --git a/stable/xray/rabbitmq/ha-quorum.yaml b/stable/xray/rabbitmq/ha-quorum.yaml index 99d8bffc9..ac80ce1aa 100644 --- a/stable/xray/rabbitmq/ha-quorum.yaml +++ b/stable/xray/rabbitmq/ha-quorum.yaml @@ -5,5 +5,6 @@ rabbitmq: global: xray: rabbitmq: + replicaCount: 3 haQuorum: enabled: true \ No newline at end of file diff --git a/stable/xray/rabbitmq/migration-to-ha-quorum.yaml b/stable/xray/rabbitmq/migration-to-ha-quorum.yaml new file mode 100644 index 000000000..62e4cb6d5 --- /dev/null +++ b/stable/xray/rabbitmq/migration-to-ha-quorum.yaml @@ -0,0 +1,12 @@ +rabbitmq: + extraPlugins: "rabbitmq_shovel rabbitmq_shovel_management" + migration: + deleteStatefulSetToAllowFieldUpdate: + enabled: true + removeHaPolicyOnMigrationToHaQuorum: + enabled: true + +global: + xray: + rabbitmq: + migrateMessagesFromXrayDefaultVhost: true \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-2xlarge.yaml b/stable/xray/sizing/xray-sizing-2xlarge.yaml index b8b7987cf..e2110e4c0 100644 --- a/stable/xray/sizing/xray-sizing-2xlarge.yaml +++ b/stable/xray/sizing/xray-sizing-2xlarge.yaml @@ -8,24 +8,6 @@ databaseUpgradeReady: true waitForDatabase: true unifiedUpgradeAllowed: true -xray: - masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA - joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA - - ## Artifactory URL. Mandatory - jfrogUrl: - - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "hard" - topologyKey: "kubernetes.io/hostname" - -# For enabling advanced security features, enable rbac.create and serviceAccount.create -rbac: - create: false -serviceAccount: - create: false - autoscaling: enabled: true minReplicas: 3 @@ -33,11 +15,11 @@ autoscaling: targetCPUUtilizationPercentage: 200 targetMemoryUtilizationPercentage: 800 -# Common Xray settings -common: - persistence: - enabled: false - size: 100Gi +xray: + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" analysis: resources: @@ -118,16 +100,16 @@ sbom: ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md ## postgresql: - enabled: true - postgresqlUsername: "xray" - postgresqlPassword: "bPa$$w0rd!" - postgresqlDatabase: "xraydb" postgresqlExtendedConf: listenAddresses: "*" maxConnections: "2000" - persistence: - enabled: true - size: 2500Gi + resources: + requests: + memory: 128Gi + cpu: "32" + limits: + memory: 128Gi + # cpu: "64" primary: affinity: # Require PostgreSQL pod to run on a different node than Xray pods @@ -140,25 +122,8 @@ postgresql: values: - xray topologyKey: kubernetes.io/hostname - resources: - requests: - memory: 128Gi - cpu: "32" - limits: - memory: 128Gi - # cpu: "64" rabbitmq: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - xray - topologyKey: kubernetes.io/hostname extraConfiguration: |- vm_memory_high_watermark.absolute = 6G {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} @@ -170,4 +135,14 @@ rabbitmq: memory: 1Gi limits: # cpu: "8" - memory: 7Gi \ No newline at end of file + memory: 7Gi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-large.yaml b/stable/xray/sizing/xray-sizing-large.yaml index df52c7c37..f4a3bd477 100644 --- a/stable/xray/sizing/xray-sizing-large.yaml +++ b/stable/xray/sizing/xray-sizing-large.yaml @@ -8,24 +8,6 @@ databaseUpgradeReady: true waitForDatabase: true unifiedUpgradeAllowed: true -xray: - masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA - joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA - - ## Artifactory URL. Mandatory - jfrogUrl: - - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "hard" - topologyKey: "kubernetes.io/hostname" - -# For enabling advanced security features, enable rbac.create and serviceAccount.create -rbac: - create: false -serviceAccount: - create: false - autoscaling: enabled: true minReplicas: 2 @@ -33,11 +15,11 @@ autoscaling: targetCPUUtilizationPercentage: 200 targetMemoryUtilizationPercentage: 800 -# Common Xray settings -common: - persistence: - enabled: false - size: 100Gi +xray: + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" analysis: resources: @@ -118,16 +100,16 @@ sbom: ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md ## postgresql: - enabled: true - postgresqlUsername: "xray" - postgresqlPassword: "bPa$$w0rd!" - postgresqlDatabase: "xraydb" postgresqlExtendedConf: listenAddresses: "*" maxConnections: "600" - persistence: - enabled: true - size: 800Gi + resources: + requests: + memory: 32Gi + cpu: "16" + limits: + memory: 32Gi + # cpu: "32" primary: affinity: # Require PostgreSQL pod to run on a different node than Xray pods @@ -140,25 +122,8 @@ postgresql: values: - xray topologyKey: kubernetes.io/hostname - resources: - requests: - memory: 32Gi - cpu: "16" - limits: - memory: 32Gi - # cpu: "32" rabbitmq: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - xray - topologyKey: kubernetes.io/hostname extraConfiguration: |- vm_memory_high_watermark.absolute = 3G {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} @@ -170,4 +135,14 @@ rabbitmq: memory: 500Mi limits: # cpu: "2" - memory: 4Gi \ No newline at end of file + memory: 4Gi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-medium.yaml b/stable/xray/sizing/xray-sizing-medium.yaml index 5edcdc22e..7983f50e3 100644 --- a/stable/xray/sizing/xray-sizing-medium.yaml +++ b/stable/xray/sizing/xray-sizing-medium.yaml @@ -8,24 +8,6 @@ databaseUpgradeReady: true waitForDatabase: true unifiedUpgradeAllowed: true -xray: - masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA - joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA - - ## Artifactory URL. Mandatory - jfrogUrl: - - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "hard" - topologyKey: "kubernetes.io/hostname" - -# For enabling advanced security features, enable rbac.create and serviceAccount.create -rbac: - create: false -serviceAccount: - create: false - autoscaling: enabled: true minReplicas: 1 @@ -33,11 +15,11 @@ autoscaling: targetCPUUtilizationPercentage: 200 targetMemoryUtilizationPercentage: 800 -# Common Xray settings -common: - persistence: - enabled: false - size: 100Gi +xray: + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" analysis: resources: @@ -118,16 +100,16 @@ sbom: ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md ## postgresql: - enabled: true - postgresqlUsername: "xray" - postgresqlPassword: "bPa$$w0rd!" - postgresqlDatabase: "xraydb" postgresqlExtendedConf: listenAddresses: "*" maxConnections: "500" - persistence: - enabled: true - size: 500Gi + resources: + requests: + memory: 32Gi + cpu: "8" + limits: + memory: 32Gi + # cpu: "18" primary: affinity: # Require PostgreSQL pod to run on a different node than Xray pods @@ -140,25 +122,8 @@ postgresql: values: - xray topologyKey: kubernetes.io/hostname - resources: - requests: - memory: 32Gi - cpu: "8" - limits: - memory: 32Gi - # cpu: "18" rabbitmq: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - xray - topologyKey: kubernetes.io/hostname extraConfiguration: |- vm_memory_high_watermark.absolute = 3G {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} @@ -170,4 +135,14 @@ rabbitmq: memory: 500Mi limits: # cpu: "2" - memory: 4Gi \ No newline at end of file + memory: 4Gi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-small.yaml b/stable/xray/sizing/xray-sizing-small.yaml index 4759053bd..1267250c4 100644 --- a/stable/xray/sizing/xray-sizing-small.yaml +++ b/stable/xray/sizing/xray-sizing-small.yaml @@ -8,24 +8,6 @@ databaseUpgradeReady: true waitForDatabase: true unifiedUpgradeAllowed: true -xray: - masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA - joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA - - ## Artifactory URL. Mandatory - jfrogUrl: - - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "hard" - topologyKey: "kubernetes.io/hostname" - -# For enabling advanced security features, enable rbac.create and serviceAccount.create -rbac: - create: false -serviceAccount: - create: false - autoscaling: enabled: true minReplicas: 1 @@ -33,11 +15,11 @@ autoscaling: targetCPUUtilizationPercentage: 200 targetMemoryUtilizationPercentage: 800 -# Common Xray settings -common: - persistence: - enabled: false - size: 100Gi +xray: + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" analysis: resources: @@ -118,16 +100,16 @@ sbom: ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md ## postgresql: - enabled: true - postgresqlUsername: "xray" - postgresqlPassword: "bPa$$w0rd!" - postgresqlDatabase: "xraydb" postgresqlExtendedConf: listenAddresses: "*" maxConnections: "200" - persistence: - enabled: true - size: 500Gi + resources: + requests: + memory: 16Gi + cpu: "6" + limits: + memory: 16Gi + # cpu: "18" primary: affinity: # Require PostgreSQL pod to run on a different node than Xray pods @@ -140,25 +122,8 @@ postgresql: values: - xray topologyKey: kubernetes.io/hostname - resources: - requests: - memory: 16Gi - cpu: "6" - limits: - memory: 16Gi - # cpu: "18" rabbitmq: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - xray - topologyKey: kubernetes.io/hostname extraConfiguration: |- vm_memory_high_watermark.absolute = 2G {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} @@ -170,4 +135,14 @@ rabbitmq: memory: 300Mi limits: # cpu: "2" - memory: 3Gi \ No newline at end of file + memory: 3Gi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-tiny.yaml b/stable/xray/sizing/xray-sizing-tiny.yaml deleted file mode 100644 index 544d1a84a..000000000 --- a/stable/xray/sizing/xray-sizing-tiny.yaml +++ /dev/null @@ -1,169 +0,0 @@ -############################################################## -# The tiny sizing -# This is a demo template with very small sizing to allow testing in resource limited environments -############################################################## - -replicaCount: 1 -databaseUpgradeReady: true -waitForDatabase: true -unifiedUpgradeAllowed: true - -xray: - masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA - joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA - - ## Artifactory URL. Mandatory - jfrogUrl: - - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "soft" - topologyKey: "kubernetes.io/hostname" - -# For enabling advanced security features, enable rbac.create and serviceAccount.create -rbac: - create: false -serviceAccount: - create: false - -autoscaling: - enabled: false - -# Common Xray settings -common: - persistence: - enabled: false - size: 50Gi - -analysis: - resources: - requests: - cpu: "10m" - memory: 250Mi - limits: - # cpu: "3" - memory: 2Gi - -indexer: - resources: - requests: - cpu: "10m" - memory: 250Mi - limits: - # cpu: "4" - memory: 2Gi - -persist: - resources: - requests: - cpu: "10m" - memory: 250Mi - limits: - # cpu: "3" - memory: 2Gi - -server: - resources: - requests: - cpu: "10m" - memory: 250Mi - limits: - # cpu: "3" - memory: 2Gi - -router: - resources: - requests: - cpu: "10m" - memory: 50Mi - limits: - # cpu: "1" - memory: 1Gi - -observability: - resources: - requests: - cpu: "10m" - memory: 25Mi - limits: - # cpu: "1" - memory: 250Mi - -panoramic: - enabled: true - resources: - requests: - cpu: "10m" - memory: 250Mi - limits: - # cpu: "3" - memory: 2Gi - -sbom: - enabled: false - resources: - requests: - cpu: "10m" - memory: 250Mi - limits: - # cpu: "3" - memory: 2Gi - -# PostgreSQL -## Configuration values for the postgresql dependency -## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md -## -postgresql: - enabled: true - postgresqlUsername: "xray" - postgresqlPassword: "bPa$$w0rd!" - postgresqlDatabase: "xraydb" - postgresqlExtendedConf: - listenAddresses: "*" - maxConnections: "100" - persistence: - enabled: true - size: 50Gi -# primary: -# affinity: -# # Require PostgreSQL pod to run on a different node than Xray pods -# podAntiAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# - labelSelector: -# matchExpressions: -# - key: app -# operator: In -# values: -# - xray -# topologyKey: kubernetes.io/hostname - resources: - requests: - memory: 1Gi - cpu: "50m" - limits: - memory: 2Gi - # cpu: "2" - -rabbitmq: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - xray - topologyKey: kubernetes.io/hostname - extraConfiguration: |- - vm_memory_high_watermark.absolute = 1G - {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} - raft.wal_max_size_bytes = 1048576 - {{- end }} - resources: - requests: - cpu: "50m" - memory: 150Mi - limits: - # cpu: "2" - memory: 1500Mi \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-xlarge.yaml b/stable/xray/sizing/xray-sizing-xlarge.yaml index e8819019a..ebc6511b4 100644 --- a/stable/xray/sizing/xray-sizing-xlarge.yaml +++ b/stable/xray/sizing/xray-sizing-xlarge.yaml @@ -8,24 +8,6 @@ databaseUpgradeReady: true waitForDatabase: true unifiedUpgradeAllowed: true -xray: - masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA - joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA - - ## Artifactory URL. Mandatory - jfrogUrl: - - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "hard" - topologyKey: "kubernetes.io/hostname" - -# For enabling advanced security features, enable rbac.create and serviceAccount.create -rbac: - create: false -serviceAccount: - create: false - autoscaling: enabled: true minReplicas: 2 @@ -33,11 +15,11 @@ autoscaling: targetCPUUtilizationPercentage: 200 targetMemoryUtilizationPercentage: 800 -# Common Xray settings -common: - persistence: - enabled: false - size: 100Gi +xray: + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" analysis: resources: @@ -118,16 +100,16 @@ sbom: ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md ## postgresql: - enabled: true - postgresqlUsername: "xray" - postgresqlPassword: "bPa$$w0rd!" - postgresqlDatabase: "xraydb" postgresqlExtendedConf: listenAddresses: "*" maxConnections: "1200" - persistence: - enabled: true - size: 1000Gi + resources: + requests: + memory: 64Gi + cpu: "16" + limits: + memory: 64Gi + # cpu: "32" primary: affinity: # Require PostgreSQL pod to run on a different node than Xray pods @@ -140,25 +122,8 @@ postgresql: values: - xray topologyKey: kubernetes.io/hostname - resources: - requests: - memory: 64Gi - cpu: "16" - limits: - memory: 64Gi - # cpu: "32" rabbitmq: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - xray - topologyKey: kubernetes.io/hostname extraConfiguration: |- vm_memory_high_watermark.absolute = 4G {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} @@ -170,4 +135,14 @@ rabbitmq: memory: 500Mi limits: # cpu: "4" - memory: 5Gi \ No newline at end of file + memory: 5Gi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname \ No newline at end of file diff --git a/stable/xray/sizing/xray-sizing-xsmall.yaml b/stable/xray/sizing/xray-sizing-xsmall.yaml index 9e88aa7fd..9b71886b6 100644 --- a/stable/xray/sizing/xray-sizing-xsmall.yaml +++ b/stable/xray/sizing/xray-sizing-xsmall.yaml @@ -8,24 +8,6 @@ databaseUpgradeReady: true waitForDatabase: true unifiedUpgradeAllowed: true -xray: - masterKey: AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA - joinKey: AEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEA - - ## Artifactory URL. Mandatory - jfrogUrl: - - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "hard" - topologyKey: "kubernetes.io/hostname" - -# For enabling advanced security features, enable rbac.create and serviceAccount.create -rbac: - create: false -serviceAccount: - create: false - autoscaling: enabled: true minReplicas: 1 @@ -33,11 +15,11 @@ autoscaling: targetCPUUtilizationPercentage: 200 targetMemoryUtilizationPercentage: 800 -# Common Xray settings -common: - persistence: - enabled: false - size: 50Gi +xray: + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "hard" + topologyKey: "kubernetes.io/hostname" analysis: resources: @@ -118,16 +100,16 @@ sbom: ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md ## postgresql: - enabled: true - postgresqlUsername: "xray" - postgresqlPassword: "bPa$$w0rd!" - postgresqlDatabase: "xraydb" postgresqlExtendedConf: listenAddresses: "*" maxConnections: "100" - persistence: - enabled: true - size: 500Gi + resources: + requests: + memory: 8Gi + cpu: "4" + limits: + memory: 8Gi + # cpu: "12" primary: affinity: # Require PostgreSQL pod to run on a different node than Xray pods @@ -140,25 +122,8 @@ postgresql: values: - xray topologyKey: kubernetes.io/hostname - resources: - requests: - memory: 8Gi - cpu: "4" - limits: - memory: 8Gi - # cpu: "12" rabbitmq: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - xray - topologyKey: kubernetes.io/hostname extraConfiguration: |- vm_memory_high_watermark.absolute = 2G {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} @@ -170,4 +135,14 @@ rabbitmq: memory: 300Mi limits: # cpu: "2" - memory: 3Gi \ No newline at end of file + memory: 3Gi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - xray + topologyKey: kubernetes.io/hostname \ No newline at end of file diff --git a/stable/xray/templates/_helpers.tpl b/stable/xray/templates/_helpers.tpl index f079f9a2c..f3df61aa8 100644 --- a/stable/xray/templates/_helpers.tpl +++ b/stable/xray/templates/_helpers.tpl @@ -66,6 +66,9 @@ Expand the name of rabbit chart. {{- default (printf "%s" "rabbitmq") .Values.rabbitmq.nameOverride -}} {{- end -}} +{{- define "xray.rabbitmq.migration.isHookRegistered" }} +{{- or .Values.rabbitmq.migration.enabled .Values.rabbitmq.migration.deleteStatefulSetToAllowFieldUpdate.enabled .Values.rabbitmq.migration.removeHaPolicyOnMigrationToHaQuorum.enabled }} +{{- end }} {{- define "xray.rabbitmq.migration.fullname" -}} {{- $name := default "rabbitmq-migration" -}} @@ -502,6 +505,22 @@ Resolve xray requiredServiceTypes value {{- $requiredTypes -}} {{- end -}} +{{/* +Resolve xray ipa requiredServiceTypes value +*/}} +{{- define "xray.router.ipa.requiredServiceTypes" -}} +{{- $requiredTypes := "jfxana,jfxidx,jfxpst,jfob" -}} +{{- $requiredTypes -}} +{{- end -}} + +{{/* +Resolve xray server requiredServiceTypes value +*/}} +{{- define "xray.router.server.requiredServiceTypes" -}} +{{- $requiredTypes := "jfxr,jfob" -}} +{{- $requiredTypes -}} +{{- end -}} + {{/* Resolve Xray pod node selector value */}} @@ -567,6 +586,44 @@ Resolve autoscalingQueues value {{- end -}} {{- end -}} +{{/* +Resolve autoscalingQueues value for ipa +*/}} +{{- define "xray.autoscalingQueuesIpa" -}} +{{- if .Values.autoscalingIpa.keda.queues }} +{{- range .Values.autoscalingIpa.keda.queues }} +- type: rabbitmq + metadata: + name: "{{- .name -}}-queue" + protocol: amqp + queueName: {{ .name }} + mode: QueueLength + value: "{{ .value }}" + authenticationRef: + name: keda-trigger-auth-rabbitmq-conn-xray +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Resolve autoscalingQueues value for server +*/}} +{{- define "xray.autoscalingQueuesServer" -}} +{{- if .Values.autoscalingServer.keda.queues }} +{{- range .Values.autoscalingServer.keda.queues }} +- type: rabbitmq + metadata: + name: "{{- .name -}}-queue" + protocol: amqp + queueName: {{ .name }} + mode: QueueLength + value: "{{ .value }}" + authenticationRef: + name: keda-trigger-auth-rabbitmq-conn-xray +{{- end }} +{{- end -}} +{{- end -}} + {{/* Return the secret name of rabbitmq TLS certs. */}} diff --git a/stable/xray/templates/migration-hook.yaml b/stable/xray/templates/migration-hook.yaml index b2011c1c4..9f49e9354 100644 --- a/stable/xray/templates/migration-hook.yaml +++ b/stable/xray/templates/migration-hook.yaml @@ -2,7 +2,7 @@ {{- if and (not .Values.rabbitmq.migration.enabled) (not .Values.rabbitmq.rabbitmqUpgradeReady) }} {{- fail "Rabbitmq migration flag is disabled. Please enable the rabbitmq.rabbitmqUpgradeReady flag after manually enabling the feature flags in rabbitmq" }} {{- end }} -{{- if .Values.rabbitmq.migration.enabled }} +{{- if eq (include "xray.rabbitmq.migration.isHookRegistered" .) "true" }} {{- if .Values.rabbitmq.migration.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount @@ -22,7 +22,7 @@ automountServiceAccountToken: {{ .Values.rabbitmq.migration.serviceAccount.autom {{- end }} --- {{- if .Values.rabbitmq.enabled }} -{{- if .Values.rabbitmq.migration.enabled }} +{{- if eq (include "xray.rabbitmq.migration.isHookRegistered" .) "true" }} {{- if .Values.rabbitmq.migration.serviceAccount.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -43,7 +43,7 @@ rules: {{- end }} --- {{- if .Values.rabbitmq.enabled }} -{{- if .Values.rabbitmq.migration.enabled }} +{{- if eq (include "xray.rabbitmq.migration.isHookRegistered" .) "true" }} {{- if .Values.rabbitmq.migration.serviceAccount.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -69,7 +69,7 @@ roleRef: {{- end }} --- {{- if .Values.rabbitmq.enabled }} -{{- if .Values.rabbitmq.migration.enabled }} +{{- if eq (include "xray.rabbitmq.migration.isHookRegistered" .) "true" }} apiVersion: batch/v1 kind: Job metadata: @@ -106,12 +106,47 @@ spec: securityContext: {{- omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} command: - - sh + - bash - -c - | - #!/bin/sh - if [ "$(kubectl get pods -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }}" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then - kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all + #!/bin/bash + rabbitMqZeroPodName="{{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0" + rabbitMqZeroPodStatus=$(kubectl get pods $rabbitMqZeroPodName -n {{ .Release.Namespace }} -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}') + + {{- if and .Values.global.xray.rabbitmq.haQuorum.enabled .Values.rabbitmq.migration.removeHaPolicyOnMigrationToHaQuorum.enabled }} + for (( i=1; i<=6; i++ )) + do + if [ "$rabbitMqZeroPodStatus" = "True" ]; then + break + fi + echo "Waiting for Rabbitmq zero pod $rabbitMqZeroPodName to be in Ready state - iteration $i" + sleep 5 + rabbitMqZeroPodStatus=$(kubectl get pods $rabbitMqZeroPodName -n {{ .Release.Namespace }} -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}') + done + if [ "$rabbitMqZeroPodStatus" != "True" ]; then + echo "Rabbitmq zero pod $rabbitMqZeroPodName is not in Ready state. Failed to remove mirroring policy 'ha-all'" + exit 1 + fi + policyExists=$(kubectl exec -i $rabbitMqZeroPodName -n {{ .Release.Namespace }} -- bash -c "rabbitmqctl list_policies --formatter json | grep -o "'"\"name\":\"ha-all\""'" | wc -l | tr -d '[:space:]'") + if [ "$?" -ne 0 ]; then + echo "Failed to check if policy ha-all exists on default vhost" + exit 1 + fi + echo "Policy ha-all exists: $policyExists" + if [ $policyExists -gt 0 ]; then + kubectl exec -i $rabbitMqZeroPodName -n {{ .Release.Namespace }} -- rabbitmqctl clear_policy ha-all + if [ "$?" -ne 0 ]; then + echo "Failed to delete policy ha-all on default vhost" + exit 1 + else + echo "Deleted ha-all policy successfully on default vhost" + fi + fi + {{- end }} + + {{- if .Values.rabbitmq.migration.enabled }} + if [ "$rabbitMqZeroPodStatus" = "True" ]; then + kubectl exec -i $rabbitMqZeroPodName -n {{ .Release.Namespace }} -- rabbitmqctl enable_feature_flag all if [ "$?" -ne 0 ]; then echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] " exit 1 @@ -119,8 +154,36 @@ spec: echo Feature flags executed successfully! fi else - echo "Rabbitmq pod is not in running state. Ignoring feature flag migration for rabbitmq" + echo "Rabbitmq zero pod is not in running state. Ignoring feature flag migration for rabbitmq" + fi + {{- end }} + + {{- if .Values.rabbitmq.migration.deleteStatefulSetToAllowFieldUpdate.enabled }} + if [ -n "{{ .Values.rabbitmq.podManagementPolicy }}" ]; then + rabbitMqStatefulSetName=$(kubectl get statefulsets -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o=jsonpath='{.items[0].metadata.name}') + if [ $? -ne 0 ]; then + echo "Failed to get current rabbitmq statefulset name" + exit 1 + fi + currPodManagementPolicy=$(kubectl get statefulset $rabbitMqStatefulSetName -n {{ .Release.Namespace }} -o=jsonpath='{.spec.podManagementPolicy}') + if [ $? -ne 0 ]; then + echo "Failed to get current pod management policy definition" + exit 1 + fi + if [ "$currPodManagementPolicy" != "{{ .Values.rabbitmq.podManagementPolicy }}" ]; then + kubectl delete statefulset $rabbitMqStatefulSetName --cascade=orphan -n {{ .Release.Namespace }} + if [ $? -ne 0 ]; then + echo "Failed to delete statefulset $rabbitMqStatefulSetName to allow update of podManagementDefinition field: [kubectl delete statefulset STATEFULSET_NAME --cascade=orphan]" + exit 1 + fi + echo "Deleted statefulset $rabbitMqStatefulSetName successfully" + else + echo "Field podManagementPolicy of statefulset $rabbitMqStatefulSetName has not changed" + fi + else + echo "rabbitmq.podManagementPolicy is not set" fi + {{- end }} restartPolicy: Never terminationGracePeriodSeconds: 0 {{- end }} diff --git a/stable/xray/templates/xray-hpa-ipa.yaml b/stable/xray/templates/xray-hpa-ipa.yaml new file mode 100644 index 000000000..f3438a206 --- /dev/null +++ b/stable/xray/templates/xray-hpa-ipa.yaml @@ -0,0 +1,31 @@ +{{- if and (not .Values.splitXraytoSeparateDeployments.gradualUpgrade) .Values.splitXraytoSeparateDeployments.enabled }} +{{- if and (.Values.autoscalingIpa.enabled) (eq .Values.autoscalingIpa.keda.enabled false) }} + {{- if semverCompare ">=v1.23.0-0" .Capabilities.KubeVersion.Version }} +apiVersion: autoscaling/v2 + {{- else }} +apiVersion: autoscaling/v2beta2 + {{- end }} +kind: HorizontalPodAutoscaler +metadata: + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "xray.fullname" . }}-ipa +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "xray.fullname" . }}-ipa + minReplicas: {{ .Values.autoscalingIpa.minReplicas }} + maxReplicas: {{ .Values.autoscalingIpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscalingIpa.targetCPUUtilizationPercentage }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-hpa-server.yaml b/stable/xray/templates/xray-hpa-server.yaml new file mode 100644 index 000000000..147d1db79 --- /dev/null +++ b/stable/xray/templates/xray-hpa-server.yaml @@ -0,0 +1,31 @@ +{{- if and (not .Values.splitXraytoSeparateDeployments.gradualUpgrade) .Values.splitXraytoSeparateDeployments.enabled }} +{{- if and (.Values.autoscalingServer.enabled) (eq .Values.autoscalingServer.keda.enabled false) }} + {{- if semverCompare ">=v1.23.0-0" .Capabilities.KubeVersion.Version }} +apiVersion: autoscaling/v2 + {{- else }} +apiVersion: autoscaling/v2beta2 + {{- end }} +kind: HorizontalPodAutoscaler +metadata: + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "xray.fullname" . }}-server +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "xray.fullname" . }}-server + minReplicas: {{ .Values.autoscalingServer.minReplicas }} + maxReplicas: {{ .Values.autoscalingServer.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscalingServer.targetCPUUtilizationPercentage }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-hpa.yaml b/stable/xray/templates/xray-hpa.yaml index fd8c757cf..3233546c7 100644 --- a/stable/xray/templates/xray-hpa.yaml +++ b/stable/xray/templates/xray-hpa.yaml @@ -1,3 +1,4 @@ +{{- if or (and .Values.splitXraytoSeparateDeployments.gradualUpgrade .Values.splitXraytoSeparateDeployments.enabled) (not .Values.splitXraytoSeparateDeployments.enabled) }} {{- if and (.Values.autoscaling.enabled) (eq .Values.autoscaling.keda.enabled false) }} {{- if semverCompare ">=v1.23.0-0" .Capabilities.KubeVersion.Version }} apiVersion: autoscaling/v2 @@ -26,4 +27,5 @@ spec: target: type: Utilization averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml new file mode 100644 index 000000000..afb5e13aa --- /dev/null +++ b/stable/xray/templates/xray-ipa-deployment.yaml @@ -0,0 +1,1188 @@ +{{- if .Values.splitXraytoSeparateDeployments.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "xray.fullname" . }}-ipa + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.xray.name }} + servicename: ipa + {{- with .Values.xray.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +{{- if .Release.IsUpgrade }} + unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} +{{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x" .Values.databaseUpgradeReady | quote }} +{{- end }} +{{- with .Values.server.statefulset.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if not .Values.autoscalingIpa.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.xray.name }} + servicename: ipa + template: + metadata: + labels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.xray.name }} + servicename: ipa + {{- with .Values.xray.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + {{- if not .Values.xray.unifiedSecretInstallation }} + checksum/database-secrets: {{ include (print $.Template.BasePath "/xray-database-secrets.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/xray-system-yaml.yaml") . | sha256sum }} + {{- else }} + checksum/xray-unified-secret: {{ include (print $.Template.BasePath "/xray-unified-secret.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.analysis.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.indexer.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.persist.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.server.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.router.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.filebeat.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- range $key, $value := .Values.xray.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.xray.schedulerName }} + schedulerName: {{ .Values.xray.schedulerName | quote }} + {{- end }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "xray.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.xray.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.xray.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.xray.priorityClass.create }} + priorityClassName: {{ default (include "xray.fullname" .) .Values.xray.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "xray.serviceAccountName" . }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: + runAsUser: {{ .Values.common.xrayUserId }} + fsGroup: {{ .Values.common.xrayGroupId }} + {{- if .Values.common.fsGroupChangePolicy }} + fsGroupChangePolicy: {{ .Values.common.fsGroupChangePolicy }} + {{- end }} + {{- end }} + {{- if .Values.common.topologySpreadConstraints }} + topologySpreadConstraints: +{{ tpl (toYaml .Values.common.topologySpreadConstraints) . | indent 8 }} + {{- end }} + initContainers: + {{- if or .Values.common.customInitContainersBegin .Values.global.customInitContainersBegin }} +{{ tpl (include "xray.customInitContainersBegin" .) . | indent 6 }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'bash' + - '-c' + - > + if [[ -e "{{ .Values.xray.persistence.mountPath }}/etc/filebeat.yaml" ]]; then chmod 644 {{ .Values.xray.persistence.mountPath }}/etc/filebeat.yaml; fi; + echo "Copy system.yaml to {{ .Values.xray.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.xray.persistence.mountPath }}/etc/system.yaml; + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.xray.persistence.mountPath }}/etc/system.yaml; + {{- end }} + echo "Remove {{ .Values.xray.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.xray.persistence.mountPath }}/lost+found; + {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_JOIN_KEY} > {{ .Values.xray.persistence.mountPath }}/etc/security/join.key; + {{- end }} + {{- if or .Values.xray.masterKey .Values.xray.masterKeySecretName .Values.global.masterKey .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_MASTER_KEY} > {{ .Values.xray.persistence.mountPath }}/etc/security/master.key; + {{- end }} + env: + {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} + - name: XRAY_JOIN_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ include "xray.joinKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: join-key + {{- end }} + {{- if or .Values.xray.masterKey .Values.xray.masterKeySecretName .Values.global.masterKey .Values.global.masterKeySecretName }} + - name: XRAY_MASTER_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ include "xray.masterKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: master-key + {{- end }} + volumeMounts: + - name: data-volume + mountPath: {{ .Values.xray.persistence.mountPath | quote }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} + {{- if not .Values.xray.unifiedSecretInstallation }} + - name: systemyaml + {{- else }} + - name: {{ include "xray.unifiedCustomSecretVolumeName" . }} + {{- end }} + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} + {{- else if .Values.xray.systemYaml }} + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- end }} + {{- end }} + {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} + - name: copy-custom-certificates + image: "{{ .Values.initContainerImage }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'bash' + - '-c' + - > +{{ include "xray.copyCustomCerts" . | indent 10 }} +{{ include "xray.copyRabbitmqCustomCerts" . | indent 10 }} + volumeMounts: + - name: data-volume + mountPath: {{ .Values.xray.persistence.mountPath }} + {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: ca-certs + mountPath: "/tmp/certs" + {{- end }} + {{- if or .Values.global.rabbitmq.auth.tls.enabled .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{- end }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'bash' + - '-c' + - | + echo "Waiting for postgresql to come up" + ready=false; + while ! $ready; do echo waiting; + timeout 2s bash -c " + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/router/app/bin/entrypoint-router.sh; + {{- with .Values.router.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "xray.router.ipa.requiredServiceTypes" . }} + {{- if .Values.router.extraEnvVars }} + {{- tpl .Values.router.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - name: http-router + containerPort: {{ .Values.router.internalPort }} + volumeMounts: + - name: data-volume + mountPath: {{ .Values.router.persistence.mountPath | quote }} +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.router.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.router.resources | indent 10 }} +{{- if .Values.router.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.router.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.router.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.router.livenessProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.router.readinessProbe.enabled }} + readinessProbe: +{{ tpl .Values.router.readinessProbe.config . | indent 10 }} +{{- end }} + - name: {{ .Values.observability.name }} + image: {{ include "xray.getImageInfoByValue" (list . "observability") }} + imagePullPolicy: {{ .Values.observability.image.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/sh' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/observability/app/bin/entrypoint-observability.sh; + {{- with .Values.observability.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + {{- if .Values.observability.extraEnvVars }} + {{- tpl .Values.observability.extraEnvVars . | nindent 8 }} + {{- end }} + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.observability.persistence.mountPath }}" + resources: +{{ toYaml .Values.observability.resources | indent 10 }} + {{- if .Values.observability.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.observability.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.observability.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.observability.livenessProbe.config . | indent 10 }} + {{- end }} + - name: {{ .Values.analysis.name }} + image: {{ include "xray.getImageInfoByValue" (list . "analysis") }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.analysis.preStartCommand }} + echo "Running custom Analysis preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/xray/app/bin/wrapper.sh; + {{- with .Values.analysis.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SKIPENTLICCHECKFORCLOUD + value: "true" + {{ include "xray.envVariables" . | indent 8 }} + {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-user + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.actualUsername }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} + {{- else if .Values.database.actualUsername }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-actualUsername + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-url + {{- end }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + - name: XRAY_HA_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: XRAY_K8S_ENV + value: "true" + - name: EXECUTION_JOB_AES_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: execution-service-aes-key + {{- if .Values.common.extraEnvVars }} + {{- tpl .Values.common.extraEnvVars . | nindent 8 }} + {{- end }} + {{- if .Values.analysis.extraEnvVars }} + {{- tpl .Values.analysis.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.analysis.internalPort }} + name: http-analysis + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.analysis.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.analysis.resources | indent 10 }} +{{- if .Values.analysis.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.analysis.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.analysis.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.analysis.livenessProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.sbom.enabled }} + - name: {{ .Values.sbom.name }} + image: {{ include "xray.getImageInfoByValue" (list . "sbom") }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.sbom.preStartCommand }} + echo "Running custom Sbom preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/xray/app/bin/wrapper.sh; + {{- with .Values.sbom.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SKIPENTLICCHECKFORCLOUD + value: "true" + {{ include "xray.envVariables" . | indent 8 }} + {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-user + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.actualUsername }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} + {{- else if .Values.database.actualUsername }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-actualUsername + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-url + {{- end }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + - name: XRAY_HA_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: XRAY_K8S_ENV + value: "true" + - name: EXECUTION_JOB_AES_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: execution-service-aes-key + {{- if .Values.common.extraEnvVars }} + {{- tpl .Values.common.extraEnvVars . | nindent 8 }} + {{- end }} + {{- if .Values.sbom.extraEnvVars }} + {{- tpl .Values.sbom.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.sbom.internalPort }} + name: http-sbom + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.sbom.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sbom.resources | indent 10 }} +{{- if .Values.sbom.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.sbom.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.sbom.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.sbom.livenessProbe.config . | indent 10 }} +{{- end }} +{{- end }} + - name: {{ .Values.indexer.name }} + image: {{ include "xray.getImageInfoByValue" (list . "indexer") }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.indexer.preStartCommand }} + echo "Running custom Indexer preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/xray/app/bin/wrapper.sh; + {{- with .Values.indexer.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SKIPENTLICCHECKFORCLOUD + value: "true" + {{ include "xray.envVariables" . | indent 8 }} + {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-user + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.actualUsername }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} + {{- else if .Values.database.actualUsername }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-actualUsername + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-url + {{- end }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + - name: XRAY_HA_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: XRAY_K8S_ENV + value: "true" + {{- if .Values.common.extraEnvVars }} + {{- tpl .Values.common.extraEnvVars . | nindent 8 }} + {{- end }} + {{- if .Values.indexer.extraEnvVars }} + {{- tpl .Values.indexer.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.indexer.internalPort }} + name: http-indexer + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.indexer.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.indexer.resources | indent 10 }} +{{- if .Values.indexer.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.indexer.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.indexer.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.indexer.livenessProbe.config . | indent 10 }} +{{- end }} + - name: {{ .Values.persist.name }} + image: {{ include "xray.getImageInfoByValue" (list . "persist") }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.persist.preStartCommand }} + echo "Running custom Persist preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/xray/app/bin/wrapper.sh; + {{- with .Values.persist.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SKIPENTLICCHECKFORCLOUD + value: "true" + {{ include "xray.envVariables" . | indent 8 }} + {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-user + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.actualUsername }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} + {{- else if .Values.database.actualUsername }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-actualUsername + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-url + {{- end }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + - name: XRAY_K8S_ENV + value: "true" + {{- if .Values.common.extraEnvVars }} + {{- tpl .Values.common.extraEnvVars . | nindent 8 }} + {{- end }} + {{- if .Values.persist.extraEnvVars }} + {{- tpl .Values.persist.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.persist.internalPort }} + name: http-persist + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.persist.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.persist.resources | indent 10 }} +{{- if .Values.persist.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.persist.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.persist.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.persist.livenessProbe.config . | indent 10 }} +{{- end }} + {{- $mountPath := .Values.xray.persistence.mountPath }} + {{- range .Values.xray.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "xray.getImageInfoByValue" (list $ "logger") }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: data-volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.xray.loggersResources | indent 10 }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} +{{- if or .Values.common.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "xray.customSidecarContainers" .) . | indent 6 }} +{{- end }} + {{- if or .Values.xray.nodeSelector .Values.global.nodeSelector }} +{{ tpl (include "xray.nodeSelector" .) . | indent 6 }} + {{- end }} + {{- if .Values.affinity }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.xray.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.xray.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + {{- else if eq .Values.xray.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.xray.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + ########## External secrets ########### + {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: ca-certs + secret: + secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.xray.customCertificates.certificateSecretName }} + {{- end }} + {{- if .Values.systemYamlOverride.existingSecret }} + - name: systemyaml + secret: + secretName: {{ .Values.systemYamlOverride.existingSecret }} + {{- end }} + ############ Config map, Volumes and Custom Volumes ############## + {{- if .Values.xray.loggers }} + - name: tail-logger-script + configMap: + name: {{ template "xray.fullname" . }}-logger + {{- end }} + - name: data-volume + emptyDir: + sizeLimit: {{ .Values.common.persistence.size }} + {{- if and .Values.xray.unifiedSecretInstallation (eq (include "xray.checkDuplicateUnifiedCustomVolume" .) "false" ) }} + ######### unifiedSecretInstallation ########### + - name: {{ include "xray.unifiedCustomSecretVolumeName" . }} + secret: + secretName: {{ template "xray.name" . }}-unified-secret + {{- else if not .Values.xray.unifiedSecretInstallation }} + ######### Non unifiedSecretInstallation ########### + {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.xray.systemYaml }} + - name: systemyaml + secret: + secretName: {{ printf "%s-%s" (include "xray.fullname" .) "system-yaml" }} + {{- end }} + {{- end }} + {{- if or .Values.global.rabbitmq.auth.tls.enabled .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "xray.rabbitmqCustomCertificateshandler" . }} + {{- end }} + +{{- if or .Values.common.customVolumes .Values.global.customVolumes }} +{{ tpl (include "xray.customVolumes" .) . | indent 6 }} +{{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "xray.fullname" . }}-filebeat-config + {{- end }} + {{- if .Values.common.configMaps }} + - name: xray-configmaps + configMap: + name: {{ template "xray.fullname" . }}-configmaps + {{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-keda-hpa-ipa.yaml b/stable/xray/templates/xray-keda-hpa-ipa.yaml new file mode 100644 index 000000000..f9776b4b9 --- /dev/null +++ b/stable/xray/templates/xray-keda-hpa-ipa.yaml @@ -0,0 +1,38 @@ +{{- if and (not .Values.splitXraytoSeparateDeployments.gradualUpgrade) .Values.splitXraytoSeparateDeployments.enabled }} +{{- if and (.Values.autoscalingIpa.enabled) (eq .Values.autoscalingIpa.keda.enabled true) }} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "xray.fullname" . }}-ipa +spec: + scaleTargetRef: + kind: Deployment + name: {{ template "xray.fullname" . }}-ipa + minReplicaCount: {{ .Values.autoscalingIpa.minReplicas }} + maxReplicaCount: {{ .Values.autoscalingIpa.maxReplicas }} + pollingInterval: {{ .Values.autoscalingIpa.keda.pollingInterval }} + cooldownPeriod: {{ .Values.autoscalingIpa.keda.cooldownPeriod }} + advanced: + horizontalPodAutoscalerConfig: + behavior: + scaleUp: + {{- .Values.autoscalingIpa.keda.scaleUp | toYaml | nindent 10 }} + scaleDown: + {{- .Values.autoscalingIpa.keda.scaleDown | toYaml | nindent 10 }} + triggers: + {{- include "xray.autoscalingQueuesIpa" . | indent 4 }} + - type: cpu + metricType: Utilization + metadata: + value: "{{ .Values.autoscalingIpa.targetCPUUtilizationPercentage }}" + - type: memory + metricType: Utilization + metadata: + value: "{{ .Values.autoscalingIpa.targetMemoryUtilizationPercentage }}" +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-keda-hpa-server.yaml b/stable/xray/templates/xray-keda-hpa-server.yaml new file mode 100644 index 000000000..145e933c3 --- /dev/null +++ b/stable/xray/templates/xray-keda-hpa-server.yaml @@ -0,0 +1,38 @@ +{{- if and (not .Values.splitXraytoSeparateDeployments.gradualUpgrade) .Values.splitXraytoSeparateDeployments.enabled }} +{{- if and (.Values.autoscalingServer.enabled) (eq .Values.autoscalingServer.keda.enabled true) }} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "xray.fullname" . }}-server +spec: + scaleTargetRef: + kind: Deployment + name: {{ template "xray.fullname" . }}-server + minReplicaCount: {{ .Values.autoscalingServer.minReplicas }} + maxReplicaCount: {{ .Values.autoscalingServer.maxReplicas }} + pollingInterval: {{ .Values.autoscalingServer.keda.pollingInterval }} + cooldownPeriod: {{ .Values.autoscalingServer.keda.cooldownPeriod }} + advanced: + horizontalPodAutoscalerConfig: + behavior: + scaleUp: + {{- .Values.autoscalingServer.keda.scaleUp | toYaml | nindent 10 }} + scaleDown: + {{- .Values.autoscalingServer.keda.scaleDown | toYaml | nindent 10 }} + triggers: + {{- include "xray.autoscalingQueuesServer" . | indent 4 }} + - type: cpu + metricType: Utilization + metadata: + value: "{{ .Values.autoscalingServer.targetCPUUtilizationPercentage }}" + - type: memory + metricType: Utilization + metadata: + value: "{{ .Values.autoscalingServer.targetMemoryUtilizationPercentage }}" +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-keda-hpa.yaml b/stable/xray/templates/xray-keda-hpa.yaml index dbca87f70..9827c89e4 100644 --- a/stable/xray/templates/xray-keda-hpa.yaml +++ b/stable/xray/templates/xray-keda-hpa.yaml @@ -1,3 +1,4 @@ +{{- if or (and .Values.splitXraytoSeparateDeployments.gradualUpgrade .Values.splitXraytoSeparateDeployments.enabled) (not .Values.splitXraytoSeparateDeployments.enabled) }} {{- if and (.Values.autoscaling.enabled) (eq .Values.autoscaling.keda.enabled true) }} apiVersion: keda.sh/v1alpha1 kind: ScaledObject @@ -16,9 +17,6 @@ spec: maxReplicaCount: {{ .Values.autoscaling.maxReplicas }} pollingInterval: {{ .Values.autoscaling.keda.pollingInterval }} cooldownPeriod: {{ .Values.autoscaling.keda.cooldownPeriod }} - fallback: - failureThreshold: 3 - replicas: 5 advanced: horizontalPodAutoscalerConfig: behavior: @@ -36,4 +34,5 @@ spec: metricType: Utilization metadata: value: "{{ .Values.autoscaling.targetMemoryUtilizationPercentage }}" +{{- end }} {{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-keda-secret.yaml b/stable/xray/templates/xray-keda-secret.yaml index 38fea43f1..c9c0b9cb9 100644 --- a/stable/xray/templates/xray-keda-secret.yaml +++ b/stable/xray/templates/xray-keda-secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.autoscaling.keda.enabled }} +{{- if or .Values.autoscaling.keda.enabled .Values.autoscalingServer.keda.enabled .Values.autoscalingIpa.keda.enabled }} apiVersion: v1 kind: Secret metadata: diff --git a/stable/xray/templates/xray-keda-trigger-authentication.yaml b/stable/xray/templates/xray-keda-trigger-authentication.yaml index a83c28453..aa50a6b6f 100644 --- a/stable/xray/templates/xray-keda-trigger-authentication.yaml +++ b/stable/xray/templates/xray-keda-trigger-authentication.yaml @@ -1,4 +1,4 @@ -{{- if .Values.autoscaling.keda.enabled }} +{{- if or .Values.autoscaling.keda.enabled .Values.autoscalingServer.keda.enabled .Values.autoscalingIpa.keda.enabled }} apiVersion: keda.sh/v1alpha1 kind: TriggerAuthentication metadata: diff --git a/stable/xray/templates/xray-server-deployment.yaml b/stable/xray/templates/xray-server-deployment.yaml new file mode 100644 index 000000000..277b8362a --- /dev/null +++ b/stable/xray/templates/xray-server-deployment.yaml @@ -0,0 +1,702 @@ +{{- if .Values.splitXraytoSeparateDeployments.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "xray.fullname" . }}-server + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + component: {{ .Values.xray.name }} + servicename: server + {{- with .Values.xray.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +{{- if .Release.IsUpgrade }} + unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} +{{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x" .Values.databaseUpgradeReady | quote }} +{{- end }} +{{- with .Values.server.statefulset.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if not .Values.autoscalingServer.enabled }} + replicas: {{ .Values.replicaCountServer }} +{{- end }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.xray.name }} + servicename: server + template: + metadata: + labels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.xray.name }} + servicename: server + {{- with .Values.xray.labels }} +{{ toYaml . | indent 8 }} + {{- end }} + annotations: + {{- if not .Values.xray.unifiedSecretInstallation }} + checksum/database-secrets: {{ include (print $.Template.BasePath "/xray-database-secrets.yaml") . | sha256sum }} + checksum/systemyaml: {{ include (print $.Template.BasePath "/xray-system-yaml.yaml") . | sha256sum }} + {{- else }} + checksum/xray-unified-secret: {{ include (print $.Template.BasePath "/xray-unified-secret.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.analysis.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.indexer.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.persist.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.server.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.router.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.filebeat.annotations }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- range $key, $value := .Values.xray.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.xray.schedulerName }} + schedulerName: {{ .Values.xray.schedulerName | quote }} + {{- end }} + {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} +{{- include "xray.imagePullSecrets" . | indent 6 }} + {{- end }} + {{- if .Values.xray.priorityClass.existingPriorityClass }} + priorityClassName: {{ .Values.xray.priorityClass.existingPriorityClass }} + {{- else -}} + {{- if .Values.xray.priorityClass.create }} + priorityClassName: {{ default (include "xray.fullname" .) .Values.xray.priorityClass.name }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "xray.serviceAccountName" . }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: + runAsUser: {{ .Values.common.xrayUserId }} + fsGroup: {{ .Values.common.xrayGroupId }} + {{- if .Values.common.fsGroupChangePolicy }} + fsGroupChangePolicy: {{ .Values.common.fsGroupChangePolicy }} + {{- end }} + {{- end }} + {{- if .Values.common.topologySpreadConstraints }} + topologySpreadConstraints: +{{ tpl (toYaml .Values.common.topologySpreadConstraints) . | indent 8 }} + {{- end }} + initContainers: + {{- if or .Values.common.customInitContainersBegin .Values.global.customInitContainersBegin }} +{{ tpl (include "xray.customInitContainersBegin" .) . | indent 6 }} + {{- end }} + - name: 'copy-system-yaml' + image: '{{ .Values.initContainerImage }}' + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'bash' + - '-c' + - > + if [[ -e "{{ .Values.xray.persistence.mountPath }}/etc/filebeat.yaml" ]]; then chmod 644 {{ .Values.xray.persistence.mountPath }}/etc/filebeat.yaml; fi; + echo "Copy system.yaml to {{ .Values.xray.persistence.mountPath }}/etc"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.xray.persistence.mountPath }}/etc/system.yaml; + {{- else }} + cp -fv /tmp/etc/system.yaml {{ .Values.xray.persistence.mountPath }}/etc/system.yaml; + {{- end }} + echo "Remove {{ .Values.xray.persistence.mountPath }}/lost+found folder if exists"; + rm -rfv {{ .Values.xray.persistence.mountPath }}/lost+found; + {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} + echo "Copy joinKey to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_JOIN_KEY} > {{ .Values.xray.persistence.mountPath }}/etc/security/join.key; + {{- end }} + {{- if or .Values.xray.masterKey .Values.xray.masterKeySecretName .Values.global.masterKey .Values.global.masterKeySecretName }} + echo "Copy masterKey to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_MASTER_KEY} > {{ .Values.xray.persistence.mountPath }}/etc/security/master.key; + {{- end }} + env: + {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} + - name: XRAY_JOIN_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ include "xray.joinKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: join-key + {{- end }} + {{- if or .Values.xray.masterKey .Values.xray.masterKeySecretName .Values.global.masterKey .Values.global.masterKeySecretName }} + - name: XRAY_MASTER_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ include "xray.masterKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: master-key + {{- end }} + volumeMounts: + - name: data-volume + mountPath: {{ .Values.xray.persistence.mountPath | quote }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} + {{- if not .Values.xray.unifiedSecretInstallation }} + - name: systemyaml + {{- else }} + - name: {{ include "xray.unifiedCustomSecretVolumeName" . }} + {{- end }} + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} + {{- else if .Values.xray.systemYaml }} + mountPath: "/tmp/etc/system.yaml" + subPath: system.yaml + {{- end }} + {{- end }} + {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} + - name: copy-custom-certificates + image: "{{ .Values.initContainerImage }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'bash' + - '-c' + - > +{{ include "xray.copyCustomCerts" . | indent 10 }} +{{ include "xray.copyRabbitmqCustomCerts" . | indent 10 }} + volumeMounts: + - name: data-volume + mountPath: {{ .Values.xray.persistence.mountPath }} + {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: ca-certs + mountPath: "/tmp/certs" + {{- end }} + {{- if or .Values.global.rabbitmq.auth.tls.enabled .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + mountPath: "/tmp/rabbitmqcerts" + {{- end }} + {{- end }} + {{- if .Values.waitForDatabase }} + {{- if .Values.postgresql.enabled }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 10 }} + command: + - 'bash' + - '-c' + - | + echo "Waiting for postgresql to come up" + ready=false; + while ! $ready; do echo waiting; + timeout 2s bash -c " + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/router/app/bin/entrypoint-router.sh; + {{- with .Values.router.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES + value: {{ include "xray.router.server.requiredServiceTypes" . }} + {{- if .Values.router.extraEnvVars }} + {{- tpl .Values.router.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - name: http-router + containerPort: {{ .Values.router.internalPort }} + volumeMounts: + - name: data-volume + mountPath: {{ .Values.router.persistence.mountPath | quote }} +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.router.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.router.resources | indent 10 }} +{{- if .Values.router.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.router.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.router.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.router.livenessProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.router.readinessProbe.enabled }} + readinessProbe: +{{ tpl .Values.router.readinessProbe.config . | indent 10 }} +{{- end }} + - name: {{ .Values.observability.name }} + image: {{ include "xray.getImageInfoByValue" (list . "observability") }} + imagePullPolicy: {{ .Values.observability.image.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/sh' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/observability/app/bin/entrypoint-observability.sh; + {{- with .Values.observability.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + {{- if .Values.observability.extraEnvVars }} + {{- tpl .Values.observability.extraEnvVars . | nindent 8 }} + {{- end }} + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.observability.persistence.mountPath }}" + resources: +{{ toYaml .Values.observability.resources | indent 10 }} + {{- if .Values.observability.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.observability.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.observability.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.observability.livenessProbe.config . | indent 10 }} + {{- end }} + - name: {{ .Values.server.name }} + image: {{ include "xray.getImageInfoByValue" (list . "server") }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.server.preStartCommand }} + echo "Running custom Server preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/xray/app/bin/wrapper.sh; + {{- with .Values.server.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + {{ include "xray.envVariables" . | indent 8 }} + {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-user + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.actualUsername }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} + {{- else if .Values.database.actualUsername }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-actualUsername + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-url + {{- end }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + - name: XRAY_K8S_ENV + value: "true" + - name: EXECUTION_JOB_AES_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: execution-service-aes-key + {{- if .Values.common.extraEnvVars }} + {{- tpl .Values.common.extraEnvVars . | nindent 8 }} + {{- end }} + {{- if .Values.server.extraEnvVars }} + {{- tpl .Values.server.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.server.internalPort }} + name: http-server + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.server.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.server.resources | indent 10 }} +{{- if .Values.server.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.server.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.server.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.server.livenessProbe.config . | indent 10 }} +{{- end }} + {{- $mountPath := .Values.xray.persistence.mountPath }} + {{- range .Values.xray.loggers }} + - name: {{ . | replace "_" "-" | replace "." "-" }} + image: {{ include "xray.getImageInfoByValue" (list $ "logger") }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} + command: + - 'sh' + - '-c' + - 'sh /scripts/tail-log.sh {{ $mountPath }}/log {{ . }}' + volumeMounts: + - name: data-volume + mountPath: {{ $mountPath }} + - name: tail-logger-script + mountPath: /scripts/tail-log.sh + subPath: tail-log.sh + resources: +{{ toYaml $.Values.xray.loggersResources | indent 10 }} + {{- end }} + {{- if .Values.filebeat.enabled }} + - name: {{ .Values.filebeat.name }} + image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" + imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} + args: + - "-e" + - "-E" + - "http.enabled=true" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + volumeMounts: + - name: filebeat-config + mountPath: /usr/share/filebeat/filebeat.yml + readOnly: true + subPath: filebeat.yml + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" + livenessProbe: +{{ toYaml .Values.filebeat.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.filebeat.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.filebeat.resources | indent 10 }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} + {{- end }} +{{- if or .Values.common.customSidecarContainers .Values.global.customSidecarContainers }} +{{ tpl (include "xray.customSidecarContainers" .) . | indent 6 }} +{{- end }} + {{- if or .Values.xray.nodeSelector .Values.global.nodeSelector }} +{{ tpl (include "xray.nodeSelector" .) . | indent 6 }} + {{- end }} + {{- if .Values.affinity }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- else if eq .Values.xray.podAntiAffinity.type "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.xray.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + {{- else if eq .Values.xray.podAntiAffinity.type "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.xray.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: + app: {{ template "xray.name" . }} + release: {{ .Release.Name }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + ########## External secrets ########### + {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled }} + - name: ca-certs + secret: + secretName: {{ default .Values.global.customCertificates.certificateSecretName .Values.xray.customCertificates.certificateSecretName }} + {{- end }} + {{- if .Values.systemYamlOverride.existingSecret }} + - name: systemyaml + secret: + secretName: {{ .Values.systemYamlOverride.existingSecret }} + {{- end }} + ############ Config map, Volumes and Custom Volumes ############## + {{- if .Values.xray.loggers }} + - name: tail-logger-script + configMap: + name: {{ template "xray.fullname" . }}-logger + {{- end }} + - name: data-volume + emptyDir: + sizeLimit: {{ .Values.common.persistence.size }} + {{- if and .Values.xray.unifiedSecretInstallation (eq (include "xray.checkDuplicateUnifiedCustomVolume" .) "false" ) }} + ######### unifiedSecretInstallation ########### + - name: {{ include "xray.unifiedCustomSecretVolumeName" . }} + secret: + secretName: {{ template "xray.name" . }}-unified-secret + {{- else if not .Values.xray.unifiedSecretInstallation }} + ######### Non unifiedSecretInstallation ########### + {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.xray.systemYaml }} + - name: systemyaml + secret: + secretName: {{ printf "%s-%s" (include "xray.fullname" .) "system-yaml" }} + {{- end }} + {{- end }} + {{- if or .Values.global.rabbitmq.auth.tls.enabled .Values.rabbitmq.auth.tls.enabled }} + - name: rabbitmq-ca-certs + secret: + secretName: {{ template "xray.rabbitmqCustomCertificateshandler" . }} + {{- end }} + +{{- if or .Values.common.customVolumes .Values.global.customVolumes }} +{{ tpl (include "xray.customVolumes" .) . | indent 6 }} +{{- end }} + {{- if .Values.filebeat.enabled }} + - name: filebeat-config + configMap: + name: {{ template "xray.fullname" . }}-filebeat-config + {{- end }} + {{- if .Values.common.configMaps }} + - name: xray-configmaps + configMap: + name: {{ template "xray.fullname" . }}-configmaps + {{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index 9f5fedbd5..20be2df4f 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -1,3 +1,4 @@ +{{- if or (and .Values.splitXraytoSeparateDeployments.gradualUpgrade .Values.splitXraytoSeparateDeployments.enabled) (not .Values.splitXraytoSeparateDeployments.enabled) }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -220,7 +221,6 @@ spec: {{- end }} {{- end }} {{- if and .Values.global.xray.rabbitmq.haQuorum.enabled .Values.common.rabbitmq.waitForReplicasQuorumOnStartup }} - {{- if .Values.rabbitmq.enabled }} - name: "wait-for-rabbitmq-replicas-quorum" image: "{{ .Values.initContainerImage }}" {{- if .Values.containerSecurityContext.enabled }} @@ -251,7 +251,9 @@ spec: # but currently we do not have jq in the UBI-minimal base image approved by the installer team nodesNum=$(curl -s ${additionalFlags} -u${JF_SHARED_RABBITMQ_USERNAME}:${JF_SHARED_RABBITMQ_PASSWORD} ${rabbitMqManagementUrl}api/nodes | grep -o '"running"\s*:true' | wc -l | tr -d '[:space:]') echo $nodesNum - if [[ "$nodesNum" -ge "{{ add 1 (div .Values.rabbitmq.replicaCount 2) }}" ]]; then ready=true; echo "rabbitmq ok"; fi; sleep 5; + quorumSize=$(( $JF_SHARED_RABBITMQ_REPLICASCOUNT/2 + 1 )) + echo $quorumSize + if [[ "$nodesNum" -ge "$quorumSize" ]]; then ready=true; echo "rabbitmq ok"; fi; sleep 5; done env: {{- if eq (include "xray.rabbitmq.isManagementListenerTlsEnabled" .) "true" }} @@ -275,6 +277,14 @@ spec: name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} {{- end }} + {{- if and (not .Values.rabbitmq.external.secrets) (not .Values.common.rabbitmq.connectionConfigFromEnvironment) (not .Values.common.rabbitmq.enabled) }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: "{{ .Values.rabbitmq.external.username }}" + - name: JF_SHARED_RABBITMQ_URL + value: "{{ tpl .Values.rabbitmq.external.url . }}" + - name: JF_SHARED_RABBITMQ_PASSWORD + value: "{{ .Values.rabbitmq.external.password }}" + {{- end }} {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} - name: JF_SHARED_RABBITMQ_USERNAME value: {{ include "rabbitmq.user" .}} @@ -286,7 +296,12 @@ spec: name: {{ include "rabbitmq.passwordSecretName" .}} key: rabbitmq-password {{- end }} - {{- end }} + - name: JF_SHARED_RABBITMQ_REPLICASCOUNT + {{- if .Values.rabbitmq.enabled }} + value: "{{ .Values.rabbitmq.replicaCount }}" + {{- else }} + value: "{{ .Values.global.xray.rabbitmq.replicaCount }}" + {{- end }} {{- end }} {{- if or .Values.common.customInitContainers .Values.global.customInitContainers }} {{ tpl (include "xray.customInitContainers" .) . | indent 6 }} @@ -1346,3 +1361,4 @@ spec: storage: {{ .size }} {{- end }} {{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-svc.yaml b/stable/xray/templates/xray-svc.yaml index 6a4984e3c..bce6c4dac 100644 --- a/stable/xray/templates/xray-svc.yaml +++ b/stable/xray/templates/xray-svc.yaml @@ -37,3 +37,6 @@ spec: app: {{ template "xray.name" . }} component: {{ .Values.xray.name }} release: {{ .Release.Name }} +{{- if and (not .Values.splitXraytoSeparateDeployments.gradualUpgrade) .Values.splitXraytoSeparateDeployments.enabled }} + servicename: server +{{- end }} diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index 128daaeee..4d3c7b9e1 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -47,6 +47,7 @@ global: xray: # Rabbitmq settings that are specific to Xray rabbitmq: + replicaCount: 1 haQuorum: enabled: false waitForPreviousPodsOnInitialStartup: true @@ -60,7 +61,7 @@ global: ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1361.1699548032 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 imagePullPolicy: IfNotPresent # Init containers @@ -214,7 +215,7 @@ xray: {{- if .Values.global.xray.rabbitmq.haQuorum.enabled }} ha_quorum: true vhost: {{ .Values.global.xray.rabbitmq.haQuorum.vhost }} - replicasCount: 3 + replicasCount: {{ .Values.global.xray.rabbitmq.replicaCount }} {{- end }} erlangCookie: value: "{{ .Values.rabbitmq.external.erlangCookie }}" @@ -235,7 +236,7 @@ xray: username: "{{ .Values.xray.mongoUsername }}" password: "{{ .Values.xray.mongoPassword }}" {{- end }} - {{- if or .Values.server.mailServer .Values.server.indexAllBuilds .Values.common.rabbitmq.migrateMessagesFromOtherRabbitMq }} + {{- if or .Values.server.mailServer .Values.server.indexAllBuilds .Values.global.xray.rabbitmq.migrateMessagesFromXrayDefaultVhost .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq }} server: {{- if .Values.server.mailServer }} mailServer: "{{ .Values.server.mailServer }}" @@ -243,9 +244,13 @@ xray: {{- if .Values.server.indexAllBuilds }} indexAllBuilds: {{ .Values.server.indexAllBuilds }} {{- end }} - {{- if .Values.common.rabbitmq.migrateMessagesFromOtherRabbitMq }} + {{- if .Values.global.xray.rabbitmq.migrateMessagesFromXrayDefaultVhost }} dataMigrations: - migrate_msgs_from_other_rabbitmq: {{ toYaml .Values.common.rabbitmq.migrateMessagesFromOtherRabbitMq | nindent 6 }} + migrate_msgs_from_other_rabbitmq: + vhost: {{ .Values.global.xray.rabbitmq.vhost | default "%2f" | quote }} + {{- else if .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq }} + dataMigrations: + migrate_msgs_from_other_rabbitmq: {{ toYaml .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq | nindent 6 }} {{- end }} {{- end }} {{- if (include "xray.imagePullSecretsStrList" .) }} @@ -401,7 +406,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.3.1361.1699548032 + tag: 9.3.1475 ## Service Account ## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ @@ -653,6 +658,7 @@ rabbitmq: } ], "policies": [ + {{- if not .Values.global.xray.rabbitmq.haQuorum.enabled }} { "name": "ha-all", "apply-to": "all", @@ -663,6 +669,7 @@ rabbitmq: "ha-sync-mode": "automatic" } } + {{- end }} ] } loadDefinition: @@ -677,6 +684,14 @@ rabbitmq: migration: ## Migration is required to be performed only once hence this option can be disabled once the feature flags are enabled in rabbitmq. enabled: true + ## Another uses of migration hook are: + ## - Deleting StatefulSet for allowing updating certain fields that require it: + ## Changing podManagementPolicy OrderedReady -> Parallel requires deleting stateful set + ## - Deleting ha-all mirror policy on migrating to Quorum Queues + deleteStatefulSetToAllowFieldUpdate: + enabled: false + removeHaPolicyOnMigrationToHaQuorum: + enabled: false image: registry: releases-docker.jfrog.io repository: bitnami/kubectl @@ -703,6 +718,14 @@ rabbitmq: - create - get - list + - apiGroups: + - "apps" + resources: + - statefulsets + verbs: + - get + - list + - delete # This is automatically set based on rabbitmqTLS enabled flag. @@ -1295,7 +1318,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.92.0 + tag: 7.95.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled. @@ -1381,7 +1404,7 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.17.0 + tag: 1.21.0 imagePullPolicy: IfNotPresent internalPort: 8036 resources: {} @@ -1527,3 +1550,82 @@ probes: quota: enabled: true jobCount: 100 + +################################################################################### +## At present, this feature is not available for onprem installations. +## Separate Xray into distinct pods +## (Enabling this setting will divide the Xray pod into two deployments: xray-server and xray-ipa) +splitXraytoSeparateDeployments: + enabled: false + ## To prevent downtime (both the statefulset pod and deployment pod are kept together, with gradual upgrade set to false, which can turn off statefulsets in subsequent upgrades) + gradualUpgrade: false +replicaCountServer: 2 +## Apply horizontal pod auto scaling on Xray server pods +## Only applicable when (splitXraytoSeparateDeployments.enabled) is set to true +## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +autoscalingServer: + enabled: false + minReplicas: 2 + maxReplicas: 3 + targetCPUUtilizationPercentage: 70 + targetMemoryUtilizationPercentage: 90 + ## Specify if using the keda hpa or regular basic hpa + ## Note: keda should be installed on the target cluster + ## Ref: https://keda.sh/docs/2.10/deploy/ + keda: + enabled: false + scaleUp: + stabilizationWindowSeconds: 90 + policies: + - type: Pods + value: 3 + periodSeconds: 30 + scaleDown: + stabilizationWindowSeconds: 90 + policies: + - type: Pods + value: 1 + periodSeconds: 30 + pollingInterval: 10 + cooldownPeriod: 10 + queues: + - name: impactAnalysis + value: "100" +## Apply horizontal pod auto scaling on Xray ipa pods +## Only applicable when (splitXraytoSeparateDeployments.enabled) is set to true +## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +autoscalingIpa: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 70 + targetMemoryUtilizationPercentage: 90 + ## Specify if using the keda hpa or regular basic hpa + ## Note: keda should be installed on the target cluster + ## Ref: https://keda.sh/docs/2.10/deploy/ + keda: + enabled: false + scaleUp: + stabilizationWindowSeconds: 90 + policies: + - type: Pods + value: 3 + periodSeconds: 30 + scaleDown: + stabilizationWindowSeconds: 90 + policies: + - type: Pods + value: 1 + periodSeconds: 30 + pollingInterval: 10 + cooldownPeriod: 10 + queues: + - name: analysis + value: "100" + - name: index + value: "100" + - name: persist + value: "100" + - name: alert + value: "100" +################################################################################### From aaa43b180450d6fb54d14f5b0ebfb817c1a2831c Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:53:27 +0530 Subject: [PATCH 27/47] [jfrog-platform] 10.17.1 release --- stable/jfrog-platform/CHANGELOG.md | 9 +++++++++ stable/jfrog-platform/Chart.lock | 14 +++++++------- stable/jfrog-platform/Chart.yaml | 15 +++++++-------- stable/jfrog-platform/README.md | 14 ++++++-------- stable/jfrog-platform/values.yaml | 3 +-- 5 files changed, 30 insertions(+), 25 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index dc1226344..634fa40c1 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,15 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.17.1] - Feb 29, 2024 +* Updated README.md to create a namespace using `--create-namespace` as part of helm install +* Updated `artifactory.installerInfo` content +* Update dependency artifactory chart version to 107.77.6 +* Update dependency xray chart version to 103.90.1 +* Update dependency distribution chart version to 102.22.2 +* Update dependency insight chart version to 101.16.7 +* Update dependency pipelines chart version to 101.55.6 + ## [10.17.0] - Jan 24, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 10ebceb3c..9ba838e5b 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -7,18 +7,18 @@ dependencies: version: 11.9.3 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.3 + version: 107.77.6 - name: xray repository: https://charts.jfrog.io/ - version: 103.87.9 + version: 103.90.1 - name: distribution repository: https://charts.jfrog.io/ - version: 102.22.1 + version: 102.22.2 - name: insight repository: https://charts.jfrog.io/ - version: 101.16.6 + version: 101.16.7 - name: pipelines repository: https://charts.jfrog.io/ - version: 101.53.4 -digest: sha256:f9cf10d922803ead6cfb196700de26f21ff54d13e3b616dd1df1cecc2fac9e44 -generated: "2024-01-24T15:31:40.815967+05:30" + version: 101.55.6 +digest: sha256:7dab87296e623847160abc644f43556da5bb2d7083a357888e68a6db1e11f9e1 +generated: "2024-02-29T20:49:08.265023+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index d71aa6920..90907869f 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.3 +appVersion: 7.77.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -12,23 +12,23 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.3 + version: 107.77.6 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.87.9 + version: 103.90.1 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ - version: 102.22.1 + version: 102.22.2 - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ - version: 101.16.6 + version: 101.16.7 - condition: pipelines.enabled name: pipelines repository: https://charts.jfrog.io/ - version: 101.53.4 + version: 101.55.6 description: The Helm chart for JFrog Platform (Universal, hybrid, end-to-end DevOps automation) home: https://jfrog.com/platform/ @@ -39,7 +39,6 @@ keywords: - xray - distribution - insight -- pdn-server - pipelines - jfrog - devops @@ -51,4 +50,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.17.0 +version: 10.17.1 diff --git a/stable/jfrog-platform/README.md b/stable/jfrog-platform/README.md index 8897667ec..99afda039 100644 --- a/stable/jfrog-platform/README.md +++ b/stable/jfrog-platform/README.md @@ -4,7 +4,7 @@ ## Prerequisites Details -* Kubernetes 1.14+ +* Kubernetes 1.19+ * Artifactory Enterprise(+) trial license [get one from here](https://jfrog.com/platform/free-trial/) or Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) ## Chart Details @@ -13,7 +13,6 @@ This chart will do the following: * Deploy JFrog Platform (artifactory, xray, distribution, insight and pipelines). Fully customizable. * Deploy a PostgreSQL database using the bitnami/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. * Deploy a Rabbitmq using the bitnami/rabbitmq chart (can be changed) -* Deploy a Redis using the bitnami/redis chart (can be changed) * Deploy an optional Nginx server ## Installing the Chart @@ -30,7 +29,7 @@ helm repo update ### Install Chart To install the chart with the release name `jfrog-platform` ```bash -helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-platform +helm upgrade --install jfrog-platform jfrog/jfrog-platform --namespace jfrog-platform --create-namespace ``` ### High Availability @@ -38,7 +37,7 @@ helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-pla For **high availability** of Artifactory, set the replica count to be equal or higher than **2**. Recommended is **3**. ```bash # Start artifactory with 3 replicas per service -helm upgrade --install jfrog-platform --namespace jfrog-platform --set artifactory.artifactory.replicaCount=3 +helm upgrade --install jfrog-platform --set artifactory.artifactory.replicaCount=3 --namespace jfrog-platform --create-namespace ``` ### Install Artifactory license @@ -73,7 +72,7 @@ artifactory: ``` ```bash # Apply the values file during install -helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-platform -f customvalues.yaml +helm upgrade --install jfrog-platform jfrog/jfrog-platform -f customvalues.yaml --namespace jfrog-platform --create-namespace ``` **NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). Updating the license should be done via Artifactory UI or REST API. @@ -96,7 +95,7 @@ artifactory: ``` ```bash -helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-platform -f customvalues.yaml +helm upgrade --install jfrog-platform jfrog/jfrog-platform -f customvalues.yaml --namespace jfrog-platform --create-namespace ``` **NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored). Updating the license should be done via Artifactory UI or REST API. @@ -109,7 +108,6 @@ This chart would provide flexibility to enable one or more of the jfrog products 2. Distribution 3. Insight 4. Pipelines -5. PDN server For example to enable xray and insight with artifactory, you can refer the following yaml and pass it during install. customvalues.yaml @@ -120,7 +118,7 @@ insight: enabled: true ```` ```bash -helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-platform -f customvalues.yaml +helm upgrade --install jfrog-platform jfrog/jfrog-platform -f customvalues.yaml --namespace jfrog-platform --create-namespace ``` ### Uninstalling Jfrog Platform chart. diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index 493efb0e4..9b0581751 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -29,7 +29,6 @@ global: # distribution: # insight: # pipelines: - # pdnServer: database: host: "{{ .Release.Name }}-postgresql" port: 5432 @@ -214,7 +213,7 @@ rabbitmq: artifactory: enabled: true unifiedUpgradeAllowed: true - installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.17.0-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' + installerInfo: '{"productId":"Helm_JFrogPlatform/{{ printf "10.17.0-%s" .Chart.AppVersion }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' postgresql: enabled: false waitForDatabase: false From b9ed646a4709df230cee7fe1cb7bff76a320a9d6 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 14 Mar 2024 10:11:22 +0530 Subject: [PATCH 28/47] [artifactory] 7.77.7 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +++--- stable/artifactory-ha/CHANGELOG.md | 2 +- stable/artifactory-ha/Chart.yaml | 4 ++-- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +++--- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +++--- stable/artifactory/CHANGELOG.md | 2 +- stable/artifactory/Chart.yaml | 4 ++-- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 81ddff28b..8eb9f4904 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.77.6] - Nov 23, 2023 +## [107.77.7] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index c7c9dd6df..8b903ad57 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.6 +appVersion: 7.77.7 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.6 + version: 107.77.7 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.77.6 +version: 107.77.7 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 70610745b..0391e5207 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.77.6] - Feb 20, 2024 +## [107.77.7] - Feb 20, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index e4dd5e3ca..691a64c52 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.6 +appVersion: 7.77.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.77.6 +version: 107.77.7 diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index cd1b89946..774daedf1 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.77.6] - Nov 23, 2023 +## [107.77.7] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 9a50500a0..825cd076b 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.6 +appVersion: 7.77.7 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.6 + version: 107.77.7 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.77.6 +version: 107.77.7 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 2e96c35ef..7c3e010ba 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.77.6] - Nov 23, 2023 +## [107.77.7] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 45f86b117..17f5a2a50 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.6 +appVersion: 7.77.7 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.6 + version: 107.77.7 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.77.6 +version: 107.77.7 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 203fae3aa..45cdb8e74 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.77.6] - Feb 20, 2024 +## [107.77.7] - Feb 20, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index f951a6e78..62560d9fc 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.6 +appVersion: 7.77.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.77.6 +version: 107.77.7 From 282c0dcd26d8e3799aa52eb03abd310715c07516 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 14 Mar 2024 10:13:37 +0530 Subject: [PATCH 29/47] [xray] 3.91.3 release --- stable/xray/CHANGELOG.md | 10 ++++++++++ stable/xray/Chart.yaml | 4 ++-- stable/xray/ci/default-values.yaml | 2 +- stable/xray/ci/global-section-values.yaml | 2 +- .../ci/test-rabbitmq-haQuorum-values.yaml | 2 +- .../ci/test-rabbitmq-replicaCount-values.yaml | 2 +- stable/xray/ci/test-values.yaml | 2 +- ...-sizing-2xlarge.yaml => xray-2xlarge.yaml} | 0 ...xray-sizing-large.yaml => xray-large.yaml} | 0 ...ay-sizing-medium.yaml => xray-medium.yaml} | 0 ...xray-sizing-small.yaml => xray-small.yaml} | 0 ...ay-sizing-xlarge.yaml => xray-xlarge.yaml} | 0 ...ay-sizing-xsmall.yaml => xray-xsmall.yaml} | 0 .../xray/templates/xray-ipa-deployment.yaml | 15 +++++---------- .../templates/xray-server-deployment.yaml | 15 +++++---------- stable/xray/templates/xray-statefulset.yaml | 15 +++++---------- .../xray/templates/xray-unified-secret.yaml | 2 +- stable/xray/values.yaml | 19 +++++++++++-------- 18 files changed, 44 insertions(+), 46 deletions(-) rename stable/xray/sizing/{xray-sizing-2xlarge.yaml => xray-2xlarge.yaml} (100%) rename stable/xray/sizing/{xray-sizing-large.yaml => xray-large.yaml} (100%) rename stable/xray/sizing/{xray-sizing-medium.yaml => xray-medium.yaml} (100%) rename stable/xray/sizing/{xray-sizing-small.yaml => xray-small.yaml} (100%) rename stable/xray/sizing/{xray-sizing-xlarge.yaml => xray-xlarge.yaml} (100%) rename stable/xray/sizing/{xray-sizing-xsmall.yaml => xray-xsmall.yaml} (100%) diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index c75c6753c..305f99fea 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,6 +1,16 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. +## [103.91.3] - Feb 21,2024 +* **IMPORTANT** +* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default +* Renamed sizing yaml file names from `xray-sizing-.yaml` to `xray-.yaml` +* **Important change:** +* Update postgresql tag version to `15.2.0-debian-11-r23` +* Renamed `common.xrayUserId` to `podSecurityContext.runAsUser` +* Renamed `common.xrayGroupId` to `podSecurityContext.runAsGroup` and `podSecurityContext.fsGroup` +* Renamed `common.fsGroupChangePolicy` to `podSecurityContext.fsGroupChangePolicy` + ## [103.89.0] - Jan 18,2023 * Remove fallback section from keda. diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index cf493cd93..0d845f1d5 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.90.1 +appVersion: 3.91.3 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.90.1 +version: 103.91.3 diff --git a/stable/xray/ci/default-values.yaml b/stable/xray/ci/default-values.yaml index 0e447dbfb..cf2e7a04a 100644 --- a/stable/xray/ci/default-values.yaml +++ b/stable/xray/ci/default-values.yaml @@ -3,7 +3,7 @@ unifiedUpgradeAllowed: true databaseUpgradeReady: true xray: - jfrogUrl: http://artifactory.rt:8082 + jfrogUrl: http://rt-artifactory.rt:8082 common: persistence: enabled: false diff --git a/stable/xray/ci/global-section-values.yaml b/stable/xray/ci/global-section-values.yaml index 78a5b5b98..118c883ba 100644 --- a/stable/xray/ci/global-section-values.yaml +++ b/stable/xray/ci/global-section-values.yaml @@ -65,7 +65,7 @@ common: cpu: "100m" global: - jfrogUrl: http://artifactory.rt:8082 + jfrogUrl: http://rt-artifactory.rt:8082 masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE customInitContainersBegin: | diff --git a/stable/xray/ci/test-rabbitmq-haQuorum-values.yaml b/stable/xray/ci/test-rabbitmq-haQuorum-values.yaml index 574908369..11de8207c 100644 --- a/stable/xray/ci/test-rabbitmq-haQuorum-values.yaml +++ b/stable/xray/ci/test-rabbitmq-haQuorum-values.yaml @@ -3,7 +3,7 @@ unifiedUpgradeAllowed: true databaseUpgradeReady: true xray: - jfrogUrl: http://artifactory.rt:8082 + jfrogUrl: http://rt-artifactory.rt:8082 common: persistence: enabled: false diff --git a/stable/xray/ci/test-rabbitmq-replicaCount-values.yaml b/stable/xray/ci/test-rabbitmq-replicaCount-values.yaml index 0fa0cb2a4..f0a970860 100644 --- a/stable/xray/ci/test-rabbitmq-replicaCount-values.yaml +++ b/stable/xray/ci/test-rabbitmq-replicaCount-values.yaml @@ -3,7 +3,7 @@ unifiedUpgradeAllowed: true databaseUpgradeReady: true xray: - jfrogUrl: http://artifactory.rt:8082 + jfrogUrl: http://rt-artifactory.rt:8082 common: persistence: enabled: false diff --git a/stable/xray/ci/test-values.yaml b/stable/xray/ci/test-values.yaml index eb571a587..c236816d8 100644 --- a/stable/xray/ci/test-values.yaml +++ b/stable/xray/ci/test-values.yaml @@ -3,7 +3,7 @@ unifiedUpgradeAllowed: true databaseUpgradeReady: true xray: - jfrogUrl: http://artifactory.rt:8082 + jfrogUrl: http://rt-artifactory.rt:8082 unifiedSecretInstallation: true openMetrics: enabled: true diff --git a/stable/xray/sizing/xray-sizing-2xlarge.yaml b/stable/xray/sizing/xray-2xlarge.yaml similarity index 100% rename from stable/xray/sizing/xray-sizing-2xlarge.yaml rename to stable/xray/sizing/xray-2xlarge.yaml diff --git a/stable/xray/sizing/xray-sizing-large.yaml b/stable/xray/sizing/xray-large.yaml similarity index 100% rename from stable/xray/sizing/xray-sizing-large.yaml rename to stable/xray/sizing/xray-large.yaml diff --git a/stable/xray/sizing/xray-sizing-medium.yaml b/stable/xray/sizing/xray-medium.yaml similarity index 100% rename from stable/xray/sizing/xray-sizing-medium.yaml rename to stable/xray/sizing/xray-medium.yaml diff --git a/stable/xray/sizing/xray-sizing-small.yaml b/stable/xray/sizing/xray-small.yaml similarity index 100% rename from stable/xray/sizing/xray-sizing-small.yaml rename to stable/xray/sizing/xray-small.yaml diff --git a/stable/xray/sizing/xray-sizing-xlarge.yaml b/stable/xray/sizing/xray-xlarge.yaml similarity index 100% rename from stable/xray/sizing/xray-sizing-xlarge.yaml rename to stable/xray/sizing/xray-xlarge.yaml diff --git a/stable/xray/sizing/xray-sizing-xsmall.yaml b/stable/xray/sizing/xray-xsmall.yaml similarity index 100% rename from stable/xray/sizing/xray-sizing-xsmall.yaml rename to stable/xray/sizing/xray-xsmall.yaml diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml index afb5e13aa..f2f358c08 100644 --- a/stable/xray/templates/xray-ipa-deployment.yaml +++ b/stable/xray/templates/xray-ipa-deployment.yaml @@ -17,7 +17,7 @@ metadata: unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.server.statefulset.annotations }} annotations: @@ -91,12 +91,7 @@ spec: {{- end }} serviceAccountName: {{ template "xray.serviceAccountName" . }} {{- if .Values.podSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.common.xrayUserId }} - fsGroup: {{ .Values.common.xrayGroupId }} - {{- if .Values.common.fsGroupChangePolicy }} - fsGroupChangePolicy: {{ .Values.common.fsGroupChangePolicy }} - {{- end }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.common.topologySpreadConstraints }} topologySpreadConstraints: @@ -142,7 +137,7 @@ spec: - name: XRAY_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.joinKeySecretName .Values.global.joinKeySecretName) }} name: {{ include "xray.joinKeySecretName" . }} {{- else }} name: "{{ template "xray.name" . }}-unified-secret" @@ -153,7 +148,7 @@ spec: - name: XRAY_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "xray.masterKeySecretName" . }} {{- else }} name: "{{ template "xray.name" . }}-unified-secret" @@ -164,7 +159,7 @@ spec: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "xray.unifiedCustomSecretVolumeName" . }} diff --git a/stable/xray/templates/xray-server-deployment.yaml b/stable/xray/templates/xray-server-deployment.yaml index 277b8362a..8ffce03a5 100644 --- a/stable/xray/templates/xray-server-deployment.yaml +++ b/stable/xray/templates/xray-server-deployment.yaml @@ -17,7 +17,7 @@ metadata: unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.server.statefulset.annotations }} annotations: @@ -91,12 +91,7 @@ spec: {{- end }} serviceAccountName: {{ template "xray.serviceAccountName" . }} {{- if .Values.podSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.common.xrayUserId }} - fsGroup: {{ .Values.common.xrayGroupId }} - {{- if .Values.common.fsGroupChangePolicy }} - fsGroupChangePolicy: {{ .Values.common.fsGroupChangePolicy }} - {{- end }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.common.topologySpreadConstraints }} topologySpreadConstraints: @@ -142,7 +137,7 @@ spec: - name: XRAY_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.joinKeySecretName .Values.global.joinKeySecretName) }} name: {{ include "xray.joinKeySecretName" . }} {{- else }} name: "{{ template "xray.name" . }}-unified-secret" @@ -153,7 +148,7 @@ spec: - name: XRAY_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "xray.masterKeySecretName" . }} {{- else }} name: "{{ template "xray.name" . }}-unified-secret" @@ -164,7 +159,7 @@ spec: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "xray.unifiedCustomSecretVolumeName" . }} diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index 20be2df4f..bdb4b234b 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -16,7 +16,7 @@ metadata: unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.server.statefulset.annotations }} annotations: @@ -87,12 +87,7 @@ spec: {{- end }} serviceAccountName: {{ template "xray.serviceAccountName" . }} {{- if .Values.podSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.common.xrayUserId }} - fsGroup: {{ .Values.common.xrayGroupId }} - {{- if .Values.common.fsGroupChangePolicy }} - fsGroupChangePolicy: {{ .Values.common.fsGroupChangePolicy }} - {{- end }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.common.topologySpreadConstraints }} topologySpreadConstraints: @@ -138,7 +133,7 @@ spec: - name: XRAY_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.joinKeySecretName .Values.global.joinKeySecretName) }} name: {{ include "xray.joinKeySecretName" . }} {{- else }} name: "{{ template "xray.name" . }}-unified-secret" @@ -149,7 +144,7 @@ spec: - name: XRAY_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "xray.masterKeySecretName" . }} {{- else }} name: "{{ template "xray.name" . }}-unified-secret" @@ -160,7 +155,7 @@ spec: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} - {{- if not .Values.xray.unifiedSecretInstallation }} + {{- if or (not .Values.xray.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "xray.unifiedCustomSecretVolumeName" . }} diff --git a/stable/xray/templates/xray-unified-secret.yaml b/stable/xray/templates/xray-unified-secret.yaml index 6fa086858..17b961c78 100644 --- a/stable/xray/templates/xray-unified-secret.yaml +++ b/stable/xray/templates/xray-unified-secret.yaml @@ -20,7 +20,7 @@ stringData: {{- end }} {{- end }} -{{- if not .Values.systemYamlOverride.existingSecret }} +{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.xray.systemYaml }} system.yaml: | {{ tpl .Values.xray.systemYaml . | nindent 4 }} {{- end }} diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index 4d3c7b9e1..aec5bfb6c 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -105,8 +105,9 @@ xray: # adding minAvailable for Xray Pod Disruption Budget # minAvailable: 1 - # unifiedSecretInstallation flag enables single unified secret holding all xray secrets - unifiedSecretInstallation: false + # unifiedSecretInstallation flag enables single unified secret holding all the xray internal(chart) secrets, It won't be affecting external secrets. + ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 103.91.x, Users can switch to false to continue with the old way of secret creation. + unifiedSecretInstallation: true ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ schedulerName: @@ -419,10 +420,15 @@ serviceAccount: ## Explicitly mounts the API credentials for the Service Account automountServiceAccountToken: true -## By default, the Xray StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `common.xrayUserId` value. -## If you want to disable the pod securityContext for the Xray StatefulSet, set this tag to false +## @param podSecurityContext.enabled enable the pod's Security Context podSecurityContext: enabled: true + runAsNonRoot: true + runAsUser: 1035 + runAsGroup: 1035 + fsGroup: 1035 + # fsGroupChangePolicy: "Always" + # seLinuxOptions: {} ## @param containerSecurityContext.enabled enable the container's Security Context containerSecurityContext: @@ -443,7 +449,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.10.0-debian-11-r14 + tag: 15.2.0-debian-11-r23 postgresqlUsername: xray postgresqlPassword: "" postgresqlDatabase: xraydb @@ -812,9 +818,6 @@ rabbitmq: common: ## Note that by default we use appVersion to get image tag # xrayVersion: - xrayUserId: 1035 - xrayGroupId: 1035 - # fsGroupChangePolicy: "Always" # Spread Xray pods evenly across your nodes or some other topology topologySpreadConstraints: [] From 738dfb8459e1ce36ad0d7479e3dc7c15bff55fc6 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 14 Mar 2024 10:22:10 +0530 Subject: [PATCH 30/47] [jfrog-platform] 10.17.3 release --- stable/jfrog-platform/CHANGELOG.md | 5 +++++ stable/jfrog-platform/Chart.lock | 8 ++++---- stable/jfrog-platform/Chart.yaml | 8 ++++---- stable/jfrog-platform/templates/NOTES.txt | 3 ++- stable/jfrog-platform/values.yaml | 2 +- 5 files changed, 16 insertions(+), 10 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 634fa40c1..db9dcc07c 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,11 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.17.3] - Mar 14, 2024 +* Add missing IF statement in `NOTES.txt` +* Update dependency artifactory chart version to 107.77.7 +* Update dependency xray chart version to 103.91.3 + ## [10.17.1] - Feb 29, 2024 * Updated README.md to create a namespace using `--create-namespace` as part of helm install * Updated `artifactory.installerInfo` content diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 9ba838e5b..c937c107e 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -7,10 +7,10 @@ dependencies: version: 11.9.3 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.6 + version: 107.77.7 - name: xray repository: https://charts.jfrog.io/ - version: 103.90.1 + version: 103.91.3 - name: distribution repository: https://charts.jfrog.io/ version: 102.22.2 @@ -20,5 +20,5 @@ dependencies: - name: pipelines repository: https://charts.jfrog.io/ version: 101.55.6 -digest: sha256:7dab87296e623847160abc644f43556da5bb2d7083a357888e68a6db1e11f9e1 -generated: "2024-02-29T20:49:08.265023+05:30" +digest: sha256:4bdf8d88c9d9b387a08a5a790e4c5393a4dc84fe34811cebe0f366bd7a9a0203 +generated: "2024-03-14T08:08:59.105896+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 90907869f..9abee118f 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.6 +appVersion: 7.77.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -12,11 +12,11 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.6 + version: 107.77.7 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.90.1 + version: 103.91.3 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ @@ -50,4 +50,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.17.1 +version: 10.17.3 diff --git a/stable/jfrog-platform/templates/NOTES.txt b/stable/jfrog-platform/templates/NOTES.txt index 8271a00f9..eb3bf2c5c 100644 --- a/stable/jfrog-platform/templates/NOTES.txt +++ b/stable/jfrog-platform/templates/NOTES.txt @@ -50,8 +50,9 @@ Instructions for accessing the JFrog Platform - Username: admin - Password: password {{- end }} - +{{- if .Values.postgresql.enabled }} --------------------------------------------------------------------------------------------------------------------------------------------------- ***WARNING*** You are using the bundled PostgreSQL database from the chart. This bundled database is not suitable for production use cases. Use an external PostgreSQL database for production deployments. --------------------------------------------------------------------------------------------------------------------------------------------------- +{{- end }} \ No newline at end of file diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index 9b0581751..9785c3831 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -213,7 +213,7 @@ rabbitmq: artifactory: enabled: true unifiedUpgradeAllowed: true - installerInfo: '{"productId":"Helm_JFrogPlatform/{{ printf "10.17.0-%s" .Chart.AppVersion }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' + installerInfo: '{"productId":"Helm_JFrogPlatform/{{ printf "10.17.3-%s" .Chart.AppVersion }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' postgresql: enabled: false waitForDatabase: false From 41e776b3995d251f266da429e92cc4d378a49944 Mon Sep 17 00:00:00 2001 From: Rahul Sadanandan Date: Tue, 30 Apr 2024 11:43:50 +0530 Subject: [PATCH 31/47] [xray] 3.94.5 release --- stable/xray/CHANGELOG.md | 14 +++++- stable/xray/Chart.yaml | 4 +- stable/xray/README.md | 4 +- stable/xray/ci/global-section-values.yaml | 24 ++++----- stable/xray/templates/_helpers.tpl | 3 ++ .../xray/templates/xray-ipa-deployment.yaml | 19 ++++--- stable/xray/templates/xray-ipa-svc.yaml | 50 +++++++++++++++++++ .../templates/xray-server-deployment.yaml | 19 ++++--- stable/xray/templates/xray-statefulset.yaml | 19 ++++--- stable/xray/templates/xray-svc.yaml | 4 +- stable/xray/values.yaml | 36 +++++++------ 11 files changed, 137 insertions(+), 59 deletions(-) create mode 100644 stable/xray/templates/xray-ipa-svc.yaml diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 305f99fea..f0ceb720d 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,19 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.91.3] - Feb 21,2024 +## [103.94.5] - Mar 27, 2024 +* **IMPORTANT** +* Added image section for `initContainers` instead of `initContainerImage` +* Removed image section for `loggers` +* Added support for `global.verisons.initContainers` to override `initContainers.image.tag` + +## [103.93.0] - Mar 5,2024 +* Updated rabbitmq multi-arch tag version to to `3.12.10-debian-11-r1` +* Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) +* Updated README.md to create a namespace using `--create-namespace` as part of helm install +* Added a headless service for IPA pod + +## [103.91.0] - Feb 21,2024 * **IMPORTANT** * Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default * Renamed sizing yaml file names from `xray-sizing-.yaml` to `xray-.yaml` diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index 0d845f1d5..d46ecb3bf 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.91.3 +appVersion: 3.94.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.91.3 +version: 103.94.5 diff --git a/stable/xray/README.md b/stable/xray/README.md index adbcb72e5..fb953b032 100644 --- a/stable/xray/README.md +++ b/stable/xray/README.md @@ -45,14 +45,14 @@ Provide the join key and JFrog URL as a parameter to the Xray chart installation ```bash helm upgrade --install xray --set xray.joinKey= \ - --set xray.jfrogUrl= --namespace xray jfrog/xray + --set xray.jfrogUrl= jfrog/xray --namespace xray --create-namespace ``` ### Apply Sizing configurations to the Chart To apply the chart with recommended sizing configurations : For small configurations : ```bash -helm upgrade --install xray --namespace xray jfrog/xray -f sizing/xray-sizing-small.yaml +helm upgrade --install xray jfrog/xray -f sizing/xray-sizing-small.yaml --namespace xray --create-namespace ``` ## Uninstalling Xray diff --git a/stable/xray/ci/global-section-values.yaml b/stable/xray/ci/global-section-values.yaml index 118c883ba..072dca5ca 100644 --- a/stable/xray/ci/global-section-values.yaml +++ b/stable/xray/ci/global-section-values.yaml @@ -16,8 +16,8 @@ common: enabled: false customInitContainersBegin: | - name: "custom-init-begin-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -34,8 +34,8 @@ common: mountPath: "/scriptslocal" customInitContainers: | - name: "custom-init-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -45,8 +45,8 @@ common: name: data-volume customSidecarContainers: | - name: "sidecar-list-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -70,8 +70,8 @@ global: joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE customInitContainersBegin: | - name: "custom-init-begin-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -88,8 +88,8 @@ global: mountPath: "/scriptsglobal" customInitContainers: | - name: "custom-init-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -99,8 +99,8 @@ global: name: data-volume customSidecarContainers: | - name: "sidecar-list-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/stable/xray/templates/_helpers.tpl b/stable/xray/templates/_helpers.tpl index f3df61aa8..07cef99bd 100644 --- a/stable/xray/templates/_helpers.tpl +++ b/stable/xray/templates/_helpers.tpl @@ -442,6 +442,9 @@ Return the proper xray chart image names {{- if and $dot.Values.global.versions.router (eq $indexReference "router") }} {{- $tag = $dot.Values.global.versions.router | toString -}} {{- end -}} + {{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }} + {{- $tag = $dot.Values.global.versions.initContainers | toString -}} + {{- end -}} {{- if and $dot.Values.global.versions.xray (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer")) }} {{- $tag = $dot.Values.global.versions.xray | toString -}} {{- end -}} diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml index f2f358c08..e30d0575e 100644 --- a/stable/xray/templates/xray-ipa-deployment.yaml +++ b/stable/xray/templates/xray-ipa-deployment.yaml @@ -72,8 +72,8 @@ spec: {{- with .Values.filebeat.annotations }} {{ toYaml . | indent 8 }} {{- end }} - {{- range $key, $value := .Values.xray.annotations }} - {{ $key }}: {{ $value | quote }} + {{- with .Values.xray.annotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.xray.schedulerName }} @@ -102,7 +102,8 @@ spec: {{ tpl (include "xray.customInitContainersBegin" .) . | indent 6 }} {{- end }} - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -174,7 +175,8 @@ spec: {{- end }} {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -201,7 +203,8 @@ spec: {{- if .Values.waitForDatabase }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -221,7 +224,8 @@ spec: {{- end }} {{- if and .Values.global.xray.rabbitmq.haQuorum.enabled .Values.common.rabbitmq.waitForReplicasQuorumOnStartup }} - name: "wait-for-rabbitmq-replicas-quorum" - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -1048,7 +1052,8 @@ spec: {{- $mountPath := .Values.xray.persistence.mountPath }} {{- range .Values.xray.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "xray.getImageInfoByValue" (list $ "logger") }} + image: {{ include "xray.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} diff --git a/stable/xray/templates/xray-ipa-svc.yaml b/stable/xray/templates/xray-ipa-svc.yaml new file mode 100644 index 000000000..efdd84881 --- /dev/null +++ b/stable/xray/templates/xray-ipa-svc.yaml @@ -0,0 +1,50 @@ +{{- if .Values.splitXraytoSeparateDeployments.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: xray-ipa-headless + labels: + app: {{ template "xray.name" . }} + chart: {{ template "xray.chart" . }} + component: {{ .Values.xray.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + servicename: ipa + {{- with .Values.xray.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +spec: + clusterIP: None + type: ClusterIP + {{- if .additionalSpec }} +{{ tpl .additionalSpec $ | indent 2 }} + {{- end }} + ports: + - name: http-analysis + port: {{ .Values.analysis.externalPort }} + protocol: TCP + targetPort: {{ .Values.analysis.internalPort }} + - name: http-indexer + port: {{ .Values.indexer.externalPort }} + protocol: TCP + targetPort: {{ .Values.indexer.internalPort }} + - name: http-persist + port: {{ .Values.persist.externalPort }} + protocol: TCP + targetPort: {{ .Values.persist.internalPort }} + - name: http-router + port: {{ .Values.router.externalPort }} + protocol: TCP + targetPort: {{ .Values.router.internalPort }} +{{- if .Values.sbom.enabled }} + - name: http-sbom + port: {{ .Values.sbom.externalPort }} + protocol: TCP + targetPort: {{ .Values.sbom.internalPort }} +{{- end }} + selector: + app: {{ template "xray.name" . }} + component: {{ .Values.xray.name }} + release: {{ .Release.Name }} + servicename: ipa +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-server-deployment.yaml b/stable/xray/templates/xray-server-deployment.yaml index 8ffce03a5..91db97144 100644 --- a/stable/xray/templates/xray-server-deployment.yaml +++ b/stable/xray/templates/xray-server-deployment.yaml @@ -72,8 +72,8 @@ spec: {{- with .Values.filebeat.annotations }} {{ toYaml . | indent 8 }} {{- end }} - {{- range $key, $value := .Values.xray.annotations }} - {{ $key }}: {{ $value | quote }} + {{- with .Values.xray.annotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.xray.schedulerName }} @@ -102,7 +102,8 @@ spec: {{ tpl (include "xray.customInitContainersBegin" .) . | indent 6 }} {{- end }} - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -174,7 +175,8 @@ spec: {{- end }} {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -201,7 +203,8 @@ spec: {{- if .Values.waitForDatabase }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -221,7 +224,8 @@ spec: {{- end }} {{- if and .Values.global.xray.rabbitmq.haQuorum.enabled .Values.common.rabbitmq.waitForReplicasQuorumOnStartup }} - name: "wait-for-rabbitmq-replicas-quorum" - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -562,7 +566,8 @@ spec: {{- $mountPath := .Values.xray.persistence.mountPath }} {{- range .Values.xray.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "xray.getImageInfoByValue" (list $ "logger") }} + image: {{ include "xray.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index bdb4b234b..80d1b3250 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -68,8 +68,8 @@ spec: {{- with .Values.filebeat.annotations }} {{ toYaml . | indent 8 }} {{- end }} - {{- range $key, $value := .Values.xray.annotations }} - {{ $key }}: {{ $value | quote }} + {{- with .Values.xray.annotations }} +{{ toYaml . | indent 8 }} {{- end }} spec: {{- if .Values.xray.schedulerName }} @@ -98,7 +98,8 @@ spec: {{ tpl (include "xray.customInitContainersBegin" .) . | indent 6 }} {{- end }} - name: 'copy-system-yaml' - image: '{{ .Values.initContainerImage }}' + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -170,7 +171,8 @@ spec: {{- end }} {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -197,7 +199,8 @@ spec: {{- if .Values.waitForDatabase }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" + image: "{{ include "xray.getImageInfoByValue" (list . "initContainers") }}" + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -217,7 +220,8 @@ spec: {{- end }} {{- if and .Values.global.xray.rabbitmq.haQuorum.enabled .Values.common.rabbitmq.waitForReplicasQuorumOnStartup }} - name: "wait-for-rabbitmq-replicas-quorum" - image: "{{ .Values.initContainerImage }}" + image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} @@ -1198,7 +1202,8 @@ spec: {{- $mountPath := .Values.xray.persistence.mountPath }} {{- range .Values.xray.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "xray.getImageInfoByValue" (list $ "logger") }} + image: {{ include "xray.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} diff --git a/stable/xray/templates/xray-svc.yaml b/stable/xray/templates/xray-svc.yaml index bce6c4dac..756db8ed6 100644 --- a/stable/xray/templates/xray-svc.yaml +++ b/stable/xray/templates/xray-svc.yaml @@ -14,8 +14,8 @@ metadata: {{- with .Values.server.service }} {{- if .annotations }} annotations: - {{- range $key, $value := .annotations }} - {{ $key }}: {{ $value | quote }} + {{- with .annotations }} +{{ toYaml . | indent 4 }} {{- end }} {{- end }} spec: diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index aec5bfb6c..f7e1de7e5 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -10,6 +10,7 @@ global: ## Note: Order of preference is 1) global.versions 2) common.xrayVersion 3) image tags 4) Chart.AppVersion versions: {} # xray: + # initContainers: # router: # joinKey: # masterKey: @@ -61,11 +62,15 @@ global: ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 imagePullPolicy: IfNotPresent # Init containers initContainers: + image: + registry: releases-docker.jfrog.io + repository: ubi9/ubi-minimal + tag: 9.3.1552 + pullPolicy: IfNotPresent resources: requests: memory: "50Mi" @@ -402,13 +407,6 @@ autoscaling: - name: impactAnalysis value: "100" - -logger: - image: - registry: releases-docker.jfrog.io - repository: ubi9/ubi-minimal - tag: 9.3.1475 - ## Service Account ## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/ ## @@ -518,7 +516,7 @@ rabbitmq: image: registry: releases-docker.jfrog.io repository: bitnami/rabbitmq - tag: 3.11.10-debian-11-r5 + tag: 3.12.10-debian-11-r1 extraPlugins: "rabbitmq_management" auth: @@ -869,8 +867,8 @@ common: ## Add custom init containers execution before predefined init containers customInitContainersBegin: | # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.imagePullPolicy }}" + # image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" # {{- if .Values.containerSecurityContext.enabled }} # securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} # {{- end }} @@ -885,8 +883,8 @@ common: ## Add custom init containers execution after predefined init containers customInitContainers: | # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.imagePullPolicy }}" + # image: "{{ include "xray.getImageInfoByValue" (list . "initContainers") }}" + # imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" # {{- if .Values.containerSecurityContext.enabled }} # securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} # {{- end }} @@ -903,8 +901,8 @@ common: # - The provided example shows running container as root (id 0) customSidecarContainers: | # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.imagePullPolicy }}" + # image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} # {{- if .Values.containerSecurityContext.enabled }} # securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} # {{- end }} @@ -1321,7 +1319,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.95.0 + tag: 7.108.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled. @@ -1407,7 +1405,7 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.21.0 + tag: 1.25.0 imagePullPolicy: IfNotPresent internalPort: 8036 resources: {} @@ -1592,7 +1590,7 @@ autoscalingServer: pollingInterval: 10 cooldownPeriod: 10 queues: - - name: impactAnalysis + - name: alert value: "100" ## Apply horizontal pod auto scaling on Xray ipa pods ## Only applicable when (splitXraytoSeparateDeployments.enabled) is set to true @@ -1629,6 +1627,6 @@ autoscalingIpa: value: "100" - name: persist value: "100" - - name: alert + - name: impactAnalysis value: "100" ################################################################################### From f9144ead46d5edd4390c406b002a359b08075f06 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 3 May 2024 11:23:32 +0530 Subject: [PATCH 32/47] [artifactory] 7.77.11 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +++--- stable/artifactory-ha/CHANGELOG.md | 3 ++- stable/artifactory-ha/Chart.yaml | 4 ++-- stable/artifactory-ha/files/migrate.sh | 4 +++- stable/artifactory-ha/templates/_helpers.tpl | 10 ++++++++++ stable/artifactory-ha/templates/nginx-deployment.yaml | 4 ++++ stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +++--- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +++--- stable/artifactory/CHANGELOG.md | 3 ++- stable/artifactory/Chart.yaml | 4 ++-- stable/artifactory/files/migrate.sh | 4 +++- stable/artifactory/templates/_helpers.tpl | 9 +++++++++ stable/artifactory/templates/nginx-deployment.yaml | 4 ++++ 16 files changed, 53 insertions(+), 20 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 8eb9f4904..36805feb6 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.77.7] - Nov 23, 2023 +## [107.77.11] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 8b903ad57..40ebe8711 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.7 +appVersion: 7.77.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.7 + version: 107.77.11 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.77.7 +version: 107.77.11 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 0391e5207..3697784b2 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,11 +1,12 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.77.7] - Feb 20, 2024 +## [107.77.11] - April 22, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) * Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860) +* Added nginx.customCommand to use custom commands for the nginx container ## [107.76.0] - Dec 13, 2023 * Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index 691a64c52..70e9a27c7 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.7 +appVersion: 7.77.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.77.7 +version: 107.77.11 diff --git a/stable/artifactory-ha/files/migrate.sh b/stable/artifactory-ha/files/migrate.sh index c07985b26..f3d64a4e6 100644 --- a/stable/artifactory-ha/files/migrate.sh +++ b/stable/artifactory-ha/files/migrate.sh @@ -896,7 +896,9 @@ setupScriptLogsRedirection() { # Returns Y if this method is run inside a container isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then + local check1=$(grep -sq 'docker\|kubepods' /proc/1/cgroup; echo $?) + local check2=$(grep -sq 'containers' /proc/self/mountinfo; echo $?) + if [[ $check1 == 0 || $check2 == 0 || -f "/.dockerenv" ]]; then echo -n "$FLAG_Y" else echo -n "$FLAG_N" diff --git a/stable/artifactory-ha/templates/_helpers.tpl b/stable/artifactory-ha/templates/_helpers.tpl index 0456a7b9a..df1ee5880 100644 --- a/stable/artifactory-ha/templates/_helpers.tpl +++ b/stable/artifactory-ha/templates/_helpers.tpl @@ -398,6 +398,16 @@ nginx scheme (http/https) {{- end -}} {{- end -}} + +{{/* +nginx command +*/}} +{{- define "nginx.command" -}} +{{- if .Values.nginx.customCommand }} +{{ toYaml .Values.nginx.customCommand }} +{{- end }} +{{- end -}} + {{/* nginx port (8080/8443) based on http/https enabled */}} diff --git a/stable/artifactory-ha/templates/nginx-deployment.yaml b/stable/artifactory-ha/templates/nginx-deployment.yaml index a086fe9f2..64cb2d067 100644 --- a/stable/artifactory-ha/templates/nginx-deployment.yaml +++ b/stable/artifactory-ha/templates/nginx-deployment.yaml @@ -85,6 +85,10 @@ spec: imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} {{- if .Values.nginx.containerSecurityContext.enabled }} securityContext: {{- omit .Values.nginx.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} + {{- if .Values.nginx.customCommand }} + command: +{{- tpl (include "nginx.command" .) . | indent 10 }} {{- end }} ports: {{ if .Values.nginx.customPorts }} diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index 774daedf1..09082a95e 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.77.7] - Nov 23, 2023 +## [107.77.11] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 825cd076b..4a2799668 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.7 +appVersion: 7.77.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.7 + version: 107.77.11 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.77.7 +version: 107.77.11 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 7c3e010ba..922945f58 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.77.7] - Nov 23, 2023 +## [107.77.11] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 17f5a2a50..38261e0cb 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.7 +appVersion: 7.77.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.7 + version: 107.77.11 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.77.7 +version: 107.77.11 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 45cdb8e74..501b801a3 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,12 +1,13 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.77.7] - Feb 20, 2024 +## [107.77.11] - April 22, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) * Fixed - Removed duplicate keys of the sizing yaml file * Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860) +* Added nginx.customCommand to use custom commands for the nginx container ## [107.76.0] - Dec 13, 2023 * Added connectionTimeout and socketTimeout paramaters under AWSS3 binarystore section diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index 62560d9fc..0cd199950 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.7 +appVersion: 7.77.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.77.7 +version: 107.77.11 diff --git a/stable/artifactory/files/migrate.sh b/stable/artifactory/files/migrate.sh index c07985b26..f3d64a4e6 100644 --- a/stable/artifactory/files/migrate.sh +++ b/stable/artifactory/files/migrate.sh @@ -896,7 +896,9 @@ setupScriptLogsRedirection() { # Returns Y if this method is run inside a container isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then + local check1=$(grep -sq 'docker\|kubepods' /proc/1/cgroup; echo $?) + local check2=$(grep -sq 'containers' /proc/self/mountinfo; echo $?) + if [[ $check1 == 0 || $check2 == 0 || -f "/.dockerenv" ]]; then echo -n "$FLAG_Y" else echo -n "$FLAG_N" diff --git a/stable/artifactory/templates/_helpers.tpl b/stable/artifactory/templates/_helpers.tpl index 33df663a1..424aa718e 100644 --- a/stable/artifactory/templates/_helpers.tpl +++ b/stable/artifactory/templates/_helpers.tpl @@ -368,6 +368,15 @@ nginx scheme (http/https) {{- end -}} {{- end -}} +{{/* +nginx command +*/}} +{{- define "nginx.command" -}} +{{- if .Values.nginx.customCommand }} +{{ toYaml .Values.nginx.customCommand }} +{{- end }} +{{- end -}} + {{/* nginx port (8080/8443) based on http/https enabled */}} diff --git a/stable/artifactory/templates/nginx-deployment.yaml b/stable/artifactory/templates/nginx-deployment.yaml index ec0b8fa6e..a12c0c030 100644 --- a/stable/artifactory/templates/nginx-deployment.yaml +++ b/stable/artifactory/templates/nginx-deployment.yaml @@ -88,6 +88,10 @@ spec: imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} {{- if .Values.nginx.containerSecurityContext.enabled }} securityContext: {{- omit .Values.nginx.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} + {{- if .Values.nginx.customCommand }} + command: +{{- tpl (include "nginx.command" .) . | indent 10 }} {{- end }} ports: {{ if .Values.nginx.customPorts }} From a4e91d1932fea92409d98a02380395af89df5886 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 3 May 2024 11:24:05 +0530 Subject: [PATCH 33/47] [distribution] 2.24.0 release --- stable/distribution/CHANGELOG.md | 35 ++++- stable/distribution/Chart.yaml | 4 +- stable/distribution/README.md | 4 +- .../ci/global-section-values.yaml | 24 +-- stable/distribution/files/system.yaml | 34 ++++ stable/distribution/templates/NOTES.txt | 7 + stable/distribution/templates/_helpers.tpl | 17 ++ .../templates/_system-yaml-render.tpl | 5 + .../templates/distribution-statefulset.yaml | 135 ++++++---------- .../templates/distribution-svc.yaml | 6 + .../templates/distribution-system-yaml.yaml | 2 +- .../distribution-unified-secret.yaml | 4 +- stable/distribution/values.yaml | 146 ++++++++++-------- 13 files changed, 250 insertions(+), 173 deletions(-) create mode 100644 stable/distribution/files/system.yaml create mode 100644 stable/distribution/templates/_system-yaml-render.tpl diff --git a/stable/distribution/CHANGELOG.md b/stable/distribution/CHANGELOG.md index a0229ff16..97669b36d 100644 --- a/stable/distribution/CHANGELOG.md +++ b/stable/distribution/CHANGELOG.md @@ -1,13 +1,42 @@ # JFrog Distribution Chart Changelog All changes to this project chart be documented in this file. -## [102.22.2] - Dec 22, 2023 +## [102.24.0] - Mar 27, 2024 +* Added image section for `initContainers` instead of `initContainerImage` +* Renamed `distribution.image.imagePullPolicy` to `distribution.image.pullPolicy` +* Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` +* Renamed `observability.image.imagePullPolicy` to `observability.image.pullPolicy` +* Removed loggers.image section +* Added support for `global.verisons.initContainers` to override `initContainers.image.tag` +* Fixed an issue with extraSystemYaml merge + + +## [102.23.0] - Feb 15, 2024 +* **IMPORTANT** +* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default +* **Important change:** +* Update postgresql tag version to `15.2.0-debian-11-r23` +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true +* Added support for distribution on openshift by setting `podSecurityContext` and `containerSecurityContext` to false +* **IMPORTANT** +* Renamed `common.uid` to `podSecurityContext.runAsUser` +* Renamed `common.gid` to `podSecurityContext.runAsGroup` and `podSecurityContext.fsGroup` +* Renamed `common.fsGroupChangePolicy` to `podSecurityContext.fsGroupChangePolicy` +* Added `redis.containerSecurityContext` to support openshift +* Renamed `redis.uid` to `redis.containerSecurityContext.runAsUser` +* Updated README.md to create a namespace using `--create-namespace` as part of helm install +* Updated redis multi-arch tag version to 7.2.4-debian-11-r5 +* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml). +* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given. +* Added IPV4/IPV6 Dualstack flag support for Distribution chart + +## [102.22.0] - Dec 22, 2023 * Added recommended sizing configurations under sizing directory, please refer [here](README.md/#apply-sizing-configurations-to-the-chart) -## [102.21.0] - Nov 22, 2023 +## [102.21.0] - Nov 27, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * Removed default hardcoded javaOpts `-Xms2g -Xmx4g` from distribution.sh file -* Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/distribution/Chart.yaml b/stable/distribution/Chart.yaml index 4263aa2a3..788230e34 100644 --- a/stable/distribution/Chart.yaml +++ b/stable/distribution/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.22.2 +appVersion: 2.24.0 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: distribution sources: - https://github.com/jfrog/charts type: application -version: 102.22.2 +version: 102.24.0 diff --git a/stable/distribution/README.md b/stable/distribution/README.md index 6702be881..dfede37f5 100644 --- a/stable/distribution/README.md +++ b/stable/distribution/README.md @@ -37,14 +37,14 @@ Provide a join key and the JFrog URL as a parameter to the Distribution chart in ```bash helm upgrade --install distribution --set distribution.joinKey= \ - --set distribution.jfrogUrl= --namespace distribution jfrog/distribution + --set distribution.jfrogUrl= jfrog/distribution --namespace distribution --create-namespace ``` ### Apply Sizing configurations to the Chart To apply the chart with recommended sizing configurations : For small configurations : ```bash -helm upgrade --install distribution --namespace distribution jfrog/distribution -f sizing/distribution-small.yaml +helm upgrade --install distribution jfrog/distribution -f sizing/distribution-small.yaml --namespace distribution --create-namespace ``` ## Uninstalling Distribution diff --git a/stable/distribution/ci/global-section-values.yaml b/stable/distribution/ci/global-section-values.yaml index 5295a048f..63c1923e2 100644 --- a/stable/distribution/ci/global-section-values.yaml +++ b/stable/distribution/ci/global-section-values.yaml @@ -33,8 +33,8 @@ global: joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE customInitContainersBegin: | - name: "custom-init-begin-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" command: - 'sh' - '-c' @@ -51,8 +51,8 @@ global: mountPath: "/scriptsglobal" customInitContainers: | - name: "custom-init-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" command: - 'sh' - '-c' @@ -62,8 +62,8 @@ global: name: distribution-data customSidecarContainers: | - name: "sidecar-list-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" securityContext: allowPrivilegeEscalation: false capabilities: @@ -84,8 +84,8 @@ global: common: customInitContainersBegin: | - name: "custom-init-begin-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" command: - 'sh' - '-c' @@ -102,8 +102,8 @@ common: mountPath: "/scriptslocal" customInitContainers: | - name: "custom-init-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" command: - 'sh' - '-c' @@ -113,8 +113,8 @@ common: name: distribution-data customSidecarContainers: | - name: "sidecar-list-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.imagePullPolicy }}" + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/stable/distribution/files/system.yaml b/stable/distribution/files/system.yaml new file mode 100644 index 000000000..0ce5f7bff --- /dev/null +++ b/stable/distribution/files/system.yaml @@ -0,0 +1,34 @@ +router: + serviceRegistry: + insecure: {{ .Values.router.serviceRegistry.insecure }} +shared: + logging: + consoleLog: + enabled: {{ .Values.distribution.consoleLog }} + jfrogUrl: "{{ tpl (required "\n\ndistribution.jfrogUrl or global.jfrogUrl is required! This allows to connect to Artifactory.\nYou can copy the JFrog URL from Administration > User Management > Settings > Connection details" (include "distribution.jfrogUrl" .)) . }}" + database: + {{- if .Values.postgresql.enabled }} + type: "postgresql" + driver: "org.postgresql.Driver" + username: "{{ .Values.postgresql.postgresqlUsername }}" + url: "postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + {{ else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} +distribution: + extraJavaOpts: > + {{- if .Values.newRelic.apm.enabled }} + -javaagent:{{ .Values.distribution.persistence.mountPath }}/etc/newrelic/newrelic.jar + {{- end }} + {{- with .Values.distribution.javaOpts }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} \ No newline at end of file diff --git a/stable/distribution/templates/NOTES.txt b/stable/distribution/templates/NOTES.txt index b85cfb9db..c497ec4fd 100644 --- a/stable/distribution/templates/NOTES.txt +++ b/stable/distribution/templates/NOTES.txt @@ -15,6 +15,13 @@ Congratulations. You have just deployed JFrog Distribution! ******************************************************************************************** {{- end }} +{{- if or .Values.common.uid .Values.common.gid .Values.common.fsGroupChangePolicy }} +****************************************** WARNING ********************************************** +* From chart version 102.23.x, `common.uid,common.gid,common.fsGroupChangePolicy` has been moved under `podSecurityContext` + please change your values.yaml before upgrade , For more Info , refer to 102.23.x changelog * +************************************************************************************************* +{{- end }} + {{- if and (or (or (or .Values.systemYamlOverride.existingSecret (or .Values.distribution.masterKeySecretName .Values.global.masterKeySecretName)) (or .Values.distribution.joinKeySecretName .Values.global.joinKeySecretName)) .Values.database.secrets) .Values.distribution.unifiedSecretInstallation }} ****************************************** WARNING ************************************************************************************************** * The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.* diff --git a/stable/distribution/templates/_helpers.tpl b/stable/distribution/templates/_helpers.tpl index d88f8d862..ce6b82c3a 100644 --- a/stable/distribution/templates/_helpers.tpl +++ b/stable/distribution/templates/_helpers.tpl @@ -204,6 +204,9 @@ Return the proper distribution chart image names {{- if and $dot.Values.global.versions.router (eq $indexReference "router") }} {{- $tag = $dot.Values.global.versions.router | toString -}} {{- end -}} + {{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }} + {{- $tag = $dot.Values.global.versions.initContainers | toString -}} + {{- end -}} {{- if and $dot.Values.global.versions.distribution (eq $indexReference "distribution") }} {{- $tag = $dot.Values.global.versions.distribution | toString -}} {{- end -}} @@ -266,3 +269,17 @@ if the volume exists in customVolume then an extra volume with the same name wil {{- printf "%s" "false" -}} {{- end -}} {{- end -}} + +{{/* +Calculate the systemYaml from structured and unstructured text input +*/}} +{{- define "distribution.finalSystemYaml" -}} +{{ tpl (mergeOverwrite (include "distribution.systemYaml" . | fromYaml) .Values.distribution.extraSystemYaml | toYaml) . }} +{{- end -}} + +{{/* +Calculate the systemYaml from the unstructured text input +*/}} +{{- define "distribution.systemYaml" -}} +{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} +{{- end -}} diff --git a/stable/distribution/templates/_system-yaml-render.tpl b/stable/distribution/templates/_system-yaml-render.tpl new file mode 100644 index 000000000..944b16d28 --- /dev/null +++ b/stable/distribution/templates/_system-yaml-render.tpl @@ -0,0 +1,5 @@ +{{- if .Values.distribution.systemYaml -}} +{{- tpl .Values.distribution.systemYaml . -}} +{{- else -}} +{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }} +{{- end -}} \ No newline at end of file diff --git a/stable/distribution/templates/distribution-statefulset.yaml b/stable/distribution/templates/distribution-statefulset.yaml index b0e5ca638..d8f3d5f84 100644 --- a/stable/distribution/templates/distribution-statefulset.yaml +++ b/stable/distribution/templates/distribution-statefulset.yaml @@ -15,7 +15,7 @@ metadata: unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Distribution 1.x currently not supported!\nIf this is an upgrade over an existing Distribution 2.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/distribution/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/distribution/CHANGELOG.md)\nNote: If you are upgrading from a chart version (< 102.23.x) that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 102.23.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.distribution.statefulset.annotations }} annotations: @@ -67,12 +67,9 @@ spec: {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "distribution.imagePullSecrets" . | indent 6 }} {{- end }} - securityContext: - runAsUser: {{ .Values.common.uid }} - fsGroup: {{ .Values.common.gid }} - {{- if .Values.common.fsGroupChangePolicy }} - fsGroupChangePolicy: {{ .Values.common.fsGroupChangePolicy }} - {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} {{- if .Values.common.topologySpreadConstraints }} topologySpreadConstraints: {{ tpl (toYaml .Values.common.topologySpreadConstraints) . | indent 8 }} @@ -82,13 +79,11 @@ spec: {{ tpl (include "distribution.customInitContainersBegin" .) . | indent 6 }} {{- end }} - name: 'copy-system-configurations' - image: '{{ .Values.initContainerImage }}' - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: @@ -129,7 +124,7 @@ spec: - name: DISTRIBUTION_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.distribution.unifiedSecretInstallation }} + {{- if or (not .Values.distribution.unifiedSecretInstallation) (or .Values.distribution.joinKeySecretName .Values.global.joinKeySecretName) }} name: {{ include "distribution.joinKeySecretName" . }} {{- else }} name: "{{ template "distribution.name" . }}-unified-secret" @@ -140,7 +135,7 @@ spec: - name: DISTRIBUTION_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.distribution.unifiedSecretInstallation }} + {{- if or (not .Values.distribution.unifiedSecretInstallation) (or .Values.distribution.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "distribution.masterKeySecretName" . }} {{- else }} name: "{{ template "distribution.name" . }}-unified-secret" @@ -155,8 +150,7 @@ spec: mountPath: /tmp/newrelic/newrelic.yml subPath: newrelic.yml {{- end }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.distribution.systemYaml }} - {{- if not .Values.distribution.unifiedSecretInstallation }} + {{- if or (not .Values.distribution.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "distribution.unifiedCustomSecretVolumeName" . }} @@ -164,20 +158,17 @@ spec: {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.distribution.systemYaml }} + {{- else }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- end }} - {{- end }} {{- if or .Values.distribution.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: @@ -194,13 +185,11 @@ spec: {{- if .Values.waitForDatabase }} {{- if .Values.postgresql.enabled }} - name: 'wait-for-db' - image: '{{ .Values.initContainerImage }}' - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: @@ -218,14 +207,10 @@ spec: {{- if and .Release.IsUpgrade .Values.distribution.migration.enabled }} - name: migration-{{ .Values.distribution.name }} image: {{ include "distribution.getImageInfoByValue" (list $ "distribution") }} - imagePullPolicy: {{ .Values.distribution.image.imagePullPolicy }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.common.uid }} - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + imagePullPolicy: {{ .Values.distribution.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: @@ -259,14 +244,10 @@ spec: containers: - name: {{ .Values.distribution.name }} image: {{ include "distribution.getImageInfoByValue" (list $ "distribution") }} - imagePullPolicy: {{ .Values.distribution.image.imagePullPolicy }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.common.uid }} - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + imagePullPolicy: {{ .Values.distribution.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} ports: - name: http-distro containerPort: {{ .Values.distribution.internalPort }} @@ -377,13 +358,10 @@ spec: {{- end }} - name: {{ .Values.router.name }} image: {{ include "distribution.getImageInfoByValue" (list $ "router") }} - imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + imagePullPolicy: {{ .Values.router.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} command: - '/bin/bash' - '-c' @@ -428,13 +406,10 @@ spec: {{- end }} - name: {{ .Values.observability.name }} image: {{ include "distribution.getImageInfoByValue" (list . "observability") }} - imagePullPolicy: {{ .Values.observability.image.imagePullPolicy }} - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + imagePullPolicy: {{ .Values.observability.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} command: - '/bin/sh' - '-c' @@ -464,12 +439,9 @@ spec: - name: redis image: {{ include "distribution.getImageInfoByValue" (list $ "redis") }} imagePullPolicy: {{ .Values.redis.image.pullPolicy }} - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.redis.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.redis.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} env: - name: REDIS_REPLICATION_MODE value: master @@ -513,13 +485,11 @@ spec: {{- $mountPath := .Values.distribution.persistence.mountPath }} {{- range .Values.distribution.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "distribution.getImageInfoByValue" (list $ "logger") }} - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + image: {{ include "distribution.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} command: - 'sh' - '-c' @@ -537,12 +507,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} args: - "-e" - "-E" @@ -619,7 +586,7 @@ spec: secretName: {{ template "distribution.name" . }}-unified-secret {{- else if not .Values.distribution.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ - {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.distribution.systemYaml }} + {{- if and (not .Values.systemYamlOverride.existingSecret) }} - name: systemyaml secret: secretName: {{ printf "%s-%s" (include "distribution.fullname" .) "systemyaml" }} diff --git a/stable/distribution/templates/distribution-svc.yaml b/stable/distribution/templates/distribution-svc.yaml index c1cc464fe..407aafb49 100644 --- a/stable/distribution/templates/distribution-svc.yaml +++ b/stable/distribution/templates/distribution-svc.yaml @@ -16,6 +16,12 @@ metadata: {{ toYaml .Values.distribution.service.annotations | indent 4 }} {{- end }} spec: + {{- if .Values.distribution.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.distribution.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.distribution.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.distribution.service.ipFamilies | nindent 4 }} + {{- end }} type: {{ .Values.distribution.service.type }} ports: - name: http-distro diff --git a/stable/distribution/templates/distribution-system-yaml.yaml b/stable/distribution/templates/distribution-system-yaml.yaml index 3f994e319..d15f06238 100644 --- a/stable/distribution/templates/distribution-system-yaml.yaml +++ b/stable/distribution/templates/distribution-system-yaml.yaml @@ -12,5 +12,5 @@ metadata: type: Opaque stringData: system.yaml: | -{{ tpl .Values.distribution.systemYaml . | indent 4 }} +{{ include "distribution.finalSystemYaml" . | nindent 4 }} {{- end }} diff --git a/stable/distribution/templates/distribution-unified-secret.yaml b/stable/distribution/templates/distribution-unified-secret.yaml index 95095fea7..69bcef202 100644 --- a/stable/distribution/templates/distribution-unified-secret.yaml +++ b/stable/distribution/templates/distribution-unified-secret.yaml @@ -12,9 +12,9 @@ metadata: type: Opaque stringData: -{{- if not .Values.systemYamlOverride.existingSecret }} +{{- if and (not .Values.systemYamlOverride.existingSecret) }} system.yaml: | -{{ tpl .Values.distribution.systemYaml . | indent 4 }} +{{ include "distribution.finalSystemYaml" . | nindent 4 }} {{- end }} {{- if .Values.distribution.customSecrets }} diff --git a/stable/distribution/values.yaml b/stable/distribution/values.yaml index 6cd702659..adfd3bcc7 100644 --- a/stable/distribution/values.yaml +++ b/stable/distribution/values.yaml @@ -12,6 +12,7 @@ global: versions: {} # distribution: # router: + # initContainers: # jfrogUrl: # joinKey: # masterKey: @@ -42,9 +43,14 @@ global: ## String to fully override distribution.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1361.1699548032 + # Init containers initContainers: + image: + registry: releases-docker.jfrog.io + repository: ubi9/ubi-minimal + tag: 9.3.1552 + pullPolicy: IfNotPresent resources: requests: memory: "50Mi" @@ -130,6 +136,22 @@ serviceAccount: name: ## Explicitly mounts the API credentials for the Service Account automountServiceAccountToken: false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Disable containerSecurityContext for openshift +containerSecurityContext: + enabled: true + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW +## Disable podSecurityContext for openshift +podSecurityContext: + enabled: true + runAsUser: 1020 + runAsGroup: 1020 + fsGroup: 1020 + # fsGroupChangePolicy: "Always" # PostgreSQL ## Configuration values for the PostgreSQL dependency sub-chart ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md @@ -138,7 +160,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.10.0-debian-11-r14 + tag: 15.2.0-debian-11-r23 postgresqlUsername: distribution postgresqlPassword: "" postgresqlDatabase: distribution @@ -160,12 +182,17 @@ postgresql: affinity: {} tolerations: [] resources: {} - # requests: - # memory: "1Gi" - # cpu: "250m" - # limits: - # memory: "2Gi" - # cpu: "1" + ## Disable SecurityContext and containerSecurityContext for openshift + securityContext: + enabled: true + containerSecurityContext: + enabled: true + # requests: + # memory: "1Gi" + # cpu: "250m" + # limits: + # memory: "2Gi" + # cpu: "1" ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## specify custom/external database details here database: @@ -195,13 +222,12 @@ redis: image: registry: releases-docker.jfrog.io repository: bitnami/redis - tag: 7.2.0-debian-11-r2 + tag: 7.2.4-debian-11-r5 pullPolicy: IfNotPresent port: 6379 password: "" ## Alternatively, you can use a pre-existing secret with a key called redis-password by specifying existingSecret # existingSecret: - uid: 1001 disableCommands: "FLUSHDB,FLUSHALL" persistence: enabled: true @@ -212,6 +238,11 @@ redis: ## If defined, PVC must be created manually before volume will be bound # existingClaim: accessMode: ReadWriteOnce + ## Disable containerSecurityContext for openshift + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 resources: {} # requests: # memory: "256Mi" @@ -224,10 +255,6 @@ redis: tolerations: [] affinity: {} common: - uid: 1020 - gid: 1020 - # fsGroupChangePolicy: "Always" - # Spread Distribution pods evenly across your nodes or some other topology topologySpreadConstraints: [] # - maxSkew: 1 @@ -264,8 +291,8 @@ common: ## Add custom init containers execution before predefined init containers customInitContainersBegin: "" # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.distribution.image.pullPolicy }}" + # image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -283,8 +310,8 @@ common: ## Add custom init containers execution after predefined init containers customInitContainers: "" # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.distribution.image.pullPolicy }}" + # image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -303,8 +330,8 @@ common: # - The provided example uses a custom volume (customVolumes) customSidecarContainers: "" # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.imagePullPolicy }}" + # image: {{ include "distribution.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: "{{ .Values.initContainers.image.pullPolicy }}" # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -328,11 +355,6 @@ common: # limits: # memory: "128Mi" # cpu: "100m" -logger: - image: - registry: releases-docker.jfrog.io - repository: ubi9/ubi-minimal - tag: 9.3.1361.1699548032 distribution: name: distribution ## Note that by default we use appVersion to get image tag/version @@ -340,9 +362,10 @@ distribution: registry: releases-docker.jfrog.io repository: jfrog/distribution-distribution # tag: - imagePullPolicy: IfNotPresent - # unifiedSecretInstallation flag enables single unified secret holding all the distribution secrets - unifiedSecretInstallation: false + pullPolicy: IfNotPresent + # unifiedSecretInstallation flag enables single unified secret holding all the distribution internal(chart) secrets, It won't be affecting external secrets. + ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 102.23.0, Users can switch to false to continue with the old way of secret creation. + unifiedSecretInstallation: true ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ schedulerName: # Create a priority class for the Distribution pod or use an existing one @@ -399,43 +422,32 @@ distribution: # - name: JF_DISTRIBUTION_DATABASE_URL # value: "jdbc:postgresql://localhost:5432/distribution" - systemYaml: | - router: - serviceRegistry: - insecure: {{ .Values.router.serviceRegistry.insecure }} - shared: - logging: - consoleLog: - enabled: {{ .Values.distribution.consoleLog }} - jfrogUrl: "{{ tpl (required "\n\ndistribution.jfrogUrl or global.jfrogUrl is required! This allows to connect to Artifactory.\nYou can copy the JFrog URL from Administration > User Management > Settings > Connection details" (include "distribution.jfrogUrl" .)) . }}" - database: - {{- if .Values.postgresql.enabled }} - type: "postgresql" - driver: "org.postgresql.Driver" - username: "{{ .Values.postgresql.postgresqlUsername }}" - url: "postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - {{ else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - distribution: - extraJavaOpts: > - {{- if .Values.newRelic.apm.enabled }} - -javaagent:{{ .Values.distribution.persistence.mountPath }}/etc/newrelic/newrelic.jar - {{- end }} - {{- with .Values.distribution.javaOpts }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} + ## System YAML entries now reside under files/system.yaml. + ## You can provide the specific values that you want to add or override under 'distribution.extraSystemYaml'. + ## For example: + ## extraSystemYaml: + ## shared: + ## node: + ## id: my-instance + ## The entries provided under 'distribution.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml. + ## If you have already provided system.yaml under, 'distribution.systemYaml', the values in that entry take precedence over files/system.yaml + ## You can modify specific entries with your own value under `distribution.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'distribution.systemYaml' and files/system.yaml + extraSystemYaml: {} + ## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml. + ## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml. + # systemYaml: service: type: ClusterIP + ## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific) + ## This can be either SingleStack, PreferDualStack or RequireDualStack + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilyPolicy: "" + ## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific) + ## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"] + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilies: [] statefulset: annotations: {} ## Add custom volumeMounts @@ -556,8 +568,8 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.89.0 - imagePullPolicy: IfNotPresent + tag: 7.103.0 + pullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled insecure: false @@ -637,8 +649,8 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.17.0 - imagePullPolicy: IfNotPresent + tag: 1.25.0 + pullPolicy: IfNotPresent internalPort: 8036 resources: {} # requests: From d06b7b469104d4aab8e9d0f2ff8e7ff521adfc1f Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 3 May 2024 11:24:32 +0530 Subject: [PATCH 34/47] [jfrog-platform] 10.17.4 release --- stable/jfrog-platform/CHANGELOG.md | 11 +++++++++++ stable/jfrog-platform/Chart.lock | 10 +++++----- stable/jfrog-platform/Chart.yaml | 10 +++++----- stable/jfrog-platform/values.yaml | 2 +- 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index db9dcc07c..fdd1a20b6 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,17 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.17.4] - May 2, 2024 +* Update dependency artifactory chart version to 107.77.11 +* Update dependency xray chart version to 103.94.5 +* Update dependency distribution chart version to 102.24.0 +* Update global.versions.router version to `7.108.0` + +## [10.17.3] - Mar 14, 2024 +* Add missing IF statement in `NOTES.txt` +* Update dependency artifactory chart version to 107.77.7 +* Update dependency xray chart version to 103.91.3 + ## [10.17.3] - Mar 14, 2024 * Add missing IF statement in `NOTES.txt` * Update dependency artifactory chart version to 107.77.7 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index c937c107e..fea376103 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -7,18 +7,18 @@ dependencies: version: 11.9.3 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.7 + version: 107.77.11 - name: xray repository: https://charts.jfrog.io/ - version: 103.91.3 + version: 103.94.5 - name: distribution repository: https://charts.jfrog.io/ - version: 102.22.2 + version: 102.24.0 - name: insight repository: https://charts.jfrog.io/ version: 101.16.7 - name: pipelines repository: https://charts.jfrog.io/ version: 101.55.6 -digest: sha256:4bdf8d88c9d9b387a08a5a790e4c5393a4dc84fe34811cebe0f366bd7a9a0203 -generated: "2024-03-14T08:08:59.105896+05:30" +digest: sha256:d1bb804cd66d32819226141a2fd1bb4689c8c98389e48c96678767566f371ef5 +generated: "2024-05-02T11:10:10.019359+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 9abee118f..55c95d975 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.7 +appVersion: 7.77.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -12,15 +12,15 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.7 + version: 107.77.11 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.91.3 + version: 103.94.5 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ - version: 102.22.2 + version: 102.24.0 - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ @@ -50,4 +50,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.17.3 +version: 10.17.4 diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index 9785c3831..d0f209181 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -23,7 +23,7 @@ global: ## For example : For artifactory, using global.versions.artifactory ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion versions: - router: 7.95.0 + router: 7.108.0 # artifactory: # xray: # distribution: From 057dd85ed88d2f7133eb24a8252b8c9c81c92820 Mon Sep 17 00:00:00 2001 From: Ram Mohan Rao Chukka <1331672+chukka@users.noreply.github.com> Date: Mon, 13 May 2024 01:40:28 +0530 Subject: [PATCH 35/47] [artifactory] 7.84.10 release (#1879) --- stable/artifactory-cpp-ce/CHANGELOG.md | 8 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +- stable/artifactory-cpp-ce/README.md | 6 +- stable/artifactory-cpp-ce/values.yaml | 9 +- stable/artifactory-ha/CHANGELOG.md | 51 ++- stable/artifactory-ha/Chart.yaml | 6 +- stable/artifactory-ha/README.md | 4 +- stable/artifactory-ha/ci/global-values.yaml | 32 +- .../ci/rtsplit-access-tls-values.yaml | 9 - stable/artifactory-ha/ci/rtsplit-values.yaml | 17 - stable/artifactory-ha/ci/test-values.yaml | 13 +- stable/artifactory-ha/files/binarystore.xml | 66 +++ .../artifactory-ha/files/installer-info.json | 32 ++ stable/artifactory-ha/files/migrate.sh | 38 +- .../files/migrationHelmInfo.yaml | 5 - stable/artifactory-ha/files/system.yaml | 149 +++++++ stable/artifactory-ha/templates/NOTES.txt | 7 + stable/artifactory-ha/templates/_helpers.tpl | 63 ++- .../templates/_system-yaml-render.tpl | 5 + .../templates/artifactory-installer-info.yaml | 6 +- .../templates/artifactory-license-secret.yaml | 2 +- .../artifactory-node-statefulset.yaml | 158 ++++--- .../artifactory-primary-service.yaml | 6 + .../artifactory-primary-statefulset.yaml | 177 ++++---- .../templates/artifactory-secrets.yaml | 4 +- .../templates/artifactory-service.yaml | 6 + .../templates/artifactory-system-yaml.yaml | 2 +- .../templates/artifactory-unified-secret.yaml | 18 +- stable/artifactory-ha/templates/ingress.yaml | 156 +------ .../templates/nginx-deployment.yaml | 7 +- .../templates/nginx-service.yaml | 6 + stable/artifactory-ha/values.yaml | 401 +++++++----------- stable/artifactory-jcr/CHANGELOG.md | 8 +- stable/artifactory-jcr/Chart.yaml | 6 +- stable/artifactory-jcr/README.md | 6 +- stable/artifactory-jcr/values.yaml | 9 +- stable/artifactory-oss/CHANGELOG.md | 8 +- stable/artifactory-oss/Chart.yaml | 6 +- stable/artifactory-oss/README.md | 6 +- stable/artifactory-oss/values.yaml | 9 +- stable/artifactory/CHANGELOG.md | 45 +- stable/artifactory/Chart.yaml | 4 +- stable/artifactory/README.md | 4 +- stable/artifactory/ci/derby-test-values.yaml | 3 +- stable/artifactory/ci/global-values.yaml | 32 +- .../ci/rtsplit-values-access-tls-values.yaml | 9 - stable/artifactory/ci/rtsplit-values.yaml | 17 - stable/artifactory/ci/test-values.yaml | 10 - stable/artifactory/files/binarystore.xml | 60 +++ stable/artifactory/files/installer-info.json | 32 ++ stable/artifactory/files/migrate.sh | 38 +- .../artifactory/files/migrationHelmInfo.yaml | 5 - stable/artifactory/files/system.yaml | 142 +++++++ stable/artifactory/templates/NOTES.txt | 7 + stable/artifactory/templates/_helpers.tpl | 47 +- .../templates/_system-yaml-render.tpl | 5 + .../templates/artifactory-installer-info.yaml | 6 +- .../templates/artifactory-license-secret.yaml | 2 +- .../templates/artifactory-secrets.yaml | 2 + .../templates/artifactory-service.yaml | 6 + .../templates/artifactory-statefulset.yaml | 147 ++++--- .../templates/artifactory-system-yaml.yaml | 3 +- .../templates/artifactory-unified-secret.yaml | 12 +- stable/artifactory/templates/ingress.yaml | 158 +------ .../templates/nginx-deployment.yaml | 7 +- .../artifactory/templates/nginx-service.yaml | 6 + stable/artifactory/values.yaml | 361 ++++++---------- 67 files changed, 1345 insertions(+), 1358 deletions(-) create mode 100644 stable/artifactory-ha/files/installer-info.json create mode 100644 stable/artifactory-ha/files/system.yaml create mode 100644 stable/artifactory-ha/templates/_system-yaml-render.tpl create mode 100644 stable/artifactory/files/installer-info.json create mode 100644 stable/artifactory/files/system.yaml create mode 100644 stable/artifactory/templates/_system-yaml-render.tpl diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 36805feb6..b8a35e348 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,13 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.77.11] - Nov 23, 2023 +## [107.84.10] - Feb 20, 2024 +* Updated `artifactory.installerInfo` content + +## [107.80.0] - Feb 1, 2024 +* Updated README.md to create a namespace using `--create-namespace` as part of helm install + +## [107.74.0] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 40ebe8711..472585331 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.11 +appVersion: 7.84.10 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.11 + version: 107.84.10 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.77.11 +version: 107.84.10 diff --git a/stable/artifactory-cpp-ce/README.md b/stable/artifactory-cpp-ce/README.md index 5f2f6105c..afe4c23bf 100644 --- a/stable/artifactory-cpp-ce/README.md +++ b/stable/artifactory-cpp-ce/README.md @@ -30,7 +30,7 @@ helm repo update ### Install Chart To install the chart with the release name `artifactory-cpp-ce`: ```bash -helm upgrade --install artifactory-cpp-ce --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-cpp-ce jfrog/artifactory-cpp-ce +helm upgrade --install artifactory-cpp-ce --set artifactory.postgresql.postgresqlPassword= jfrog/artifactory-cpp-ce --namespace artifactory-cpp-ce --create-namespace ``` ### Accessing Artifactory CE for C++ @@ -39,7 +39,7 @@ helm upgrade --install artifactory-cpp-ce --set artifactory.postgresql.postgresq ### Updating Artifactory CE for C++ Once you have a new chart version, you can upgrade your deployment with ```bash -helm upgrade artifactory-cpp-ce --namespace artifactory-cpp-ce jfrog/artifactory-cpp-ce +helm upgrade artifactory-cpp-ce jfrog/artifactory-cpp-ce --namespace artifactory-cpp-ce --create-namespace ``` ### Special Upgrade Notes @@ -85,7 +85,7 @@ helm upgrade --install artifactory-cpp-ce \ --set artifactory.ingress.enabled=true \ --set artifactory.ingress.hosts[0]="artifactory.company.com" \ --set artifactory.artifactory.service.type=NodePort \ - --namespace artifactory-cpp-ce jfrog/artifactory-cpp-ce + jfrog/artifactory-cpp-ce --namespace artifactory-cpp-ce --create-namespace ``` To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: diff --git a/stable/artifactory-cpp-ce/values.yaml b/stable/artifactory-cpp-ce/values.yaml index 54ee180ca..2b7db9525 100644 --- a/stable/artifactory-cpp-ce/values.yaml +++ b/stable/artifactory-cpp-ce/values.yaml @@ -35,7 +35,7 @@ artifactory: # other: "" installer: platform: art-cpp-ce-helm - installerInfo: '{"productId": "Helm_artifactory-cpp/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + installerInfo: '{"productId":"Helm_artifactory-cpp/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' ## Nginx ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory nginx: @@ -69,8 +69,7 @@ postgresql: enabled: true router: image: - tag: 7.91.0 -logger: + tag: 7.105.1 +initContainers: image: - tag: 9.3.1475 -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 + tag: 9.3.1552 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 3697784b2..b8cd06dae 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,10 +1,59 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.77.11] - April 22, 2024 +## [107.84.10] - May 2, 2024 +* Added image section for `initContainers` instead of `initContainerImage` +* Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` +* Removed loggers.image section +* Added support for `global.verisons.initContainers` to override `initContainers.image.tag` +* Fixed an issue with extraSystemYaml merge +* **IMPORTANT** +* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext` +* Renamed `artifactory.uid` to `artifactory.podSecurityContext.runAsUser` +* Renamed `artifactory.gid` to `artifactory.podSecurityContext.runAsGroup` and `artifactory.podSecurityContext.fsGroup` +* Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy` +* Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions` +* Added flag `allowNonPostgresql` defaults to false +* Update postgresql tag version to `15.6.0-debian-12-r5` +* Added a check if `initContainerImage` exists + +## [107.83.0] - Mar 12, 2024 +* Added image section for `metadata` and `observability` + +## [107.82.0] - Mar 04, 2024 +* Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router. +* Removed Replicator Service + +## [107.81.0] - Feb 20, 2024 +* **IMPORTANT** +* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml) +* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given [GH-1848](https://github.com/jfrog/charts/pull/1848) +* Added option to modify the new cache configs, maxFileSizeLimit and skipDuringUpload +* Added IPV4/IPV6 Dualstack flag support for Artifactory and nginx service +* Added `singleStackIPv6Cluster` flag, which manages the Nginx configuration to enable listening on IPv6 and proxying +* Fixing broken link for creating additional kubernetes resources. Refer [here](https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-ha-values.yaml) +* Refactored installerInfo configuration (moved to files/installer-info.json instead of key in values.yaml) + +## [107.80.0] - Feb 20, 2024 +* Updated README.md to create a namespace using `--create-namespace` as part of helm install + +## [107.79.0] - Feb 20, 2024 +* **IMPORTANT** +* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default +* Added support for azure-blob-storage-v2-direct config +* Added option to set Nginx to write access_log to container STDOUT +* **Important change:** +* Update postgresql tag version to `15.2.0-debian-11-r23` +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true + +## [107.77.0] - April 22, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) +* **IMPORTANT** +* setSecurityContext has been renamed to podSecurityContext. +* Moved podSecurityContext to values.yaml * Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860) * Added nginx.customCommand to use custom commands for the nginx container diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index 70e9a27c7..b973ae1f6 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,7 @@ +annotations: + artifactoryServiceVersion: 7.84.15 apiVersion: v2 -appVersion: 7.77.11 +appVersion: 7.84.10 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +23,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.77.11 +version: 107.84.10 diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md index ea332fc19..49155926e 100644 --- a/stable/artifactory-ha/README.md +++ b/stable/artifactory-ha/README.md @@ -37,14 +37,14 @@ helm repo update ### Install Chart To install the chart with the release name `artifactory`: ```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha +helm upgrade --install artifactory-ha jfrog/artifactory-ha --namespace artifactory-ha --create-namespace ``` ### Apply Sizing configurations to the Chart To apply the chart with recommended sizing configurations : For small configurations : ```bash -helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml +helm upgrade --install artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml --namespace artifactory-ha --create-namespace ``` ## Uninstalling Artifactory diff --git a/stable/artifactory-ha/ci/global-values.yaml b/stable/artifactory-ha/ci/global-values.yaml index b1ef370ec..0987e17ca 100644 --- a/stable/artifactory-ha/ci/global-values.yaml +++ b/stable/artifactory-ha/ci/global-values.yaml @@ -23,8 +23,8 @@ artifactory: cpu: "4" customInitContainersBegin: | - name: "custom-init-begin-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -34,8 +34,8 @@ artifactory: name: volume customInitContainers: | - name: "custom-init-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -55,8 +55,8 @@ artifactory: # Add custom sidecar containers customSidecarContainers: | - name: "sidecar-list-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -84,8 +84,8 @@ global: joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE customInitContainersBegin: | - name: "custom-init-begin-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -95,8 +95,8 @@ global: name: volume customInitContainers: | - name: "custom-init-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -116,8 +116,8 @@ global: # Add custom sidecar containers customSidecarContainers: | - name: "sidecar-list-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -138,8 +138,8 @@ global: nginx: customInitContainers: | - name: "custom-init-begin-nginx" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -149,8 +149,8 @@ nginx: name: custom-script-local customSidecarContainers: | - name: "sidecar-list-nginx" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml b/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml index 58a8cb207..6f3b13cb1 100644 --- a/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml +++ b/stable/artifactory-ha/ci/rtsplit-access-tls-values.yaml @@ -5,15 +5,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false - replicator: - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" primary: resources: requests: diff --git a/stable/artifactory-ha/ci/rtsplit-values.yaml b/stable/artifactory-ha/ci/rtsplit-values.yaml index ef334e5e6..87832a505 100644 --- a/stable/artifactory-ha/ci/rtsplit-values.yaml +++ b/stable/artifactory-ha/ci/rtsplit-values.yaml @@ -5,23 +5,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false - replicator: - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" - # Add lifecycle hooks for replicator container - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"] - preStop: - exec: - command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"] primary: resources: requests: diff --git a/stable/artifactory-ha/ci/test-values.yaml b/stable/artifactory-ha/ci/test-values.yaml index ec76512e7..eb33c7595 100644 --- a/stable/artifactory-ha/ci/test-values.yaml +++ b/stable/artifactory-ha/ci/test-values.yaml @@ -2,21 +2,12 @@ databaseUpgradeReady: true artifactory: openMetrics: enabled: true - fsGroupChangePolicy: "OnRootMismatch" + podSecurityContext: + fsGroupChangePolicy: "OnRootMismatch" masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF unifiedSecretInstallation: false persistence: enabled: false - replicator: - name: replicator - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" primary: resources: requests: diff --git a/stable/artifactory-ha/files/binarystore.xml b/stable/artifactory-ha/files/binarystore.xml index dc13eb870..27c77b3b6 100644 --- a/stable/artifactory-ha/files/binarystore.xml +++ b/stable/artifactory-ha/files/binarystore.xml @@ -29,6 +29,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- end }} @@ -57,6 +63,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} // Specify the read and write strategy and redundancy for the sharding binary provider @@ -93,6 +105,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} @@ -145,6 +163,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }} @@ -228,6 +252,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- end }} @@ -236,6 +266,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- end }} @@ -338,6 +374,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- if eq .Values.artifactory.persistence.type "azure-blob" }} @@ -370,4 +412,28 @@ {{ .Values.artifactory.persistence.azureBlob.testConnection }} +{{- end }} +{{- if eq .Values.artifactory.persistence.type "azure-blob-storage-v2-direct" -}} + + + + {{ .Values.artifactory.persistence.maxCacheSize | int64 }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} + + + {{ .Values.artifactory.persistence.azureBlob.accountName }} + {{ .Values.artifactory.persistence.azureBlob.accountKey }} + {{ .Values.artifactory.persistence.azureBlob.endpoint }} + {{ .Values.artifactory.persistence.azureBlob.containerName }} + {{ .Values.artifactory.persistence.azureBlob.multiPartLimit | int64 }} + {{ .Values.artifactory.persistence.azureBlob.multipartElementSize | int64 }} + {{ .Values.artifactory.persistence.azureBlob.testConnection }} + + {{- end }} \ No newline at end of file diff --git a/stable/artifactory-ha/files/installer-info.json b/stable/artifactory-ha/files/installer-info.json new file mode 100644 index 000000000..cf6b020fb --- /dev/null +++ b/stable/artifactory-ha/files/installer-info.json @@ -0,0 +1,32 @@ +{ + "productId": "Helm_artifactory-ha/{{ .Chart.Version }}", + "features": [ + { + "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}" + }, + { + "featureId": "Database/{{ .Values.database.type }}" + }, + { + "featureId": "PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}" + }, + { + "featureId": "Nginx_Enabled/{{ .Values.nginx.enabled }}" + }, + { + "featureId": "ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}" + }, + { + "featureId": "SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}" + }, + { + "featureId": "UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}" + }, + { + "featureId": "Filebeat_Enabled/{{ .Values.filebeat.enabled }}" + }, + { + "featureId": "ReplicaCount/{{ add .Values.artifactory.primary.replicaCount .Values.artifactory.node.replicaCount }}" + } + ] +} \ No newline at end of file diff --git a/stable/artifactory-ha/files/migrate.sh b/stable/artifactory-ha/files/migrate.sh index f3d64a4e6..ba44160f4 100644 --- a/stable/artifactory-ha/files/migrate.sh +++ b/stable/artifactory-ha/files/migrate.sh @@ -2916,9 +2916,6 @@ yamlMigrate () { if [[ ! -z "${value}" ]]; then value=$(updateConnectionString "${yamlPath}" "${value}") fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi if [[ -z "${value}" ]]; then logger "No value for [${key}] in [${sourceFile}]" else @@ -4218,26 +4215,13 @@ commentNodeId () { artifactoryInfoMessage () { if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - addText "# yamlFile was generated from db.properties,replicator.yaml and ha-node.properties config files." "${SYSTEM_YAML_PATH}" + addText "# yamlFile was generated from db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" else - addText "# yamlFile was generated from default file,replicator.yaml,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" + addText "# yamlFile was generated from default file,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" fi } -replicatorProfiling () { - - if [[ "${key}" == "profilingDisabled" ]]; then - if [[ ! -z "${value}" ]]; then - if [[ "${value}" == "false" ]]; then - value="true" - else - value="false" - fi - fi - fi -} - setHaEnabled_hook () { local filePath="$1" if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then @@ -4277,27 +4261,9 @@ _createBackupOfLogBackDir () { removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}" } - -_createBackupOfReplicatorRtYaml () { - local backupDir="$1" - local replicatorRtYamlFile="${NEW_DATA_DIR}/etc/replicator/replicator.artifactory.yaml" - local effectiveUser= - local effectiveGroup= - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - removeSoftLinkAndCreateDir "${backupDir}/replicatorYamlFile" "${effectiveUser}" "${effectiveGroup}" "yes" - removeFileOperation "${backupDir}/replicatorYamlFile" "${replicatorRtYamlFile}" -} - backupFiles_hook () { local backupDirectory="$1" _createBackupOfLogBackDir "${backupDirectory}" - _createBackupOfReplicatorRtYaml "${backupDirectory}" } migrateArtifactory () { diff --git a/stable/artifactory-ha/files/migrationHelmInfo.yaml b/stable/artifactory-ha/files/migrationHelmInfo.yaml index 16cee9e5d..016bea02d 100644 --- a/stable/artifactory-ha/files/migrationHelmInfo.yaml +++ b/stable/artifactory-ha/files/migrationHelmInfo.yaml @@ -11,10 +11,6 @@ migration: work/access=access/tmp log/archived/access=access/logs log/archived/artifactory=logs - etc/replicator=replicator/etc - backup/replicator=replicator/backup - data/replicator=replicator/data - log/archived/replicator=replicator/logs linkFiles: map: # Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value @@ -27,6 +23,5 @@ migration: # Note $JF_ROOT_DATA_DIR will be prepended to the map entry map: access - replicator metadata logs \ No newline at end of file diff --git a/stable/artifactory-ha/files/system.yaml b/stable/artifactory-ha/files/system.yaml new file mode 100644 index 000000000..f4bcd7be5 --- /dev/null +++ b/stable/artifactory-ha/files/system.yaml @@ -0,0 +1,149 @@ +router: + serviceRegistry: + insecure: {{ .Values.router.serviceRegistry.insecure }} +shared: +{{- if .Values.artifactory.coldStorage.enabled }} + jfrogColdStorage: + coldInstanceEnabled: true +{{- end }} +{{- if .Values.artifactory.openMetrics.enabled }} + metrics: + enabled: true + {{- if .Values.artifactory.openMetrics.filebeat.enabled }} + filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }} + {{- end }} +{{- end }} + logging: + consoleLog: + enabled: {{ .Values.artifactory.consoleLog }} + extraJavaOpts: > + -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }} + -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} + {{- with .Values.artifactory.primary.javaOpts }} + {{- if .corePoolSize }} + -Dartifactory.async.corePoolSize={{ .corePoolSize }} + {{- end }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .jmx.enabled }} + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} + {{- if .jmx.host }} + -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} + {{- else }} + -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} + {{- end }} + {{- if .jmx.authenticate }} + -Dcom.sun.management.jmxremote.authenticate=true + -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} + -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} + {{- else }} + -Dcom.sun.management.jmxremote.authenticate=false + {{- end }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} + database: + allowNonPostgresql: {{ .Values.database.allowNonPostgresql }} + {{- if .Values.postgresql.enabled }} + type: postgresql + url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + host: "" + driver: org.postgresql.Driver + username: "{{ .Values.postgresql.postgresqlUsername }}" + {{ else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} +artifactory: +{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} + node: + {{- if .Values.artifactory.haDataDir.path }} + haDataDir: {{ .Values.artifactory.haDataDir.path }} + {{- end }} + {{- if .Values.artifactory.haBackupDir.path }} + haBackupDir: {{ .Values.artifactory.haBackupDir.path }} + {{- end }} +{{- end }} + database: + maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} + tomcat: + maintenanceConnector: + port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }} + connector: + maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} + sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }} + extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} +frontend: + session: + timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} +access: + database: + maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} + sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }} + extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} + {{- if .Values.access.database.enabled }} + type: "{{ .Values.access.database.type }}" + url: "{{ .Values.access.database.url }}" + driver: "{{ .Values.access.database.driver }}" + username: "{{ .Values.access.database.user }}" + password: "{{ .Values.access.database.password }}" + {{- end }} +{{- if .Values.mc.enabled }} +mc: + enabled: true + database: + maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }} + idgenerator: + maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }} + sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }} + extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }} +{{- end }} +metadata: + database: + maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} +{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} +jfconnect: + enabled: true +{{- else }} +jfconnect: + enabled: false +jfconnect_service: + enabled: false +{{- end }} + +{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} +federation: + enabled: true + embedded: {{ .Values.federation.embedded }} + extraJavaOpts: {{ .Values.federation.extraJavaOpts }} + port: {{ .Values.federation.internalPort }} +rtfs: + database: + driver: org.postgresql.Driver + type: postgresql + username: {{ .Values.federation.database.username }} + password: {{ .Values.federation.database.password }} + url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}" +{{- else }} +federation: + enabled: false +{{- end }} +{{- if .Values.event.webhooks }} +event: + webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/stable/artifactory-ha/templates/NOTES.txt b/stable/artifactory-ha/templates/NOTES.txt index 277364908..19b8decd2 100644 --- a/stable/artifactory-ha/templates/NOTES.txt +++ b/stable/artifactory-ha/templates/NOTES.txt @@ -39,6 +39,13 @@ Congratulations. You have just deployed JFrog Artifactory HA! {{- end }} +{{- if .Values.artifactory.setSecurityContext }} +****************************************** WARNING ********************************************** +* From chart version 107.84.x, `setSecurityContext` has been renamed to `podSecurityContext`, * + please change your values.yaml before upgrade , For more Info , refer to 107.84.x changelog * +************************************************************************************************* +{{- end }} + {{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }} ****************************************** WARNING ************************************************************************************************** * The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.* diff --git a/stable/artifactory-ha/templates/_helpers.tpl b/stable/artifactory-ha/templates/_helpers.tpl index df1ee5880..a6dfe46fe 100644 --- a/stable/artifactory-ha/templates/_helpers.tpl +++ b/stable/artifactory-ha/templates/_helpers.tpl @@ -55,32 +55,6 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} -{{/* -Create a default fully qualified Replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator tracker ingress name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory-ha.replicator.tracker.fullname" -}} -{{- if .Values.artifactory.replicator.trackerIngress.name -}} -{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -309,13 +283,27 @@ Return the proper artifactory chart image names {{- $indexReference := index . 1 }} {{- $registryName := index $dot.Values $indexReference "image" "registry" -}} {{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} -{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} +{{- $tag := "" -}} +{{- if and (eq $indexReference "artifactory") (hasKey $dot.Values "artifactoryService") }} + {{- if default false $dot.Values.artifactoryService.enabled }} + {{- $indexReference = "artifactoryService" -}} + {{- $tag = default $dot.Chart.Annotations.artifactoryServiceVersion (index $dot.Values $indexReference "image" "tag") | toString -}} + {{- $repositoryName = index $dot.Values $indexReference "image" "repository" -}} + {{- else -}} + {{- $tag = default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} + {{- end -}} +{{- else -}} + {{- $tag = default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} +{{- end -}} {{- if $dot.Values.global }} {{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }} - {{- $tag = $dot.Values.global.versions.router | toString -}} + {{- $tag = $dot.Values.global.versions.router | toString -}} + {{- end -}} + {{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }} + {{- $tag = $dot.Values.global.versions.initContainers | toString -}} {{- end -}} {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} - {{- $tag = $dot.Values.global.versions.artifactory | toString -}} + {{- $tag = $dot.Values.global.versions.artifactory | toString -}} {{- end -}} {{- if $dot.Values.global.imageRegistry }} {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} @@ -378,9 +366,6 @@ Resolve requiredServiceTypes value {{- if .Values.jfconnect.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}} {{- end -}} -{{- if .Values.artifactory.replicator.enabled -}} - {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfxfer" -}} -{{- end -}} {{- if .Values.mc.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}} {{- end -}} @@ -490,3 +475,17 @@ nodeSelector: {{ toYaml .Values.nginx.nodeSelector | indent 2 }} {{- end -}} {{- end -}} + +{{/* +Calculate the systemYaml from structured and unstructured text input +*/}} +{{- define "artifactory.finalSystemYaml" -}} +{{ tpl (mergeOverwrite (include "artifactory.systemYaml" . | fromYaml) .Values.artifactory.extraSystemYaml | toYaml) . }} +{{- end -}} + +{{/* +Calculate the systemYaml from the unstructured text input +*/}} +{{- define "artifactory.systemYaml" -}} +{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} +{{- end -}} \ No newline at end of file diff --git a/stable/artifactory-ha/templates/_system-yaml-render.tpl b/stable/artifactory-ha/templates/_system-yaml-render.tpl new file mode 100644 index 000000000..deaa773ea --- /dev/null +++ b/stable/artifactory-ha/templates/_system-yaml-render.tpl @@ -0,0 +1,5 @@ +{{- if .Values.artifactory.systemYaml -}} +{{- tpl .Values.artifactory.systemYaml . -}} +{{- else -}} +{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }} +{{- end -}} \ No newline at end of file diff --git a/stable/artifactory-ha/templates/artifactory-installer-info.yaml b/stable/artifactory-ha/templates/artifactory-installer-info.yaml index e58ec41b3..0dff9dc86 100644 --- a/stable/artifactory-ha/templates/artifactory-installer-info.yaml +++ b/stable/artifactory-ha/templates/artifactory-installer-info.yaml @@ -9,4 +9,8 @@ metadata: release: {{ .Release.Name }} data: installer-info.json: | - {{ tpl .Values.installerInfo . }} +{{- if .Values.installerInfo -}} +{{- tpl .Values.installerInfo . | nindent 4 -}} +{{- else -}} +{{ (tpl ( .Files.Get "files/installer-info.json" | nindent 4 ) .) }} +{{- end -}} diff --git a/stable/artifactory-ha/templates/artifactory-license-secret.yaml b/stable/artifactory-ha/templates/artifactory-license-secret.yaml index a74bd5a6f..73f900863 100644 --- a/stable/artifactory-ha/templates/artifactory-license-secret.yaml +++ b/stable/artifactory-ha/templates/artifactory-license-secret.yaml @@ -1,4 +1,4 @@ -{{ if (not .Values.artifactory.unifiedSecretInstallation) }} +{{ if and (not .Values.artifactory.unifiedSecretInstallation) (not .Values.artifactory.license.secret) (not .Values.artifactory.license.licenseKey) }} {{- with .Values.artifactory.license.licenseKey }} apiVersion: v1 kind: Secret diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml index 8fab72a32..47ebfa9f6 100644 --- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -67,19 +67,8 @@ spec: {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.artifactory.uid }} - runAsGroup: {{ .Values.artifactory.gid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- if .Values.artifactory.fsGroupChangePolicy }} - fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} - {{- end }} - {{- if .Values.artifactory.seLinuxOptions }} - seLinuxOptions: - {{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }} - {{- end }} + {{- if .Values.artifactory.podSecurityContext.enabled }} + securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.artifactory.topologySpreadConstraints }} topologySpreadConstraints: @@ -93,8 +82,8 @@ spec: {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -112,8 +101,8 @@ spec: {{- end }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} command: - 'bash' - '-c' @@ -127,8 +116,8 @@ spec: {{- end }} {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} - name: "wait-for-primary" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -151,7 +140,8 @@ spec: {{ toYaml .Values.initContainers.resources | indent 10 }} {{- end }} - name: 'copy-system-configurations' - image: '{{ .Values.initContainerImage }}' + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -187,7 +177,7 @@ spec: - name: ARTIFACTORY_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" @@ -199,8 +189,9 @@ spec: volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + ######################## SystemYaml ######################### + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -208,24 +199,29 @@ spec: {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} + {{- else }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- end }} - {{- end }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + ######################## Binarystore ########################## + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml + + ######################## CustomCertificates ########################## {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} + resources: {{ toYaml .Values.initContainers.resources | indent 10 }} command: @@ -242,7 +238,8 @@ spec: {{- if .Values.artifactory.circleOfTrustCertificatesSecret }} - name: copy-circle-of-trust-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -263,7 +260,8 @@ spec: {{- if .Values.waitForDatabase }} {{- if or .Values.postgresql.enabled }} - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} command: - /bin/bash - -c @@ -392,13 +390,18 @@ spec: {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} {{- end }} + + ######################## Artifactory persistence nfs ########################## {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + + ######################## Artifactory persistence binarystore Xml ########################## + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -406,8 +409,10 @@ spec: mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml {{- end }} + + ######################## Artifactory persistence google storage ########################## {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -415,6 +420,7 @@ spec: mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json {{- end }} + {{- end }} {{- if .Values.hostAliases }} hostAliases: @@ -424,7 +430,7 @@ spec: {{- if .Values.splitServicesToContainers }} - name: {{ .Values.router.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }} - imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.router.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -508,7 +514,7 @@ spec: {{- end }} {{- if .Values.metadata.enabled }} - name: {{ .Values.metadata.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "metadata") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} @@ -635,36 +641,6 @@ spec: livenessProbe: {{ tpl .Values.event.livenessProbe.config . | indent 10 }} {{- end }} - {{- end }} - {{- if .Values.artifactory.replicator.enabled }} - - name: {{ .Values.artifactory.replicator.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start - {{- with .Values.artifactory.replicator.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.artifactory.replicator.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.artifactory.replicator.resources | indent 10 }} {{- end }} {{- if .Values.jfconnect.enabled }} - name: {{ .Values.jfconnect.name }} @@ -766,7 +742,7 @@ spec: {{- end }} {{- if .Values.observability.enabled }} - name: {{ .Values.observability.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "observability") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} @@ -860,10 +836,6 @@ spec: value: "false" - name : JF_FRONTEND_ENABLED value: "false" - - name: JF_REPLICATOR_ENABLED - value: "true" - - name: JF_REPLICATOR_SERVICE_ENABLED - value: "false" - name: JF_FEDERATION_ENABLED value: "false" - name : JF_OBSERVABILITY_ENABLED @@ -961,6 +933,8 @@ spec: {{- end }} - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + + ######################## Artifactory persistence fs ########################## {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} @@ -971,21 +945,27 @@ spec: mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} + + ######################## Artifactory persistence nfs ########################## {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + ######################## Artifactory persistence binarystore Xml ########################## + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml + + ######################## Artifactory persistence google storage ########################## {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -993,12 +973,16 @@ spec: mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json {{- end }} + + ######################## Artifactory ConfigMap ########################## {{- if .Values.artifactory.configMapName }} - name: bootstrap-config mountPath: "/bootstrap/" {{- end }} + + ######################## Artifactory license ########################## {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }} - name: artifactory-license {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -1010,7 +994,7 @@ spec: subPath: artifactory.lic {{- end }} {{- end }} - {{- end }} + {{- end }} - name: installer-info mountPath: "/artifactory_bootstrap/info/installer-info.json" subPath: installer-info.json @@ -1036,7 +1020,8 @@ spec: {{- $mountPath := .Values.artifactory.persistence.mountPath }} {{- range .Values.artifactory.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1056,7 +1041,8 @@ spec: {{- if .Values.artifactory.catalinaLoggers }} {{- range .Values.artifactory.catalinaLoggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1177,6 +1163,12 @@ spec: secretName: {{ .Values.artifactory.license.secret }} {{- end }} + {{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + - name: gcpcreds-json + secret: + secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} + {{- end }} + ############ Config map, Volumes and Custom Volumes ############## {{- if .Values.artifactory.migration.enabled }} - name: migration-scripts @@ -1201,6 +1193,7 @@ spec: configMap: name: {{ template "artifactory-ha.fullname" . }}-configmaps {{- end }} + {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} @@ -1213,6 +1206,7 @@ spec: claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc {{- end }} {{- end }} + {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data persistentVolumeClaim: @@ -1221,6 +1215,7 @@ spec: persistentVolumeClaim: claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc {{- end }} + {{- if .Values.artifactory.customPersistentVolumeClaim }} - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} persistentVolumeClaim: @@ -1246,6 +1241,7 @@ spec: secret: secretName: {{ template "artifactory-ha.name" . }}-unified-secret {{- else if not .Values.artifactory.unifiedSecretInstallation }} + ############ If single secret installation flag is disable ############ {{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled (not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName) }} - name: gcpcreds-json @@ -1257,21 +1253,13 @@ spec: secret: secretName: {{ template "artifactory-ha.fullname" . }}-license {{- end }} - {{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }} - - name: access-bootstrap-creds - secret: - secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds - {{- end }} - {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }} + + {{- if and (not .Values.systemYamlOverride.existingSecret) }} - name: systemyaml secret: secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml {{- end }} - {{- if .Values.access.accessConfig }} - - name: access-config - secret: - secretName: {{ template "artifactory-ha.fullname" . }}-access-config - {{- end }} + {{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml secret: diff --git a/stable/artifactory-ha/templates/artifactory-primary-service.yaml b/stable/artifactory-ha/templates/artifactory-primary-service.yaml index 0298cbb3d..2b7ecb5af 100644 --- a/stable/artifactory-ha/templates/artifactory-primary-service.yaml +++ b/stable/artifactory-ha/templates/artifactory-primary-service.yaml @@ -20,6 +20,12 @@ spec: {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} clusterIP: {{ .Values.artifactory.service.clusterIP }} {{- end }} + {{- if .Values.artifactory.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.artifactory.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }} + {{- end }} ports: - port: {{ .Values.artifactory.externalPort }} targetPort: {{ .Values.artifactory.internalPort }} diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml index 19e04a29a..bb448ff14 100644 --- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -13,7 +13,7 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x.x) that has postgresql.image.tag of 9.x or 10.x or 12.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 107.79.x) that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 107.79.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} {{- end }} {{- if .Values.artifactory.postStartCommand }} {{- fail ".Values.artifactory.postStartCommand is not supported and should be replaced with .Values.artifactory.lifecycle.postStart.exec.command" }} @@ -24,6 +24,20 @@ metadata: {{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }} {{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }} {{- end }} +{{- if (eq (.Values.artifactory.setSecurityContext | toString) "false" ) }} + {{- fail "\n You need to set security context at the pod level. .Values.artifactory.setSecurityContext is no longer supported. Replace it with .Values.artifactory.podSecurityContext" }} +{{- end }} +{{- if or .Values.artifactory.uid .Values.artifactory.gid }} +{{- if or (not (eq (.Values.artifactory.uid | toString) "1030" )) (not (eq (.Values.artifactory.gid | toString) "1030" )) }} + {{- fail "\n .Values.artifactory.uid and .Values.artifactory.gid are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.runAsUser, .Values.artifactory.podSecurityContext.runAsGroup and .Values.artifactory.podSecurityContext.fsGroup" }} +{{- end }} +{{- end }} +{{- if or .Values.artifactory.fsGroupChangePolicy .Values.artifactory.seLinuxOptions }} + {{- fail "\n .Values.artifactory.fsGroupChangePolicy and .Values.artifactory.seLinuxOptions are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.fsGroupChangePolicy and .Values.artifactory.podSecurityContext.seLinuxOptions" }} +{{- end }} +{{- if .Values.initContainerImage }} + {{- fail "\n .Values.initContainerImage is no longer supported. Replace it with .Values.initContainers.image.registry .Values.initContainers.image.repository and .Values.initContainers.image.tag" }} +{{- end }} {{- with .Values.artifactory.statefulset.annotations }} annotations: {{ toYaml . | indent 4 }} @@ -85,19 +99,8 @@ spec: {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.artifactory.uid }} - runAsGroup: {{ .Values.artifactory.gid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- if .Values.artifactory.fsGroupChangePolicy }} - fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} - {{- end }} - {{- if .Values.artifactory.seLinuxOptions }} - seLinuxOptions: - {{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }} - {{- end }} + {{- if .Values.artifactory.podSecurityContext.enabled }} + securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.artifactory.topologySpreadConstraints }} topologySpreadConstraints: @@ -111,8 +114,8 @@ spec: {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - name: "create-artifactory-data-dir" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -130,8 +133,8 @@ spec: {{- end }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -147,8 +150,8 @@ spec: {{- end }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -165,7 +168,7 @@ spec: volumeMounts: - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - name: access-bootstrap-creds {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -179,7 +182,8 @@ spec: {{- end }} {{- end }} - name: 'copy-system-configurations' - image: '{{ .Values.initContainerImage }}' + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -237,7 +241,7 @@ spec: - name: ARTIFACTORY_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory-ha.joinKeySecretName" . }} {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" @@ -248,7 +252,7 @@ spec: - name: ARTIFACTORY_JFCONNECT_TOKEN valueFrom: secretKeyRef: - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory-ha.jfConnectTokenSecretName" . }} {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" @@ -259,18 +263,21 @@ spec: - name: ARTIFACTORY_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} name: "{{ template "artifactory-ha.name" . }}-unified-secret" {{- end }} key: master-key {{- end }} + + ######################## Volume Mounts For copy-system-configurations ########################## volumeMounts: - name: volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + ######################## SystemYaml ########################## + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -278,19 +285,22 @@ spec: {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} + {{- else }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- end }} - {{- end }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + ######################## Binarystore ########################## + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml - {{- if .Values.access.accessConfig }} + + ######################## Access config ########################## + {{- if .Values.access.accessConfig }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: access-config {{- else }} @@ -298,18 +308,22 @@ spec: {{- end }} mountPath: "/tmp/etc/access.config.patch.yml" subPath: access.config.patch.yml - {{- end }} - {{- if .Values.access.customCertificatesSecretName }} + {{- end }} + + ######################## Access certs external secret ########################## + {{- if .Values.access.customCertificatesSecretName }} - name: access-certs mountPath: "/tmp/etc/tls.crt" subPath: tls.crt - name: access-certs mountPath: "/tmp/etc/tls.key" subPath: tls.key - {{- end }} + {{- end }} + {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -329,7 +343,8 @@ spec: {{- if .Values.artifactory.circleOfTrustCertificatesSecret }} - name: copy-circle-of-trust-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: c {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -350,7 +365,8 @@ spec: {{- if .Values.waitForDatabase }} {{- if or .Values.postgresql.enabled }} - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -469,6 +485,8 @@ spec: subPath: migrationStatus.sh - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + + ######################## Artifactory persistence fs ########################## {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} @@ -479,24 +497,32 @@ spec: mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} + + ######################## CustomVolumeMounts ########################## {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} {{- end }} + + ######################## Artifactory persistence nfs ########################## {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + ######################## Artifactory persistence binarystore Xml ########################## + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml + + ######################## Artifactory persistence google storage ########################## {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - {{- if (not .Values.artifactory.unifiedSecretInstallation) }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} @@ -504,8 +530,10 @@ spec: mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- if .Values.hostAliases }} hostAliases: {{ toYaml .Values.hostAliases | indent 6 }} @@ -514,7 +542,7 @@ spec: {{- if .Values.splitServicesToContainers }} - name: {{ .Values.router.name }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }} - imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.router.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -598,7 +626,7 @@ spec: {{- end }} {{- if .Values.metadata.enabled }} - name: {{ .Values.metadata.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "metadata") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} @@ -725,36 +753,6 @@ spec: livenessProbe: {{ tpl .Values.event.livenessProbe.config . | indent 10 }} {{- end }} - {{- end }} - {{- if .Values.artifactory.replicator.enabled }} - - name: {{ .Values.artifactory.replicator.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start - {{- with .Values.artifactory.replicator.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.artifactory.replicator.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.artifactory.replicator.resources | indent 10 }} {{- end }} {{- if .Values.jfconnect.enabled }} - name: {{ .Values.jfconnect.name }} @@ -838,7 +836,7 @@ spec: {{- end }} {{- if .Values.observability.enabled }} - name: {{ .Values.observability.name }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "observability") }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} @@ -944,10 +942,6 @@ spec: value: "false" - name : JF_FRONTEND_ENABLED value: "false" - - name: JF_REPLICATOR_ENABLED - value: "true" - - name: JF_REPLICATOR_SERVICE_ENABLED - value: "false" - name: JF_FEDERATION_ENABLED value: "false" - name : JF_OBSERVABILITY_ENABLED @@ -1030,6 +1024,7 @@ spec: - containerPort: {{ .Values.artifactory.ssh.internalPort }} name: tcp-ssh {{- end }} + volumeMounts: {{- if .Values.artifactory.customPersistentVolumeClaim }} - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} @@ -1053,6 +1048,8 @@ spec: {{- end }} - name: volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + + ######################## Artifactory persistence fs ########################## {{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} @@ -1063,12 +1060,16 @@ spec: mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" {{- end }} {{- end }} + + ######################## Artifactory persistence nfs ########################## {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-ha-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-ha-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} + + ######################## Artifactory persistence binarystoreXml ########################## {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} @@ -1076,20 +1077,26 @@ spec: {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml + + ######################## Artifactory persistence googleStorage ########################## {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json + {{- end }} {{- end }} - {{- end }} + + ######################## Artifactory configMapName ########################## {{- if .Values.artifactory.configMapName }} - name: bootstrap-config mountPath: "/bootstrap/" {{- end }} + + ######################## Artifactory license ########################## {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }} - name: artifactory-license @@ -1103,6 +1110,7 @@ spec: subPath: artifactory.lic {{- end }} {{- end }} + - name: installer-info mountPath: "/artifactory_bootstrap/info/installer-info.json" subPath: installer-info.json @@ -1128,7 +1136,8 @@ spec: {{- $mountPath := .Values.artifactory.persistence.mountPath }} {{- range .Values.artifactory.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1148,7 +1157,8 @@ spec: {{ if .Values.artifactory.catalinaLoggers }} {{- range .Values.artifactory.catalinaLoggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1228,6 +1238,7 @@ spec: {{ toYaml . | indent 8 }} {{- end }} volumes: + ########## External secrets ########### {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} @@ -1369,12 +1380,12 @@ spec: secret: secretName: {{ template "artifactory-ha.fullname" . }}-license {{- end }} - {{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }} + {{- if and .Values.artifactory.admin.password (and (not .Values.artifactory.admin.secret) (not .Values.artifactory.admin.dataKey)) }} - name: access-bootstrap-creds secret: secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds {{- end }} - {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }} + {{- if and (not .Values.systemYamlOverride.existingSecret) }} - name: systemyaml secret: secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml diff --git a/stable/artifactory-ha/templates/artifactory-secrets.yaml b/stable/artifactory-ha/templates/artifactory-secrets.yaml index dd9a6d625..3a16c87ef 100644 --- a/stable/artifactory-ha/templates/artifactory-secrets.yaml +++ b/stable/artifactory-ha/templates/artifactory-secrets.yaml @@ -1,4 +1,5 @@ {{- if not .Values.artifactory.unifiedSecretInstallation }} +{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.jfConnectToken .Values.artifactory.masterKey .Values.global.masterKey }} apiVersion: v1 kind: Secret metadata: @@ -21,8 +22,9 @@ data: {{- end }} {{- end }} {{- if .Values.artifactory.jfConnectToken }} - {{- if not (.Values.artifactory.jfConnectTokenSecretName) }} + {{- if not .Values.artifactory.jfConnectTokenSecretName }} jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }} {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/stable/artifactory-ha/templates/artifactory-service.yaml b/stable/artifactory-ha/templates/artifactory-service.yaml index 4f956bd40..0912beae0 100644 --- a/stable/artifactory-ha/templates/artifactory-service.yaml +++ b/stable/artifactory-ha/templates/artifactory-service.yaml @@ -17,6 +17,12 @@ metadata: {{ toYaml .Values.artifactory.service.annotations | indent 4 }} {{- end }} spec: + {{- if .Values.artifactory.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.artifactory.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }} + {{- end }} type: {{ .Values.artifactory.service.type }} {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} clusterIP: {{ .Values.artifactory.service.clusterIP }} diff --git a/stable/artifactory-ha/templates/artifactory-system-yaml.yaml b/stable/artifactory-ha/templates/artifactory-system-yaml.yaml index 525167827..9e0cb46fe 100644 --- a/stable/artifactory-ha/templates/artifactory-system-yaml.yaml +++ b/stable/artifactory-ha/templates/artifactory-system-yaml.yaml @@ -12,5 +12,5 @@ metadata: type: Opaque stringData: system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} +{{ include "artifactory.finalSystemYaml" . | nindent 4 }} {{- end }} diff --git a/stable/artifactory-ha/templates/artifactory-unified-secret.yaml b/stable/artifactory-ha/templates/artifactory-unified-secret.yaml index 2ffee6db6..b09114978 100644 --- a/stable/artifactory-ha/templates/artifactory-unified-secret.yaml +++ b/stable/artifactory-ha/templates/artifactory-unified-secret.yaml @@ -17,18 +17,18 @@ stringData: {{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} {{- end }} -{{- if and (not .Values.artifactory.persistence.customBinarystoreXmlSecret) }} +{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} binarystore.xml: |- -{{- if .Values.artifactory.persistence.binarystoreXml }} +{{- if .Values.artifactory.persistence.binarystoreXml }} {{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} {{- else }} {{ tpl ( .Files.Get "files/binarystore.xml" ) . | indent 4 }} {{- end }} {{- end }} -{{- if not .Values.systemYamlOverride.existingSecret }} +{{- if and (not .Values.systemYamlOverride.existingSecret) }} system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} +{{ include "artifactory.finalSystemYaml" . | nindent 4 }} {{- end }} {{- if .Values.artifactory.customSecrets }} @@ -47,7 +47,7 @@ stringData: data: - {{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} + {{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} {{- if or .Values.database.url .Values.database.user .Values.database.password }} {{- with .Values.database.url }} @@ -69,22 +69,26 @@ data: {{- end }} {{- end }} + {{- if not .Values.artifactory.license.secret }} {{- with .Values.artifactory.license.licenseKey }} artifactory.lic: {{ . | b64enc | quote }} {{- end }} + {{- end }} {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }} {{- end }} {{- end }} + {{- if or .Values.artifactory.joinKey .Values.global.joinKey }} {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }} {{- end }} {{- end }} - {{- if .Values.artifactory.jfConnectToken }} - {{- if not (.Values.artifactory.jfConnectTokenSecretName) }} + + {{- if .Values.artifactory.jfConnectToken }} + {{- if not .Values.artifactory.jfConnectTokenSecretName }} jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }} {{- end }} {{- end }} diff --git a/stable/artifactory-ha/templates/ingress.yaml b/stable/artifactory-ha/templates/ingress.yaml index 05b24830a..70080a614 100644 --- a/stable/artifactory-ha/templates/ingress.yaml +++ b/stable/artifactory-ha/templates/ingress.yaml @@ -56,6 +56,7 @@ spec: name: {{ $serviceName }} port: number: {{ $servicePort }} + {{- if not $.Values.ingress.disableRouterBypass }} - path: {{ $.Values.ingress.artifactoryPath }} pathType: ImplementationSpecific backend: @@ -63,6 +64,7 @@ spec: name: {{ $serviceName }} port: number: {{ $artifactoryServicePort }} + {{- end }} {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} - path: {{ $.Values.ingress.rtfsPath }} pathType: ImplementationSpecific @@ -96,159 +98,7 @@ spec: tls: {{ toYaml .Values.ingress.tls | indent 4 }} {{- end -}} -{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }} ---- -{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -apiVersion: networking.k8s.io/v1 - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicationIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if and (or .Values.ingress.className .Values.artifactory.replicator.ingress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }} - {{- end }} - {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - defaultBackend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- else }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} ---- -{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -apiVersion: networking.k8s.io/v1 - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorTrackerIngressName }} - labels: - app: "{{ template "artifactory-ha.name" $ }}" - chart: "{{ template "artifactory-ha.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.trackerIngress.annotations }} - annotations: -{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if and (or .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }} - {{- end }} - {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - defaultBackend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.trackerIngress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- else }} - {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: / - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end -}} - {{- if .Values.artifactory.replicator.trackerIngress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.customIngress }} --- {{ .Values.customIngress | toYaml | trimSuffix "\n" }} diff --git a/stable/artifactory-ha/templates/nginx-deployment.yaml b/stable/artifactory-ha/templates/nginx-deployment.yaml index 64cb2d067..0c18eb8ae 100644 --- a/stable/artifactory-ha/templates/nginx-deployment.yaml +++ b/stable/artifactory-ha/templates/nginx-deployment.yaml @@ -65,8 +65,8 @@ spec: {{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }} {{- end }} - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -154,7 +154,8 @@ spec: {{- $mountPath := .Values.nginx.persistence.mountPath }} {{- range .Values.nginx.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - tail args: diff --git a/stable/artifactory-ha/templates/nginx-service.yaml b/stable/artifactory-ha/templates/nginx-service.yaml index 8706a1d4e..4f3bb58a1 100644 --- a/stable/artifactory-ha/templates/nginx-service.yaml +++ b/stable/artifactory-ha/templates/nginx-service.yaml @@ -21,6 +21,12 @@ spec: {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} clusterIP: {{ .Values.nginx.service.clusterIP }} {{- end }} + {{- if .Values.nginx.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.nginx.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.nginx.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.nginx.service.ipFamilies | nindent 4 }} + {{- end }} {{- if eq .Values.nginx.service.type "LoadBalancer" }} {{ if .Values.nginx.service.loadBalancerIP -}} loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml index 5b35ef337..854711387 100644 --- a/stable/artifactory-ha/values.yaml +++ b/stable/artifactory-ha/values.yaml @@ -11,7 +11,8 @@ global: ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion ## This applies also for nginx images (.Values.nginx.image.tag) versions: {} - # artifactory: + # artifactory: + # initContainers: # joinKey: # masterKey: # joinKeySecretName: @@ -41,11 +42,28 @@ global: ## String to fully override artifactory-ha.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 + +# Init containers +initContainers: + image: + registry: releases-docker.jfrog.io + repository: ubi9/ubi-minimal + tag: 9.3.1552 + pullPolicy: IfNotPresent + resources: + requests: + memory: "50Mi" + cpu: "10m" + limits: + memory: "1Gi" + cpu: "1" installer: type: platform: -installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' +## The installerInfo is intentionally commented out and the previous content has been moved under `files/installer-info.json` +## To override the content in `files/installer-info.json`, Uncomment the `installerInfo` and add relevant data +# installerInfo: '{}' + # For supporting pulling from private registries # imagePullSecrets: # - myRegistryKeySecretName @@ -114,6 +132,8 @@ ingress: # Additional ingress rules additionalRules: [] + # This is an experimental feature, enabling this feature will route all traffic through the Router. + disableRouterBypass: false ## Allows to add custom ingress customIngress: "" networkpolicy: [] @@ -148,7 +168,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.10.0-debian-11-r14 + tag: 15.6.0-debian-11-r16 postgresqlUsername: artifactory postgresqlPassword: "" postgresqlDatabase: artifactory @@ -183,6 +203,8 @@ postgresql: ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## you MUST specify custom database details here or Artifactory will NOT start database: + ## To run Artifactory with any database other than PostgreSQL allowNonPostgresql set to true. + allowNonPostgresql: false type: driver: ## If you set the url, leave host and port empty @@ -203,11 +225,6 @@ database: # url: # name: "rds-artifactory" # key: "db-url" -logger: - image: - registry: releases-docker.jfrog.io - repository: ubi9/ubi-minimal - tag: 9.3.1475 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -215,10 +232,19 @@ aws: enabled: false licenseConfigSecretName: region: us-east-1 +## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## containerSecurityContext: enabled: true runAsNonRoot: true + privileged: false allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault @@ -232,8 +258,8 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.91.0 - imagePullPolicy: IfNotPresent + tag: 7.105.1 + pullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled insecure: false @@ -316,8 +342,9 @@ artifactory: ## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. circleOfTrustCertificatesSecret: - # unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha secrets - unifiedSecretInstallation: false + # unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha internal(chart) secrets, It won't be affecting external secrets. + ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.78.x, Users can switch to false to continue with the old way of secret creation. + unifiedSecretInstallation: true image: registry: releases-docker.jfrog.io repository: jfrog/artifactory-pro @@ -441,8 +468,8 @@ artifactory: ## Add custom init containers execution before predefined init containers customInitContainersBegin: "" # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -461,8 +488,8 @@ artifactory: ## Add custom init containers execution after predefined init containers customInitContainers: "" # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -482,8 +509,8 @@ artifactory: # - The provided example shows running container as root (id 0) customSidecarContainers: "" # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -644,174 +671,44 @@ artifactory: # name: my-secret-name # key: my-secret-key - # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) - systemYaml: | - router: - serviceRegistry: - insecure: {{ .Values.router.serviceRegistry.insecure }} - shared: - {{- if .Values.artifactory.coldStorage.enabled }} - jfrogColdStorage: - coldInstanceEnabled: true - {{- end }} - {{- if .Values.artifactory.openMetrics.enabled }} - metrics: - enabled: true - {{- if .Values.artifactory.openMetrics.filebeat.enabled }} - filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }} - {{- end }} - {{- end }} - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }} - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.primary.javaOpts }} - {{- if .corePoolSize }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- end }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - host: "" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{ else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - artifactory: - {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} - node: - {{- if .Values.artifactory.haDataDir.path }} - haDataDir: {{ .Values.artifactory.haDataDir.path }} - {{- end }} - {{- if .Values.artifactory.haBackupDir.path }} - haBackupDir: {{ .Values.artifactory.haBackupDir.path }} - {{- end }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - maintenanceConnector: - port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }} - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - frontend: - session: - timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - {{- if .Values.access.database.enabled }} - type: "{{ .Values.access.database.type }}" - url: "{{ .Values.access.database.url }}" - driver: "{{ .Values.access.database.driver }}" - username: "{{ .Values.access.database.user }}" - password: "{{ .Values.access.database.password }}" - {{- end }} - {{- if .Values.mc.enabled }} - mc: - enabled: true - database: - maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }} - idgenerator: - maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }} - sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }} - extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }} - {{- end }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - {{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} - jfconnect: - enabled: true - {{- else }} - jfconnect: - enabled: false - jfconnect_service: - enabled: false - {{- end }} + ## System YAML entries now reside under files/system.yaml. + ## You can provide the specific values that you want to add or override under 'artifactory.extraSystemYaml'. + ## For example: + ## extraSystemYaml: + ## shared: + ## node: + ## id: my-instance + ## The entries provided under 'artifactory.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml. + ## If you have already provided system.yaml under, 'artifactory.systemYaml', the values in that entry take precedence over files/system.yaml + ## You can modify specific entries with your own value under `artifactory.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'artifactory.systemYaml' and files/system.yaml + extraSystemYaml: {} + ## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml. + ## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml. + # systemYaml: - {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} - federation: - enabled: true - embedded: {{ .Values.federation.embedded }} - extraJavaOpts: {{ .Values.federation.extraJavaOpts }} - port: {{ .Values.federation.internalPort }} - rtfs: - database: - driver: org.postgresql.Driver - type: postgresql - username: {{ .Values.federation.database.username }} - password: {{ .Values.federation.database.password }} - url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}" - {{- else }} - federation: - enabled: false - {{- end }} - {{- if .Values.event.webhooks }} - event: - webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }} - {{- end }} ## IMPORTANT: If overriding artifactory.internalPort: ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! externalPort: 8082 internalPort: 8082 externalArtifactoryPort: 8081 internalArtifactoryPort: 8081 - uid: 1030 - gid: 1030 - # fsGroupChangePolicy: "Always" - # seLinuxOptions: {} terminationGracePeriodSeconds: 30 - ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. - ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false - setSecurityContext: true + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param artifactory.podSecurityContext.enabled Enable security context + ## @param artifactory.podSecurityContext.runAsNonRoot Set pod's Security Context runAsNonRoot + ## @param artifactory.podSecurityContext.runAsUser User ID for the pod + ## @param artifactory.podSecurityContext.runASGroup Group ID for the pod + ## @param artifactory.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1030 + runAsGroup: 1030 + fsGroup: 1030 + # fsGroupChangePolicy: "Always" + # seLinuxOptions: {} ## The following settings are to configure the frequency of the liveness and startup probes. livenessProbe: enabled: true @@ -861,8 +758,13 @@ artifactory: ## Use a custom Secret to be mounted as your binarystore.xml ## NOTE: This will ignore all settings below that make up binarystore.xml customBinarystoreXmlSecret: + ## cache-fs binary provider configurations + ## Refer: https://jfrog.com/help/r/jfrog-installation-setup-documentation/cache-fs-template-configuration maxCacheSize: 50000000000 cacheProviderDir: cache + ## maxFileSizeLimit: + ## skipDuringUpload: + ## artifactory data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -884,6 +786,7 @@ artifactory: ## s3-storage-v3-archive ## azure-blob ## azure-blob-storage-direct + ## azure-blob-storage-v2-direct type: file-system ## Use binarystoreXml to provide a custom binarystore.xml ## This is intentionally commented and below previous content of binarystoreXml is moved under files/binarystore.xml @@ -981,7 +884,7 @@ artifactory: enablePathStyleAccess: false multiPartLimit: multipartElementSize: - ## For artifactory.persistence.type azure-blob, azure-blob-storage-direct + ## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, azure-blob-storage-v2-direct azureBlob: accountName: accountKey: @@ -993,6 +896,16 @@ artifactory: service: name: artifactory type: ClusterIP + ## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific) + ## This can be either SingleStack, PreferDualStack or RequireDualStack + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilyPolicy: "" + ## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific) + ## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"] + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilies: [] ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) ## Set this to a list of IP CIDR ranges ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] @@ -1009,63 +922,6 @@ artifactory: # nodePort: 32082 statefulset: annotations: {} - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - name: replicator - enabled: false - ## Extra environment variables that can be used to tune replicator to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: MY_ENV_VAR - # value: "" - resources: {} - # requests: - # memory: "100Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "1" - - # Add lifecycle hooks for replicator container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - - ingress: - name: - hosts: [] - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - ## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true - ## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads - trackerIngress: - enabled: false - name: - hosts: [] - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret ssh: enabled: false internalPort: 1339 @@ -1273,6 +1129,11 @@ metadata: extraEnvironmentVariables: # - name: MY_ENV_VAR # value: "" + image: + pullPolicy: IfNotPresent + registry: releases-docker.jfrog.io + repository: jfrog/artifactory-pro + # tag: resources: {} # requests: # memory: "100Mi" @@ -1496,6 +1357,11 @@ observability: extraEnvironmentVariables: # - name: MY_ENV_VAR # value: "" + image: + pullPolicy: IfNotPresent + registry: releases-docker.jfrog.io + repository: jfrog/artifactory-pro + # tag: resources: {} # requests: # memory: "100Mi" @@ -1551,15 +1417,6 @@ mc: maxThreads: 50 sendReasonPhrase: false extraConfig: 'acceptCount="100"' -# Init containers -initContainers: - resources: - requests: - memory: "50Mi" - cpu: "10m" - limits: - memory: "1Gi" - cpu: "1" # Nginx nginx: enabled: true @@ -1586,6 +1443,9 @@ nginx: annotations: {} terminationGracePeriodSeconds: 30 disableProxyBuffering: false + # singleStackIPv6Cluster flag, which manages the Nginx configuration to enable listening on IPv6 and proxy. + # If .Values.nginx.service.ipFamilies and .Values.artifactory.service.ipFamilies is configured for only IPv6, users need to enable this flag. + singleStackIPv6Cluster: false # Note that by default we use appVersion to get image tag/version image: registry: releases-docker.jfrog.io @@ -1634,6 +1494,7 @@ nginx: # Logs options logs: stderr: false + stdout: false level: warn ## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports. customPorts: [] @@ -1645,7 +1506,7 @@ nginx: # Main Nginx configuration file worker_processes 4; - {{ if .Values.nginx.logs.stderr }} + {{- if .Values.nginx.logs.stderr }} error_log stderr {{ .Values.nginx.logs.level }}; {{- else -}} error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; @@ -1656,7 +1517,11 @@ nginx: ## SSH Server Configuration stream { server { + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.ssh.internalPort }}; + {{- else -}} listen {{ .Values.nginx.ssh.internalPort }}; + {{- end }} proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; } } @@ -1700,7 +1565,11 @@ nginx: 'request_time = $request_time ' 'referer = \"$http_referer\" ' 'UA = \"$http_user_agent\"'; - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + {{- if .Values.nginx.logs.stdout }} + access_log /dev/stdout timing; + {{- else -}} + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + {{- end }} sendfile on; #tcp_nopush on; keepalive_timeout 65; @@ -1717,20 +1586,36 @@ nginx: {{- end }} ## server configuration server { - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- if .Values.nginx.internalPortHttps }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.internalPortHttps }} ssl; {{- else -}} + listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- end }} + {{- else -}} {{- if .Values.nginx.https.enabled }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.https.internalPort }} ssl; + {{- else -}} listen {{ .Values.nginx.https.internalPort }} ssl; {{- end }} {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; + {{- end }} + {{- if .Values.nginx.internalPortHttp }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.internalPortHttp }}; {{- else -}} + listen {{ .Values.nginx.internalPortHttp }}; + {{- end }} + {{- else -}} {{- if .Values.nginx.http.enabled }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.http.internalPort }}; + {{- else -}} listen {{ .Values.nginx.http.internalPort }}; {{- end }} {{- end }} + {{- end }} server_name ~(?.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} {{- range .Values.ingress.hosts -}} {{- if contains "." . -}} @@ -1805,6 +1690,16 @@ nginx: ## For minikube, set this to NodePort, elsewhere use LoadBalancer type: LoadBalancer ssloffload: false + ## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific) + ## This can be either SingleStack, PreferDualStack or RequireDualStack + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilyPolicy: "" + ## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific) + ## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"] + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilies: [] ## For supporting whitelist on the Nginx LoadBalancer service ## Set this to a list of IP CIDR ranges ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] @@ -1982,7 +1877,7 @@ filebeat: hosts: ["{{ .Values.filebeat.logstashUrl }}"] ## Allows to add additional kubernetes resources ## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml +## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-ha-values.yaml additionalResources: "" # Adding entries to a Pod's /etc/hosts file # For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index 09082a95e..1fdb40d04 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,13 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.77.11] - Nov 23, 2023 +## [107.84.10] - Feb 20, 2024 +* Updated `artifactory.installerInfo` content + +## [107.80.0] - Feb 1, 2024 +* Updated README.md to create a namespace using `--create-namespace` as part of helm install + +## [107.74.0] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 4a2799668..03e01cba4 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.11 +appVersion: 7.84.10 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.11 + version: 107.84.10 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.77.11 +version: 107.84.10 diff --git a/stable/artifactory-jcr/README.md b/stable/artifactory-jcr/README.md index 307a46b3a..c0051e61d 100644 --- a/stable/artifactory-jcr/README.md +++ b/stable/artifactory-jcr/README.md @@ -30,7 +30,7 @@ helm repo update ### Install Chart To install the chart with the release name `jfrog-container-registry`: ```bash -helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-jcr jfrog/artifactory-jcr +helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword= jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace ``` ### Accessing JFrog Container Registry @@ -39,7 +39,7 @@ helm upgrade --install jfrog-container-registry --set artifactory.postgresql.pos ### Updating JFrog Container Registry Once you have a new chart version, you can upgrade your deployment with ```bash -helm upgrade jfrog-container-registry jfrog/artifactory-jcr +helm upgrade jfrog-container-registry jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace ``` ### Special Upgrade Notes @@ -85,7 +85,7 @@ helm upgrade --install jfrog-container-registry \ --set artifactory.ingress.enabled=true \ --set artifactory.ingress.hosts[0]="artifactory.company.com" \ --set artifactory.artifactory.service.type=NodePort \ - --namespace artifactory-jcr jfrog/artifactory-jcr + jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace ``` To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: diff --git a/stable/artifactory-jcr/values.yaml b/stable/artifactory-jcr/values.yaml index 3065f24a4..2869e5a05 100644 --- a/stable/artifactory-jcr/values.yaml +++ b/stable/artifactory-jcr/values.yaml @@ -35,7 +35,7 @@ artifactory: # other: "" installer: platform: jcr-helm - installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + installerInfo: '{"productId":"Helm_artifactory-jcr/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' ## Nginx ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory nginx: @@ -69,8 +69,7 @@ postgresql: enabled: true router: image: - tag: 7.91.0 -logger: + tag: 7.105.1 +initContainers: image: - tag: 9.3.1475 -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 + tag: 9.3.1552 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 922945f58..827849008 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,13 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.77.11] - Nov 23, 2023 +## [107.84.10] - Feb 20, 2024 +* Updated `artifactory.installerInfo` content + +## [107.80.0] - Feb 1, 2024 +* Updated README.md to create a namespace using `--create-namespace` as part of helm install + +## [107.74.0] - Nov 23, 2023 * **IMPORTANT** * Added min kubeVersion ">= 1.19.0-0" in chart.yaml diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 38261e0cb..31738282d 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.77.11 +appVersion: 7.84.10 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.77.11 + version: 107.84.10 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.77.11 +version: 107.84.10 diff --git a/stable/artifactory-oss/README.md b/stable/artifactory-oss/README.md index ef040a86e..d98c8203a 100644 --- a/stable/artifactory-oss/README.md +++ b/stable/artifactory-oss/README.md @@ -30,7 +30,7 @@ helm repo update ### Install Chart To install the chart with the release name `artifactory-oss`: ```bash -helm upgrade --install artifactory-oss --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-oss jfrog/artifactory-oss +helm upgrade --install artifactory-oss --set artifactory.postgresql.postgresqlPassword= jfrog/artifactory-oss --namespace artifactory-oss --create-namespace ``` ### Accessing Artifactory OSS @@ -39,7 +39,7 @@ helm upgrade --install artifactory-oss --set artifactory.postgresql.postgresqlPa ### Updating Artifactory OSS Once you have a new chart version, you can upgrade your deployment with ```bash -helm upgrade artifactory-oss jfrog/artifactory-oss +helm upgrade artifactory-oss jfrog/artifactory-oss --namespace artifactory-oss --create-namespace ``` ### Special Upgrade Notes @@ -84,7 +84,7 @@ helm upgrade --install artifactory-oss \ --set artifactory.ingress.enabled=true \ --set artifactory.ingress.hosts[0]="artifactory.company.com" \ --set artifactory.artifactory.service.type=NodePort \ - --namespace artifactory-oss jfrog/artifactory-oss + jfrog/artifactory-oss --namespace artifactory-oss --create-namespace ``` To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: diff --git a/stable/artifactory-oss/values.yaml b/stable/artifactory-oss/values.yaml index e90cb04f7..e409b3a10 100644 --- a/stable/artifactory-oss/values.yaml +++ b/stable/artifactory-oss/values.yaml @@ -35,7 +35,7 @@ artifactory: # other: "" installer: platform: art-oss-helm - installerInfo: '{"productId": "Helm_artifactory-oss/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' + installerInfo: '{"productId":"Helm_artifactory-oss/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' ## Nginx ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory nginx: @@ -69,8 +69,7 @@ postgresql: enabled: true router: image: - tag: 7.91.0 -logger: + tag: 7.105.1 +initContainers: image: - tag: 9.3.1475 -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 + tag: 9.3.1552 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 501b801a3..4b53308d9 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,50 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.77.11] - April 22, 2024 +## [107.84.10] - May 2, 2024 +* Added image section for `initContainers` instead of `initContainerImage` +* Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` +* Removed image section for `loggers` +* Added support for `global.verisons.initContainers` to override `initContainers.image.tag` +* Fixed an issue with extraSystemYaml merge +* **IMPORTANT** +* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext` +* Renamed `artifactory.uid` to `artifactory.podSecurityContext.runAsUser` +* Renamed `artifactory.gid` to `artifactory.podSecurityContext.runAsGroup` and `artifactory.podSecurityContext.fsGroup` +* Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy` +* Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions` +* Added flag `allowNonPostgresql` defaults to false +* Update postgresql tag version to `15.6.0-debian-12-r5` +* Added a check if `initContainerImage` exists + +## [107.82.0] - Mar 04, 2024 +* Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router. +* Removed Replicator service + +## [107.81.0] - Feb 20, 2024 +* **IMPORTANT** +* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml) +* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given [GH-1848](https://github.com/jfrog/charts/pull/1848) +* Added option to modify the new cache configs, maxFileSizeLimit and skipDuringUpload +* Added IPV4/IPV6 Dualstack flag support for Artifactory and nginx service +* Added `singleStackIPv6Cluster` flag, which manages the Nginx configuration to enable listening on IPv6 and proxying. +* Fixing broken link for creating additional kubernetes resources. Refer [here](https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml) +* Refactored installerInfo configuration (moved to files/installer-info.json instead of key in values.yaml) + +## [107.80.0] - Feb 20, 2024 +* Updated README.md to create a namespace using `--create-namespace` as part of helm install + +## [107.79.0] - Feb 20, 2024 +* **IMPORTANT** +* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default +* Added support for azure-blob-storage-v2-direct config +* Added option to set Nginx to write access_log to container STDOUT +* **Important change:** +* Update postgresql tag version to `15.2.0-debian-11-r23` +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true + +## [107.77.0] - April 22, 2024 * Removed integration service * Added recommended postgresql sizing configurations under sizing directory * Updated artifactory-federation (probes, port, embedded mode) diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index 0cd199950..0e794b307 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.11 +appVersion: 7.84.10 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.77.11 +version: 107.84.10 diff --git a/stable/artifactory/README.md b/stable/artifactory/README.md index 27dddac45..da3304ee5 100644 --- a/stable/artifactory/README.md +++ b/stable/artifactory/README.md @@ -28,14 +28,14 @@ helm repo update ### Install Chart To install the chart with the release name `artifactory`: ```bash -helm upgrade --install artifactory --namespace artifactory jfrog/artifactory +helm upgrade --install artifactory jfrog/artifactory --namespace artifactory --create-namespace ``` ### Apply Sizing configurations to the Chart To apply the chart with recommended sizing configurations : For small configurations : ```bash -helm upgrade --install artifactory --namespace artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml +helm upgrade --install artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml --namespace artifactory --create-namespace ``` ## Uninstalling Artifactory diff --git a/stable/artifactory/ci/derby-test-values.yaml b/stable/artifactory/ci/derby-test-values.yaml index e6fe8d0e9..82ff48545 100644 --- a/stable/artifactory/ci/derby-test-values.yaml +++ b/stable/artifactory/ci/derby-test-values.yaml @@ -3,7 +3,8 @@ databaseUpgradeReady: true postgresql: enabled: false artifactory: - fsGroupChangePolicy: "OnRootMismatch" + podSecurityContext: + fsGroupChangePolicy: "OnRootMismatch" persistence: enabled: false resources: diff --git a/stable/artifactory/ci/global-values.yaml b/stable/artifactory/ci/global-values.yaml index af972d774..33bbf04a2 100644 --- a/stable/artifactory/ci/global-values.yaml +++ b/stable/artifactory/ci/global-values.yaml @@ -19,8 +19,8 @@ artifactory: xmx: "4g" customInitContainersBegin: | - name: "custom-init-begin-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -30,8 +30,8 @@ artifactory: name: artifactory-volume customInitContainers: | - name: "custom-init-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -51,8 +51,8 @@ artifactory: # Add custom sidecar containers customSidecarContainers: | - name: "sidecar-list-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -75,8 +75,8 @@ global: joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE customInitContainersBegin: | - name: "custom-init-begin-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -86,8 +86,8 @@ global: name: artifactory-volume customInitContainers: | - name: "custom-init-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -107,8 +107,8 @@ global: # Add custom sidecar containers customSidecarContainers: | - name: "sidecar-list-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -129,8 +129,8 @@ global: nginx: customInitContainers: | - name: "custom-init-begin-nginx" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'sh' - '-c' @@ -140,8 +140,8 @@ nginx: name: custom-script-local customSidecarContainers: | - name: "sidecar-list-nginx" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml b/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml index a81162f0d..a38969a8f 100644 --- a/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml +++ b/stable/artifactory/ci/rtsplit-values-access-tls-values.yaml @@ -4,15 +4,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false - replicator: - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" resources: requests: memory: "4Gi" diff --git a/stable/artifactory/ci/rtsplit-values.yaml b/stable/artifactory/ci/rtsplit-values.yaml index 5306e00e0..057ae9bf3 100644 --- a/stable/artifactory/ci/rtsplit-values.yaml +++ b/stable/artifactory/ci/rtsplit-values.yaml @@ -5,23 +5,6 @@ artifactory: masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF persistence: enabled: false - replicator: - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" - # Add lifecycle hooks for replicator container - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"] - preStop: - exec: - command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"] resources: requests: memory: "4Gi" diff --git a/stable/artifactory/ci/test-values.yaml b/stable/artifactory/ci/test-values.yaml index c76ab1cae..d7b40636e 100644 --- a/stable/artifactory/ci/test-values.yaml +++ b/stable/artifactory/ci/test-values.yaml @@ -8,16 +8,6 @@ artifactory: enabled: true persistence: enabled: false - replicator: - name: replicator - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" resources: requests: memory: "4Gi" diff --git a/stable/artifactory/files/binarystore.xml b/stable/artifactory/files/binarystore.xml index 4ecdf50fe..fa99e4d4f 100644 --- a/stable/artifactory/files/binarystore.xml +++ b/stable/artifactory/files/binarystore.xml @@ -16,6 +16,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- end }} @@ -41,6 +47,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- end }} @@ -66,6 +78,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} @@ -128,6 +146,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- if eq .Values.artifactory.persistence.type "cluster-google-storage-v2" }} @@ -204,6 +228,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64}} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- end }} @@ -334,6 +364,12 @@ {{ .Values.artifactory.persistence.maxCacheSize | int64 }} {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} {{- if eq .Values.artifactory.persistence.type "cluster-azure-blob-storage" }} @@ -363,4 +399,28 @@ {{ .Values.artifactory.persistence.azureBlob.testConnection }} +{{- end }} +{{- if eq .Values.artifactory.persistence.type "azure-blob-storage-v2-direct" -}} + + + + {{ .Values.artifactory.persistence.maxCacheSize | int64 }} + {{ .Values.artifactory.persistence.cacheProviderDir }} + {{- if .Values.artifactory.persistence.maxFileSizeLimit }} + {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} + {{- end }} + {{- if .Values.artifactory.persistence.skipDuringUpload }} + {{.Values.artifactory.persistence.skipDuringUpload}} + {{- end }} + + + {{ .Values.artifactory.persistence.azureBlob.accountName }} + {{ .Values.artifactory.persistence.azureBlob.accountKey }} + {{ .Values.artifactory.persistence.azureBlob.endpoint }} + {{ .Values.artifactory.persistence.azureBlob.containerName }} + {{ .Values.artifactory.persistence.azureBlob.multiPartLimit | int64 }} + {{ .Values.artifactory.persistence.azureBlob.multipartElementSize | int64 }} + {{ .Values.artifactory.persistence.azureBlob.testConnection }} + + {{- end }} \ No newline at end of file diff --git a/stable/artifactory/files/installer-info.json b/stable/artifactory/files/installer-info.json new file mode 100644 index 000000000..79f42ed16 --- /dev/null +++ b/stable/artifactory/files/installer-info.json @@ -0,0 +1,32 @@ +{ + "productId": "Helm_artifactory/{{ .Chart.Version }}", + "features": [ + { + "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}" + }, + { + "featureId": "Database/{{ .Values.database.type }}" + }, + { + "featureId": "PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}" + }, + { + "featureId": "Nginx_Enabled/{{ .Values.nginx.enabled }}" + }, + { + "featureId": "ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}" + }, + { + "featureId": "SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}" + }, + { + "featureId": "UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}" + }, + { + "featureId": "Filebeat_Enabled/{{ .Values.filebeat.enabled }}" + }, + { + "featureId": "ReplicaCount/{{ .Values.artifactory.replicaCount }}" + } + ] +} \ No newline at end of file diff --git a/stable/artifactory/files/migrate.sh b/stable/artifactory/files/migrate.sh index f3d64a4e6..ba44160f4 100644 --- a/stable/artifactory/files/migrate.sh +++ b/stable/artifactory/files/migrate.sh @@ -2916,9 +2916,6 @@ yamlMigrate () { if [[ ! -z "${value}" ]]; then value=$(updateConnectionString "${yamlPath}" "${value}") fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi if [[ -z "${value}" ]]; then logger "No value for [${key}] in [${sourceFile}]" else @@ -4218,26 +4215,13 @@ commentNodeId () { artifactoryInfoMessage () { if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - addText "# yamlFile was generated from db.properties,replicator.yaml and ha-node.properties config files." "${SYSTEM_YAML_PATH}" + addText "# yamlFile was generated from db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" else - addText "# yamlFile was generated from default file,replicator.yaml,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" + addText "# yamlFile was generated from default file,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" fi } -replicatorProfiling () { - - if [[ "${key}" == "profilingDisabled" ]]; then - if [[ ! -z "${value}" ]]; then - if [[ "${value}" == "false" ]]; then - value="true" - else - value="false" - fi - fi - fi -} - setHaEnabled_hook () { local filePath="$1" if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then @@ -4277,27 +4261,9 @@ _createBackupOfLogBackDir () { removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}" } - -_createBackupOfReplicatorRtYaml () { - local backupDir="$1" - local replicatorRtYamlFile="${NEW_DATA_DIR}/etc/replicator/replicator.artifactory.yaml" - local effectiveUser= - local effectiveGroup= - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - removeSoftLinkAndCreateDir "${backupDir}/replicatorYamlFile" "${effectiveUser}" "${effectiveGroup}" "yes" - removeFileOperation "${backupDir}/replicatorYamlFile" "${replicatorRtYamlFile}" -} - backupFiles_hook () { local backupDirectory="$1" _createBackupOfLogBackDir "${backupDirectory}" - _createBackupOfReplicatorRtYaml "${backupDirectory}" } migrateArtifactory () { diff --git a/stable/artifactory/files/migrationHelmInfo.yaml b/stable/artifactory/files/migrationHelmInfo.yaml index 16cee9e5d..016bea02d 100644 --- a/stable/artifactory/files/migrationHelmInfo.yaml +++ b/stable/artifactory/files/migrationHelmInfo.yaml @@ -11,10 +11,6 @@ migration: work/access=access/tmp log/archived/access=access/logs log/archived/artifactory=logs - etc/replicator=replicator/etc - backup/replicator=replicator/backup - data/replicator=replicator/data - log/archived/replicator=replicator/logs linkFiles: map: # Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value @@ -27,6 +23,5 @@ migration: # Note $JF_ROOT_DATA_DIR will be prepended to the map entry map: access - replicator metadata logs \ No newline at end of file diff --git a/stable/artifactory/files/system.yaml b/stable/artifactory/files/system.yaml new file mode 100644 index 000000000..d60122680 --- /dev/null +++ b/stable/artifactory/files/system.yaml @@ -0,0 +1,142 @@ +router: + serviceRegistry: + insecure: {{ .Values.router.serviceRegistry.insecure }} +shared: +{{- if .Values.artifactory.coldStorage.enabled }} + jfrogColdStorage: + coldInstanceEnabled: true +{{- end }} +{{- if .Values.artifactory.openMetrics.enabled }} + metrics: + enabled: true + {{- if .Values.artifactory.openMetrics.filebeat.enabled }} + filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }} + {{- end }} +{{- end }} + logging: + consoleLog: + enabled: {{ .Values.artifactory.consoleLog }} + extraJavaOpts: > + -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }} + -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} + {{- with .Values.artifactory.javaOpts }} + {{- if .corePoolSize }} + -Dartifactory.async.corePoolSize={{ .corePoolSize }} + {{- end }} + {{- if .xms }} + -Xms{{ .xms }} + {{- end }} + {{- if .xmx }} + -Xmx{{ .xmx }} + {{- end }} + {{- if .jmx.enabled }} + -Dcom.sun.management.jmxremote + -Dcom.sun.management.jmxremote.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} + -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} + {{- if .jmx.host }} + -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} + {{- else }} + -Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }} + {{- end }} + {{- if .jmx.authenticate }} + -Dcom.sun.management.jmxremote.authenticate=true + -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} + -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} + {{- else }} + -Dcom.sun.management.jmxremote.authenticate=false + {{- end }} + {{- end }} + {{- if .other }} + {{ .other }} + {{- end }} + {{- end }} + {{- if or .Values.database.type .Values.postgresql.enabled }} + database: + allowNonPostgresql: {{ .Values.database.allowNonPostgresql }} + {{- if .Values.postgresql.enabled }} + type: postgresql + url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" + driver: org.postgresql.Driver + username: "{{ .Values.postgresql.postgresqlUsername }}" + {{- else }} + type: "{{ .Values.database.type }}" + driver: "{{ .Values.database.driver }}" + {{- end }} + {{- end }} +artifactory: +{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} + node: + {{- if .Values.artifactory.haDataDir.path }} + haDataDir: {{ .Values.artifactory.haDataDir.path }} + {{- end }} + {{- if .Values.artifactory.haBackupDir.path }} + haBackupDir: {{ .Values.artifactory.haBackupDir.path }} + {{- end }} +{{- end }} + database: + maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} + tomcat: + maintenanceConnector: + port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }} + connector: + maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} + sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }} + extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} +frontend: + session: + timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} +access: + database: + maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} + sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }} + extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} +{{- if .Values.mc.enabled }} +mc: + enabled: true + database: + maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }} + idgenerator: + maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }} + tomcat: + connector: + maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }} + sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }} + extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }} +{{- end }} +metadata: + database: + maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} +{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} +jfconnect: + enabled: true +{{- else }} +jfconnect: + enabled: false +jfconnect_service: + enabled: false +{{- end }} +{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} +federation: + enabled: true + embedded: {{ .Values.federation.embedded }} + extraJavaOpts: {{ .Values.federation.extraJavaOpts }} + port: {{ .Values.federation.internalPort }} +rtfs: + database: + driver: org.postgresql.Driver + type: postgresql + username: {{ .Values.federation.database.username }} + password: {{ .Values.federation.database.password }} + url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }} +{{- else }} +federation: + enabled: false +{{- end }} +{{- if .Values.event.webhooks }} +event: + webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/stable/artifactory/templates/NOTES.txt b/stable/artifactory/templates/NOTES.txt index 127c1a51d..d8d5283f2 100644 --- a/stable/artifactory/templates/NOTES.txt +++ b/stable/artifactory/templates/NOTES.txt @@ -37,6 +37,13 @@ Congratulations. You have just deployed JFrog Artifactory! {{- end }} {{- end }} +{{- if .Values.artifactory.setSecurityContext }} +****************************************** WARNING ********************************************** +* From chart version 107.84.x, `setSecurityContext` has been renamed to `podSecurityContext`, * + please change your values.yaml before upgrade , For more Info , refer to 107.84.x changelog * +************************************************************************************************* +{{- end }} + {{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }} ****************************************** WARNING ************************************************************************************************** * The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.* diff --git a/stable/artifactory/templates/_helpers.tpl b/stable/artifactory/templates/_helpers.tpl index 424aa718e..03de977a0 100644 --- a/stable/artifactory/templates/_helpers.tpl +++ b/stable/artifactory/templates/_helpers.tpl @@ -30,33 +30,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} - -{{/* -Create a default fully qualified replicator app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory.replicator.fullname" -}} -{{- if .Values.artifactory.replicator.ingress.name -}} -{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified replicator tracker ingress name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "artifactory.replicator.tracker.fullname" -}} -{{- if .Values.artifactory.replicator.trackerIngress.name -}} -{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - {{/* Create a default fully qualified nginx name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -262,6 +235,9 @@ Return the proper artifactory chart image names {{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }} {{- $tag = $dot.Values.global.versions.router | toString -}} {{- end -}} + {{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }} + {{- $tag = $dot.Values.global.versions.initContainers | toString -}} + {{- end -}} {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} {{- $tag = $dot.Values.global.versions.artifactory | toString -}} {{- end -}} @@ -326,9 +302,6 @@ Resolve requiredServiceTypes value {{- if .Values.jfconnect.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}} {{- end -}} -{{- if .Values.artifactory.replicator.enabled -}} - {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfxfer" -}} -{{- end -}} {{- if .Values.mc.enabled -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}} {{- end -}} @@ -469,3 +442,17 @@ if the volume exists in customVolume then an extra volume with the same name wil {{- printf "%s" "false" -}} {{- end -}} {{- end -}} + +{{/* +Calculate the systemYaml from structured and unstructured text input +*/}} +{{- define "artifactory.finalSystemYaml" -}} +{{ tpl (mergeOverwrite (include "artifactory.systemYaml" . | fromYaml) .Values.artifactory.extraSystemYaml | toYaml) . }} +{{- end -}} + +{{/* +Calculate the systemYaml from the unstructured text input +*/}} +{{- define "artifactory.systemYaml" -}} +{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} +{{- end -}} diff --git a/stable/artifactory/templates/_system-yaml-render.tpl b/stable/artifactory/templates/_system-yaml-render.tpl new file mode 100644 index 000000000..deaa773ea --- /dev/null +++ b/stable/artifactory/templates/_system-yaml-render.tpl @@ -0,0 +1,5 @@ +{{- if .Values.artifactory.systemYaml -}} +{{- tpl .Values.artifactory.systemYaml . -}} +{{- else -}} +{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }} +{{- end -}} \ No newline at end of file diff --git a/stable/artifactory/templates/artifactory-installer-info.yaml b/stable/artifactory/templates/artifactory-installer-info.yaml index f2e2c0f5b..cfb95b67d 100644 --- a/stable/artifactory/templates/artifactory-installer-info.yaml +++ b/stable/artifactory/templates/artifactory-installer-info.yaml @@ -9,4 +9,8 @@ metadata: release: {{ .Release.Name }} data: installer-info.json: | - {{ tpl .Values.installerInfo . }} +{{- if .Values.installerInfo -}} +{{- tpl .Values.installerInfo . | nindent 4 -}} +{{- else -}} +{{ (tpl ( .Files.Get "files/installer-info.json" | nindent 4 ) .) }} +{{- end -}} diff --git a/stable/artifactory/templates/artifactory-license-secret.yaml b/stable/artifactory/templates/artifactory-license-secret.yaml index 236cc97de..ba83aaf24 100644 --- a/stable/artifactory/templates/artifactory-license-secret.yaml +++ b/stable/artifactory/templates/artifactory-license-secret.yaml @@ -1,4 +1,4 @@ -{{ if (not .Values.artifactory.unifiedSecretInstallation) }} +{{ if and (not .Values.artifactory.unifiedSecretInstallation) (not .Values.artifactory.license.secret) (not .Values.artifactory.license.licenseKey) }} {{- with .Values.artifactory.license.licenseKey }} apiVersion: v1 kind: Secret diff --git a/stable/artifactory/templates/artifactory-secrets.yaml b/stable/artifactory/templates/artifactory-secrets.yaml index 31009b698..266d8e39a 100644 --- a/stable/artifactory/templates/artifactory-secrets.yaml +++ b/stable/artifactory/templates/artifactory-secrets.yaml @@ -1,4 +1,5 @@ {{- if not .Values.artifactory.unifiedSecretInstallation }} +{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.jfConnectToken .Values.artifactory.masterKey .Values.global.masterKey }} apiVersion: v1 kind: Secret metadata: @@ -25,4 +26,5 @@ data: jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }} {{- end }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/stable/artifactory/templates/artifactory-service.yaml b/stable/artifactory/templates/artifactory-service.yaml index f83904e27..ab8f9d6ce 100644 --- a/stable/artifactory/templates/artifactory-service.yaml +++ b/stable/artifactory/templates/artifactory-service.yaml @@ -16,6 +16,12 @@ metadata: {{ toYaml .Values.artifactory.service.annotations | indent 4 }} {{- end }} spec: + {{- if .Values.artifactory.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.artifactory.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }} + {{- end }} type: {{ .Values.artifactory.service.type }} {{- if .Values.artifactory.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml index bfbc58698..5309dddad 100644 --- a/stable/artifactory/templates/artifactory-statefulset.yaml +++ b/stable/artifactory/templates/artifactory-statefulset.yaml @@ -12,7 +12,7 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 11.x.x) that has postgresql.image.tag of 9.x or 10.x or 12.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 12.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 107.79.x) that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 107.79.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.artifactory.statefulset.annotations }} annotations: @@ -30,6 +30,20 @@ metadata: {{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }} {{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }} {{- end }} +{{- if (eq (.Values.artifactory.setSecurityContext | toString) "false" ) }} + {{- fail "\n You need to set security context at the pod level. .Values.artifactory.setSecurityContext is no longer supported. Replace it with .Values.artifactory.podSecurityContext" }} +{{- end }} +{{- if or .Values.artifactory.uid .Values.artifactory.gid }} +{{- if or (not (eq (.Values.artifactory.uid | toString) "1030" )) (not (eq (.Values.artifactory.gid | toString) "1030" )) }} + {{- fail "\n .Values.artifactory.uid and .Values.artifactory.gid are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.runAsUser .Values.artifactory.podSecurityContext.runAsGroup and .Values.artifactory.podSecurityContext.fsGroup" }} +{{- end }} +{{- end }} +{{- if or .Values.artifactory.fsGroupChangePolicy .Values.artifactory.seLinuxOptions }} + {{- fail "\n .Values.artifactory.fsGroupChangePolicy and .Values.artifactory.seLinuxOptions are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.fsGroupChangePolicy and .Values.artifactory.podSecurityContext.seLinuxOptions" }} +{{- end }} +{{- if .Values.initContainerImage }} + {{- fail "\n .Values.initContainerImage is no longer supported. Replace it with .Values.initContainers.image.registry .Values.initContainers.image.repository and .Values.initContainers.image.tag" }} +{{- end }} spec: serviceName: {{ template "artifactory.name" . }} replicas: {{ .Values.artifactory.replicaCount }} @@ -87,19 +101,8 @@ spec: {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory.imagePullSecrets" . | indent 6 }} {{- end }} - {{- if .Values.artifactory.setSecurityContext }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.artifactory.uid }} - runAsGroup: {{ .Values.artifactory.gid }} - fsGroup: {{ .Values.artifactory.gid }} - {{- if .Values.artifactory.fsGroupChangePolicy }} - fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }} - {{- end }} - {{- if .Values.artifactory.seLinuxOptions }} - seLinuxOptions: - {{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }} - {{- end }} + {{- if .Values.artifactory.podSecurityContext.enabled }} + securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.artifactory.topologySpreadConstraints }} topologySpreadConstraints: @@ -112,8 +115,8 @@ spec: {{- if .Values.artifactory.persistence.enabled }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - name: "delete-db-properties" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -130,8 +133,8 @@ spec: {{- end }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - name: "access-bootstrap-creds" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -148,7 +151,7 @@ spec: volumeMounts: - name: artifactory-volume mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }} - name: access-bootstrap-creds {{- else }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} @@ -161,7 +164,8 @@ spec: {{- end }} {{- end }} - name: 'copy-system-configurations' - image: '{{ .Values.initContainerImage }}' + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -219,7 +223,7 @@ spec: - name: ARTIFACTORY_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory.joinKeySecretName" . }} {{- else }} name: "{{ template "artifactory.name" . }}-unified-secret" @@ -230,7 +234,7 @@ spec: - name: ARTIFACTORY_JFCONNECT_TOKEN valueFrom: secretKeyRef: - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory.jfConnectTokenSecretName" . }} {{- else }} name: "{{ template "artifactory.name" . }}-unified-secret" @@ -241,7 +245,7 @@ spec: - name: ARTIFACTORY_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory.masterKeySecretName" . }} {{- else }} name: "{{ template "artifactory.name" . }}-unified-secret" @@ -251,8 +255,7 @@ spec: volumeMounts: - name: artifactory-volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} @@ -260,11 +263,12 @@ spec: {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.artifactory.systemYaml }} + {{- else }} mountPath: "/tmp/etc/system.yaml" subPath: "system.yaml" {{- end }} - {{- end }} + + ######################## Binarystore ########################## {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} @@ -272,6 +276,8 @@ spec: {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml + + ######################## Access config ########################## {{- if .Values.access.accessConfig }} {{- if not .Values.artifactory.unifiedSecretInstallation }} - name: access-config @@ -281,6 +287,8 @@ spec: mountPath: "/tmp/etc/access.config.patch.yml" subPath: "access.config.patch.yml" {{- end }} + + ######################## Access certs external secret ########################## {{- if .Values.access.customCertificatesSecretName }} - name: access-certs mountPath: "/tmp/etc/tls.crt" @@ -289,9 +297,11 @@ spec: mountPath: "/tmp/etc/tls.key" subPath: tls.key {{- end }} + {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: copy-custom-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -311,7 +321,8 @@ spec: {{- if .Values.artifactory.circleOfTrustCertificatesSecret }} - name: copy-circle-of-trust-certificates - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -332,7 +343,8 @@ spec: {{- if .Values.waitForDatabase }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -451,29 +463,37 @@ spec: subPath: migrationStatus.sh - name: artifactory-volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + + ######################## Artifactory persistence nfs ########################## {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + + ######################## Artifactory persistence binarystore Xml ########################## + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: "binarystore.xml" + + ######################## Artifactory persistence google storage ########################## {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - {{- if (not .Values.artifactory.unifiedSecretInstallation) }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} {{- end }} mountPath: "/artifactory_bootstrap/gcp.credentials.json" subPath: gcp.credentials.json + {{- end }} {{- end }} - {{- end }} + + ######################## CustomVolumeMounts ########################## {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} {{- end }} @@ -486,7 +506,7 @@ spec: {{- if .Values.splitServicesToContainers }} - name: {{ .Values.router.name }} image: {{ include "artifactory.getImageInfoByValue" (list . "router") }} - imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.router.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -699,36 +719,6 @@ spec: livenessProbe: {{ tpl .Values.event.livenessProbe.config . | indent 10 }} {{- end }} - {{- end }} - {{- if .Values.artifactory.replicator.enabled }} - - name: {{ .Values.artifactory.replicator.name }} - image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} - command: - - '/bin/bash' - - '-c' - - > - exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start - {{- with .Values.artifactory.replicator.lifecycle }} - lifecycle: -{{ toYaml . | indent 10 }} - {{- end }} - env: - - name: JF_SHARED_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name -{{- with .Values.artifactory.replicator.extraEnvironmentVariables }} -{{ tpl (toYaml .) $ | indent 8 }} -{{- end }} - volumeMounts: - - name: artifactory-volume - mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - resources: -{{ toYaml .Values.artifactory.replicator.resources | indent 10 }} {{- end }} {{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} - name: {{ .Values.jfconnect.name }} @@ -922,10 +912,6 @@ spec: value: "false" - name : JF_FRONTEND_ENABLED value: "false" - - name: JF_REPLICATOR_ENABLED - value: "true" - - name: JF_REPLICATOR_SERVICE_ENABLED - value: "false" - name: JF_FEDERATION_ENABLED value: "false" - name : JF_OBSERVABILITY_ENABLED @@ -1025,16 +1011,22 @@ spec: {{- end }} - name: artifactory-volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + + ######################## Artifactory config map ########################## {{- if .Values.artifactory.configMapName }} - name: bootstrap-config mountPath: "/bootstrap/" {{- end }} + + ######################## Artifactory persistence nfs ########################## {{- if eq .Values.artifactory.persistence.type "nfs" }} - name: artifactory-data mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" - name: artifactory-backup mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" {{- else }} + + ######################## Artifactory persistence binarystoreXml ########################## {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} - name: binarystore-xml {{- else }} @@ -1042,8 +1034,10 @@ spec: {{- end }} mountPath: "/tmp/etc/artifactory/binarystore.xml" subPath: binarystore.xml + + ######################## Artifactory persistence googleStorage ########################## {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} - {{- if not .Values.artifactory.unifiedSecretInstallation }} + {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }} - name: gcpcreds-json {{- else }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} @@ -1052,6 +1046,8 @@ spec: subPath: gcp.credentials.json {{- end }} {{- end }} + + ######################## Artifactory license ########################## {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }} - name: artifactory-license @@ -1065,6 +1061,7 @@ spec: subPath: artifactory.lic {{- end }} {{- end }} + - name: installer-info mountPath: "/artifactory_bootstrap/info/installer-info.json" subPath: installer-info.json @@ -1088,7 +1085,8 @@ spec: {{- $mountPath := .Values.artifactory.persistence.mountPath }} {{- range .Values.artifactory.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1108,7 +1106,8 @@ spec: {{ if .Values.artifactory.catalinaLoggers }} {{- range .Values.artifactory.catalinaLoggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1335,12 +1334,12 @@ spec: secret: secretName: {{ template "artifactory.fullname" . }}-license {{- end }} - {{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }} + {{- if and .Values.artifactory.admin.password (and (not .Values.artifactory.admin.secret) (not .Values.artifactory.admin.dataKey)) }} - name: access-bootstrap-creds secret: secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds {{- end }} - {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }} + {{- if and (not .Values.systemYamlOverride.existingSecret) }} - name: systemyaml secret: secretName: {{ printf "%s-%s" (include "artifactory.fullname" .) "systemyaml" }} @@ -1396,4 +1395,4 @@ spec: resources: requests: storage: {{ .Values.artifactory.customPersistentVolumeClaim.size }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/stable/artifactory/templates/artifactory-system-yaml.yaml b/stable/artifactory/templates/artifactory-system-yaml.yaml index ced943bdd..80974274d 100644 --- a/stable/artifactory/templates/artifactory-system-yaml.yaml +++ b/stable/artifactory/templates/artifactory-system-yaml.yaml @@ -11,5 +11,6 @@ metadata: type: Opaque stringData: system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} +{{ include "artifactory.finalSystemYaml" . | nindent 4 }} {{- end }} + diff --git a/stable/artifactory/templates/artifactory-unified-secret.yaml b/stable/artifactory/templates/artifactory-unified-secret.yaml index 3306ab6f6..ce8f113cc 100644 --- a/stable/artifactory/templates/artifactory-unified-secret.yaml +++ b/stable/artifactory/templates/artifactory-unified-secret.yaml @@ -17,7 +17,7 @@ stringData: {{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} {{- end }} -{{- if and (not .Values.artifactory.persistence.customBinarystoreXmlSecret) }} +{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} binarystore.xml: |- {{- if .Values.artifactory.persistence.binarystoreXml }} {{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} @@ -26,9 +26,9 @@ stringData: {{- end }} {{- end }} -{{- if not .Values.systemYamlOverride.existingSecret }} +{{- if and (not .Values.systemYamlOverride.existingSecret) }} system.yaml: | -{{ tpl .Values.artifactory.systemYaml . | indent 4 }} +{{ include "artifactory.finalSystemYaml" . | nindent 4 }} {{- end }} {{- if and .Values.artifactory.customSecrets }} @@ -69,9 +69,11 @@ data: {{- end }} {{- end }} + {{- if not .Values.artifactory.license.secret }} {{- with .Values.artifactory.license.licenseKey }} artifactory.lic: {{ . | b64enc | quote }} {{- end }} + {{- end }} {{- if or .Values.artifactory.masterKey .Values.global.masterKey }} {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} @@ -83,8 +85,8 @@ data: join-key: {{ include "artifactory.joinKey" . | b64enc | quote }} {{- end }} {{- end }} - {{- if .Values.artifactory.jfConnectToken }} - {{- if not (.Values.artifactory.jfConnectTokenSecretName) }} + {{- if .Values.artifactory.jfConnectToken }} + {{- if not .Values.artifactory.jfConnectTokenSecretName }} jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }} {{- end }} {{- end }} diff --git a/stable/artifactory/templates/ingress.yaml b/stable/artifactory/templates/ingress.yaml index eecddfd99..fca895e47 100644 --- a/stable/artifactory/templates/ingress.yaml +++ b/stable/artifactory/templates/ingress.yaml @@ -56,6 +56,7 @@ spec: name: {{ $serviceName }} port: number: {{ $servicePort }} + {{- if not $.Values.ingress.disableRouterBypass }} - path: {{ $.Values.ingress.artifactoryPath }} pathType: ImplementationSpecific backend: @@ -63,6 +64,7 @@ spec: name: {{ $serviceName }} port: number: {{ $artifactoryServicePort }} + {{- end }} {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} - path: {{ $.Values.ingress.rtfsPath }} pathType: ImplementationSpecific @@ -82,10 +84,12 @@ spec: backend: serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} + {{- if not $.Values.ingress.disableRouterBypass }} - path: {{ $.Values.ingress.artifactoryPath }} backend: serviceName: {{ $serviceName }} servicePort: {{ $artifactoryServicePort }} + {{- end }} {{- end }} {{- end }} {{- end -}} @@ -97,159 +101,7 @@ spec: tls: {{ toYaml .Values.ingress.tls | indent 4 }} {{- end -}} -{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }} ---- -{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -apiVersion: networking.k8s.io/v1 - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorIngressName }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.ingress.annotations }} - annotations: -{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if and (or .Values.ingress.className .Values.artifactory.replicator.ingress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }} - {{- end }} - {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - defaultBackend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.ingress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- else }} - {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: /replicator/ - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - - path: /artifactory/api/replication/replicate/file/streaming - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end -}} - {{- if .Values.artifactory.replicator.ingress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} -{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} ---- -{{- $replicatorTrackerIngressName := default ( include "artifactory.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} -apiVersion: networking.k8s.io/v1 - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} -apiVersion: extensions/v1beta1 - {{- end }} -kind: Ingress -metadata: - name: {{ $replicatorTrackerIngressName }} - labels: - app: "{{ template "artifactory.name" $ }}" - chart: "{{ template "artifactory.chart" $ }}" - release: {{ $.Release.Name | quote }} - heritage: {{ $.Release.Service | quote }} - {{- if .Values.artifactory.replicator.trackerIngress.annotations }} - annotations: -{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}} - {{- end }} -spec: - {{- if and (or .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }} - {{- end }} - {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - defaultBackend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} - rules: -{{- if .Values.artifactory.replicator.trackerIngress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} - {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end }} - {{- else }} - {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - - host: {{ $host | quote }} - http: - paths: - - path: / - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} -{{- end -}} - {{- if .Values.artifactory.replicator.trackerIngress.tls }} - tls: -{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }} - {{- end -}} -{{- end -}} + {{- if .Values.customIngress }} --- {{ .Values.customIngress | toYaml | trimSuffix "\n" }} diff --git a/stable/artifactory/templates/nginx-deployment.yaml b/stable/artifactory/templates/nginx-deployment.yaml index a12c0c030..dac769461 100644 --- a/stable/artifactory/templates/nginx-deployment.yaml +++ b/stable/artifactory/templates/nginx-deployment.yaml @@ -68,8 +68,8 @@ spec: {{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }} {{- end }} - name: "setup" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -157,7 +157,8 @@ spec: {{- $mountPath := .Values.nginx.persistence.mountPath }} {{- range .Values.nginx.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} - image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} + image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - tail args: diff --git a/stable/artifactory/templates/nginx-service.yaml b/stable/artifactory/templates/nginx-service.yaml index 5ae4077a2..7204d9f46 100644 --- a/stable/artifactory/templates/nginx-service.yaml +++ b/stable/artifactory/templates/nginx-service.yaml @@ -14,6 +14,12 @@ metadata: {{ toYaml .Values.nginx.service.annotations | indent 4 }} {{- end }} spec: + {{- if .Values.nginx.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.nginx.service.ipFamilyPolicy }} + {{- end }} + {{- if not (empty .Values.nginx.service.ipFamilies)}} + ipFamilies: {{- toYaml .Values.nginx.service.ipFamilies | nindent 4 }} + {{- end }} type: {{ .Values.nginx.service.type }} {{- if eq .Values.nginx.service.type "LoadBalancer" }} {{ if .Values.nginx.service.loadBalancerIP -}} diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml index 4b21be599..3df8bd9b4 100644 --- a/stable/artifactory/values.yaml +++ b/stable/artifactory/values.yaml @@ -12,7 +12,8 @@ global: ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion ## This applies also for nginx images (.Values.nginx.image.tag) versions: {} - # artifactory: + # artifactory: + # initContainers: # joinKey: # masterKey: # joinKeySecretName: @@ -42,9 +43,14 @@ global: ## String to fully override artifactory.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475 + # Init containers initContainers: + image: + registry: releases-docker.jfrog.io + repository: ubi9/ubi-minimal + tag: 9.3.1552 + pullPolicy: IfNotPresent resources: requests: memory: "50Mi" @@ -55,7 +61,10 @@ initContainers: installer: type: platform: -installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' +## The installerInfo is intentionally commented out and the previous content has been moved under `files/installer-info.json` +## To override the content in `files/installer-info.json`, Uncomment the `installerInfo` and add relevant data +# installerInfo: '{}' + # For supporting pulling from private registries # imagePullSecrets: # - myRegistryKeySecretName @@ -128,6 +137,8 @@ ingress: # Additional ingress rules additionalRules: [] + # This is an experimental feature, enabling this feature will route all traffic through the Router. + disableRouterBypass: false ## Allows to add custom ingress customIngress: "" networkpolicy: [] @@ -158,11 +169,6 @@ autoscaling: minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 70 -logger: - image: - registry: releases-docker.jfrog.io - repository: ubi9/ubi-minimal - tag: 9.3.1475 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -170,10 +176,19 @@ aws: enabled: false licenseConfigSecretName: region: us-east-1 +## Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## containerSecurityContext: enabled: true runAsNonRoot: true + privileged: false allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault @@ -187,8 +202,8 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.91.0 - imagePullPolicy: IfNotPresent + tag: 7.105.1 + pullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled insecure: false @@ -269,8 +284,9 @@ artifactory: ## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. circleOfTrustCertificatesSecret: - # unifiedSecretInstallation flag enables single unified secret holding all the artifactory secrets - unifiedSecretInstallation: false + # unifiedSecretInstallation flag enables single unified secret holding all the artifactory internal(chart) secrets, It won't be affecting external secrets. + ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.79.x, Users can switch to false to continue with the old way of secret creation. + unifiedSecretInstallation: true # For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above. replicaCount: 1 # minAvailable: 1 @@ -410,8 +426,8 @@ artifactory: ## Add custom init containers execution before predefined init containers customInitContainersBegin: "" # - name: "custom-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -429,8 +445,8 @@ artifactory: ## Add custom init containers execution after predefined init containers customInitContainers: "" # - name: "custom-systemyaml-setup" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -449,8 +465,8 @@ artifactory: # - The provided example uses a custom volume (customVolumes) customSidecarContainers: "" # - name: "sidecar-list-etc" - # image: "{{ .Values.initContainerImage }}" - # imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + # image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }} + # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} # securityContext: # runAsNonRoot: true # allowPrivilegeEscalation: false @@ -609,156 +625,34 @@ artifactory: # name: my-secret-name # key: my-secret-key - systemYaml: | - router: - serviceRegistry: - insecure: {{ .Values.router.serviceRegistry.insecure }} - shared: - {{- if .Values.artifactory.coldStorage.enabled }} - jfrogColdStorage: - coldInstanceEnabled: true - {{- end }} - {{- if .Values.artifactory.openMetrics.enabled }} - metrics: - enabled: true - {{- if .Values.artifactory.openMetrics.filebeat.enabled }} - filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }} - {{- end }} - {{- end }} - logging: - consoleLog: - enabled: {{ .Values.artifactory.consoleLog }} - extraJavaOpts: > - -Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }} - -Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }} - {{- with .Values.artifactory.javaOpts }} - {{- if .corePoolSize }} - -Dartifactory.async.corePoolSize={{ .corePoolSize }} - {{- end }} - {{- if .xms }} - -Xms{{ .xms }} - {{- end }} - {{- if .xmx }} - -Xmx{{ .xmx }} - {{- end }} - {{- if .jmx.enabled }} - -Dcom.sun.management.jmxremote - -Dcom.sun.management.jmxremote.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }} - -Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }} - {{- if .jmx.host }} - -Djava.rmi.server.hostname={{ tpl .jmx.host $ }} - {{- else }} - -Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }} - {{- end }} - {{- if .jmx.authenticate }} - -Dcom.sun.management.jmxremote.authenticate=true - -Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }} - -Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }} - {{- else }} - -Dcom.sun.management.jmxremote.authenticate=false - {{- end }} - {{- end }} - {{- if .other }} - {{ .other }} - {{- end }} - {{- end }} - {{- if or .Values.database.type .Values.postgresql.enabled }} - database: - {{- if .Values.postgresql.enabled }} - type: postgresql - url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}" - driver: org.postgresql.Driver - username: "{{ .Values.postgresql.postgresqlUsername }}" - {{- else }} - type: "{{ .Values.database.type }}" - driver: "{{ .Values.database.driver }}" - {{- end }} - {{- end }} - artifactory: - {{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }} - node: - {{- if .Values.artifactory.haDataDir.path }} - haDataDir: {{ .Values.artifactory.haDataDir.path }} - {{- end }} - {{- if .Values.artifactory.haBackupDir.path }} - haBackupDir: {{ .Values.artifactory.haBackupDir.path }} - {{- end }} - {{- end }} - database: - maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} - tomcat: - maintenanceConnector: - port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }} - connector: - maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }} - sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }} - extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }} - frontend: - session: - timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }} - access: - database: - maxOpenConnections: {{ .Values.access.database.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.access.tomcat.connector.maxThreads }} - sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }} - extraConfig: {{ .Values.access.tomcat.connector.extraConfig }} - {{- if .Values.mc.enabled }} - mc: - enabled: true - database: - maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }} - idgenerator: - maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }} - tomcat: - connector: - maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }} - sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }} - extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }} - {{- end }} - metadata: - database: - maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }} - {{- if .Values.artifactory.replicator.enabled }} - replicator: - enabled: true - {{- end }} - {{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} - jfconnect: - enabled: true - {{- else }} - jfconnect: - enabled: false - jfconnect_service: - enabled: false - {{- end }} - {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} - federation: - enabled: true - embedded: {{ .Values.federation.embedded }} - extraJavaOpts: {{ .Values.federation.extraJavaOpts }} - port: {{ .Values.federation.internalPort }} - rtfs: - database: - driver: org.postgresql.Driver - type: postgresql - username: {{ .Values.federation.database.username }} - password: {{ .Values.federation.database.password }} - url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }} - {{- else }} - federation: - enabled: false - {{- end }} - {{- if .Values.event.webhooks }} - event: - webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }} - {{- end }} + ## System YAML entries now reside under files/system.yaml. + ## You can provide the specific values that you want to add or override under 'artifactory.extraSystemYaml'. + ## For example: + ## extraSystemYaml: + ## shared: + ## node: + ## id: my-instance + ## The entries provided under 'artifactory.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml. + ## If you have already provided system.yaml under, 'artifactory.systemYaml', the values in that entry take precedence over files/system.yaml + ## You can modify specific entries with your own value under `artifactory.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'artifactory.systemYaml' and files/system.yaml + extraSystemYaml: {} + ## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml. + ## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml. + # systemYaml: annotations: {} service: name: artifactory type: ClusterIP + ## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific) + ## This can be either SingleStack, PreferDualStack or RequireDualStack + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilyPolicy: "" + ## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific) + ## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"] + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilies: [] ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) ## Set this to a list of IP CIDR ranges ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] @@ -770,78 +664,29 @@ artifactory: # nodePort: 32082 statefulset: annotations: {} - ## The following setting are to configure a dedicated Ingress object for Replicator service - replicator: - name: replicator - enabled: false - ## Extra environment variables that can be used to tune replicator to your needs. - ## Uncomment and set value as needed - extraEnvironmentVariables: - # - name: MY_ENV_VAR - # value: "" - resources: {} - # requests: - # memory: "100Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "1" - - # Add lifecycle hooks for replicator container - lifecycle: {} - # postStart: - # exec: - # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] - # preStop: - # exec: - # command: ["/bin/sh","-c","echo Hello from the preStop handler"] - - ingress: - enabled: true - name: - hosts: [] - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret - ## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true - ## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads - trackerIngress: - enabled: false - name: - hosts: [] - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/proxy-buffering: "off" - # nginx.ingress.kubernetes.io/configuration-snippet: | - # chunked_transfer_encoding on; - tls: [] - # Secrets must be manually created in the namespace. - # - hosts: - # - artifactory.domain.example - # secretName: chart-example-tls-secret ## IMPORTANT: If overriding artifactory.internalPort: ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! externalPort: 8082 internalPort: 8082 externalArtifactoryPort: 8081 internalArtifactoryPort: 8081 - uid: 1030 - gid: 1030 - # fsGroupChangePolicy: "Always" - # seLinuxOptions: {} terminationGracePeriodSeconds: 30 - ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. - ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false - setSecurityContext: true + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param artifactory.podSecurityContext.enabled Enable security context + ## @param artifactory.podSecurityContext.runAsNonRoot Set pod's Security Context runAsNonRoot + ## @param artifactory.podSecurityContext.runAsUser User ID for the pod + ## @param artifactory.podSecurityContext.runASGroup Group ID for the pod + ## @param artifactory.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1030 + runAsGroup: 1030 + fsGroup: 1030 + # fsGroupChangePolicy: "Always" + # seLinuxOptions: {} livenessProbe: enabled: true config: | @@ -897,9 +742,13 @@ artifactory: ## Redundancy required For HA deployments, with "cluster" persistence storage type redundancy: 3 lenientLimit: 1 - ## Cache default size. Should be increased for production deployments. + ## cache-fs binary provider configurations + ## Refer: https://jfrog.com/help/r/jfrog-installation-setup-documentation/cache-fs-template-configuration maxCacheSize: 5000000000 cacheProviderDir: cache + ## maxFileSizeLimit: + ## skipDuringUpload: + ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config ## Supported types are: ## file-system (default) @@ -915,6 +764,7 @@ artifactory: ## s3-storage-v3-archive ## azure-blob ## azure-blob-storage-direct + ## azure-blob-storage-v2-direct ## cluster-azure-blob-storage type: file-system ## Use binarystoreXml to provide a custom binarystore.xml @@ -997,7 +847,7 @@ artifactory: enablePathStyleAccess: false multiPartLimit: multipartElementSize: - ## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, cluster-azure-blob-storage + ## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, cluster-azure-blob-storage, azure-blob-storage-v2-direct azureBlob: accountName: accountKey: @@ -1446,6 +1296,9 @@ nginx: annotations: {} terminationGracePeriodSeconds: 30 disableProxyBuffering: false + # singleStackIPv6Cluster flag, which manages the Nginx configuration to enable listening on IPv6 and proxy. + # If .Values.nginx.service.ipFamilies and .Values.artifactory.service.ipFamilies is configured for only IPv6, users need to enable this flag. + singleStackIPv6Cluster: false deployment: annotations: {} # Note that by default we use appVersion to get image tag/version @@ -1494,6 +1347,7 @@ nginx: # Logs options logs: stderr: false + stdout: false level: warn ## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports. customPorts: [] @@ -1505,7 +1359,7 @@ nginx: # Main Nginx configuration file worker_processes 4; - {{ if .Values.nginx.logs.stderr }} + {{- if .Values.nginx.logs.stderr }} error_log stderr {{ .Values.nginx.logs.level }}; {{- else -}} error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; @@ -1516,7 +1370,11 @@ nginx: ## SSH Server Configuration stream { server { + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.ssh.internalPort }}; + {{- else -}} listen {{ .Values.nginx.ssh.internalPort }}; + {{- end }} proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; } } @@ -1526,7 +1384,6 @@ nginx: worker_connections 1024; } - http { include /etc/nginx/mime.types; default_type application/octet-stream; @@ -1566,7 +1423,11 @@ nginx: 'referer = \"$http_referer\" ' 'UA = \"$http_user_agent\"'; - access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + {{- if .Values.nginx.logs.stdout }} + access_log /dev/stdout timing; + {{- else -}} + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + {{- end }} sendfile on; #tcp_nopush on; @@ -1589,18 +1450,34 @@ nginx: ## server configuration server { {{- if .Values.nginx.internalPortHttps }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.internalPortHttps }} ssl; + {{- else -}} listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- end }} {{- else -}} {{- if .Values.nginx.https.enabled }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.https.internalPort }} ssl; + {{- else -}} listen {{ .Values.nginx.https.internalPort }} ssl; {{- end }} + {{- end }} {{- end }} {{- if .Values.nginx.internalPortHttp }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.internalPortHttp }}; + {{- else -}} listen {{ .Values.nginx.internalPortHttp }}; + {{- end }} {{- else -}} {{- if .Values.nginx.http.enabled }} + {{- if .Values.nginx.singleStackIPv6Cluster }} + listen [::]:{{ .Values.nginx.http.internalPort }}; + {{- else -}} listen {{ .Values.nginx.http.internalPort }}; {{- end }} + {{- end }} {{- end }} server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} {{- range .Values.ingress.hosts -}} @@ -1677,6 +1554,16 @@ nginx: ## For minikube, set this to NodePort, elsewhere use LoadBalancer type: LoadBalancer ssloffload: false + ## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific) + ## This can be either SingleStack, PreferDualStack or RequireDualStack + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilyPolicy: "" + ## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific) + ## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"] + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ## + ipFamilies: [] ## For supporting whitelist on the Nginx LoadBalancer service ## Set this to a list of IP CIDR ranges ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] @@ -1797,7 +1684,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.10.0-debian-11-r14 + tag: 15.6.0-debian-11-r16 postgresqlUsername: artifactory postgresqlPassword: "" postgresqlDatabase: artifactory @@ -1832,6 +1719,8 @@ postgresql: ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## specify custom database details here or leave empty and Artifactory will use embedded derby database: + ## To run Artifactory with any database other than PostgreSQL allowNonPostgresql set to true. + allowNonPostgresql: false type: driver: ## If you set the url, leave host and port empty @@ -1914,7 +1803,7 @@ filebeat: hosts: ["{{ .Values.filebeat.logstashUrl }}"] ## Allows to add additional kubernetes resources ## Use --- as a separator between multiple resources -## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml +## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml additionalResources: "" # Adding entries to a Pod's /etc/hosts file # For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases From f1e3378d0faceee7481e5f915355587b15a7abf4 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Mon, 13 May 2024 09:49:11 +0530 Subject: [PATCH 36/47] [insight] 1.16.12 release --- stable/insight/CHANGELOG.md | 2 +- stable/insight/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/insight/CHANGELOG.md b/stable/insight/CHANGELOG.md index aed485d11..7c622888b 100644 --- a/stable/insight/CHANGELOG.md +++ b/stable/insight/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Insights Chart Changelog All changes to this chart will be documented in this file. -## [101.16.7] - Oct 17, 2023 +## [101.16.12] - Oct 17, 2023 * Fixed - StatefulSet pod annotations changed from range to toYaml [GH-1828](https://github.com/jfrog/charts/issues/1828) ## [101.15.0] - Sep 18, 2023 diff --git a/stable/insight/Chart.yaml b/stable/insight/Chart.yaml index 94e8cc17a..e709ac668 100644 --- a/stable/insight/Chart.yaml +++ b/stable/insight/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.16.7 +appVersion: 1.16.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: insight sources: - https://github.com/jfrog/charts type: application -version: 101.16.7 +version: 101.16.12 From 7fcd38399b1555e40fbafa1f695c205ed1d342b5 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Mon, 13 May 2024 09:50:14 +0530 Subject: [PATCH 37/47] [pipelines] 1.56.6 release --- stable/pipelines/CHANGELOG.md | 5 ++- stable/pipelines/Chart.yaml | 4 +-- .../templates/pipelines-cron-statefulset.yaml | 16 +++++----- .../pipelines-hookhandler-statefulset.yaml | 16 +++++----- .../pipelines-internalapi-statefulset.yaml | 16 +++++----- .../templates/pipelines-statefulset.yaml | 14 ++++---- .../pipelines-steptrigger-statefulset.yaml | 16 +++++----- .../templates/pipelines-sync-statefulset.yaml | 16 +++++----- .../pipelines-trigger-statefulset.yaml | 16 +++++----- .../templates/pipelines-unified-secret.yaml | 2 +- stable/pipelines/values.yaml | 32 +++++++++---------- 11 files changed, 78 insertions(+), 75 deletions(-) diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md index e49e1ce52..6951fce4a 100644 --- a/stable/pipelines/CHANGELOG.md +++ b/stable/pipelines/CHANGELOG.md @@ -1,7 +1,10 @@ # JFrog Pipelines Chart Changelog All changes to this chart to be documented in this file. -## [101.55.6] - Dec 28, 2023 +## [101.56.6] - Jan 31, 2024 +* Fixes in external secret support on unified secret installation + +## [101.55.0] - Dec 28, 2023 * Handled #redis postfix is ommited from redis service name if it contains redis ## [101.54.0] - Dec 21, 2023 diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml index 8e4e3a349..4793fe98f 100644 --- a/stable/pipelines/Chart.yaml +++ b/stable/pipelines/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.55.6 +appVersion: 1.56.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -32,4 +32,4 @@ name: pipelines sources: - https://github.com/jfrog/charts type: application -version: 101.55.6 +version: 101.56.6 diff --git a/stable/pipelines/templates/pipelines-cron-statefulset.yaml b/stable/pipelines/templates/pipelines-cron-statefulset.yaml index 492c278f0..09e09ac25 100644 --- a/stable/pipelines/templates/pipelines-cron-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-cron-statefulset.yaml @@ -98,7 +98,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -221,7 +221,7 @@ spec: - name: PIPELINES_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -232,7 +232,7 @@ spec: - name: PIPELINES_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -260,7 +260,7 @@ spec: - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} {{- if .Values.buildPlane.dynamic.provider.aws.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.aws.existingSecret }} - name: buildplane-creds-aws {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -272,7 +272,7 @@ spec: readOnly: true {{- end }} {{- if .Values.buildPlane.dynamic.provider.k8s.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.k8s.existingSecret }} - name: buildplane-creds-k8s {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -349,7 +349,7 @@ spec: {{- if or .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -411,7 +411,7 @@ spec: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -420,7 +420,7 @@ spec: - name: JF_SHARED_SECURITY_JOINKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" diff --git a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml index 34310ce19..efe9756ab 100644 --- a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml @@ -102,7 +102,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -225,7 +225,7 @@ spec: - name: PIPELINES_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -236,7 +236,7 @@ spec: - name: PIPELINES_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -264,7 +264,7 @@ spec: - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} {{- if .Values.buildPlane.dynamic.provider.aws.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.aws.existingSecret }} - name: buildplane-creds-aws {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -276,7 +276,7 @@ spec: readOnly: true {{- end }} {{- if .Values.buildPlane.dynamic.provider.k8s.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.k8s.existingSecret }} - name: buildplane-creds-k8s {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -353,7 +353,7 @@ spec: {{- if or .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -415,7 +415,7 @@ spec: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -424,7 +424,7 @@ spec: - name: JF_SHARED_SECURITY_JOINKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" diff --git a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml index 2e902002e..df52e2357 100644 --- a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml @@ -91,7 +91,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -286,7 +286,7 @@ spec: - name: PIPELINES_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -297,7 +297,7 @@ spec: - name: PIPELINES_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -345,7 +345,7 @@ spec: - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} {{- if .Values.buildPlane.dynamic.provider.aws.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.aws.existingSecret }} - name: buildplane-creds-aws {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -357,7 +357,7 @@ spec: readOnly: true {{- end }} {{- if .Values.buildPlane.dynamic.provider.k8s.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.k8s.existingSecret }} - name: buildplane-creds-k8s {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -434,7 +434,7 @@ spec: {{- if or .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -492,7 +492,7 @@ spec: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -501,7 +501,7 @@ spec: - name: JF_SHARED_SECURITY_JOINKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml index 1a126acf2..eded2440b 100644 --- a/stable/pipelines/templates/pipelines-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-statefulset.yaml @@ -91,7 +91,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -203,7 +203,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -334,7 +334,7 @@ spec: - name: PIPELINES_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -345,7 +345,7 @@ spec: - name: PIPELINES_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -482,7 +482,7 @@ spec: {{- if or .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -540,7 +540,7 @@ spec: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -549,7 +549,7 @@ spec: - name: JF_SHARED_SECURITY_JOINKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" diff --git a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml index 28e03f42e..5de08f728 100644 --- a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml @@ -98,7 +98,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -221,7 +221,7 @@ spec: - name: PIPELINES_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -232,7 +232,7 @@ spec: - name: PIPELINES_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -260,7 +260,7 @@ spec: - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} {{- if .Values.buildPlane.dynamic.provider.aws.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.aws.existingSecret }} - name: buildplane-creds-aws {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -272,7 +272,7 @@ spec: readOnly: true {{- end }} {{- if .Values.buildPlane.dynamic.provider.k8s.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.k8s.existingSecret }} - name: buildplane-creds-k8s {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -349,7 +349,7 @@ spec: {{- if or .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -411,7 +411,7 @@ spec: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -420,7 +420,7 @@ spec: - name: JF_SHARED_SECURITY_JOINKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" diff --git a/stable/pipelines/templates/pipelines-sync-statefulset.yaml b/stable/pipelines/templates/pipelines-sync-statefulset.yaml index 20737d7c3..4df01bbe5 100644 --- a/stable/pipelines/templates/pipelines-sync-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-sync-statefulset.yaml @@ -100,7 +100,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -223,7 +223,7 @@ spec: - name: PIPELINES_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -234,7 +234,7 @@ spec: - name: PIPELINES_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -262,7 +262,7 @@ spec: - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} {{- if .Values.buildPlane.dynamic.provider.aws.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.aws.existingSecret }} - name: buildplane-creds-aws {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -274,7 +274,7 @@ spec: readOnly: true {{- end }} {{- if .Values.buildPlane.dynamic.provider.k8s.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.k8s.existingSecret }} - name: buildplane-creds-k8s {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -353,7 +353,7 @@ spec: {{- if or .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -415,7 +415,7 @@ spec: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -424,7 +424,7 @@ spec: - name: JF_SHARED_SECURITY_JOINKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" diff --git a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml index 5b4d41038..99fcd6459 100644 --- a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml @@ -100,7 +100,7 @@ spec: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} {{- if or .Values.systemYamlOverride.existingSecret .Values.pipelines.systemYaml }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -223,7 +223,7 @@ spec: - name: PIPELINES_MASTER_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -234,7 +234,7 @@ spec: - name: PIPELINES_JOIN_KEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -262,7 +262,7 @@ spec: - name: jfrog-pipelines-logs mountPath: {{ .Values.pipelines.logPath }} {{- if .Values.buildPlane.dynamic.provider.aws.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.aws.existingSecret }} - name: buildplane-creds-aws {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -274,7 +274,7 @@ spec: readOnly: true {{- end }} {{- if .Values.buildPlane.dynamic.provider.k8s.enabled }} - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.buildPlane.dynamic.provider.k8s.existingSecret }} - name: buildplane-creds-k8s {{- else }} - name: {{ include "pipelines.unifiedCustomSecretVolumeName" . }} @@ -351,7 +351,7 @@ spec: {{- if or .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -414,7 +414,7 @@ spec: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName }} name: "{{ include "pipelines.masterKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" @@ -423,7 +423,7 @@ spec: - name: JF_SHARED_SECURITY_JOINKEY valueFrom: secretKeyRef: - {{- if not .Values.pipelines.unifiedSecretInstallation }} + {{- if or (not .Values.pipelines.unifiedSecretInstallation) .Values.pipelines.joinKeySecretName .Values.global.joinKeySecretName }} name: "{{ include "pipelines.joinKeySecretName" . }}" {{- else }} name: "{{ template "pipelines.name" . }}-unified-secret" diff --git a/stable/pipelines/templates/pipelines-unified-secret.yaml b/stable/pipelines/templates/pipelines-unified-secret.yaml index b688dce7a..b382824d2 100644 --- a/stable/pipelines/templates/pipelines-unified-secret.yaml +++ b/stable/pipelines/templates/pipelines-unified-secret.yaml @@ -11,7 +11,7 @@ metadata: type: Opaque stringData: -{{- if not .Values.systemYamlOverride.existingSecret }} +{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.pipelines.systemYaml }} system.yaml: | {{ tpl .Values.pipelines.systemYaml . | indent 4 }} {{- end}} diff --git a/stable/pipelines/values.yaml b/stable/pipelines/values.yaml index d6973fc55..2d78bd955 100644 --- a/stable/pipelines/values.yaml +++ b/stable/pipelines/values.yaml @@ -385,7 +385,7 @@ pipelines: command: - sh - -c - - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.pipelines.api.service.port }}/v1/system/liveness + - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://127.0.0.1:{{ .Values.pipelines.api.service.port }}/v1/system/liveness initialDelaySeconds: {{ if semverCompare " Date: Mon, 13 May 2024 09:51:09 +0530 Subject: [PATCH 38/47] [xray] 3.95.4 release --- stable/xray/CHANGELOG.md | 8 +- stable/xray/Chart.yaml | 4 +- stable/xray/ci/default-values.yaml | 10 + stable/xray/files/system.yaml | 81 ++++++++ stable/xray/templates/_helpers.tpl | 29 ++- stable/xray/templates/_system-yaml-render.tpl | 5 + .../xray/templates/xray-ipa-deployment.yaml | 178 +++++++++++++++++- stable/xray/templates/xray-ipa-svc.yaml | 6 + .../templates/xray-server-deployment.yaml | 8 +- stable/xray/templates/xray-statefulset.yaml | 172 ++++++++++++++++- stable/xray/templates/xray-system-yaml.yaml | 2 +- .../xray/templates/xray-unified-secret.yaml | 4 +- stable/xray/values.yaml | 168 ++++++++--------- 13 files changed, 568 insertions(+), 107 deletions(-) create mode 100644 stable/xray/files/system.yaml create mode 100644 stable/xray/templates/_system-yaml-render.tpl diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index f0ceb720d..61bf4c8f7 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,13 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.94.5] - Mar 27, 2024 +## [103.95.4] - Apr 2, 2024 +* **IMPORTANT** +* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml) +* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given. [GH-1842](https://github.com/jfrog/charts/pull/1842) +* Update postgresql tag version to `15.6.0-debian-11-r16` + +## [103.94.0] - Mar 27, 2024 * **IMPORTANT** * Added image section for `initContainers` instead of `initContainerImage` * Removed image section for `loggers` diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index d46ecb3bf..7ec5d7441 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.94.5 +appVersion: 3.95.4 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.94.5 +version: 103.95.4 diff --git a/stable/xray/ci/default-values.yaml b/stable/xray/ci/default-values.yaml index cf2e7a04a..c111946a8 100644 --- a/stable/xray/ci/default-values.yaml +++ b/stable/xray/ci/default-values.yaml @@ -65,3 +65,13 @@ sbom: limits: memory: "4Gi" cpu: "3" + +panoramic: + enabled: false + resources: + requests: + memory: "300Mi" + cpu: "50m" + limits: + memory: "4Gi" + cpu: "3" \ No newline at end of file diff --git a/stable/xray/files/system.yaml b/stable/xray/files/system.yaml new file mode 100644 index 000000000..bf9d13f0c --- /dev/null +++ b/stable/xray/files/system.yaml @@ -0,0 +1,81 @@ +configVersion: 1 +router: + serviceRegistry: + insecure: {{ .Values.router.serviceRegistry.insecure }} +shared: +{{- if .Values.xray.openMetrics.enabled }} + metrics: + enabled: true + {{- if .Values.xray.openMetrics.filebeat.enabled }} + filebeat: {{ toYaml .Values.xray.openMetrics.filebeat | nindent 6 }} + {{- end }} +{{- end }} + logging: + consoleLog: + enabled: {{ .Values.xray.consoleLog }} + jfrogUrl: "{{ tpl (required "\n\nxray.jfrogUrl or global.jfrogUrl is required! This allows to connect to Artifactory.\nYou can copy the JFrog URL from Administration > User Management > Settings > Connection details" (include "xray.jfrogUrl" .)) . }}" + database: + {{- if .Values.postgresql.enabled }} + type: "postgresql" + driver: "org.postgresql.Driver" + username: "{{ .Values.postgresql.postgresqlUsername }}" + url: "postgres://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}?sslmode=disable" + {{- else }} + type: {{ .Values.database.type }} + driver: {{ .Values.database.driver }} + {{- end }} + {{- if and (not .Values.rabbitmq.enabled) (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + rabbitMq: + {{- if .Values.global.xray.rabbitmq.haQuorum.enabled }} + ha_quorum: true + vhost: {{ .Values.global.xray.rabbitmq.haQuorum.vhost }} + replicasCount: {{ .Values.global.xray.rabbitmq.replicaCount }} + {{- end }} + erlangCookie: + value: "{{ .Values.rabbitmq.external.erlangCookie }}" + {{- if not .Values.rabbitmq.external.secrets }} + url: "{{ tpl .Values.rabbitmq.external.url . }}" + username: "{{ .Values.rabbitmq.external.username }}" + password: "{{ .Values.rabbitmq.external.password }}" + {{- end }} + {{- else if and .Values.rabbitmq.enabled .Values.global.xray.rabbitmq.haQuorum.enabled }} + rabbitMq: + ha_quorum: true + vhost: {{ .Values.global.xray.rabbitmq.haQuorum.vhost }} + replicasCount: {{ .Values.rabbitmq.replicaCount }} + {{- end }} + {{- if .Values.xray.mongoUrl }} + mongo: + url: "{{ .Values.xray.mongoUrl }}" + username: "{{ .Values.xray.mongoUsername }}" + password: "{{ .Values.xray.mongoPassword }}" + {{- end }} +{{- if or .Values.server.mailServer .Values.server.indexAllBuilds .Values.global.xray.rabbitmq.migrateMessagesFromXrayDefaultVhost .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq }} +server: + {{- if .Values.server.mailServer }} + mailServer: "{{ .Values.server.mailServer }}" + {{- end }} + {{- if .Values.server.indexAllBuilds }} + indexAllBuilds: {{ .Values.server.indexAllBuilds }} + {{- end }} + {{- if .Values.global.xray.rabbitmq.migrateMessagesFromXrayDefaultVhost }} + dataMigrations: + migrate_msgs_from_other_rabbitmq: + vhost: {{ .Values.global.xray.rabbitmq.vhost | default "%2f" | quote }} + {{- else if .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq }} + dataMigrations: + migrate_msgs_from_other_rabbitmq: {{ toYaml .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq | nindent 6 }} + {{- end }} +{{- end }} +{{- if (include "xray.imagePullSecretsStrList" .) }} +executionService: + pullSecret: + {{- include "xray.imagePullSecretsStrList" . | indent 4 }} +{{- end }} +contextualAnalysis: + registry: {{ include "xray.getRegistryByService" (list . "contextualAnalysis") }} + image: {{ .Values.contextualAnalysis.image.repository }} +exposures: + container: + registry: {{ include "xray.getRegistryByService" (list . "exposures") }} + image: {{ .Values.exposures.image.repository }} \ No newline at end of file diff --git a/stable/xray/templates/_helpers.tpl b/stable/xray/templates/_helpers.tpl index 07cef99bd..c197c62f9 100644 --- a/stable/xray/templates/_helpers.tpl +++ b/stable/xray/templates/_helpers.tpl @@ -20,6 +20,13 @@ The xray-sbom name {{- default .Chart.Name .Values.sbom.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +The xray-panoramic name +*/}} +{{- define "xray-panoramic.name" -}} +{{- default .Chart.Name .Values.panoramic.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* The xray-indexer name */}} @@ -435,7 +442,7 @@ Return the proper xray chart image names {{- $registryName := index $dot.Values $indexReference "image" "registry" -}} {{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} {{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} -{{- if and $dot.Values.common.xrayVersion (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer")) }} +{{- if and $dot.Values.common.xrayVersion (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer") (eq $indexReference "panoramic")) }} {{- $tag = $dot.Values.common.xrayVersion | toString -}} {{- end -}} {{- if $dot.Values.global }} @@ -445,7 +452,7 @@ Return the proper xray chart image names {{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }} {{- $tag = $dot.Values.global.versions.initContainers | toString -}} {{- end -}} - {{- if and $dot.Values.global.versions.xray (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer")) }} + {{- if and $dot.Values.global.versions.xray (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer") (eq $indexReference "panoramic")) }} {{- $tag = $dot.Values.global.versions.xray | toString -}} {{- end -}} {{- if $dot.Values.global.imageRegistry }} @@ -683,3 +690,21 @@ Set xray env variables if rabbitmq.tls is enabled. - name: XRAY_CHART_SYSTEM_YAML_OVERRIDE_DATA_KEY value: "{{ .Values.systemYamlOverride.dataKey }}" {{- end }} + +{{/* +Calculate the systemYaml from structured and unstructured text input +*/}} +{{- define "xray.finalSystemYaml" -}} +{{- if .Values.xray.extraSystemYaml }} +{{ tpl (mergeOverwrite (include "xray.systemYaml" . | fromYaml) .Values.xray.extraSystemYaml | toYaml) . }} +{{- else }} +{{ include "xray.systemYaml" . }} +{{- end }} +{{- end -}} + +{{/* +Calculate the systemYaml from the unstructured text input +*/}} +{{- define "xray.systemYaml" -}} +{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} +{{- end -}} \ No newline at end of file diff --git a/stable/xray/templates/_system-yaml-render.tpl b/stable/xray/templates/_system-yaml-render.tpl new file mode 100644 index 000000000..34ef784df --- /dev/null +++ b/stable/xray/templates/_system-yaml-render.tpl @@ -0,0 +1,5 @@ +{{- if .Values.xray.systemYaml -}} +{{- tpl .Values.xray.systemYaml . -}} +{{- else -}} +{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }} +{{- end -}} \ No newline at end of file diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml index e30d0575e..e52cee884 100644 --- a/stable/xray/templates/xray-ipa-deployment.yaml +++ b/stable/xray/templates/xray-ipa-deployment.yaml @@ -17,7 +17,7 @@ metadata: unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 or 15.2.0-debian-11-r23 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x or 15.x" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.server.statefulset.annotations }} annotations: @@ -159,7 +159,6 @@ spec: volumeMounts: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} {{- if or (not .Values.xray.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} @@ -168,11 +167,10 @@ spec: {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.xray.systemYaml }} + {{- else }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- end }} - {{- end }} {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} - name: copy-custom-certificates image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} @@ -738,6 +736,176 @@ spec: livenessProbe: {{ tpl .Values.sbom.livenessProbe.config . | indent 10 }} {{- end }} +{{- end }} +{{- if .Values.panoramic.enabled }} + - name: {{ .Values.panoramic.name }} + image: {{ include "xray.getImageInfoByValue" (list . "panoramic") }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.panoramic.preStartCommand }} + echo "Running custom panoramic preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/xray/app/bin/wrapper.sh; + {{- with .Values.panoramic.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SKIPENTLICCHECKFORCLOUD + value: "true" + {{ include "xray.envVariables" . | indent 8 }} + {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-user + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.actualUsername }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} + {{- else if .Values.database.actualUsername }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-actualUsername + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-url + {{- end }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + - name: XRAY_HA_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: XRAY_K8S_ENV + value: "true" + - name: EXECUTION_JOB_AES_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: execution-service-aes-key + {{- if .Values.common.extraEnvVars }} + {{- tpl .Values.common.extraEnvVars . | nindent 8 }} + {{- end }} + {{- if .Values.panoramic.extraEnvVars }} + {{- tpl .Values.panoramic.extraEnvVars . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.panoramic.internalPort }} + name: http-panoramic + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.panoramic.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.panoramic.resources | indent 10 }} +{{- if .Values.panoramic.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.panoramic.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.panoramic.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.panoramic.livenessProbe.config . | indent 10 }} +{{- end }} {{- end }} - name: {{ .Values.indexer.name }} image: {{ include "xray.getImageInfoByValue" (list . "indexer") }} @@ -1160,7 +1328,7 @@ spec: secretName: {{ template "xray.name" . }}-unified-secret {{- else if not .Values.xray.unifiedSecretInstallation }} ######### Non unifiedSecretInstallation ########### - {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.xray.systemYaml }} + {{- if not .Values.systemYamlOverride.existingSecret }} - name: systemyaml secret: secretName: {{ printf "%s-%s" (include "xray.fullname" .) "system-yaml" }} diff --git a/stable/xray/templates/xray-ipa-svc.yaml b/stable/xray/templates/xray-ipa-svc.yaml index efdd84881..a26de9860 100644 --- a/stable/xray/templates/xray-ipa-svc.yaml +++ b/stable/xray/templates/xray-ipa-svc.yaml @@ -41,6 +41,12 @@ spec: port: {{ .Values.sbom.externalPort }} protocol: TCP targetPort: {{ .Values.sbom.internalPort }} +{{- end }} +{{- if .Values.panoramic.enabled }} + - name: http-panoramic + port: {{ .Values.panoramic.externalPort }} + protocol: TCP + targetPort: {{ .Values.panoramic.internalPort }} {{- end }} selector: app: {{ template "xray.name" . }} diff --git a/stable/xray/templates/xray-server-deployment.yaml b/stable/xray/templates/xray-server-deployment.yaml index 91db97144..c54064c54 100644 --- a/stable/xray/templates/xray-server-deployment.yaml +++ b/stable/xray/templates/xray-server-deployment.yaml @@ -17,7 +17,7 @@ metadata: unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 or 15.2.0-debian-11-r23 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x or 15.x" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.server.statefulset.annotations }} annotations: @@ -159,7 +159,6 @@ spec: volumeMounts: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} {{- if or (not .Values.xray.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} @@ -168,11 +167,10 @@ spec: {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.xray.systemYaml }} + {{- else }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- end }} - {{- end }} {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} - name: copy-custom-certificates image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} @@ -674,7 +672,7 @@ spec: secretName: {{ template "xray.name" . }}-unified-secret {{- else if not .Values.xray.unifiedSecretInstallation }} ######### Non unifiedSecretInstallation ########### - {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.xray.systemYaml }} + {{- if not .Values.systemYamlOverride.existingSecret }} - name: systemyaml secret: secretName: {{ printf "%s-%s" (include "xray.fullname" .) "system-yaml" }} diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index 80d1b3250..594d719fb 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -16,7 +16,7 @@ metadata: unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Xray 2.x (appVersion) currently not supported!\nIf this is an upgrade over an existing Xray 3.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }} {{- end }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }} - databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x" .Values.databaseUpgradeReady | quote }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/xray/CHANGELOG.md), pass postgresql.image.tag '9.6.18-debian-10-r7' or '10.13.0-debian-10-r38' or '12.5.0-debian-10-r25' or 13.10.0-debian-11-r14 or 15.2.0-debian-11-r23 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x or 10.13.x or 12.5.x or 13.x or 15.x" .Values.databaseUpgradeReady | quote }} {{- end }} {{- with .Values.server.statefulset.annotations }} annotations: @@ -155,7 +155,6 @@ spec: volumeMounts: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} - {{- if or .Values.systemYamlOverride.existingSecret .Values.xray.systemYaml }} {{- if or (not .Values.xray.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }} - name: systemyaml {{- else }} @@ -164,11 +163,10 @@ spec: {{- if .Values.systemYamlOverride.existingSecret }} mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" subPath: {{ .Values.systemYamlOverride.dataKey }} - {{- else if .Values.xray.systemYaml }} + {{- else }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml {{- end }} - {{- end }} {{- if or .Values.xray.customCertificates.enabled .Values.global.customCertificates.enabled .Values.rabbitmq.auth.tls.enabled .Values.global.rabbitmq.auth.tls.enabled }} - name: copy-custom-certificates image: {{ include "xray.getImageInfoByValue" (list . "initContainers") }} @@ -892,6 +890,170 @@ spec: livenessProbe: {{ tpl .Values.sbom.livenessProbe.config . | indent 10 }} {{- end }} +{{- end }} +{{- if .Values.panoramic.enabled }} + - name: {{ .Values.panoramic.name }} + image: {{ include "xray.getImageInfoByValue" (list . "panoramic") }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.common.xrayUserId }} + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + command: + - '/bin/bash' + - '-c' + - > + {{- with .Values.common.preStartCommand }} + echo "Running custom common preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + {{- with .Values.panoramic.preStartCommand }} + echo "Running custom panoramic preStartCommand command"; + {{ tpl . $ }}; + {{- end }} + exec /opt/jfrog/xray/app/bin/wrapper.sh; + {{- with .Values.panoramic.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + {{- end }} + {{- if or .Values.database.secrets.user .Values.database.user }} + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.user }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} + {{- else if .Values.database.user }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-user + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.actualUsername }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} + {{- else if .Values.database.actualUsername }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-actualUsername + {{- end }} + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} + {{- if or .Values.database.secrets.url .Values.database.url }} + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.url }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} + {{- else if .Values.database.url }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-url + {{- end }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + - name: XRAY_HA_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: XRAY_K8S_ENV + value: "true" + - name: EXECUTION_JOB_AES_KEY + valueFrom: + secretKeyRef: + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: execution-service-aes-key + {{- if .Values.common.extraEnvVars }} + {{- tpl .Values.common.extraEnvVars . | nindent 8 }} + {{- end }} + volumeMounts: + - name: data-volume + mountPath: "{{ .Values.xray.persistence.mountPath }}" +{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }} +{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }} +{{- end }} +{{- with .Values.sbom.customVolumeMounts }} +{{ tpl . $ | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.panoramic.resources | indent 10 }} +{{- if .Values.panoramic.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.panoramic.startupProbe.config . | indent 10 }} +{{- end }} +{{- if .Values.panoramic.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.panoramic.livenessProbe.config . | indent 10 }} +{{- end }} {{- end }} - name: {{ .Values.indexer.name }} image: {{ include "xray.getImageInfoByValue" (list . "indexer") }} @@ -1317,7 +1479,7 @@ spec: secretName: {{ template "xray.name" . }}-unified-secret {{- else if not .Values.xray.unifiedSecretInstallation }} ######### Non unifiedSecretInstallation ########### - {{- if and (not .Values.systemYamlOverride.existingSecret) .Values.xray.systemYaml }} + {{- if not .Values.systemYamlOverride.existingSecret }} - name: systemyaml secret: secretName: {{ printf "%s-%s" (include "xray.fullname" .) "system-yaml" }} diff --git a/stable/xray/templates/xray-system-yaml.yaml b/stable/xray/templates/xray-system-yaml.yaml index 47781db7c..95d82eba9 100644 --- a/stable/xray/templates/xray-system-yaml.yaml +++ b/stable/xray/templates/xray-system-yaml.yaml @@ -11,5 +11,5 @@ metadata: type: Opaque stringData: system.yaml: | -{{ tpl .Values.xray.systemYaml . | indent 4 }} +{{ include "xray.finalSystemYaml" . | nindent 4 }} {{- end }} diff --git a/stable/xray/templates/xray-unified-secret.yaml b/stable/xray/templates/xray-unified-secret.yaml index 17b961c78..51e421228 100644 --- a/stable/xray/templates/xray-unified-secret.yaml +++ b/stable/xray/templates/xray-unified-secret.yaml @@ -20,9 +20,9 @@ stringData: {{- end }} {{- end }} -{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.xray.systemYaml }} +{{- if not .Values.systemYamlOverride.existingSecret }} system.yaml: | -{{ tpl .Values.xray.systemYaml . | nindent 4 }} +{{ include "xray.finalSystemYaml" . | nindent 4 }} {{- end }} data: diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index f7e1de7e5..fffd2b012 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -189,88 +189,23 @@ xray: username: "" password: "" - systemYaml: | - configVersion: 1 - router: - serviceRegistry: - insecure: {{ .Values.router.serviceRegistry.insecure }} - shared: - {{- if .Values.xray.openMetrics.enabled }} - metrics: - enabled: true - {{- if .Values.xray.openMetrics.filebeat.enabled }} - filebeat: {{ toYaml .Values.xray.openMetrics.filebeat | nindent 6 }} - {{- end }} - {{- end }} - logging: - consoleLog: - enabled: {{ .Values.xray.consoleLog }} - jfrogUrl: "{{ tpl (required "\n\nxray.jfrogUrl or global.jfrogUrl is required! This allows to connect to Artifactory.\nYou can copy the JFrog URL from Administration > User Management > Settings > Connection details" (include "xray.jfrogUrl" .)) . }}" - database: - {{- if .Values.postgresql.enabled }} - type: "postgresql" - driver: "org.postgresql.Driver" - username: "{{ .Values.postgresql.postgresqlUsername }}" - url: "postgres://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}?sslmode=disable" - {{- else }} - type: {{ .Values.database.type }} - driver: {{ .Values.database.driver }} - {{- end }} - {{- if and (not .Values.rabbitmq.enabled) (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} - rabbitMq: - {{- if .Values.global.xray.rabbitmq.haQuorum.enabled }} - ha_quorum: true - vhost: {{ .Values.global.xray.rabbitmq.haQuorum.vhost }} - replicasCount: {{ .Values.global.xray.rabbitmq.replicaCount }} - {{- end }} - erlangCookie: - value: "{{ .Values.rabbitmq.external.erlangCookie }}" - {{- if not .Values.rabbitmq.external.secrets }} - url: "{{ tpl .Values.rabbitmq.external.url . }}" - username: "{{ .Values.rabbitmq.external.username }}" - password: "{{ .Values.rabbitmq.external.password }}" - {{- end }} - {{- else if and .Values.rabbitmq.enabled .Values.global.xray.rabbitmq.haQuorum.enabled }} - rabbitMq: - ha_quorum: true - vhost: {{ .Values.global.xray.rabbitmq.haQuorum.vhost }} - replicasCount: {{ .Values.rabbitmq.replicaCount }} - {{- end }} - {{- if .Values.xray.mongoUrl }} - mongo: - url: "{{ .Values.xray.mongoUrl }}" - username: "{{ .Values.xray.mongoUsername }}" - password: "{{ .Values.xray.mongoPassword }}" - {{- end }} - {{- if or .Values.server.mailServer .Values.server.indexAllBuilds .Values.global.xray.rabbitmq.migrateMessagesFromXrayDefaultVhost .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq }} - server: - {{- if .Values.server.mailServer }} - mailServer: "{{ .Values.server.mailServer }}" - {{- end }} - {{- if .Values.server.indexAllBuilds }} - indexAllBuilds: {{ .Values.server.indexAllBuilds }} - {{- end }} - {{- if .Values.global.xray.rabbitmq.migrateMessagesFromXrayDefaultVhost }} - dataMigrations: - migrate_msgs_from_other_rabbitmq: - vhost: {{ .Values.global.xray.rabbitmq.vhost | default "%2f" | quote }} - {{- else if .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq }} - dataMigrations: - migrate_msgs_from_other_rabbitmq: {{ toYaml .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq | nindent 6 }} - {{- end }} - {{- end }} - {{- if (include "xray.imagePullSecretsStrList" .) }} - executionService: - pullSecret: - {{- include "xray.imagePullSecretsStrList" . | indent 2 }} - {{- end }} - contextualAnalysis: - registry: {{ include "xray.getRegistryByService" (list . "contextualAnalysis") }} - image: {{ .Values.contextualAnalysis.image.repository }} - exposures: - container: - registry: {{ include "xray.getRegistryByService" (list . "exposures") }} - image: {{ .Values.exposures.image.repository }} + ## System YAML entries now reside under files/system.yaml. + ## You can provide the specific values that you want to add or override under 'xray.extraSystemYaml'. + ## For example: + ## extraSystemYaml: + ## shared: + ## logging: + ## consoleLog: + ## enabled: true + ## The entries provided under 'xray.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml. + ## If you have already provided system.yaml under, 'xray.systemYaml', the values in that entry take precedence over files/system.yaml + ## You can modify specific entries with your own value under `xray.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'xray.systemYaml' and files/system.yaml + + extraSystemYaml: {} + + ## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml. + ## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml. + # systemYaml: # Sidecar containers for tailing Xray logs loggers: [] @@ -447,7 +382,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 15.2.0-debian-11-r23 + tag: 15.6.0-debian-11-r16 postgresqlUsername: xray postgresqlPassword: "" postgresqlDatabase: xraydb @@ -1093,6 +1028,71 @@ sbom: # memory: "2Gi" # cpu: "1" +panoramic: + enabled: false + name: xray-panoramic + ## Note that by default we use appVersion to get image tag/version + image: + registry: releases-docker.jfrog.io + repository: jfrog/xray-panoramic + internalPort: 7007 + externalPort: 7007 + annotations: {} + extraEnvVars: + + # Add lifecycle hooks for the indexer pod + lifecycle: {} + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] + # preStop: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the preStart handler > /usr/share/message"] + + ## Add custom volumesMounts + customVolumeMounts: | + # - name: custom-script + # mountPath: /scripts/script.sh + # subPath: script.sh + + livenessProbe: + enabled: true + config: | + exec: + command: + - sh + - -c + - curl -s -k --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.panoramic.internalPort }}/api/v1/system/liveness + initialDelaySeconds: {{ if semverCompare " Date: Mon, 13 May 2024 09:52:10 +0530 Subject: [PATCH 39/47] [jfrog-platform] 10.18.0 release --- stable/jfrog-platform/CHANGELOG.md | 14 ++ stable/jfrog-platform/Chart.lock | 10 +- stable/jfrog-platform/Chart.yaml | 10 +- stable/jfrog-platform/README.md | 6 +- stable/jfrog-platform/templates/NOTES.txt | 1 + stable/jfrog-platform/templates/_helpers.tpl | 27 +--- .../templates/migration-hook.yaml | 6 +- .../templates/postgres-upgrade-check.yaml | 5 + .../templates/upgrade-hook.yaml | 136 ++++++++++++++++++ stable/jfrog-platform/values.yaml | 63 ++++++-- 10 files changed, 228 insertions(+), 50 deletions(-) create mode 100644 stable/jfrog-platform/templates/postgres-upgrade-check.yaml create mode 100644 stable/jfrog-platform/templates/upgrade-hook.yaml diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index fdd1a20b6..6045d10d6 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,20 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.18.0] - May 12, 2024 +* **Important change:** +* Distribution, Insight and Pipelines are disabled by default, if you are using these products from previous release, enable them using your custom-values.yaml file. +* Added `preUpgradeHook.enabled` flag defaults to true to check if previous Distribution, Insight and Pipelines releases exists +* Update postgresql tag version to `15.6.0-debian-11-r16` +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true +* Added suppport for `global.imageRegistry` for initContainers +* Updated rabbitmq tag version to `3.12.10-debian-11-r1` +* Added default resources for postgres-setup-init, pre-upgrade-check and rabbitmq's migration pre-upgrade-container container +* Enabled `unifiedSecretInstallation` to true by default,which enables single unified secret holding all of each product secrets +* Update dependency artifactory chart version to 107.84.10 +* Update dependency xray chart version to 103.94.6 + ## [10.17.4] - May 2, 2024 * Update dependency artifactory chart version to 107.77.11 * Update dependency xray chart version to 103.94.5 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index fea376103..a8813e1e0 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -7,10 +7,10 @@ dependencies: version: 11.9.3 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.11 + version: 107.84.10 - name: xray repository: https://charts.jfrog.io/ - version: 103.94.5 + version: 103.94.6 - name: distribution repository: https://charts.jfrog.io/ version: 102.24.0 @@ -19,6 +19,6 @@ dependencies: version: 101.16.7 - name: pipelines repository: https://charts.jfrog.io/ - version: 101.55.6 -digest: sha256:d1bb804cd66d32819226141a2fd1bb4689c8c98389e48c96678767566f371ef5 -generated: "2024-05-02T11:10:10.019359+05:30" + version: 101.56.6 +digest: sha256:5cde5b136403c096e4ebf13a3008248dcf3f95ce7109c74d9d78c3c505c3e012 +generated: "2024-05-12T22:41:47.381211+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 55c95d975..5c95c65d4 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.77.11 +appVersion: 7.84.10 dependencies: - condition: postgresql.enabled name: postgresql @@ -12,11 +12,11 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.77.11 + version: 107.84.10 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.94.5 + version: 103.94.6 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ @@ -28,7 +28,7 @@ dependencies: - condition: pipelines.enabled name: pipelines repository: https://charts.jfrog.io/ - version: 101.55.6 + version: 101.56.6 description: The Helm chart for JFrog Platform (Universal, hybrid, end-to-end DevOps automation) home: https://jfrog.com/platform/ @@ -50,4 +50,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.17.4 +version: 10.18.0 diff --git a/stable/jfrog-platform/README.md b/stable/jfrog-platform/README.md index 99afda039..ae922e05a 100644 --- a/stable/jfrog-platform/README.md +++ b/stable/jfrog-platform/README.md @@ -109,13 +109,15 @@ This chart would provide flexibility to enable one or more of the jfrog products 3. Insight 4. Pipelines -For example to enable xray and insight with artifactory, you can refer the following yaml and pass it during install. +For example to enable distribution, insight and pipelines with artifactory, you can refer the following yaml and pass it during install. customvalues.yaml ```yaml -xray: +distribution: enabled: true insight: enabled: true +pipelines: + enabled: true ```` ```bash helm upgrade --install jfrog-platform jfrog/jfrog-platform -f customvalues.yaml --namespace jfrog-platform --create-namespace diff --git a/stable/jfrog-platform/templates/NOTES.txt b/stable/jfrog-platform/templates/NOTES.txt index eb3bf2c5c..c4f7cc18f 100644 --- a/stable/jfrog-platform/templates/NOTES.txt +++ b/stable/jfrog-platform/templates/NOTES.txt @@ -50,6 +50,7 @@ Instructions for accessing the JFrog Platform - Username: admin - Password: password {{- end }} + {{- if .Values.postgresql.enabled }} --------------------------------------------------------------------------------------------------------------------------------------------------- ***WARNING*** You are using the bundled PostgreSQL database from the chart. This bundled database is not suitable for production use cases. diff --git a/stable/jfrog-platform/templates/_helpers.tpl b/stable/jfrog-platform/templates/_helpers.tpl index 8209d7576..d4d508b28 100644 --- a/stable/jfrog-platform/templates/_helpers.tpl +++ b/stable/jfrog-platform/templates/_helpers.tpl @@ -62,23 +62,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* -Return the registry of a service -*/}} -{{- define "jfrog-platform.getRegistryByService" -}} -{{- $dot := index . 0 }} -{{- $service := index . 1 }} -{{- if $dot.Values.global.imageRegistry }} - {{- $dot.Values.global.imageRegistry }} -{{- else -}} - {{- if (eq $service "migrationHook") -}} - {{- index $dot.Values.rabbitmq.migration.image.registry -}} - {{- else -}} - {{- index $dot.Values $service "image" "registry" -}} - {{- end -}} -{{- end -}} -{{- end -}} - {{/* Resolve imagePullSecrets value */}} @@ -97,8 +80,10 @@ Custom init container for Postgres setup {{- define "initdb" -}} {{- if .Values.global.database.initDBCreation }} - name: postgres-setup-init - image: {{ .Values.global.database.initContainerSetupDBImage }} + image: "{{ tpl .Values.global.database.initContainerSetupDBImage . }}" imagePullPolicy: {{ .Values.global.database.initContainerImagePullPolicy }} + resources: +{{ toYaml .Values.global.database.initContainerImageResources | indent 10 }} {{- with .Values.global.database.initContainerSetupDBUser }} securityContext: runAsUser: {{ . }} @@ -169,8 +154,7 @@ Custom init container for Postgres setup name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} - {{- $chartFullName := printf "%s.fullname" .Chart.Name }} - name: {{ include $chartFullName . }}-database-creds + name: {{ .Chart.Name }}-unified-secret key: db-user {{- end }} - name: DB_PASSWORD @@ -180,8 +164,7 @@ Custom init container for Postgres setup name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} - {{- $chartFullName := printf "%s.fullname" .Chart.Name }} - name: {{ include $chartFullName . }}-database-creds + name: {{ .Chart.Name }}-unified-secret key: db-password {{- end }} - name: PGPASSWORD diff --git a/stable/jfrog-platform/templates/migration-hook.yaml b/stable/jfrog-platform/templates/migration-hook.yaml index bc2c8ac17..c89c75170 100644 --- a/stable/jfrog-platform/templates/migration-hook.yaml +++ b/stable/jfrog-platform/templates/migration-hook.yaml @@ -98,8 +98,10 @@ spec: {{- end }} containers: - name: pre-upgrade-container - image: "{{ include "jfrog-platform.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" - imagePullPolicy: IfNotPresent + image: "{{ tpl .Values.rabbitmq.migration.image.registry . }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" + imagePullPolicy: {{ .Values.rabbitmq.migration.image.pullPolicy }} + resources: +{{ toYaml .Values.rabbitmq.migration.resources | indent 12 }} {{- if .Values.rabbitmq.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml) . | nindent 12 }} {{- end }} diff --git a/stable/jfrog-platform/templates/postgres-upgrade-check.yaml b/stable/jfrog-platform/templates/postgres-upgrade-check.yaml new file mode 100644 index 000000000..d04a063ff --- /dev/null +++ b/stable/jfrog-platform/templates/postgres-upgrade-check.yaml @@ -0,0 +1,5 @@ +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + {{- if not (default .Values.databaseUpgradeReady false ) }} + {{- fail "\n\nUPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/jfrog-platform/CHANGELOG.md) \nIf you are upgrading from a chart version (< 10.18.x) that has postgresql.image.tag of 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 10.18.x), just set databaseUpgradeReady=true. \n" }} + {{- end }} +{{- end }} diff --git a/stable/jfrog-platform/templates/upgrade-hook.yaml b/stable/jfrog-platform/templates/upgrade-hook.yaml new file mode 100644 index 000000000..853ccc3ec --- /dev/null +++ b/stable/jfrog-platform/templates/upgrade-hook.yaml @@ -0,0 +1,136 @@ +{{- if .Values.preUpgradeHook.enabled }} +{{- if not (and .Values.insight.enabled .Values.pipelines.enabled .Values.distribution.enabled) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "jfrog-platform.name" . }} + chart: {{ template "jfrog-platform.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "jfrog-platform.fullname" . }} + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-weight: "-10" +automountServiceAccountToken: true +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "jfrog-platform.name" . }} + chart: {{ template "jfrog-platform.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "jfrog-platform.fullname" . }} + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-weight: "-10" +rules: +- apiGroups: + - "" + resources: + - pods/exec + - pods + verbs: + - create + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "jfrog-platform.name" . }} + chart: {{ template "jfrog-platform.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + name: {{ template "jfrog-platform.fullname" . }} + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-weight: "-10" +subjects: + - kind: ServiceAccount + name: {{ template "jfrog-platform.fullname" . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ template "jfrog-platform.fullname" . }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app: {{ template "jfrog-platform.name" . }} + chart: {{ template "jfrog-platform.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "jfrog-platform.fullname" . }}-pre-upgrade-check + annotations: + "helm.sh/hook": "pre-upgrade" + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" +spec: + backoffLimit: 0 + template: + metadata: + labels: + app: {{ template "jfrog-platform.name" . }} + chart: {{ template "jfrog-platform.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "jfrog-platform.fullname" . }} + {{- if .Values.global.imagePullSecrets }} + {{- include "jfrog-platform.imagePullSecrets" . | indent 6 }} + {{- end }} + containers: + - name: pre-upgrade-check + image: "{{ tpl .Values.preUpgradeHook.image.registry . }}/{{ .Values.preUpgradeHook.image.repository }}:{{ .Values.preUpgradeHook.image.tag }}" + imagePullPolicy: {{ .Values.preUpgradeHook.image.pullPolicy }} + resources: +{{ toYaml .Values.preUpgradeHook.resources | indent 12 }} + command: + - sh + - -c + - | + #!/bin/sh + {{- if not .Values.distribution.enabled }} + if [ "$(kubectl get pods -l "statefulset.kubernetes.io/pod-name={{ .Release.Name }}-distribution-0" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then + if [ "$?" -eq 0 ]; then + echo "Failed to perform the upgrade. Refer to https://github.com/jfrog/charts/blob/master/stable/jfrog-platform/CHANGELOG.md#10180" + echo "From chart verison 10.18.x, Products - Distribution, Insight and Pipelines are disabled. If you are using these products in the previous release(s)." + echo "Enable them using your custom-values.yaml file " + exit 1 + fi + else + echo "Distribution pod(s) don't exist. Allowing upgrade" + fi + {{- end }} + {{- if not .Values.insight.enabled }} + if [ "$(kubectl get pods -l "statefulset.kubernetes.io/pod-name={{ .Release.Name }}-insight-0" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then + if [ "$?" -eq 0 ]; then + echo "Failed to perform the upgrade. Refer to https://github.com/jfrog/charts/blob/master/stable/jfrog-platform/CHANGELOG.md#10180" + echo "From chart verison 10.18.x, Products - Distribution, Insight and Pipelines are disabled. If you are using these products in the previous release(s)." + echo "Enable them using your custom-values.yaml file " + exit 1 + fi + else + echo "Insight pod(s) don't exist. Allowing upgrade" + fi + {{- end }} + {{- if not .Values.pipelines.enabled }} + if [ "$(kubectl get pods -l "statefulset.kubernetes.io/pod-name={{ .Release.Name }}-pipelines-0" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then + if [ "$?" -eq 0 ]; then + echo "Failed to perform the upgrade. Refer to https://github.com/jfrog/charts/blob/master/stable/jfrog-platform/CHANGELOG.md#10180" + echo "From chart verison 10.18.x, Products - Distribution, Insight and Pipelines are disabled. If you are using these products in the previous release(s)." + echo "Enable them using your custom-values.yaml file " + exit 1 + fi + else + echo "Pipelines pod(s) don't exist. Allowing upgrade" + fi + {{- end }} + restartPolicy: Never + terminationGracePeriodSeconds: 10 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index d0f209181..b94f9803c 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -6,6 +6,10 @@ # If this is an upgrade over an existing platform chart(>= 10.0.0), explicitly pass 'gaUpgradeReady=true' to upgrade gaUpgradeReady: false +# If you are upgrading from a chart version(< 10.18.x) that has postgresql.image.tag of 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true. +# If you are upgrading from a chart version (>= 10.18.x), just set databaseUpgradeReady=true. +databaseUpgradeReady: false + global: # imagePullSecrets: # - myRegistryKeySecretName @@ -42,10 +46,17 @@ global: # adminPassword: # name: "jp-database-creds" # key: "db-admin-password" - initContainerSetupDBImage: releases-docker.jfrog.io/postgres:13.10-alpine + initContainerSetupDBImage: "{{ .Values.global.imageRegistry }}/postgres:15.6-alpine" # Run the postgres init container as a non-default uid initContainerSetupDBUser: initContainerImagePullPolicy: IfNotPresent + initContainerImageResources: + requests: + cpu: 5m + memory: 10Mi + limits: + cpu: 1 + memory: 1Gi # If you are using external postgresql, set initDBCreation: false initDBCreation: true ## certificates added to this secret will be copied to $JFROG_HOME//var/etc/security/keys/trusted directory @@ -75,7 +86,7 @@ postgresql: enabled: true image: repository: bitnami/postgresql - tag: 13.10.0-debian-11-r14 + tag: 15.6.0-debian-11-r16 postgresqlUsername: postgres postgresqlPassword: postgres postgresqlExtendedConf: @@ -91,7 +102,7 @@ rabbitmq: rabbitmqUpgradeReady: false image: repository: bitnami/rabbitmq - tag: 3.11.10-debian-11-r5 + tag: 3.12.10-debian-11-r1 auth: ## Enable encryption to rabbitmq ## ref: https://www.rabbitmq.com/ssl.html @@ -178,9 +189,17 @@ rabbitmq: ## Migration is required to be performed only once hence this option can be disabled once the feature flags are enabled in rabbitmq. enabled: true image: - registry: releases-docker.jfrog.io + registry: "{{ .Values.global.imageRegistry }}" repository: bitnami/kubectl tag: 1.24.12 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + cpu: 1 + memory: 1Gi ## Service account for the pre-upgrade hook to perform rabbitmq migration serviceAccount: create: true @@ -213,7 +232,7 @@ rabbitmq: artifactory: enabled: true unifiedUpgradeAllowed: true - installerInfo: '{"productId":"Helm_JFrogPlatform/{{ printf "10.17.3-%s" .Chart.AppVersion }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' + installerInfo: '{"productId":"Helm_JFrogPlatform/{{ printf "10.18.0-%s" .Chart.AppVersion }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}' postgresql: enabled: false waitForDatabase: false @@ -227,7 +246,7 @@ artifactory: mc: enabled: true artifactory: - unifiedSecretInstallation: false + unifiedSecretInstallation: true # Note: For HA deployments, set replicaCount >1 (recommended 3) replicaCount: 1 migration: @@ -242,7 +261,7 @@ xray: enabled: true unifiedUpgradeAllowed: true xray: - unifiedSecretInstallation: false + unifiedSecretInstallation: true postgresql: enabled: false database: @@ -266,10 +285,10 @@ xray: erlangCookie: secretcookie distribution: - enabled: true + enabled: false unifiedUpgradeAllowed: true distribution: - unifiedSecretInstallation: false + unifiedSecretInstallation: true postgresql: enabled: false database: @@ -278,10 +297,10 @@ distribution: password: distribution insight: - enabled: true + enabled: false unifiedUpgradeAllowed: true insightServer: - unifiedSecretInstallation: false + unifiedSecretInstallation: true postgresql: enabled: false database: @@ -294,9 +313,8 @@ insight: xms: "2g" xmx: "2g" - pipelines: - enabled: true + enabled: false unifiedUpgradeAllowed: true postgresql: enabled: false @@ -308,7 +326,7 @@ pipelines: user: "apiuser" password: "pipeline" pipelines: - unifiedSecretInstallation: false + unifiedSecretInstallation: true msg: uiUserPassword: password redis: @@ -328,3 +346,20 @@ pipelines: build_vhost_name: pipelines root_vhost_name: pipelinesRoot protocol: amqp + + +preUpgradeHook: + ## This is required to be performed to check if existing products like distribution, insight and pipelines already exists + enabled: true + image: + registry: "{{ .Values.global.imageRegistry }}" + repository: bitnami/kubectl + tag: 1.24.12 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + cpu: 1 + memory: 1Gi From a990e73b63a4d70e806a74e546efa676e8d2066e Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 17 May 2024 13:43:05 +0530 Subject: [PATCH 40/47] [artifactory] 7.84.11 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +-- stable/artifactory-ha/CHANGELOG.md | 7 ++- stable/artifactory-ha/Chart.yaml | 4 +- stable/artifactory-ha/ci/loggers-values.yaml | 43 ++++++++++++++++++ .../artifactory-node-statefulset.yaml | 42 +++++++++--------- .../artifactory-primary-statefulset.yaml | 44 +++++++++---------- .../templates/artifactory-unified-secret.yaml | 2 +- stable/artifactory-ha/values.yaml | 4 +- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +-- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +-- stable/artifactory/CHANGELOG.md | 6 ++- stable/artifactory/Chart.yaml | 4 +- stable/artifactory/ci/loggers-values.yaml | 43 ++++++++++++++++++ .../templates/artifactory-statefulset.yaml | 30 ++++++------- .../templates/artifactory-unified-secret.yaml | 2 +- stable/artifactory/values.yaml | 4 +- 19 files changed, 175 insertions(+), 84 deletions(-) create mode 100644 stable/artifactory-ha/ci/loggers-values.yaml create mode 100644 stable/artifactory/ci/loggers-values.yaml diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index b8a35e348..45b3ace26 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.84.10] - Feb 20, 2024 +## [107.84.11] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 472585331..8a2a1d9f7 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.10 +appVersion: 7.84.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.10 + version: 107.84.11 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.84.10 +version: 107.84.11 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index b8cd06dae..1726ef8df 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.84.10] - May 2, 2024 +## [107.84.11] - May 16, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed loggers.image section @@ -14,8 +14,11 @@ All changes to this chart will be documented in this file * Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy` * Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions` * Added flag `allowNonPostgresql` defaults to false -* Update postgresql tag version to `15.6.0-debian-12-r5` +* Update postgresql tag version to `15.6.0-debian-11-r16` * Added a check if `initContainerImage` exists +* Fixed a wrong imagePullPolicy configuration +* Fixed an issue to generate unified secret to support artifactory fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) +* Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) ## [107.83.0] - Mar 12, 2024 * Added image section for `metadata` and `observability` diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index b973ae1f6..e2ee93199 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifactoryServiceVersion: 7.84.15 apiVersion: v2 -appVersion: 7.84.10 +appVersion: 7.84.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -23,4 +23,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.84.10 +version: 107.84.11 diff --git a/stable/artifactory-ha/ci/loggers-values.yaml b/stable/artifactory-ha/ci/loggers-values.yaml new file mode 100644 index 000000000..03c94be95 --- /dev/null +++ b/stable/artifactory-ha/ci/loggers-values.yaml @@ -0,0 +1,43 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true + +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password + persistence: + enabled: false +artifactory: + persistence: + enabled: false + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + + loggers: + - access-audit.log + - access-request.log + - access-security-audit.log + - access-service.log + - artifactory-access.log + - artifactory-event.log + - artifactory-import-export.log + - artifactory-request.log + - artifactory-service.log + - frontend-request.log + - frontend-service.log + - metadata-request.log + - metadata-service.log + - router-request.log + - router-service.log + - router-traefik.log + + catalinaLoggers: + - tomcat-catalina.log + - tomcat-localhost.log diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml index 47ebfa9f6..0df644d72 100644 --- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -83,7 +83,7 @@ spec: {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - name: "create-artifactory-data-dir" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -102,7 +102,7 @@ spec: {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - name: "delete-db-properties" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - 'bash' - '-c' @@ -117,7 +117,7 @@ spec: {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} - name: "wait-for-primary" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -141,7 +141,7 @@ spec: {{- end }} - name: 'copy-system-configurations' image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -180,7 +180,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -217,7 +217,7 @@ spec: {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: copy-custom-certificates image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -239,7 +239,7 @@ spec: {{- if .Values.artifactory.circleOfTrustCertificatesSecret }} - name: copy-circle-of-trust-certificates image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -261,7 +261,7 @@ spec: {{- if or .Values.postgresql.enabled }} - name: "wait-for-db" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} command: - /bin/bash - -c @@ -320,7 +320,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -336,7 +336,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -355,7 +355,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -544,7 +544,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -560,7 +560,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -579,7 +579,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -712,7 +712,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -858,7 +858,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -874,7 +874,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -893,7 +893,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1021,7 +1021,7 @@ spec: {{- range .Values.artifactory.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1042,7 +1042,7 @@ spec: {{- range .Values.artifactory.catalinaLoggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1239,7 +1239,7 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory-ha.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory-ha.name" . }}-unified-secret + secretName: {{ template "artifactory-ha.fullname" . }}-unified-secret {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml index bb448ff14..dfddd8126 100644 --- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -115,7 +115,7 @@ spec: {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} - name: "create-artifactory-data-dir" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -134,7 +134,7 @@ spec: {{- if .Values.artifactory.deleteDBPropertiesOnStartup }} - name: "delete-db-properties" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -151,7 +151,7 @@ spec: {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} - name: "access-bootstrap-creds" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -183,7 +183,7 @@ spec: {{- end }} - name: 'copy-system-configurations' image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -244,7 +244,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory-ha.joinKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: join-key {{- end }} @@ -255,7 +255,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory-ha.jfConnectTokenSecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: jfconnect-token {{- end }} @@ -266,7 +266,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -323,7 +323,7 @@ spec: {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: copy-custom-certificates image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -344,7 +344,7 @@ spec: {{- if .Values.artifactory.circleOfTrustCertificatesSecret }} - name: copy-circle-of-trust-certificates image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: c + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -366,7 +366,7 @@ spec: {{- if or .Values.postgresql.enabled }} - name: "wait-for-db" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }} + imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -428,7 +428,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -444,7 +444,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -463,7 +463,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -656,7 +656,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -672,7 +672,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -691,7 +691,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -964,7 +964,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -980,7 +980,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -999,7 +999,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.name" . }}-unified-secret" + name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1137,7 +1137,7 @@ spec: {{- range .Values.artifactory.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1158,7 +1158,7 @@ spec: {{- range .Values.artifactory.catalinaLoggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1366,7 +1366,7 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory-ha.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory-ha.name" . }}-unified-secret + secretName: {{ template "artifactory-ha.fullname" . }}-unified-secret {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ diff --git a/stable/artifactory-ha/templates/artifactory-unified-secret.yaml b/stable/artifactory-ha/templates/artifactory-unified-secret.yaml index b09114978..18cf070c8 100644 --- a/stable/artifactory-ha/templates/artifactory-unified-secret.yaml +++ b/stable/artifactory-ha/templates/artifactory-unified-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "artifactory-ha.name" . }}-unified-secret + name: {{ template "artifactory-ha.fullname" . }}-unified-secret labels: app: "{{ template "artifactory-ha.name" $ }}" chart: "{{ template "artifactory-ha.chart" $ }}" diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml index 854711387..d7cd474ab 100644 --- a/stable/artifactory-ha/values.yaml +++ b/stable/artifactory-ha/values.yaml @@ -536,7 +536,7 @@ artifactory: # cpu: "100m" ## Add custom volumes - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.name" . }}-unified-secret'. + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.fullname" . }}-unified-secret'. customVolumes: "" # - name: custom-script # configMap: @@ -585,7 +585,7 @@ artifactory: # jfConnectTokenSecretName: # Add custom secrets - secret per file - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.name" . }}-unified-secret' common to all secrets + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.fullname" . }}-unified-secret' common to all secrets customSecrets: # - name: custom-secret # key: custom-secret.yaml diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index 1fdb40d04..490112849 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.84.10] - Feb 20, 2024 +## [107.84.11] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 03e01cba4..5de2926e9 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.10 +appVersion: 7.84.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.10 + version: 107.84.11 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.84.10 +version: 107.84.11 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 827849008..1cb5030a7 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.84.10] - Feb 20, 2024 +## [107.84.11] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 31738282d..162454cfa 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.10 +appVersion: 7.84.11 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.10 + version: 107.84.11 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.84.10 +version: 107.84.11 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 4b53308d9..46e39c45b 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.84.10] - May 2, 2024 +## [107.84.11] - May 16, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed image section for `loggers` @@ -14,8 +14,10 @@ All changes to this chart will be documented in this file. * Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy` * Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions` * Added flag `allowNonPostgresql` defaults to false -* Update postgresql tag version to `15.6.0-debian-12-r5` +* Update postgresql tag version to `15.6.0-debian-11-r16` * Added a check if `initContainerImage` exists +* Fixed an issue to generate unified secret to support artifactory fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) +* Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) ## [107.82.0] - Mar 04, 2024 * Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router. diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index 0e794b307..42d5cc9c5 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.84.10 +appVersion: 7.84.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.84.10 +version: 107.84.11 diff --git a/stable/artifactory/ci/loggers-values.yaml b/stable/artifactory/ci/loggers-values.yaml new file mode 100644 index 000000000..03c94be95 --- /dev/null +++ b/stable/artifactory/ci/loggers-values.yaml @@ -0,0 +1,43 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true + +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password + persistence: + enabled: false +artifactory: + persistence: + enabled: false + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + + loggers: + - access-audit.log + - access-request.log + - access-security-audit.log + - access-service.log + - artifactory-access.log + - artifactory-event.log + - artifactory-import-export.log + - artifactory-request.log + - artifactory-service.log + - frontend-request.log + - frontend-service.log + - metadata-request.log + - metadata-service.log + - router-request.log + - router-service.log + - router-traefik.log + + catalinaLoggers: + - tomcat-catalina.log + - tomcat-localhost.log diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml index 5309dddad..4b91e0f02 100644 --- a/stable/artifactory/templates/artifactory-statefulset.yaml +++ b/stable/artifactory/templates/artifactory-statefulset.yaml @@ -226,7 +226,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory.joinKeySecretName" . }} {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: join-key {{- end }} @@ -237,7 +237,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory.jfConnectTokenSecretName" . }} {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: jfconnect-token {{- end }} @@ -248,7 +248,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -408,7 +408,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -424,7 +424,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -443,7 +443,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -622,7 +622,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -638,7 +638,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -657,7 +657,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -934,7 +934,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -950,7 +950,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -969,7 +969,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.name" . }}-unified-secret" + name: "{{ template "artifactory.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1086,7 +1086,7 @@ spec: {{- range .Values.artifactory.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1107,7 +1107,7 @@ spec: {{- range .Values.artifactory.catalinaLoggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} {{- if $.Values.containerSecurityContext.enabled }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} @@ -1321,7 +1321,7 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory.name" . }}-unified-secret + secretName: {{ template "artifactory.fullname" . }}-unified-secret {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ {{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled (not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName) }} diff --git a/stable/artifactory/templates/artifactory-unified-secret.yaml b/stable/artifactory/templates/artifactory-unified-secret.yaml index ce8f113cc..ec9e61daa 100644 --- a/stable/artifactory/templates/artifactory-unified-secret.yaml +++ b/stable/artifactory/templates/artifactory-unified-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "artifactory.name" . }}-unified-secret + name: {{ template "artifactory.fullname" . }}-unified-secret labels: app: "{{ template "artifactory.name" $ }}" chart: "{{ template "artifactory.chart" $ }}" diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml index 3df8bd9b4..959be3ad9 100644 --- a/stable/artifactory/values.yaml +++ b/stable/artifactory/values.yaml @@ -492,7 +492,7 @@ artifactory: # cpu: "100m" ## Add custom volumes - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.name" . }}-unified-secret' + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.fullname" . }}-unified-secret' customVolumes: "" # - name: custom-script # configMap: @@ -565,7 +565,7 @@ artifactory: # jfConnectTokenSecretName: # Add custom secrets - secret per file - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.name" . }}-unified-secret' common to all secrets + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.fullname" . }}-unified-secret' common to all secrets customSecrets: # - name: custom-secret # key: custom-secret.yaml From 5e0617cb215527e304af566639ac1d7a4c08ddb0 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 24 May 2024 07:07:02 +0530 Subject: [PATCH 41/47] [artifactory] 7.84.12 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +++--- stable/artifactory-ha/CHANGELOG.md | 3 ++- stable/artifactory-ha/Chart.yaml | 6 +++--- stable/artifactory-ha/templates/_helpers.tpl | 8 +++++--- stable/artifactory-ha/templates/nginx-deployment.yaml | 2 +- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 +++--- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 +++--- stable/artifactory/CHANGELOG.md | 2 +- stable/artifactory/Chart.yaml | 4 ++-- stable/artifactory/templates/nginx-deployment.yaml | 2 +- 13 files changed, 27 insertions(+), 24 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 45b3ace26..32e315fd1 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.84.11] - Feb 20, 2024 +## [107.84.12] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 8a2a1d9f7..98d6f9897 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.11 +appVersion: 7.84.12 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.11 + version: 107.84.12 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.84.11 +version: 107.84.12 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 1726ef8df..de7d49941 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.84.11] - May 16, 2024 +## [107.84.12] - May 20, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed loggers.image section @@ -19,6 +19,7 @@ All changes to this chart will be documented in this file * Fixed a wrong imagePullPolicy configuration * Fixed an issue to generate unified secret to support artifactory fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) * Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) +* Override metadata and observability image tag with `global.verisons.artifactory` value ## [107.83.0] - Mar 12, 2024 * Added image section for `metadata` and `observability` diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index e2ee93199..6c3434742 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,7 +1,7 @@ annotations: - artifactoryServiceVersion: 7.84.15 + artifactoryServiceVersion: 7.84.16 apiVersion: v2 -appVersion: 7.84.11 +appVersion: 7.84.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -23,4 +23,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.84.11 +version: 107.84.12 diff --git a/stable/artifactory-ha/templates/_helpers.tpl b/stable/artifactory-ha/templates/_helpers.tpl index a6dfe46fe..467d4e7dd 100644 --- a/stable/artifactory-ha/templates/_helpers.tpl +++ b/stable/artifactory-ha/templates/_helpers.tpl @@ -300,10 +300,12 @@ Return the proper artifactory chart image names {{- $tag = $dot.Values.global.versions.router | toString -}} {{- end -}} {{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }} - {{- $tag = $dot.Values.global.versions.initContainers | toString -}} + {{- $tag = $dot.Values.global.versions.initContainers | toString -}} {{- end -}} - {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} - {{- $tag = $dot.Values.global.versions.artifactory | toString -}} + {{- if $dot.Values.global.versions.artifactory }} + {{- if or (eq $indexReference "artifactory") (eq $indexReference "metadata") (eq $indexReference "nginx") (eq $indexReference "observability") }} + {{- $tag = $dot.Values.global.versions.artifactory | toString -}} + {{- end -}} {{- end -}} {{- if $dot.Values.global.imageRegistry }} {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} diff --git a/stable/artifactory-ha/templates/nginx-deployment.yaml b/stable/artifactory-ha/templates/nginx-deployment.yaml index 0c18eb8ae..889392912 100644 --- a/stable/artifactory-ha/templates/nginx-deployment.yaml +++ b/stable/artifactory-ha/templates/nginx-deployment.yaml @@ -155,7 +155,7 @@ spec: {{- range .Values.nginx.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} command: - tail args: diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index 490112849..14d384f13 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.84.11] - Feb 20, 2024 +## [107.84.12] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 5de2926e9..2dd78b47c 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.11 +appVersion: 7.84.12 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.11 + version: 107.84.12 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.84.11 +version: 107.84.12 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index 1cb5030a7..bb04fc61c 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.84.11] - Feb 20, 2024 +## [107.84.12] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 162454cfa..1641f1547 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.11 +appVersion: 7.84.12 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.11 + version: 107.84.12 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.84.11 +version: 107.84.12 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index 46e39c45b..b5bf63052 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.84.11] - May 16, 2024 +## [107.84.12] - May 16, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed image section for `loggers` diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index 42d5cc9c5..021dcafc4 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.84.11 +appVersion: 7.84.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.84.11 +version: 107.84.12 diff --git a/stable/artifactory/templates/nginx-deployment.yaml b/stable/artifactory/templates/nginx-deployment.yaml index dac769461..7f1ea6733 100644 --- a/stable/artifactory/templates/nginx-deployment.yaml +++ b/stable/artifactory/templates/nginx-deployment.yaml @@ -158,7 +158,7 @@ spec: {{- range .Values.nginx.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} command: - tail args: From afeb10010d89f65ad4f699602ca74dcef421683a Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Fri, 24 May 2024 07:07:30 +0530 Subject: [PATCH 42/47] [pipelines] 1.59.7 release --- stable/pipelines/CHANGELOG.md | 9 +- stable/pipelines/Chart.yaml | 4 +- stable/pipelines/templates/_helpers.tpl | 6 + .../templates/pipelines-cron-statefulset.yaml | 70 ++++--- .../pipelines-hookhandler-statefulset.yaml | 70 ++++--- .../pipelines-internalapi-statefulset.yaml | 78 ++++---- .../templates/pipelines-statefulset.yaml | 185 ++++++++---------- .../pipelines-steptrigger-statefulset.yaml | 70 ++++--- .../templates/pipelines-sync-statefulset.yaml | 86 ++++---- .../pipelines-trigger-statefulset.yaml | 102 +++++----- stable/pipelines/values.yaml | 44 ++++- 11 files changed, 392 insertions(+), 332 deletions(-) diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md index 6951fce4a..a4df29f57 100644 --- a/stable/pipelines/CHANGELOG.md +++ b/stable/pipelines/CHANGELOG.md @@ -1,7 +1,14 @@ # JFrog Pipelines Chart Changelog All changes to this chart to be documented in this file. -## [101.56.6] - Jan 31, 2024 +## [101.59.7] - Feb 21, 2024 +* Updated postgresql tag version to `15.2.0-debian-11-r23` + * If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! + * If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true +* Added a check for postgresql version during upgrades +* Added pod level and container security context + +## [101.56.0] - Jan 31, 2024 * Fixes in external secret support on unified secret installation ## [101.55.0] - Dec 28, 2023 diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml index 4793fe98f..c4c5633d5 100644 --- a/stable/pipelines/Chart.yaml +++ b/stable/pipelines/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.56.6 +appVersion: 1.59.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -32,4 +32,4 @@ name: pipelines sources: - https://github.com/jfrog/charts type: application -version: 101.56.6 +version: 101.59.7 diff --git a/stable/pipelines/templates/_helpers.tpl b/stable/pipelines/templates/_helpers.tpl index 049cc5f49..78d081597 100644 --- a/stable/pipelines/templates/_helpers.tpl +++ b/stable/pipelines/templates/_helpers.tpl @@ -848,8 +848,12 @@ bash "${new_script_path}" "${PIP_CONTAINER_START_TIME}" "{{ .Values.pipelines.lo Common code to change ownership of metrics file */}} {{- define "pipelines.changeOwnershipMetrics" -}} +{{- if .Values.podSecurityContext.enabled -}} +echo "podSecurityContext is enabled"; +{{- else -}} chown 1066:1066 {{ .Values.pipelines.logPath }}/*-metrics.log || true; {{- end -}} +{{- end -}} {{/* Return the proper vault image name @@ -886,8 +890,10 @@ Custom certificate copy command echo "Copy custom certificates to {{ .Values.pipelines.mountPath }}/security/keys/trusted"; mkdir -p {{ .Values.pipelines.mountPath }}/security/keys/trusted; if [ -f /tmp/certs/tls.crt ]; then cp -v /tmp/certs/tls.crt {{ .Values.pipelines.mountPath }}/security/keys/trusted/pipelines_custom_certs.crt; fi; +{{- if not .Values.podSecurityContext.enabled -}} chown -R 1066:1066 {{ .Values.pipelines.mountPath }} {{- end -}} +{{- end -}} {{/* Resolve pipelines requiredServiceTypes value diff --git a/stable/pipelines/templates/pipelines-cron-statefulset.yaml b/stable/pipelines/templates/pipelines-cron-statefulset.yaml index 09e09ac25..367e116ce 100644 --- a/stable/pipelines/templates/pipelines-cron-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-cron-statefulset.yaml @@ -12,6 +12,9 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} {{- include "pipelines.common.labels" . | nindent 4 }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/pipelines/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the same postgres image version (postgresql.image.tag) and databaseUpgradeReady to true in your custom values yaml file. This is to prevent major version upgrades in postgresql resulting in data corruption.\n" .Values.databaseUpgradeReady | quote }} +{{- end }} spec: serviceName: {{ include "pipelines.services.name" . }}-headless replicas: {{ .Values.pipelines.cron.replicaCount }} @@ -45,6 +48,9 @@ spec: {{- if .Values.pipelines.schedulerName }} schedulerName: {{ .Values.pipelines.schedulerName | quote }} {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.pipelines.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.pipelines.priorityClass.existingPriorityClass }} {{- else -}} @@ -64,6 +70,9 @@ spec: - name: wait-for-pipelines-internalapi image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -77,11 +86,9 @@ spec: - name: copy-system-yaml image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -115,11 +122,17 @@ spec: - name: copy-custom-certificates image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: + add: + - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -137,11 +150,9 @@ spec: - name: copy-rabbitmq-certs image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -155,6 +166,7 @@ spec: - name: rabbitmq-ca-certs mountPath: "/tmp/rabbitmqcerts" {{ end }} + {{- if not .Values.podSecurityContext.enabled }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -176,9 +188,13 @@ spec: volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} + {{- end }} - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -186,6 +202,7 @@ spec: - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }} env: @@ -295,11 +312,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} args: - "-e" - "-E" @@ -317,11 +332,9 @@ spec: - name: router image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "router" ) }} imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "pipelines.cron.router.requiredServiceTypes" . }} @@ -397,12 +410,9 @@ spec: - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} - securityContext: - runAsNonRoot: false - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_OBSERVABILITY_PARENT_SERVICE value: "cron" @@ -454,11 +464,9 @@ spec: - name: cron image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "cron" ) }} imagePullPolicy: {{ .Values.pipelines.cron.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/cron env: {{- if .Values.rabbitmq.auth.tls.enabled }} diff --git a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml index efe9756ab..387325760 100644 --- a/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-hookhandler-statefulset.yaml @@ -12,6 +12,9 @@ metadata: {{- with .Values.pipelines.labels }} {{ toYaml . | indent 4 }} {{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/pipelines/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the same postgres image version (postgresql.image.tag) and databaseUpgradeReady to true in your custom values yaml file. This is to prevent major version upgrades in postgresql resulting in data corruption.\n" .Values.databaseUpgradeReady | quote }} +{{- end }} spec: serviceName: {{ include "pipelines.services.name" . }}-headless {{- if not .Values.pipelines.hookHandler.autoscaling.enabled }} @@ -49,6 +52,9 @@ spec: {{- if .Values.pipelines.schedulerName }} schedulerName: {{ .Values.pipelines.schedulerName | quote }} {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.pipelines.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.pipelines.priorityClass.existingPriorityClass }} {{- else -}} @@ -68,6 +74,9 @@ spec: - name: wait-for-pipelines-internalapi image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -81,11 +90,9 @@ spec: - name: copy-system-yaml image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -119,11 +126,17 @@ spec: - name: copy-custom-certificates image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: + add: + - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -141,11 +154,9 @@ spec: - name: copy-rabbitmq-certs image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -159,6 +170,7 @@ spec: - name: rabbitmq-ca-certs mountPath: "/tmp/rabbitmqcerts" {{ end }} + {{- if not .Values.podSecurityContext.enabled }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -180,9 +192,13 @@ spec: volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} + {{- end }} - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -190,6 +206,7 @@ spec: - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }} env: @@ -299,11 +316,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} args: - "-e" - "-E" @@ -321,11 +336,9 @@ spec: - name: router image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "router" ) }} imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "pipelines.hookhandler.router.requiredServiceTypes" . }} @@ -401,12 +414,9 @@ spec: - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} - securityContext: - runAsNonRoot: false - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_OBSERVABILITY_PARENT_SERVICE value: "hookhandler" @@ -458,11 +468,9 @@ spec: - name: hookhandler image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "hookHandler" ) }} imagePullPolicy: {{ .Values.pipelines.hookHandler.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/hookHandler env: {{- if .Values.rabbitmq.auth.tls.enabled }} diff --git a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml index df52e2357..6287d4be1 100644 --- a/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-internalapi-statefulset.yaml @@ -12,6 +12,9 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} {{- include "pipelines.common.labels" . | nindent 4 }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/pipelines/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the same postgres image version (postgresql.image.tag) and databaseUpgradeReady to true in your custom values yaml file. This is to prevent major version upgrades in postgresql resulting in data corruption.\n" .Values.databaseUpgradeReady | quote }} +{{- end }} spec: serviceName: {{ include "pipelines.internalapi.name" . }} {{- if not .Values.pipelines.internalapi.autoscaling.enabled }} @@ -51,6 +54,9 @@ spec: {{- if .Values.pipelines.schedulerName }} schedulerName: {{ .Values.pipelines.schedulerName | quote }} {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.pipelines.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.pipelines.priorityClass.existingPriorityClass }} {{- else -}} @@ -70,11 +76,9 @@ spec: - name: copy-system-yaml image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -108,11 +112,17 @@ spec: - name: copy-custom-certificates image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: + add: + - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -126,6 +136,7 @@ spec: - name: ca-certs mountPath: "/tmp/certs" {{- end }} + {{- if not .Values.podSecurityContext.enabled }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -147,11 +158,15 @@ spec: volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} + {{- end }} {{- if .Values.vault.enabled }} {{- if .Values.waitForDatabase }} - name: wait-for-db image: {{ include "vault.getImageInfoByValue" (list . "postgresql" ) }} imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -173,11 +188,9 @@ spec: - name: wait-for-vault image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} {{- if not .Values.vault.enabled }} @@ -223,11 +236,9 @@ spec: - name: copy-rabbitmq-certs image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -244,6 +255,9 @@ spec: - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -251,6 +265,7 @@ spec: - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }} env: @@ -380,11 +395,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} args: - "-e" - "-E" @@ -402,11 +415,9 @@ spec: - name: router image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "router" ) }} imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "pipelines.internalapi.router.requiredServiceTypes" . }} @@ -482,12 +493,9 @@ spec: - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} - securityContext: - runAsNonRoot: false - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: @@ -535,11 +543,9 @@ spec: - name: internalapi image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "api" ) }} imagePullPolicy: {{ .Values.pipelines.api.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml index eded2440b..e8ad61563 100644 --- a/stable/pipelines/templates/pipelines-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-statefulset.yaml @@ -8,6 +8,9 @@ metadata: {{- with .Values.pipelines.labels }} {{ toYaml . | indent 4 }} {{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/pipelines/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the same postgres image version (postgresql.image.tag) and databaseUpgradeReady to true in your custom values yaml file. This is to prevent major version upgrades in postgresql resulting in data corruption.\n" .Values.databaseUpgradeReady | quote }} +{{- end }} {{- with .Values.pipelines.statefulset.annotations }} annotations: {{ toYaml . | indent 4 }} @@ -51,6 +54,9 @@ spec: {{- if .Values.pipelines.schedulerName }} schedulerName: {{ .Values.pipelines.schedulerName | quote }} {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.pipelines.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.pipelines.priorityClass.existingPriorityClass }} {{- else -}} @@ -70,11 +76,9 @@ spec: - name: copy-system-yaml image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -108,11 +112,17 @@ spec: - name: copy-custom-certificates image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: + add: + - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -126,6 +136,7 @@ spec: - name: ca-certs mountPath: "/tmp/certs" {{- end }} + {{- if not .Values.podSecurityContext.enabled }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -147,11 +158,15 @@ spec: volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} + {{- end }} {{- if .Values.vault.enabled }} {{- if .Values.waitForDatabase }} - name: wait-for-db image: {{ include "vault.getImageInfoByValue" (list . "postgresql" ) }} imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -171,6 +186,9 @@ spec: - name: create-vault-table image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} env: @@ -221,11 +239,9 @@ spec: - name: wait-for-vault image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} {{- if not .Values.vault.enabled }} @@ -271,11 +287,9 @@ spec: - name: copy-rabbitmq-certs image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -292,6 +306,9 @@ spec: - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -299,6 +316,7 @@ spec: - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }} env: @@ -428,11 +446,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} args: - "-e" - "-E" @@ -450,11 +466,9 @@ spec: - name: router image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "router" ) }} imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "pipelines.router.requiredServiceTypes" . }} @@ -530,12 +544,9 @@ spec: - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} - securityContext: - runAsNonRoot: false - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_SHARED_SECURITY_MASTERKEY valueFrom: @@ -583,11 +594,9 @@ spec: - name: api image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "api" ) }} imagePullPolicy: {{ .Values.pipelines.api.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} @@ -642,11 +651,9 @@ spec: - name: www image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "www" ) }} imagePullPolicy: {{ .Values.pipelines.www.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS @@ -693,11 +700,9 @@ spec: - name: frontend image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "frontend" ) }} imagePullPolicy: {{ .Values.pipelines.frontend.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS @@ -739,11 +744,9 @@ spec: - name: nodepoolservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "nodepoolservice" ) }} imagePullPolicy: {{ .Values.pipelines.nodepoolservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} @@ -786,11 +789,9 @@ spec: - name: runservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "runservice" ) }} imagePullPolicy: {{ .Values.pipelines.runservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} @@ -829,11 +830,9 @@ spec: - name: logservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "logservice" ) }} imagePullPolicy: {{ .Values.pipelines.logservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS @@ -870,11 +869,9 @@ spec: - name: stepservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "stepservice" ) }} imagePullPolicy: {{ .Values.pipelines.stepservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} @@ -911,11 +908,9 @@ spec: - name: analyticsservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "analyticsservice" ) }} imagePullPolicy: {{ .Values.pipelines.analyticsservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if or .Values.pipelines.customCertificates.enabled .Values.global.customCertificates.enabled }} - name: NODE_EXTRA_CA_CERTS @@ -952,11 +947,9 @@ spec: - name: pipelinesync image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelineSync" ) }} imagePullPolicy: {{ .Values.pipelines.pipelineSync.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync env: {{- if .Values.rabbitmq.auth.tls.enabled }} @@ -992,11 +985,9 @@ spec: - name: cron image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "cron" ) }} imagePullPolicy: {{ .Values.pipelines.cron.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/cron env: - name: COMPONENT @@ -1032,11 +1023,9 @@ spec: - name: hookhandler image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "hookHandler" ) }} imagePullPolicy: {{ .Values.pipelines.hookHandler.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/hookHandler env: {{- if .Values.rabbitmq.auth.tls.enabled }} @@ -1072,11 +1061,9 @@ spec: - name: extensionsync image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "extensionSync" ) }} imagePullPolicy: {{ .Values.pipelines.extensionSync.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/extensionSync env: - name: COMPONENT @@ -1112,11 +1099,9 @@ spec: - name: reqsealer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "reqSealer" ) }} imagePullPolicy: {{ .Values.pipelines.reqSealer.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/reqSealer env: {{- if .Values.rabbitmq.auth.tls.enabled }} @@ -1152,11 +1137,9 @@ spec: - name: templatesync image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "templateSync" ) }} imagePullPolicy: {{ .Values.pipelines.templateSync.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/templateSync env: {{- if .Values.rabbitmq.auth.tls.enabled }} diff --git a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml index 5de08f728..ccdcf6eb0 100644 --- a/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-steptrigger-statefulset.yaml @@ -12,6 +12,9 @@ metadata: {{- with .Values.pipelines.labels }} {{ toYaml . | indent 4 }} {{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/pipelines/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the same postgres image version (postgresql.image.tag) and databaseUpgradeReady to true in your custom values yaml file. This is to prevent major version upgrades in postgresql resulting in data corruption.\n" .Values.databaseUpgradeReady | quote }} +{{- end }} spec: serviceName: {{ include "pipelines.services.name" . }}-headless replicas: {{ .Values.pipelines.stepservice.replicaCount }} @@ -45,6 +48,9 @@ spec: {{- if .Values.pipelines.schedulerName }} schedulerName: {{ .Values.pipelines.schedulerName | quote }} {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.pipelines.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.pipelines.priorityClass.existingPriorityClass }} {{- else -}} @@ -64,6 +70,9 @@ spec: - name: wait-for-pipelines-internalapi image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -77,11 +86,9 @@ spec: - name: copy-system-yaml image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -115,11 +122,17 @@ spec: - name: copy-custom-certificates image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: + add: + - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -137,11 +150,9 @@ spec: - name: copy-rabbitmq-certs image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -155,6 +166,7 @@ spec: - name: rabbitmq-ca-certs mountPath: "/tmp/rabbitmqcerts" {{ end }} + {{- if not .Values.podSecurityContext.enabled }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -176,9 +188,13 @@ spec: volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} + {{- end }} - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -186,6 +202,7 @@ spec: - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }} env: @@ -295,11 +312,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} args: - "-e" - "-E" @@ -317,11 +332,9 @@ spec: - name: router image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "router" ) }} imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "pipelines.stepservice.router.requiredServiceTypes" . }} @@ -397,12 +410,9 @@ spec: - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} - securityContext: - runAsNonRoot: false - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_OBSERVABILITY_PARENT_SERVICE value: "stepservice" @@ -454,11 +464,9 @@ spec: - name: stepservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "stepservice" ) }} imagePullPolicy: {{ .Values.pipelines.stepservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} diff --git a/stable/pipelines/templates/pipelines-sync-statefulset.yaml b/stable/pipelines/templates/pipelines-sync-statefulset.yaml index 4df01bbe5..57e13bfcc 100644 --- a/stable/pipelines/templates/pipelines-sync-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-sync-statefulset.yaml @@ -12,6 +12,9 @@ metadata: {{- with .Values.pipelines.labels }} {{ toYaml . | indent 4 }} {{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/pipelines/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the same postgres image version (postgresql.image.tag) and databaseUpgradeReady to true in your custom values yaml file. This is to prevent major version upgrades in postgresql resulting in data corruption.\n" .Values.databaseUpgradeReady | quote }} +{{- end }} spec: serviceName: {{ include "pipelines.services.name" . }}-headless {{- if not .Values.pipelines.pipelineSync.autoscaling.enabled }} @@ -47,6 +50,9 @@ spec: {{- if .Values.pipelines.schedulerName }} schedulerName: {{ .Values.pipelines.schedulerName | quote }} {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.pipelines.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.pipelines.priorityClass.existingPriorityClass }} {{- else -}} @@ -66,6 +72,9 @@ spec: - name: wait-for-pipelines-internalapi image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -79,11 +88,9 @@ spec: - name: copy-system-yaml image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -117,11 +124,17 @@ spec: - name: copy-custom-certificates image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: + add: + - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -139,11 +152,9 @@ spec: - name: copy-rabbitmq-certs image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -157,6 +168,7 @@ spec: - name: rabbitmq-ca-certs mountPath: "/tmp/rabbitmqcerts" {{ end }} + {{- if not .Values.podSecurityContext.enabled }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -178,9 +190,13 @@ spec: volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} + {{- end }} - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -188,6 +204,7 @@ spec: - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }} env: @@ -297,11 +314,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} args: - "-e" - "-E" @@ -319,11 +334,9 @@ spec: - name: router image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "router" ) }} imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "pipelines.sync.router.requiredServiceTypes" . }} @@ -401,12 +414,9 @@ spec: - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} - securityContext: - runAsNonRoot: false - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_OBSERVABILITY_PARENT_SERVICE value: "sync" @@ -458,11 +468,9 @@ spec: - name: pipelinesync image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelineSync" ) }} imagePullPolicy: {{ .Values.pipelines.pipelineSync.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync env: {{- if .Values.rabbitmq.auth.tls.enabled }} @@ -500,11 +508,9 @@ spec: - name: extensionsync image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "extensionSync" ) }} imagePullPolicy: {{ .Values.pipelines.extensionSync.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/extensionSync env: - name: PIPELINES_INTERNAL_API @@ -542,11 +548,9 @@ spec: - name: templatesync image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "templateSync" ) }} imagePullPolicy: {{ .Values.pipelines.templateSync.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/templateSync env: - name: PIPELINES_INTERNAL_API diff --git a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml index 99fcd6459..f02e18109 100644 --- a/stable/pipelines/templates/pipelines-trigger-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-trigger-statefulset.yaml @@ -12,6 +12,9 @@ metadata: {{- with .Values.pipelines.labels }} {{ toYaml . | indent 4 }} {{- end }} +{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} + databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/pipelines/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the same postgres image version (postgresql.image.tag) and databaseUpgradeReady to true in your custom values yaml file. This is to prevent major version upgrades in postgresql resulting in data corruption.\n" .Values.databaseUpgradeReady | quote }} +{{- end }} spec: serviceName: {{ include "pipelines.services.name" . }}-headless {{- if not .Values.pipelines.runservice.autoscaling.enabled }} @@ -47,6 +50,9 @@ spec: {{- if .Values.pipelines.schedulerName }} schedulerName: {{ .Values.pipelines.schedulerName | quote }} {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} {{- if .Values.pipelines.priorityClass.existingPriorityClass }} priorityClassName: {{ .Values.pipelines.priorityClass.existingPriorityClass }} {{- else -}} @@ -66,6 +72,9 @@ spec: - name: wait-for-pipelines-internalapi image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -79,11 +88,9 @@ spec: - name: copy-system-yaml image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -117,11 +124,17 @@ spec: - name: copy-custom-certificates image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: + add: + - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -139,11 +152,9 @@ spec: - name: copy-rabbitmq-certs image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.initContainers.resources | nindent 12 }} command: @@ -157,6 +168,7 @@ spec: - name: rabbitmq-ca-certs mountPath: "/tmp/rabbitmqcerts" {{ end }} + {{- if not .Values.podSecurityContext.enabled }} - name: change-ownership image: "{{ .Values.initContainer.image }}" imagePullPolicy: {{ .Values.initContainer.pullPolicy }} @@ -178,9 +190,13 @@ spec: volumeMounts: - name: jfrog-pipelines-folder mountPath: {{ .Values.pipelines.mountPath }} + {{- end }} - name: pipelines-installer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "pipelinesInit" ) }} imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- else }} securityContext: allowPrivilegeEscalation: false capabilities: @@ -188,6 +204,7 @@ spec: - CHOWN drop: - NET_RAW + {{- end }} resources: {{ toYaml .Values.pipelineInstallerInitContainer.resources | nindent 12 }} env: @@ -297,11 +314,9 @@ spec: - name: {{ .Values.filebeat.name }} image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}" imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} args: - "-e" - "-E" @@ -319,11 +334,9 @@ spec: - name: router image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "router" ) }} imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES value: {{ include "pipelines.trigger.router.requiredServiceTypes" . }} @@ -400,12 +413,9 @@ spec: - name: observability image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} - securityContext: - runAsNonRoot: false - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: - name: JF_OBSERVABILITY_PARENT_SERVICE value: "trigger" @@ -457,11 +467,9 @@ spec: - name: nodepoolservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "nodepoolservice" ) }} imagePullPolicy: {{ .Values.pipelines.nodepoolservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} @@ -504,11 +512,9 @@ spec: - name: runservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "runservice" ) }} imagePullPolicy: {{ .Values.pipelines.runservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} @@ -546,11 +552,9 @@ spec: - name: analyticsservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "analyticsservice" ) }} imagePullPolicy: {{ .Values.pipelines.analyticsservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 -}} @@ -588,11 +592,9 @@ spec: - name: logservice image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "logservice" ) }} imagePullPolicy: {{ .Values.pipelines.logservice.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} env: {{- if .Values.rabbitmq.auth.tls.enabled }} {{- include "pipelines.rabbitmqTlsEnvVariables" . | indent 12 }} @@ -629,11 +631,9 @@ spec: - name: reqsealer image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "reqSealer" ) }} imagePullPolicy: {{ .Values.pipelines.reqSealer.image.pullPolicy }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} workingDir: /opt/jfrog/pipelines/app/micro/reqSealer env: {{- if .Values.rabbitmq.auth.tls.enabled }} diff --git a/stable/pipelines/values.yaml b/stable/pipelines/values.yaml index 2d78bd955..0d08e459e 100644 --- a/stable/pipelines/values.yaml +++ b/stable/pipelines/values.yaml @@ -131,11 +131,41 @@ systemYamlOverride: ## String to fully override pipelines.fullname template # fullnameOverride: -## Set user/group to run Pipelines components with -securityContext: +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## @param artifactory.podSecurityContext.enabled Enable security context +## @param artifactory.podSecurityContext.runAsNonRoot Set pod's Security Context runAsNonRoot +## @param artifactory.podSecurityContext.runAsUser User ID for the pod +## @param artifactory.podSecurityContext.runASGroup Group ID for the pod +## @param artifactory.podSecurityContext.fsGroup Group ID for the pod +## +podSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1066 + runAsGroup: 1066 + fsGroup: 1066 + # fsGroupChangePolicy: "Always" + # seLinuxOptions: {} + +## Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param containerSecurityContext.enabled Enabled containers' Security Context + ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param containerSecurityContext.privileged Set container's Security Context privileged + ## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## +containerSecurityContext: enabled: true - uid: 1030 - gid: 1030 + privileged: false + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL splitServicesToPods: false @@ -1934,7 +1964,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.13.0-debian-11-r4 + tag: 15.2.0-debian-11-r23 postgresqlDatabase: "pipelinesdb" postgresqlUsername: "apiuser" # Password must be set @@ -2227,7 +2257,7 @@ vault: extraInitContainers: # wait-for-db is checking if postgresql server up - name: vault-wait-for-db - image: "releases-docker.jfrog.io/bitnami/postgresql:13.13.0-debian-11-r4" + image: "releases-docker.jfrog.io/bitnami/postgresql:15.2.0-debian-11-r23" imagePullPolicy: IfNotPresent env: - name: CONNECTION_DETAILS @@ -2257,7 +2287,7 @@ vault: # create-vault-table is creating vault schema changes in postgres db - name: create-vault-table - image: releases-docker.jfrog.io/bitnami/postgresql:13.13.0-debian-11-r4 + image: releases-docker.jfrog.io/bitnami/postgresql:15.2.0-debian-11-r23 imagePullPolicy: IfNotPresent env: - name: DATABASE_URL From b51b8e43d9f3239d88be37a139e97040cc33adb7 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Mon, 27 May 2024 09:49:40 +0530 Subject: [PATCH 43/47] [distribution] 2.25.1 release --- stable/distribution/CHANGELOG.md | 6 +- stable/distribution/Chart.yaml | 4 +- stable/distribution/ci/loggers-values.yaml | 63 +++++++++++++++++++ .../templates/distribution-statefulset.yaml | 22 +++---- .../distribution-unified-secret.yaml | 2 +- stable/distribution/values.yaml | 10 +-- 6 files changed, 87 insertions(+), 20 deletions(-) create mode 100644 stable/distribution/ci/loggers-values.yaml diff --git a/stable/distribution/CHANGELOG.md b/stable/distribution/CHANGELOG.md index 97669b36d..4fb9511c4 100644 --- a/stable/distribution/CHANGELOG.md +++ b/stable/distribution/CHANGELOG.md @@ -1,6 +1,11 @@ # JFrog Distribution Chart Changelog All changes to this project chart be documented in this file. +## [102.25.1] - May 16, 2024 +* Update postgresql tag version to `15.6.0-debian-11-r16` +* Fixed an issue to generate unified secret to support distribution fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) +* Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) + ## [102.24.0] - Mar 27, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `distribution.image.imagePullPolicy` to `distribution.image.pullPolicy` @@ -10,7 +15,6 @@ All changes to this project chart be documented in this file. * Added support for `global.verisons.initContainers` to override `initContainers.image.tag` * Fixed an issue with extraSystemYaml merge - ## [102.23.0] - Feb 15, 2024 * **IMPORTANT** * Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default diff --git a/stable/distribution/Chart.yaml b/stable/distribution/Chart.yaml index 788230e34..88379622b 100644 --- a/stable/distribution/Chart.yaml +++ b/stable/distribution/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.24.0 +appVersion: 2.25.1 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: distribution sources: - https://github.com/jfrog/charts type: application -version: 102.24.0 +version: 102.25.1 diff --git a/stable/distribution/ci/loggers-values.yaml b/stable/distribution/ci/loggers-values.yaml new file mode 100644 index 000000000..4814bb264 --- /dev/null +++ b/stable/distribution/ci/loggers-values.yaml @@ -0,0 +1,63 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +# If this is an upgrade over an existing Mission Control 4.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade +unifiedUpgradeAllowed: true +databaseUpgradeReady: true +distribution: + jfrogUrl: http://artifactory.rt:8082 + persistence: + enabled: false + resources: + requests: + memory: "1Gi" + cpu: "1" + limits: + memory: "3Gi" + cpu: "2" + javaOpts: + xms: "1g" + xmx: "3g" + loggers: + - router-request.log + - router-service.log + - router-traefik.log + - distribution-service.log + - distribution-request.log + - distribution-access.log + - distributor-foreman.log + - observability-metrics.log + - observability-request.log + - observability-service.log + +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password + persistence: + enabled: false +redis: + persistence: + enabled: false + resources: + requests: + memory: "512Mi" + cpu: "1" + limits: + memory: "1Gi" + cpu: "1" + +router: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" + +observability: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" diff --git a/stable/distribution/templates/distribution-statefulset.yaml b/stable/distribution/templates/distribution-statefulset.yaml index d8f3d5f84..883556e9b 100644 --- a/stable/distribution/templates/distribution-statefulset.yaml +++ b/stable/distribution/templates/distribution-statefulset.yaml @@ -127,7 +127,7 @@ spec: {{- if or (not .Values.distribution.unifiedSecretInstallation) (or .Values.distribution.joinKeySecretName .Values.global.joinKeySecretName) }} name: {{ include "distribution.joinKeySecretName" . }} {{- else }} - name: "{{ template "distribution.name" . }}-unified-secret" + name: "{{ template "distribution.fullname" . }}-unified-secret" {{- end }} key: join-key {{- end }} @@ -138,7 +138,7 @@ spec: {{- if or (not .Values.distribution.unifiedSecretInstallation) (or .Values.distribution.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "distribution.masterKeySecretName" . }} {{- else }} - name: "{{ template "distribution.name" . }}-unified-secret" + name: "{{ template "distribution.fullname" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -280,7 +280,7 @@ spec: {{- if not .Values.distribution.unifiedSecretInstallation }} name: {{ template "distribution.fullname" . }}-database-creds {{- else }} - name: "{{ template "distribution.name" . }}-unified-secret" + name: "{{ template "distribution.fullname" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -296,7 +296,7 @@ spec: {{- if not .Values.distribution.unifiedSecretInstallation }} name: {{ template "distribution.fullname" . }}-database-creds {{- else }} - name: "{{ template "distribution.name" . }}-unified-secret" + name: "{{ template "distribution.fullname" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -315,7 +315,7 @@ spec: {{- if not .Values.distribution.unifiedSecretInstallation }} name: {{ template "distribution.fullname" . }}-database-creds {{- else }} - name: "{{ template "distribution.name" . }}-unified-secret" + name: "{{ template "distribution.fullname" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -328,7 +328,7 @@ spec: {{- else if not .Values.distribution.unifiedSecretInstallation }} name: {{ include "distribution.fullname" . }} {{- else }} - name: "{{ template "distribution.name" . }}-unified-secret" + name: "{{ template "distribution.fullname" . }}-unified-secret" {{- end }} key: redis-password - name: JF_SHARED_REDIS_CONNECTIONSTRING @@ -453,7 +453,7 @@ spec: {{- else if not .Values.distribution.unifiedSecretInstallation }} name: {{ include "distribution.fullname" . }} {{- else }} - name: "{{ template "distribution.name" . }}-unified-secret" + name: "{{ template "distribution.fullname" . }}-unified-secret" {{- end }} key: redis-password - name: REDIS_PORT @@ -486,9 +486,9 @@ spec: {{- range .Values.distribution.loggers }} - name: {{ . | replace "_" "-" | replace "." "-" }} image: {{ include "distribution.getImageInfoByValue" (list $ "initContainers") }} - imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + imagePullPolicy: {{ $.Values.initContainers.image.pullPolicy }} + {{- if $.Values.containerSecurityContext.enabled }} + securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} {{- end }} command: - 'sh' @@ -583,7 +583,7 @@ spec: {{- if and .Values.distribution.unifiedSecretInstallation (eq (include "distribution.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "distribution.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "distribution.name" . }}-unified-secret + secretName: {{ template "distribution.fullname" . }}-unified-secret {{- else if not .Values.distribution.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ {{- if and (not .Values.systemYamlOverride.existingSecret) }} diff --git a/stable/distribution/templates/distribution-unified-secret.yaml b/stable/distribution/templates/distribution-unified-secret.yaml index 69bcef202..39823ca99 100644 --- a/stable/distribution/templates/distribution-unified-secret.yaml +++ b/stable/distribution/templates/distribution-unified-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "distribution.name" . }}-unified-secret + name: {{ template "distribution.fullname" . }}-unified-secret labels: app: "{{ template "distribution.name" $ }}" chart: "{{ template "distribution.chart" $ }}" diff --git a/stable/distribution/values.yaml b/stable/distribution/values.yaml index adfd3bcc7..4d1404e33 100644 --- a/stable/distribution/values.yaml +++ b/stable/distribution/values.yaml @@ -49,7 +49,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.3.1552 + tag: 9.4.949 pullPolicy: IfNotPresent resources: requests: @@ -160,7 +160,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 15.2.0-debian-11-r23 + tag: 15.6.0-debian-11-r16 postgresqlUsername: distribution postgresqlPassword: "" postgresqlDatabase: distribution @@ -269,7 +269,7 @@ common: ## Custom command to run before distribution startup. Runs BEFORE any microservice-specific preStartCommand preStartCommand: ## Add custom volumes - # If .Values.distribution.unifiedSecretInstallation is true then secret name should be '{{ template "distribution.name" . }}-unified-secret'. + # If .Values.distribution.unifiedSecretInstallation is true then secret name should be '{{ template "distribution.fullname" . }}-unified-secret'. customVolumes: "" # - name: custom-script # configMap: @@ -457,7 +457,7 @@ distribution: # subPath: script.sh # Add custom secrets - secret per file - # If .Values.distribution.unifiedSecretInstallation is true then secret name should be '{{ template "distribution.name" . }}-unified-secret'. + # If .Values.distribution.unifiedSecretInstallation is true then secret name should be '{{ template "distribution.fullname" . }}-unified-secret'. customSecrets: # - name: custom-secret # key: custom-secret.yaml @@ -568,7 +568,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.103.0 + tag: 7.108.0 pullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled From 96570b87774c96a69a5390a8dd122971209ac9f0 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Mon, 27 May 2024 09:50:01 +0530 Subject: [PATCH 44/47] [jfrog-platform] 10.18.1 release --- stable/jfrog-platform/CHANGELOG.md | 10 +++--- stable/jfrog-platform/Chart.lock | 12 +++---- stable/jfrog-platform/Chart.yaml | 12 +++---- stable/jfrog-platform/templates/_helpers.tpl | 38 ++++++++++++++++++-- 4 files changed, 53 insertions(+), 19 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 6045d10d6..a07868adb 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,11 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.18.1] - May 26, 2024 +* Update dependency artifactory chart version to 107.84.12 +* Update dependency xray chart version to 103.95.7 +* Fixed an issue related to chart fullname when unifiedSecretInstallation is set to false [GH-1882](https://github.com/jfrog/charts/issues/1882) + ## [10.18.0] - May 12, 2024 * **Important change:** * Distribution, Insight and Pipelines are disabled by default, if you are using these products from previous release, enable them using your custom-values.yaml file. @@ -34,11 +39,6 @@ All changes to this chart will be documented in this file. ## [10.17.1] - Feb 29, 2024 * Updated README.md to create a namespace using `--create-namespace` as part of helm install * Updated `artifactory.installerInfo` content -* Update dependency artifactory chart version to 107.77.6 -* Update dependency xray chart version to 103.90.1 -* Update dependency distribution chart version to 102.22.2 -* Update dependency insight chart version to 101.16.7 -* Update dependency pipelines chart version to 101.55.6 ## [10.17.0] - Jan 24, 2023 * **IMPORTANT** diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index a8813e1e0..82360eb0e 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -7,18 +7,18 @@ dependencies: version: 11.9.3 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.84.10 + version: 107.84.12 - name: xray repository: https://charts.jfrog.io/ - version: 103.94.6 + version: 103.95.7 - name: distribution repository: https://charts.jfrog.io/ - version: 102.24.0 + version: 102.25.1 - name: insight repository: https://charts.jfrog.io/ version: 101.16.7 - name: pipelines repository: https://charts.jfrog.io/ - version: 101.56.6 -digest: sha256:5cde5b136403c096e4ebf13a3008248dcf3f95ce7109c74d9d78c3c505c3e012 -generated: "2024-05-12T22:41:47.381211+05:30" + version: 101.59.7 +digest: sha256:56341c74ca4be940df92302c2bb4cdcb05b3dc3105f63170e73e1ce11db035d3 +generated: "2024-05-26T20:20:26.257789+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 5c95c65d4..92b2878b2 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.84.10 +appVersion: 7.84.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -12,15 +12,15 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.84.10 + version: 107.84.12 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.94.6 + version: 103.95.7 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ - version: 102.24.0 + version: 102.25.1 - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ @@ -28,7 +28,7 @@ dependencies: - condition: pipelines.enabled name: pipelines repository: https://charts.jfrog.io/ - version: 101.56.6 + version: 101.59.7 description: The Helm chart for JFrog Platform (Universal, hybrid, end-to-end DevOps automation) home: https://jfrog.com/platform/ @@ -50,4 +50,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.18.0 +version: 10.18.1 diff --git a/stable/jfrog-platform/templates/_helpers.tpl b/stable/jfrog-platform/templates/_helpers.tpl index d4d508b28..25c8262af 100644 --- a/stable/jfrog-platform/templates/_helpers.tpl +++ b/stable/jfrog-platform/templates/_helpers.tpl @@ -74,6 +74,40 @@ imagePullSecrets: {{- end -}} {{- end -}} +{{/* +Reslove Unified Secret name +*/}} +{{- define "jfrog-platform.unifiedSecretInstallation" -}} +{{- if eq .Chart.Name "artifactory" -}} +{{- if not .Values.artifactory.unifiedSecretInstallation }} +{{- printf "%s-%s" (include "artifactory.fullname" .) "database-creds" -}} +{{- else }} +{{- printf "%s-%s" (include "artifactory.fullname" .) "unified-secret" -}} +{{- end }} +{{- end -}} +{{- if eq .Chart.Name "distribution" -}} +{{- if not .Values.distribution.unifiedSecretInstallation }} +{{- printf "%s-%s" (include "distribution.fullname" . ) "database-creds" -}} +{{- else }} +{{- printf "%s-%s" (include "distribution.fullname" .) "unified-secret" -}} +{{- end }} +{{- end -}} +{{- if eq .Chart.Name "xray" -}} +{{- if not .Values.xray.unifiedSecretInstallation }} +{{- printf "%s-%s" (include "xray.fullname" . ) "database-creds" -}} +{{- else }} +{{- printf "%s-%s" (include "xray.name" .) "unified-secret" -}} +{{- end }} +{{- end -}} +{{- if eq .Chart.Name "insight" -}} +{{- if not .Values.insightServer.unifiedSecretInstallation }} +{{- printf "%s-%s" (include "insight.fullname" . ) "database-creds" -}} +{{- else }} +{{- printf "%s-%s" (include "insight.name" .) "unified-secret" -}} +{{- end }} +{{- end -}} +{{- end -}} + {{/* Custom init container for Postgres setup */}} @@ -154,7 +188,7 @@ Custom init container for Postgres setup name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} - name: {{ .Chart.Name }}-unified-secret + name: {{ include "jfrog-platform.unifiedSecretInstallation" . }} key: db-user {{- end }} - name: DB_PASSWORD @@ -164,7 +198,7 @@ Custom init container for Postgres setup name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} - name: {{ .Chart.Name }}-unified-secret + name: {{ include "jfrog-platform.unifiedSecretInstallation" . }} key: db-password {{- end }} - name: PGPASSWORD From 23df9d691f8d2a6f4ae38fcf5a4c20f9d45ba22f Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 13 Jun 2024 13:43:29 +0530 Subject: [PATCH 45/47] [artifactory] 7.84.14 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 2 +- stable/artifactory-cpp-ce/Chart.yaml | 6 ++--- stable/artifactory-cpp-ce/values.yaml | 2 +- stable/artifactory-ha/CHANGELOG.md | 5 +++- stable/artifactory-ha/Chart.yaml | 6 ++--- stable/artifactory-ha/files/binarystore.xml | 4 +-- stable/artifactory-ha/templates/_helpers.tpl | 13 ++++++++- .../artifactory-node-statefulset.yaml | 25 ++++++++--------- .../artifactory-primary-statefulset.yaml | 27 ++++++++++--------- .../templates/artifactory-unified-secret.yaml | 2 +- .../templates/nginx-deployment.yaml | 2 ++ stable/artifactory-ha/values.yaml | 8 +++--- stable/artifactory-jcr/CHANGELOG.md | 2 +- stable/artifactory-jcr/Chart.yaml | 6 ++--- stable/artifactory-jcr/values.yaml | 2 +- stable/artifactory-oss/CHANGELOG.md | 2 +- stable/artifactory-oss/Chart.yaml | 6 ++--- stable/artifactory-oss/values.yaml | 2 +- stable/artifactory/CHANGELOG.md | 5 +++- stable/artifactory/Chart.yaml | 4 +-- stable/artifactory/files/binarystore.xml | 4 +-- stable/artifactory/templates/_helpers.tpl | 11 ++++++++ .../templates/artifactory-statefulset.yaml | 27 ++++++++++--------- .../templates/artifactory-unified-secret.yaml | 2 +- .../templates/nginx-deployment.yaml | 2 ++ stable/artifactory/values.yaml | 8 +++--- 26 files changed, 112 insertions(+), 73 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index 32e315fd1..e80ec1ce6 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.84.12] - Feb 20, 2024 +## [107.84.14] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index 98d6f9897..4a73c0ca2 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.12 + version: 107.84.14 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/stable/artifactory-cpp-ce/values.yaml b/stable/artifactory-cpp-ce/values.yaml index 2b7db9525..c2e296307 100644 --- a/stable/artifactory-cpp-ce/values.yaml +++ b/stable/artifactory-cpp-ce/values.yaml @@ -72,4 +72,4 @@ router: tag: 7.105.1 initContainers: image: - tag: 9.3.1552 + tag: 9.4.949 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index de7d49941..3b1d19a9f 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.84.12] - May 20, 2024 +## [107.84.14] - May 29, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed loggers.image section @@ -20,6 +20,9 @@ All changes to this chart will be documented in this file * Fixed an issue to generate unified secret to support artifactory fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) * Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) * Override metadata and observability image tag with `global.verisons.artifactory` value +* Fixed resource constraints for "setup" initContainer of nginx deployment [GH-962] (https://github.com/jfrog/charts/issues/962) +* Added .Values.artifactory.unifiedSecretsPrependReleaseName` for unified secret to prepend release name +* Fixed maxCacheSize and cacheProviderDir mix up under azure-blob-storage-v2-direct template in binarystore.xml ## [107.83.0] - Mar 12, 2024 * Added image section for `metadata` and `observability` diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index 6c3434742..af1e000b7 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,7 +1,7 @@ annotations: - artifactoryServiceVersion: 7.84.16 + artifactoryServiceVersion: 7.84.17 apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - condition: postgresql.enabled name: postgresql @@ -23,4 +23,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/stable/artifactory-ha/files/binarystore.xml b/stable/artifactory-ha/files/binarystore.xml index 27c77b3b6..0e7bc5af0 100644 --- a/stable/artifactory-ha/files/binarystore.xml +++ b/stable/artifactory-ha/files/binarystore.xml @@ -417,8 +417,8 @@ - {{ .Values.artifactory.persistence.maxCacheSize | int64 }} - {{ .Values.artifactory.persistence.cacheProviderDir }} + {{ .Values.artifactory.persistence.maxCacheSize | int64 }} + {{ .Values.artifactory.persistence.cacheProviderDir }} {{- if .Values.artifactory.persistence.maxFileSizeLimit }} {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} {{- end }} diff --git a/stable/artifactory-ha/templates/_helpers.tpl b/stable/artifactory-ha/templates/_helpers.tpl index 467d4e7dd..1ad5af4de 100644 --- a/stable/artifactory-ha/templates/_helpers.tpl +++ b/stable/artifactory-ha/templates/_helpers.tpl @@ -490,4 +490,15 @@ Calculate the systemYaml from the unstructured text input */}} {{- define "artifactory.systemYaml" -}} {{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Resolve unified secret prepend release name +*/}} +{{- define "artifactory.unifiedSecretPrependReleaseName" -}} +{{- if .Values.artifactory.unifiedSecretPrependReleaseName }} +{{- printf "%s" (include "artifactory-ha.fullname" .) -}} +{{- else }} +{{- printf "%s" (include "artifactory-ha.name" .) -}} +{{- end }} +{{- end }} diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml index 0df644d72..a46819614 100644 --- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -180,7 +180,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -320,7 +320,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -336,7 +336,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -355,7 +355,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -544,7 +544,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -560,7 +560,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -579,7 +579,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -712,7 +712,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -858,7 +858,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -874,7 +874,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -893,7 +893,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1239,7 +1239,8 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory-ha.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory-ha.fullname" . }}-unified-secret + secretName: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" + {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml index dfddd8126..d63c81c95 100644 --- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -244,7 +244,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory-ha.joinKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: join-key {{- end }} @@ -255,7 +255,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory-ha.jfConnectTokenSecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: jfconnect-token {{- end }} @@ -266,7 +266,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory-ha.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -428,7 +428,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -444,7 +444,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -463,7 +463,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -656,7 +656,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -672,7 +672,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -691,7 +691,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -964,7 +964,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -980,7 +980,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -999,7 +999,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory-ha.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory-ha.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1366,7 +1366,8 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory-ha.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory-ha.fullname" . }}-unified-secret + secretName: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" + {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ diff --git a/stable/artifactory-ha/templates/artifactory-unified-secret.yaml b/stable/artifactory-ha/templates/artifactory-unified-secret.yaml index 18cf070c8..d21045d99 100644 --- a/stable/artifactory-ha/templates/artifactory-unified-secret.yaml +++ b/stable/artifactory-ha/templates/artifactory-unified-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "artifactory-ha.fullname" . }}-unified-secret + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" labels: app: "{{ template "artifactory-ha.name" $ }}" chart: "{{ template "artifactory-ha.chart" $ }}" diff --git a/stable/artifactory-ha/templates/nginx-deployment.yaml b/stable/artifactory-ha/templates/nginx-deployment.yaml index 889392912..d43689b8c 100644 --- a/stable/artifactory-ha/templates/nginx-deployment.yaml +++ b/stable/artifactory-ha/templates/nginx-deployment.yaml @@ -76,6 +76,8 @@ spec: - > rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + resources: + {{- toYaml .Values.initContainers.resources | nindent 10 }} volumeMounts: - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} name: nginx-volume diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml index d7cd474ab..f75547e47 100644 --- a/stable/artifactory-ha/values.yaml +++ b/stable/artifactory-ha/values.yaml @@ -48,7 +48,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.3.1552 + tag: 9.4.949 pullPolicy: IfNotPresent resources: requests: @@ -345,6 +345,8 @@ artifactory: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha internal(chart) secrets, It won't be affecting external secrets. ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.78.x, Users can switch to false to continue with the old way of secret creation. unifiedSecretInstallation: true + ## unifiedSecretPrependReleaseName Set this flag to false if unifiedSecret should not be created with prepended. + unifiedSecretPrependReleaseName: true image: registry: releases-docker.jfrog.io repository: jfrog/artifactory-pro @@ -536,7 +538,7 @@ artifactory: # cpu: "100m" ## Add custom volumes - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.fullname" . }}-unified-secret'. + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret'. customVolumes: "" # - name: custom-script # configMap: @@ -585,7 +587,7 @@ artifactory: # jfConnectTokenSecretName: # Add custom secrets - secret per file - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory-ha.fullname" . }}-unified-secret' common to all secrets + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret' common to all secrets customSecrets: # - name: custom-secret # key: custom-secret.yaml diff --git a/stable/artifactory-jcr/CHANGELOG.md b/stable/artifactory-jcr/CHANGELOG.md index 14d384f13..0462ef636 100644 --- a/stable/artifactory-jcr/CHANGELOG.md +++ b/stable/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.84.12] - Feb 20, 2024 +## [107.84.14] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-jcr/Chart.yaml b/stable/artifactory-jcr/Chart.yaml index 2dd78b47c..d7cb967c0 100644 --- a/stable/artifactory-jcr/Chart.yaml +++ b/stable/artifactory-jcr/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.12 + version: 107.84.14 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png @@ -22,4 +22,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/stable/artifactory-jcr/values.yaml b/stable/artifactory-jcr/values.yaml index 2869e5a05..84febcc10 100644 --- a/stable/artifactory-jcr/values.yaml +++ b/stable/artifactory-jcr/values.yaml @@ -72,4 +72,4 @@ router: tag: 7.105.1 initContainers: image: - tag: 9.3.1552 + tag: 9.4.949 diff --git a/stable/artifactory-oss/CHANGELOG.md b/stable/artifactory-oss/CHANGELOG.md index bb04fc61c..ca1a5fffa 100644 --- a/stable/artifactory-oss/CHANGELOG.md +++ b/stable/artifactory-oss/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file -## [107.84.12] - Feb 20, 2024 +## [107.84.14] - Feb 20, 2024 * Updated `artifactory.installerInfo` content ## [107.80.0] - Feb 1, 2024 diff --git a/stable/artifactory-oss/Chart.yaml b/stable/artifactory-oss/Chart.yaml index 1641f1547..222fe1fa6 100644 --- a/stable/artifactory-oss/Chart.yaml +++ b/stable/artifactory-oss/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.84.12 + version: 107.84.14 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -20,4 +20,4 @@ name: artifactory-oss sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/stable/artifactory-oss/values.yaml b/stable/artifactory-oss/values.yaml index e409b3a10..a2a605e52 100644 --- a/stable/artifactory-oss/values.yaml +++ b/stable/artifactory-oss/values.yaml @@ -72,4 +72,4 @@ router: tag: 7.105.1 initContainers: image: - tag: 9.3.1552 + tag: 9.4.949 diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index b5bf63052..7774a8f8d 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.84.12] - May 16, 2024 +## [107.84.14] - May 29, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` * Removed image section for `loggers` @@ -18,6 +18,9 @@ All changes to this chart will be documented in this file. * Added a check if `initContainerImage` exists * Fixed an issue to generate unified secret to support artifactory fullname [GH-1882](https://github.com/jfrog/charts/issues/1882) * Fixed an issue template render on loggers [GH-1883](https://github.com/jfrog/charts/issues/1883) +* Fixed resource constraints for "setup" initContainer of nginx deployment [GH-962] (https://github.com/jfrog/charts/issues/962) +* Added .Values.artifactory.unifiedSecretPrependReleaseName` for unified secret to prepend release name +* Fixed maxCacheSize and cacheProviderDir mix up under azure-blob-storage-v2-direct template in binarystore.xml ## [107.82.0] - Mar 04, 2024 * Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router. diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index 021dcafc4..a75fa648a 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.84.12 +appVersion: 7.84.14 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.84.12 +version: 107.84.14 diff --git a/stable/artifactory/files/binarystore.xml b/stable/artifactory/files/binarystore.xml index fa99e4d4f..e396e0a41 100644 --- a/stable/artifactory/files/binarystore.xml +++ b/stable/artifactory/files/binarystore.xml @@ -404,8 +404,8 @@ - {{ .Values.artifactory.persistence.maxCacheSize | int64 }} - {{ .Values.artifactory.persistence.cacheProviderDir }} + {{ .Values.artifactory.persistence.maxCacheSize | int64 }} + {{ .Values.artifactory.persistence.cacheProviderDir }} {{- if .Values.artifactory.persistence.maxFileSizeLimit }} {{.Values.artifactory.persistence.maxFileSizeLimit | int64}} {{- end }} diff --git a/stable/artifactory/templates/_helpers.tpl b/stable/artifactory/templates/_helpers.tpl index 03de977a0..1cf6cc365 100644 --- a/stable/artifactory/templates/_helpers.tpl +++ b/stable/artifactory/templates/_helpers.tpl @@ -456,3 +456,14 @@ Calculate the systemYaml from the unstructured text input {{- define "artifactory.systemYaml" -}} {{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }} {{- end -}} + +{{/* +Resolve unified secret prepend release name +*/}} +{{- define "artifactory.unifiedSecretPrependReleaseName" -}} +{{- if .Values.artifactory.unifiedSecretPrependReleaseName }} +{{- printf "%s" (include "artifactory.fullname" .) -}} +{{- else }} +{{- printf "%s" (include "artifactory.name" .) -}} +{{- end }} +{{- end }} diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml index 4b91e0f02..93b2ad50f 100644 --- a/stable/artifactory/templates/artifactory-statefulset.yaml +++ b/stable/artifactory/templates/artifactory-statefulset.yaml @@ -226,7 +226,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }} name: {{ include "artifactory.joinKeySecretName" . }} {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: join-key {{- end }} @@ -237,7 +237,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }} name: {{ include "artifactory.jfConnectTokenSecretName" . }} {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: jfconnect-token {{- end }} @@ -248,7 +248,7 @@ spec: {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }} name: {{ include "artifactory.masterKeySecretName" . }} {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: master-key {{- end }} @@ -408,7 +408,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -424,7 +424,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -443,7 +443,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -622,7 +622,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -638,7 +638,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -657,7 +657,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -934,7 +934,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-user {{- end }} @@ -950,7 +950,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-password {{- else if .Values.postgresql.enabled }} @@ -969,7 +969,7 @@ spec: {{- if not .Values.artifactory.unifiedSecretInstallation }} name: {{ template "artifactory.fullname" . }}-database-creds {{- else }} - name: "{{ template "artifactory.fullname" . }}-unified-secret" + name: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" {{- end }} key: db-url {{- end }} @@ -1321,7 +1321,8 @@ spec: {{- if and .Values.artifactory.unifiedSecretInstallation (eq (include "artifactory.checkDuplicateUnifiedCustomVolume" .) "false" ) }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} secret: - secretName: {{ template "artifactory.fullname" . }}-unified-secret + secretName: "{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret" + {{- else if not .Values.artifactory.unifiedSecretInstallation }} ############ If single secret installation flag is disable ############ {{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled (not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName) }} diff --git a/stable/artifactory/templates/artifactory-unified-secret.yaml b/stable/artifactory/templates/artifactory-unified-secret.yaml index ec9e61daa..bb6719b4e 100644 --- a/stable/artifactory/templates/artifactory-unified-secret.yaml +++ b/stable/artifactory/templates/artifactory-unified-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: {{ template "artifactory.fullname" . }}-unified-secret + name: {{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret labels: app: "{{ template "artifactory.name" $ }}" chart: "{{ template "artifactory.chart" $ }}" diff --git a/stable/artifactory/templates/nginx-deployment.yaml b/stable/artifactory/templates/nginx-deployment.yaml index 7f1ea6733..774bedcca 100644 --- a/stable/artifactory/templates/nginx-deployment.yaml +++ b/stable/artifactory/templates/nginx-deployment.yaml @@ -79,6 +79,8 @@ spec: - > rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found; mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs; + resources: + {{- toYaml .Values.initContainers.resources | nindent 10 }} volumeMounts: - mountPath: {{ .Values.nginx.persistence.mountPath | quote }} name: nginx-volume diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml index 959be3ad9..84c9d01fc 100644 --- a/stable/artifactory/values.yaml +++ b/stable/artifactory/values.yaml @@ -49,7 +49,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.3.1552 + tag: 9.4.949 pullPolicy: IfNotPresent resources: requests: @@ -287,6 +287,8 @@ artifactory: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory internal(chart) secrets, It won't be affecting external secrets. ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.79.x, Users can switch to false to continue with the old way of secret creation. unifiedSecretInstallation: true + ## unifiedSecretPrependReleaseName Set this flag to false if unifiedSecret should not be created with prepended. + unifiedSecretPrependReleaseName: true # For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above. replicaCount: 1 # minAvailable: 1 @@ -492,7 +494,7 @@ artifactory: # cpu: "100m" ## Add custom volumes - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.fullname" . }}-unified-secret' + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret' customVolumes: "" # - name: custom-script # configMap: @@ -565,7 +567,7 @@ artifactory: # jfConnectTokenSecretName: # Add custom secrets - secret per file - # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.fullname" . }}-unified-secret' common to all secrets + # If .Values.artifactory.unifiedSecretInstallation is true then secret name should be '{{ template "artifactory.unifiedSecretPrependReleaseName" . }}-unified-secret' common to all secrets customSecrets: # - name: custom-secret # key: custom-secret.yaml From 74f31d406928d7f2d56eeda577fd6be89fa94b87 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 13 Jun 2024 13:44:27 +0530 Subject: [PATCH 46/47] [xray] 3.96.1 release --- stable/xray/CHANGELOG.md | 6 +++++- stable/xray/Chart.yaml | 4 ++-- stable/xray/values.yaml | 9 ++++++--- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 61bf4c8f7..af7e645ca 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,11 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.95.4] - Apr 2, 2024 +## [103.96.1] - Apr 17, 2024 +* Added `rabbitmq.containerSecurityContext.allowPrivilegeEscalation` flag to ensure `RunAsUser` commands cannot bypass their existing sets of permissions. Set to `false` by default +* Updated rabbitmq multi-arch tag version to to `3.12.13-debian-11-r0` + +## [103.95.0] - Apr 2, 2024 * **IMPORTANT** * Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml) * Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given. [GH-1842](https://github.com/jfrog/charts/pull/1842) diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index 7ec5d7441..7b1589e9b 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.95.4 +appVersion: 3.96.1 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.95.4 +version: 103.96.1 diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index fffd2b012..a7f99fb71 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -69,7 +69,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.3.1552 + tag: 9.4.949 pullPolicy: IfNotPresent resources: requests: @@ -451,7 +451,7 @@ rabbitmq: image: registry: releases-docker.jfrog.io repository: bitnami/rabbitmq - tag: 3.12.10-debian-11-r1 + tag: 3.12.13-debian-11-r0 extraPlugins: "rabbitmq_management" auth: @@ -617,6 +617,9 @@ rabbitmq: nodeSelector: {} tolerations: [] affinity: {} + containerSecurityContext: + enabled: true + allowPrivilegeEscalation: false ## Upgrade of rabbitmq from 3.8.x to 3.11.x needs the feature flags to be enabled. ## Ref: (https://blog.rabbitmq.com/posts/2022/07/required-feature-flags-in-rabbitmq-3.11/ ## migration enable will perform `rabbitmqctl enable_feature_flag all` command on the existing rabbitmq before starting the upgrade @@ -1405,7 +1408,7 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.26.0 + tag: 1.28.0 imagePullPolicy: IfNotPresent internalPort: 8036 resources: {} From 83c617bde0ffa0a2c95cab516bdaf2f2f7face85 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Thu, 13 Jun 2024 13:45:06 +0530 Subject: [PATCH 47/47] [jfrog-platform] 10.18.2 release --- stable/jfrog-platform/CHANGELOG.md | 5 +++++ stable/jfrog-platform/Chart.lock | 8 ++++---- stable/jfrog-platform/Chart.yaml | 6 +++--- stable/jfrog-platform/templates/_helpers.tpl | 4 ++-- stable/jfrog-platform/values.yaml | 2 ++ 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index a07868adb..22fdb9c45 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,11 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.18.2] - June 12, 2024 +* Update dependency artifactory chart version to 107.84.14 +* Update dependency xray chart version to 103.96.1 +* Fixed an issue related to chart artifactory fullname + ## [10.18.1] - May 26, 2024 * Update dependency artifactory chart version to 107.84.12 * Update dependency xray chart version to 103.95.7 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 82360eb0e..a9af26054 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -7,10 +7,10 @@ dependencies: version: 11.9.3 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.84.12 + version: 107.84.14 - name: xray repository: https://charts.jfrog.io/ - version: 103.95.7 + version: 103.96.1 - name: distribution repository: https://charts.jfrog.io/ version: 102.25.1 @@ -20,5 +20,5 @@ dependencies: - name: pipelines repository: https://charts.jfrog.io/ version: 101.59.7 -digest: sha256:56341c74ca4be940df92302c2bb4cdcb05b3dc3105f63170e73e1ce11db035d3 -generated: "2024-05-26T20:20:26.257789+05:30" +digest: sha256:1853186eaabb7b835754a0b337cbc466a6d56738ed8932a26d53573af875856b +generated: "2024-06-10T14:56:18.190319+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 92b2878b2..6a4fae806 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -12,11 +12,11 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.84.12 + version: 107.84.14 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.95.7 + version: 103.96.1 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ @@ -50,4 +50,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.18.1 +version: 10.18.2 diff --git a/stable/jfrog-platform/templates/_helpers.tpl b/stable/jfrog-platform/templates/_helpers.tpl index 25c8262af..026edba4d 100644 --- a/stable/jfrog-platform/templates/_helpers.tpl +++ b/stable/jfrog-platform/templates/_helpers.tpl @@ -75,14 +75,14 @@ imagePullSecrets: {{- end -}} {{/* -Reslove Unified Secret name +Resolve unifiedSecretInstallation name */}} {{- define "jfrog-platform.unifiedSecretInstallation" -}} {{- if eq .Chart.Name "artifactory" -}} {{- if not .Values.artifactory.unifiedSecretInstallation }} {{- printf "%s-%s" (include "artifactory.fullname" .) "database-creds" -}} {{- else }} -{{- printf "%s-%s" (include "artifactory.fullname" .) "unified-secret" -}} +{{- printf "%s-%s" (include "artifactory.unifiedSecretPrependReleaseName" .) "unified-secret" -}} {{- end }} {{- end -}} {{- if eq .Chart.Name "distribution" -}} diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index b94f9803c..60549ffb0 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -247,6 +247,8 @@ artifactory: enabled: true artifactory: unifiedSecretInstallation: true + ## unifiedSecretPrependReleaseName Set this flag to false if unifiedSecret should not be created with prepended. + unifiedSecretPrependReleaseName: true # Note: For HA deployments, set replicaCount >1 (recommended 3) replicaCount: 1 migration: