andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generated changes

pull/81/head
actions 2021-02-26 18:58:10 +00:00
parent bb1f1d193d
commit 9f5646c01f
81 changed files with 2287 additions and 651 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz Normal file
View File

Binary file not shown.

32
assets/index.yaml
View File

@ -68,6 +68,36 @@ entries:
- assets/artifactory-ha/artifactory-ha-3.0.1400.tgz
version: 3.0.1400
artifactory-jcr:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v1
appVersion: 7.12.5
created: "2021-02-26T18:58:09.545552572Z"
dependencies:
- name: artifactory
repository: https://charts.jfrog.io/
version: 11.7.4
description: JFrog Container Registry
digest: 148af8042991b7d031770887a8d64e034268c2e1e3eb03f55e13310a40cb2a60
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png
keywords:
- artifactory
- jfrog
- container
- registry
- devops
- jfrog-container-registry
maintainers:
- email: helm@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
urls:
- assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz
version: 3.4.000
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: artifactory-jcr
@ -579,4 +609,4 @@ entries:
urls:
- assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200
generated: "2021-02-26T18:55:48.743664584Z"
generated: "2021-02-26T18:58:09.533084638Z"

31
charts/artifactory-jcr/CHANGELOG.md
View File

@ -1,6 +1,37 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
## [3.4.0] - Jan 4, 2020
* Update dependency Artifactory chart version to 11.7.4 (Artifactory 7.12.5)
## [3.3.1] - Dec 1, 2020
* Update dependency Artifactory chart version to 11.5.4 (Artifactory 7.11.5)
## [3.3.0] - Nov 23, 2020
* Update dependency Artifactory chart version to 11.5.2 (Artifactory 7.11.2)
## [3.2.2] - Nov 9, 2020
* Update dependency Artifactory chart version to 11.4.5 (Artifactory 7.10.6)
## [3.2.1] - Nov 2, 2020
* Update dependency Artifactory chart version to 11.4.4 (Artifactory 7.10.5)
## [3.2.0] - Oct 19, 2020
* Update dependency Artifactory chart version to 11.4.0 (Artifactory 7.10.2)
## [3.1.0] - Sep 30, 2020
* Update dependency Artifactory chart version to 11.1.0 (Artifactory 7.9.0)
## [3.0.2] - Sep 23, 2020
* Updates readme
## [3.0.1] - Sep 15, 2020
* Update dependency Artifactory chart version to 11.0.1 (Artifactory 7.7.8)
## [3.0.0] - Sep 14, 2020
* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images
* Update dependency Artifactory chart version to 11.0.0 (Artifactory 7.7.3)
## [2.5.1] - Jul 29, 2020
* Update dependency Artifactory chart version to 10.0.12 (Artifactory 7.6.3)

18
charts/artifactory-jcr/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 7.6.3
appVersion: 7.12.5
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png
@ -11,22 +11,12 @@ keywords:
- devops
- jfrog-container-registry
maintainers:
- email: amithk@jfrog.com
name: amithins
- email: daniele@jfrog.com
name: danielezer
- email: eldada@jfrog.com
name: eldada
- email: ramc@jfrog.com
name: chukka
- email: rimasm@jfrog.com
name: rimusz
- email: vinaya@jfrog.com
name: vinaya
- email: helm@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
version: 2.5.100
version: 3.4.000
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: artifactory-jcr

46
charts/artifactory-jcr/README.md
View File

@ -2,6 +2,8 @@
JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support.
**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).**
## Prerequisites Details
* Kubernetes 1.12+
@ -28,7 +30,7 @@ helm repo update
### Install Chart
To install the chart with the release name `jfrog-container-registry`:
```bash
helm upgrade --install jfrog-container-registry --set postgresql.postgresqlPassword=<postgres_password> --namespace artifactory-jcr center/jfrog/artifactory-jcr
helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword=<postgres_password> --namespace artifactory-jcr center/jfrog/artifactory-jcr
```
### Accessing JFrog Container Registry
@ -40,6 +42,24 @@ Once you have a new chart version, you can upgrade your deployment with
helm upgrade jfrog-container-registry center/jfrog/artifactory-jcr
```
### Special Upgrade Notes
#### Artifactory upgrade from 6.x to 7.x (App Version)
Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed.
It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration.
```yaml
artifactory:
artifactory:
# Migration support from 6.x to 7.x
migration:
enabled: true
timeoutSeconds: 3600
```
* Note: If you are upgrading from 1.x to 3.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart.
```bash
kubectl delete statefulsets <OLD_RELEASE_NAME>-postgresql
```
* For more details about artifactory chart upgrades refer [here](https://github.com/jfrog/charts/blob/master/stable/artifactory/UPGRADE_NOTES.md)
### Deleting JFrog Container Registry
On helm v2:
@ -61,29 +81,7 @@ kubectl delete pv ...
## Database
The JFrog Container Registry chart comes with PostgreSQL deployed by default.<br>
For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory).
## Configuration
The following table lists the **basic** configurable parameters of the JFrog Container Registry chart and their default values.
**NOTE:** All supported parameters are documented in the main [artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory).
| Parameter | Description | Default |
|------------------------------------------------|-----------------------------------|---------------------------------------------------|
| `artifactory.artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-jcr` |
| `artifactory.artifactory.image.version` | Container tag | `.Chart.AppVersion` |
| `artifactory.artifactory.resources` | Artifactory container resources | `{}` |
| `artifactory.artifactory.javaOpts` | Artifactory Java options | `{}` |
| `artifactory.nginx.enabled` | Deploy nginx server | `true` |
| `artifactory.nginx.service.type` | Nginx service type | `LoadBalancer` |
| `artifactory.nginx.tlsSecretName` | TLS secret for Nginx pod | `` |
| `artifactory.ingress.enabled` | Enable Ingress (should come with `artifactory.nginx.enabled=false`) | `false` |
| `artifactory.ingress.tls` | Ingress TLS configuration (YAML) | `[]` |
| `artifactory.postgresql.enabled` | Use the Artifactory PostgreSQL sub chart | `true` |
| `artifactory.database` | Custom database configuration (if not using bundled PostgreSQL sub-chart) | |
| `postgresql.enabled` | Enable the Artifactory PostgreSQL sub chart | `true` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory).
### Ingress and TLS
To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:

150
charts/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,6 +1,156 @@
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
## [11.7.4] - Jan 04, 2020
* Fixed gid support for statefulset
## [11.7.3] - Dec 31, 2020
* Added gid support for statefulset
* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset
## [11.7.2] - Dec 29, 2020
* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations)
* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml)
* Updated Artifactory version to 7.12.5
## [11.7.1] - Dec 21, 2020
* Updated Artifactory version to 7.12.3
## [11.7.0] - Dec 18, 2020
* Updated Artifactory version to 7.12.2
* Added `.Values.artifactory.openMetrics.enabled`
## [11.6.1] - Dec 11, 2020
* Added configurable `.Values.global.versions.artifactory` in values.yaml
## [11.6.0] - Dec 10, 2020
* Update postgresql tag version to `12.5.0-debian-10-r25`
* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com`
* Updated chart maintainers email
## [11.5.5] - Dec 4, 2020
* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride`
## [11.5.4] - Dec 1, 2020
* Improve error message returned when attempting helm upgrade command
## [11.5.3] - Nov 30, 2020
* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11)
## [11.5.2] - Nov 23, 2020
* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11)
* Updated port namings on services and pods to allow for istio protocol discovery
* Change semverCompare checks to support hosted Kubernetes
* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics
* Prevent the PostHook command to be executed if the user did not specify a command in the values file
* Fix issue with tls file generation when nginx.https.enabled is false
## [11.5.1] - Nov 19, 2020
* Updated Artifactory version to 7.11.2
* Bugfix - access.config.import.xml override Access Federation configurations
## [11.5.0] - Nov 17, 2020
* Updated Artifactory version to 7.11.1
* Update alpine tag version to `3.12.1`
## [11.4.6] - Nov 10, 2020
* Pass system.yaml via external secret for advanced usecases
* Added support for custom ingress
* Bugfix - stateful set not picking up changes to database secrets
## [11.4.5] - Nov 9, 2020
* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6)
## [11.4.4] - Nov 2, 2020
* Add enablePathStyleAccess property for aws-s3-v3 binary provider template
## [11.4.3] - Nov 2, 2020
* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5)
## [11.4.2] - Oct 22, 2020
* Chown bug fix where Linux capability cannot chown all files causing log line warnings
* Fix Frontend timeout linting issue
## [11.4.1] - Oct 20, 2020
* Add flag to disable prepare-custom-persistent-volume init container
## [11.4.0] - Oct 19, 2020
* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2)
## [11.3.2] - Oct 15, 2020
* Add support to specify priorityClassName for nginx deployment
## [11.3.1] - Oct 9, 2020
* Add support for customInitContainersBegin
## [11.3.0] - Oct 7, 2020
* Updated Artifactory version to 7.9.1
* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml
## [11.2.0] - Oct 5, 2020
* Expose Prometheus metrics via a ServiceMonitor
* Parse log files for metric data with Fluentd
## [11.1.0] - Sep 30, 2020
* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9)
* Added support for resources in init container
## [11.0.11] - Sep 25, 2020
* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements
## [11.0.10] - Sep 28, 2020
* Setting chart coordinates in migitation yaml
## [11.0.9] - Sep 25, 2020
* Update filebeat version to `7.9.2`
## [11.0.8] - Sep 24, 2020
* Fixed broken issue - when setting `waitForDatabase: false` container startup still waits for DB
## [11.0.7] - Sep 22, 2020
* Readme updates
## [11.0.6] - Sep 22, 2020
* Fix lint issue in migitation yaml
## [11.0.5] - Sep 22, 2020
* Fix broken migitation yaml
## [11.0.4] - Sep 21, 2020
* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md)
## [11.0.3] - Sep 17, 2020
* Added configurable session(UI) timeout in frontend microservice
## [11.0.2] - Sep 17, 2020
* Added proper required text to be shown while postgres upgrades
## [11.0.1] - Sep 14, 2020
* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8)
## [11.0.0] - Sep 2, 2020
* **Breaking change:** Changed `imagePullSecrets`values from string to list.
* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images
* Added support for global values
* Updated maintainers in chart.yaml
* Update postgresql tag version to `12.3.0-debian-10-r71`
* Update postgresql chart version to `9.3.4` in requirements.yaml - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900)
* **IMPORTANT**
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**!
* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true
## [10.1.0] - Aug 13, 2020
* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7)
## [10.0.15] - Aug 10, 2020
* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3.
## [10.0.14] - Jul 31, 2020
* Update the README section on Nginx SSL termination to reflect the actual YAML structure.
## [10.0.13] - Jul 30, 2020
* Added condition to disable the migration scripts.
## [10.0.12] - Jul 28, 2020
* Document Artifactory node affinity.

16
charts/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 7.6.3
appVersion: 7.12.5
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
home: https://www.jfrog.com/artifactory/
@ -9,18 +9,10 @@ keywords:
- jfrog
- devops
maintainers:
- email: amithk@jfrog.com
name: amithins
- email: daniele@jfrog.com
name: danielezer
- email: eldada@jfrog.com
name: eldada
- email: ramc@jfrog.com
name: chukka
- email: rimasm@jfrog.com
name: rimusz
- email: installers@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
version: 10.0.12
version: 11.7.4

338
charts/artifactory-jcr/charts/artifactory/README.md
View File

@ -1,5 +1,7 @@
# JFrog Artifactory Helm Chart
**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).**
## Prerequisites Details
* Kubernetes 1.12+
@ -78,8 +80,13 @@ It's possible to configure the migration timeout with the following configuratio
artifactory:
# Migration support from 6.x to 7.x
migration:
enabled: true
timeoutSeconds: 3600
```
* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart.
```bash
kubectl delete statefulsets <OLD_RELEASE_NAME>-postgresql
```
### Artifactory memory and CPU resources
The Artifactory Helm chart comes with support for configured resource requests and limits to Artifactory, Nginx and PostgreSQL. By default, these settings are commented out.
@ -227,6 +234,13 @@ Use this template if you want to attach an IAM role to the Artifactory pod direc
...
```
To enable [Direct Cloud Storage Download](https://www.jfrog.com/confluence/display/JFROG/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-1.ConfiguretheArtifactoryFilestore)
```bash
...
--set artifactory.persistence.awsS3V3.enableSignedUrlRedirect=true \
...
```
#### Microsoft Azure Blob Storage
To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider)
- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade`
@ -926,16 +940,16 @@ and use it with you helm install/upgrade:
helm upgrade --install artifactory -f filebeat.yaml --namespace artifactory center/jfrog/artifactory
```
### Install Artifactory HA with Nginx and Terminate SSL in Nginx Service(LoadBalancer).
### Install Artifactory with Nginx and Terminate SSL in Nginx Service(LoadBalancer).
To install the helm chart with performing SSL offload in the LoadBalancer layer of Nginx
For Ex: Using AWS ACM certificates to do SSL offload in the loadbalancer layer.
In order to do that, simply add the following to a `artifactory-ssl-values.yaml` file:
```yaml
nginx:
ssloffload: true
https:
enabled: false
service:
ssloffload: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:xx-xxxx:xxxxxxxx:certificate/xxxxxxxxxxxxx"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
@ -1097,17 +1111,16 @@ artifactory:
secretName: <CUSTOM_SECRET>
```
### Ingress behind another load balancer
If you are running a load balancer, that is used to offload the TLS, in front of Nginx Ingress Controller, or if you are setting **X-Forwarded-*** headers, you might want to enable **'use-forwarded-headers=true'** option. Otherwise nginx will be filling those headers with the request information it receives from the external load balancer.
To enable it with `helm install`
```bash
helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress --set-string controller.config.use-forwarded-headers=true
helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx --set-string controller.config.use-forwarded-headers=true
```
or `helm upgrade`
```bash
helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true stable/nginx-ingress
helm upgrade nginx-ingress --set-string controller.config.use-forwarded-headers=true center/kubernetes-ingress-nginx/ingress-nginx
```
or create a values.yaml file with the following content:
```yaml
@ -1117,315 +1130,22 @@ controller:
```
Then install nginx-ingress with the values file you created:
```bash
helm upgrade --install nginx-ingress --namespace nginx-ingress stable/nginx-ingress -f values.yaml
helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes-ingress-nginx/ingress-nginx -f values.yaml
```
This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml`
### Log Analytics
## Configuration
The following table lists the configurable parameters of the artifactory chart and their default values.
#### FluentD, Prometheus and Grafana
| Parameter | Description | Default |
|---------------------------|-----------------------------------|----------------------------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `serviceAccount.annotations` | Artifactory service account annotations | `` |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `logger.image.repository` | repository for logger image | `busybox` |
| `logger.image.tag` | tag for logger image | `1.30` |
| `artifactory.name` | Artifactory name | `artifactory` |
| `artifactory.replicaCount` | Replica count for Artifactory deployment| `1` |
| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` |
| `artifactory.image.version` | Container tag | `.Chart.AppVersion` |
| `artifactory.labels` | Artifactory labels | `{}` |
| `artifactory.priorityClass.create` | Create a PriorityClass object | `false` |
| `artifactory.priorityClass.value` | Priority Class value | `1000000000` |
| `artifactory.priorityClass.name` | Priority Class name | `{{ template "artifactory.fullname" . }}` |
| `artifactory.priorityClass.existingPriorityClass` | Use existing priority class | `` |
| `artifactory.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` |
| `artifactory.loggersResources.requests.memory` | Artifactory loggers initial memory request | |
| `artifactory.loggersResources.requests.cpu` | Artifactory loggers initial cpu request | |
| `artifactory.loggersResources.limits.memory` | Artifactory loggers memory limit | |
| `artifactory.loggersResources.limits.cpu` | Artifactory loggers cpu limit | |
| `artifactory.catalinaLoggers` | Artifactory Tomcat loggers (see values.yaml for possible values) | `[]` |
| `artifactory.catalinaLoggersResources.requests.memory` | Artifactory Tomcat loggers initial memory request | |
| `artifactory.catalinaLoggersResources.requests.cpu` | Artifactory Tomcat loggers initial cpu request | |
| `artifactory.catalinaLoggersResources.limits.memory` | Artifactory Tomcat loggers memory limit | |
| `artifactory.catalinaLoggersResources.limits.cpu` | Artifactory Tomcat loggers cpu limit | |
| `artifactory.customInitContainers`| Custom init containers | |
| `artifactory.customSidecarContainers`| Custom sidecar containers | |
| `artifactory.customVolumes` | Custom volumes | |
| `artifactory.customVolumeMounts` | Custom Artifactory volumeMounts | |
| `artifactory.customSecrets` | Custom secrets | |
| `artifactory.customPersistentPodVolumeClaim` | Custom PVC spec to create and attach a unique PVC for each pod on startup with the volumeClaimTemplates feature in StatefulSet | |
| `artifactory.customPersistentVolumeClaim` | Custom PVC spec to be mounted to the all artifactory containers using a volume | |
| `artifactory.userPluginSecrets` | Array of secret names for Artifactory user plugins | |
| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used. | |
| `artifactory.configMaps` | configMaps to be created as volume by the name `artifactory-configmaps`. In order to use these configMaps, you will need to add `customVolumeMounts` to point to the created volume and mount it onto a container | |
| `artifactory.license.secret` | Artifactory license secret name | |
| `artifactory.license.dataKey`| Artifactory license secret data key | |
| `artifactory.service.name`| Artifactory service name to be set in Nginx configuration | `artifactory` |
| `artifactory.service.type`| Artifactory service type | `ClusterIP` |
| `artifactory.service.loadBalancerSourceRanges`| Artifactory service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | |
| `artifactory.service.annotations` | Artifactory service annotations | `{}` |
| `artifactory.externalPort` | Artifactory router service external port | `8082` |
| `artifactory.internalPort` | Artifactory router service internal port (**DO NOT** use port lower than 1024) | `8082` |
| `artifactory.internalArtifactoryPort` | Artifactory service internal port (**DO NOT** use port lower than 1024) | `8081` |
| `artifactory.externalArtifactoryPort` | Artifactory service external port | `8081` |
| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` |
| `artifactory.livenessProbe.path` | Liveness probe HTTP Get path | `/router/api/v1/system/health` |
| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.masterKey` | Artifactory Master Key. A 128-Bit key size (hexadecimal encoded) string (32 hex characters). Can be generated with `openssl rand -hex 32`. NOTE: This key is generated only once and cannot be updated once created | `` |
| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | |
| `artifactory.joinKey` | Join Key to connect other services to Artifactory. Can be generated with `openssl rand -hex 32` | `` |
| `artifactory.joinKeySecretName` | Artifactory join Key secret name | |
| `artifactory.admin.ip` | Artifactory admin ip to be set upon startup, can use (*) for 0.0.0.0| `127.0.0.1` |
| `artifactory.admin.username` | Artifactory admin username to be set upon startup| `admin` |
| `artifactory.admin.password` | Artifactory admin password to be set upon startup| |
| `artifactory.admin.secret` | Artifactory admin secret name | |
| `artifactory.admin.dataKey` | Artifactory admin secret data key | |
| `artifactory.preStartCommand` | Command to run before entrypoint starts | |
| `artifactory.postStartCommand` | Command to run after container starts. Supports templating with `tpl` | |
| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. Supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | |
| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `artifactory.readinessProbe.path` | Readiness probe HTTP Get path | `/router/api/v1/system/health` |
| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 |
| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.deleteDBPropertiesOnStartup` | Whether to delete the ARTIFACTORY_HOME/etc/db.properties file on startup. Disabling this will remove the ability for the db.properties to be updated with any DB-related environment variables change (e.g. DB_HOST, DB_URL) | `true` |
| `artifactory.database.maxOpenConnections` | Maximum amount of open connections from Artifactory to the DB | `80` |
| `artifactory.copyOnEveryStartup` | List of files to copy on startup from source (which is absolute) to target (which is relative to ARTIFACTORY_HOME | |
| `artifactory.migration.timeoutSeconds` | Artifactory migration Maximum Timeout in seconds| `3600` |
| `artifactory.migration.enabled` | Artifactory migration enabled or disabled | `true` |
| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` |
| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` |
| `artifactory.persistence.existingClaim` | Artifactory persistence volume claim name | |
| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` |
| `artifactory.persistence.size` | Artifactory persistence or local volume size | `20Gi` |
| `artifactory.persistence.binarystore.enabled` | whether you want to mount the binarystore.xml file from a secret created by the chart. If `false` you will need need to get the binarystore.xml file into the file-system from either an `initContainer` or using a `preStartCommand` | `true` |
| `artifactory.persistence.binarystoreXml` | Artifactory binarystore.xml template | See `values.yaml` |
| `artifactory.persistence.customBinarystoreXmlSecret` | A custom Secret for binarystore.xml | `` |
| `artifactory.persistence.maxCacheSize` | The maximum storage allocated for the cache in bytes. | `50000000000` |
| `artifactory.persistence.cacheProviderDir` | the root folder of binaries for the filestore cache. If the value specified starts with a forward slash ("/") it is considered the fully qualified path to the filestore folder. Otherwise, it is considered relative to the *baseDataDir*. | `cache` |
| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` |
| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` |
| `artifactory.persistence.nfs.ip` | NFS server IP | |
| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` |
| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` |
| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory` |
| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` |
| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` |
| `artifactory.persistence.fileSystem.cache.enabled` | Enable Artifactory cache when using the file-system persistence type | `false` |
| `artifactory.persistence.eventual.numberOfThreads` | Eventual number of threads | `10` |
| `artifactory.persistence.googleStorage.endpoint` | Google Storage API endpoint| `storage.googleapis.com` |
| `artifactory.persistence.googleStorage.httpsOnly` | Google Storage API has to be consumed https only| `false` |
| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory` |
| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | |
| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | |
| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory/filestore` |
| `artifactory.persistence.googleStorage.bucketExists`| Google Storage bucket exists therefore does not need to be created.| `false` |
| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-aws` |
| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | |
| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | |
| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory/filestore` |
| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) |
| `artifactory.persistence.awsS3.httpsOnly` | AWS S3 https access to the bucket only | `true` |
| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.persistence.awsS3.s3AwsVersion` | AWS S3 signature version | `AWS4-HMAC-SHA256` |
| `artifactory.persistence.awsS3V3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.persistence.awsS3V3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3V3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3V3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3V3.bucketName` | AWS S3 bucket name | `artifactory-aws` |
| `artifactory.persistence.awsS3V3.path` | AWS S3 path in bucket | `artifactory/filestore` |
| `artifactory.persistence.awsS3V3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3V3.maxConnections` | AWS S3 bucket maxConnections | `50` |
| `artifactory.persistence.awsS3V3.kmsServerSideEncryptionKeyId` | AWS S3 encryption key ID or alias | |
| `artifactory.persistence.awsS3V3.kmsKeyRegion` | AWS S3 KMS Key region | |
| `artifactory.persistence.awsS3V3.kmsCryptoMode` | AWS S3 KMS encryption mode | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate |
| `artifactory.persistence.awsS3V3.useInstanceCredentials` | AWS S3 Use default authentication mechanism | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-authentication |
| `artifactory.persistence.awsS3V3.usePresigning` | AWS S3 Use URL signing | `false` |
| `artifactory.persistence.awsS3V3.signatureExpirySeconds` | AWS S3 Validity period in seconds for signed URLs | `300` |
| `artifactory.persistence.awsS3V3.cloudFrontDomainName` | AWS CloudFront domain name | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)|
| `artifactory.persistence.awsS3V3.cloudFrontKeyPairId` | AWS CloudFront key pair ID | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)|
| `artifactory.persistence.awsS3V3.cloudFrontPrivateKey` | AWS CloudFront private key | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)|
| `artifactory.persistence.azureBlob.accountName` | Azure Blob Storage account name | `` |
| `artifactory.persistence.azureBlob.accountKey` | Azure Blob Storage account key | `` |
| `artifactory.persistence.azureBlob.endpoint` | Azure Blob Storage endpoint | `` |
| `artifactory.persistence.azureBlob.containerName` | Azure Blob Storage container name | `` |
| `artifactory.persistence.azureBlob.testConnection` | Azure Blob Storage test connection | `false` |
| `artifactory.resources.requests.memory` | Artifactory initial memory request | |
| `artifactory.resources.requests.cpu` | Artifactory initial cpu request | |
| `artifactory.resources.limits.memory` | Artifactory memory limit | |
| `artifactory.resources.limits.cpu` | Artifactory cpu limit | |
| `artifactory.javaOpts.xms` | Artifactory java Xms size | |
| `artifactory.javaOpts.xmx` | Artifactory java Xms size | |
| `artifactory.javaOpts.corePoolSize` | The number of async processes that can run in parallel - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `8` |
| `artifactory.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` |
| `artifactory.javaOpts.jmx.port` | JMX Port number | `9010` |
| `artifactory.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory.fullname" $ }}` |
| `artifactory.javaOpts.jmx.ssl` | Enable SSL | `false` |
| `artifactory.javaOpts.jmx.authenticate` | Enable JMX authentication | `false` |
| `artifactory.javaOpts.jmx.accessFile` | The path to the JMX access file, when JMX authentication is enabled | |
| `artifactory.javaOpts.jmx.passwordFile` | The path to the JMX password file, when JMX authentication is enabled | |
| `artifactory.javaOpts.other` | Artifactory additional java options | |
| `artifactory.replicator.enabled` | Enable the Replicator service (relevant for Enterprise+ only) | `false` |
| `artifactory.ssh.enabled` | Enable Artifactory SSH access | |
| `artifactory.ssh.internalPort` | Artifactory SSH internal port | `1339` |
| `artifactory.ssh.externalPort` | Artifactory SSH external port | `1339` |
| `artifactory.terminationGracePeriodSeconds` | Termination grace period (seconds) | `30s` |
| `artifactory.tomcat.connector.maxThreads` | The max number of connections to Artifactory connector | `200` |
| `artifactory.tomcat.connector.extraConfig` | The max queue length for incoming connections to Artifactory connector | `'acceptCount="100"'` |
| `artifactory.systemYaml` | Artifactory system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML | `see values.yaml` |
| `artifactory.affinity` | Artifactory node affinity | `{}` |
| `access.database.maxOpenConnections` | Maximum amount of open connections from Access to the DB | `80` |
| `access.tomcat.connector.maxThreads` | The max number of connections to Aceess connector | `50` |
| `access.tomcat.connector.extraConfig` | The max queue length for incoming connections to Access connector | `'acceptCount="100"'` |
| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` |
| `ingress.annotations` | Artifactory Ingress annotations | `{}` |
| `ingress.labels` | Artifactory Ingress labels | `{}` |
| `ingress.hosts` | Artifactory Ingress hostnames | `[]` |
| `ingress.routerPath` | Router Ingress path | `/` |
| `ingress.artifactoryPath` | Artifactory Ingress path | `/` |
| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` |
| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` |
| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | |
| `ingress.additionalRules` | Ingress additional rules to be added to the Artifactory ingress. | `[]` |
| `metadata.database.maxOpenConnections` | Maximum amount of open connections from metadata to the DB | `80` |
| `nginx.name` | Nginx name | `nginx` |
| `nginx.enabled` | Deploy nginx server | `true` |
| `nginx.kind` | Nginx object kind, for example `DaemonSet`, `Deployment` or `StatefulSet` | `Deployment` |
| `nginx.name` | Nginx name | `nginx` |
| `nginx.replicaCount` | Nginx replica count | `1` |
| `nginx.uid` | Nginx User Id | `104` |
| `nginx.gid` | Nginx Group Id | `107` |
| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` |
| `nginx.image.version` | Container tag | `.Chart.AppVersion` |
| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `nginx.labels` | Nginx deployment labels | `{}` |
| `nginx.loggers` | Nginx loggers (see values.yaml for possible values) | `[]` |
| `nginx.loggersResources.requests.memory` | Nginx logger initial memory request | |
| `nginx.loggersResources.requests.cpu` | Nginx logger initial cpu request | |
| `nginx.loggersResources.limits.memory` | Nginx logger memory limit | |
| `nginx.loggersResources.limits.cpu` | Nginx logger cpu limit | |
| `nginx.logs.stderr` | Send nginx logs to stderr | false |
| `nginx.logs.level` | Nginx log level: debug, info, notice, warn, error, crit, alert, or emerg | warn |
| `nginx.mainConf` | Content of the Artifactory nginx main nginx.conf config file | `see values.yaml` |
| `nginx.artifactoryConf` | Content of Artifactory nginx artifactory.conf config file | `see values.yaml` |
| `nginx.service.type`| Nginx service type | `LoadBalancer` |
| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | |
| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` |
| `nginx.service.ssloffload` | Nginx service SSL offload | false |
| `nginx.loadBalancerIP` | Provide Static IP to configure with Nginx | |
| `nginx.http.enabled` | Nginx http service enabled/disabled | true |
| `nginx.http.externalPort` | Nginx service external port | `80` |
| `nginx.http.internalPort` | Nginx service internal port | `80` |
| `nginx.https.enabled` | Nginx http service enabled/disabled | true |
| `nginx.https.externalPort` | Nginx service external port | `443` |
| `nginx.https.internalPort` | Nginx service internal port | `443` |
| `nginx.ssh.internalPort` | Nginx SSH internal port | `22` |
| `nginx.ssh.externalPort` | Nginx SSH external port | `22` |
| `nginx.externalPortHttp` | DEPRECATED: Nginx service external port | `80` |
| `nginx.internalPortHttp` | DEPRECATED:Nginx service internal port | `80` |
| `nginx.externalPortHttps` | DEPRECATED: Nginx service external port | `443` |
| `nginx.internalPortHttps` | DEPRECATED: Nginx service internal port | `443` |
| `nginx.livenessProbe.enabled` | Enable liveness probe | `true` |
| `nginx.livenessProbe.path` | Liveness probe HTTP Get path | `/router/api/v1/system/health` |
| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 60 |
| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 |
| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1|
| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `nginx.readinessProbe.path` | Readiness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 |
| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1 |
| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | |
| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` |
| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory.conf` | ` ` |
| `nginx.persistence.mountPath` | Nginx persistence volume mount path | `"/var/opt/jfrog/nginx"` |
| `nginx.persistence.enabled` | Nginx persistence volume enabled | `false` |
| `nginx.persistence.accessMode` | Nginx persistence volume access mode | `ReadWriteOnce` |
| `nginx.persistence.size` | Nginx persistence volume size | `5Gi` |
| `nginx.resources.requests.memory` | Nginx initial memory request | |
| `nginx.resources.requests.cpu` | Nginx initial cpu request | |
| `nginx.resources.limits.memory` | Nginx memory limit | |
| `nginx.resources.limits.cpu` | Nginx cpu limit | |
| `waitForDatabase` | Wait for database (using wait-for-db init container) | `true` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.image.registry` | PostgreSQL image registry | `docker.bintray.io` |
| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
| `postgresql.image.tag` | PostgreSQL image tag | `9.6.18-debian-10-r7` |
| `postgresql.postgresqlDatabase` | PostgreSQL database name | `artifactory` |
| `postgresql.postgresqlUsername` | PostgreSQL database user | `artifactory` |
| `postgresql.postgresqlPassword` | PostgreSQL database password | |
| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` |
| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `1500` |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `postgresql.master.nodeSelector` | PostgreSQL master node selector | `{}` |
| `postgresql.master.affinity` | PostgreSQL master node affinity | `{}` |
| `postgresql.master.tolerations` | PostgreSQL master node tolerations | `[]` |
| `postgresql.slave.nodeSelector` | PostgreSQL slave node selector | `{}` |
| `postgresql.slave.affinity` | PostgreSQL slave node affinity | `{}` |
| `postgresql.slave.tolerations` | PostgreSQL slave node tolerations | `[]` |
| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | |
| `database.driver` | External database driver e.g. `org.postgresql.Driver` | |
| `database.url` | External database connection URL | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
| `database.secrets.url.name ` | External database url `Secret` name | |
| `database.secrets.url.key` | External database url `Secret` key | |
| `networkpolicy.name` | Becomes part of the NetworkPolicy object name | `artifactory` |
| `networkpolicy.podselector` | Contains the YAML that specifies how to match pods. Usually using matchLabels. | |
| `networkpolicy.ingress` | YAML snippet containing to & from rules applied to incoming traffic | `- {}` (open to all inbound traffic) |
| `networkpolicy.egress` | YAML snippet containing to & from rules applied to outgoing traffic | `- {}` (open to all outbound traffic) |
| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` |
| `filebeat.name` | filebeat container name | `artifactory-filebeat` |
| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` |
| `filebeat.image.version` | filebeat Docker image version | `7.5.1` |
| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` |
| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/artifactory/values.yaml) |
| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/artifactory/values.yaml) |
| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 |
| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.resources.requests.memory` | Filebeat initial memory request | |
| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | |
| `filebeat.resources.limits.memory` | Filebeat memory limit | |
| `filebeat.resources.limits.cpu` | Filebeat cpu limit | |
| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/artifactory/values.yaml) |
To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo:
https://github.com/jfrog/log-analytics-prometheus
That repo contains a file `artifactory-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
## Useful links
https://www.jfrog.com
https://www.jfrog.com/confluence/
- https://www.jfrog.com/confluence/display/EP/Getting+Started
- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory
- https://www.jfrog.com/confluence/

6
charts/artifactory-jcr/charts/artifactory/UPGRADE_NOTES.md
View File

@ -1,10 +1,14 @@
# JFrog Artifactory Chart Upgrade Notes
This file describes special upgrade notes needed at specific versions
## Upgrade from 8.X to 9.X (Chart Versions)
## Upgrade from 8.X to 9.X and above (Chart Versions)
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!**
* To upgrade from a version prior to 8.x, you first need to upgrade to latest version of 8.x as described in https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md.
* Note: If you are upgrading from 8.x to 11.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart.
```bash
kubectl delete statefulsets <OLD_RELEASE_NAME>-postgresql
```
## Upgrade from 7.X to 8.X (Chart Versions)
**DOWNTIME IS REQUIRED FOR AN UPGRADE!**

6
charts/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.yaml
View File

@ -1,5 +1,7 @@
annotations:
category: Database
apiVersion: v1
appVersion: 11.7.0
appVersion: 11.9.0
description: Chart for PostgreSQL, an object-relational database management system
(ORDBMS) with an emphasis on extensibility and on standards-compliance.
home: https://www.postgresql.org/
@ -19,4 +21,4 @@ maintainers:
name: postgresql
sources:
- https://github.com/bitnami/bitnami-docker-postgresql
version: 8.7.3
version: 9.3.4

136
charts/artifactory-jcr/charts/artifactory/charts/postgresql/README.md
View File

@ -4,7 +4,7 @@
For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha)
## TL;DR;
## TL;DR
```console
$ helm repo add bitnami https://charts.bitnami.com/bitnami
@ -20,7 +20,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment
## Prerequisites
- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- Helm 2.12+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure
## Installing the Chart
@ -42,7 +42,15 @@ To uninstall/delete the `my-release` deployment:
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release.
To delete the PVC's associated with `my-release`:
```console
$ kubectl delete pvc -l release=my-release
```
> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it.
## Parameters
@ -95,10 +103,10 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` |
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` |
| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ |
| `postgresqlUsername` | PostgreSQL admin user | `postgres` |
| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ |
| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `nil` |
| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ |
| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` |
| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ |
| `postgresqlDatabase` | PostgreSQL database | `nil` |
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) |
| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` |
@ -112,7 +120,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` |
| `initdbScripts` | Dictionary of initdb scripts | `nil` |
| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` |
| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` |
| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` |
| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
@ -132,6 +140,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` |
| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
| `persistence.annotations` | Annotations for the PVC | `{}` |
| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` |
| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` |
| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` |
| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` |
@ -139,7 +148,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` |
| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` |
| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` |
| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` |
| `master.priorityClassName` | Priority Class to use for each pod (postgresql master) | `nil` |
| `master.extraInitContainers` | Additional init containers to add to the pods (postgresql master) | `[]` |
| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` |
| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` |
@ -154,7 +163,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` |
| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` |
| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` |
| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` |
| `slave.priorityClassName` | Priority Class to use for each pod (postgresql slave) | `nil` |
| `slave.extraInitContainers` | Additional init containers to add to the pods (postgresql slave) | `[]` |
| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` |
| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` |
@ -162,13 +171,14 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `slave.service.type` | Allows using a different service type for Slave | `nil` |
| `slave.service.nodePort` | Allows using a different nodePort for Slave | `nil` |
| `slave.service.clusterIP` | Allows using a different clusterIP for Slave | `nil` |
| `slave.persistence.enabled` | Whether to enable slave replicas persistence | `true` |
| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` |
| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` |
| `serviceAcccount.name` | Name of existing service account | `nil` |
| `serviceAccount.name` | Name of existing service account | `nil` |
| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` |
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
@ -184,6 +194,13 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `readinessProbe.timeoutSeconds` | When the probe times out | 5 |
| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `tls.enabled` | Enable TLS traffic support | `false` |
| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` |
| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` |
| `tls.certFilename` | Certificate filename | `""` |
| `tls.certKeyFilename` | Certificate key filename | `""` |
| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. |`nil` |
| `tls.crlFilename` | File containing a Certificate Revocation List |`nil` |
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.service.type` | Kubernetes Service type | `ClusterIP` |
| `service.clusterIP` | Static clusterIP or None for headless services | `nil` |
@ -198,12 +215,13 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql |
| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` |
| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` |
| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` |
| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` |
| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `metrics.customMetrics` | Additional custom metrics | `nil` |
| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) |
| `metrics.securityContext.enabled` | Enable security context for metrics | `false` |
| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` |
| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 |
@ -218,6 +236,9 @@ The following tables lists the configurable parameters of the PostgreSQL chart a
| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` |
| `psp.create` | Create Pod Security Policy | `false` |
| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@ -287,7 +308,7 @@ At the top level, there is a service object which defines the services for both
### Change PostgreSQL version
To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0`
To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters.
### postgresql.conf / pg_hba.conf files as configMap
@ -316,6 +337,35 @@ In addition to these options, you can also set an external ConfigMap with all th
The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
### Securing traffic using TLS
TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart:
- `tls.enabled`: Enable TLS support. Defaults to `false`
- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults.
- `tls.certFilename`: Certificate filename. No defaults.
- `tls.certKeyFilename`: Certificate key filename. No defaults.
For example:
* First, create the secret with the cetificates files:
```console
kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt
```
* Then, use the following parameters:
```console
volumePermissions.enabled=true
tls.enabled=true
tls.certificatesSecret="certificates-tls-secret"
tls.certFilename="cert.crt"
tls.certKeyFilename="cert.key"
```
> Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `securityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected.
### Sidecars
If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec.
@ -443,6 +493,60 @@ $ helm upgrade my-release stable/postgresql \
> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes.
## 9.0.0
In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version.
As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow:
- Deploy an old version (8.X.X)
```console
$ helm install postgresql bitnami/postgresql --version 8.10.14
```
- Old version is up and running
```console
$ helm ls
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
postgresql-postgresql-0 1/1 Running 0 76s
```
- The upgrade to the latest one (9.X.X) is going to fail
```console
$ helm upgrade postgresql bitnami/postgresql
Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden
```
- Delete the statefulset
```console
$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql
statefulset.apps "postgresql-postgresql" deleted
```
- Now the upgrade works
```cosnole
$ helm upgrade postgresql bitnami/postgresql
$ helm ls
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0
```
- We can kill the existing pod and the new statefulset is going to create a new one:
```console
$ kubectl delete pod postgresql-postgresql-0
pod "postgresql-postgresql-0" deleted
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
postgresql-postgresql-0 1/1 Running 0 19s
```
Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command
## 8.0.0
Prefixes the port names with their protocols to comply with Istio conventions.

22
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

21
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/Chart.yaml Normal file
View File

@ -0,0 +1,21 @@
annotations:
category: Infrastructure
apiVersion: v1
appVersion: 0.6.2
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: http://www.bitnami.com/
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
keywords:
- common
- helper
- template
- function
- bitnami
maintainers:
- email: containers@bitnami.com
name: Bitnami
name: common
sources:
- https://github.com/bitnami/charts
version: 0.6.2

274
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/README.md Normal file
View File

@ -0,0 +1,274 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
## TL;DR
```yaml
dependencies:
- name: common
version: 0.x.x
repository: https://charts.bitnami.com/bitnami
```
```bash
$ helm dependency update
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
```
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
## Prerequisites
- Kubernetes 1.12+
- Helm 2.12+ or Helm 3.0-beta3+
## Parameters
The following table lists the helpers available in the library which are scoped in different sections.
**Names**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
| `common.names.chart` | Chart name plus version | `.` Chart context |
**Images**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
**Labels**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context |
**Storage**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
**TplValues**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frecuently is the chart context `$` or `.` |
**Capabilities**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
**Validations**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "context" $` secret and field are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
| `common.validations.values.mariadb.passwords` | When a chart is using `bitnami/mariadb` as subchart you should use this to validate required password are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "context" $` |
| `common.validations.values.postgresql.passwords` | This helper will ensure required password are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
**Warnings**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
**Errors**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
**Utils**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
**Secrets**
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
## Special input schemas
### ImageRoot
```yaml
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets.
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
```
### Persistence
```yaml
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
```
### ExistingSecret
```yaml
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
```
**Example of use**
When we store sensitive data for a deployment in a secret, some times we want to give to users the possiblity of using theirs existing secrets.
```yaml
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
```
### ValidateValue
**NOTES.txt**
```
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
```
If we force those values to be empty we will see some alerts
```console
$ helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode)
```
## Notable changes
N/A

22
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl Normal file
View File

@ -0,0 +1,22 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}

20
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl Normal file
View File

@ -0,0 +1,20 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

43
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $tag := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

18
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl Normal file
View File

@ -0,0 +1,18 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "common.labels.standard" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "common.labels.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

32
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl Normal file
View File

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

49
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl Normal file
View File

@ -0,0 +1,49 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user
to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.names.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = cat $name .defaultNameSuffix -}}
{{- end -}}
{{- with .existingSecret -}}
{{- $name = .name -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret - Optional. The path to the existing secrets in the values.yaml given by the user
to be used istead of the default one. +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

23
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl Normal file
View File

@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Storage Class
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
*/}}
{{- define "common.storage.class" -}}
{{- $storageClass := .persistence.storageClass -}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- $storageClass = .global.storageClass -}}
{{- end -}}
{{- end -}}
{{- if $storageClass -}}
{{- if (eq "-" $storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" $storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}

13
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl Normal file
View File

@ -0,0 +1,13 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Renders a value that contains template.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

26
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl Normal file
View File

@ -0,0 +1,26 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}

219
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_validations.tpl Normal file
View File

@ -0,0 +1,219 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $valueKeyArray := splitList "." .valueKey -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $valueKeyArray -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.valueKey | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s=$%s' to the command.%s" .valueKey .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}
{{/*
Validate a mariadb required password must not be empty.
Usage:
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "context" $) }}
Validate value params:
- secret - String - Required. Name of the secret where mysql values are stored, e.g: "mysql-passwords-secret"
*/}}
{{- define "common.validations.values.mariadb.passwords" -}}
{{- if and (not .context.Values.mariadb.existingSecret) .context.Values.mariadb.enabled -}}
{{- $requiredPasswords := list -}}
{{- if .context.Values.mariadb.secret.requirePasswords -}}
{{- $requiredRootMariadbPassword := dict "valueKey" "mariadb.rootUser.password" "secret" .secretName "field" "mariadb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootMariadbPassword -}}
{{- if not (empty .context.Values.mariadb.db.user) -}}
{{- $requiredMariadbPassword := dict "valueKey" "mariadb.db.password" "secret" .secretName "field" "mariadb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredMariadbPassword -}}
{{- end -}}
{{- if .context.Values.mariadb.replication.enabled -}}
{{- $requiredReplicationPassword := dict "valueKey" "mariadb.replication.password" "secret" .secretName "field" "mariadb-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Validate a postgresql required password must not be empty.
Usage:
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.postgresql.passwords" -}}
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
{{- $enabled := include "common.postgresql.values.enabled" . -}}
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
{{- if and (not $existingSecret) $enabled -}}
{{- $requiredPasswords := list -}}
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
{{- if $enabledReplication -}}
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliar function to decide whether evaluate global values.
Usage:
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
Params:
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
*/}}
{{- define "common.postgresql.values.use.global" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.postgresql -}}
{{- index .context.Values.global.postgresql .key | quote -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliar function to get the right value for existingSecret.
Usage:
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.existingSecret" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
{{- if .subchart -}}
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
{{- else -}}
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliar function to get the right value for enabled postgresql.
Usage:
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.enabled" -}}
{{- if .subchart -}}
{{- .context.Values.postgresql.enabled | quote -}}
{{- else -}}
true
{{- end -}}
{{- end -}}
{{/*
Auxiliar function to get the right value for the key postgressPassword.
Usage:
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.postgressPassword" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
{{- if not $globalValue -}}
{{- if .subchart -}}
postgresql.postgresqlPassword
{{- else -}}
postgresqlPassword
{{- end -}}
{{- else -}}
global.postgresql.postgresqlPassword
{{- end -}}
{{- end -}}
{{/*
Auxiliar function to get the right value for enabled.replication.
Usage:
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.enabled.replication" -}}
{{- if .subchart -}}
{{- .context.Values.postgresql.replication.enabled | quote -}}
{{- else -}}
{{- .context.Values.replication.enabled | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliar function to get the right value for the key replication.password.
Usage:
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.replicationPassword" -}}
{{- if .subchart -}}
postgresql.replication.password
{{- else -}}
replication.password
{{- end -}}
{{- end -}}

14
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl Normal file
View File

@ -0,0 +1,14 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Warning about using rolling tag.
Usage:
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
*/}}
{{- define "common.warnings.rollingTag" -}}
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}

3
charts/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/values.yaml Normal file
View File

@ -0,0 +1,3 @@
## bitnami/common
## It is required by CI/CD tools and processes.
exampleValue: common-chart

3
charts/artifactory-jcr/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml Normal file
View File

@ -0,0 +1,3 @@
commonAnnotations:
helm.sh/hook: 'pre-install, pre-upgrade'
helm.sh/hook-weight: '-1'

6
charts/artifactory-jcr/charts/artifactory/charts/postgresql/requirements.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 0.6.2
digest: sha256:740783295d301fdd168fafdbaa760de27ab54b0ff36b513589a5a2515072b885
generated: "2020-09-01T17:40:02.795096189Z"

4
charts/artifactory-jcr/charts/artifactory/charts/postgresql/requirements.yaml Normal file
View File

@ -0,0 +1,4 @@
dependencies:
- name: common
version: 0.x.x
repository: https://charts.bitnami.com/bitnami

9
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/NOTES.txt
View File

@ -7,7 +7,7 @@ PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the fo
{{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection
{{- end }}
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }}
To get the password for "postgres" run:
@ -52,9 +52,8 @@ To connect to your database from outside the cluster execute the following comma
{{- include "postgresql.validateValues" . -}}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
{{- include "common.warnings.rollingTag" .Values.image -}}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "postgresql.fullname" .) "context" $) -}}
{{- end }}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}}

91
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/_helpers.tpl
View File

@ -220,13 +220,20 @@ Get the password secret.
{{- end -}}
{{- end -}}
{{/*
Return true if we should use an existingSecret.
*/}}
{{- define "postgresql.useExistingSecret" -}}
{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "postgresql.createSecret" -}}
{{- if .Values.global.postgresql.existingSecret }}
{{- else if .Values.existingSecret -}}
{{- else -}}
{{- if not (include "postgresql.useExistingSecret" .) -}}
{{- true -}}
{{- end -}}
{{- end -}}
@ -253,6 +260,15 @@ Get the extended configuration ConfigMap name.
{{- end -}}
{{- end -}}
{{/*
Return true if a configmap should be mounted with PostgreSQL configuration
*/}}
{{- define "postgresql.mountConfigurationCM" -}}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Get the initialization scripts ConfigMap name.
*/}}
@ -325,9 +341,9 @@ Get the readiness probe command
{{- define "postgresql.readinessProbeCommand" -}}
- |
{{- if (include "postgresql.database" .) }}
exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
{{- if contains "bitnami/" .Values.image.repository }}
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
@ -399,6 +415,8 @@ Compile all warnings into a single message, and call fail.
{{- define "postgresql.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}}
{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}}
{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
@ -418,3 +436,66 @@ postgresql: ldap.url, ldap.server
More info at https://www.postgresql.org/docs/current/auth-ldap.html
{{- end -}}
{{- end -}}
{{/*
Validate values of Postgresql - If PSP is enabled RBAC should be enabled too
*/}}
{{- define "postgresql.validateValues.psp" -}}
{{- if and .Values.psp.create (not .Values.rbac.create) }}
postgresql: psp.create, rbac.create
RBAC should be enabled if PSP is enabled in order for PSP to work.
More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podsecuritypolicy.
*/}}
{{- define "podsecuritypolicy.apiVersion" -}}
{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "policy/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions
*/}}
{{- define "postgresql.validateValues.tls" -}}
{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }}
postgresql: tls.enabled, volumePermissions.enabled
When TLS is enabled you must enable volumePermissions as well to ensure certificates files have
the right permissions.
{{- end -}}
{{- end -}}
{{/*
Return the path to the cert file.
*/}}
{{- define "postgresql.tlsCert" -}}
{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
{{- end -}}
{{/*
Return the path to the cert key file.
*/}}
{{- define "postgresql.tlsCertKey" -}}
{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}}
{{- end -}}
{{/*
Return the path to the CA cert file.
*/}}
{{- define "postgresql.tlsCACert" -}}
{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}}
{{- end -}}
{{/*
Return the path to the CRL file.
*/}}
{{- define "postgresql.tlsCRL" -}}
{{- if .Values.tls.crlFilename -}}
{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}}
{{- end -}}
{{- end -}}

8
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/configmap.yaml
View File

@ -4,10 +4,10 @@ kind: ConfigMap
metadata:
name: {{ template "postgresql.fullname" . }}-configuration
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if (.Files.Glob "files/postgresql.conf") }}
{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }}

8
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml
View File

@ -4,10 +4,10 @@ kind: ConfigMap
metadata:
name: {{ template "postgresql.fullname" . }}-extended-configuration
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- with .Files.Glob "files/conf.d/*.conf" }}
{{ .AsConfig | indent 2 }}

8
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml
View File

@ -4,10 +4,10 @@ kind: ConfigMap
metadata:
name: {{ template "postgresql.fullname" . }}-init-scripts
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }}
binaryData:
{{- range $path, $bytes := . }}

8
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml
View File

@ -4,10 +4,10 @@ kind: ConfigMap
metadata:
name: {{ template "postgresql.metricsCM" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }}
{{- end }}

13
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml
View File

@ -4,12 +4,12 @@ kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}-metrics
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
annotations:
{{ toYaml .Values.metrics.service.annotations | indent 4 }}
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- toYaml .Values.metrics.service.annotations | nindent 4 }}
spec:
type: {{ .Values.metrics.service.type }}
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
@ -20,7 +20,6 @@ spec:
port: 9187
targetPort: http-metrics
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
{{- include "common.labels.matchLabels" . | nindent 4 }}
role: master
{{- end }}

14
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml
View File

@ -4,15 +4,14 @@ apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
podSelector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
{{- include "common.labels.matchLabels" . | nindent 6 }}
ingress:
# Allow inbound connections
- ports:
@ -28,8 +27,7 @@ spec:
{{- end }}
- podSelector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
{{- include "common.labels.matchLabels" . | nindent 14 }}
role: slave
{{- end }}
# Allow prometheus scrapes

37
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.psp.create }}
apiVersion: {{ include "podsecuritypolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
privileged: false
volumes:
- 'configMap'
- 'secret'
- 'persistentVolumeClaim'
- 'emptyDir'
- 'projected'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}

14
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml
View File

@ -7,13 +7,13 @@ metadata:
namespace: {{ . }}
{{- end }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.metrics.prometheusRule.additionalLabels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- with .Values.metrics.prometheusRule.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- with .Values.metrics.prometheusRule.rules }}
groups:

19
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/role.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
{{- if .Values.psp.create }}
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
resourceNames:
- {{ template "postgresql.fullname" . }}
{{- end }}
{{- end }}

19
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
kind: Role
name: {{ template "postgresql.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- end }}

8
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/secrets.yaml
View File

@ -4,10 +4,10 @@ kind: Secret
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}

10
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml
View File

@ -3,9 +3,9 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
name: {{ template "postgresql.fullname" . }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

14
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml
View File

@ -7,13 +7,14 @@ metadata:
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: http-metrics
@ -28,6 +29,5 @@ spec:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
{{- include "common.labels.matchLabels" . | nindent 6 }}
{{- end }}

92
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset-slaves.yaml
View File

@ -4,33 +4,29 @@ kind: StatefulSet
metadata:
name: "{{ template "postgresql.fullname" . }}-slave"
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- with .Values.slave.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.slave.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- with .Values.slave.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
serviceName: {{ template "postgresql.fullname" . }}-headless
replicas: {{ .Values.replication.slaveReplicas }}
selector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
{{- include "common.labels.matchLabels" . | nindent 6 }}
role: slave
template:
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 8 }}
role: slave
{{- with .Values.slave.podLabels }}
{{ toYaml . | indent 8 }}
@ -68,7 +64,7 @@ spec:
{{- end }}
{{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
initContainers:
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }}
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
@ -79,10 +75,15 @@ spec:
- /bin/sh
- -cx
- |
{{ if .Values.persistence.enabled }}
mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data
chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
{{- if .Values.persistence.enabled }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }}
{{- else }}
chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }}
{{- end }}
mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
xargs chown -R `id -u`:`id -G | cut -d " " -f2`
{{- else }}
@ -92,6 +93,15 @@ spec:
{{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
chmod -R 777 /dev/shm
{{- end }}
{{- if .Values.tls.enabled }}
cp /tmp/certs/* /opt/bitnami/postgresql/certs/
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/
{{- else }}
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/
{{- end }}
chmod 600 {{ template "postgresql.tlsCertKey" . }}
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext:
{{- else }}
@ -108,6 +118,12 @@ spec:
- name: dshm
mountPath: /dev/shm
{{- end }}
{{- if .Values.tls.enabled }}
- name: raw-certificates
mountPath: /tmp/certs
- name: postgresql-certificates
mountPath: /opt/bitnami/postgresql/certs
{{- end }}
{{- end }}
{{- if .Values.slave.extraInitContainers }}
{{ tpl .Values.slave.extraInitContainers . | indent 8 }}
@ -158,7 +174,7 @@ spec:
value: {{ template "postgresql.fullname" . }}
- name: POSTGRES_MASTER_PORT_NUMBER
value: {{ include "postgresql.port" . | quote }}
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
@ -180,6 +196,24 @@ spec:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
- name: POSTGRESQL_ENABLE_TLS
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS
value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }}
- name: POSTGRESQL_TLS_CERT_FILE
value: {{ template "postgresql.tlsCert" . }}
- name: POSTGRESQL_TLS_KEY_FILE
value: {{ template "postgresql.tlsCertKey" . }}
{{- if .Values.tls.certCAFilename }}
- name: POSTGRESQL_TLS_CA_FILE
value: {{ template "postgresql.tlsCACert" . }}
{{- end }}
{{- if .Values.tls.crlFilename }}
- name: POSTGRESQL_TLS_CRL_FILE
value: {{ template "postgresql.tlsCRL" . }}
{{- end }}
{{- end }}
ports:
- name: tcp-postgresql
containerPort: {{ template "postgresql.port" . }}
@ -190,9 +224,9 @@ spec:
- /bin/sh
- -c
{{- if (include "postgresql.database" .) }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
@ -236,6 +270,11 @@ spec:
- name: postgresql-config
mountPath: /bitnami/postgresql/conf
{{- end }}
{{- if .Values.tls.enabled }}
- name: postgresql-certificates
mountPath: /opt/bitnami/postgresql/certs
readOnly: true
{{- end }}
{{- if .Values.slave.extraVolumeMounts }}
{{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }}
{{- end }}
@ -258,13 +297,20 @@ spec:
configMap:
name: {{ template "postgresql.extendedConfigurationCM" . }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: raw-certificates
secret:
secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
- name: postgresql-certificates
emptyDir: {}
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 1Gi
{{- end }}
{{- if not .Values.persistence.enabled }}
{{- if or (not .Values.persistence.enabled) (not .Values.slave.persistence.enabled) }}
- name: data
emptyDir: {}
{{- end }}
@ -276,7 +322,7 @@ spec:
{{- if (eq "Recreate" .Values.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
{{- if .Values.persistence.enabled }}
{{- if and .Values.persistence.enabled .Values.slave.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data

103
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset.yaml
View File

@ -3,15 +3,16 @@ kind: StatefulSet
metadata:
name: {{ template "postgresql.master.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- with .Values.master.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- with .Values.master.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
serviceName: {{ template "postgresql.fullname" . }}-headless
@ -23,20 +24,16 @@ spec:
{{- end }}
selector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
{{- include "common.labels.matchLabels" . | nindent 6 }}
role: master
template:
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 8 }}
role: master
{{- with .Values.master.podLabels }}
{{- toYaml . | indent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
@ -67,7 +64,7 @@ spec:
{{- end }}
{{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }}
initContainers:
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }}
{{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }}
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
@ -79,9 +76,14 @@ spec:
- -cx
- |
{{- if .Values.persistence.enabled }}
mkdir -p {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data
chmod 700 {{ .Values.persistence.mountPath }}/conf {{ .Values.persistence.mountPath }}/data
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }}
{{- else }}
chown {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }}
{{- end }}
mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }}
find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
xargs chown -R `id -u`:`id -G | cut -d " " -f2`
{{- else }}
@ -91,6 +93,15 @@ spec:
{{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }}
chmod -R 777 /dev/shm
{{- end }}
{{- if .Values.tls.enabled }}
cp /tmp/certs/* /opt/bitnami/postgresql/certs/
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/
{{- else }}
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/
{{- end }}
chmod 600 {{ template "postgresql.tlsCertKey" . }}
{{- end }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext:
{{- else }}
@ -107,9 +118,15 @@ spec:
- name: dshm
mountPath: /dev/shm
{{- end }}
{{- if .Values.tls.enabled }}
- name: raw-certificates
mountPath: /tmp/certs
- name: postgresql-certificates
mountPath: /opt/bitnami/postgresql/certs
{{- end }}
{{- end }}
{{- if .Values.master.extraInitContainers }}
{{- tpl .Values.master.extraInitContainers . | nindent 8 }}
{{- include "postgresql.tplValue" ( dict "value" .Values.master.extraInitContainers "context" $ ) | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.master.priorityClassName }}
@ -177,7 +194,7 @@ spec:
- name: POSTGRES_CLUSTER_APP_NAME
value: {{ .Values.replication.applicationName }}
{{- end }}
{{- if and .Values.postgresqlPostgresPassword (not (eq .Values.postgresqlUsername "postgres")) }}
{{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"
@ -243,6 +260,24 @@ spec:
- name: POSTGRESQL_LDAP_URL
value: {{ .Values.ldap.url }}
{{- end}}
- name: POSTGRESQL_ENABLE_TLS
value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
{{- if .Values.tls.enabled }}
- name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS
value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }}
- name: POSTGRESQL_TLS_CERT_FILE
value: {{ template "postgresql.tlsCert" . }}
- name: POSTGRESQL_TLS_KEY_FILE
value: {{ template "postgresql.tlsCertKey" . }}
{{- if .Values.tls.certCAFilename }}
- name: POSTGRESQL_TLS_CA_FILE
value: {{ template "postgresql.tlsCACert" . }}
{{- end }}
{{- if .Values.tls.crlFilename }}
- name: POSTGRESQL_TLS_CRL_FILE
value: {{ template "postgresql.tlsCRL" . }}
{{- end }}
{{- end }}
{{- if .Values.extraEnvVarsCM }}
envFrom:
- configMapRef:
@ -258,9 +293,9 @@ spec:
- /bin/sh
- -c
{{- if (include "postgresql.database" .) }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
@ -299,6 +334,11 @@ spec:
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: postgresql-certificates
mountPath: /opt/bitnami/postgresql/certs
readOnly: true
{{- end }}
{{- if .Values.shmVolume.enabled }}
- name: dshm
mountPath: /dev/shm
@ -328,8 +368,14 @@ spec:
{{- end }}
env:
{{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }}
{{- $sslmode := ternary "require" "disable" .Values.tls.enabled }}
{{- if and .Values.tls.enabled .Values.tls.certCAFilename }}
- name: DATA_SOURCE_NAME
value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }}
{{- else }}
- name: DATA_SOURCE_URI
value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }}
value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }}
{{- end }}
{{- if .Values.usePasswordFile }}
- name: DATA_SOURCE_PASS_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
@ -342,6 +388,9 @@ spec:
{{- end }}
- name: DATA_SOURCE_USER
value: {{ template "postgresql.username" . }}
{{- if .Values.metrics.extraEnvVars }}
{{- include "postgresql.tplValue" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
@ -369,6 +418,11 @@ spec:
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: postgresql-certificates
mountPath: /opt/bitnami/postgresql/certs
readOnly: true
{{- end }}
{{- if .Values.metrics.customMetrics }}
- name: custom-metrics
mountPath: /conf
@ -408,6 +462,13 @@ spec:
secret:
secretName: {{ template "postgresql.initdbScriptsSecret" . }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: raw-certificates
secret:
secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }}
- name: postgresql-certificates
emptyDir: {}
{{- end }}
{{- if .Values.master.extraVolumes }}
{{- toYaml .Values.master.extraVolumes | nindent 8 }}
{{- end }}

11
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-headless.yaml
View File

@ -3,10 +3,10 @@ kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}-headless
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
@ -15,5 +15,4 @@ spec:
port: {{ template "postgresql.port" . }}
targetPort: tcp-postgresql
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
{{- include "common.labels.matchLabels" . | nindent 4 }}

14
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-read.yaml
View File

@ -10,12 +10,13 @@ kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}-read
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if $serviceAnnotations }}
annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }}
{{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ $serviceType }}
@ -36,7 +37,6 @@ spec:
nodePort: {{ $serviceNodePort }}
{{- end }}
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
{{- include "common.labels.matchLabels" . | nindent 4 }}
role: slave
{{- end }}

14
charts/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc.yaml
View File

@ -9,12 +9,13 @@ kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- include "common.labels.standard" . | nindent 4 }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "postgresql.tplValue" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if $serviceAnnotations }}
annotations: {{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }}
{{- include "postgresql.tplValue" (dict "value" $serviceAnnotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ $serviceType }}
@ -35,6 +36,5 @@ spec:
nodePort: {{ $serviceNodePort }}
{{- end }}
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
{{- include "common.labels.matchLabels" . | nindent 4 }}
role: master

96
charts/artifactory-jcr/charts/artifactory/charts/postgresql/values-production.yaml
View File

@ -15,7 +15,7 @@ global:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 11.7.0-debian-10-r65
tag: 11.9.0-debian-10-r1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@ -94,6 +94,16 @@ serviceAccount:
## Name of an already existing service account. Setting this value disables the automatic service account creation.
# name:
## Pod Security Policy
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
psp:
create: false
## Creates role for ServiceAccount
## Required for PSP
rbac:
create: false
replication:
enabled: true
user: repl_user
@ -101,7 +111,7 @@ replication:
slaveReplicas: 2
## Set synchronous commit mode: on, off, remote_apply, remote_write and local
## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL
synchronousCommit: "on"
synchronousCommit: 'on'
## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication
## NOTE: It cannot be > slaveReplicas
numSynchronousReplicas: 1
@ -221,17 +231,17 @@ extraEnv: []
##
ldap:
enabled: false
url: ""
server: ""
port: ""
prefix: ""
suffix: ""
baseDN: ""
bindDN: ""
url: ''
server: ''
port: ''
prefix: ''
suffix: ''
baseDN: ''
bindDN: ''
bind_password:
search_attr: ""
search_filter: ""
scheme: ""
search_attr: ''
search_filter: ''
scheme: ''
tls: false
## PostgreSQL service configuration
@ -253,7 +263,6 @@ service:
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Load Balancer sources. Evaluated as a template.
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
@ -301,7 +310,7 @@ persistence:
## The subdirectory of the volume to mount to, useful in dev environments
## and one PV for multiple services.
##
subPath: ""
subPath: ''
# storageClass: "-"
accessModes:
@ -330,7 +339,7 @@ master:
annotations: {}
podLabels: {}
podAnnotations: {}
priorityClassName: ""
priorityClassName: ''
## Additional PostgreSQL Master Volume mounts
##
extraVolumeMounts: []
@ -372,14 +381,14 @@ slave:
annotations: {}
podLabels: {}
podAnnotations: {}
priorityClassName: ""
priorityClassName: ''
## Extra init containers
## Example
##
##
## extraInitContainers:
## - name: do-something
## image: busybox
## command: ['do', 'something']
## command: ['do', 'something']
extraInitContainers: []
## Additional PostgreSQL Slave Volume mounts
##
@ -405,6 +414,10 @@ slave:
# type:
# nodePort:
# clusterIP:
## Whether to enable PostgreSQL slave replicas data Persistent
##
persistence:
enabled: true
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
@ -414,6 +427,10 @@ resources:
memory: 256Mi
cpu: 250m
## Add annotations to all the deployed resources
##
commonAnnotations: {}
networkPolicy:
## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
##
@ -457,6 +474,33 @@ readinessProbe:
failureThreshold: 6
successThreshold: 1
##
## TLS configuration
##
tls:
# Enable TLS traffic
enabled: false
#
# Whether to use the server's TLS cipher preferences rather than the client's.
preferServerCiphers: true
#
# Name of the Secret that contains the certificates
certificatesSecret: ''
#
# Certificate filename
certFilename: ''
#
# Certificate Key filename
certKeyFilename: ''
#
# CA Certificate filename
# If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate
# ref: https://www.postgresql.org/docs/9.6/auth-methods.html
certCAFilename:
#
# File containing a Certificate Revocation List
crlFilename:
## Configure metrics exporter
##
metrics:
@ -465,8 +509,8 @@ metrics:
service:
type: ClusterIP
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9187"
prometheus.io/scrape: 'true'
prometheus.io/port: '9187'
loadBalancerIP:
serviceMonitor:
enabled: false
@ -480,7 +524,7 @@ metrics:
prometheusRule:
enabled: false
additionalLabels: {}
namespace: ""
namespace: ''
## These are just examples rules, please adapt them to your needs.
## Make sure to constraint the rules to the current postgresql service.
## rules:
@ -497,7 +541,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.8.0-debian-10-r72
tag: 0.8.0-debian-10-r188
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
@ -517,6 +561,14 @@ metrics:
# - size_bytes:
# usage: "GAUGE"
# description: "Size of the database in bytes"
## An array to add extra env vars to configure postgres-exporter
## see: https://github.com/wrouesnel/postgres_exporter#environment-variables
## For example:
# extraEnvVars:
# - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS
# value: "true"
extraEnvVars: {}
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##

4
charts/artifactory-jcr/charts/artifactory/charts/postgresql/values.schema.json
View File

@ -72,8 +72,8 @@
"title": "Slave Replicas",
"form": true,
"hidden": {
"condition": false,
"value": "replication.enabled"
"value": false,
"path": "replication/enabled"
}
}
}

100
charts/artifactory-jcr/charts/artifactory/charts/postgresql/values.yaml
View File

@ -15,7 +15,7 @@ global:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 11.7.0-debian-10-r65
tag: 11.9.0-debian-10-r1
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@ -79,7 +79,6 @@ volumePermissions:
##
# schedulerName:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
@ -95,6 +94,16 @@ serviceAccount:
## Name of an already existing service account. Setting this value disables the automatic service account creation.
# name:
## Pod Security Policy
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
psp:
create: false
## Creates role for ServiceAccount
## Required for PSP
rbac:
create: false
replication:
enabled: false
user: repl_user
@ -102,7 +111,7 @@ replication:
slaveReplicas: 1
## Set synchronous commit mode: on, off, remote_apply, remote_write and local
## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL
synchronousCommit: "off"
synchronousCommit: 'off'
## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication
## NOTE: It cannot be > slaveReplicas
numSynchronousReplicas: 0
@ -222,17 +231,17 @@ extraEnv: []
##
ldap:
enabled: false
url: ""
server: ""
port: ""
prefix: ""
suffix: ""
baseDN: ""
bindDN: ""
url: ''
server: ''
port: ''
prefix: ''
suffix: ''
baseDN: ''
bindDN: ''
bind_password:
search_attr: ""
search_filter: ""
scheme: ""
search_attr: ''
search_filter: ''
scheme: ''
tls: false
## PostgreSQL service configuration
@ -254,7 +263,6 @@ service:
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Load Balancer sources. Evaluated as a template.
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
@ -302,7 +310,7 @@ persistence:
## The subdirectory of the volume to mount to, useful in dev environments
## and one PV for multiple services.
##
subPath: ""
subPath: ''
# storageClass: "-"
accessModes:
@ -331,14 +339,14 @@ master:
annotations: {}
podLabels: {}
podAnnotations: {}
priorityClassName: ""
priorityClassName: ''
## Extra init containers
## Example
##
##
## extraInitContainers:
## - name: do-something
## image: busybox
## command: ['do', 'something']
## command: ['do', 'something']
extraInitContainers: []
## Additional PostgreSQL Master Volume mounts
@ -382,7 +390,7 @@ slave:
annotations: {}
podLabels: {}
podAnnotations: {}
priorityClassName: ""
priorityClassName: ''
extraInitContainers: |
# - name: do-something
# image: busybox
@ -411,6 +419,10 @@ slave:
# type:
# nodePort:
# clusterIP:
## Whether to enable PostgreSQL slave replicas data Persistent
##
persistence:
enabled: true
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
@ -420,6 +432,10 @@ resources:
memory: 256Mi
cpu: 250m
## Add annotations to all the deployed resources
##
commonAnnotations: {}
networkPolicy:
## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
##
@ -463,6 +479,33 @@ readinessProbe:
failureThreshold: 6
successThreshold: 1
##
## TLS configuration
##
tls:
# Enable TLS traffic
enabled: false
#
# Whether to use the server's TLS cipher preferences rather than the client's.
preferServerCiphers: true
#
# Name of the Secret that contains the certificates
certificatesSecret: ''
#
# Certificate filename
certFilename: ''
#
# Certificate Key filename
certKeyFilename: ''
#
# CA Certificate filename
# If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate
# ref: https://www.postgresql.org/docs/9.6/auth-methods.html
certCAFilename:
#
# File containing a Certificate Revocation List
crlFilename:
## Configure metrics exporter
##
metrics:
@ -471,8 +514,8 @@ metrics:
service:
type: ClusterIP
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9187"
prometheus.io/scrape: 'true'
prometheus.io/port: '9187'
loadBalancerIP:
serviceMonitor:
enabled: false
@ -486,7 +529,7 @@ metrics:
prometheusRule:
enabled: false
additionalLabels: {}
namespace: ""
namespace: ''
## These are just examples rules, please adapt them to your needs.
## Make sure to constraint the rules to the current postgresql service.
## rules:
@ -503,7 +546,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.8.0-debian-10-r72
tag: 0.8.0-debian-10-r188
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
@ -515,7 +558,7 @@ metrics:
## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
# customMetrics:
# pg_database:
# query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
# query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
# metrics:
# - name:
# usage: "LABEL"
@ -523,6 +566,15 @@ metrics:
# - size_bytes:
# usage: "GAUGE"
# description: "Size of the database in bytes"
#
## An array to add extra env vars to configure postgres-exporter
## see: https://github.com/wrouesnel/postgres_exporter#environment-variables
## For example:
# extraEnvVars:
# - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS
# value: "true"
extraEnvVars: {}
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##

6
charts/artifactory-jcr/charts/artifactory/ci/access-tls-values.yaml
View File

@ -1,5 +1,9 @@
databaseUpgradeReady: true
# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
postgresql:
image:
tag: 12.3.0-debian-10-r71
postgresqlPassword: password
access:
accessConfig:
security:

4
charts/artifactory-jcr/charts/artifactory/ci/default-values.yaml
View File

@ -1,2 +1,6 @@
# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
databaseUpgradeReady: true
# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
postgresql:
postgresqlPassword: password

4
charts/artifactory-jcr/charts/artifactory/ci/derby-test-values.yaml Normal file
View File

@ -0,0 +1,4 @@
databaseUpgradeReady: true
postgresql:
enabled: false

47
charts/artifactory-jcr/charts/artifactory/ci/global-values.yaml Normal file
View File

@ -0,0 +1,47 @@
databaseUpgradeReady: true
# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
postgresql:
postgresqlPassword: password
global:
versions:
artifactory: 7.11.2
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
customInitContainers: |
- name: "custom-setup"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
command:
- 'sh'
- '-c'
- 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup'
volumeMounts:
- mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
name: artifactory-volume
# Add custom volumes
customVolumes: |
- name: custom-script
emptyDir:
sizeLimit: 100Mi
# Add custom volumesMounts
customVolumeMounts: |
- name: custom-script
mountPath: "/scripts"
# Add custom sidecar containers
customSidecarContainers: |
- name: "sidecar-list-etc"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
securityContext:
allowPrivilegeEscalation: false
command: ["sh","-c","echo 'Sidecar is running' >> /scripts/sidecar.txt; cat /scripts/sidecar.txt; while true; do sleep 30; done"]
volumeMounts:
- mountPath: "/scripts"
name: custom-script
resources:
requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "100m"

3
charts/artifactory-jcr/charts/artifactory/ci/migration-disabled-values.yaml
View File

@ -1,4 +1,7 @@
databaseUpgradeReady: true
# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
postgresql:
postgresqlPassword: password
artifactory:
migration:
enabled: false

6
charts/artifactory-jcr/charts/artifactory/requirements.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 8.7.3
digest: sha256:7c0ecc958c9d90f0b5c3843621674788b414ea0497ea6053e8c46531545a47d3
generated: "2020-07-29T12:32:44.070736848Z"
version: 9.3.4
digest: sha256:6c6c7ebc7f0c35a6df917879cd7c51e226f31a4d320e053b3620c5476287e9b8
generated: "2020-09-02T09:42:55.758957+05:30"

2
charts/artifactory-jcr/charts/artifactory/requirements.yaml
View File

@ -1,5 +1,5 @@
dependencies:
- name: postgresql
version: 8.7.3
version: 9.3.4
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled

19
charts/artifactory-jcr/charts/artifactory/security-mitigation.yaml Normal file
View File

@ -0,0 +1,19 @@
## Apache License Version 2.0
## http://www.apache.org/licenses/LICENSE-2.0.txt
## Schema version of this YAML file
schemaVersion: v1
## Overall mitigation summary
summary: Security mitigation information for this application is tracked by the security-mitigation.yaml file that's part of this helm chart.
## Mitigation notes for individual CVEs
mitigations:
- cves:
- CVE-2017-8399
## Indicates package Uri for which the security mitigation is provided. helm://… || docker://…
affectedPackageUri: helm://jfrog/artifactory
## Which chart versions this cve note belongs to
affectedVersions: ">= 10.1.0"
## Description / note
description: This CVE needs to be fixed in the alpine base image of nginx container.

152
charts/artifactory-jcr/charts/artifactory/templates/_helpers.tpl
View File

@ -83,3 +83,155 @@ Scheme (http/https) based on Access TLS enabled/disabled
{{- printf "%s" "http" -}}
{{- end -}}
{{- end -}}
{{/*
Resolve joinKey value
*/}}
{{- define "artifactory.joinKey" -}}
{{- if .Values.global.joinKey -}}
{{- .Values.global.joinKey -}}
{{- else if .Values.artifactory.joinKey -}}
{{- .Values.artifactory.joinKey -}}
{{- end -}}
{{- end -}}
{{/*
Resolve masterKey value
*/}}
{{- define "artifactory.masterKey" -}}
{{- if .Values.global.masterKey -}}
{{- .Values.global.masterKey -}}
{{- else if .Values.artifactory.masterKey -}}
{{- .Values.artifactory.masterKey -}}
{{- end -}}
{{- end -}}
{{/*
Resolve joinKeySecretName value
*/}}
{{- define "artifactory.joinKeySecretName" -}}
{{- if .Values.global.joinKeySecretName -}}
{{- .Values.global.joinKeySecretName -}}
{{- else if .Values.artifactory.joinKeySecretName -}}
{{- .Values.artifactory.joinKeySecretName -}}
{{- else -}}
{{ include "artifactory.fullname" . }}
{{- end -}}
{{- end -}}
{{/*
Resolve masterKeySecretName value
*/}}
{{- define "artifactory.masterKeySecretName" -}}
{{- if .Values.global.masterKeySecretName -}}
{{- .Values.global.masterKeySecretName -}}
{{- else if .Values.artifactory.masterKeySecretName -}}
{{- .Values.artifactory.masterKeySecretName -}}
{{- else -}}
{{ include "artifactory.fullname" . }}
{{- end -}}
{{- end -}}
{{/*
Resolve imagePullSecrets value
*/}}
{{- define "artifactory.imagePullSecrets" -}}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Resolve customInitContainersBegin value
*/}}
{{- define "artifactory.customInitContainersBegin" -}}
{{- if .Values.global.customInitContainersBegin -}}
{{- .Values.global.customInitContainersBegin -}}
{{- else if .Values.artifactory.customInitContainersBegin -}}
{{- .Values.artifactory.customInitContainersBegin -}}
{{- end -}}
{{- end -}}
{{/*
Resolve customInitContainers value
*/}}
{{- define "artifactory.customInitContainers" -}}
{{- if .Values.global.customInitContainers -}}
{{- .Values.global.customInitContainers -}}
{{- else if .Values.artifactory.customInitContainers -}}
{{- .Values.artifactory.customInitContainers -}}
{{- end -}}
{{- end -}}
{{/*
Resolve customVolumes value
*/}}
{{- define "artifactory.customVolumes" -}}
{{- if .Values.global.customVolumes -}}
{{- .Values.global.customVolumes -}}
{{- else if .Values.artifactory.customVolumes -}}
{{- .Values.artifactory.customVolumes -}}
{{- end -}}
{{- end -}}
{{/*
Resolve customVolumeMounts value
*/}}
{{- define "artifactory.customVolumeMounts" -}}
{{- if .Values.global.customVolumeMounts -}}
{{- .Values.global.customVolumeMounts -}}
{{- else if .Values.artifactory.customVolumeMounts -}}
{{- .Values.artifactory.customVolumeMounts -}}
{{- end -}}
{{- end -}}
{{/*
Resolve customSidecarContainers value
*/}}
{{- define "artifactory.customSidecarContainers" -}}
{{- if .Values.global.customSidecarContainers -}}
{{- .Values.global.customSidecarContainers -}}
{{- else if .Values.artifactory.customSidecarContainers -}}
{{- .Values.artifactory.customSidecarContainers -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper artifactory chart image names
*/}}
{{- define "artifactory.getImageInfoByValue" -}}
{{- $dot := index . 0 }}
{{- $indexReference := index . 1 }}
{{- $registryName := index $dot.Values $indexReference "image" "registry" -}}
{{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}}
{{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}}
{{- if $dot.Values.global }}
{{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }}
{{- $tag = $dot.Values.global.versions.artifactory | toString -}}
{{- end -}}
{{- if $dot.Values.global.imageRegistry }}
{{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper artifactory app version
*/}}
{{- define "artifactory.app.version" -}}
{{- $image := split ":" ((include "artifactory.getImageInfoByValue" (list . "artifactory")) | toString) -}}
{{- $tag := $image._1 -}}
{{- printf "%s" $tag -}}
{{- end -}}

3
charts/artifactory-jcr/charts/artifactory/templates/additional-resources.yaml Normal file
View File

@ -0,0 +1,3 @@
{{ if .Values.additionalResources }}
{{ tpl .Values.additionalResources . }}
{{- end -}}

2
charts/artifactory-jcr/charts/artifactory/templates/artifactory-access-config.yaml
View File

@ -10,6 +10,6 @@ metadata:
release: {{ .Release.Name }}
type: Opaque
stringData:
access.config.import.yml: |
access.config.patch.yml: |
{{ tpl (toYaml .Values.access.accessConfig) . | indent 4 }}
{{- end }}

2
charts/artifactory-jcr/charts/artifactory/templates/artifactory-custom-secrets.yaml
View File

@ -4,7 +4,7 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
name: {{ template "artifactory.fullname" $ }}-{{ .name }}
labels:
app: "{{ template "artifactory.name" $ }}"
chart: "{{ template "artifactory.chart" $ }}"

4
charts/artifactory-jcr/charts/artifactory/templates/artifactory-migration-scripts.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.artifactory.migration.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
@ -13,4 +14,5 @@ data:
migrationHelmInfo.yaml: |
{{ .Files.Get "files/migrationHelmInfo.yaml" | indent 4 }}
migrationStatus.sh: |
{{ .Files.Get "files/migrationStatus.sh" | indent 4 }}
{{ .Files.Get "files/migrationStatus.sh" | indent 4 }}
{{- end }}

12
charts/artifactory-jcr/charts/artifactory/templates/artifactory-secrets.yaml
View File

@ -9,9 +9,13 @@ metadata:
release: {{ .Release.Name }}
type: Opaque
data:
{{- if and .Values.artifactory.masterKey (not .Values.artifactory.masterKeySecretName) }}
master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
{{- if or .Values.artifactory.masterKey .Values.global.masterKey }}
{{- if not (or .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName) }}
master-key: {{ include "artifactory.masterKey" . | b64enc | quote }}
{{- end }}
{{- end }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey }}
{{- if not (or .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName) }}
join-key: {{ include "artifactory.joinKey" . | b64enc | quote }}
{{- end }}
{{- if and .Values.artifactory.joinKey (not .Values.artifactory.joinKeySecretName) }}
join-key: {{ .Values.artifactory.joinKey | b64enc | quote }}
{{- end }}

8
charts/artifactory-jcr/charts/artifactory/templates/artifactory-service.yaml
View File

@ -25,23 +25,23 @@ spec:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: router
name: http-router
- port: {{ .Values.artifactory.externalArtifactoryPort }}
targetPort: {{ .Values.artifactory.internalArtifactoryPort }}
protocol: TCP
name: artifactory
name: http-artifactory
{{- if .Values.artifactory.ssh.enabled }}
- port: {{ .Values.artifactory.ssh.externalPort }}
targetPort: {{ .Values.artifactory.ssh.internalPort }}
protocol: TCP
name: ssh
name: tcp-ssh
{{- end }}
{{- with .Values.artifactory.javaOpts.jmx }}
{{- if .enabled }}
- port: {{ .port }}
targetPort: {{ .port }}
protocol: TCP
name: jmx
name: tcp-jmx
{{- end }}
{{- end }}
selector:

121
charts/artifactory-jcr/charts/artifactory/templates/artifactory-statefulset.yaml
View File

@ -12,7 +12,7 @@ metadata:
{{ toYaml . | indent 4 }}
{{- end }}
{{- if and .Release.IsUpgrade .Values.postgresql.enabled }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md), pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true if you are upgrading from chart version which has postgresql version 9.6.x." .Values.databaseUpgradeReady | quote }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE STOPPED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory/CHANGELOG.md) \nNote: This applies only when you are using bundled postgresql (postgresql.enabled=true) \nIf you are upgrading from a chart version (< 11.x) that has postgresql.image.tag of 9.x or 10.x, make sure to pass the current postgresql.image.tag and set databaseUpgradeReady=true \nOR \nIf you are upgrading from a chart version (>= 11.x), just set databaseUpgradeReady=true \n" .Values.databaseUpgradeReady | quote }}
{{- end }}
spec:
serviceName: {{ template "artifactory.name" . }}
@ -37,6 +37,7 @@ spec:
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/database-secrets: {{ include (print $.Template.BasePath "/artifactory-database-secrets.yaml") . | sha256sum }}
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }}
checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }}
{{- if .Values.access.accessConfig }}
@ -58,19 +59,25 @@ spec:
{{- end }}
serviceAccountName: {{ template "artifactory.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory.imagePullSecrets" . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.gid }}
{{- end }}
initContainers:
{{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }}
{{ tpl (include "artifactory.customInitContainersBegin" .) . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.persistence.enabled }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
@ -82,6 +89,8 @@ spec:
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
@ -94,6 +103,8 @@ spec:
- name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
@ -115,21 +126,26 @@ spec:
{{- end }}
- name: 'copy-system-yaml'
image: '{{ .Values.initContainerImage }}'
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- '/bin/sh'
- '-c'
- >
sleep 30;
echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc;
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted;
{{- if .Values.systemYamlOverride.existingSecret }}
cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml;
{{- else }}
cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml;
{{- end }}
echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists";
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found;
{{- if .Values.access.accessConfig }}
echo "Copy access.config.latest.yml to {{ .Values.artifactory.persistence.mountPath }}/etc";
echo "Copy access.config.patch.yml to {{ .Values.artifactory.persistence.mountPath }}/etc/access";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access;
cp -fv /tmp/etc/access.config.import.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.import.yml;
cp -fv /tmp/etc/access.config.patch.yml {{ .Values.artifactory.persistence.mountPath }}/etc/access/access.config.patch.yml;
{{- end }}
{{- if .Values.access.resetAccessCAKeys }}
echo "Resetting Access CA Keys";
@ -142,41 +158,48 @@ spec:
cp -fv /tmp/etc/tls.crt {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.crt;
cp -fv /tmp/etc/tls.key {{ .Values.artifactory.persistence.mountPath }}/bootstrap/etc/access/keys/ca.private.key;
{{- end }}
{{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName }}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }}
echo "Copy joinKey to {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security;
echo -n ${ARTIFACTORY_JOIN_KEY} > {{ .Values.artifactory.persistence.mountPath }}/bootstrap/access/etc/security/join.key;
{{- end }}
{{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }}
{{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }}
echo "Copy masterKey to {{ .Values.artifactory.persistence.mountPath }}/etc/security";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/security;
echo -n ${ARTIFACTORY_MASTER_KEY} > {{ .Values.artifactory.persistence.mountPath }}/etc/security/master.key;
{{- end }}
env:
{{- if or .Values.artifactory.joinKey .Values.artifactory.joinKeySecretName}}
{{- if or .Values.artifactory.joinKey .Values.global.joinKey .Values.artifactory.joinKeySecretName .Values.global.joinKeySecretName }}
- name: ARTIFACTORY_JOIN_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.joinKeySecretName | default (include "artifactory.fullname" .) }}"
name: {{ include "artifactory.joinKeySecretName" . }}
key: join-key
{{- end }}
{{- if or .Values.artifactory.masterKey .Values.artifactory.masterKeySecretName }}
{{- if or .Values.artifactory.masterKey .Values.global.masterKey .Values.artifactory.masterKeySecretName .Values.global.masterKeySecretName }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory.fullname" .) }}"
name: {{ include "artifactory.masterKeySecretName" . }}
key: master-key
{{- end }}
volumeMounts:
- name: artifactory-volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }}
- name: systemyaml
{{- if .Values.systemYamlOverride.existingSecret }}
mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}"
subPath: {{ .Values.systemYamlOverride.dataKey }}
{{- else if .Values.artifactory.systemYaml }}
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
{{- end }}
{{- end }}
{{- if .Values.access.accessConfig }}
- name: access-config
mountPath: "/tmp/etc/access.config.import.yml"
subPath: access.config.import.yml
mountPath: "/tmp/etc/access.config.patch.yml"
subPath: access.config.patch.yml
{{- end }}
{{- if .Values.access.customCertificatesSecretName }}
- name: access-certs
@ -186,15 +209,17 @@ spec:
mountPath: "/tmp/etc/tls.key"
subPath: tls.key
{{- end }}
{{- if .Values.artifactory.customPersistentPodVolumeClaim }}
{{- if and .Values.artifactory.customPersistentPodVolumeClaim (not .Values.artifactory.customPersistentPodVolumeClaim.skipPrepareContainer) }}
- name: "prepare-custom-persistent-volume"
image: "{{ .Values.initContainerImage }}"
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}"
chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}"
chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
securityContext:
runAsUser: 0
volumeMounts:
@ -202,9 +227,11 @@ spec:
mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
{{- end }}
{{- if .Values.waitForDatabase }}
{{- if or .Values.postgresql.enabled }}
{{- if .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
@ -214,12 +241,12 @@ spec:
done;
{{- end }}
{{- end }}
{{- if .Values.artifactory.customInitContainers }}
{{ tpl .Values.artifactory.customInitContainers . | indent 6 }}
{{- if or .Values.artifactory.customInitContainers .Values.global.customInitContainers }}
{{ tpl (include "artifactory.customInitContainers" .) . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.migration.enabled }}
- name: 'migration-artifactory'
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
@ -238,8 +265,12 @@ spec:
cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml;
cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh;
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log;
bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.version }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1;
bash $scriptsPath/migrationStatus.sh {{ include "artifactory.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1;
env:
{{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }}
- name: SKIP_WAIT_FOR_EXTERNAL_DB
value: "true"
{{- end }}
{{- if or .Values.database.secrets.user .Values.database.user }}
- name: JF_SHARED_DATABASE_USERNAME
valueFrom:
@ -304,13 +335,13 @@ spec:
mountPath: "/artifactory_bootstrap/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.customVolumeMounts }}
{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }}
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }}
{{- end }}
{{- end }}
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
@ -342,6 +373,7 @@ spec:
{{ tpl .Values.artifactory.preStartCommand . }};
{{- end }}
exec /entrypoint-artifactory.sh
{{- with .Values.artifactory.postStartCommand }}
lifecycle:
postStart:
exec:
@ -349,11 +381,14 @@ spec:
- '/bin/bash'
- '-c'
- >
echo;
{{- with .Values.artifactory.postStartCommand }}
echo "Running custom postStartCommand command";
{{ tpl . $ }}
{{- end }}
{{- end }}
env:
{{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }}
- name: SKIP_WAIT_FOR_EXTERNAL_DB
value: "true"
{{- end }}
{{- if or .Values.database.secrets.user .Values.database.user }}
- name: JF_SHARED_DATABASE_USERNAME
valueFrom:
@ -398,12 +433,16 @@ spec:
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
name: http
- containerPort: {{ .Values.artifactory.internalArtifactoryPort }}
name: http-internal
{{- if .Values.artifactory.javaOpts.jmx.enabled }}
- containerPort: {{ .Values.artifactory.javaOpts.jmx.port }}
name: tcp-jmx
{{- end }}
{{- if .Values.artifactory.ssh.enabled }}
- containerPort: {{ .Values.artifactory.ssh.internalPort }}
name: tcp-ssh
{{- end }}
volumeMounts:
{{- if .Values.artifactory.userPluginSecrets }}
@ -442,8 +481,8 @@ spec:
- name: installer-info
mountPath: "/artifactory_bootstrap/info/installer-info.json"
subPath: installer-info.json
{{- if .Values.artifactory.customVolumeMounts }}
{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }}
{{- if or .Values.artifactory.customVolumeMounts .Values.global.customVolumeMounts }}
{{ tpl (include "artifactory.customVolumeMounts" .) . | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.artifactory.resources | indent 10 }}
@ -471,12 +510,10 @@ spec:
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
command:
- 'sh'
- '-c'
@ -493,7 +530,7 @@ spec:
{{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
command:
- 'sh'
- '-c'
@ -533,8 +570,8 @@ spec:
{{ toYaml .Values.filebeat.resources | indent 10 }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
{{- end }}
{{- if .Values.artifactory.customSidecarContainers }}
{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }}
{{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }}
{{ tpl (include "artifactory.customSidecarContainers" .) . | indent 6 }}
{{- end }}
{{- with .Values.artifactory.nodeSelector }}
nodeSelector:
@ -624,9 +661,11 @@ spec:
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }}
- name: systemyaml
secret:
secretName: {{ template "artifactory.fullname" . }}-systemyaml
secretName: {{ default (printf "%s-%s" (include "artifactory.fullname" .) "systemyaml") .Values.systemYamlOverride.existingSecret }}
{{- end }}
{{- if .Values.access.accessConfig }}
- name: access-config
secret:
@ -647,8 +686,8 @@ spec:
configMap:
name: {{ template "artifactory.name" . }}-filebeat-config
{{- end }}
{{- if .Values.artifactory.customVolumes }}
{{ tpl .Values.artifactory.customVolumes . | indent 6 }}
{{- if or .Values.artifactory.customVolumes .Values.global.customVolumes }}
{{ tpl (include "artifactory.customVolumes" .) . | indent 6 }}
{{- end }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume

2
charts/artifactory-jcr/charts/artifactory/templates/artifactory-system-yaml.yaml
View File

@ -1,3 +1,4 @@
{{- if not .Values.systemYamlOverride.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
@ -11,3 +12,4 @@ type: Opaque
stringData:
system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }}
{{- end }}

8
charts/artifactory-jcr/charts/artifactory/templates/ingress.yaml
View File

@ -3,7 +3,7 @@
{{- $servicePort := .Values.artifactory.externalPort -}}
{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}}
{{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}}
{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }}
{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
@ -56,7 +56,7 @@ spec:
{{- if .Values.artifactory.replicator.enabled }}
---
{{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}}
{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }}
{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
@ -100,4 +100,8 @@ spec:
{{ toYaml .Values.artifactory.replicator.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.customIngress }}
---
{{ .Values.customIngress | toYaml | trimSuffix "\n" }}
{{- end -}}
{{- end -}}

2
charts/artifactory-jcr/charts/artifactory/templates/nginx-certificate-secret.yaml
View File

@ -1,4 +1,4 @@
{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled }}
{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.https.enabled }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls

23
charts/artifactory-jcr/charts/artifactory/templates/nginx-deployment.yaml
View File

@ -39,10 +39,12 @@ spec:
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
{{- include "artifactory.imagePullSecrets" . | indent 6 }}
{{- end }}
{{- if .Values.nginx.priorityClassName }}
priorityClassName: {{ .Values.nginx.priorityClassName | quote }}
{{- end }}
initContainers:
- name: "setup"
image: "{{ .Values.initContainerImage }}"
@ -61,7 +63,7 @@ spec:
fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}'
image: {{ include "artifactory.getImageInfoByValue" (list . "nginx") }}
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- 'nginx'
@ -73,19 +75,24 @@ spec:
{{- if .Values.nginx.http }}
{{- if .Values.nginx.http.enabled }}
- containerPort: {{ .Values.nginx.http.internalPort }}
name: http
{{- end }}
{{- else }} # DEPRECATED
- containerPort: {{ .Values.nginx.internalPortHttp }}
name: http-internal
{{- end }}
{{- if .Values.nginx.https }}
{{- if .Values.nginx.https.enabled }}
- containerPort: {{ .Values.nginx.https.internalPort }}
name: https
{{- end }}
{{- else }} # DEPRECATED
- containerPort: {{ .Values.nginx.internalPortHttps }}
name: https-internal
{{- end }}
{{- if .Values.artifactory.ssh.enabled }}
- containerPort: {{ .Values.nginx.ssh.internalPort }}
name: tcp-ssh
{{- end }}
volumeMounts:
- name: nginx-conf
@ -95,8 +102,10 @@ spec:
mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/"
- name: nginx-volume
mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
{{- if .Values.nginx.https.enabled }}
- name: ssl-certificates
mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl"
{{- end }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- if .Values.nginx.readinessProbe.enabled }}
@ -133,12 +142,10 @@ spec:
failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.nginx.persistence.mountPath }}
{{- range .Values.nginx.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
command:
- tail
args:
@ -184,6 +191,7 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.nginx.https.enabled }}
- name: ssl-certificates
secret:
{{- if .Values.nginx.tlsSecretName }}
@ -191,4 +199,5 @@ spec:
{{- else }}
secretName: {{ template "artifactory.fullname" . }}-nginx-certificate
{{- end }}
{{- end }}
{{- end }}

6
charts/artifactory-jcr/charts/artifactory/templates/nginx-pvc.yaml
View File

@ -15,11 +15,11 @@ spec:
resources:
requests:
storage: {{ .Values.nginx.persistence.size | quote }}
{{- if .Values.nginx.persistence.storageClass }}
{{- if (eq "-" .Values.nginx.persistence.storageClass) }}
{{- if .Values.nginx.persistence.storageClassName }}
{{- if (eq "-" .Values.nginx.persistence.storageClassName) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nginx.persistence.storageClass }}"
storageClassName: "{{ .Values.nginx.persistence.storageClassName }}"
{{- end }}
{{- end }}
{{- end }}

2
charts/artifactory-jcr/charts/artifactory/templates/nginx-service.yaml
View File

@ -64,7 +64,7 @@ spec:
- port: {{ .Values.nginx.ssh.externalPort }}
targetPort: {{ .Values.nginx.ssh.internalPort }}
protocol: TCP
name: ssh
name: tcp-ssh
{{- end }}
selector:
app: {{ template "artifactory.name" . }}

138
charts/artifactory-jcr/charts/artifactory/values.yaml
View File

@ -4,8 +4,42 @@
# Beware when changing values here. You should know what you are doing!
# Access the values with {{ .Values.key.subkey }}
# Common
initContainerImage: docker.bintray.io/alpine:3.12
global:
# imageRegistry: docker.bintray.io
# imagePullSecrets:
# - myRegistryKeySecretName
## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag
## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion
## This applies also for nginx images (.Values.nginx.image.tag)
versions: {}
# artifactory:
# joinKey:
# masterKey:
# joinKeySecretName:
# masterKeySecretName:
# customInitContainersBegin: |
# customInitContainers: |
# customVolumes: |
# customVolumeMounts: |
# customSidecarContainers: |
initContainerImage: docker.bintray.io/alpine:3.12.1
# Init containers
initContainers:
resources: {}
# requests:
# memory: "64Mi"
# cpu: "10m"
# limits:
# memory: "128Mi"
# cpu: "250m"
installer:
type:
@ -14,7 +48,20 @@ installer:
installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features": [ { "featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"}]}'
# For supporting pulling from private registries
imagePullSecrets:
# imagePullSecrets:
# - myRegistryKeySecretName
## Artifactory systemYaml override
## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory
## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML
## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml
## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example.
## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml
systemYamlOverride:
## You can use a pre-existing secret by specifying existingSecret
existingSecret:
## The dataKey should be the name of the secret data key created.
dataKey:
## Role Based Access Control
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
@ -72,6 +119,9 @@ ingress:
# Additional ingress rules
additionalRules: []
## Allows to add custom ingress
customIngress: |
networkpolicy:
# Allows all ingress and egress
- name: artifactory
@ -95,7 +145,8 @@ networkpolicy:
logger:
image:
repository: docker.bintray.io/busybox
registry: docker.bintray.io
repository: busybox
tag: 1.31.1
# Artifactory
@ -103,8 +154,9 @@ artifactory:
name: artifactory
# Note that by default we use appVersion to get image tag/version
image:
repository: docker.bintray.io/jfrog/artifactory-pro
# version:
registry: docker.bintray.io
repository: jfrog/artifactory-pro
# tag:
pullPolicy: IfNotPresent
labels: {}
@ -128,6 +180,12 @@ artifactory:
maxThreads: 200
extraConfig: 'acceptCount="100"'
# Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above.
# To enable set `.Values.artifactory.openMetrics.enabled` to `true`
# Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics
openMetrics:
enabled: false
# Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup
copyOnEveryStartup:
# # Absolute path
@ -189,8 +247,8 @@ artifactory:
## Extra pre-start command in migration Init Container to install JDBC driver for MySql/MariaDb/Oracle
# preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib; cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib && wget -O /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar"
## Add custom init containers
customInitContainers: |
## Add custom init containers execution before predefined init containers
customInitContainersBegin: |
# - name: "custom-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
@ -202,6 +260,19 @@ artifactory:
# - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
# name: artifactory-volume
## Add custom init containers execution after predefined init containers
customInitContainers: |
# - name: "custom-systemyaml-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# command:
# - 'sh'
# - '-c'
# - 'wget -O {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml https://<repo-url>/systemyaml'
# volumeMounts:
# - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
# name: artifactory-volume
## Add custom sidecar containers
# - The provided example uses a custom volume (customVolumes)
# - The provided example shows running container as root (id 0)
@ -249,6 +320,7 @@ artifactory:
# subPath: prehook-start.sh
# Add custom persistent volume mounts - Available for the pod
# If skipPrepareContainer is set to true , this will skip the prepare-custom-persistent-volume init container
customPersistentPodVolumeClaim: {}
# name:
# mountPath:
@ -256,6 +328,7 @@ artifactory:
# - "-"
# size:
# storageClassName:
# skipPrepareContainer: false
# Add custom persistent volume mounts - Available to the entire namespace
customPersistentVolumeClaim: {}
@ -416,12 +489,19 @@ artifactory:
{{- end }}
{{- end }}
artifactory:
{{- if .Values.artifactory.openMetrics }}
metrics:
enabled: {{ .Values.artifactory.openMetrics.enabled }}
{{- end }}
database:
maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }}
tomcat:
connector:
maxThreads: {{ .Values.artifactory.tomcat.connector.maxThreads }}
extraConfig: {{ .Values.artifactory.tomcat.connector.extraConfig }}
frontend:
session:
timeMinutes: {{ .Values.frontend.session.timeoutMinutes | quote }}
access:
database:
maxOpenConnections: {{ .Values.access.database.maxOpenConnections }}
@ -474,8 +554,13 @@ artifactory:
externalArtifactoryPort: 8081
internalArtifactoryPort: 8081
uid: 1030
gid: 1030
terminationGracePeriodSeconds: 30
## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value.
## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false
setSecurityContext: true
## The following settings are to configure the frequency of the liveness and readiness probes
livenessProbe:
enabled: true
@ -644,6 +729,12 @@ artifactory:
{{- with .cloudFrontPrivateKey }}
<cloudFrontPrivateKey>{{ . }}</cloudFrontPrivateKey>
{{- end }}
{{- with .enableSignedUrlRedirect }}
<enableSignedUrlRedirect>{{ . }}</enableSignedUrlRedirect>
{{- end }}
{{- with .enablePathStyleAccess }}
<enablePathStyleAccess>{{ . }}</enablePathStyleAccess>
{{- end }}
</provider>
{{- end }}
</config>
@ -743,7 +834,7 @@ artifactory:
## For artifactory.persistence.type google-storage
googleStorage:
endpoint: storage.googleapis.com
endpoint: commondatastorage.googleapis.com
httpsOnly: false
# Set a unique bucket name
bucketName: "artifactory-gcp"
@ -771,6 +862,8 @@ artifactory:
cloudFrontDomainName:
cloudFrontKeyPairId:
cloudFrontPrivateKey:
enableSignedUrlRedirect: false
enablePathStyleAccess: false
## For artifactory.persistence.type aws-s3
## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html
@ -804,7 +897,7 @@ artifactory:
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
# storageClassName: "-"
## Annotations for the Persistent Volume Claim
annotations: {}
## Uncomment the following resources definitions or pass them from command line
@ -844,6 +937,12 @@ artifactory:
internalPort: 1339
externalPort: 1339
frontend:
## Session settings
session:
## Time in minutes after which the frontend token will need to be refreshed
timeoutMinutes: '30'
access:
## Enable TLS by changing the tls entry (under the security section) in the access.config.yaml file.
## ref: https://www.jfrog.com/confluence/display/JFROG/Managing+TLS+Certificates#ManagingTLSCertificates
@ -881,10 +980,14 @@ nginx:
gid: 107
# Note that by default we use appVersion to get image tag/version
image:
repository: docker.bintray.io/jfrog/nginx-artifactory-pro
# version:
registry: docker.bintray.io
repository: jfrog/nginx-artifactory-pro
# tag:
pullPolicy: IfNotPresent
# Priority Class name to be used in deployment if provided
priorityClassName:
# Sidecar containers for tailing Nginx logs
loggers: []
# - access.log
@ -1128,7 +1231,7 @@ nginx:
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
# storageClassName: "-"
resources: {}
# requests:
# memory: "250Mi"
@ -1153,7 +1256,7 @@ postgresql:
image:
registry: docker.bintray.io
repository: bitnami/postgresql
tag: 10.13.0-debian-10-r38
tag: 12.5.0-debian-10-r25
postgresqlUsername: artifactory
postgresqlPassword: ""
postgresqlDatabase: artifactory
@ -1212,7 +1315,7 @@ filebeat:
name: artifactory-filebeat
image:
repository: "docker.elastic.co/beats/filebeat"
version: 7.5.1
version: 7.9.2
logstashUrl: "logstash:5044"
livenessProbe:
@ -1266,3 +1369,8 @@ filebeat:
output:
logstash:
hosts: ["{{ .Values.filebeat.logstashUrl }}"]
## Allows to add additional kubernetes resources
## Use --- as a separator between multiple resources
## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml
additionalResources: |

6
charts/artifactory-jcr/ci/default-values.yaml
View File

@ -1 +1,7 @@
# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
artifactory:
databaseUpgradeReady: true
# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
postgresql:
postgresqlPassword: password

6
charts/artifactory-jcr/requirements.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: artifactory
repository: https://charts.jfrog.io/
version: 10.0.12
digest: sha256:a201c886d1f8e9e58f2b0e1b55d7a03fc225f3774233f1f786523963c57bab33
generated: "2020-07-29T16:48:47.031129463Z"
version: 11.7.4
digest: sha256:a4c52f49f154be6434a9a37474eee556de8d97a487be9dec923124a64651aac8
generated: "2021-01-04T14:56:17.66958+05:30"

2
charts/artifactory-jcr/requirements.yaml
View File

@ -1,4 +1,4 @@
dependencies:
- name: artifactory
version: 10.0.12
version: 11.7.4
repository: https://charts.jfrog.io/

7
charts/artifactory-jcr/values.yaml
View File

@ -13,10 +13,11 @@ artifactory:
## Artifactory
## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
artifactory:
## Default version is from the artifactory sub-chart in the requirements.yaml
## Default tag is from the artifactory sub-chart in the requirements.yaml
image:
repository: docker.bintray.io/jfrog/artifactory-jcr
# version:
registry: docker.bintray.io
repository: jfrog/artifactory-jcr
# tag:
## Uncomment the following resources definitions or pass them from command line
## to control the cpu and memory resources allocated by the Kubernetes cluster

32
index.yaml
View File

@ -68,6 +68,36 @@ entries:
- assets/artifactory-ha/artifactory-ha-3.0.1400.tgz
version: 3.0.1400
artifactory-jcr:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v1
appVersion: 7.12.5
created: "2021-02-26T18:58:09.545552572Z"
dependencies:
- name: artifactory
repository: https://charts.jfrog.io/
version: 11.7.4
description: JFrog Container Registry
digest: 148af8042991b7d031770887a8d64e034268c2e1e3eb03f55e13310a40cb2a60
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png
keywords:
- artifactory
- jfrog
- container
- registry
- devops
- jfrog-container-registry
maintainers:
- email: helm@jfrog.com
name: Chart Maintainers at JFrog
name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
urls:
- assets/artifactory-jcr/artifactory-jcr-3.4.000.tgz
version: 3.4.000
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: artifactory-jcr
@ -579,4 +609,4 @@ entries:
urls:
- assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200
generated: "2021-02-26T18:55:48.743664584Z"
generated: "2021-02-26T18:58:09.533084638Z"

4
sha256sum/artifactory-jcr/artifactory-jcr.sum
View File

@ -1,4 +1,4 @@
3af577609a7b5598cd24d1067b6476a887df39433c9a0e98113d2351071b6899 packages/artifactory-jcr/artifactory-jcr.patch
cd02f1da44193aec6236ac31ead3060fb87d26270cc7d4bffd8ef0742b478a1a packages/artifactory-jcr/artifactory-jcr.patch
18f1881126f41c8a08e5bef6acdbc5383edfeb5b53597944abe26d5d91569bd7 packages/artifactory-jcr/overlay/app-readme.md
e92d32409aad3408f146d5955945910e14bb2e70c55c874fb83a5e159b65ddea packages/artifactory-jcr/overlay/questions.yml
3b92cd36c60c0b8c979ad0b3eed9c15b0e876ab63e7f407457a32073e7057da8 packages/artifactory-jcr/package.yaml
442bea8f7c786bcbc21fd94c10955f022f2987895618ced5c50326abf364924e packages/artifactory-jcr/package.yaml