andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  jfrog/artifactory-ha:
    - 107.84.10
  jfrog/artifactory-jcr:
    - 107.84.10
```
pull/1017/head
github-actions[bot] 2024-05-13 00:55:17 +00:00
parent ec04db879c
commit 0332340e0f
62 changed files with 1378 additions and 1334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/jfrog/artifactory-ha-107.84.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.84.10.tgz Normal file
View File

Binary file not shown.

51
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,10 +1,59 @@
# JFrog Artifactory-ha Chart Changelog # JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file All changes to this chart will be documented in this file
## [107.77.12] - April 22, 2024 ## [107.84.10] - May 2, 2024
* Added image section for `initContainers` instead of `initContainerImage`
* Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy`
* Removed loggers.image section
* Added support for `global.verisons.initContainers` to override `initContainers.image.tag`
* Fixed an issue with extraSystemYaml merge
* **IMPORTANT**
* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext`
* Renamed `artifactory.uid` to `artifactory.podSecurityContext.runAsUser`
* Renamed `artifactory.gid` to `artifactory.podSecurityContext.runAsGroup` and `artifactory.podSecurityContext.fsGroup`
* Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy`
* Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions`
* Added flag `allowNonPostgresql` defaults to false
* Update postgresql tag version to `15.6.0-debian-12-r5`
* Added a check if `initContainerImage` exists
## [107.83.0] - Mar 12, 2024
* Added image section for `metadata` and `observability`
## [107.82.0] - Mar 04, 2024
* Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router.
* Removed Replicator Service
## [107.81.0] - Feb 20, 2024
* **IMPORTANT**
* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml)
* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given [GH-1848](https://github.com/jfrog/charts/pull/1848)
* Added option to modify the new cache configs, maxFileSizeLimit and skipDuringUpload
* Added IPV4/IPV6 Dualstack flag support for Artifactory and nginx service
* Added `singleStackIPv6Cluster` flag, which manages the Nginx configuration to enable listening on IPv6 and proxying
* Fixing broken link for creating additional kubernetes resources. Refer [here](https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-ha-values.yaml)
* Refactored installerInfo configuration (moved to files/installer-info.json instead of key in values.yaml)
## [107.80.0] - Feb 20, 2024
* Updated README.md to create a namespace using `--create-namespace` as part of helm install
## [107.79.0] - Feb 20, 2024
* **IMPORTANT**
* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default
* Added support for azure-blob-storage-v2-direct config
* Added option to set Nginx to write access_log to container STDOUT
* **Important change:**
* Update postgresql tag version to `15.2.0-debian-11-r23`
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**!
* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true
## [107.77.0] - April 22, 2024
* Removed integration service * Removed integration service
* Added recommended postgresql sizing configurations under sizing directory * Added recommended postgresql sizing configurations under sizing directory
* Updated artifactory-federation (probes, port, embedded mode) * Updated artifactory-federation (probes, port, embedded mode)
* **IMPORTANT**
* setSecurityContext has been renamed to podSecurityContext.
* Moved podSecurityContext to values.yaml
* Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860) * Fixing broken nginx port [GH-1860](https://github.com/jfrog/charts/issues/1860)
* Added nginx.customCommand to use custom commands for the nginx container * Added nginx.customCommand to use custom commands for the nginx container

5
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -1,10 +1,11 @@
annotations: annotations:
artifactoryServiceVersion: 7.84.15
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA catalog.cattle.io/display-name: JFrog Artifactory HA
catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-ha catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2 apiVersion: v2
appVersion: 7.77.12 appVersion: 7.84.10
dependencies: dependencies:
- condition: postgresql.enabled - condition: postgresql.enabled
name: postgresql name: postgresql
@ -26,4 +27,4 @@ name: artifactory-ha
sources: sources:
- https://github.com/jfrog/charts - https://github.com/jfrog/charts
type: application type: application
version: 107.77.12 version: 107.84.10

4
charts/jfrog/artifactory-ha/README.md
View File

@ -37,14 +37,14 @@ helm repo update
### Install Chart ### Install Chart
To install the chart with the release name `artifactory`: To install the chart with the release name `artifactory`:
```bash ```bash
helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha helm upgrade --install artifactory-ha jfrog/artifactory-ha --namespace artifactory-ha --create-namespace
``` ```
### Apply Sizing configurations to the Chart ### Apply Sizing configurations to the Chart
To apply the chart with recommended sizing configurations : To apply the chart with recommended sizing configurations :
For small configurations : For small configurations :
```bash ```bash
helm upgrade --install artifactory-ha --namespace artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml helm upgrade --install artifactory-ha jfrog/artifactory-ha -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml --namespace artifactory-ha --create-namespace
``` ```
## Uninstalling Artifactory ## Uninstalling Artifactory

32
charts/jfrog/artifactory-ha/ci/global-values.yaml
View File

@ -23,8 +23,8 @@ artifactory:
cpu: "4" cpu: "4"
customInitContainersBegin: | customInitContainersBegin: |
- name: "custom-init-begin-local" - name: "custom-init-begin-local"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -34,8 +34,8 @@ artifactory:
name: volume name: volume
customInitContainers: | customInitContainers: |
- name: "custom-init-local" - name: "custom-init-local"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -55,8 +55,8 @@ artifactory:
# Add custom sidecar containers # Add custom sidecar containers
customSidecarContainers: | customSidecarContainers: |
- name: "sidecar-list-local" - name: "sidecar-list-local"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -84,8 +84,8 @@ global:
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
customInitContainersBegin: | customInitContainersBegin: |
- name: "custom-init-begin-global" - name: "custom-init-begin-global"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -95,8 +95,8 @@ global:
name: volume name: volume
customInitContainers: | customInitContainers: |
- name: "custom-init-global" - name: "custom-init-global"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -116,8 +116,8 @@ global:
# Add custom sidecar containers # Add custom sidecar containers
customSidecarContainers: | customSidecarContainers: |
- name: "sidecar-list-global" - name: "sidecar-list-global"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -138,8 +138,8 @@ global:
nginx: nginx:
customInitContainers: | customInitContainers: |
- name: "custom-init-begin-nginx" - name: "custom-init-begin-nginx"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -149,8 +149,8 @@ nginx:
name: custom-script-local name: custom-script-local
customSidecarContainers: | customSidecarContainers: |
- name: "sidecar-list-nginx" - name: "sidecar-list-nginx"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:

9
charts/jfrog/artifactory-ha/ci/rtsplit-access-tls-values.yaml
View File

@ -5,15 +5,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence: persistence:
enabled: false enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
primary: primary:
resources: resources:
requests: requests:

17
charts/jfrog/artifactory-ha/ci/rtsplit-values.yaml
View File

@ -5,23 +5,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence: persistence:
enabled: false enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
# Add lifecycle hooks for replicator container
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
preStop:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
primary: primary:
resources: resources:
requests: requests:

13
charts/jfrog/artifactory-ha/ci/test-values.yaml
View File

@ -2,21 +2,12 @@ databaseUpgradeReady: true
artifactory: artifactory:
openMetrics: openMetrics:
enabled: true enabled: true
fsGroupChangePolicy: "OnRootMismatch" podSecurityContext:
fsGroupChangePolicy: "OnRootMismatch"
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
unifiedSecretInstallation: false unifiedSecretInstallation: false
persistence: persistence:
enabled: false enabled: false
replicator:
name: replicator
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
primary: primary:
resources: resources:
requests: requests:

66
charts/jfrog/artifactory-ha/files/binarystore.xml
View File

@ -29,6 +29,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- end }} {{- end }}
@ -57,6 +63,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
// Specify the read and write strategy and redundancy for the sharding binary provider // Specify the read and write strategy and redundancy for the sharding binary provider
@ -93,6 +105,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
<!-- Shards add local file-system provider configuration --> <!-- Shards add local file-system provider configuration -->
@ -145,6 +163,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }} {{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }}
@ -228,6 +252,12 @@
<provider id="cache-fs-eventual-s3" type="cache-fs"> <provider id="cache-fs-eventual-s3" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- end }} {{- end }}
@ -236,6 +266,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- end }} {{- end }}
@ -338,6 +374,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- if eq .Values.artifactory.persistence.type "azure-blob" }} {{- if eq .Values.artifactory.persistence.type "azure-blob" }}
@ -370,4 +412,28 @@
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection> <testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider> </provider>
</config> </config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "azure-blob-storage-v2-direct" -}}
<config version="3">
<chain template="azure-blob-storage-v2-direct"/>
<provider type="cache-fs" id="cache-fs">
<cacheProviderDir>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</cacheProviderDir>
<maxCacheSize>{{ .Values.artifactory.persistence.cacheProviderDir }}</maxCacheSize>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
<provider id="azure-blob-storage-v2" type="azure-blob-storage-v2">
<accountName>{{ .Values.artifactory.persistence.azureBlob.accountName }}</accountName>
<accountKey>{{ .Values.artifactory.persistence.azureBlob.accountKey }}</accountKey>
<endpoint>{{ .Values.artifactory.persistence.azureBlob.endpoint }}</endpoint>
<container>{{ .Values.artifactory.persistence.azureBlob.containerName }}</container>
<multiPartLimit>{{ .Values.artifactory.persistence.azureBlob.multiPartLimit | int64 }}</multiPartLimit>
<multipartElementSize>{{ .Values.artifactory.persistence.azureBlob.multipartElementSize | int64 }}</multipartElementSize>
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider>
</config>
{{- end }} {{- end }}

32
charts/jfrog/artifactory-ha/files/installer-info.json Normal file
View File

@ -0,0 +1,32 @@
{
"productId": "Helm_artifactory-ha/{{ .Chart.Version }}",
"features": [
{
"featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"
},
{
"featureId": "Database/{{ .Values.database.type }}"
},
{
"featureId": "PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"
},
{
"featureId": "Nginx_Enabled/{{ .Values.nginx.enabled }}"
},
{
"featureId": "ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"
},
{
"featureId": "SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"
},
{
"featureId": "UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"
},
{
"featureId": "Filebeat_Enabled/{{ .Values.filebeat.enabled }}"
},
{
"featureId": "ReplicaCount/{{ add .Values.artifactory.primary.replicaCount .Values.artifactory.node.replicaCount }}"
}
]
}

38
charts/jfrog/artifactory-ha/files/migrate.sh
View File

@ -2916,9 +2916,6 @@ yamlMigrate () {
if [[ ! -z "${value}" ]]; then if [[ ! -z "${value}" ]]; then
value=$(updateConnectionString "${yamlPath}" "${value}") value=$(updateConnectionString "${yamlPath}" "${value}")
fi fi
if [[ "${PRODUCT}" == "artifactory" ]]; then
replicatorProfiling
fi
if [[ -z "${value}" ]]; then if [[ -z "${value}" ]]; then
logger "No value for [${key}] in [${sourceFile}]" logger "No value for [${key}] in [${sourceFile}]"
else else
@ -4218,26 +4215,13 @@ commentNodeId () {
artifactoryInfoMessage () { artifactoryInfoMessage () {
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
addText "# yamlFile was generated from db.properties,replicator.yaml and ha-node.properties config files." "${SYSTEM_YAML_PATH}" addText "# yamlFile was generated from db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
else else
addText "# yamlFile was generated from default file,replicator.yaml,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" addText "# yamlFile was generated from default file,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
fi fi
} }
replicatorProfiling () {
if [[ "${key}" == "profilingDisabled" ]]; then
if [[ ! -z "${value}" ]]; then
if [[ "${value}" == "false" ]]; then
value="true"
else
value="false"
fi
fi
fi
}
setHaEnabled_hook () { setHaEnabled_hook () {
local filePath="$1" local filePath="$1"
if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then
@ -4277,27 +4261,9 @@ _createBackupOfLogBackDir () {
removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}" removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}"
} }
_createBackupOfReplicatorRtYaml () {
local backupDir="$1"
local replicatorRtYamlFile="${NEW_DATA_DIR}/etc/replicator/replicator.artifactory.yaml"
local effectiveUser=
local effectiveGroup=
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
effectiveUser="${JF_USER}"
effectiveGroup="${JF_USER}"
elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then
effectiveUser="${USER_TO_CHECK}"
effectiveGroup="${GROUP_TO_CHECK}"
fi
removeSoftLinkAndCreateDir "${backupDir}/replicatorYamlFile" "${effectiveUser}" "${effectiveGroup}" "yes"
removeFileOperation "${backupDir}/replicatorYamlFile" "${replicatorRtYamlFile}"
}
backupFiles_hook () { backupFiles_hook () {
local backupDirectory="$1" local backupDirectory="$1"
_createBackupOfLogBackDir "${backupDirectory}" _createBackupOfLogBackDir "${backupDirectory}"
_createBackupOfReplicatorRtYaml "${backupDirectory}"
} }
migrateArtifactory () { migrateArtifactory () {

5
charts/jfrog/artifactory-ha/files/migrationHelmInfo.yaml
View File

@ -11,10 +11,6 @@ migration:
work/access=access/tmp work/access=access/tmp
log/archived/access=access/logs log/archived/access=access/logs
log/archived/artifactory=logs log/archived/artifactory=logs
etc/replicator=replicator/etc
backup/replicator=replicator/backup
data/replicator=replicator/data
log/archived/replicator=replicator/logs
linkFiles: linkFiles:
map: map:
# Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value # Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value
@ -27,6 +23,5 @@ migration:
# Note $JF_ROOT_DATA_DIR will be prepended to the map entry # Note $JF_ROOT_DATA_DIR will be prepended to the map entry
map: map:
access access
replicator
metadata metadata
logs logs

149
charts/jfrog/artifactory-ha/files/system.yaml Normal file
View File

@ -0,0 +1,149 @@
router:
serviceRegistry:
insecure: {{ .Values.router.serviceRegistry.insecure }}
shared:
{{- if .Values.artifactory.coldStorage.enabled }}
jfrogColdStorage:
coldInstanceEnabled: true
{{- end }}
{{- if .Values.artifactory.openMetrics.enabled }}
metrics:
enabled: true
{{- if .Values.artifactory.openMetrics.filebeat.enabled }}
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }}
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.primary.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
database:
allowNonPostgresql: {{ .Values.database.allowNonPostgresql }}
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
host: ""
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{ else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.access.database.enabled }}
type: "{{ .Values.access.database.type }}"
url: "{{ .Values.access.database.url }}"
driver: "{{ .Values.access.database.driver }}"
username: "{{ .Values.access.database.user }}"
password: "{{ .Values.access.database.password }}"
{{- end }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}"
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}

7
charts/jfrog/artifactory-ha/templates/NOTES.txt
View File

@ -39,6 +39,13 @@ Congratulations. You have just deployed JFrog Artifactory HA!
{{- end }} {{- end }}
{{- if .Values.artifactory.setSecurityContext }}
****************************************** WARNING **********************************************
* From chart version 107.84.x, `setSecurityContext` has been renamed to `podSecurityContext`, *
please change your values.yaml before upgrade , For more Info , refer to 107.84.x changelog *
*************************************************************************************************
{{- end }}
{{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }} {{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }}
****************************************** WARNING ************************************************************************************************** ****************************************** WARNING **************************************************************************************************
* The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.* * The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.*

63
charts/jfrog/artifactory-ha/templates/_helpers.tpl
View File

@ -55,32 +55,6 @@ If release name contains chart name it will be used as a full name.
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Create a default fully qualified Replicator app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.replicator.fullname" -}}
{{- if .Values.artifactory.replicator.ingress.name -}}
{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified replicator tracker ingress name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.replicator.tracker.fullname" -}}
{{- if .Values.artifactory.replicator.trackerIngress.name -}}
{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -309,13 +283,27 @@ Return the proper artifactory chart image names
{{- $indexReference := index . 1 }} {{- $indexReference := index . 1 }}
{{- $registryName := index $dot.Values $indexReference "image" "registry" -}} {{- $registryName := index $dot.Values $indexReference "image" "registry" -}}
{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} {{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}}
{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} {{- $tag := "" -}}
{{- if and (eq $indexReference "artifactory") (hasKey $dot.Values "artifactoryService") }}
{{- if default false $dot.Values.artifactoryService.enabled }}
{{- $indexReference = "artifactoryService" -}}
{{- $tag = default $dot.Chart.Annotations.artifactoryServiceVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- $repositoryName = index $dot.Values $indexReference "image" "repository" -}}
{{- else -}}
{{- $tag = default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- end -}}
{{- else -}}
{{- $tag = default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- end -}}
{{- if $dot.Values.global }} {{- if $dot.Values.global }}
{{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }} {{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }}
{{- $tag = $dot.Values.global.versions.router | toString -}} {{- $tag = $dot.Values.global.versions.router | toString -}}
{{- end -}}
{{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }}
{{- $tag = $dot.Values.global.versions.initContainers | toString -}}
{{- end -}} {{- end -}}
{{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }}
{{- $tag = $dot.Values.global.versions.artifactory | toString -}} {{- $tag = $dot.Values.global.versions.artifactory | toString -}}
{{- end -}} {{- end -}}
{{- if $dot.Values.global.imageRegistry }} {{- if $dot.Values.global.imageRegistry }}
{{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}}
@ -378,9 +366,6 @@ Resolve requiredServiceTypes value
{{- if .Values.jfconnect.enabled -}} {{- if .Values.jfconnect.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}}
{{- end -}} {{- end -}}
{{- if .Values.artifactory.replicator.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfxfer" -}}
{{- end -}}
{{- if .Values.mc.enabled -}} {{- if .Values.mc.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}}
{{- end -}} {{- end -}}
@ -490,3 +475,17 @@ nodeSelector:
{{ toYaml .Values.nginx.nodeSelector | indent 2 }} {{ toYaml .Values.nginx.nodeSelector | indent 2 }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Calculate the systemYaml from structured and unstructured text input
*/}}
{{- define "artifactory.finalSystemYaml" -}}
{{ tpl (mergeOverwrite (include "artifactory.systemYaml" . | fromYaml) .Values.artifactory.extraSystemYaml | toYaml) . }}
{{- end -}}
{{/*
Calculate the systemYaml from the unstructured text input
*/}}
{{- define "artifactory.systemYaml" -}}
{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }}
{{- end -}}

5
charts/jfrog/artifactory-ha/templates/_system-yaml-render.tpl Normal file
View File

@ -0,0 +1,5 @@
{{- if .Values.artifactory.systemYaml -}}
{{- tpl .Values.artifactory.systemYaml . -}}
{{- else -}}
{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }}
{{- end -}}

6
charts/jfrog/artifactory-ha/templates/artifactory-installer-info.yaml
View File

@ -9,4 +9,8 @@ metadata:
release: {{ .Release.Name }} release: {{ .Release.Name }}
data: data:
installer-info.json: | installer-info.json: |
{{ tpl .Values.installerInfo . }} {{- if .Values.installerInfo -}}
{{- tpl .Values.installerInfo . | nindent 4 -}}
{{- else -}}
{{ (tpl ( .Files.Get "files/installer-info.json" | nindent 4 ) .) }}
{{- end -}}

2
charts/jfrog/artifactory-ha/templates/artifactory-license-secret.yaml
View File

@ -1,4 +1,4 @@
{{ if (not .Values.artifactory.unifiedSecretInstallation) }} {{ if and (not .Values.artifactory.unifiedSecretInstallation) (not .Values.artifactory.license.secret) (not .Values.artifactory.license.licenseKey) }}
{{- with .Values.artifactory.license.licenseKey }} {{- with .Values.artifactory.license.licenseKey }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret

158
charts/jfrog/artifactory-ha/templates/artifactory-node-statefulset.yaml
View File

@ -67,19 +67,8 @@ spec:
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} {{- include "artifactory-ha.imagePullSecrets" . | indent 6 }}
{{- end }} {{- end }}
{{- if .Values.artifactory.setSecurityContext }} {{- if .Values.artifactory.podSecurityContext.enabled }}
securityContext: securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }}
runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
runAsGroup: {{ .Values.artifactory.gid }}
fsGroup: {{ .Values.artifactory.gid }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
{{- if .Values.artifactory.seLinuxOptions }}
seLinuxOptions:
{{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.artifactory.topologySpreadConstraints }} {{- if .Values.artifactory.topologySpreadConstraints }}
topologySpreadConstraints: topologySpreadConstraints:
@ -93,8 +82,8 @@ spec:
{{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir" - name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -112,8 +101,8 @@ spec:
{{- end }} {{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties" - name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
command: command:
- 'bash' - 'bash'
- '-c' - '-c'
@ -127,8 +116,8 @@ spec:
{{- end }} {{- end }}
{{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }} {{- if and .Values.artifactory.node.waitForPrimaryStartup.enabled }}
- name: "wait-for-primary" - name: "wait-for-primary"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -151,7 +140,8 @@ spec:
{{ toYaml .Values.initContainers.resources | indent 10 }} {{ toYaml .Values.initContainers.resources | indent 10 }}
{{- end }} {{- end }}
- name: 'copy-system-configurations' - name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}' image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -187,7 +177,7 @@ spec:
- name: ARTIFACTORY_MASTER_KEY - name: ARTIFACTORY_MASTER_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }}
name: {{ include "artifactory-ha.masterKeySecretName" . }} name: {{ include "artifactory-ha.masterKeySecretName" . }}
{{- else }} {{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret" name: "{{ template "artifactory-ha.name" . }}-unified-secret"
@ -199,8 +189,9 @@ spec:
volumeMounts: volumeMounts:
- name: volume - name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} ######################## SystemYaml #########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }}
- name: systemyaml - name: systemyaml
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -208,24 +199,29 @@ spec:
{{- if .Values.systemYamlOverride.existingSecret }} {{- if .Values.systemYamlOverride.existingSecret }}
mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}"
subPath: {{ .Values.systemYamlOverride.dataKey }} subPath: {{ .Values.systemYamlOverride.dataKey }}
{{- else if .Values.artifactory.systemYaml }} {{- else }}
mountPath: "/tmp/etc/system.yaml" mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml subPath: system.yaml
{{- end }} {{- end }}
{{- end }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} ######################## Binarystore ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
######################## CustomCertificates ##########################
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates - name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
resources: resources:
{{ toYaml .Values.initContainers.resources | indent 10 }} {{ toYaml .Values.initContainers.resources | indent 10 }}
command: command:
@ -242,7 +238,8 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }} {{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates - name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -263,7 +260,8 @@ spec:
{{- if .Values.waitForDatabase }} {{- if .Values.waitForDatabase }}
{{- if or .Values.postgresql.enabled }} {{- if or .Values.postgresql.enabled }}
- name: "wait-for-db" - name: "wait-for-db"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
command: command:
- /bin/bash - /bin/bash
- -c - -c
@ -392,13 +390,18 @@ spec:
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} {{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }}
{{- end }} {{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }} {{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data - name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup - name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }} {{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -406,8 +409,10 @@ spec:
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
{{- end }} {{- end }}
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json - name: gcpcreds-json
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -415,6 +420,7 @@ spec:
mountPath: "/artifactory_bootstrap/gcp.credentials.json" mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json subPath: gcp.credentials.json
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.hostAliases }} {{- if .Values.hostAliases }}
hostAliases: hostAliases:
@ -424,7 +430,7 @@ spec:
{{- if .Values.splitServicesToContainers }} {{- if .Values.splitServicesToContainers }}
- name: {{ .Values.router.name }} - name: {{ .Values.router.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} imagePullPolicy: {{ .Values.router.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -508,7 +514,7 @@ spec:
{{- end }} {{- end }}
{{- if .Values.metadata.enabled }} {{- if .Values.metadata.enabled }}
- name: {{ .Values.metadata.name }} - name: {{ .Values.metadata.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "metadata") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -635,36 +641,6 @@ spec:
livenessProbe: livenessProbe:
{{ tpl .Values.event.livenessProbe.config . | indent 10 }} {{ tpl .Values.event.livenessProbe.config . | indent 10 }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- '/bin/bash'
- '-c'
- >
exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start
{{- with .Values.artifactory.replicator.lifecycle }}
lifecycle:
{{ toYaml . | indent 10 }}
{{- end }}
env:
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- with .Values.artifactory.replicator.extraEnvironmentVariables }}
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
resources:
{{ toYaml .Values.artifactory.replicator.resources | indent 10 }}
{{- end }} {{- end }}
{{- if .Values.jfconnect.enabled }} {{- if .Values.jfconnect.enabled }}
- name: {{ .Values.jfconnect.name }} - name: {{ .Values.jfconnect.name }}
@ -766,7 +742,7 @@ spec:
{{- end }} {{- end }}
{{- if .Values.observability.enabled }} {{- if .Values.observability.enabled }}
- name: {{ .Values.observability.name }} - name: {{ .Values.observability.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "observability") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -860,10 +836,6 @@ spec:
value: "false" value: "false"
- name : JF_FRONTEND_ENABLED - name : JF_FRONTEND_ENABLED
value: "false" value: "false"
- name: JF_REPLICATOR_ENABLED
value: "true"
- name: JF_REPLICATOR_SERVICE_ENABLED
value: "false"
- name: JF_FEDERATION_ENABLED - name: JF_FEDERATION_ENABLED
value: "false" value: "false"
- name : JF_OBSERVABILITY_ENABLED - name : JF_OBSERVABILITY_ENABLED
@ -961,6 +933,8 @@ spec:
{{- end }} {{- end }}
- name: volume - name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}" mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
######################## Artifactory persistence fs ##########################
{{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -971,21 +945,27 @@ spec:
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }} {{- end }}
{{- end }} {{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }} {{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data - name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup - name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }} {{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json - name: gcpcreds-json
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -993,12 +973,16 @@ spec:
mountPath: "/artifactory_bootstrap/gcp.credentials.json" mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json subPath: gcp.credentials.json
{{- end }} {{- end }}
######################## Artifactory ConfigMap ##########################
{{- if .Values.artifactory.configMapName }} {{- if .Values.artifactory.configMapName }}
- name: bootstrap-config - name: bootstrap-config
mountPath: "/bootstrap/" mountPath: "/bootstrap/"
{{- end }} {{- end }}
######################## Artifactory license ##########################
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }}
- name: artifactory-license - name: artifactory-license
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -1010,7 +994,7 @@ spec:
subPath: artifactory.lic subPath: artifactory.lic
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
- name: installer-info - name: installer-info
mountPath: "/artifactory_bootstrap/info/installer-info.json" mountPath: "/artifactory_bootstrap/info/installer-info.json"
subPath: installer-info.json subPath: installer-info.json
@ -1036,7 +1020,8 @@ spec:
{{- $mountPath := .Values.artifactory.persistence.mountPath }} {{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }} {{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }} {{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -1056,7 +1041,8 @@ spec:
{{- if .Values.artifactory.catalinaLoggers }} {{- if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }} {{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }} {{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -1177,6 +1163,12 @@ spec:
secretName: {{ .Values.artifactory.license.secret }} secretName: {{ .Values.artifactory.license.secret }}
{{- end }} {{- end }}
{{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json
secret:
secretName: {{ .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
{{- end }}
############ Config map, Volumes and Custom Volumes ############## ############ Config map, Volumes and Custom Volumes ##############
{{- if .Values.artifactory.migration.enabled }} {{- if .Values.artifactory.migration.enabled }}
- name: migration-scripts - name: migration-scripts
@ -1201,6 +1193,7 @@ spec:
configMap: configMap:
name: {{ template "artifactory-ha.fullname" . }}-configmaps name: {{ template "artifactory-ha.fullname" . }}-configmaps
{{- end }} {{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -1213,6 +1206,7 @@ spec:
claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }} {{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data - name: artifactory-ha-data
persistentVolumeClaim: persistentVolumeClaim:
@ -1221,6 +1215,7 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }} {{- end }}
{{- if .Values.artifactory.customPersistentVolumeClaim }} {{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
persistentVolumeClaim: persistentVolumeClaim:
@ -1246,6 +1241,7 @@ spec:
secret: secret:
secretName: {{ template "artifactory-ha.name" . }}-unified-secret secretName: {{ template "artifactory-ha.name" . }}-unified-secret
{{- else if not .Values.artifactory.unifiedSecretInstallation }} {{- else if not .Values.artifactory.unifiedSecretInstallation }}
############ If single secret installation flag is disable ############ ############ If single secret installation flag is disable ############
{{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled (not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName) }} {{- if and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled (not .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName) }}
- name: gcpcreds-json - name: gcpcreds-json
@ -1257,21 +1253,13 @@ spec:
secret: secret:
secretName: {{ template "artifactory-ha.fullname" . }}-license secretName: {{ template "artifactory-ha.fullname" . }}-license
{{- end }} {{- end }}
{{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }}
- name: access-bootstrap-creds {{- if and (not .Values.systemYamlOverride.existingSecret) }}
secret:
secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
{{- end }}
{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }}
- name: systemyaml - name: systemyaml
secret: secret:
secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml
{{- end }} {{- end }}
{{- if .Values.access.accessConfig }}
- name: access-config
secret:
secretName: {{ template "artifactory-ha.fullname" . }}-access-config
{{- end }}
{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }} {{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
secret: secret:

6
charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml
View File

@ -20,6 +20,12 @@ spec:
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }} clusterIP: {{ .Values.artifactory.service.clusterIP }}
{{- end }} {{- end }}
{{- if .Values.artifactory.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.artifactory.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }}
{{- end }}
ports: ports:
- port: {{ .Values.artifactory.externalPort }} - port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }} targetPort: {{ .Values.artifactory.internalPort }}

177
charts/jfrog/artifactory-ha/templates/artifactory-primary-statefulset.yaml
View File

@ -13,7 +13,7 @@ metadata:
{{ toYaml . | indent 4 }} {{ toYaml . | indent 4 }}
{{- end }} {{- end }}
{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 4.x.x) that has postgresql.image.tag of 9.x or 10.x or 12.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 4.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 107.79.x) that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 107.79.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }}
{{- end }} {{- end }}
{{- if .Values.artifactory.postStartCommand }} {{- if .Values.artifactory.postStartCommand }}
{{- fail ".Values.artifactory.postStartCommand is not supported and should be replaced with .Values.artifactory.lifecycle.postStart.exec.command" }} {{- fail ".Values.artifactory.postStartCommand is not supported and should be replaced with .Values.artifactory.lifecycle.postStart.exec.command" }}
@ -24,6 +24,20 @@ metadata:
{{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }} {{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }}
{{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }} {{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }}
{{- end }} {{- end }}
{{- if (eq (.Values.artifactory.setSecurityContext | toString) "false" ) }}
{{- fail "\n You need to set security context at the pod level. .Values.artifactory.setSecurityContext is no longer supported. Replace it with .Values.artifactory.podSecurityContext" }}
{{- end }}
{{- if or .Values.artifactory.uid .Values.artifactory.gid }}
{{- if or (not (eq (.Values.artifactory.uid | toString) "1030" )) (not (eq (.Values.artifactory.gid | toString) "1030" )) }}
{{- fail "\n .Values.artifactory.uid and .Values.artifactory.gid are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.runAsUser, .Values.artifactory.podSecurityContext.runAsGroup and .Values.artifactory.podSecurityContext.fsGroup" }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.fsGroupChangePolicy .Values.artifactory.seLinuxOptions }}
{{- fail "\n .Values.artifactory.fsGroupChangePolicy and .Values.artifactory.seLinuxOptions are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.fsGroupChangePolicy and .Values.artifactory.podSecurityContext.seLinuxOptions" }}
{{- end }}
{{- if .Values.initContainerImage }}
{{- fail "\n .Values.initContainerImage is no longer supported. Replace it with .Values.initContainers.image.registry .Values.initContainers.image.repository and .Values.initContainers.image.tag" }}
{{- end }}
{{- with .Values.artifactory.statefulset.annotations }} {{- with .Values.artifactory.statefulset.annotations }}
annotations: annotations:
{{ toYaml . | indent 4 }} {{ toYaml . | indent 4 }}
@ -85,19 +99,8 @@ spec:
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory-ha.imagePullSecrets" . | indent 6 }} {{- include "artifactory-ha.imagePullSecrets" . | indent 6 }}
{{- end }} {{- end }}
{{- if .Values.artifactory.setSecurityContext }} {{- if .Values.artifactory.podSecurityContext.enabled }}
securityContext: securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }}
runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
runAsGroup: {{ .Values.artifactory.gid }}
fsGroup: {{ .Values.artifactory.gid }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
{{- if .Values.artifactory.seLinuxOptions }}
seLinuxOptions:
{{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.artifactory.topologySpreadConstraints }} {{- if .Values.artifactory.topologySpreadConstraints }}
topologySpreadConstraints: topologySpreadConstraints:
@ -111,8 +114,8 @@ spec:
{{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir" - name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -130,8 +133,8 @@ spec:
{{- end }} {{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties" - name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -147,8 +150,8 @@ spec:
{{- end }} {{- end }}
{{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }}
- name: "access-bootstrap-creds" - name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -165,7 +168,7 @@ spec:
volumeMounts: volumeMounts:
- name: volume - name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}" mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }}
- name: access-bootstrap-creds - name: access-bootstrap-creds
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -179,7 +182,8 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
- name: 'copy-system-configurations' - name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}' image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -237,7 +241,7 @@ spec:
- name: ARTIFACTORY_JOIN_KEY - name: ARTIFACTORY_JOIN_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }}
name: {{ include "artifactory-ha.joinKeySecretName" . }} name: {{ include "artifactory-ha.joinKeySecretName" . }}
{{- else }} {{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret" name: "{{ template "artifactory-ha.name" . }}-unified-secret"
@ -248,7 +252,7 @@ spec:
- name: ARTIFACTORY_JFCONNECT_TOKEN - name: ARTIFACTORY_JFCONNECT_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }}
name: {{ include "artifactory-ha.jfConnectTokenSecretName" . }} name: {{ include "artifactory-ha.jfConnectTokenSecretName" . }}
{{- else }} {{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret" name: "{{ template "artifactory-ha.name" . }}-unified-secret"
@ -259,18 +263,21 @@ spec:
- name: ARTIFACTORY_MASTER_KEY - name: ARTIFACTORY_MASTER_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }}
name: {{ include "artifactory-ha.masterKeySecretName" . }} name: {{ include "artifactory-ha.masterKeySecretName" . }}
{{- else }} {{- else }}
name: "{{ template "artifactory-ha.name" . }}-unified-secret" name: "{{ template "artifactory-ha.name" . }}-unified-secret"
{{- end }} {{- end }}
key: master-key key: master-key
{{- end }} {{- end }}
######################## Volume Mounts For copy-system-configurations ##########################
volumeMounts: volumeMounts:
- name: volume - name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} ######################## SystemYaml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }}
- name: systemyaml - name: systemyaml
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -278,19 +285,22 @@ spec:
{{- if .Values.systemYamlOverride.existingSecret }} {{- if .Values.systemYamlOverride.existingSecret }}
mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}"
subPath: {{ .Values.systemYamlOverride.dataKey }} subPath: {{ .Values.systemYamlOverride.dataKey }}
{{- else if .Values.artifactory.systemYaml }} {{- else }}
mountPath: "/tmp/etc/system.yaml" mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml subPath: system.yaml
{{- end }} {{- end }}
{{- end }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} ######################## Binarystore ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
{{- if .Values.access.accessConfig }}
######################## Access config ##########################
{{- if .Values.access.accessConfig }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if not .Values.artifactory.unifiedSecretInstallation }}
- name: access-config - name: access-config
{{- else }} {{- else }}
@ -298,18 +308,22 @@ spec:
{{- end }} {{- end }}
mountPath: "/tmp/etc/access.config.patch.yml" mountPath: "/tmp/etc/access.config.patch.yml"
subPath: access.config.patch.yml subPath: access.config.patch.yml
{{- end }} {{- end }}
{{- if .Values.access.customCertificatesSecretName }}
######################## Access certs external secret ##########################
{{- if .Values.access.customCertificatesSecretName }}
- name: access-certs - name: access-certs
mountPath: "/tmp/etc/tls.crt" mountPath: "/tmp/etc/tls.crt"
subPath: tls.crt subPath: tls.crt
- name: access-certs - name: access-certs
mountPath: "/tmp/etc/tls.key" mountPath: "/tmp/etc/tls.key"
subPath: tls.key subPath: tls.key
{{- end }} {{- end }}
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates - name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -329,7 +343,8 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }} {{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates - name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: c
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -350,7 +365,8 @@ spec:
{{- if .Values.waitForDatabase }} {{- if .Values.waitForDatabase }}
{{- if or .Values.postgresql.enabled }} {{- if or .Values.postgresql.enabled }}
- name: "wait-for-db" - name: "wait-for-db"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -469,6 +485,8 @@ spec:
subPath: migrationStatus.sh subPath: migrationStatus.sh
- name: volume - name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}" mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
######################## Artifactory persistence fs ##########################
{{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -479,24 +497,32 @@ spec:
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }} {{- end }}
{{- end }} {{- end }}
######################## CustomVolumeMounts ##########################
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }} {{ tpl (include "artifactory-ha.customVolumeMounts" .) . | indent 8 }}
{{- end }} {{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }} {{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data - name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup - name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }} {{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if (not .Values.artifactory.unifiedSecretInstallation) }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json - name: gcpcreds-json
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
@ -504,8 +530,10 @@ spec:
mountPath: "/artifactory_bootstrap/gcp.credentials.json" mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json subPath: gcp.credentials.json
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.hostAliases }} {{- if .Values.hostAliases }}
hostAliases: hostAliases:
{{ toYaml .Values.hostAliases | indent 6 }} {{ toYaml .Values.hostAliases | indent 6 }}
@ -514,7 +542,7 @@ spec:
{{- if .Values.splitServicesToContainers }} {{- if .Values.splitServicesToContainers }}
- name: {{ .Values.router.name }} - name: {{ .Values.router.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} imagePullPolicy: {{ .Values.router.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -598,7 +626,7 @@ spec:
{{- end }} {{- end }}
{{- if .Values.metadata.enabled }} {{- if .Values.metadata.enabled }}
- name: {{ .Values.metadata.name }} - name: {{ .Values.metadata.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "metadata") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -725,36 +753,6 @@ spec:
livenessProbe: livenessProbe:
{{ tpl .Values.event.livenessProbe.config . | indent 10 }} {{ tpl .Values.event.livenessProbe.config . | indent 10 }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- '/bin/bash'
- '-c'
- >
exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start
{{- with .Values.artifactory.replicator.lifecycle }}
lifecycle:
{{ toYaml . | indent 10 }}
{{- end }}
env:
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- with .Values.artifactory.replicator.extraEnvironmentVariables }}
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
resources:
{{ toYaml .Values.artifactory.replicator.resources | indent 10 }}
{{- end }} {{- end }}
{{- if .Values.jfconnect.enabled }} {{- if .Values.jfconnect.enabled }}
- name: {{ .Values.jfconnect.name }} - name: {{ .Values.jfconnect.name }}
@ -838,7 +836,7 @@ spec:
{{- end }} {{- end }}
{{- if .Values.observability.enabled }} {{- if .Values.observability.enabled }}
- name: {{ .Values.observability.name }} - name: {{ .Values.observability.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list . "observability") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
@ -944,10 +942,6 @@ spec:
value: "false" value: "false"
- name : JF_FRONTEND_ENABLED - name : JF_FRONTEND_ENABLED
value: "false" value: "false"
- name: JF_REPLICATOR_ENABLED
value: "true"
- name: JF_REPLICATOR_SERVICE_ENABLED
value: "false"
- name: JF_FEDERATION_ENABLED - name: JF_FEDERATION_ENABLED
value: "false" value: "false"
- name : JF_OBSERVABILITY_ENABLED - name : JF_OBSERVABILITY_ENABLED
@ -1030,6 +1024,7 @@ spec:
- containerPort: {{ .Values.artifactory.ssh.internalPort }} - containerPort: {{ .Values.artifactory.ssh.internalPort }}
name: tcp-ssh name: tcp-ssh
{{- end }} {{- end }}
volumeMounts: volumeMounts:
{{- if .Values.artifactory.customPersistentVolumeClaim }} {{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }} - name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
@ -1053,6 +1048,8 @@ spec:
{{- end }} {{- end }}
- name: volume - name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}" mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
######################## Artifactory persistence fs ##########################
{{- if eq .Values.artifactory.persistence.type "file-system" }} {{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }} {{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }} {{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
@ -1063,12 +1060,16 @@ spec:
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}" mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }} {{- end }}
{{- end }} {{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }} {{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data - name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup - name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }} {{- else }}
######################## Artifactory persistence binarystoreXml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
@ -1076,20 +1077,26 @@ spec:
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
######################## Artifactory persistence googleStorage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json - name: gcpcreds-json
{{- else }} {{- else }}
- name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory-ha.unifiedCustomSecretVolumeName" . }}
{{- end }} {{- end }}
mountPath: "/artifactory_bootstrap/gcp.credentials.json" mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json subPath: gcp.credentials.json
{{- end }}
{{- end }} {{- end }}
{{- end }}
######################## Artifactory configMapName ##########################
{{- if .Values.artifactory.configMapName }} {{- if .Values.artifactory.configMapName }}
- name: bootstrap-config - name: bootstrap-config
mountPath: "/bootstrap/" mountPath: "/bootstrap/"
{{- end }} {{- end }}
######################## Artifactory license ##########################
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }}
- name: artifactory-license - name: artifactory-license
@ -1103,6 +1110,7 @@ spec:
subPath: artifactory.lic subPath: artifactory.lic
{{- end }} {{- end }}
{{- end }} {{- end }}
- name: installer-info - name: installer-info
mountPath: "/artifactory_bootstrap/info/installer-info.json" mountPath: "/artifactory_bootstrap/info/installer-info.json"
subPath: installer-info.json subPath: installer-info.json
@ -1128,7 +1136,8 @@ spec:
{{- $mountPath := .Values.artifactory.persistence.mountPath }} {{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }} {{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }} {{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -1148,7 +1157,8 @@ spec:
{{ if .Values.artifactory.catalinaLoggers }} {{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }} {{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }} {{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -1228,6 +1238,7 @@ spec:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}
{{- end }} {{- end }}
volumes: volumes:
########## External secrets ########### ########## External secrets ###########
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
@ -1369,12 +1380,12 @@ spec:
secret: secret:
secretName: {{ template "artifactory-ha.fullname" . }}-license secretName: {{ template "artifactory-ha.fullname" . }}-license
{{- end }} {{- end }}
{{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }} {{- if and .Values.artifactory.admin.password (and (not .Values.artifactory.admin.secret) (not .Values.artifactory.admin.dataKey)) }}
- name: access-bootstrap-creds - name: access-bootstrap-creds
secret: secret:
secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
{{- end }} {{- end }}
{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }} {{- if and (not .Values.systemYamlOverride.existingSecret) }}
- name: systemyaml - name: systemyaml
secret: secret:
secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml

4
charts/jfrog/artifactory-ha/templates/artifactory-secrets.yaml
View File

@ -1,4 +1,5 @@
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.jfConnectToken .Values.artifactory.masterKey .Values.global.masterKey }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -21,8 +22,9 @@ data:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.artifactory.jfConnectToken }} {{- if .Values.artifactory.jfConnectToken }}
{{- if not (.Values.artifactory.jfConnectTokenSecretName) }} {{- if not .Values.artifactory.jfConnectTokenSecretName }}
jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }} jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

6
charts/jfrog/artifactory-ha/templates/artifactory-service.yaml
View File

@ -17,6 +17,12 @@ metadata:
{{ toYaml .Values.artifactory.service.annotations | indent 4 }} {{ toYaml .Values.artifactory.service.annotations | indent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.artifactory.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.artifactory.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }}
{{- end }}
type: {{ .Values.artifactory.service.type }} type: {{ .Values.artifactory.service.type }}
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }} clusterIP: {{ .Values.artifactory.service.clusterIP }}

2
charts/jfrog/artifactory-ha/templates/artifactory-system-yaml.yaml
View File

@ -12,5 +12,5 @@ metadata:
type: Opaque type: Opaque
stringData: stringData:
system.yaml: | system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }} {{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }} {{- end }}

18
charts/jfrog/artifactory-ha/templates/artifactory-unified-secret.yaml
View File

@ -17,18 +17,18 @@ stringData:
{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} {{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }}
{{- end }} {{- end }}
{{- if and (not .Values.artifactory.persistence.customBinarystoreXmlSecret) }} {{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
binarystore.xml: |- binarystore.xml: |-
{{- if .Values.artifactory.persistence.binarystoreXml }} {{- if .Values.artifactory.persistence.binarystoreXml }}
{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} {{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }}
{{- else }} {{- else }}
{{ tpl ( .Files.Get "files/binarystore.xml" ) . | indent 4 }} {{ tpl ( .Files.Get "files/binarystore.xml" ) . | indent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if not .Values.systemYamlOverride.existingSecret }} {{- if and (not .Values.systemYamlOverride.existingSecret) }}
system.yaml: | system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }} {{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }} {{- end }}
{{- if .Values.artifactory.customSecrets }} {{- if .Values.artifactory.customSecrets }}
@ -47,7 +47,7 @@ stringData:
data: data:
{{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }} {{- if and (not .Values.database.secrets) (not .Values.postgresql.enabled) }}
{{- if or .Values.database.url .Values.database.user .Values.database.password }} {{- if or .Values.database.url .Values.database.user .Values.database.password }}
{{- with .Values.database.url }} {{- with .Values.database.url }}
@ -69,22 +69,26 @@ data:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if not .Values.artifactory.license.secret }}
{{- with .Values.artifactory.license.licenseKey }} {{- with .Values.artifactory.license.licenseKey }}
artifactory.lic: {{ . | b64enc | quote }} artifactory.lic: {{ . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }}
{{- if or .Values.artifactory.masterKey .Values.global.masterKey }} {{- if or .Values.artifactory.masterKey .Values.global.masterKey }}
{{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }}
master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }} master-key: {{ include "artifactory-ha.masterKey" . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey }} {{- if or .Values.artifactory.joinKey .Values.global.joinKey }}
{{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }} {{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }}
join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }} join-key: {{ include "artifactory-ha.joinKey" . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.artifactory.jfConnectToken }}
{{- if not (.Values.artifactory.jfConnectTokenSecretName) }} {{- if .Values.artifactory.jfConnectToken }}
{{- if not .Values.artifactory.jfConnectTokenSecretName }}
jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }} jfconnect-token: {{ include "artifactory-ha.jfConnectToken" . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}

156
charts/jfrog/artifactory-ha/templates/ingress.yaml
View File

@ -56,6 +56,7 @@ spec:
name: {{ $serviceName }} name: {{ $serviceName }}
port: port:
number: {{ $servicePort }} number: {{ $servicePort }}
{{- if not $.Values.ingress.disableRouterBypass }}
- path: {{ $.Values.ingress.artifactoryPath }} - path: {{ $.Values.ingress.artifactoryPath }}
pathType: ImplementationSpecific pathType: ImplementationSpecific
backend: backend:
@ -63,6 +64,7 @@ spec:
name: {{ $serviceName }} name: {{ $serviceName }}
port: port:
number: {{ $artifactoryServicePort }} number: {{ $artifactoryServicePort }}
{{- end }}
{{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }}
- path: {{ $.Values.ingress.rtfsPath }} - path: {{ $.Values.ingress.rtfsPath }}
pathType: ImplementationSpecific pathType: ImplementationSpecific
@ -96,159 +98,7 @@ spec:
tls: tls:
{{ toYaml .Values.ingress.tls | indent 4 }} {{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}} {{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }}
---
{{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicationIngressName }}
labels:
app: "{{ template "artifactory-ha.name" $ }}"
chart: "{{ template "artifactory-ha.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.ingress.annotations }}
annotations:
{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.ingress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.ingress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.ingress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }}
---
{{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicatorTrackerIngressName }}
labels:
app: "{{ template "artifactory-ha.name" $ }}"
chart: "{{ template "artifactory-ha.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.trackerIngress.annotations }}
annotations:
{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.trackerIngress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.trackerIngress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.customIngress }} {{- if .Values.customIngress }}
--- ---
{{ .Values.customIngress | toYaml | trimSuffix "\n" }} {{ .Values.customIngress | toYaml | trimSuffix "\n" }}

7
charts/jfrog/artifactory-ha/templates/nginx-deployment.yaml
View File

@ -65,8 +65,8 @@ spec:
{{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }} {{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }}
{{- end }} {{- end }}
- name: "setup" - name: "setup"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.imagePullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -154,7 +154,8 @@ spec:
{{- $mountPath := .Values.nginx.persistence.mountPath }} {{- $mountPath := .Values.nginx.persistence.mountPath }}
{{- range .Values.nginx.loggers }} {{- range .Values.nginx.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- tail - tail
args: args:

6
charts/jfrog/artifactory-ha/templates/nginx-service.yaml
View File

@ -21,6 +21,12 @@ spec:
{{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }} {{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }}
clusterIP: {{ .Values.nginx.service.clusterIP }} clusterIP: {{ .Values.nginx.service.clusterIP }}
{{- end }} {{- end }}
{{- if .Values.nginx.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.nginx.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.nginx.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.nginx.service.ipFamilies | nindent 4 }}
{{- end }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }} {{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}} {{ if .Values.nginx.service.loadBalancerIP -}}
loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }} loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}

401
charts/jfrog/artifactory-ha/values.yaml
View File

@ -11,7 +11,8 @@ global:
## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion
## This applies also for nginx images (.Values.nginx.image.tag) ## This applies also for nginx images (.Values.nginx.image.tag)
versions: {} versions: {}
# artifactory: # artifactory:
# initContainers:
# joinKey: # joinKey:
# masterKey: # masterKey:
# joinKeySecretName: # joinKeySecretName:
@ -41,11 +42,28 @@ global:
## String to fully override artifactory-ha.fullname template ## String to fully override artifactory-ha.fullname template
## ##
# fullnameOverride: # fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475
# Init containers
initContainers:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1552
pullPolicy: IfNotPresent
resources:
requests:
memory: "50Mi"
cpu: "10m"
limits:
memory: "1Gi"
cpu: "1"
installer: installer:
type: type:
platform: platform:
installerInfo: '{"productId": "Helm_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' ## The installerInfo is intentionally commented out and the previous content has been moved under `files/installer-info.json`
## To override the content in `files/installer-info.json`, Uncomment the `installerInfo` and add relevant data
# installerInfo: '{}'
# For supporting pulling from private registries # For supporting pulling from private registries
# imagePullSecrets: # imagePullSecrets:
# - myRegistryKeySecretName # - myRegistryKeySecretName
@ -114,6 +132,8 @@ ingress:
# Additional ingress rules # Additional ingress rules
additionalRules: [] additionalRules: []
# This is an experimental feature, enabling this feature will route all traffic through the Router.
disableRouterBypass: false
## Allows to add custom ingress ## Allows to add custom ingress
customIngress: "" customIngress: ""
networkpolicy: [] networkpolicy: []
@ -148,7 +168,7 @@ postgresql:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: bitnami/postgresql repository: bitnami/postgresql
tag: 13.10.0-debian-11-r14 tag: 15.6.0-debian-11-r16
postgresqlUsername: artifactory postgresqlUsername: artifactory
postgresqlPassword: "" postgresqlPassword: ""
postgresqlDatabase: artifactory postgresqlDatabase: artifactory
@ -183,6 +203,8 @@ postgresql:
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## you MUST specify custom database details here or Artifactory will NOT start ## you MUST specify custom database details here or Artifactory will NOT start
database: database:
## To run Artifactory with any database other than PostgreSQL allowNonPostgresql set to true.
allowNonPostgresql: false
type: type:
driver: driver:
## If you set the url, leave host and port empty ## If you set the url, leave host and port empty
@ -203,11 +225,6 @@ database:
# url: # url:
# name: "rds-artifactory" # name: "rds-artifactory"
# key: "db-url" # key: "db-url"
logger:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1475
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` ## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws: aws:
@ -215,10 +232,19 @@ aws:
enabled: false enabled: false
licenseConfigSecretName: licenseConfigSecretName:
region: us-east-1 region: us-east-1
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -232,8 +258,8 @@ router:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: jfrog/router repository: jfrog/router
tag: 7.91.0 tag: 7.105.1
imagePullPolicy: IfNotPresent pullPolicy: IfNotPresent
serviceRegistry: serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled ## Service registry (Access) TLS verification skipped if enabled
insecure: false insecure: false
@ -316,8 +342,9 @@ artifactory:
## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust ## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust
## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder.
circleOfTrustCertificatesSecret: circleOfTrustCertificatesSecret:
# unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha secrets # unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha internal(chart) secrets, It won't be affecting external secrets.
unifiedSecretInstallation: false ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.78.x, Users can switch to false to continue with the old way of secret creation.
unifiedSecretInstallation: true
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: jfrog/artifactory-pro repository: jfrog/artifactory-pro
@ -441,8 +468,8 @@ artifactory:
## Add custom init containers execution before predefined init containers ## Add custom init containers execution before predefined init containers
customInitContainersBegin: "" customInitContainersBegin: ""
# - name: "custom-setup" # - name: "custom-setup"
# image: "{{ .Values.initContainerImage }}" # image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext: # securityContext:
# runAsNonRoot: true # runAsNonRoot: true
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
@ -461,8 +488,8 @@ artifactory:
## Add custom init containers execution after predefined init containers ## Add custom init containers execution after predefined init containers
customInitContainers: "" customInitContainers: ""
# - name: "custom-systemyaml-setup" # - name: "custom-systemyaml-setup"
# image: "{{ .Values.initContainerImage }}" # image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext: # securityContext:
# runAsNonRoot: true # runAsNonRoot: true
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
@ -482,8 +509,8 @@ artifactory:
# - The provided example shows running container as root (id 0) # - The provided example shows running container as root (id 0)
customSidecarContainers: "" customSidecarContainers: ""
# - name: "sidecar-list-etc" # - name: "sidecar-list-etc"
# image: "{{ .Values.initContainerImage }}" # image: {{ include "artifactory-ha.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext: # securityContext:
# runAsNonRoot: true # runAsNonRoot: true
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
@ -644,174 +671,44 @@ artifactory:
# name: my-secret-name # name: my-secret-name
# key: my-secret-key # key: my-secret-key
# TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) ## System YAML entries now reside under files/system.yaml.
systemYaml: | ## You can provide the specific values that you want to add or override under 'artifactory.extraSystemYaml'.
router: ## For example:
serviceRegistry: ## extraSystemYaml:
insecure: {{ .Values.router.serviceRegistry.insecure }} ## shared:
shared: ## node:
{{- if .Values.artifactory.coldStorage.enabled }} ## id: my-instance
jfrogColdStorage: ## The entries provided under 'artifactory.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml.
coldInstanceEnabled: true ## If you have already provided system.yaml under, 'artifactory.systemYaml', the values in that entry take precedence over files/system.yaml
{{- end }} ## You can modify specific entries with your own value under `artifactory.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'artifactory.systemYaml' and files/system.yaml
{{- if .Values.artifactory.openMetrics.enabled }} extraSystemYaml: {}
metrics: ## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml.
enabled: true ## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml.
{{- if .Values.artifactory.openMetrics.filebeat.enabled }} # systemYaml:
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }}
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.primary.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
database:
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
host: ""
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{ else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.access.database.enabled }}
type: "{{ .Values.access.database.type }}"
url: "{{ .Values.access.database.url }}"
driver: "{{ .Values.access.database.driver }}"
username: "{{ .Values.access.database.user }}"
password: "{{ .Values.access.database.password }}"
{{- end }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if .Values.artifactory.replicator.enabled }}
replicator:
enabled: true
{{- end }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}"
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}
## IMPORTANT: If overriding artifactory.internalPort: ## IMPORTANT: If overriding artifactory.internalPort:
## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024!
externalPort: 8082 externalPort: 8082
internalPort: 8082 internalPort: 8082
externalArtifactoryPort: 8081 externalArtifactoryPort: 8081
internalArtifactoryPort: 8081 internalArtifactoryPort: 8081
uid: 1030
gid: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. ## Pod Security Context
## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
setSecurityContext: true ## @param artifactory.podSecurityContext.enabled Enable security context
## @param artifactory.podSecurityContext.runAsNonRoot Set pod's Security Context runAsNonRoot
## @param artifactory.podSecurityContext.runAsUser User ID for the pod
## @param artifactory.podSecurityContext.runASGroup Group ID for the pod
## @param artifactory.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
runAsNonRoot: true
runAsUser: 1030
runAsGroup: 1030
fsGroup: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
## The following settings are to configure the frequency of the liveness and startup probes. ## The following settings are to configure the frequency of the liveness and startup probes.
livenessProbe: livenessProbe:
enabled: true enabled: true
@ -861,8 +758,13 @@ artifactory:
## Use a custom Secret to be mounted as your binarystore.xml ## Use a custom Secret to be mounted as your binarystore.xml
## NOTE: This will ignore all settings below that make up binarystore.xml ## NOTE: This will ignore all settings below that make up binarystore.xml
customBinarystoreXmlSecret: customBinarystoreXmlSecret:
## cache-fs binary provider configurations
## Refer: https://jfrog.com/help/r/jfrog-installation-setup-documentation/cache-fs-template-configuration
maxCacheSize: 50000000000 maxCacheSize: 50000000000
cacheProviderDir: cache cacheProviderDir: cache
## maxFileSizeLimit:
## skipDuringUpload:
## artifactory data Persistent Volume Storage Class ## artifactory data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass> ## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning ## If set to "-", storageClassName: "", which disables dynamic provisioning
@ -884,6 +786,7 @@ artifactory:
## s3-storage-v3-archive ## s3-storage-v3-archive
## azure-blob ## azure-blob
## azure-blob-storage-direct ## azure-blob-storage-direct
## azure-blob-storage-v2-direct
type: file-system type: file-system
## Use binarystoreXml to provide a custom binarystore.xml ## Use binarystoreXml to provide a custom binarystore.xml
## This is intentionally commented and below previous content of binarystoreXml is moved under files/binarystore.xml ## This is intentionally commented and below previous content of binarystoreXml is moved under files/binarystore.xml
@ -981,7 +884,7 @@ artifactory:
enablePathStyleAccess: false enablePathStyleAccess: false
multiPartLimit: multiPartLimit:
multipartElementSize: multipartElementSize:
## For artifactory.persistence.type azure-blob, azure-blob-storage-direct ## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, azure-blob-storage-v2-direct
azureBlob: azureBlob:
accountName: accountName:
accountKey: accountKey:
@ -993,6 +896,16 @@ artifactory:
service: service:
name: artifactory name: artifactory
type: ClusterIP type: ClusterIP
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer)
## Set this to a list of IP CIDR ranges ## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -1009,63 +922,6 @@ artifactory:
# nodePort: 32082 # nodePort: 32082
statefulset: statefulset:
annotations: {} annotations: {}
## The following setting are to configure a dedicated Ingress object for Replicator service
replicator:
name: replicator
enabled: false
## Extra environment variables that can be used to tune replicator to your needs.
## Uncomment and set value as needed
extraEnvironmentVariables:
# - name: MY_ENV_VAR
# value: ""
resources: {}
# requests:
# memory: "100Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "1"
# Add lifecycle hooks for replicator container
lifecycle: {}
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler"]
# preStop:
# exec:
# command: ["/bin/sh","-c","echo Hello from the preStop handler"]
ingress:
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true
## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads
trackerIngress:
enabled: false
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
ssh: ssh:
enabled: false enabled: false
internalPort: 1339 internalPort: 1339
@ -1273,6 +1129,11 @@ metadata:
extraEnvironmentVariables: extraEnvironmentVariables:
# - name: MY_ENV_VAR # - name: MY_ENV_VAR
# value: "" # value: ""
image:
pullPolicy: IfNotPresent
registry: releases-docker.jfrog.io
repository: jfrog/artifactory-pro
# tag:
resources: {} resources: {}
# requests: # requests:
# memory: "100Mi" # memory: "100Mi"
@ -1496,6 +1357,11 @@ observability:
extraEnvironmentVariables: extraEnvironmentVariables:
# - name: MY_ENV_VAR # - name: MY_ENV_VAR
# value: "" # value: ""
image:
pullPolicy: IfNotPresent
registry: releases-docker.jfrog.io
repository: jfrog/artifactory-pro
# tag:
resources: {} resources: {}
# requests: # requests:
# memory: "100Mi" # memory: "100Mi"
@ -1551,15 +1417,6 @@ mc:
maxThreads: 50 maxThreads: 50
sendReasonPhrase: false sendReasonPhrase: false
extraConfig: 'acceptCount="100"' extraConfig: 'acceptCount="100"'
# Init containers
initContainers:
resources:
requests:
memory: "50Mi"
cpu: "10m"
limits:
memory: "1Gi"
cpu: "1"
# Nginx # Nginx
nginx: nginx:
enabled: true enabled: true
@ -1586,6 +1443,9 @@ nginx:
annotations: {} annotations: {}
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
disableProxyBuffering: false disableProxyBuffering: false
# singleStackIPv6Cluster flag, which manages the Nginx configuration to enable listening on IPv6 and proxy.
# If .Values.nginx.service.ipFamilies and .Values.artifactory.service.ipFamilies is configured for only IPv6, users need to enable this flag.
singleStackIPv6Cluster: false
# Note that by default we use appVersion to get image tag/version # Note that by default we use appVersion to get image tag/version
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
@ -1634,6 +1494,7 @@ nginx:
# Logs options # Logs options
logs: logs:
stderr: false stderr: false
stdout: false
level: warn level: warn
## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports. ## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports.
customPorts: [] customPorts: []
@ -1645,7 +1506,7 @@ nginx:
# Main Nginx configuration file # Main Nginx configuration file
worker_processes 4; worker_processes 4;
{{ if .Values.nginx.logs.stderr }} {{- if .Values.nginx.logs.stderr }}
error_log stderr {{ .Values.nginx.logs.level }}; error_log stderr {{ .Values.nginx.logs.level }};
{{- else -}} {{- else -}}
error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }};
@ -1656,7 +1517,11 @@ nginx:
## SSH Server Configuration ## SSH Server Configuration
stream { stream {
server { server {
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.ssh.internalPort }};
{{- else -}}
listen {{ .Values.nginx.ssh.internalPort }}; listen {{ .Values.nginx.ssh.internalPort }};
{{- end }}
proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; proxy_pass {{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }};
} }
} }
@ -1700,7 +1565,11 @@ nginx:
'request_time = $request_time ' 'request_time = $request_time '
'referer = \"$http_referer\" ' 'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"'; 'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; {{- if .Values.nginx.logs.stdout }}
access_log /dev/stdout timing;
{{- else -}}
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
{{- end }}
sendfile on; sendfile on;
#tcp_nopush on; #tcp_nopush on;
keepalive_timeout 65; keepalive_timeout 65;
@ -1717,20 +1586,36 @@ nginx:
{{- end }} {{- end }}
## server configuration ## server configuration
server { server {
{{- if .Values.nginx.internalPortHttps }} {{- if .Values.nginx.internalPortHttps }}
listen {{ .Values.nginx.internalPortHttps }} ssl; {{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttps }} ssl;
{{- else -}} {{- else -}}
listen {{ .Values.nginx.internalPortHttps }} ssl;
{{- end }}
{{- else -}}
{{- if .Values.nginx.https.enabled }} {{- if .Values.nginx.https.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.https.internalPort }} ssl;
{{- else -}}
listen {{ .Values.nginx.https.internalPort }} ssl; listen {{ .Values.nginx.https.internalPort }} ssl;
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.nginx.internalPortHttp }} {{- end }}
listen {{ .Values.nginx.internalPortHttp }}; {{- if .Values.nginx.internalPortHttp }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttp }};
{{- else -}} {{- else -}}
listen {{ .Values.nginx.internalPortHttp }};
{{- end }}
{{- else -}}
{{- if .Values.nginx.http.enabled }} {{- if .Values.nginx.http.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.http.internalPort }};
{{- else -}}
listen {{ .Values.nginx.http.internalPort }}; listen {{ .Values.nginx.http.internalPort }};
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
server_name ~(?<repo>.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }} server_name ~(?<repo>.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}
{{- range .Values.ingress.hosts -}} {{- range .Values.ingress.hosts -}}
{{- if contains "." . -}} {{- if contains "." . -}}
@ -1805,6 +1690,16 @@ nginx:
## For minikube, set this to NodePort, elsewhere use LoadBalancer ## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer type: LoadBalancer
ssloffload: false ssloffload: false
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Nginx LoadBalancer service ## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges ## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -1982,7 +1877,7 @@ filebeat:
hosts: ["{{ .Values.filebeat.logstashUrl }}"] hosts: ["{{ .Values.filebeat.logstashUrl }}"]
## Allows to add additional kubernetes resources ## Allows to add additional kubernetes resources
## Use --- as a separator between multiple resources ## Use --- as a separator between multiple resources
## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-ha-values.yaml ## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-ha-values.yaml
additionalResources: "" additionalResources: ""
# Adding entries to a Pod's /etc/hosts file # Adding entries to a Pod's /etc/hosts file
# For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases # For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases

8
charts/jfrog/artifactory-jcr/CHANGELOG.md
View File

@ -1,7 +1,13 @@
# JFrog Container Registry Chart Changelog # JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file. All changes to this chart will be documented in this file.
## [107.77.12] - Nov 23, 2023 ## [107.84.10] - Feb 20, 2024
* Updated `artifactory.installerInfo` content
## [107.80.0] - Feb 1, 2024
* Updated README.md to create a namespace using `--create-namespace` as part of helm install
## [107.74.0] - Nov 23, 2023
* **IMPORTANT** * **IMPORTANT**
* Added min kubeVersion ">= 1.19.0-0" in chart.yaml * Added min kubeVersion ">= 1.19.0-0" in chart.yaml

6
charts/jfrog/artifactory-jcr/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-jcr catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2 apiVersion: v2
appVersion: 7.77.12 appVersion: 7.84.10
dependencies: dependencies:
- name: artifactory - name: artifactory
repository: file://./charts/artifactory repository: file://./charts/artifactory
version: 107.77.12 version: 107.84.10
description: JFrog Container Registry description: JFrog Container Registry
home: https://jfrog.com/container-registry/ home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@ -27,4 +27,4 @@ name: artifactory-jcr
sources: sources:
- https://github.com/jfrog/charts - https://github.com/jfrog/charts
type: application type: application
version: 107.77.12 version: 107.84.10

6
charts/jfrog/artifactory-jcr/README.md
View File

@ -30,7 +30,7 @@ helm repo update
### Install Chart ### Install Chart
To install the chart with the release name `jfrog-container-registry`: To install the chart with the release name `jfrog-container-registry`:
```bash ```bash
helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword=<postgres_password> --namespace artifactory-jcr jfrog/artifactory-jcr helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword=<postgres_password> jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace
``` ```
### Accessing JFrog Container Registry ### Accessing JFrog Container Registry
@ -39,7 +39,7 @@ helm upgrade --install jfrog-container-registry --set artifactory.postgresql.pos
### Updating JFrog Container Registry ### Updating JFrog Container Registry
Once you have a new chart version, you can upgrade your deployment with Once you have a new chart version, you can upgrade your deployment with
```bash ```bash
helm upgrade jfrog-container-registry jfrog/artifactory-jcr helm upgrade jfrog-container-registry jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace
``` ```
### Special Upgrade Notes ### Special Upgrade Notes
@ -85,7 +85,7 @@ helm upgrade --install jfrog-container-registry \
--set artifactory.ingress.enabled=true \ --set artifactory.ingress.enabled=true \
--set artifactory.ingress.hosts[0]="artifactory.company.com" \ --set artifactory.ingress.hosts[0]="artifactory.company.com" \
--set artifactory.artifactory.service.type=NodePort \ --set artifactory.artifactory.service.type=NodePort \
--namespace artifactory-jcr jfrog/artifactory-jcr jfrog/artifactory-jcr --namespace artifactory-jcr --create-namespace
``` ```
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:

45
charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,7 +1,50 @@
# JFrog Artifactory Chart Changelog # JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file. All changes to this chart will be documented in this file.
## [107.77.12] - April 22, 2024 ## [107.84.10] - May 2, 2024
* Added image section for `initContainers` instead of `initContainerImage`
* Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy`
* Removed image section for `loggers`
* Added support for `global.verisons.initContainers` to override `initContainers.image.tag`
* Fixed an issue with extraSystemYaml merge
* **IMPORTANT**
* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext`
* Renamed `artifactory.uid` to `artifactory.podSecurityContext.runAsUser`
* Renamed `artifactory.gid` to `artifactory.podSecurityContext.runAsGroup` and `artifactory.podSecurityContext.fsGroup`
* Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy`
* Renamed `artifactory.seLinuxOptions` to `artifactory.podSecurityContext.seLinuxOptions`
* Added flag `allowNonPostgresql` defaults to false
* Update postgresql tag version to `15.6.0-debian-12-r5`
* Added a check if `initContainerImage` exists
## [107.82.0] - Mar 04, 2024
* Added `disableRouterBypass` flag as experimental feature, to disable the artifactoryPath /artifactory/ and route all traffic through the Router.
* Removed Replicator service
## [107.81.0] - Feb 20, 2024
* **IMPORTANT**
* Refactored systemYaml configuration (moved to files/system.yaml instead of key in values.yaml)
* Added ability to provide `extraSystemYaml` configuration in values.yaml which will merge with the existing system yaml when `systemYamlOverride` is not given [GH-1848](https://github.com/jfrog/charts/pull/1848)
* Added option to modify the new cache configs, maxFileSizeLimit and skipDuringUpload
* Added IPV4/IPV6 Dualstack flag support for Artifactory and nginx service
* Added `singleStackIPv6Cluster` flag, which manages the Nginx configuration to enable listening on IPv6 and proxying.
* Fixing broken link for creating additional kubernetes resources. Refer [here](https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml)
* Refactored installerInfo configuration (moved to files/installer-info.json instead of key in values.yaml)
## [107.80.0] - Feb 20, 2024
* Updated README.md to create a namespace using `--create-namespace` as part of helm install
## [107.79.0] - Feb 20, 2024
* **IMPORTANT**
* Added `unifiedSecretInstallation` flag which enables single unified secret holding all internal (chart) secrets to `true` by default
* Added support for azure-blob-storage-v2-direct config
* Added option to set Nginx to write access_log to container STDOUT
* **Important change:**
* Update postgresql tag version to `15.2.0-debian-11-r23`
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**!
* If this is an upgrade and you are using the default bundles PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x/13.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true
## [107.77.0] - April 22, 2024
* Removed integration service * Removed integration service
* Added recommended postgresql sizing configurations under sizing directory * Added recommended postgresql sizing configurations under sizing directory
* Updated artifactory-federation (probes, port, embedded mode) * Updated artifactory-federation (probes, port, embedded mode)

4
charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 7.77.12 appVersion: 7.84.10
dependencies: dependencies:
- condition: postgresql.enabled - condition: postgresql.enabled
name: postgresql name: postgresql
@ -21,4 +21,4 @@ name: artifactory
sources: sources:
- https://github.com/jfrog/charts - https://github.com/jfrog/charts
type: application type: application
version: 107.77.12 version: 107.84.10

4
charts/jfrog/artifactory-jcr/charts/artifactory/README.md
View File

@ -28,14 +28,14 @@ helm repo update
### Install Chart ### Install Chart
To install the chart with the release name `artifactory`: To install the chart with the release name `artifactory`:
```bash ```bash
helm upgrade --install artifactory --namespace artifactory jfrog/artifactory helm upgrade --install artifactory jfrog/artifactory --namespace artifactory --create-namespace
``` ```
### Apply Sizing configurations to the Chart ### Apply Sizing configurations to the Chart
To apply the chart with recommended sizing configurations : To apply the chart with recommended sizing configurations :
For small configurations : For small configurations :
```bash ```bash
helm upgrade --install artifactory --namespace artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml helm upgrade --install artifactory jfrog/artifactory -f sizing/artifactory-small-extra-config.yaml -f sizing/artifactory-small.yaml --namespace artifactory --create-namespace
``` ```
## Uninstalling Artifactory ## Uninstalling Artifactory

3
charts/jfrog/artifactory-jcr/charts/artifactory/ci/derby-test-values.yaml
View File

@ -3,7 +3,8 @@ databaseUpgradeReady: true
postgresql: postgresql:
enabled: false enabled: false
artifactory: artifactory:
fsGroupChangePolicy: "OnRootMismatch" podSecurityContext:
fsGroupChangePolicy: "OnRootMismatch"
persistence: persistence:
enabled: false enabled: false
resources: resources:

32
charts/jfrog/artifactory-jcr/charts/artifactory/ci/global-values.yaml
View File

@ -19,8 +19,8 @@ artifactory:
xmx: "4g" xmx: "4g"
customInitContainersBegin: | customInitContainersBegin: |
- name: "custom-init-begin-local" - name: "custom-init-begin-local"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -30,8 +30,8 @@ artifactory:
name: artifactory-volume name: artifactory-volume
customInitContainers: | customInitContainers: |
- name: "custom-init-local" - name: "custom-init-local"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -51,8 +51,8 @@ artifactory:
# Add custom sidecar containers # Add custom sidecar containers
customSidecarContainers: | customSidecarContainers: |
- name: "sidecar-list-local" - name: "sidecar-list-local"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -75,8 +75,8 @@ global:
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
customInitContainersBegin: | customInitContainersBegin: |
- name: "custom-init-begin-global" - name: "custom-init-begin-global"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -86,8 +86,8 @@ global:
name: artifactory-volume name: artifactory-volume
customInitContainers: | customInitContainers: |
- name: "custom-init-global" - name: "custom-init-global"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -107,8 +107,8 @@ global:
# Add custom sidecar containers # Add custom sidecar containers
customSidecarContainers: | customSidecarContainers: |
- name: "sidecar-list-global" - name: "sidecar-list-global"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -129,8 +129,8 @@ global:
nginx: nginx:
customInitContainers: | customInitContainers: |
- name: "custom-init-begin-nginx" - name: "custom-init-begin-nginx"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- 'sh' - 'sh'
- '-c' - '-c'
@ -140,8 +140,8 @@ nginx:
name: custom-script-local name: custom-script-local
customSidecarContainers: | customSidecarContainers: |
- name: "sidecar-list-nginx" - name: "sidecar-list-nginx"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:

9
charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml
View File

@ -4,15 +4,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence: persistence:
enabled: false enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
resources: resources:
requests: requests:
memory: "4Gi" memory: "4Gi"

17
charts/jfrog/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml
View File

@ -5,23 +5,6 @@ artifactory:
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
persistence: persistence:
enabled: false enabled: false
replicator:
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
# Add lifecycle hooks for replicator container
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
preStop:
exec:
command: ["/bin/sh", "-c", "echo Hello from the replicator postStart handler >> /tmp/message"]
resources: resources:
requests: requests:
memory: "4Gi" memory: "4Gi"

10
charts/jfrog/artifactory-jcr/charts/artifactory/ci/test-values.yaml
View File

@ -8,16 +8,6 @@ artifactory:
enabled: true enabled: true
persistence: persistence:
enabled: false enabled: false
replicator:
name: replicator
enabled: true
ingress:
name:
hosts: []
className: "testclass1"
trackerIngress:
enabled: true
className: "testclass2"
resources: resources:
requests: requests:
memory: "4Gi" memory: "4Gi"

60
charts/jfrog/artifactory-jcr/charts/artifactory/files/binarystore.xml
View File

@ -16,6 +16,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- end }} {{- end }}
@ -41,6 +47,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- end }} {{- end }}
</config> </config>
@ -66,6 +78,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
<!-- Shards add local file-system provider configuration --> <!-- Shards add local file-system provider configuration -->
@ -128,6 +146,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- if eq .Values.artifactory.persistence.type "cluster-google-storage-v2" }} {{- if eq .Values.artifactory.persistence.type "cluster-google-storage-v2" }}
@ -204,6 +228,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64}}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64}}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- end }} {{- end }}
@ -334,6 +364,12 @@
<provider id="cache-fs" type="cache-fs"> <provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize> <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir> <cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider> </provider>
{{- if eq .Values.artifactory.persistence.type "cluster-azure-blob-storage" }} {{- if eq .Values.artifactory.persistence.type "cluster-azure-blob-storage" }}
@ -363,4 +399,28 @@
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection> <testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider> </provider>
</config> </config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "azure-blob-storage-v2-direct" -}}
<config version="3">
<chain template="azure-blob-storage-v2-direct"/>
<provider type="cache-fs" id="cache-fs">
<cacheProviderDir>{{ .Values.artifactory.persistence.maxCacheSize | int64 }}</cacheProviderDir>
<maxCacheSize>{{ .Values.artifactory.persistence.cacheProviderDir }}</maxCacheSize>
{{- if .Values.artifactory.persistence.maxFileSizeLimit }}
<maxFileSizeLimit>{{.Values.artifactory.persistence.maxFileSizeLimit | int64}}</maxFileSizeLimit>
{{- end }}
{{- if .Values.artifactory.persistence.skipDuringUpload }}
<skipDuringUpload>{{.Values.artifactory.persistence.skipDuringUpload}}</skipDuringUpload>
{{- end }}
</provider>
<provider id="azure-blob-storage-v2" type="azure-blob-storage-v2">
<accountName>{{ .Values.artifactory.persistence.azureBlob.accountName }}</accountName>
<accountKey>{{ .Values.artifactory.persistence.azureBlob.accountKey }}</accountKey>
<endpoint>{{ .Values.artifactory.persistence.azureBlob.endpoint }}</endpoint>
<container>{{ .Values.artifactory.persistence.azureBlob.containerName }}</container>
<multiPartLimit>{{ .Values.artifactory.persistence.azureBlob.multiPartLimit | int64 }}</multiPartLimit>
<multipartElementSize>{{ .Values.artifactory.persistence.azureBlob.multipartElementSize | int64 }}</multipartElementSize>
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider>
</config>
{{- end }} {{- end }}

32
charts/jfrog/artifactory-jcr/charts/artifactory/files/installer-info.json Normal file
View File

@ -0,0 +1,32 @@
{
"productId": "Helm_artifactory/{{ .Chart.Version }}",
"features": [
{
"featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"
},
{
"featureId": "Database/{{ .Values.database.type }}"
},
{
"featureId": "PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"
},
{
"featureId": "Nginx_Enabled/{{ .Values.nginx.enabled }}"
},
{
"featureId": "ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"
},
{
"featureId": "SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"
},
{
"featureId": "UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"
},
{
"featureId": "Filebeat_Enabled/{{ .Values.filebeat.enabled }}"
},
{
"featureId": "ReplicaCount/{{ .Values.artifactory.replicaCount }}"
}
]
}

38
charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh
View File

@ -2916,9 +2916,6 @@ yamlMigrate () {
if [[ ! -z "${value}" ]]; then if [[ ! -z "${value}" ]]; then
value=$(updateConnectionString "${yamlPath}" "${value}") value=$(updateConnectionString "${yamlPath}" "${value}")
fi fi
if [[ "${PRODUCT}" == "artifactory" ]]; then
replicatorProfiling
fi
if [[ -z "${value}" ]]; then if [[ -z "${value}" ]]; then
logger "No value for [${key}] in [${sourceFile}]" logger "No value for [${key}] in [${sourceFile}]"
else else
@ -4218,26 +4215,13 @@ commentNodeId () {
artifactoryInfoMessage () { artifactoryInfoMessage () {
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
addText "# yamlFile was generated from db.properties,replicator.yaml and ha-node.properties config files." "${SYSTEM_YAML_PATH}" addText "# yamlFile was generated from db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
else else
addText "# yamlFile was generated from default file,replicator.yaml,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}" addText "# yamlFile was generated from default file,db.properties and ha-node.properties config files." "${SYSTEM_YAML_PATH}"
fi fi
} }
replicatorProfiling () {
if [[ "${key}" == "profilingDisabled" ]]; then
if [[ ! -z "${value}" ]]; then
if [[ "${value}" == "false" ]]; then
value="true"
else
value="false"
fi
fi
fi
}
setHaEnabled_hook () { setHaEnabled_hook () {
local filePath="$1" local filePath="$1"
if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/ha-node.properties")" == "true" ]]; then
@ -4277,27 +4261,9 @@ _createBackupOfLogBackDir () {
removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}" removeFileOperation "${backupDir}/logbackXmlFiles/artifactory" "${artiLogbackFile}"
} }
_createBackupOfReplicatorRtYaml () {
local backupDir="$1"
local replicatorRtYamlFile="${NEW_DATA_DIR}/etc/replicator/replicator.artifactory.yaml"
local effectiveUser=
local effectiveGroup=
if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then
effectiveUser="${JF_USER}"
effectiveGroup="${JF_USER}"
elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then
effectiveUser="${USER_TO_CHECK}"
effectiveGroup="${GROUP_TO_CHECK}"
fi
removeSoftLinkAndCreateDir "${backupDir}/replicatorYamlFile" "${effectiveUser}" "${effectiveGroup}" "yes"
removeFileOperation "${backupDir}/replicatorYamlFile" "${replicatorRtYamlFile}"
}
backupFiles_hook () { backupFiles_hook () {
local backupDirectory="$1" local backupDirectory="$1"
_createBackupOfLogBackDir "${backupDirectory}" _createBackupOfLogBackDir "${backupDirectory}"
_createBackupOfReplicatorRtYaml "${backupDirectory}"
} }
migrateArtifactory () { migrateArtifactory () {

5
charts/jfrog/artifactory-jcr/charts/artifactory/files/migrationHelmInfo.yaml
View File

@ -11,10 +11,6 @@ migration:
work/access=access/tmp work/access=access/tmp
log/archived/access=access/logs log/archived/access=access/logs
log/archived/artifactory=logs log/archived/artifactory=logs
etc/replicator=replicator/etc
backup/replicator=replicator/backup
data/replicator=replicator/data
log/archived/replicator=replicator/logs
linkFiles: linkFiles:
map: map:
# Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value # Note : $JF_ROOT_DATA_DIR will be prepended to the sourceDirectoryPath value only if relative path and $JF_ROOT_DATA_DIR will be prepended to the targetDirectoryPath value
@ -27,6 +23,5 @@ migration:
# Note $JF_ROOT_DATA_DIR will be prepended to the map entry # Note $JF_ROOT_DATA_DIR will be prepended to the map entry
map: map:
access access
replicator
metadata metadata
logs logs

142
charts/jfrog/artifactory-jcr/charts/artifactory/files/system.yaml Normal file
View File

@ -0,0 +1,142 @@
router:
serviceRegistry:
insecure: {{ .Values.router.serviceRegistry.insecure }}
shared:
{{- if .Values.artifactory.coldStorage.enabled }}
jfrogColdStorage:
coldInstanceEnabled: true
{{- end }}
{{- if .Values.artifactory.openMetrics.enabled }}
metrics:
enabled: true
{{- if .Values.artifactory.openMetrics.filebeat.enabled }}
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }}
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
{{- if or .Values.database.type .Values.postgresql.enabled }}
database:
allowNonPostgresql: {{ .Values.database.allowNonPostgresql }}
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{- else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}

7
charts/jfrog/artifactory-jcr/charts/artifactory/templates/NOTES.txt
View File

@ -37,6 +37,13 @@ Congratulations. You have just deployed JFrog Artifactory!
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.artifactory.setSecurityContext }}
****************************************** WARNING **********************************************
* From chart version 107.84.x, `setSecurityContext` has been renamed to `podSecurityContext`, *
please change your values.yaml before upgrade , For more Info , refer to 107.84.x changelog *
*************************************************************************************************
{{- end }}
{{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }} {{- if and (or (or (or (or (or ( or ( or ( or (or (or ( or (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) .Values.systemYamlOverride.existingSecret) (or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled)) .Values.aws.licenseConfigSecretName) .Values.artifactory.persistence.customBinarystoreXmlSecret) .Values.access.customCertificatesSecretName) .Values.systemYamlOverride.existingSecret) .Values.artifactory.license.secret) .Values.artifactory.userPluginSecrets) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey)) (and .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName)) (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName)) .Values.artifactory.unifiedSecretInstallation }}
****************************************** WARNING ************************************************************************************************** ****************************************** WARNING **************************************************************************************************
* The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.* * The unifiedSecretInstallation flag is currently enabled, which creates the unified secret. The existing secrets will continue as separate secrets.*

47
charts/jfrog/artifactory-jcr/charts/artifactory/templates/_helpers.tpl
View File

@ -30,33 +30,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Create a default fully qualified replicator app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory.replicator.fullname" -}}
{{- if .Values.artifactory.replicator.ingress.name -}}
{{- .Values.artifactory.replicator.ingress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified replicator tracker ingress name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory.replicator.tracker.fullname" -}}
{{- if .Values.artifactory.replicator.trackerIngress.name -}}
{{- .Values.artifactory.replicator.trackerIngress.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-replication-tracker" .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/* {{/*
Create a default fully qualified nginx name. Create a default fully qualified nginx name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@ -262,6 +235,9 @@ Return the proper artifactory chart image names
{{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }} {{- if and $dot.Values.splitServicesToContainers $dot.Values.global.versions.router (eq $indexReference "router") }}
{{- $tag = $dot.Values.global.versions.router | toString -}} {{- $tag = $dot.Values.global.versions.router | toString -}}
{{- end -}} {{- end -}}
{{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }}
{{- $tag = $dot.Values.global.versions.initContainers | toString -}}
{{- end -}}
{{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }}
{{- $tag = $dot.Values.global.versions.artifactory | toString -}} {{- $tag = $dot.Values.global.versions.artifactory | toString -}}
{{- end -}} {{- end -}}
@ -326,9 +302,6 @@ Resolve requiredServiceTypes value
{{- if .Values.jfconnect.enabled -}} {{- if .Values.jfconnect.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfcon" -}}
{{- end -}} {{- end -}}
{{- if .Values.artifactory.replicator.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfxfer" -}}
{{- end -}}
{{- if .Values.mc.enabled -}} {{- if .Values.mc.enabled -}}
{{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}} {{- $requiredTypes = printf "%s,%s" $requiredTypes "jfmc" -}}
{{- end -}} {{- end -}}
@ -469,3 +442,17 @@ if the volume exists in customVolume then an extra volume with the same name wil
{{- printf "%s" "false" -}} {{- printf "%s" "false" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Calculate the systemYaml from structured and unstructured text input
*/}}
{{- define "artifactory.finalSystemYaml" -}}
{{ tpl (mergeOverwrite (include "artifactory.systemYaml" . | fromYaml) .Values.artifactory.extraSystemYaml | toYaml) . }}
{{- end -}}
{{/*
Calculate the systemYaml from the unstructured text input
*/}}
{{- define "artifactory.systemYaml" -}}
{{ include (print $.Template.BasePath "/_system-yaml-render.tpl") . }}
{{- end -}}

5
charts/jfrog/artifactory-jcr/charts/artifactory/templates/_system-yaml-render.tpl Normal file
View File

@ -0,0 +1,5 @@
{{- if .Values.artifactory.systemYaml -}}
{{- tpl .Values.artifactory.systemYaml . -}}
{{- else -}}
{{ (tpl ( $.Files.Get "files/system.yaml" ) .) }}
{{- end -}}

6
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-installer-info.yaml
View File

@ -9,4 +9,8 @@ metadata:
release: {{ .Release.Name }} release: {{ .Release.Name }}
data: data:
installer-info.json: | installer-info.json: |
{{ tpl .Values.installerInfo . }} {{- if .Values.installerInfo -}}
{{- tpl .Values.installerInfo . | nindent 4 -}}
{{- else -}}
{{ (tpl ( .Files.Get "files/installer-info.json" | nindent 4 ) .) }}
{{- end -}}

2
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-license-secret.yaml
View File

@ -1,4 +1,4 @@
{{ if (not .Values.artifactory.unifiedSecretInstallation) }} {{ if and (not .Values.artifactory.unifiedSecretInstallation) (not .Values.artifactory.license.secret) (not .Values.artifactory.license.licenseKey) }}
{{- with .Values.artifactory.license.licenseKey }} {{- with .Values.artifactory.license.licenseKey }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret

2
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-secrets.yaml
View File

@ -1,4 +1,5 @@
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if not .Values.artifactory.unifiedSecretInstallation }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.jfConnectToken .Values.artifactory.masterKey .Values.global.masterKey }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -25,4 +26,5 @@ data:
jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }} jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}

6
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-service.yaml
View File

@ -16,6 +16,12 @@ metadata:
{{ toYaml .Values.artifactory.service.annotations | indent 4 }} {{ toYaml .Values.artifactory.service.annotations | indent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.artifactory.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.artifactory.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.artifactory.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.artifactory.service.ipFamilies | nindent 4 }}
{{- end }}
type: {{ .Values.artifactory.service.type }} type: {{ .Values.artifactory.service.type }}
{{- if .Values.artifactory.service.loadBalancerSourceRanges }} {{- if .Values.artifactory.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: loadBalancerSourceRanges:

147
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml
View File

@ -12,7 +12,7 @@ metadata:
{{ toYaml . | indent 4 }} {{ toYaml . | indent 4 }}
{{- end }} {{- end }}
{{- if and .Release.IsUpgrade .Values.postgresql.enabled }} {{- if and .Release.IsUpgrade .Values.postgresql.enabled }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 11.x.x) that has postgresql.image.tag of 9.x or 10.x or 12.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 12.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }} databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 107.79.x) that has postgresql.image.tag of 9.x or 10.x or 12.x or 13.x, make sure to set the current postgresql.image.tag to the same tag and databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 107.79.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }}
{{- end }} {{- end }}
{{- with .Values.artifactory.statefulset.annotations }} {{- with .Values.artifactory.statefulset.annotations }}
annotations: annotations:
@ -30,6 +30,20 @@ metadata:
{{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }} {{- if or .Values.artifactory.persistence.googleStorage.identity .Values.artifactory.persistence.googleStorage.credential }}
{{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }} {{- fail "\nGCP Bucket Authentication with Identity and Credential is deprecated" }}
{{- end }} {{- end }}
{{- if (eq (.Values.artifactory.setSecurityContext | toString) "false" ) }}
{{- fail "\n You need to set security context at the pod level. .Values.artifactory.setSecurityContext is no longer supported. Replace it with .Values.artifactory.podSecurityContext" }}
{{- end }}
{{- if or .Values.artifactory.uid .Values.artifactory.gid }}
{{- if or (not (eq (.Values.artifactory.uid | toString) "1030" )) (not (eq (.Values.artifactory.gid | toString) "1030" )) }}
{{- fail "\n .Values.artifactory.uid and .Values.artifactory.gid are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.runAsUser .Values.artifactory.podSecurityContext.runAsGroup and .Values.artifactory.podSecurityContext.fsGroup" }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.fsGroupChangePolicy .Values.artifactory.seLinuxOptions }}
{{- fail "\n .Values.artifactory.fsGroupChangePolicy and .Values.artifactory.seLinuxOptions are no longer supported. You need to set these values at the pod security context level. Replace them with .Values.artifactory.podSecurityContext.fsGroupChangePolicy and .Values.artifactory.podSecurityContext.seLinuxOptions" }}
{{- end }}
{{- if .Values.initContainerImage }}
{{- fail "\n .Values.initContainerImage is no longer supported. Replace it with .Values.initContainers.image.registry .Values.initContainers.image.repository and .Values.initContainers.image.tag" }}
{{- end }}
spec: spec:
serviceName: {{ template "artifactory.name" . }} serviceName: {{ template "artifactory.name" . }}
replicas: {{ .Values.artifactory.replicaCount }} replicas: {{ .Values.artifactory.replicaCount }}
@ -87,19 +101,8 @@ spec:
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory.imagePullSecrets" . | indent 6 }} {{- include "artifactory.imagePullSecrets" . | indent 6 }}
{{- end }} {{- end }}
{{- if .Values.artifactory.setSecurityContext }} {{- if .Values.artifactory.podSecurityContext.enabled }}
securityContext: securityContext: {{- omit .Values.artifactory.podSecurityContext "enabled" | toYaml | nindent 8 }}
runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
runAsGroup: {{ .Values.artifactory.gid }}
fsGroup: {{ .Values.artifactory.gid }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
{{- if .Values.artifactory.seLinuxOptions }}
seLinuxOptions:
{{- tpl (toYaml .Values.artifactory.seLinuxOptions) . | nindent 10 }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.artifactory.topologySpreadConstraints }} {{- if .Values.artifactory.topologySpreadConstraints }}
topologySpreadConstraints: topologySpreadConstraints:
@ -112,8 +115,8 @@ spec:
{{- if .Values.artifactory.persistence.enabled }} {{- if .Values.artifactory.persistence.enabled }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }} {{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties" - name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -130,8 +133,8 @@ spec:
{{- end }} {{- end }}
{{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }} {{- if or (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) .Values.artifactory.admin.password }}
- name: "access-bootstrap-creds" - name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -148,7 +151,7 @@ spec:
volumeMounts: volumeMounts:
- name: artifactory-volume - name: artifactory-volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}" mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) (and .Values.artifactory.admin.secret .Values.artifactory.admin.dataKey) }}
- name: access-bootstrap-creds - name: access-bootstrap-creds
{{- else }} {{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
@ -161,7 +164,8 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
- name: 'copy-system-configurations' - name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}' image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -219,7 +223,7 @@ spec:
- name: ARTIFACTORY_JOIN_KEY - name: ARTIFACTORY_JOIN_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }}
name: {{ include "artifactory.joinKeySecretName" . }} name: {{ include "artifactory.joinKeySecretName" . }}
{{- else }} {{- else }}
name: "{{ template "artifactory.name" . }}-unified-secret" name: "{{ template "artifactory.name" . }}-unified-secret"
@ -230,7 +234,7 @@ spec:
- name: ARTIFACTORY_JFCONNECT_TOKEN - name: ARTIFACTORY_JFCONNECT_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.jfConnectTokenSecretName }}
name: {{ include "artifactory.jfConnectTokenSecretName" . }} name: {{ include "artifactory.jfConnectTokenSecretName" . }}
{{- else }} {{- else }}
name: "{{ template "artifactory.name" . }}-unified-secret" name: "{{ template "artifactory.name" . }}-unified-secret"
@ -241,7 +245,7 @@ spec:
- name: ARTIFACTORY_MASTER_KEY - name: ARTIFACTORY_MASTER_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }}
name: {{ include "artifactory.masterKeySecretName" . }} name: {{ include "artifactory.masterKeySecretName" . }}
{{- else }} {{- else }}
name: "{{ template "artifactory.name" . }}-unified-secret" name: "{{ template "artifactory.name" . }}-unified-secret"
@ -251,8 +255,7 @@ spec:
volumeMounts: volumeMounts:
- name: artifactory-volume - name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.systemYamlOverride.existingSecret }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
- name: systemyaml - name: systemyaml
{{- else }} {{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
@ -260,11 +263,12 @@ spec:
{{- if .Values.systemYamlOverride.existingSecret }} {{- if .Values.systemYamlOverride.existingSecret }}
mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}"
subPath: {{ .Values.systemYamlOverride.dataKey }} subPath: {{ .Values.systemYamlOverride.dataKey }}
{{- else if .Values.artifactory.systemYaml }} {{- else }}
mountPath: "/tmp/etc/system.yaml" mountPath: "/tmp/etc/system.yaml"
subPath: "system.yaml" subPath: "system.yaml"
{{- end }} {{- end }}
{{- end }}
######################## Binarystore ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
@ -272,6 +276,8 @@ spec:
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
######################## Access config ##########################
{{- if .Values.access.accessConfig }} {{- if .Values.access.accessConfig }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if not .Values.artifactory.unifiedSecretInstallation }}
- name: access-config - name: access-config
@ -281,6 +287,8 @@ spec:
mountPath: "/tmp/etc/access.config.patch.yml" mountPath: "/tmp/etc/access.config.patch.yml"
subPath: "access.config.patch.yml" subPath: "access.config.patch.yml"
{{- end }} {{- end }}
######################## Access certs external secret ##########################
{{- if .Values.access.customCertificatesSecretName }} {{- if .Values.access.customCertificatesSecretName }}
- name: access-certs - name: access-certs
mountPath: "/tmp/etc/tls.crt" mountPath: "/tmp/etc/tls.crt"
@ -289,9 +297,11 @@ spec:
mountPath: "/tmp/etc/tls.key" mountPath: "/tmp/etc/tls.key"
subPath: tls.key subPath: tls.key
{{- end }} {{- end }}
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }} {{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates - name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -311,7 +321,8 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }} {{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates - name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -332,7 +343,8 @@ spec:
{{- if .Values.waitForDatabase }} {{- if .Values.waitForDatabase }}
{{- if .Values.postgresql.enabled }} {{- if .Values.postgresql.enabled }}
- name: "wait-for-db" - name: "wait-for-db"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -451,29 +463,37 @@ spec:
subPath: migrationStatus.sh subPath: migrationStatus.sh
- name: artifactory-volume - name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }} {{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-data - name: artifactory-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-backup - name: artifactory-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }} {{- else }}
{{- if not .Values.artifactory.unifiedSecretInstallation }}
######################## Artifactory persistence binarystore Xml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: "binarystore.xml" subPath: "binarystore.xml"
######################## Artifactory persistence google storage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if (not .Values.artifactory.unifiedSecretInstallation) }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json - name: gcpcreds-json
{{- else }} {{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
{{- end }} {{- end }}
mountPath: "/artifactory_bootstrap/gcp.credentials.json" mountPath: "/artifactory_bootstrap/gcp.credentials.json"
subPath: gcp.credentials.json subPath: gcp.credentials.json
{{- end }}
{{- end }} {{- end }}
{{- end }}
######################## CustomVolumeMounts ##########################
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }} {{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }} {{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }}
{{- end }} {{- end }}
@ -486,7 +506,7 @@ spec:
{{- if .Values.splitServicesToContainers }} {{- if .Values.splitServicesToContainers }}
- name: {{ .Values.router.name }} - name: {{ .Values.router.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "router") }} image: {{ include "artifactory.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }} imagePullPolicy: {{ .Values.router.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -699,36 +719,6 @@ spec:
livenessProbe: livenessProbe:
{{ tpl .Values.event.livenessProbe.config . | indent 10 }} {{ tpl .Values.event.livenessProbe.config . | indent 10 }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- '/bin/bash'
- '-c'
- >
exec /opt/jfrog/artifactory/app/replicator/bin/jf-replicator start
{{- with .Values.artifactory.replicator.lifecycle }}
lifecycle:
{{ toYaml . | indent 10 }}
{{- end }}
env:
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- with .Values.artifactory.replicator.extraEnvironmentVariables }}
{{ tpl (toYaml .) $ | indent 8 }}
{{- end }}
volumeMounts:
- name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
resources:
{{ toYaml .Values.artifactory.replicator.resources | indent 10 }}
{{- end }} {{- end }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} {{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
- name: {{ .Values.jfconnect.name }} - name: {{ .Values.jfconnect.name }}
@ -922,10 +912,6 @@ spec:
value: "false" value: "false"
- name : JF_FRONTEND_ENABLED - name : JF_FRONTEND_ENABLED
value: "false" value: "false"
- name: JF_REPLICATOR_ENABLED
value: "true"
- name: JF_REPLICATOR_SERVICE_ENABLED
value: "false"
- name: JF_FEDERATION_ENABLED - name: JF_FEDERATION_ENABLED
value: "false" value: "false"
- name : JF_OBSERVABILITY_ENABLED - name : JF_OBSERVABILITY_ENABLED
@ -1025,16 +1011,22 @@ spec:
{{- end }} {{- end }}
- name: artifactory-volume - name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
######################## Artifactory config map ##########################
{{- if .Values.artifactory.configMapName }} {{- if .Values.artifactory.configMapName }}
- name: bootstrap-config - name: bootstrap-config
mountPath: "/bootstrap/" mountPath: "/bootstrap/"
{{- end }} {{- end }}
######################## Artifactory persistence nfs ##########################
{{- if eq .Values.artifactory.persistence.type "nfs" }} {{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-data - name: artifactory-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-backup - name: artifactory-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}" mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }} {{- else }}
######################## Artifactory persistence binarystoreXml ##########################
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.customBinarystoreXmlSecret }}
- name: binarystore-xml - name: binarystore-xml
{{- else }} {{- else }}
@ -1042,8 +1034,10 @@ spec:
{{- end }} {{- end }}
mountPath: "/tmp/etc/artifactory/binarystore.xml" mountPath: "/tmp/etc/artifactory/binarystore.xml"
subPath: binarystore.xml subPath: binarystore.xml
######################## Artifactory persistence googleStorage ##########################
{{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }} {{- if .Values.artifactory.persistence.googleStorage.gcpServiceAccount.enabled }}
{{- if not .Values.artifactory.unifiedSecretInstallation }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.persistence.googleStorage.gcpServiceAccount.customSecretName }}
- name: gcpcreds-json - name: gcpcreds-json
{{- else }} {{- else }}
- name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }} - name: {{ include "artifactory.unifiedCustomSecretVolumeName" . }}
@ -1052,6 +1046,8 @@ spec:
subPath: gcp.credentials.json subPath: gcp.credentials.json
{{- end }} {{- end }}
{{- end }} {{- end }}
######################## Artifactory license ##########################
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }} {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
{{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }} {{- if or (not .Values.artifactory.unifiedSecretInstallation) .Values.artifactory.license.secret }}
- name: artifactory-license - name: artifactory-license
@ -1065,6 +1061,7 @@ spec:
subPath: artifactory.lic subPath: artifactory.lic
{{- end }} {{- end }}
{{- end }} {{- end }}
- name: installer-info - name: installer-info
mountPath: "/artifactory_bootstrap/info/installer-info.json" mountPath: "/artifactory_bootstrap/info/installer-info.json"
subPath: installer-info.json subPath: installer-info.json
@ -1088,7 +1085,8 @@ spec:
{{- $mountPath := .Values.artifactory.persistence.mountPath }} {{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }} {{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }} {{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -1108,7 +1106,8 @@ spec:
{{ if .Values.artifactory.catalinaLoggers }} {{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }} {{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if $.Values.containerSecurityContext.enabled }} {{- if $.Values.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -1335,12 +1334,12 @@ spec:
secret: secret:
secretName: {{ template "artifactory.fullname" . }}-license secretName: {{ template "artifactory.fullname" . }}-license
{{- end }} {{- end }}
{{- if and .Values.artifactory.admin.password (not .Values.artifactory.admin.secret) }} {{- if and .Values.artifactory.admin.password (and (not .Values.artifactory.admin.secret) (not .Values.artifactory.admin.dataKey)) }}
- name: access-bootstrap-creds - name: access-bootstrap-creds
secret: secret:
secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds secretName: {{ template "artifactory.fullname" . }}-bootstrap-creds
{{- end }} {{- end }}
{{- if and (not .Values.systemYamlOverride.existingSecret) .Values.artifactory.systemYaml }} {{- if and (not .Values.systemYamlOverride.existingSecret) }}
- name: systemyaml - name: systemyaml
secret: secret:
secretName: {{ printf "%s-%s" (include "artifactory.fullname" .) "systemyaml" }} secretName: {{ printf "%s-%s" (include "artifactory.fullname" .) "systemyaml" }}
@ -1396,4 +1395,4 @@ spec:
resources: resources:
requests: requests:
storage: {{ .Values.artifactory.customPersistentVolumeClaim.size }} storage: {{ .Values.artifactory.customPersistentVolumeClaim.size }}
{{- end }} {{- end }}

3
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-system-yaml.yaml
View File

@ -11,5 +11,6 @@ metadata:
type: Opaque type: Opaque
stringData: stringData:
system.yaml: | system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }} {{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }} {{- end }}

12
charts/jfrog/artifactory-jcr/charts/artifactory/templates/artifactory-unified-secret.yaml
View File

@ -17,7 +17,7 @@ stringData:
{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }} {{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }}
{{- end }} {{- end }}
{{- if and (not .Values.artifactory.persistence.customBinarystoreXmlSecret) }} {{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
binarystore.xml: |- binarystore.xml: |-
{{- if .Values.artifactory.persistence.binarystoreXml }} {{- if .Values.artifactory.persistence.binarystoreXml }}
{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }} {{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }}
@ -26,9 +26,9 @@ stringData:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if not .Values.systemYamlOverride.existingSecret }} {{- if and (not .Values.systemYamlOverride.existingSecret) }}
system.yaml: | system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }} {{ include "artifactory.finalSystemYaml" . | nindent 4 }}
{{- end }} {{- end }}
{{- if and .Values.artifactory.customSecrets }} {{- if and .Values.artifactory.customSecrets }}
@ -69,9 +69,11 @@ data:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if not .Values.artifactory.license.secret }}
{{- with .Values.artifactory.license.licenseKey }} {{- with .Values.artifactory.license.licenseKey }}
artifactory.lic: {{ . | b64enc | quote }} artifactory.lic: {{ . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }}
{{- if or .Values.artifactory.masterKey .Values.global.masterKey }} {{- if or .Values.artifactory.masterKey .Values.global.masterKey }}
{{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }} {{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }}
@ -83,8 +85,8 @@ data:
join-key: {{ include "artifactory.joinKey" . | b64enc | quote }} join-key: {{ include "artifactory.joinKey" . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.artifactory.jfConnectToken }} {{- if .Values.artifactory.jfConnectToken }}
{{- if not (.Values.artifactory.jfConnectTokenSecretName) }} {{- if not .Values.artifactory.jfConnectTokenSecretName }}
jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }} jfconnect-token: {{ include "artifactory.jfConnectToken" . | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}

158
charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml
View File

@ -56,6 +56,7 @@ spec:
name: {{ $serviceName }} name: {{ $serviceName }}
port: port:
number: {{ $servicePort }} number: {{ $servicePort }}
{{- if not $.Values.ingress.disableRouterBypass }}
- path: {{ $.Values.ingress.artifactoryPath }} - path: {{ $.Values.ingress.artifactoryPath }}
pathType: ImplementationSpecific pathType: ImplementationSpecific
backend: backend:
@ -63,6 +64,7 @@ spec:
name: {{ $serviceName }} name: {{ $serviceName }}
port: port:
number: {{ $artifactoryServicePort }} number: {{ $artifactoryServicePort }}
{{- end }}
{{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }}
- path: {{ $.Values.ingress.rtfsPath }} - path: {{ $.Values.ingress.rtfsPath }}
pathType: ImplementationSpecific pathType: ImplementationSpecific
@ -82,10 +84,12 @@ spec:
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ $servicePort }}
{{- if not $.Values.ingress.disableRouterBypass }}
- path: {{ $.Values.ingress.artifactoryPath }} - path: {{ $.Values.ingress.artifactoryPath }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ $serviceName }}
servicePort: {{ $artifactoryServicePort }} servicePort: {{ $artifactoryServicePort }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end -}} {{- end -}}
@ -97,159 +101,7 @@ spec:
tls: tls:
{{ toYaml .Values.ingress.tls | indent 4 }} {{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}} {{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }}
---
{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicatorIngressName }}
labels:
app: "{{ template "artifactory.name" $ }}"
chart: "{{ template "artifactory.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.ingress.annotations }}
annotations:
{{ .Values.artifactory.replicator.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.ingress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.ingress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /replicator/
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
- path: /artifactory/api/replication/replicate/file/streaming
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.ingress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }}
---
{{- $replicatorTrackerIngressName := default ( include "artifactory.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $replicatorTrackerIngressName }}
labels:
app: "{{ template "artifactory.name" $ }}"
chart: "{{ template "artifactory.chart" $ }}"
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.artifactory.replicator.trackerIngress.annotations }}
annotations:
{{ .Values.artifactory.replicator.trackerIngress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if and (or .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className) (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }}
{{- end }}
{{- if .Values.ingress.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
defaultBackend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
rules:
{{- if .Values.artifactory.replicator.trackerIngress.hosts }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- end }}
{{- else }}
{{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.artifactory.replicator.trackerIngress.tls }}
tls:
{{ toYaml .Values.artifactory.replicator.trackerIngress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.customIngress }} {{- if .Values.customIngress }}
--- ---
{{ .Values.customIngress | toYaml | trimSuffix "\n" }} {{ .Values.customIngress | toYaml | trimSuffix "\n" }}

7
charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml
View File

@ -68,8 +68,8 @@ spec:
{{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }} {{ tpl (include "artifactory.nginx.customInitContainers" .) . | indent 6 }}
{{- end }} {{- end }}
- name: "setup" - name: "setup"
image: "{{ .Values.initContainerImage }}" image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }} {{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }} {{- end }}
@ -157,7 +157,8 @@ spec:
{{- $mountPath := .Values.nginx.persistence.mountPath }} {{- $mountPath := .Values.nginx.persistence.mountPath }}
{{- range .Values.nginx.loggers }} {{- range .Values.nginx.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }} - name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }} image: {{ include "artifactory.getImageInfoByValue" (list $ "initContainers") }}
imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
command: command:
- tail - tail
args: args:

6
charts/jfrog/artifactory-jcr/charts/artifactory/templates/nginx-service.yaml
View File

@ -14,6 +14,12 @@ metadata:
{{ toYaml .Values.nginx.service.annotations | indent 4 }} {{ toYaml .Values.nginx.service.annotations | indent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.nginx.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.nginx.service.ipFamilyPolicy }}
{{- end }}
{{- if not (empty .Values.nginx.service.ipFamilies)}}
ipFamilies: {{- toYaml .Values.nginx.service.ipFamilies | nindent 4 }}
{{- end }}
type: {{ .Values.nginx.service.type }} type: {{ .Values.nginx.service.type }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }} {{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}} {{ if .Values.nginx.service.loadBalancerIP -}}

361
charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml
View File

@ -12,7 +12,8 @@ global:
## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion
## This applies also for nginx images (.Values.nginx.image.tag) ## This applies also for nginx images (.Values.nginx.image.tag)
versions: {} versions: {}
# artifactory: # artifactory:
# initContainers:
# joinKey: # joinKey:
# masterKey: # masterKey:
# joinKeySecretName: # joinKeySecretName:
@ -42,9 +43,14 @@ global:
## String to fully override artifactory.fullname template ## String to fully override artifactory.fullname template
## ##
# fullnameOverride: # fullnameOverride:
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475
# Init containers # Init containers
initContainers: initContainers:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1552
pullPolicy: IfNotPresent
resources: resources:
requests: requests:
memory: "50Mi" memory: "50Mi"
@ -55,7 +61,10 @@ initContainers:
installer: installer:
type: type:
platform: platform:
installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' ## The installerInfo is intentionally commented out and the previous content has been moved under `files/installer-info.json`
## To override the content in `files/installer-info.json`, Uncomment the `installerInfo` and add relevant data
# installerInfo: '{}'
# For supporting pulling from private registries # For supporting pulling from private registries
# imagePullSecrets: # imagePullSecrets:
# - myRegistryKeySecretName # - myRegistryKeySecretName
@ -128,6 +137,8 @@ ingress:
# Additional ingress rules # Additional ingress rules
additionalRules: [] additionalRules: []
# This is an experimental feature, enabling this feature will route all traffic through the Router.
disableRouterBypass: false
## Allows to add custom ingress ## Allows to add custom ingress
customIngress: "" customIngress: ""
networkpolicy: [] networkpolicy: []
@ -158,11 +169,6 @@ autoscaling:
minReplicas: 1 minReplicas: 1
maxReplicas: 3 maxReplicas: 3
targetCPUUtilizationPercentage: 70 targetCPUUtilizationPercentage: 70
logger:
image:
registry: releases-docker.jfrog.io
repository: ubi9/ubi-minimal
tag: 9.3.1475
## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName
## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` ## Example : Create a generic secret using `kubectl create secret generic <secret-name> --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}`
aws: aws:
@ -170,10 +176,19 @@ aws:
enabled: false enabled: false
licenseConfigSecretName: licenseConfigSecretName:
region: us-east-1 region: us-east-1
## Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext: containerSecurityContext:
enabled: true enabled: true
runAsNonRoot: true runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
@ -187,8 +202,8 @@ router:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: jfrog/router repository: jfrog/router
tag: 7.91.0 tag: 7.105.1
imagePullPolicy: IfNotPresent pullPolicy: IfNotPresent
serviceRegistry: serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled ## Service registry (Access) TLS verification skipped if enabled
insecure: false insecure: false
@ -269,8 +284,9 @@ artifactory:
## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust ## refer - https://www.jfrog.com/confluence/display/JFROG/Access+Federation#AccessFederation-EstablishingtheCircleofTrust
## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder.
circleOfTrustCertificatesSecret: circleOfTrustCertificatesSecret:
# unifiedSecretInstallation flag enables single unified secret holding all the artifactory secrets # unifiedSecretInstallation flag enables single unified secret holding all the artifactory internal(chart) secrets, It won't be affecting external secrets.
unifiedSecretInstallation: false ## Note: unifiedSecretInstallation flag is enabled by true by default from chart version 107.79.x, Users can switch to false to continue with the old way of secret creation.
unifiedSecretInstallation: true
# For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above. # For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above.
replicaCount: 1 replicaCount: 1
# minAvailable: 1 # minAvailable: 1
@ -410,8 +426,8 @@ artifactory:
## Add custom init containers execution before predefined init containers ## Add custom init containers execution before predefined init containers
customInitContainersBegin: "" customInitContainersBegin: ""
# - name: "custom-setup" # - name: "custom-setup"
# image: "{{ .Values.initContainerImage }}" # image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext: # securityContext:
# runAsNonRoot: true # runAsNonRoot: true
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
@ -429,8 +445,8 @@ artifactory:
## Add custom init containers execution after predefined init containers ## Add custom init containers execution after predefined init containers
customInitContainers: "" customInitContainers: ""
# - name: "custom-systemyaml-setup" # - name: "custom-systemyaml-setup"
# image: "{{ .Values.initContainerImage }}" # image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext: # securityContext:
# runAsNonRoot: true # runAsNonRoot: true
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
@ -449,8 +465,8 @@ artifactory:
# - The provided example uses a custom volume (customVolumes) # - The provided example uses a custom volume (customVolumes)
customSidecarContainers: "" customSidecarContainers: ""
# - name: "sidecar-list-etc" # - name: "sidecar-list-etc"
# image: "{{ .Values.initContainerImage }}" # image: {{ include "artifactory.getImageInfoByValue" (list . "initContainers") }}
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" # imagePullPolicy: {{ .Values.initContainers.image.pullPolicy }}
# securityContext: # securityContext:
# runAsNonRoot: true # runAsNonRoot: true
# allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
@ -609,156 +625,34 @@ artifactory:
# name: my-secret-name # name: my-secret-name
# key: my-secret-key # key: my-secret-key
systemYaml: | ## System YAML entries now reside under files/system.yaml.
router: ## You can provide the specific values that you want to add or override under 'artifactory.extraSystemYaml'.
serviceRegistry: ## For example:
insecure: {{ .Values.router.serviceRegistry.insecure }} ## extraSystemYaml:
shared: ## shared:
{{- if .Values.artifactory.coldStorage.enabled }} ## node:
jfrogColdStorage: ## id: my-instance
coldInstanceEnabled: true ## The entries provided under 'artifactory.extraSystemYaml' are merged with files/system.yaml to create the final system.yaml.
{{- end }} ## If you have already provided system.yaml under, 'artifactory.systemYaml', the values in that entry take precedence over files/system.yaml
{{- if .Values.artifactory.openMetrics.enabled }} ## You can modify specific entries with your own value under `artifactory.extraSystemYaml`, The values under extraSystemYaml overrides the values under 'artifactory.systemYaml' and files/system.yaml
metrics: extraSystemYaml: {}
enabled: true ## systemYaml is intentionally commented and the previous content has been moved under files/system.yaml.
{{- if .Values.artifactory.openMetrics.filebeat.enabled }} ## You have to add the all entries of the system.yaml file here, and it overrides the values in files/system.yaml.
filebeat: {{ toYaml .Values.artifactory.openMetrics.filebeat | nindent 6 }} # systemYaml:
{{- end }}
{{- end }}
logging:
consoleLog:
enabled: {{ .Values.artifactory.consoleLog }}
extraJavaOpts: >
-Dartifactory.graceful.shutdown.max.request.duration.millis={{ mul .Values.artifactory.terminationGracePeriodSeconds 1000 }}
-Dartifactory.access.client.max.connections={{ .Values.access.tomcat.connector.maxThreads }}
{{- with .Values.artifactory.javaOpts }}
{{- if .corePoolSize }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- end }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory.fullname" $ }}
{{- end }}
{{- if .jmx.authenticate }}
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.access.file={{ .jmx.accessFile }}
-Dcom.sun.management.jmxremote.password.file={{ .jmx.passwordFile }}
{{- else }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- end }}
{{- if or .Values.database.type .Values.postgresql.enabled }}
database:
{{- if .Values.postgresql.enabled }}
type: postgresql
url: "jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.postgresqlDatabase }}"
driver: org.postgresql.Driver
username: "{{ .Values.postgresql.postgresqlUsername }}"
{{- else }}
type: "{{ .Values.database.type }}"
driver: "{{ .Values.database.driver }}"
{{- end }}
{{- end }}
artifactory:
{{- if or .Values.artifactory.haDataDir.enabled .Values.artifactory.haBackupDir.enabled }}
node:
{{- if .Values.artifactory.haDataDir.path }}
haDataDir: {{ .Values.artifactory.haDataDir.path }}
{{- end }}
{{- if .Values.artifactory.haBackupDir.path }}
haBackupDir: {{ .Values.artifactory.haBackupDir.path }}
{{- end }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
maintenanceConnector:
port: {{ .Values.artifactory.tomcat.maintenanceConnector.port }}
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.artifactory.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.access.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.access.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.access.tomcat.connector.extraConfig }}
{{- if .Values.mc.enabled }}
mc:
enabled: true
database:
maxOpenConnections: {{ .Values.mc.database.maxOpenConnections }}
idgenerator:
maxOpenConnections: {{ .Values.mc.idgenerator.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.mc.tomcat.connector.maxThreads }}
sendReasonPhrase: {{ .Values.mc.tomcat.connector.sendReasonPhrase }}
extraConfig: {{ .Values.mc.tomcat.connector.extraConfig }}
{{- end }}
metadata:
database:
maxOpenConnections: {{ .Values.metadata.database.maxOpenConnections }}
{{- if .Values.artifactory.replicator.enabled }}
replicator:
enabled: true
{{- end }}
{{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
jfconnect:
enabled: true
{{- else }}
jfconnect:
enabled: false
jfconnect_service:
enabled: false
{{- end }}
{{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }}
federation:
enabled: true
embedded: {{ .Values.federation.embedded }}
extraJavaOpts: {{ .Values.federation.extraJavaOpts }}
port: {{ .Values.federation.internalPort }}
rtfs:
database:
driver: org.postgresql.Driver
type: postgresql
username: {{ .Values.federation.database.username }}
password: {{ .Values.federation.database.password }}
url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}
{{- else }}
federation:
enabled: false
{{- end }}
{{- if .Values.event.webhooks }}
event:
webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }}
{{- end }}
annotations: {} annotations: {}
service: service:
name: artifactory name: artifactory
type: ClusterIP type: ClusterIP
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer) ## For supporting whitelist on the Artifactory service (useful if setting service.type=LoadBalancer)
## Set this to a list of IP CIDR ranges ## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -770,78 +664,29 @@ artifactory:
# nodePort: 32082 # nodePort: 32082
statefulset: statefulset:
annotations: {} annotations: {}
## The following setting are to configure a dedicated Ingress object for Replicator service
replicator:
name: replicator
enabled: false
## Extra environment variables that can be used to tune replicator to your needs.
## Uncomment and set value as needed
extraEnvironmentVariables:
# - name: MY_ENV_VAR
# value: ""
resources: {}
# requests:
# memory: "100Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "1"
# Add lifecycle hooks for replicator container
lifecycle: {}
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler"]
# preStop:
# exec:
# command: ["/bin/sh","-c","echo Hello from the preStop handler"]
ingress:
enabled: true
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
## When replicator is enabled and want to use tracker feature, trackerIngress.enabled flag should be set to true
## Please refer - https://www.jfrog.com/confluence/display/JFROG/JFrog+Peer-to-Peer+%28P2P%29+Downloads
trackerIngress:
enabled: false
name:
hosts: []
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "off"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# chunked_transfer_encoding on;
tls: []
# Secrets must be manually created in the namespace.
# - hosts:
# - artifactory.domain.example
# secretName: chart-example-tls-secret
## IMPORTANT: If overriding artifactory.internalPort: ## IMPORTANT: If overriding artifactory.internalPort:
## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024! ## DO NOT use port lower than 1024 as Artifactory runs as non-root and cannot bind to ports lower than 1024!
externalPort: 8082 externalPort: 8082
internalPort: 8082 internalPort: 8082
externalArtifactoryPort: 8081 externalArtifactoryPort: 8081
internalArtifactoryPort: 8081 internalArtifactoryPort: 8081
uid: 1030
gid: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. ## Pod Security Context
## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
setSecurityContext: true ## @param artifactory.podSecurityContext.enabled Enable security context
## @param artifactory.podSecurityContext.runAsNonRoot Set pod's Security Context runAsNonRoot
## @param artifactory.podSecurityContext.runAsUser User ID for the pod
## @param artifactory.podSecurityContext.runASGroup Group ID for the pod
## @param artifactory.podSecurityContext.fsGroup Group ID for the pod
##
podSecurityContext:
enabled: true
runAsNonRoot: true
runAsUser: 1030
runAsGroup: 1030
fsGroup: 1030
# fsGroupChangePolicy: "Always"
# seLinuxOptions: {}
livenessProbe: livenessProbe:
enabled: true enabled: true
config: | config: |
@ -897,9 +742,13 @@ artifactory:
## Redundancy required For HA deployments, with "cluster" persistence storage type ## Redundancy required For HA deployments, with "cluster" persistence storage type
redundancy: 3 redundancy: 3
lenientLimit: 1 lenientLimit: 1
## Cache default size. Should be increased for production deployments. ## cache-fs binary provider configurations
## Refer: https://jfrog.com/help/r/jfrog-installation-setup-documentation/cache-fs-template-configuration
maxCacheSize: 5000000000 maxCacheSize: 5000000000
cacheProviderDir: cache cacheProviderDir: cache
## maxFileSizeLimit:
## skipDuringUpload:
## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config ## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config
## Supported types are: ## Supported types are:
## file-system (default) ## file-system (default)
@ -915,6 +764,7 @@ artifactory:
## s3-storage-v3-archive ## s3-storage-v3-archive
## azure-blob ## azure-blob
## azure-blob-storage-direct ## azure-blob-storage-direct
## azure-blob-storage-v2-direct
## cluster-azure-blob-storage ## cluster-azure-blob-storage
type: file-system type: file-system
## Use binarystoreXml to provide a custom binarystore.xml ## Use binarystoreXml to provide a custom binarystore.xml
@ -997,7 +847,7 @@ artifactory:
enablePathStyleAccess: false enablePathStyleAccess: false
multiPartLimit: multiPartLimit:
multipartElementSize: multipartElementSize:
## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, cluster-azure-blob-storage ## For artifactory.persistence.type azure-blob, azure-blob-storage-direct, cluster-azure-blob-storage, azure-blob-storage-v2-direct
azureBlob: azureBlob:
accountName: accountName:
accountKey: accountKey:
@ -1446,6 +1296,9 @@ nginx:
annotations: {} annotations: {}
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
disableProxyBuffering: false disableProxyBuffering: false
# singleStackIPv6Cluster flag, which manages the Nginx configuration to enable listening on IPv6 and proxy.
# If .Values.nginx.service.ipFamilies and .Values.artifactory.service.ipFamilies is configured for only IPv6, users need to enable this flag.
singleStackIPv6Cluster: false
deployment: deployment:
annotations: {} annotations: {}
# Note that by default we use appVersion to get image tag/version # Note that by default we use appVersion to get image tag/version
@ -1494,6 +1347,7 @@ nginx:
# Logs options # Logs options
logs: logs:
stderr: false stderr: false
stdout: false
level: warn level: warn
## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports. ## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports.
customPorts: [] customPorts: []
@ -1505,7 +1359,7 @@ nginx:
# Main Nginx configuration file # Main Nginx configuration file
worker_processes 4; worker_processes 4;
{{ if .Values.nginx.logs.stderr }} {{- if .Values.nginx.logs.stderr }}
error_log stderr {{ .Values.nginx.logs.level }}; error_log stderr {{ .Values.nginx.logs.level }};
{{- else -}} {{- else -}}
error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }}; error_log {{ .Values.nginx.persistence.mountPath }}/logs/error.log {{ .Values.nginx.logs.level }};
@ -1516,7 +1370,11 @@ nginx:
## SSH Server Configuration ## SSH Server Configuration
stream { stream {
server { server {
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.ssh.internalPort }};
{{- else -}}
listen {{ .Values.nginx.ssh.internalPort }}; listen {{ .Values.nginx.ssh.internalPort }};
{{- end }}
proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }}; proxy_pass {{ include "artifactory.fullname" . }}:{{ .Values.artifactory.ssh.externalPort }};
} }
} }
@ -1526,7 +1384,6 @@ nginx:
worker_connections 1024; worker_connections 1024;
} }
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
@ -1566,7 +1423,11 @@ nginx:
'referer = \"$http_referer\" ' 'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"'; 'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; {{- if .Values.nginx.logs.stdout }}
access_log /dev/stdout timing;
{{- else -}}
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
{{- end }}
sendfile on; sendfile on;
#tcp_nopush on; #tcp_nopush on;
@ -1589,18 +1450,34 @@ nginx:
## server configuration ## server configuration
server { server {
{{- if .Values.nginx.internalPortHttps }} {{- if .Values.nginx.internalPortHttps }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttps }} ssl;
{{- else -}}
listen {{ .Values.nginx.internalPortHttps }} ssl; listen {{ .Values.nginx.internalPortHttps }} ssl;
{{- end }}
{{- else -}} {{- else -}}
{{- if .Values.nginx.https.enabled }} {{- if .Values.nginx.https.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.https.internalPort }} ssl;
{{- else -}}
listen {{ .Values.nginx.https.internalPort }} ssl; listen {{ .Values.nginx.https.internalPort }} ssl;
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}
{{- if .Values.nginx.internalPortHttp }} {{- if .Values.nginx.internalPortHttp }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.internalPortHttp }};
{{- else -}}
listen {{ .Values.nginx.internalPortHttp }}; listen {{ .Values.nginx.internalPortHttp }};
{{- end }}
{{- else -}} {{- else -}}
{{- if .Values.nginx.http.enabled }} {{- if .Values.nginx.http.enabled }}
{{- if .Values.nginx.singleStackIPv6Cluster }}
listen [::]:{{ .Values.nginx.http.internalPort }};
{{- else -}}
listen {{ .Values.nginx.http.internalPort }}; listen {{ .Values.nginx.http.internalPort }};
{{- end }} {{- end }}
{{- end }}
{{- end }} {{- end }}
server_name ~(?<repo>.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} server_name ~(?<repo>.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }}
{{- range .Values.ingress.hosts -}} {{- range .Values.ingress.hosts -}}
@ -1677,6 +1554,16 @@ nginx:
## For minikube, set this to NodePort, elsewhere use LoadBalancer ## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer type: LoadBalancer
ssloffload: false ssloffload: false
## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific)
## This can be either SingleStack, PreferDualStack or RequireDualStack
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilyPolicy: ""
## @param service.ipFamilies Controller Service ipFamilies (optional, cloud specific)
## This can be either ["IPv4"], ["IPv6"], ["IPv4", "IPv6"] or ["IPv6", "IPv4"]
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
##
ipFamilies: []
## For supporting whitelist on the Nginx LoadBalancer service ## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges ## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
@ -1797,7 +1684,7 @@ postgresql:
image: image:
registry: releases-docker.jfrog.io registry: releases-docker.jfrog.io
repository: bitnami/postgresql repository: bitnami/postgresql
tag: 13.10.0-debian-11-r14 tag: 15.6.0-debian-11-r16
postgresqlUsername: artifactory postgresqlUsername: artifactory
postgresqlPassword: "" postgresqlPassword: ""
postgresqlDatabase: artifactory postgresqlDatabase: artifactory
@ -1832,6 +1719,8 @@ postgresql:
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false), ## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## specify custom database details here or leave empty and Artifactory will use embedded derby ## specify custom database details here or leave empty and Artifactory will use embedded derby
database: database:
## To run Artifactory with any database other than PostgreSQL allowNonPostgresql set to true.
allowNonPostgresql: false
type: type:
driver: driver:
## If you set the url, leave host and port empty ## If you set the url, leave host and port empty
@ -1914,7 +1803,7 @@ filebeat:
hosts: ["{{ .Values.filebeat.logstashUrl }}"] hosts: ["{{ .Values.filebeat.logstashUrl }}"]
## Allows to add additional kubernetes resources ## Allows to add additional kubernetes resources
## Use --- as a separator between multiple resources ## Use --- as a separator between multiple resources
## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml ## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/helm/artifactory-values.yaml
additionalResources: "" additionalResources: ""
# Adding entries to a Pod's /etc/hosts file # Adding entries to a Pod's /etc/hosts file
# For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases # For an example, refer - https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases

9
charts/jfrog/artifactory-jcr/values.yaml
View File

@ -35,7 +35,7 @@ artifactory:
# other: "" # other: ""
installer: installer:
platform: jcr-helm platform: jcr-helm
installerInfo: '{"productId": "Helm_artifactory-jcr/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}' installerInfo: '{"productId":"Helm_artifactory-jcr/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}'
## Nginx ## Nginx
## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
nginx: nginx:
@ -69,8 +69,7 @@ postgresql:
enabled: true enabled: true
router: router:
image: image:
tag: 7.91.0 tag: 7.105.1
logger: initContainers:
image: image:
tag: 9.3.1475 tag: 9.3.1552
initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.3.1475

68
index.yaml
View File

@ -4352,6 +4352,40 @@ entries:
- assets/argo/argo-cd-5.8.0.tgz - assets/argo/argo-cd-5.8.0.tgz
version: 5.8.0 version: 5.8.0
artifactory-ha: artifactory-ha:
- annotations:
artifactoryServiceVersion: 7.84.15
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.84.10
created: "2024-05-13T00:55:01.445481645Z"
dependencies:
- condition: postgresql.enabled
name: postgresql
repository: file://./charts/postgresql
version: 10.3.18
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
digest: 188d3d7005a2bb23c43a47e2a8a36fe4616aafce78d7ae9dd8359856ff3973b2
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png
keywords:
- artifactory
- jfrog
- devops
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: installers@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
urls:
- assets/jfrog/artifactory-ha-107.84.10.tgz
version: 107.84.10
- annotations: - annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA catalog.cattle.io/display-name: JFrog Artifactory HA
@ -6062,6 +6096,40 @@ entries:
- assets/jfrog/artifactory-ha-3.0.1400.tgz - assets/jfrog/artifactory-ha-3.0.1400.tgz
version: 3.0.1400 version: 3.0.1400
artifactory-jcr: artifactory-jcr:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.84.10
created: "2024-05-13T00:55:01.854239727Z"
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.84.10
description: JFrog Container Registry
digest: 1b1215e20da4b80fb1fc8862942d9ca33cb0bde033ef015d59e2154624c4b0da
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
keywords:
- artifactory
- jfrog
- container
- registry
- devops
- jfrog-container-registry
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: helm@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
urls:
- assets/jfrog/artifactory-jcr-107.84.10.tgz
version: 107.84.10
- annotations: - annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry catalog.cattle.io/display-name: JFrog Container Registry