diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 78a4ab283..7bc16624c 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,14 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.104.8] - July 17, 2024 +## [103.107.11] - September 26, 2024 +* Added support to read rabbitmq and database secrets from mounted secret files + +## [103.105.0] - August 22, 2024 +* Added support for `serviceAccount.annotations`to be passed to chart [GH-1841](https://github.com/jfrog/charts/pull/1841) +* Updated rabbitmq multi-arch tag version to to `3.13.6-debian-12-r1` + +## [103.102.0] - July 17, 2024 * Added support of specifying resources constraints for RabbitMQ's pre-upgrade-hook job * Fixed formatting error associated to the `volumeMounts` for the `panoramic` microservice [GH-1895](https://github.com/jfrog/charts/issues/1895) diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index e54688bf1..7a5ea04c2 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.104.8 +appVersion: 3.107.11 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.104.8 +version: 103.107.11 diff --git a/stable/xray/files/system.yaml b/stable/xray/files/system.yaml index c11372548..b7c16140d 100644 --- a/stable/xray/files/system.yaml +++ b/stable/xray/files/system.yaml @@ -82,4 +82,9 @@ contextualAnalysis: exposures: container: registry: {{ include "xray.getRegistryByService" (list . "exposures") }} - image: {{ .Values.exposures.image.repository }} \ No newline at end of file + image: {{ .Values.exposures.image.repository }} +{{- if .Values.jas.healthcheck.enabled }} +jas: + healthCheckApi: + enabled: true +{{- end }} \ No newline at end of file diff --git a/stable/xray/templates/_helpers.tpl b/stable/xray/templates/_helpers.tpl index 3b4ae9023..1b2e7affb 100644 --- a/stable/xray/templates/_helpers.tpl +++ b/stable/xray/templates/_helpers.tpl @@ -693,6 +693,26 @@ Set xray env variables if rabbitmq.tls is enabled. {{- end }} {{- end -}} +{{- define "xray.resolveUsedMasterKeySecretName" -}} +{{- if or .Values.xray.masterKey .Values.xray.masterKeySecretName .Values.global.masterKey .Values.global.masterKeySecretName -}} +{{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.masterKeySecretName .Values.global.masterKeySecretName) -}} +{{- include "xray.masterKeySecretName" . -}} +{{- else -}} +{{ template "xray.name" . }}-unified-secret +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "xray.resolveUsedJoinKeySecretName" -}} +{{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName -}} +{{- if or (not .Values.xray.unifiedSecretInstallation) (or .Values.xray.joinKeySecretName .Values.global.joinKeySecretName) -}} +{{- include "xray.joinKeySecretName" . -}} +{{- else -}} +{{ template "xray.name" . }}-unified-secret +{{- end -}} +{{- end -}} +{{- end -}} + {{- define "xray.envVariables" }} - name: XRAY_CHART_FULL_NAME value: '{{ include "xray.fullname" . }}' @@ -704,6 +724,10 @@ Set xray env variables if rabbitmq.tls is enabled. value: "{{ .Values.systemYamlOverride.existingSecret }}" - name: XRAY_CHART_SYSTEM_YAML_OVERRIDE_DATA_KEY value: "{{ .Values.systemYamlOverride.dataKey }}" +- name: XRAY_CHART_MASTER_KEY_SECRET_NAME + value: '{{ include "xray.resolveUsedMasterKeySecretName" . }}' +- name: XRAY_CHART_JOIN_KEY_SECRET_NAME + value: '{{ include "xray.resolveUsedJoinKeySecretName" . }}' {{- end }} {{/* diff --git a/stable/xray/templates/migration-hook.yaml b/stable/xray/templates/migration-hook.yaml index 908fd71a0..3f4eab618 100644 --- a/stable/xray/templates/migration-hook.yaml +++ b/stable/xray/templates/migration-hook.yaml @@ -16,6 +16,9 @@ metadata: annotations: helm.sh/hook: "pre-upgrade" helm.sh/hook-weight: "-10" +{{- with .Values.rabbitmq.migration.serviceAccount.annotations }} +{{ toYaml . | indent 8 }} +{{- end }} automountServiceAccountToken: {{ .Values.rabbitmq.migration.serviceAccount.automountServiceAccountToken }} {{- end }} {{- end }} diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml index 6e7439e9b..ecc6b6ece 100644 --- a/stable/xray/templates/xray-ipa-deployment.yaml +++ b/stable/xray/templates/xray-ipa-deployment.yaml @@ -136,6 +136,28 @@ spec: echo "Copy masterKey to {{ .Values.xray.persistence.mountPath }}/etc/security"; mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; echo ${XRAY_MASTER_KEY} > {{ .Values.xray.persistence.mountPath }}/etc/security/master.key; + {{- end }} + if set | grep -q "^XRAY_RABBITMQ_PASSWORD="; then + echo "Copy rabbitmq password to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_RABBITMQ_PASSWORD} > {{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password; + else + if test -f "{{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password"; then + echo "XRAY_RABBITMQ_PASSWORD is not set, removing existing rabbitmq.password file."; + rm -f {{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password; + fi + fi + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + if set | grep -q "^XRAY_POSTGRES_PASSWORD="; then + echo "Copy postgres password to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_POSTGRES_PASSWORD} > {{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password; + else + if test -f "{{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password"; then + echo "XRAY_POSTGRES_PASSWORD is not set, removing existing postgres.password file."; + rm -f {{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password; + fi + fi {{- end }} env: {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} @@ -160,6 +182,39 @@ spec: {{- end }} key: master-key {{- end }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: XRAY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: XRAY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: XRAY_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} volumeMounts: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} @@ -437,11 +492,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -480,25 +530,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -520,11 +551,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -606,11 +632,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -649,25 +670,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -689,11 +691,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -776,11 +773,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -819,25 +811,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -859,11 +832,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -946,11 +914,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -989,25 +952,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -1029,11 +973,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -1115,11 +1054,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -1158,25 +1092,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -1198,11 +1113,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -1272,11 +1182,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -1315,25 +1220,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -1355,11 +1241,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_K8S_ENV value: "true" diff --git a/stable/xray/templates/xray-server-deployment.yaml b/stable/xray/templates/xray-server-deployment.yaml index a481b4fe5..b0406cc6b 100644 --- a/stable/xray/templates/xray-server-deployment.yaml +++ b/stable/xray/templates/xray-server-deployment.yaml @@ -133,6 +133,28 @@ spec: echo "Copy masterKey to {{ .Values.xray.persistence.mountPath }}/etc/security"; mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; echo ${XRAY_MASTER_KEY} > {{ .Values.xray.persistence.mountPath }}/etc/security/master.key; + {{- end }} + if set | grep -q "^XRAY_RABBITMQ_PASSWORD="; then + echo "Copy rabbitmq password to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_RABBITMQ_PASSWORD} > {{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password; + else + if test -f "{{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password"; then + echo "XRAY_RABBITMQ_PASSWORD is not set, removing existing rabbitmq.password file."; + rm -f {{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password; + fi + fi + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + if set | grep -q "^XRAY_POSTGRES_PASSWORD="; then + echo "Copy postgres password to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_POSTGRES_PASSWORD} > {{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password; + else + if test -f "{{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password"; then + echo "XRAY_POSTGRES_PASSWORD is not set, removing existing postgres.password file."; + rm -f {{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password; + fi + fi {{- end }} env: {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} @@ -157,6 +179,39 @@ spec: {{- end }} key: master-key {{- end }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: XRAY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: XRAY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: XRAY_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} volumeMounts: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} @@ -432,11 +487,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -475,25 +525,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -515,11 +546,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_K8S_ENV value: "true" diff --git a/stable/xray/templates/xray-serviceaccount.yaml b/stable/xray/templates/xray-serviceaccount.yaml index bdc545321..70cf777a2 100644 --- a/stable/xray/templates/xray-serviceaccount.yaml +++ b/stable/xray/templates/xray-serviceaccount.yaml @@ -2,6 +2,10 @@ apiVersion: v1 kind: ServiceAccount metadata: +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} labels: app: {{ template "xray.name" . }} chart: {{ template "xray.chart" . }} diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index 7d92bc25f..212f69c4b 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -133,6 +133,28 @@ spec: echo "Copy masterKey to {{ .Values.xray.persistence.mountPath }}/etc/security"; mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; echo ${XRAY_MASTER_KEY} > {{ .Values.xray.persistence.mountPath }}/etc/security/master.key; + {{- end }} + if set | grep -q "^XRAY_RABBITMQ_PASSWORD="; then + echo "Copy rabbitmq password to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_RABBITMQ_PASSWORD} > {{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password; + else + if test -f "{{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password"; then + echo "XRAY_RABBITMQ_PASSWORD is not set, removing existing rabbitmq.password file."; + rm -f {{ .Values.xray.persistence.mountPath }}/etc/security/rabbitmq.password; + fi + fi + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + if set | grep -q "^XRAY_POSTGRES_PASSWORD="; then + echo "Copy postgres password to {{ .Values.xray.persistence.mountPath }}/etc/security"; + mkdir -p {{ .Values.xray.persistence.mountPath }}/etc/security; + echo ${XRAY_POSTGRES_PASSWORD} > {{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password; + else + if test -f "{{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password"; then + echo "XRAY_POSTGRES_PASSWORD is not set, removing existing postgres.password file."; + rm -f {{ .Values.xray.persistence.mountPath }}/etc/security/postgres.password; + fi + fi {{- end }} env: {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }} @@ -157,6 +179,39 @@ spec: {{- end }} key: master-key {{- end }} + {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} + - name: XRAY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} + {{- end }} + {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} + - name: XRAY_RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "rabbitmq.passwordSecretName" .}} + key: rabbitmq-password + {{- end }} + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: XRAY_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.xray.unifiedSecretInstallation }} + name: {{ template "xray.fullname" . }}-database-creds + {{- else }} + name: "{{ template "xray.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} volumeMounts: - name: data-volume mountPath: {{ .Values.xray.persistence.mountPath | quote }} @@ -432,11 +487,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -475,25 +525,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -515,11 +546,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_K8S_ENV value: "true" @@ -594,11 +620,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -637,25 +658,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -677,11 +679,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -761,11 +758,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -804,25 +796,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -844,11 +817,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -931,11 +899,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -974,25 +937,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -1014,11 +958,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -1097,11 +1036,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -1140,25 +1074,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -1180,11 +1095,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -1253,11 +1163,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -1296,25 +1201,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -1336,11 +1222,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_HA_NODE_ID valueFrom: @@ -1408,11 +1289,6 @@ spec: secretKeyRef: name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }} - name: JF_SHARED_RABBITMQ_URL valueFrom: secretKeyRef: @@ -1451,25 +1327,6 @@ spec: key: db-actualUsername {{- end }} {{- end }} - {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} - - name: JF_SHARED_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.database.secrets.password }} - name: {{ tpl .Values.database.secrets.password.name . }} - key: {{ tpl .Values.database.secrets.password.key . }} - {{- else if .Values.database.password }} - {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds - {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" - {{- end }} - key: db-password - {{- else if .Values.postgresql.enabled }} - name: {{ .Release.Name }}-postgresql - key: postgresql-password - {{- end }} - {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - name: JF_SHARED_DATABASE_URL valueFrom: @@ -1491,11 +1348,6 @@ spec: value: {{ include "rabbitmq.user" .}} - name: JF_SHARED_RABBITMQ_URL value: {{ include "rabbitmq.url" .}} - - name: JF_SHARED_RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "rabbitmq.passwordSecretName" .}} - key: rabbitmq-password {{- end }} - name: XRAY_K8S_ENV value: "true" diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index 1932e2f25..d13de9eb5 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -356,6 +356,8 @@ serviceAccount: ## The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the fullname template name: + ## Service Account annotations + annotations: {} ## Explicitly mounts the API credentials for the Service Account automountServiceAccountToken: true @@ -457,7 +459,7 @@ rabbitmq: image: registry: releases-docker.jfrog.io repository: bitnami/rabbitmq - tag: 3.12.13-debian-11-r0 + tag: 3.13.6-debian-12-r1 extraPlugins: "rabbitmq_management" auth: @@ -651,6 +653,8 @@ rabbitmq: ## If not set and create is true, a name is generated using the fullname template name: ## Explicitly mounts the API credentials for the Service Account + ## Service Account annotations + annotations: {} automountServiceAccountToken: true rbac: create: true @@ -1361,6 +1365,10 @@ server: # memory: "2Gi" # cpu: "1" +## JAS periodic health check +jas: + healthcheck: + enabled: false contextualAnalysis: image: registry: releases-docker.jfrog.io @@ -1376,7 +1384,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.124.1 + tag: 7.135.1 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled. @@ -1459,7 +1467,7 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.30.0 + tag: 1.31.5 imagePullPolicy: IfNotPresent internalPort: 8036 resources: {}