andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  jfrog/artifactory-ha:
    - 107.84.10
  jfrog/artifactory-jcr:
    - 107.84.10
```
pull/1017/head
github-actions[bot] 2024-05-13 00:55:17 +00:00
parent ec04db879c
commit 0332340e0f
62 changed files with 1378 additions and 1334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/jfrog/artifactory-ha-107.84.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.84.10.tgz Normal file
View File

Binary file not shown.

51
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,10 +1,59 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
## [107.77.12] - April 22, 2024
## [107.84.10] - May 2, 2024
* Added image section for `initContainers` instead of `initContainerImage`
* Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy`
* Removed loggers.image section
* Added support for `global.verisons.initContainers` to override `initContainers.image.tag`
* Fixed an issue with extraSystemYaml merge
* **IMPORTANT**
* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext`
* Renamed `artifactory.uid` to `artifactory.podSecurityContext.runAsUser`
* Renamed `artifactory.gid` to `artifactory.podSecurityContext.runAsGroup` and `artifactory.podSecurityContext.fsGroup`
* Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy`
* Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions`
* Added flag `allowNonPostgresql` defaults to false
* Update postgresql tag version to `15.6.0-debian-12-r5`
* Added a check if `initContainerImage` exists
## [107.83.0] - Mar 12, 2024
* Added image section for `metadata` and `observability`
## [107.82.0] - Mar 04, 2024
* Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router.
* Removed Replicator Service
## [107.81.0] - Feb 20, 2024
* **IMPORTANT**
* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml)
* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given [GH-1848](https://github.com/jfrog/charts/pull/1848)
* Added option to modify the new cache configs, maxFileSizeLimit and skipDuringUpload
* Added IPV4/IPV6 Dualstack flag support for Artifactory and nginx service
* Added `singleStackIPv6Cluster` flag, which manages the Nginx configuration to enable listening on IPv6 and proxying
* Fixing broken link for creating additional kubernetes resources. Refer [here](https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-ha-values.yaml)
* Refactored installerInfo configuration (moved to files/installer-info.json instead of key in values.yaml)
## [107.80.0] - Feb 20, 2024
* Updated README.md to create a namespace using `--create-namespace` as part of helm install
## [107.79.0] - Feb 20, 2024
* **IMPORTANT**
* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default
* Added support for azure-blob-storage-v2-direct config
* Added option to set Nginx to write access_log to container STDOUT
* **Important change:**
* Update postgresql tag version to `15.2.0-debian-11-r23`
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**!
* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true
## [107.77.0] - April 22, 2024
* Removed integration service
* Added recommended postgresql sizing configurations under sizing directory
* Updated artifactory-federation (probes, port, embedded mode)
* **IMPORTANT**
* setSecurityContext has been renamed to podSecurityContext.
* Moved podSecurityContext to values.yaml
* Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860)
* Added nginx.customCommand to use custom commands for the nginx container

5
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -1,10 +1,11 @@
annotations:
artifactoryServiceVersion: 7.84.15
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.77.12
appVersion: 7.84.10
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -26,4 +27,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
version: 107.77.12
version: 107.84.10

4
charts/jfrog/artifactory-ha/README.md
View File

@ -37,14 +37,14 @@ helm repo update
### Install Chart
To install the chart with the release name `artifactory`:
```bash
helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha
helm upgrade --install artifactory-ha jfrog/artifactory-ha --namespace artifactory-ha --create-namespace
```
### Apply Sizing configurations to the Chart
To apply the chart with recommended sizing configurations :
For small configurations :
```bash
helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml
helm upgrade --install artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml --namespace artifactory-ha --create-namespace
```
## Uninstalling Artifactory

32
charts/jfrog/artifactory-ha/ci/global-values.yaml
View File

@ -23,8 +23,8 @@ artifactory:
cpu: "4"
customInitContainersBegin: |
- name: "custom-init-begin-local"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -34,8 +34,8 @@ artifactory:
name: volume
customInitContainers: |
- name: "custom-init-local"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -55,8 +55,8 @@ artifactory:
# Add custom sidecar containers
customSidecarContainers: |
- name: "sidecar-list-local"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -84,8 +84,8 @@ global:
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
customInitContainersBegin: |
- name: "custom-init-begin-global"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -95,8 +95,8 @@ global:
name: volume
customInitContainers: |
- name: "custom-init-global"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -116,8 +116,8 @@ global:
# Add custom sidecar containers
customSidecarContainers: |
- name: "sidecar-list-global"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -138,8 +138,8 @@ global:
nginx:
customInitContainers: |
- name: "custom-init-begin-nginx"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -149,8 +149,8 @@ nginx:
name: custom-script-local
customSidecarContainers: |
- name: "sidecar-list-nginx"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:

9
charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml
View File

@ -5,15 +5,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence:
enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
primary:
resources:
requests:

17
charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml
View File

@ -5,23 +5,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence:
enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
# Add lifecycle hooks for replicator container
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
preStop:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
primary:
resources:
requests:

13
charts/jfrog/artifactory-ha/ci/test-values.yaml
View File

@ -2,21 +2,12 @@ databaseUpgradeReady: true
artifactory:
openMetrics:
enabled: true
fsGroupChangePolicy: "OnRootMismatch"
podSecurityContext:
fsGroupChangePolicy: "OnRootMismatch"
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
unifiedSecretInstallation: false
persistence:
enabled: false
replicator:
name: replicator
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
primary:
resources:
requests:

66
charts/jfrog/artifactory-ha/files/binarystore.xml
View File

@ -29,6 +29,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- end }}
@ -57,6 +63,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
// Specify the read and write strategy and redundancy for the sharding binary provider
@ -93,6 +105,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
<!-- Shards add local file-system provider configuration -->
@ -145,6 +163,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }}
@ -228,6 +252,12 @@
<provider id="cache-fs-eventual-s3" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- end }}
@ -236,6 +266,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- end }}
@ -338,6 +374,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- if eq .Values.artifactory.persistence.type "azure-blob" }}
@ -370,4 +412,28 @@
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "azure-blob-storage-v2-direct" -}}
<config version="3">
<chain template="azure-blob-storage-v2-direct"/>
<provider type="cache-fs" id="cache-fs">
<cacheProviderDir>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</cacheProviderDir>
<maxCacheSize>{{ .Values.artifactory.persistence.cacheProviderDir }}</maxCacheSize>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
<provider id="azure-blob-storage-v2" type="azure-blob-storage-v2">
<accountName>{{ .Values.artifactory.persistence.azureBlob.accountName }}</accountName>
<accountKey>{{ .Values.artifactory.persistence.azureBlob.accountKey }}</accountKey>
<endpoint>{{ .Values.artifactory.persistence.azureBlob.endpoint }}</endpoint>
<container>{{ .Values.artifactory.persistence.azureBlob.containerName }}</container>
<multiPartLimit>{{ .Values.artifactory.persistence.azureBlob.multiPartLimit | int64 }}</multiPartLimit>
<multipartElementSize>{{ .Values.artifactory.persistence.azureBlob.multipartElementSize | int64 }}</multipartElementSize>
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider>
</config>
{{- end }}

32
charts/jfrog/artifactory-ha/files/installer-info.json Normal file
View File

@ -0,0 +1,32 @@
{
"productId": "Helm_artifactory-ha/{{ .Chart.Version }}",
"features": [
{
"featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"
},
{
"featureId": "Database/{{ .Values.database.type }}"
},
{
"featureId": "PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"
},
{
"featureId": "Nginx_Enabled/{{ .Values.nginx.enabled }}"
},
{
"featureId": "ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"
},
{
"featureId": "SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"
},
{
"featureId": "UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"
},
{
"featureId": "Filebeat_Enabled/{{ .Values.filebeat.enabled }}"
},
{
"featureId": "ReplicaCount/{{ add .Values.artifactory.primary.replicaCount .Values.artifactory.node.replicaCount }}"
}
]
}

38
charts/jfrog/artifactory-ha/files/migrate.sh
View File

@ -2916,9 +2916,6 @@ yamlMigrate () {
if [[ ! -z "${value}" ]]; then
value=$(updateConnectionString "${yamlPath}" "${value}")
fi
if [[ "${PRODUCT}" == "artifactory" ]]; then
replicatorProfiling
fi
if [[ -z "${value}" ]]; then
logger "No value for [${key}] in [${sourceFile}]"
else
@ -4218,26 +4215,13 @@ commentNodeId () {
artifactoryInfoMessage () {
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
addText "# yamlFile was generated from db.properties,replicator.yaml and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
addText "# yamlFile was generated from db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
else
addText "# yamlFile was generated from default file,replicator.yaml,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
addText "# yamlFile was generated from default file,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
fi
}
replicatorProfiling () {
if [[ "${key}" == "profilingDisabled" ]]; then
if [[ ! -z "${value}" ]]; then
if [[ "${value}" == "false" ]]; then
value="true"
else
value="false"
fi
fi
fi
}
setHaEnabled_hook () {
local filePath="$1"
if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then
@ -4277,27 +4261,9 @@ _createBackupOfLogBackDir () {
removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}"
}
_createBackupOfReplicatorRtYaml () {
local backupDir="$1"
local replicatorRtYamlFile="${NEW_DATA_DIR}/etc/replicator/replicator.artifactory.yaml"
local effectiveUser=
local effectiveGroup=
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
effectiveUser="${JF_USER}"
effectiveGroup="${JF_USER}"
elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then
effectiveUser="${USER_TO_CHECK}"
effectiveGroup="${GROUP_TO_CHECK}"
fi
removeSoftLinkAndCreateDir "${backupDir}/replicatorYamlFile" "${effectiveUser}" "${effectiveGroup}" "yes"
removeFileOperation "${backupDir}/replicatorYamlFile" "${replicatorRtYamlFile}"
}
backupFiles_hook () {
local backupDirectory="$1"
_createBackupOfLogBackDir "${backupDirectory}"
_createBackupOfReplicatorRtYaml "${backupDirectory}"
}
migrateArtifactory () {

5
charts/jfrog/artifactory-ha/files/migrationHelmInfo.yaml
View File

@ -11,10 +11,6 @@ migration:
work/access=access/tmp
log/archived/access=access/logs
log/archived/artifactory=logs
etc/replicator=replicator/etc
backup/replicator=replicator/backup
data/replicator=replicator/data
log/archived/replicator=replicator/logs
linkFiles:
map:
# Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value
@ -27,6 +23,5 @@ migration:
# Note $JF_ROOT_DATA_DIR will be prepended to the map entry
map:
access
replicator
metadata
logs

149
charts/jfrog/artifactory-ha/files/system.yaml Normal file
View File

@ -0,0 +1,149 @@
router:
serviceRegistry:
insecure: {{ .Values.router.serviceRegistry.insecure }}
shared:
{{- if .Values.artifactory.coldStorage.enabled }}
jfrogColdStorage:
coldInstanceEnabled: true
{{- end }}
{{- if .Values.artifactory.openMetrics.enabled }}
metrics:
enabled: true
{{- if .Values.artifactory.openMetrics.filebeat.enabled }}
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }}
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.primary.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
database:
allowNonPostgresql: {{ .Values.database.allowNonPostgresql }}
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
host: ""
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{ else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.access.database.enabled }}
type: "{{ .Values.access.database.type }}"
url: "{{ .Values.access.database.url }}"
driver: "{{ .Values.access.database.driver }}"
username: "{{ .Values.access.database.user }}"
password: "{{ .Values.access.database.password }}"
{{- end }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}"
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}

7
charts/jfrog/artifactory-ha/templates/NOTES.txt
View File

@ -39,6 +39,13 @@ Congratulations. You have just deployed JFrog Artifactory HA!
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
****************************************** WARNING **********************************************
* From chart version 107.84.x, `setSecurityContext` has been renamed to `podSecurityContext`, *
please change your values.yaml before upgrade , For more Info , refer to 107.84.x changelog *
*************************************************************************************************
{{- end }}
{{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }}
****************************************** WARNING **************************************************************************************************
* The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.*

63
charts/jfrog/artifactory-ha/templates/_helpers.tpl
View File

@ -55,32 +55,6 @@ If release name contains chart name it will be used as a full name.
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified Replicator app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.replicator.fullname" -}}
{{- if .Values.artifactory.replicator.ingress.name -}}
{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified replicator tracker ingress name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.replicator.tracker.fullname" -}}
{{- if .Values.artifactory.replicator.trackerIngress.name -}}
{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -309,13 +283,27 @@ Return the proper artifactory chart image names
{{- $indexReference := index . 1 }}
{{- $registryName := index $dot.Values $indexReference "image" "registry" -}}
{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}}
{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- $tag := "" -}}
{{- if and (eq $indexReference "artifactory") (hasKey $dot.Values "artifactoryService") }}
{{- if default false $dot.Values.artifactoryService.enabled }}
{{- $indexReference = "artifactoryService" -}}
{{- $tag = default $dot.Chart.Annotations.artifactoryServiceVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- $repositoryName = index $dot.Values $indexReference "image" "repository" -}}
{{- else -}}
{{- $tag = default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- end -}}
{{- else -}}
{{- $tag = default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- end -}}
{{- if $dot.Values.global }}
{{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }}
{{- $tag = $dot.Values.global.versions.router | toString -}}
{{- $tag = $dot.Values.global.versions.router | toString -}}
{{- end -}}
{{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }}
{{- $tag = $dot.Values.global.versions.initContainers | toString -}}
{{- end -}}
{{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }}
{{- $tag = $dot.Values.global.versions.artifactory | toString -}}
{{- $tag = $dot.Values.global.versions.artifactory | toString -}}
{{- end -}}
{{- if $dot.Values.global.imageRegistry }}
{{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}}
@ -378,9 +366,6 @@ Resolve requiredServiceTypes value
{{- if .Values.jfconnect.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}}
{{- end -}}
{{- if .Values.artifactory.replicator.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfxfer" -}}
{{- end -}}
{{- if .Values.mc.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}}
{{- end -}}
@ -490,3 +475,17 @@ nodeSelector:
{{ toYaml .Values.nginx.nodeSelector | indent 2 }}
{{- end -}}
{{- end -}}
{{/*
Calculate the systemYaml from structured and unstructured text input
*/}}
{{- define "artifactory.finalSystemYaml" -}}
{{ tpl (mergeOverwrite (include "artifactory.systemYaml" . | fromYaml) .Values.artifactory.extraSystemYaml | toYaml) . }}
{{- end -}}
{{/*
Calculate the systemYaml from the unstructured text input
*/}}
{{- define "artifactory.systemYaml" -}}
{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }}
{{- end -}}

5
charts/jfrog/artifactory-ha/templates/_system-yaml-render.tpl Normal file
View File

@ -0,0 +1,5 @@
{{- if .Values.artifactory.systemYaml -}}
{{- tpl .Values.artifactory.systemYaml . -}}
{{- else -}}
{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }}
{{- end -}}

6
charts/jfrog/artifactory-ha/templates/artifactory-installer-info.yaml
View File

@ -9,4 +9,8 @@ metadata:
release: {{ .Release.Name }}
data:
installer-info.json: |
{{ tpl .Values.installerInfo . }}
{{- if .Values.installerInfo -}}
{{- tpl .Values.installerInfo . | nindent 4 -}}
{{- else -}}
{{ (tpl ( .Files.Get "files/installer-info.json" | nindent 4 ) .) }}
{{- end -}}

2
charts/jfrog/artifactory-ha/templates/artifactory-license-secret.yaml
View File

@ -1,4 +1,4 @@
{{ if (not .Values.artifactory.unifiedSecretInstallation) }}
{{ if and (not .Values.artifactory.unifiedSecretInstallation) (not .Values.artifactory.license.secret) (not .Values.artifactory.license.licenseKey) }}
{{- with .Values.artifactory.license.licenseKey }}
apiVersion: v1
kind: Secret

158
charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml
View File

@ -67,19 +67,8 @@ spec:
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
securityContext:
runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
runAsGroup: {{ .Values.artifactory.gid }}
fsGroup: {{ .Values.artifactory.gid }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
{{- if .Values.artifactory.seLinuxOptions }}
seLinuxOptions:
{{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }}
{{- end }}
{{- if .Values.artifactory.podSecurityContext.enabled }}
securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.artifactory.topologySpreadConstraints }}
topologySpreadConstraints:
@ -93,8 +82,8 @@ spec:
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -112,8 +101,8 @@ spec:
{{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
command:
- 'bash'
- '-c'
@ -127,8 +116,8 @@ spec:
{{- end }}
{{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }}
- name: "wait-for-primary"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -151,7 +140,8 @@ spec:
{{ toYaml .Values.initContainers.resources | indent 10 }}
{{- end }}
- name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}'
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -187,7 +177,7 @@ spec:
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }}
name: {{ include "artifactory-ha.masterKeySecretName" . }}
{{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret"
@ -199,8 +189,9 @@ spec:
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## SystemYaml #########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }}
- name: systemyaml
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -208,24 +199,29 @@ spec:
{{- if .Values.systemYamlOverride.existingSecret }}
mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}"
subPath: {{ .Values.systemYamlOverride.dataKey }}
{{- else if .Values.artifactory.systemYaml }}
{{- else }}
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
{{- end }}
{{- end }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Binarystore ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
######################## CustomCertificates ##########################
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@ -242,7 +238,8 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -263,7 +260,8 @@ spec:
{{- if .Values.waitForDatabase }}
{{- if or .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
command:
- /bin/bash
- -c
@ -392,13 +390,18 @@ spec:
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }}
{{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -406,8 +409,10 @@ spec:
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
{{- end }}
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -415,6 +420,7 @@ spec:
mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json
{{- end }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
@ -424,7 +430,7 @@ spec:
{{- if .Values.splitServicesToContainers }}
- name: {{ .Values.router.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }}
imagePullPolicy: {{ .Values.router.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -508,7 +514,7 @@ spec:
{{- end }}
{{- if .Values.metadata.enabled }}
- name: {{ .Values.metadata.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "metadata") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -635,36 +641,6 @@ spec:
livenessProbe:
{{ tpl .Values.event.livenessProbe.config . | indent 10 }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- '/bin/bash'
- '-c'
- >
exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start
{{- with .Values.artifactory.replicator.lifecycle }}
lifecycle:
{{ toYaml . | indent 10 }}
{{- end }}
env:
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- with .Values.artifactory.replicator.extraEnvironmentVariables }}
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
resources:
{{ toYaml .Values.artifactory.replicator.resources | indent 10 }}
{{- end }}
{{- if .Values.jfconnect.enabled }}
- name: {{ .Values.jfconnect.name }}
@ -766,7 +742,7 @@ spec:
{{- end }}
{{- if .Values.observability.enabled }}
- name: {{ .Values.observability.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "observability") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -860,10 +836,6 @@ spec:
value: "false"
- name : JF_FRONTEND_ENABLED
value: "false"
- name: JF_REPLICATOR_ENABLED
value: "true"
- name: JF_REPLICATOR_SERVICE_ENABLED
value: "false"
- name: JF_FEDERATION_ENABLED
value: "false"
- name : JF_OBSERVABILITY_ENABLED
@ -961,6 +933,8 @@ spec:
{{- end }}
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
######################## Artifactory persistence fs ##########################
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -971,21 +945,27 @@ spec:
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -993,12 +973,16 @@ spec:
mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json
{{- end }}
######################## Artifactory ConfigMap ##########################
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
######################## Artifactory license ##########################
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }}
- name: artifactory-license
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -1010,7 +994,7 @@ spec:
subPath: artifactory.lic
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: installer-info
mountPath: "/artifactory_bootstrap/info/installer-info.json"
subPath: installer-info.json
@ -1036,7 +1020,8 @@ spec:
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -1056,7 +1041,8 @@ spec:
{{- if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -1177,6 +1163,12 @@ spec:
secretName: {{ .Values.artifactory.license.secret }}
{{- end }}
{{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
secret:
secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
{{- end }}
############ Config map, Volumes and Custom Volumes ##############
{{- if .Values.artifactory.migration.enabled }}
- name: migration-scripts
@ -1201,6 +1193,7 @@ spec:
configMap:
name: {{ template "artifactory-ha.fullname" . }}-configmaps
{{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -1213,6 +1206,7 @@ spec:
claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
@ -1221,6 +1215,7 @@ spec:
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
persistentVolumeClaim:
@ -1246,6 +1241,7 @@ spec:
secret:
secretName: {{ template "artifactory-ha.name" . }}-unified-secret
{{- else if not .Values.artifactory.unifiedSecretInstallation }}
############ If single secret installation flag is disable ############
{{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled (not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName) }}
- name: gcpcreds-json
@ -1257,21 +1253,13 @@ spec:
secret:
secretName: {{ template "artifactory-ha.fullname" . }}-license
{{- end }}
{{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }}
- name: access-bootstrap-creds
secret:
secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
{{- end }}
{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }}
{{- if and (not .Values.systemYamlOverride.existingSecret) }}
- name: systemyaml
secret:
secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml
{{- end }}
{{- if .Values.access.accessConfig }}
- name: access-config
secret:
secretName: {{ template "artifactory-ha.fullname" . }}-access-config
{{- end }}
{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
secret:

6
charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml
View File

@ -20,6 +20,12 @@ spec:
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }}
{{- end }}
{{- if .Values.artifactory.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.artifactory.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }}
{{- end }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}

177
charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml
View File

@ -13,7 +13,7 @@ metadata:
{{ toYaml . | indent 4 }}
{{- end }}
{{- if and .Release.IsUpgrade .Values.postgresql.enabled }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x.x) that has postgresql.image.tag of 9.x or 10.x or 12.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 107.79.x) that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 107.79.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }}
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{- fail ".Values.artifactory.postStartCommand is not supported and should be replaced with .Values.artifactory.lifecycle.postStart.exec.command" }}
@ -24,6 +24,20 @@ metadata:
{{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }}
{{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }}
{{- end }}
{{- if (eq (.Values.artifactory.setSecurityContext | toString) "false" ) }}
{{- fail "\n You need to set security context at the pod level. .Values.artifactory.setSecurityContext is no longer supported. Replace it with .Values.artifactory.podSecurityContext" }}
{{- end }}
{{- if or .Values.artifactory.uid .Values.artifactory.gid }}
{{- if or (not (eq (.Values.artifactory.uid | toString) "1030" )) (not (eq (.Values.artifactory.gid | toString) "1030" )) }}
{{- fail "\n .Values.artifactory.uid and .Values.artifactory.gid are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.runAsUser, .Values.artifactory.podSecurityContext.runAsGroup and .Values.artifactory.podSecurityContext.fsGroup" }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.fsGroupChangePolicy .Values.artifactory.seLinuxOptions }}
{{- fail "\n .Values.artifactory.fsGroupChangePolicy and .Values.artifactory.seLinuxOptions are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.fsGroupChangePolicy and .Values.artifactory.podSecurityContext.seLinuxOptions" }}
{{- end }}
{{- if .Values.initContainerImage }}
{{- fail "\n .Values.initContainerImage is no longer supported. Replace it with .Values.initContainers.image.registry .Values.initContainers.image.repository and .Values.initContainers.image.tag" }}
{{- end }}
{{- with .Values.artifactory.statefulset.annotations }}
annotations:
{{ toYaml . | indent 4 }}
@ -85,19 +99,8 @@ spec:
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
securityContext:
runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
runAsGroup: {{ .Values.artifactory.gid }}
fsGroup: {{ .Values.artifactory.gid }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
{{- if .Values.artifactory.seLinuxOptions }}
seLinuxOptions:
{{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }}
{{- end }}
{{- if .Values.artifactory.podSecurityContext.enabled }}
securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.artifactory.topologySpreadConstraints }}
topologySpreadConstraints:
@ -111,8 +114,8 @@ spec:
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -130,8 +133,8 @@ spec:
{{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -147,8 +150,8 @@ spec:
{{- end }}
{{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }}
- name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -165,7 +168,7 @@ spec:
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }}
- name: access-bootstrap-creds
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -179,7 +182,8 @@ spec:
{{- end }}
{{- end }}
- name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}'
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -237,7 +241,7 @@ spec:
- name: ARTIFACTORY_JOIN_KEY
valueFrom:
secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }}
name: {{ include "artifactory-ha.joinKeySecretName" . }}
{{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret"
@ -248,7 +252,7 @@ spec:
- name: ARTIFACTORY_JFCONNECT_TOKEN
valueFrom:
secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }}
name: {{ include "artifactory-ha.jfConnectTokenSecretName" . }}
{{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret"
@ -259,18 +263,21 @@ spec:
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }}
name: {{ include "artifactory-ha.masterKeySecretName" . }}
{{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret"
{{- end }}
key: master-key
{{- end }}
######################## Volume Mounts For copy-system-configurations ##########################
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## SystemYaml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }}
- name: systemyaml
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -278,19 +285,22 @@ spec:
{{- if .Values.systemYamlOverride.existingSecret }}
mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}"
subPath: {{ .Values.systemYamlOverride.dataKey }}
{{- else if .Values.artifactory.systemYaml }}
{{- else }}
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
{{- end }}
{{- end }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Binarystore ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
{{- if .Values.access.accessConfig }}
######################## Access config ##########################
{{- if .Values.access.accessConfig }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
- name: access-config
{{- else }}
@ -298,18 +308,22 @@ spec:
{{- end }}
mountPath: "/tmp/etc/access.config.patch.yml"
subPath: access.config.patch.yml
{{- end }}
{{- if .Values.access.customCertificatesSecretName }}
{{- end }}
######################## Access certs external secret ##########################
{{- if .Values.access.customCertificatesSecretName }}
- name: access-certs
mountPath: "/tmp/etc/tls.crt"
subPath: tls.crt
- name: access-certs
mountPath: "/tmp/etc/tls.key"
subPath: tls.key
{{- end }}
{{- end }}
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -329,7 +343,8 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: c
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -350,7 +365,8 @@ spec:
{{- if .Values.waitForDatabase }}
{{- if or .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -469,6 +485,8 @@ spec:
subPath: migrationStatus.sh
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
######################## Artifactory persistence fs ##########################
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -479,24 +497,32 @@ spec:
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
######################## CustomVolumeMounts ##########################
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }}
{{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if (not .Values.artifactory.unifiedSecretInstallation) }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -504,8 +530,10 @@ spec:
mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 6 }}
@ -514,7 +542,7 @@ spec:
{{- if .Values.splitServicesToContainers }}
- name: {{ .Values.router.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }}
imagePullPolicy: {{ .Values.router.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -598,7 +626,7 @@ spec:
{{- end }}
{{- if .Values.metadata.enabled }}
- name: {{ .Values.metadata.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "metadata") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -725,36 +753,6 @@ spec:
livenessProbe:
{{ tpl .Values.event.livenessProbe.config . | indent 10 }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- '/bin/bash'
- '-c'
- >
exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start
{{- with .Values.artifactory.replicator.lifecycle }}
lifecycle:
{{ toYaml . | indent 10 }}
{{- end }}
env:
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- with .Values.artifactory.replicator.extraEnvironmentVariables }}
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
resources:
{{ toYaml .Values.artifactory.replicator.resources | indent 10 }}
{{- end }}
{{- if .Values.jfconnect.enabled }}
- name: {{ .Values.jfconnect.name }}
@ -838,7 +836,7 @@ spec:
{{- end }}
{{- if .Values.observability.enabled }}
- name: {{ .Values.observability.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "observability") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -944,10 +942,6 @@ spec:
value: "false"
- name : JF_FRONTEND_ENABLED
value: "false"
- name: JF_REPLICATOR_ENABLED
value: "true"
- name: JF_REPLICATOR_SERVICE_ENABLED
value: "false"
- name: JF_FEDERATION_ENABLED
value: "false"
- name : JF_OBSERVABILITY_ENABLED
@ -1030,6 +1024,7 @@ spec:
- containerPort: {{ .Values.artifactory.ssh.internalPort }}
name: tcp-ssh
{{- end }}
volumeMounts:
{{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
@ -1053,6 +1048,8 @@ spec:
{{- end }}
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
######################## Artifactory persistence fs ##########################
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -1063,12 +1060,16 @@ spec:
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
######################## Artifactory persistence binarystoreXml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
@ -1076,20 +1077,26 @@ spec:
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
######################## Artifactory persistence googleStorage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
{{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }}
mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json
{{- end }}
{{- end }}
{{- end }}
######################## Artifactory configMapName ##########################
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
######################## Artifactory license ##########################
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }}
- name: artifactory-license
@ -1103,6 +1110,7 @@ spec:
subPath: artifactory.lic
{{- end }}
{{- end }}
- name: installer-info
mountPath: "/artifactory_bootstrap/info/installer-info.json"
subPath: installer-info.json
@ -1128,7 +1136,8 @@ spec:
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -1148,7 +1157,8 @@ spec:
{{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -1228,6 +1238,7 @@ spec:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
########## External secrets ###########
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
@ -1369,12 +1380,12 @@ spec:
secret:
secretName: {{ template "artifactory-ha.fullname" . }}-license
{{- end }}
{{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }}
{{- if and .Values.artifactory.admin.password (and (not .Values.artifactory.admin.secret) (not .Values.artifactory.admin.dataKey)) }}
- name: access-bootstrap-creds
secret:
secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
{{- end }}
{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }}
{{- if and (not .Values.systemYamlOverride.existingSecret) }}
- name: systemyaml
secret:
secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml

4
charts/jfrog/artifactory-ha/templates/artifactory-secrets.yaml
View File

@ -1,4 +1,5 @@
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.jfConnectToken .Values.artifactory.masterKey .Values.global.masterKey }}
apiVersion: v1
kind: Secret
metadata:
@ -21,8 +22,9 @@ data:
{{- end }}
{{- end }}
{{- if .Values.artifactory.jfConnectToken }}
{{- if not (.Values.artifactory.jfConnectTokenSecretName) }}
{{- if not .Values.artifactory.jfConnectTokenSecretName }}
jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

6
charts/jfrog/artifactory-ha/templates/artifactory-service.yaml
View File

@ -17,6 +17,12 @@ metadata:
{{ toYaml .Values.artifactory.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.artifactory.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.artifactory.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }}
{{- end }}
type: {{ .Values.artifactory.service.type }}
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }}

2
charts/jfrog/artifactory-ha/templates/artifactory-system-yaml.yaml
View File

@ -12,5 +12,5 @@ metadata:
type: Opaque
stringData:
system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }}
{{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }}

18
charts/jfrog/artifactory-ha/templates/artifactory-unified-secret.yaml
View File

@ -17,18 +17,18 @@ stringData:
{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }}
{{- end }}
{{- if and (not .Values.artifactory.persistence.customBinarystoreXmlSecret) }}
{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
binarystore.xml: |-
{{- if .Values.artifactory.persistence.binarystoreXml }}
{{- if .Values.artifactory.persistence.binarystoreXml }}
{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }}
{{- else }}
{{ tpl ( .Files.Get "files/binarystore.xml" ) . | indent 4 }}
{{- end }}
{{- end }}
{{- if not .Values.systemYamlOverride.existingSecret }}
{{- if and (not .Values.systemYamlOverride.existingSecret) }}
system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }}
{{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }}
{{- if .Values.artifactory.customSecrets }}
@ -47,7 +47,7 @@ stringData:
data:
{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }}
{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }}
{{- if or .Values.database.url .Values.database.user .Values.database.password }}
{{- with .Values.database.url }}
@ -69,22 +69,26 @@ data:
{{- end }}
{{- end }}
{{- if not .Values.artifactory.license.secret }}
{{- with .Values.artifactory.license.licenseKey }}
artifactory.lic: {{ . | b64enc | quote }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.masterKey .Values.global.masterKey }}
{{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }}
master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey }}
{{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }}
join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.jfConnectToken }}
{{- if not (.Values.artifactory.jfConnectTokenSecretName) }}
{{- if .Values.artifactory.jfConnectToken }}
{{- if not .Values.artifactory.jfConnectTokenSecretName }}
jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }}
{{- end }}
{{- end }}

156
charts/jfrog/artifactory-ha/templates/ingress.yaml
View File

@ -56,6 +56,7 @@ spec:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- if not $.Values.ingress.disableRouterBypass }}
- path: {{ $.Values.ingress.artifactoryPath }}
pathType: ImplementationSpecific
backend:
@ -63,6 +64,7 @@ spec:
name: {{ $serviceName }}
port:
number: {{ $artifactoryServicePort }}
{{- end }}
{{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }}
- path: {{ $.Values.ingress.rtfsPath }}
pathType: ImplementationSpecific
@ -96,159 +98,7 @@ spec:
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }}
---
{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicationIngressName }}
labels:
app: "{{ template "artifactory-ha.name" $ }}"
chart: "{{ template "artifactory-ha.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.ingress.annotations }}
annotations:
{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.ingress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.ingress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.ingress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }}
---
{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicatorTrackerIngressName }}
labels:
app: "{{ template "artifactory-ha.name" $ }}"
chart: "{{ template "artifactory-ha.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.trackerIngress.annotations }}
annotations:
{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.trackerIngress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.trackerIngress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.customIngress }}
---
{{ .Values.customIngress | toYaml | trimSuffix "\n" }}

7
charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml
View File

@ -65,8 +65,8 @@ spec:
{{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }}
{{- end }}
- name: "setup"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -154,7 +154,8 @@ spec:
{{- $mountPath := .Values.nginx.persistence.mountPath }}
{{- range .Values.nginx.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- tail
args:

6
charts/jfrog/artifactory-ha/templates/nginx-service.yaml
View File

@ -21,6 +21,12 @@ spec:
{{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }}
clusterIP: {{ .Values.nginx.service.clusterIP }}
{{- end }}
{{- if .Values.nginx.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.nginx.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.nginx.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.nginx.service.ipFamilies | nindent 4 }}
{{- end }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}}
loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}

401
charts/jfrog/artifactory-ha/values.yaml
View File

@ -11,7 +11,8 @@ global:
## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion
## This applies also for nginx images (.Values.nginx.image.tag)
versions: {}
# artifactory:
# artifactory:
# initContainers:
# joinKey:
# masterKey:
# joinKeySecretName:
@ -41,11 +42,28 @@ global:
## String to fully override artifactory-ha.fullname template
##
# fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475
# Init containers
initContainers:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1552
pullPolicy: IfNotPresent
resources:
requests:
memory: "50Mi"
cpu: "10m"
limits:
memory: "1Gi"
cpu: "1"
installer:
type:
platform:
installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}'
## The installerInfo is intentionally commented out and the previous content has been moved under `files/installer-info.json`
## To override the content in `files/installer-info.json`, Uncomment the `installerInfo` and add relevant data
# installerInfo: '{}'
# For supporting pulling from private registries
# imagePullSecrets:
# - myRegistryKeySecretName
@ -114,6 +132,8 @@ ingress:
# Additional ingress rules
additionalRules: []
# This is an experimental feature, enabling this feature will route all traffic through the Router.
disableRouterBypass: false
## Allows to add custom ingress
customIngress: ""
networkpolicy: []
@ -148,7 +168,7 @@ postgresql:
image:
registry: releases-docker.jfrog.io
repository: bitnami/postgresql
tag: 13.10.0-debian-11-r14
tag: 15.6.0-debian-11-r16
postgresqlUsername: artifactory
postgresqlPassword: ""
postgresqlDatabase: artifactory
@ -183,6 +203,8 @@ postgresql:
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## you MUST specify custom database details here or Artifactory will NOT start
database:
## To run Artifactory with any database other than PostgreSQL allowNonPostgresql set to true.
allowNonPostgresql: false
type:
driver:
## If you set the url, leave host and port empty
@ -203,11 +225,6 @@ database:
# url:
# name: "rds-artifactory"
# key: "db-url"
logger:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1475
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws:
@ -215,10 +232,19 @@ aws:
enabled: false
licenseConfigSecretName:
region: us-east-1
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
@ -232,8 +258,8 @@ router:
image:
registry: releases-docker.jfrog.io
repository: jfrog/router
tag: 7.91.0
imagePullPolicy: IfNotPresent
tag: 7.105.1
pullPolicy: IfNotPresent
serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled
insecure: false
@ -316,8 +342,9 @@ artifactory:
## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust
## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder.
circleOfTrustCertificatesSecret:
# unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha secrets
unifiedSecretInstallation: false
# unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha internal(chart) secrets, It won't be affecting external secrets.
## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.78.x, Users can switch to false to continue with the old way of secret creation.
unifiedSecretInstallation: true
image:
registry: releases-docker.jfrog.io
repository: jfrog/artifactory-pro
@ -441,8 +468,8 @@ artifactory:
## Add custom init containers execution before predefined init containers
customInitContainersBegin: ""
# - name: "custom-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext:
# runAsNonRoot: true
# allowPrivilegeEscalation: false
@ -461,8 +488,8 @@ artifactory:
## Add custom init containers execution after predefined init containers
customInitContainers: ""
# - name: "custom-systemyaml-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext:
# runAsNonRoot: true
# allowPrivilegeEscalation: false
@ -482,8 +509,8 @@ artifactory:
# - The provided example shows running container as root (id 0)
customSidecarContainers: ""
# - name: "sidecar-list-etc"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext:
# runAsNonRoot: true
# allowPrivilegeEscalation: false
@ -644,174 +671,44 @@ artifactory:
# name: my-secret-name
# key: my-secret-key
# TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes)
systemYaml: |
router:
serviceRegistry:
insecure: {{ .Values.router.serviceRegistry.insecure }}
shared:
{{- if .Values.artifactory.coldStorage.enabled }}
jfrogColdStorage:
coldInstanceEnabled: true
{{- end }}
{{- if .Values.artifactory.openMetrics.enabled }}
metrics:
enabled: true
{{- if .Values.artifactory.openMetrics.filebeat.enabled }}
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }}
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.primary.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
database:
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
host: ""
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{ else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.access.database.enabled }}
type: "{{ .Values.access.database.type }}"
url: "{{ .Values.access.database.url }}"
driver: "{{ .Values.access.database.driver }}"
username: "{{ .Values.access.database.user }}"
password: "{{ .Values.access.database.password }}"
{{- end }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if .Values.artifactory.replicator.enabled }}
replicator:
enabled: true
{{- end }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
## System YAML entries now reside under files/system.yaml.
## You can provide the specific values that you want to add or override under 'artifactory.extraSystemYaml'.
## For example:
## extraSystemYaml:
## shared:
## node:
## id: my-instance
## The entries provided under 'artifactory.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml.
## If you have already provided system.yaml under, 'artifactory.systemYaml', the values in that entry take precedence over files/system.yaml
## You can modify specific entries with your own value under `artifactory.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'artifactory.systemYaml' and files/system.yaml
extraSystemYaml: {}
## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml.
## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml.
# systemYaml:
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}"
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}
## IMPORTANT: If overriding artifactory.internalPort:
## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024!
externalPort: 8082
internalPort: 8082
externalArtifactoryPort: 8081
internalArtifactoryPort: 8081
uid: 1030
gid: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
terminationGracePeriodSeconds: 30
## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value.
## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false
setSecurityContext: true
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param artifactory.podSecurityContext.enabled Enable security context
## @param artifactory.podSecurityContext.runAsNonRoot Set pod's Security Context runAsNonRoot
## @param artifactory.podSecurityContext.runAsUser User ID for the pod
## @param artifactory.podSecurityContext.runASGroup Group ID for the pod
## @param artifactory.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
runAsNonRoot: true
runAsUser: 1030
runAsGroup: 1030
fsGroup: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
## The following settings are to configure the frequency of the liveness and startup probes.
livenessProbe:
enabled: true
@ -861,8 +758,13 @@ artifactory:
## Use a custom Secret to be mounted as your binarystore.xml
## NOTE: This will ignore all settings below that make up binarystore.xml
customBinarystoreXmlSecret:
## cache-fs binary provider configurations
## Refer: https://jfrog.com/help/r/jfrog-installation-setup-documentation/cache-fs-template-configuration
maxCacheSize: 50000000000
cacheProviderDir: cache
## maxFileSizeLimit:
## skipDuringUpload:
## artifactory data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
@ -884,6 +786,7 @@ artifactory:
## s3-storage-v3-archive
## azure-blob
## azure-blob-storage-direct
## azure-blob-storage-v2-direct
type: file-system
## Use binarystoreXml to provide a custom binarystore.xml
## This is intentionally commented and below previous content of binarystoreXml is moved under files/binarystore.xml
@ -981,7 +884,7 @@ artifactory:
enablePathStyleAccess: false
multiPartLimit:
multipartElementSize:
## For artifactory.persistence.type azure-blob, azure-blob-storage-direct
## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, azure-blob-storage-v2-direct
azureBlob:
accountName:
accountKey:
@ -993,6 +896,16 @@ artifactory:
service:
name: artifactory
type: ClusterIP
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer)
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -1009,63 +922,6 @@ artifactory:
# nodePort: 32082
statefulset:
annotations: {}
## The following setting are to configure a dedicated Ingress object for Replicator service
replicator:
name: replicator
enabled: false
## Extra environment variables that can be used to tune replicator to your needs.
## Uncomment and set value as needed
extraEnvironmentVariables:
# - name: MY_ENV_VAR
# value: ""
resources: {}
# requests:
# memory: "100Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "1"
# Add lifecycle hooks for replicator container
lifecycle: {}
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler"]
# preStop:
# exec:
# command: ["/bin/sh","-c","echo Hello from the preStop handler"]
ingress:
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true
## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads
trackerIngress:
enabled: false
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
ssh:
enabled: false
internalPort: 1339
@ -1273,6 +1129,11 @@ metadata:
extraEnvironmentVariables:
# - name: MY_ENV_VAR
# value: ""
image:
pullPolicy: IfNotPresent
registry: releases-docker.jfrog.io
repository: jfrog/artifactory-pro
# tag:
resources: {}
# requests:
# memory: "100Mi"
@ -1496,6 +1357,11 @@ observability:
extraEnvironmentVariables:
# - name: MY_ENV_VAR
# value: ""
image:
pullPolicy: IfNotPresent
registry: releases-docker.jfrog.io
repository: jfrog/artifactory-pro
# tag:
resources: {}
# requests:
# memory: "100Mi"
@ -1551,15 +1417,6 @@ mc:
maxThreads: 50
sendReasonPhrase: false
extraConfig: 'acceptCount="100"'
# Init containers
initContainers:
resources:
requests:
memory: "50Mi"
cpu: "10m"
limits:
memory: "1Gi"
cpu: "1"
# Nginx
nginx:
enabled: true
@ -1586,6 +1443,9 @@ nginx:
annotations: {}
terminationGracePeriodSeconds: 30
disableProxyBuffering: false
# singleStackIPv6Cluster flag, which manages the Nginx configuration to enable listening on IPv6 and proxy.
# If .Values.nginx.service.ipFamilies and .Values.artifactory.service.ipFamilies is configured for only IPv6, users need to enable this flag.
singleStackIPv6Cluster: false
# Note that by default we use appVersion to get image tag/version
image:
registry: releases-docker.jfrog.io
@ -1634,6 +1494,7 @@ nginx:
# Logs options
logs:
stderr: false
stdout: false
level: warn
## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports.
customPorts: []
@ -1645,7 +1506,7 @@ nginx:
# Main Nginx configuration file
worker_processes 4;
{{ if .Values.nginx.logs.stderr }}
{{- if .Values.nginx.logs.stderr }}
error_log stderr {{ .Values.nginx.logs.level }};
{{- else -}}
error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }};
@ -1656,7 +1517,11 @@ nginx:
## SSH Server Configuration
stream {
server {
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.ssh.internalPort }};
{{- else -}}
listen {{ .Values.nginx.ssh.internalPort }};
{{- end }}
proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }};
}
}
@ -1700,7 +1565,11 @@ nginx:
'request_time = $request_time '
'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
{{- if .Values.nginx.logs.stdout }}
access_log /dev/stdout timing;
{{- else -}}
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
{{- end }}
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
@ -1717,20 +1586,36 @@ nginx:
{{- end }}
## server configuration
server {
{{- if .Values.nginx.internalPortHttps }}
listen {{ .Values.nginx.internalPortHttps }} ssl;
{{- if .Values.nginx.internalPortHttps }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttps }} ssl;
{{- else -}}
listen {{ .Values.nginx.internalPortHttps }} ssl;
{{- end }}
{{- else -}}
{{- if .Values.nginx.https.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.https.internalPort }} ssl;
{{- else -}}
listen {{ .Values.nginx.https.internalPort }} ssl;
{{- end }}
{{- end }}
{{- if .Values.nginx.internalPortHttp }}
listen {{ .Values.nginx.internalPortHttp }};
{{- end }}
{{- if .Values.nginx.internalPortHttp }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttp }};
{{- else -}}
listen {{ .Values.nginx.internalPortHttp }};
{{- end }}
{{- else -}}
{{- if .Values.nginx.http.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.http.internalPort }};
{{- else -}}
listen {{ .Values.nginx.http.internalPort }};
{{- end }}
{{- end }}
{{- end }}
server_name ~(?<repo>.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}
{{- range .Values.ingress.hosts -}}
{{- if contains "." . -}}
@ -1805,6 +1690,16 @@ nginx:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer
ssloffload: false
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -1982,7 +1877,7 @@ filebeat:
hosts: ["{{ .Values.filebeat.logstashUrl }}"]
## Allows to add additional kubernetes resources
## Use --- as a separator between multiple resources
## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml
## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-ha-values.yaml
additionalResources: ""
# Adding entries to a Pod's /etc/hosts file
# For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases

8
charts/jfrog/artifactory-jcr/CHANGELOG.md
View File

@ -1,7 +1,13 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
## [107.77.12] - Nov 23, 2023
## [107.84.10] - Feb 20, 2024
* Updated `artifactory.installerInfo` content
## [107.80.0] - Feb 1, 2024
* Updated README.md to create a namespace using `--create-namespace` as part of helm install
## [107.74.0] - Nov 23, 2023
* **IMPORTANT**
* Added min kubeVersion ">= 1.19.0-0" in chart.yaml

6
charts/jfrog/artifactory-jcr/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.77.12
appVersion: 7.84.10
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.77.12
version: 107.84.10
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
version: 107.77.12
version: 107.84.10

6
charts/jfrog/artifactory-jcr/README.md
View File

@ -30,7 +30,7 @@ helm repo update
### Install Chart
To install the chart with the release name `jfrog-container-registry`:
```bash
helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword=<postgres_password> --namespace artifactory-jcr jfrog/artifactory-jcr
helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword=<postgres_password> jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace
```
### Accessing JFrog Container Registry
@ -39,7 +39,7 @@ helm upgrade --install jfrog-container-registry --set artifactory.postgresql.pos
### Updating JFrog Container Registry
Once you have a new chart version, you can upgrade your deployment with
```bash
helm upgrade jfrog-container-registry jfrog/artifactory-jcr
helm upgrade jfrog-container-registry jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace
```
### Special Upgrade Notes
@ -85,7 +85,7 @@ helm upgrade --install jfrog-container-registry \
--set artifactory.ingress.enabled=true \
--set artifactory.ingress.hosts[0]="artifactory.company.com" \
--set artifactory.artifactory.service.type=NodePort \
--namespace artifactory-jcr jfrog/artifactory-jcr
jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace
```
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:

45
charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,7 +1,50 @@
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
## [107.77.12] - April 22, 2024
## [107.84.10] - May 2, 2024
* Added image section for `initContainers` instead of `initContainerImage`
* Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy`
* Removed image section for `loggers`
* Added support for `global.verisons.initContainers` to override `initContainers.image.tag`
* Fixed an issue with extraSystemYaml merge
* **IMPORTANT**
* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext`
* Renamed `artifactory.uid` to `artifactory.podSecurityContext.runAsUser`
* Renamed `artifactory.gid` to `artifactory.podSecurityContext.runAsGroup` and `artifactory.podSecurityContext.fsGroup`
* Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy`
* Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions`
* Added flag `allowNonPostgresql` defaults to false
* Update postgresql tag version to `15.6.0-debian-12-r5`
* Added a check if `initContainerImage` exists
## [107.82.0] - Mar 04, 2024
* Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router.
* Removed Replicator service
## [107.81.0] - Feb 20, 2024
* **IMPORTANT**
* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml)
* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given [GH-1848](https://github.com/jfrog/charts/pull/1848)
* Added option to modify the new cache configs, maxFileSizeLimit and skipDuringUpload
* Added IPV4/IPV6 Dualstack flag support for Artifactory and nginx service
* Added `singleStackIPv6Cluster` flag, which manages the Nginx configuration to enable listening on IPv6 and proxying.
* Fixing broken link for creating additional kubernetes resources. Refer [here](https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml)
* Refactored installerInfo configuration (moved to files/installer-info.json instead of key in values.yaml)
## [107.80.0] - Feb 20, 2024
* Updated README.md to create a namespace using `--create-namespace` as part of helm install
## [107.79.0] - Feb 20, 2024
* **IMPORTANT**
* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default
* Added support for azure-blob-storage-v2-direct config
* Added option to set Nginx to write access_log to container STDOUT
* **Important change:**
* Update postgresql tag version to `15.2.0-debian-11-r23`
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**!
* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true
## [107.77.0] - April 22, 2024
* Removed integration service
* Added recommended postgresql sizing configurations under sizing directory
* Updated artifactory-federation (probes, port, embedded mode)

4
charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 7.77.12
appVersion: 7.84.10
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
version: 107.77.12
version: 107.84.10

4
charts/jfrog/artifactory-jcr/charts/artifactory/README.md
View File

@ -28,14 +28,14 @@ helm repo update
### Install Chart
To install the chart with the release name `artifactory`:
```bash
helm upgrade --install artifactory --namespace artifactory jfrog/artifactory
helm upgrade --install artifactory jfrog/artifactory --namespace artifactory --create-namespace
```
### Apply Sizing configurations to the Chart
To apply the chart with recommended sizing configurations :
For small configurations :
```bash
helm upgrade --install artifactory --namespace artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml
helm upgrade --install artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml --namespace artifactory --create-namespace
```
## Uninstalling Artifactory

3
charts/jfrog/artifactory-jcr/charts/artifactory/ci/derby-test-values.yaml
View File

@ -3,7 +3,8 @@ databaseUpgradeReady: true
postgresql:
enabled: false
artifactory:
fsGroupChangePolicy: "OnRootMismatch"
podSecurityContext:
fsGroupChangePolicy: "OnRootMismatch"
persistence:
enabled: false
resources:

32
charts/jfrog/artifactory-jcr/charts/artifactory/ci/global-values.yaml
View File

@ -19,8 +19,8 @@ artifactory:
xmx: "4g"
customInitContainersBegin: |
- name: "custom-init-begin-local"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -30,8 +30,8 @@ artifactory:
name: artifactory-volume
customInitContainers: |
- name: "custom-init-local"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -51,8 +51,8 @@ artifactory:
# Add custom sidecar containers
customSidecarContainers: |
- name: "sidecar-list-local"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -75,8 +75,8 @@ global:
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
customInitContainersBegin: |
- name: "custom-init-begin-global"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -86,8 +86,8 @@ global:
name: artifactory-volume
customInitContainers: |
- name: "custom-init-global"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -107,8 +107,8 @@ global:
# Add custom sidecar containers
customSidecarContainers: |
- name: "sidecar-list-global"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -129,8 +129,8 @@ global:
nginx:
customInitContainers: |
- name: "custom-init-begin-nginx"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- 'sh'
- '-c'
@ -140,8 +140,8 @@ nginx:
name: custom-script-local
customSidecarContainers: |
- name: "sidecar-list-nginx"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
capabilities:

9
charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml
View File

@ -4,15 +4,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence:
enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
resources:
requests:
memory: "4Gi"

17
charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml
View File

@ -5,23 +5,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence:
enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
# Add lifecycle hooks for replicator container
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
preStop:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
resources:
requests:
memory: "4Gi"

10
charts/jfrog/artifactory-jcr/charts/artifactory/ci/test-values.yaml
View File

@ -8,16 +8,6 @@ artifactory:
enabled: true
persistence:
enabled: false
replicator:
name: replicator
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
resources:
requests:
memory: "4Gi"

60
charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml
View File

@ -16,6 +16,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- end }}
@ -41,6 +47,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- end }}
</config>
@ -66,6 +78,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
<!-- Shards add local file-system provider configuration -->
@ -128,6 +146,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- if eq .Values.artifactory.persistence.type "cluster-google-storage-v2" }}
@ -204,6 +228,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64}}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- end }}
@ -334,6 +364,12 @@
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
{{- if eq .Values.artifactory.persistence.type "cluster-azure-blob-storage" }}
@ -363,4 +399,28 @@
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "azure-blob-storage-v2-direct" -}}
<config version="3">
<chain template="azure-blob-storage-v2-direct"/>
<provider type="cache-fs" id="cache-fs">
<cacheProviderDir>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</cacheProviderDir>
<maxCacheSize>{{ .Values.artifactory.persistence.cacheProviderDir }}</maxCacheSize>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
<provider id="azure-blob-storage-v2" type="azure-blob-storage-v2">
<accountName>{{ .Values.artifactory.persistence.azureBlob.accountName }}</accountName>
<accountKey>{{ .Values.artifactory.persistence.azureBlob.accountKey }}</accountKey>
<endpoint>{{ .Values.artifactory.persistence.azureBlob.endpoint }}</endpoint>
<container>{{ .Values.artifactory.persistence.azureBlob.containerName }}</container>
<multiPartLimit>{{ .Values.artifactory.persistence.azureBlob.multiPartLimit | int64 }}</multiPartLimit>
<multipartElementSize>{{ .Values.artifactory.persistence.azureBlob.multipartElementSize | int64 }}</multipartElementSize>
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider>
</config>
{{- end }}

32
charts/jfrog/artifactory-jcr/charts/artifactory/files/installer-info.json Normal file
View File

@ -0,0 +1,32 @@
{
"productId": "Helm_artifactory/{{ .Chart.Version }}",
"features": [
{
"featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"
},
{
"featureId": "Database/{{ .Values.database.type }}"
},
{
"featureId": "PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"
},
{
"featureId": "Nginx_Enabled/{{ .Values.nginx.enabled }}"
},
{
"featureId": "ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"
},
{
"featureId": "SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"
},
{
"featureId": "UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"
},
{
"featureId": "Filebeat_Enabled/{{ .Values.filebeat.enabled }}"
},
{
"featureId": "ReplicaCount/{{ .Values.artifactory.replicaCount }}"
}
]
}

38
charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh
View File

@ -2916,9 +2916,6 @@ yamlMigrate () {
if [[ ! -z "${value}" ]]; then
value=$(updateConnectionString "${yamlPath}" "${value}")
fi
if [[ "${PRODUCT}" == "artifactory" ]]; then
replicatorProfiling
fi
if [[ -z "${value}" ]]; then
logger "No value for [${key}] in [${sourceFile}]"
else
@ -4218,26 +4215,13 @@ commentNodeId () {
artifactoryInfoMessage () {
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
addText "# yamlFile was generated from db.properties,replicator.yaml and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
addText "# yamlFile was generated from db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
else
addText "# yamlFile was generated from default file,replicator.yaml,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
addText "# yamlFile was generated from default file,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
fi
}
replicatorProfiling () {
if [[ "${key}" == "profilingDisabled" ]]; then
if [[ ! -z "${value}" ]]; then
if [[ "${value}" == "false" ]]; then
value="true"
else
value="false"
fi
fi
fi
}
setHaEnabled_hook () {
local filePath="$1"
if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then
@ -4277,27 +4261,9 @@ _createBackupOfLogBackDir () {
removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}"
}
_createBackupOfReplicatorRtYaml () {
local backupDir="$1"
local replicatorRtYamlFile="${NEW_DATA_DIR}/etc/replicator/replicator.artifactory.yaml"
local effectiveUser=
local effectiveGroup=
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
effectiveUser="${JF_USER}"
effectiveGroup="${JF_USER}"
elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then
effectiveUser="${USER_TO_CHECK}"
effectiveGroup="${GROUP_TO_CHECK}"
fi
removeSoftLinkAndCreateDir "${backupDir}/replicatorYamlFile" "${effectiveUser}" "${effectiveGroup}" "yes"
removeFileOperation "${backupDir}/replicatorYamlFile" "${replicatorRtYamlFile}"
}
backupFiles_hook () {
local backupDirectory="$1"
_createBackupOfLogBackDir "${backupDirectory}"
_createBackupOfReplicatorRtYaml "${backupDirectory}"
}
migrateArtifactory () {

5
charts/jfrog/artifactory-jcr/charts/artifactory/files/migrationHelmInfo.yaml
View File

@ -11,10 +11,6 @@ migration:
work/access=access/tmp
log/archived/access=access/logs
log/archived/artifactory=logs
etc/replicator=replicator/etc
backup/replicator=replicator/backup
data/replicator=replicator/data
log/archived/replicator=replicator/logs
linkFiles:
map:
# Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value
@ -27,6 +23,5 @@ migration:
# Note $JF_ROOT_DATA_DIR will be prepended to the map entry
map:
access
replicator
metadata
logs

142
charts/jfrog/artifactory-jcr/charts/artifactory/files/system.yaml Normal file
View File

@ -0,0 +1,142 @@
router:
serviceRegistry:
insecure: {{ .Values.router.serviceRegistry.insecure }}
shared:
{{- if .Values.artifactory.coldStorage.enabled }}
jfrogColdStorage:
coldInstanceEnabled: true
{{- end }}
{{- if .Values.artifactory.openMetrics.enabled }}
metrics:
enabled: true
{{- if .Values.artifactory.openMetrics.filebeat.enabled }}
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }}
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
{{- if or .Values.database.type .Values.postgresql.enabled }}
database:
allowNonPostgresql: {{ .Values.database.allowNonPostgresql }}
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{- else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}

7
charts/jfrog/artifactory-jcr/charts/artifactory/templates/NOTES.txt
View File

@ -37,6 +37,13 @@ Congratulations. You have just deployed JFrog Artifactory!
{{- end }}
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
****************************************** WARNING **********************************************
* From chart version 107.84.x, `setSecurityContext` has been renamed to `podSecurityContext`, *
please change your values.yaml before upgrade , For more Info , refer to 107.84.x changelog *
*************************************************************************************************
{{- end }}
{{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }}
****************************************** WARNING **************************************************************************************************
* The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.*

47
charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl
View File

@ -30,33 +30,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified replicator app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory.replicator.fullname" -}}
{{- if .Values.artifactory.replicator.ingress.name -}}
{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified replicator tracker ingress name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory.replicator.tracker.fullname" -}}
{{- if .Values.artifactory.replicator.trackerIngress.name -}}
{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified nginx name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -262,6 +235,9 @@ Return the proper artifactory chart image names
{{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }}
{{- $tag = $dot.Values.global.versions.router | toString -}}
{{- end -}}
{{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }}
{{- $tag = $dot.Values.global.versions.initContainers | toString -}}
{{- end -}}
{{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }}
{{- $tag = $dot.Values.global.versions.artifactory | toString -}}
{{- end -}}
@ -326,9 +302,6 @@ Resolve requiredServiceTypes value
{{- if .Values.jfconnect.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}}
{{- end -}}
{{- if .Values.artifactory.replicator.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfxfer" -}}
{{- end -}}
{{- if .Values.mc.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}}
{{- end -}}
@ -469,3 +442,17 @@ if the volume exists in customVolume then an extra volume with the same name wil
{{- printf "%s" "false" -}}
{{- end -}}
{{- end -}}
{{/*
Calculate the systemYaml from structured and unstructured text input
*/}}
{{- define "artifactory.finalSystemYaml" -}}
{{ tpl (mergeOverwrite (include "artifactory.systemYaml" . | fromYaml) .Values.artifactory.extraSystemYaml | toYaml) . }}
{{- end -}}
{{/*
Calculate the systemYaml from the unstructured text input
*/}}
{{- define "artifactory.systemYaml" -}}
{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }}
{{- end -}}

5
charts/jfrog/artifactory-jcr/charts/artifactory/templates/_system-yaml-render.tpl Normal file
View File

@ -0,0 +1,5 @@
{{- if .Values.artifactory.systemYaml -}}
{{- tpl .Values.artifactory.systemYaml . -}}
{{- else -}}
{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }}
{{- end -}}

6
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-installer-info.yaml
View File

@ -9,4 +9,8 @@ metadata:
release: {{ .Release.Name }}
data:
installer-info.json: |
{{ tpl .Values.installerInfo . }}
{{- if .Values.installerInfo -}}
{{- tpl .Values.installerInfo . | nindent 4 -}}
{{- else -}}
{{ (tpl ( .Files.Get "files/installer-info.json" | nindent 4 ) .) }}
{{- end -}}

2
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-license-secret.yaml
View File

@ -1,4 +1,4 @@
{{ if (not .Values.artifactory.unifiedSecretInstallation) }}
{{ if and (not .Values.artifactory.unifiedSecretInstallation) (not .Values.artifactory.license.secret) (not .Values.artifactory.license.licenseKey) }}
{{- with .Values.artifactory.license.licenseKey }}
apiVersion: v1
kind: Secret

2
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-secrets.yaml
View File

@ -1,4 +1,5 @@
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.jfConnectToken .Values.artifactory.masterKey .Values.global.masterKey }}
apiVersion: v1
kind: Secret
metadata:
@ -25,4 +26,5 @@ data:
jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

6
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-service.yaml
View File

@ -16,6 +16,12 @@ metadata:
{{ toYaml .Values.artifactory.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.artifactory.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.artifactory.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }}
{{- end }}
type: {{ .Values.artifactory.service.type }}
{{- if .Values.artifactory.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:

147
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml
View File

@ -12,7 +12,7 @@ metadata:
{{ toYaml . | indent 4 }}
{{- end }}
{{- if and .Release.IsUpgrade .Values.postgresql.enabled }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 11.x.x) that has postgresql.image.tag of 9.x or 10.x or 12.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 12.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 107.79.x) that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 107.79.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }}
{{- end }}
{{- with .Values.artifactory.statefulset.annotations }}
annotations:
@ -30,6 +30,20 @@ metadata:
{{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }}
{{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }}
{{- end }}
{{- if (eq (.Values.artifactory.setSecurityContext | toString) "false" ) }}
{{- fail "\n You need to set security context at the pod level. .Values.artifactory.setSecurityContext is no longer supported. Replace it with .Values.artifactory.podSecurityContext" }}
{{- end }}
{{- if or .Values.artifactory.uid .Values.artifactory.gid }}
{{- if or (not (eq (.Values.artifactory.uid | toString) "1030" )) (not (eq (.Values.artifactory.gid | toString) "1030" )) }}
{{- fail "\n .Values.artifactory.uid and .Values.artifactory.gid are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.runAsUser .Values.artifactory.podSecurityContext.runAsGroup and .Values.artifactory.podSecurityContext.fsGroup" }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.fsGroupChangePolicy .Values.artifactory.seLinuxOptions }}
{{- fail "\n .Values.artifactory.fsGroupChangePolicy and .Values.artifactory.seLinuxOptions are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.fsGroupChangePolicy and .Values.artifactory.podSecurityContext.seLinuxOptions" }}
{{- end }}
{{- if .Values.initContainerImage }}
{{- fail "\n .Values.initContainerImage is no longer supported. Replace it with .Values.initContainers.image.registry .Values.initContainers.image.repository and .Values.initContainers.image.tag" }}
{{- end }}
spec:
serviceName: {{ template "artifactory.name" . }}
replicas: {{ .Values.artifactory.replicaCount }}
@ -87,19 +101,8 @@ spec:
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory.imagePullSecrets" . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
securityContext:
runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
runAsGroup: {{ .Values.artifactory.gid }}
fsGroup: {{ .Values.artifactory.gid }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
{{- if .Values.artifactory.seLinuxOptions }}
seLinuxOptions:
{{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }}
{{- end }}
{{- if .Values.artifactory.podSecurityContext.enabled }}
securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.artifactory.topologySpreadConstraints }}
topologySpreadConstraints:
@ -112,8 +115,8 @@ spec:
{{- if .Values.artifactory.persistence.enabled }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -130,8 +133,8 @@ spec:
{{- end }}
{{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }}
- name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -148,7 +151,7 @@ spec:
volumeMounts:
- name: artifactory-volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }}
- name: access-bootstrap-creds
{{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
@ -161,7 +164,8 @@ spec:
{{- end }}
{{- end }}
- name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}'
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -219,7 +223,7 @@ spec:
- name: ARTIFACTORY_JOIN_KEY
valueFrom:
secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }}
name: {{ include "artifactory.joinKeySecretName" . }}
{{- else }}
name: "{{ template "artifactory.name" . }}-unified-secret"
@ -230,7 +234,7 @@ spec:
- name: ARTIFACTORY_JFCONNECT_TOKEN
valueFrom:
secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }}
name: {{ include "artifactory.jfConnectTokenSecretName" . }}
{{- else }}
name: "{{ template "artifactory.name" . }}-unified-secret"
@ -241,7 +245,7 @@ spec:
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }}
name: {{ include "artifactory.masterKeySecretName" . }}
{{- else }}
name: "{{ template "artifactory.name" . }}-unified-secret"
@ -251,8 +255,7 @@ spec:
volumeMounts:
- name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }}
- name: systemyaml
{{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
@ -260,11 +263,12 @@ spec:
{{- if .Values.systemYamlOverride.existingSecret }}
mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}"
subPath: {{ .Values.systemYamlOverride.dataKey }}
{{- else if .Values.artifactory.systemYaml }}
{{- else }}
mountPath: "/tmp/etc/system.yaml"
subPath: "system.yaml"
{{- end }}
{{- end }}
######################## Binarystore ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
@ -272,6 +276,8 @@ spec:
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
######################## Access config ##########################
{{- if .Values.access.accessConfig }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
- name: access-config
@ -281,6 +287,8 @@ spec:
mountPath: "/tmp/etc/access.config.patch.yml"
subPath: "access.config.patch.yml"
{{- end }}
######################## Access certs external secret ##########################
{{- if .Values.access.customCertificatesSecretName }}
- name: access-certs
mountPath: "/tmp/etc/tls.crt"
@ -289,9 +297,11 @@ spec:
mountPath: "/tmp/etc/tls.key"
subPath: tls.key
{{- end }}
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -311,7 +321,8 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -332,7 +343,8 @@ spec:
{{- if .Values.waitForDatabase }}
{{- if .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -451,29 +463,37 @@ spec:
subPath: migrationStatus.sh
- name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: "binarystore.xml"
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if (not .Values.artifactory.unifiedSecretInstallation) }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
{{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
{{- end }}
mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json
{{- end }}
{{- end }}
{{- end }}
######################## CustomVolumeMounts ##########################
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }}
{{- end }}
@ -486,7 +506,7 @@ spec:
{{- if .Values.splitServicesToContainers }}
- name: {{ .Values.router.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }}
imagePullPolicy: {{ .Values.router.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -699,36 +719,6 @@ spec:
livenessProbe:
{{ tpl .Values.event.livenessProbe.config . | indent 10 }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- '/bin/bash'
- '-c'
- >
exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start
{{- with .Values.artifactory.replicator.lifecycle }}
lifecycle:
{{ toYaml . | indent 10 }}
{{- end }}
env:
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- with .Values.artifactory.replicator.extraEnvironmentVariables }}
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
volumeMounts:
- name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
resources:
{{ toYaml .Values.artifactory.replicator.resources | indent 10 }}
{{- end }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
- name: {{ .Values.jfconnect.name }}
@ -922,10 +912,6 @@ spec:
value: "false"
- name : JF_FRONTEND_ENABLED
value: "false"
- name: JF_REPLICATOR_ENABLED
value: "true"
- name: JF_REPLICATOR_SERVICE_ENABLED
value: "false"
- name: JF_FEDERATION_ENABLED
value: "false"
- name : JF_OBSERVABILITY_ENABLED
@ -1025,16 +1011,22 @@ spec:
{{- end }}
- name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
######################## Artifactory config map ##########################
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
######################## Artifactory persistence binarystoreXml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml
{{- else }}
@ -1042,8 +1034,10 @@ spec:
{{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml
######################## Artifactory persistence googleStorage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
{{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
@ -1052,6 +1046,8 @@ spec:
subPath: gcp.credentials.json
{{- end }}
{{- end }}
######################## Artifactory license ##########################
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }}
- name: artifactory-license
@ -1065,6 +1061,7 @@ spec:
subPath: artifactory.lic
{{- end }}
{{- end }}
- name: installer-info
mountPath: "/artifactory_bootstrap/info/installer-info.json"
subPath: installer-info.json
@ -1088,7 +1085,8 @@ spec:
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -1108,7 +1106,8 @@ spec:
{{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -1335,12 +1334,12 @@ spec:
secret:
secretName: {{ template "artifactory.fullname" . }}-license
{{- end }}
{{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }}
{{- if and .Values.artifactory.admin.password (and (not .Values.artifactory.admin.secret) (not .Values.artifactory.admin.dataKey)) }}
- name: access-bootstrap-creds
secret:
secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds
{{- end }}
{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }}
{{- if and (not .Values.systemYamlOverride.existingSecret) }}
- name: systemyaml
secret:
secretName: {{ printf "%s-%s" (include "artifactory.fullname" .) "systemyaml" }}
@ -1396,4 +1395,4 @@ spec:
resources:
requests:
storage: {{ .Values.artifactory.customPersistentVolumeClaim.size }}
{{- end }}
{{- end }}

3
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-system-yaml.yaml
View File

@ -11,5 +11,6 @@ metadata:
type: Opaque
stringData:
system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }}
{{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }}

12
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-unified-secret.yaml
View File

@ -17,7 +17,7 @@ stringData:
{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }}
{{- end }}
{{- if and (not .Values.artifactory.persistence.customBinarystoreXmlSecret) }}
{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
binarystore.xml: |-
{{- if .Values.artifactory.persistence.binarystoreXml }}
{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }}
@ -26,9 +26,9 @@ stringData:
{{- end }}
{{- end }}
{{- if not .Values.systemYamlOverride.existingSecret }}
{{- if and (not .Values.systemYamlOverride.existingSecret) }}
system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }}
{{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }}
{{- if and .Values.artifactory.customSecrets }}
@ -69,9 +69,11 @@ data:
{{- end }}
{{- end }}
{{- if not .Values.artifactory.license.secret }}
{{- with .Values.artifactory.license.licenseKey }}
artifactory.lic: {{ . | b64enc | quote }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.masterKey .Values.global.masterKey }}
{{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }}
@ -83,8 +85,8 @@ data:
join-key: {{ include "artifactory.joinKey" . | b64enc | quote }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.jfConnectToken }}
{{- if not (.Values.artifactory.jfConnectTokenSecretName) }}
{{- if .Values.artifactory.jfConnectToken }}
{{- if not .Values.artifactory.jfConnectTokenSecretName }}
jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }}
{{- end }}
{{- end }}

158
charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml
View File

@ -56,6 +56,7 @@ spec:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- if not $.Values.ingress.disableRouterBypass }}
- path: {{ $.Values.ingress.artifactoryPath }}
pathType: ImplementationSpecific
backend:
@ -63,6 +64,7 @@ spec:
name: {{ $serviceName }}
port:
number: {{ $artifactoryServicePort }}
{{- end }}
{{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }}
- path: {{ $.Values.ingress.rtfsPath }}
pathType: ImplementationSpecific
@ -82,10 +84,12 @@ spec:
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- if not $.Values.ingress.disableRouterBypass }}
- path: {{ $.Values.ingress.artifactoryPath }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $artifactoryServicePort }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
@ -97,159 +101,7 @@ spec:
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }}
---
{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicatorIngressName }}
labels:
app: "{{ template "artifactory.name" $ }}"
chart: "{{ template "artifactory.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.ingress.annotations }}
annotations:
{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.ingress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.ingress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.ingress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }}
---
{{- $replicatorTrackerIngressName := default ( include "artifactory.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicatorTrackerIngressName }}
labels:
app: "{{ template "artifactory.name" $ }}"
chart: "{{ template "artifactory.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.trackerIngress.annotations }}
annotations:
{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.trackerIngress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.trackerIngress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.customIngress }}
---
{{ .Values.customIngress | toYaml | trimSuffix "\n" }}

7
charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml
View File

@ -68,8 +68,8 @@ spec:
{{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }}
{{- end }}
- name: "setup"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
@ -157,7 +157,8 @@ spec:
{{- $mountPath := .Values.nginx.persistence.mountPath }}
{{- range .Values.nginx.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command:
- tail
args:

6
charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-service.yaml
View File

@ -14,6 +14,12 @@ metadata:
{{ toYaml .Values.nginx.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.nginx.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.nginx.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.nginx.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.nginx.service.ipFamilies | nindent 4 }}
{{- end }}
type: {{ .Values.nginx.service.type }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}}

361
charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml
View File

@ -12,7 +12,8 @@ global:
## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion
## This applies also for nginx images (.Values.nginx.image.tag)
versions: {}
# artifactory:
# artifactory:
# initContainers:
# joinKey:
# masterKey:
# joinKeySecretName:
@ -42,9 +43,14 @@ global:
## String to fully override artifactory.fullname template
##
# fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475
# Init containers
initContainers:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1552
pullPolicy: IfNotPresent
resources:
requests:
memory: "50Mi"
@ -55,7 +61,10 @@ initContainers:
installer:
type:
platform:
installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}'
## The installerInfo is intentionally commented out and the previous content has been moved under `files/installer-info.json`
## To override the content in `files/installer-info.json`, Uncomment the `installerInfo` and add relevant data
# installerInfo: '{}'
# For supporting pulling from private registries
# imagePullSecrets:
# - myRegistryKeySecretName
@ -128,6 +137,8 @@ ingress:
# Additional ingress rules
additionalRules: []
# This is an experimental feature, enabling this feature will route all traffic through the Router.
disableRouterBypass: false
## Allows to add custom ingress
customIngress: ""
networkpolicy: []
@ -158,11 +169,6 @@ autoscaling:
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 70
logger:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1475
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws:
@ -170,10 +176,19 @@ aws:
enabled: false
licenseConfigSecretName:
region: us-east-1
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
@ -187,8 +202,8 @@ router:
image:
registry: releases-docker.jfrog.io
repository: jfrog/router
tag: 7.91.0
imagePullPolicy: IfNotPresent
tag: 7.105.1
pullPolicy: IfNotPresent
serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled
insecure: false
@ -269,8 +284,9 @@ artifactory:
## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust
## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder.
circleOfTrustCertificatesSecret:
# unifiedSecretInstallation flag enables single unified secret holding all the artifactory secrets
unifiedSecretInstallation: false
# unifiedSecretInstallation flag enables single unified secret holding all the artifactory internal(chart) secrets, It won't be affecting external secrets.
## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.79.x, Users can switch to false to continue with the old way of secret creation.
unifiedSecretInstallation: true
# For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above.
replicaCount: 1
# minAvailable: 1
@ -410,8 +426,8 @@ artifactory:
## Add custom init containers execution before predefined init containers
customInitContainersBegin: ""
# - name: "custom-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext:
# runAsNonRoot: true
# allowPrivilegeEscalation: false
@ -429,8 +445,8 @@ artifactory:
## Add custom init containers execution after predefined init containers
customInitContainers: ""
# - name: "custom-systemyaml-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext:
# runAsNonRoot: true
# allowPrivilegeEscalation: false
@ -449,8 +465,8 @@ artifactory:
# - The provided example uses a custom volume (customVolumes)
customSidecarContainers: ""
# - name: "sidecar-list-etc"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext:
# runAsNonRoot: true
# allowPrivilegeEscalation: false
@ -609,156 +625,34 @@ artifactory:
# name: my-secret-name
# key: my-secret-key
systemYaml: |
router:
serviceRegistry:
insecure: {{ .Values.router.serviceRegistry.insecure }}
shared:
{{- if .Values.artifactory.coldStorage.enabled }}
jfrogColdStorage:
coldInstanceEnabled: true
{{- end }}
{{- if .Values.artifactory.openMetrics.enabled }}
metrics:
enabled: true
{{- if .Values.artifactory.openMetrics.filebeat.enabled }}
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }}
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
{{- if or .Values.database.type .Values.postgresql.enabled }}
database:
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{- else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if .Values.artifactory.replicator.enabled }}
replicator:
enabled: true
{{- end }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}
## System YAML entries now reside under files/system.yaml.
## You can provide the specific values that you want to add or override under 'artifactory.extraSystemYaml'.
## For example:
## extraSystemYaml:
## shared:
## node:
## id: my-instance
## The entries provided under 'artifactory.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml.
## If you have already provided system.yaml under, 'artifactory.systemYaml', the values in that entry take precedence over files/system.yaml
## You can modify specific entries with your own value under `artifactory.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'artifactory.systemYaml' and files/system.yaml
extraSystemYaml: {}
## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml.
## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml.
# systemYaml:
annotations: {}
service:
name: artifactory
type: ClusterIP
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer)
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -770,78 +664,29 @@ artifactory:
# nodePort: 32082
statefulset:
annotations: {}
## The following setting are to configure a dedicated Ingress object for Replicator service
replicator:
name: replicator
enabled: false
## Extra environment variables that can be used to tune replicator to your needs.
## Uncomment and set value as needed
extraEnvironmentVariables:
# - name: MY_ENV_VAR
# value: ""
resources: {}
# requests:
# memory: "100Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "1"
# Add lifecycle hooks for replicator container
lifecycle: {}
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler"]
# preStop:
# exec:
# command: ["/bin/sh","-c","echo Hello from the preStop handler"]
ingress:
enabled: true
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true
## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads
trackerIngress:
enabled: false
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
## IMPORTANT: If overriding artifactory.internalPort:
## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024!
externalPort: 8082
internalPort: 8082
externalArtifactoryPort: 8081
internalArtifactoryPort: 8081
uid: 1030
gid: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
terminationGracePeriodSeconds: 30
## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value.
## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false
setSecurityContext: true
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
## @param artifactory.podSecurityContext.enabled Enable security context
## @param artifactory.podSecurityContext.runAsNonRoot Set pod's Security Context runAsNonRoot
## @param artifactory.podSecurityContext.runAsUser User ID for the pod
## @param artifactory.podSecurityContext.runASGroup Group ID for the pod
## @param artifactory.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
runAsNonRoot: true
runAsUser: 1030
runAsGroup: 1030
fsGroup: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
livenessProbe:
enabled: true
config: |
@ -897,9 +742,13 @@ artifactory:
## Redundancy required For HA deployments, with "cluster" persistence storage type
redundancy: 3
lenientLimit: 1
## Cache default size. Should be increased for production deployments.
## cache-fs binary provider configurations
## Refer: https://jfrog.com/help/r/jfrog-installation-setup-documentation/cache-fs-template-configuration
maxCacheSize: 5000000000
cacheProviderDir: cache
## maxFileSizeLimit:
## skipDuringUpload:
## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config
## Supported types are:
## file-system (default)
@ -915,6 +764,7 @@ artifactory:
## s3-storage-v3-archive
## azure-blob
## azure-blob-storage-direct
## azure-blob-storage-v2-direct
## cluster-azure-blob-storage
type: file-system
## Use binarystoreXml to provide a custom binarystore.xml
@ -997,7 +847,7 @@ artifactory:
enablePathStyleAccess: false
multiPartLimit:
multipartElementSize:
## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, cluster-azure-blob-storage
## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, cluster-azure-blob-storage, azure-blob-storage-v2-direct
azureBlob:
accountName:
accountKey:
@ -1446,6 +1296,9 @@ nginx:
annotations: {}
terminationGracePeriodSeconds: 30
disableProxyBuffering: false
# singleStackIPv6Cluster flag, which manages the Nginx configuration to enable listening on IPv6 and proxy.
# If .Values.nginx.service.ipFamilies and .Values.artifactory.service.ipFamilies is configured for only IPv6, users need to enable this flag.
singleStackIPv6Cluster: false
deployment:
annotations: {}
# Note that by default we use appVersion to get image tag/version
@ -1494,6 +1347,7 @@ nginx:
# Logs options
logs:
stderr: false
stdout: false
level: warn
## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports.
customPorts: []
@ -1505,7 +1359,7 @@ nginx:
# Main Nginx configuration file
worker_processes 4;
{{ if .Values.nginx.logs.stderr }}
{{- if .Values.nginx.logs.stderr }}
error_log stderr {{ .Values.nginx.logs.level }};
{{- else -}}
error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }};
@ -1516,7 +1370,11 @@ nginx:
## SSH Server Configuration
stream {
server {
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.ssh.internalPort }};
{{- else -}}
listen {{ .Values.nginx.ssh.internalPort }};
{{- end }}
proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }};
}
}
@ -1526,7 +1384,6 @@ nginx:
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
@ -1566,7 +1423,11 @@ nginx:
'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
{{- if .Values.nginx.logs.stdout }}
access_log /dev/stdout timing;
{{- else -}}
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
{{- end }}
sendfile on;
#tcp_nopush on;
@ -1589,18 +1450,34 @@ nginx:
## server configuration
server {
{{- if .Values.nginx.internalPortHttps }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttps }} ssl;
{{- else -}}
listen {{ .Values.nginx.internalPortHttps }} ssl;
{{- end }}
{{- else -}}
{{- if .Values.nginx.https.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.https.internalPort }} ssl;
{{- else -}}
listen {{ .Values.nginx.https.internalPort }} ssl;
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.nginx.internalPortHttp }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttp }};
{{- else -}}
listen {{ .Values.nginx.internalPortHttp }};
{{- end }}
{{- else -}}
{{- if .Values.nginx.http.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.http.internalPort }};
{{- else -}}
listen {{ .Values.nginx.http.internalPort }};
{{- end }}
{{- end }}
{{- end }}
server_name ~(?<repo>.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }}
{{- range .Values.ingress.hosts -}}
@ -1677,6 +1554,16 @@ nginx:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer
ssloffload: false
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -1797,7 +1684,7 @@ postgresql:
image:
registry: releases-docker.jfrog.io
repository: bitnami/postgresql
tag: 13.10.0-debian-11-r14
tag: 15.6.0-debian-11-r16
postgresqlUsername: artifactory
postgresqlPassword: ""
postgresqlDatabase: artifactory
@ -1832,6 +1719,8 @@ postgresql:
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## specify custom database details here or leave empty and Artifactory will use embedded derby
database:
## To run Artifactory with any database other than PostgreSQL allowNonPostgresql set to true.
allowNonPostgresql: false
type:
driver:
## If you set the url, leave host and port empty
@ -1914,7 +1803,7 @@ filebeat:
hosts: ["{{ .Values.filebeat.logstashUrl }}"]
## Allows to add additional kubernetes resources
## Use --- as a separator between multiple resources
## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml
## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml
additionalResources: ""
# Adding entries to a Pod's /etc/hosts file
# For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases

9
charts/jfrog/artifactory-jcr/values.yaml
View File

@ -35,7 +35,7 @@ artifactory:
# other: ""
installer:
platform: jcr-helm
installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}'
installerInfo: '{"productId":"Helm_artifactory-jcr/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}'
## Nginx
## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
nginx:
@ -69,8 +69,7 @@ postgresql:
enabled: true
router:
image:
tag: 7.91.0
logger:
tag: 7.105.1
initContainers:
image:
tag: 9.3.1475
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475
tag: 9.3.1552

68
index.yaml
View File

@ -4352,6 +4352,40 @@ entries:
- assets/argo/argo-cd-5.8.0.tgz
version: 5.8.0
artifactory-ha:
- annotations:
artifactoryServiceVersion: 7.84.15
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.84.10
created: "2024-05-13T00:55:01.445481645Z"
dependencies:
- condition: postgresql.enabled
name: postgresql
repository: file://./charts/postgresql
version: 10.3.18
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
digest: 188d3d7005a2bb23c43a47e2a8a36fe4616aafce78d7ae9dd8359856ff3973b2
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png
keywords:
- artifactory
- jfrog
- devops
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: installers@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
urls:
- assets/jfrog/artifactory-ha-107.84.10.tgz
version: 107.84.10
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
@ -6062,6 +6096,40 @@ entries:
- assets/jfrog/artifactory-ha-3.0.1400.tgz
version: 3.0.1400
artifactory-jcr:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.84.10
created: "2024-05-13T00:55:01.854239727Z"
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.84.10
description: JFrog Container Registry
digest: 1b1215e20da4b80fb1fc8862942d9ca33cb0bde033ef015d59e2154624c4b0da
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
keywords:
- artifactory
- jfrog
- container
- registry
- devops
- jfrog-container-registry
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: helm@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
urls:
- assets/jfrog/artifactory-jcr-107.84.10.tgz
version: 107.84.10
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry