From aea733cc4fc86fc06b55ad64b42bf8103c359f22 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Tue, 12 Sep 2023 20:21:12 +0530 Subject: [PATCH 1/4] [artifactory] 7.68.7 release --- stable/artifactory-cpp-ce/CHANGELOG.md | 5 +- stable/artifactory-cpp-ce/Chart.yaml | 6 +- stable/artifactory-cpp-ce/values.yaml | 4 +- stable/artifactory-ha/CHANGELOG.md | 24 ++++- stable/artifactory-ha/Chart.yaml | 4 +- stable/artifactory-ha/ci/default-values.yaml | 6 +- stable/artifactory-ha/ci/global-values.yaml | 8 +- .../ci/migration-disabled-values.yaml | 6 +- .../ci/nginx-autoreload-values.yaml | 6 +- stable/artifactory-ha/ci/rtsplit-values.yaml | 6 +- stable/artifactory-ha/ci/test-values.yaml | 9 +- .../artifactory-node-statefulset.yaml | 66 ++++++++++++- .../artifactory-primary-statefulset.yaml | 48 +++++++++- .../templates/artifactory-service.yaml | 4 + stable/artifactory-ha/templates/ingress.yaml | 9 ++ stable/artifactory-ha/values.yaml | 96 ++++++++++++++++--- stable/artifactory-jcr/CHANGELOG.md | 5 +- stable/artifactory-jcr/Chart.yaml | 6 +- stable/artifactory-jcr/values.yaml | 4 +- stable/artifactory-oss/CHANGELOG.md | 5 +- stable/artifactory-oss/Chart.yaml | 6 +- stable/artifactory-oss/values.yaml | 4 +- stable/artifactory/CHANGELOG.md | 27 ++++-- stable/artifactory/Chart.yaml | 4 +- stable/artifactory/ci/global-values.yaml | 2 +- stable/artifactory/ci/test-values.yaml | 3 + .../templates/artifactory-service.yaml | 4 + .../templates/artifactory-statefulset.yaml | 48 +++++++++- stable/artifactory/templates/ingress.yaml | 9 ++ stable/artifactory/values.yaml | 85 +++++++++++++++- 30 files changed, 449 insertions(+), 70 deletions(-) diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md index ecfa7edd0..27989aea8 100644 --- a/stable/artifactory-cpp-ce/CHANGELOG.md +++ b/stable/artifactory-cpp-ce/CHANGELOG.md @@ -1,7 +1,10 @@ # JFrog Artifactory CE for C++ Chart Changelog All changes to this chart will be documented in this file -## [107.63.14] - Aug 25, 2022 +## [107.68.7] - Jul 20, 2023 +* Disabled federation services when splitServicesToContainers=true + +## [107.45.0] - Aug 25, 2022 * Included event service as mandatory and remove the flag from values.yaml ## [107.41.0] - Jul 22, 2022 diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml index d89a6803d..be2047ec1 100644 --- a/stable/artifactory-cpp-ce/Chart.yaml +++ b/stable/artifactory-cpp-ce/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 7.63.14 +appVersion: 7.68.7 dependencies: - name: artifactory repository: file://charts/artifactory - version: 107.63.14 + version: 107.68.7 description: JFrog Artifactory CE for C++ home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png @@ -21,4 +21,4 @@ name: artifactory-cpp-ce sources: - https://github.com/jfrog/charts type: application -version: 107.63.14 +version: 107.68.7 diff --git a/stable/artifactory-cpp-ce/values.yaml b/stable/artifactory-cpp-ce/values.yaml index a82348c21..749dd7d26 100644 --- a/stable/artifactory-cpp-ce/values.yaml +++ b/stable/artifactory-cpp-ce/values.yaml @@ -62,9 +62,11 @@ artifactory: # database: jfconnect: enabled: false + federation: + enabled: false ## Enable the PostgreSQL sub chart postgresql: enabled: true router: image: - tag: 7.71.0 + tag: 7.77.0 diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md index 23ee768d9..e246a354c 100644 --- a/stable/artifactory-ha/CHANGELOG.md +++ b/stable/artifactory-ha/CHANGELOG.md @@ -1,16 +1,32 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.63.14] - Aug 7, 2023 +## [107.68.7] - Aug 28, 2023 +* Enabled `unifiedSecretInstallation` as true by default +* Removed unused `artifactory.javaOpts` from values.yaml + +## [107.67.0] - Aug 28, 2023 +* Add 'extraJavaOpts' and 'port' values to federation service + +## [107.66.0] - Aug 28, 2023 +* Added federation service container in artifactory +* Add rtfs service to ingress in artifactory + +## [107.64.0] - Aug 28,2023 +* Added support to configure event.webhooks within generated system.yaml +* Fixed an issue to generate ssl certificate should support artifactory-ha fullname +* Added 'multiPartLimit' and 'multipartElementSize' parameters to awsS3V3 binary providers. +* Increased default Artifactory Tomcat acceptCount config to 400 +* Fixed Illegal Strict-Transport-Security header in nginx config + +## [107.63.0] - Aug 28, 2023 * Added support for Openshift by adding the securityContext in container level. * **IMPORTANT** * Disable securityContext in container and pod level to deploy postgres on openshift. * Fixed support for fsGroup in non openshift environment and runAsGroup in openshift environment. * Fixed - Helm Template Error when using artifactory.loggers [GH-1791](https://github.com/jfrog/charts/issues/1791) * Removed the nginx disable condition for openshift -* Added support to configure event.webhooks within generated system.yaml -* Fixed an issue to generate ssl certificate should support artifactory-ha fullname -* Added 'multiPartLimit' and 'multipartElementSize' parameters to awsS3V3 binary providers. +* Fixed jfconnect disabling as micro-service on splitcontainers [GH-1806](https://github.com/jfrog/charts/issues/1806) ## [107.62.0] - Jun 5, 2023 * Added support for 'port' and 'useHttp' parameters for s3-storage-v3 binary provider [GH-1767](https://github.com/jfrog/charts/issues/1767) diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml index 7291bedff..c57b3ddda 100644 --- a/stable/artifactory-ha/Chart.yaml +++ b/stable/artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.63.14 +appVersion: 7.68.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.63.14 +version: 107.68.7 diff --git a/stable/artifactory-ha/ci/default-values.yaml b/stable/artifactory-ha/ci/default-values.yaml index e8ea87fd9..020f52335 100644 --- a/stable/artifactory-ha/ci/default-values.yaml +++ b/stable/artifactory-ha/ci/default-values.yaml @@ -14,6 +14,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -22,9 +25,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release postgresql: postgresqlPassword: password diff --git a/stable/artifactory-ha/ci/global-values.yaml b/stable/artifactory-ha/ci/global-values.yaml index b3c4bdd00..b1ef370ec 100644 --- a/stable/artifactory-ha/ci/global-values.yaml +++ b/stable/artifactory-ha/ci/global-values.yaml @@ -10,6 +10,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -18,9 +21,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" customInitContainersBegin: | - name: "custom-init-begin-local" image: "{{ .Values.initContainerImage }}" @@ -231,7 +231,7 @@ nginx: proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header Strict-Transport-Security always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location /artifactory/ { if ( $request_uri ~ ^/artifactory/(.*)$ ) { diff --git a/stable/artifactory-ha/ci/migration-disabled-values.yaml b/stable/artifactory-ha/ci/migration-disabled-values.yaml index bc188e6b8..44895a373 100644 --- a/stable/artifactory-ha/ci/migration-disabled-values.yaml +++ b/stable/artifactory-ha/ci/migration-disabled-values.yaml @@ -18,6 +18,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -26,6 +29,3 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" diff --git a/stable/artifactory-ha/ci/nginx-autoreload-values.yaml b/stable/artifactory-ha/ci/nginx-autoreload-values.yaml index d47259498..a6f4e8001 100644 --- a/stable/artifactory-ha/ci/nginx-autoreload-values.yaml +++ b/stable/artifactory-ha/ci/nginx-autoreload-values.yaml @@ -14,6 +14,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -22,9 +25,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release postgresql: postgresqlPassword: password diff --git a/stable/artifactory-ha/ci/rtsplit-values.yaml b/stable/artifactory-ha/ci/rtsplit-values.yaml index a4e797188..2b88d70a8 100644 --- a/stable/artifactory-ha/ci/rtsplit-values.yaml +++ b/stable/artifactory-ha/ci/rtsplit-values.yaml @@ -30,6 +30,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -38,9 +41,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" # Add lifecycle hooks for artifactory container lifecycle: diff --git a/stable/artifactory-ha/ci/test-values.yaml b/stable/artifactory-ha/ci/test-values.yaml index d950c4321..7af7c2e0f 100644 --- a/stable/artifactory-ha/ci/test-values.yaml +++ b/stable/artifactory-ha/ci/test-values.yaml @@ -25,6 +25,9 @@ artifactory: limits: memory: "6Gi" cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" node: resources: requests: @@ -33,9 +36,6 @@ artifactory: limits: memory: "6Gi" cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" statefulset: annotations: artifactory: test @@ -59,6 +59,9 @@ ingress: nginx: enabled: false +jfconnect: + enabled: false + ## filebeat sidecar filebeat: enabled: true diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml index 391cba2dc..490fcbd7c 100644 --- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml @@ -740,6 +740,66 @@ spec: {{- if .Values.integration.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.integration.livenessProbe.config . | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.federation.enabled }} + - name: {{ .Values.federation.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + exec /opt/jfrog/artifactory/app/third-party/java/bin/java {{ .Values.federation.extraJavaOpts }} -jar /opt/jfrog/artifactory/app/rtfs/lib/jf-rtfs + {{- with .Values.federation.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SHARED_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }} + - name: JF_RTFS_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.database.secrets.password }} + name: {{ tpl .Values.database.secrets.password.name . }} + key: {{ tpl .Values.database.secrets.password.key . }} + {{- else if .Values.database.password }} + {{- if not .Values.artifactory.unifiedSecretInstallation }} + name: {{ template "artifactory-ha.fullname" . }}-database-creds + {{- else }} + name: "{{ template "artifactory-ha.name" . }}-unified-secret" + {{- end }} + key: db-password + {{- else if .Values.postgresql.enabled }} + name: {{ .Release.Name }}-postgresql + key: postgresql-password + {{- end }} + {{- end }} +{{- with .Values.federation.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + resources: +{{ toYaml .Values.federation.resources | indent 10 }} + {{- if .Values.federation.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.federation.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.federation.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.federation.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.observability.enabled }} @@ -842,12 +902,12 @@ spec: value: "true" - name: JF_REPLICATOR_SERVICE_ENABLED value: "false" + - name: JF_FEDERATION_ENABLED + value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_INTEGRATION_ENABLED value: "false" {{- end }} @@ -916,6 +976,8 @@ spec: name: http - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} name: http-internal + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs {{- if .Values.artifactory.node.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }} name: tcp-jmx diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml index e9908e276..998817eb4 100644 --- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml +++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml @@ -830,6 +830,48 @@ spec: {{- if .Values.integration.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.integration.livenessProbe.config . | indent 10 }} + {{- end }} + {{- end }} + {{- if .Values.federation.enabled }} + - name: {{ .Values.federation.name }} + image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }} + imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- end }} + command: + - '/bin/bash' + - '-c' + - > + exec /opt/jfrog/artifactory/app/third-party/java/bin/java {{ .Values.federation.extraJavaOpts }} -jar /opt/jfrog/artifactory/app/rtfs/lib/jf-rtfs + {{- with .Values.federation.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SHARED_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # TODO - Password,Url,Username - should be derived from env variable +{{- with .Values.federation.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs + volumeMounts: + - name: volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + resources: +{{ toYaml .Values.federation.resources | indent 10 }} + {{- if .Values.federation.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.federation.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.federation.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.federation.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.observability.enabled }} @@ -944,12 +986,12 @@ spec: value: "true" - name: JF_REPLICATOR_SERVICE_ENABLED value: "false" + - name: JF_FEDERATION_ENABLED + value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_INTEGRATION_ENABLED value: "false" {{- end }} @@ -1018,6 +1060,8 @@ spec: name: http - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} name: http-internal + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs {{- if .Values.artifactory.primary.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }} name: tcp-jmx diff --git a/stable/artifactory-ha/templates/artifactory-service.yaml b/stable/artifactory-ha/templates/artifactory-service.yaml index 5e294a8f3..4f956bd40 100644 --- a/stable/artifactory-ha/templates/artifactory-service.yaml +++ b/stable/artifactory-ha/templates/artifactory-service.yaml @@ -30,6 +30,10 @@ spec: targetPort: {{ .Values.artifactory.internalPort }} protocol: TCP name: http-router + - port: {{ .Values.federation.internalPort }} + targetPort: {{ .Values.federation.internalPort }} + protocol: TCP + name: http-rtfs {{- if .Values.artifactory.ssh.enabled }} - port: {{ .Values.artifactory.ssh.externalPort }} targetPort: {{ .Values.artifactory.ssh.internalPort }} diff --git a/stable/artifactory-ha/templates/ingress.yaml b/stable/artifactory-ha/templates/ingress.yaml index cc98dac1a..05b24830a 100644 --- a/stable/artifactory-ha/templates/ingress.yaml +++ b/stable/artifactory-ha/templates/ingress.yaml @@ -63,6 +63,15 @@ spec: name: {{ $serviceName }} port: number: {{ $artifactoryServicePort }} + {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} + - path: {{ $.Values.ingress.rtfsPath }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $serviceName }} + port: + number: {{ $.Values.federation.internalPort }} + {{- end }} {{- end }} {{- else }} {{- range $host := .Values.ingress.hosts }} diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml index 742f90ebe..2883fbd51 100644 --- a/stable/artifactory-ha/values.yaml +++ b/stable/artifactory-ha/values.yaml @@ -97,6 +97,7 @@ ingress: hosts: [] routerPath: / artifactoryPath: /artifactory/ + rtfsPath: /rtfs/ className: "" annotations: {} # kubernetes.io/ingress.class: nginx @@ -238,7 +239,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.71.0 + tag: 7.77.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -323,7 +324,7 @@ artifactory: ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. circleOfTrustCertificatesSecret: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory-ha secrets - unifiedSecretInstallation: false + unifiedSecretInstallation: true image: registry: releases-docker.jfrog.io repository: jfrog/artifactory-pro @@ -350,7 +351,7 @@ artifactory: connector: maxThreads: 200 sendReasonPhrase: false - extraConfig: 'acceptCount="100"' + extraConfig: 'acceptCount="400"' # certificates added to this secret will be copied to $JFROG_HOME/artifactory/var/etc/security/keys/trusted directory customCertificates: enabled: false @@ -773,12 +774,31 @@ artifactory: replicator: enabled: true {{- end }} - {{- if .Values.jfconnect.enabled }} + {{- if and .Values.jfconnect.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} jfconnect: enabled: true {{- else }} jfconnect: enabled: false + jfconnect_service: + enabled: false + {{- end }} + + {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} + federation: + enabled: true + extraJavaOpts: {{ .Values.federation.extraJavaOpts }} + port: {{ .Values.federation.internalPort }} + rtfs: + database: + driver: org.postgresql.Driver + type: postgresql + username: {{ .Values.federation.database.username }} + password: {{ .Values.federation.database.password }} + url: "jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }}" + {{- else }} + federation: + enabled: false {{- end }} {{- if .Values.event.webhooks }} event: @@ -991,11 +1011,6 @@ artifactory: pool: members ## If the type is NodePort you can set a fixed port # nodePort: 32082 - ## The following Java options are passed to the java process running Artifactory. - ## This will be passed to all cluster members. Primary and member nodes. - javaOpts: {} - # other: "" - statefulset: annotations: {} ## The following setting are to configure a dedicated Ingress object for Replicator service @@ -1466,6 +1481,66 @@ integration: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: 5 +federation: + name: federation + enabled: false + internalPort: 8085 + extraJavaOpts: "" + # This section should be removed once rtfs service is GA + database: + port: 5432 + host: postgresql + name: rtfs + username: rtfs + password: "" + ## Extra environment variables that can be used to tune federation to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: MY_ENV_VAR + # value: "" + resources: {} + # requests: + # memory: "100Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "1" + + # Add lifecycle hooks for federation container + lifecycle: {} + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] + # preStop: + # exec: + # command: ["/bin/sh","-c","echo Hello from the preStop handler"] + + ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true + livenessProbe: + enabled: true + config: | + exec: + command: + - sh + - -c + - curl -XPOST --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.federation.internalPort }}/rtfs/sync/ping + initialDelaySeconds: {{ if semverCompare " + exec /opt/jfrog/artifactory/app/third-party/java/bin/java {{ .Values.federation.extraJavaOpts }} -jar /opt/jfrog/artifactory/app/rtfs/lib/jf-rtfs + {{- with .Values.federation.lifecycle }} + lifecycle: +{{ toYaml . | indent 10 }} + {{- end }} + env: + - name: JF_SHARED_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # TODO - Password,Url,Username - should be derived from env variable +{{- with .Values.federation.extraEnvironmentVariables }} +{{ tpl (toYaml .) $ | indent 8 }} +{{- end }} + ports: + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs + volumeMounts: + - name: artifactory-volume + mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} + resources: +{{ toYaml .Values.federation.resources | indent 10 }} + {{- if .Values.federation.startupProbe.enabled }} + startupProbe: +{{ tpl .Values.federation.startupProbe.config . | indent 10 }} + {{- end }} + {{- if .Values.federation.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.federation.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} {{- if .Values.observability.enabled }} @@ -922,10 +964,10 @@ spec: value: "true" - name: JF_REPLICATOR_SERVICE_ENABLED value: "false" + - name: JF_FEDERATION_ENABLED + value: "false" - name : JF_OBSERVABILITY_ENABLED value: "false" - - name : JF_JFCONNECT_ENABLED - value: "true" - name : JF_JFCONNECT_SERVICE_ENABLED value: "false" - name : JF_INTEGRATION_ENABLED @@ -994,6 +1036,8 @@ spec: name: http - containerPort: {{ .Values.artifactory.internalArtifactoryPort }} name: http-internal + - containerPort: {{ .Values.federation.internalPort }} + name: http-rtfs {{- if .Values.artifactory.javaOpts.jmx.enabled }} - containerPort: {{ .Values.artifactory.javaOpts.jmx.port }} name: tcp-jmx diff --git a/stable/artifactory/templates/ingress.yaml b/stable/artifactory/templates/ingress.yaml index a19c05047..eecddfd99 100644 --- a/stable/artifactory/templates/ingress.yaml +++ b/stable/artifactory/templates/ingress.yaml @@ -63,6 +63,15 @@ spec: name: {{ $serviceName }} port: number: {{ $artifactoryServicePort }} + {{- if and $.Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" $.Values.artifactory.image.repository)) }} + - path: {{ $.Values.ingress.rtfsPath }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $serviceName }} + port: + number: {{ $.Values.federation.internalPort }} + {{- end }} {{- end }} {{- else }} {{- range $host := .Values.ingress.hosts }} diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml index 476fa99ad..03fcb8f6e 100644 --- a/stable/artifactory/values.yaml +++ b/stable/artifactory/values.yaml @@ -108,6 +108,7 @@ ingress: hosts: [] routerPath: / artifactoryPath: /artifactory/ + rtfsPath: /rtfs/ className: "" annotations: {} # kubernetes.io/ingress.class: nginx @@ -186,7 +187,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.71.0 + tag: 7.77.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -269,7 +270,7 @@ artifactory: ## root certificates added will be copied to $JFROG_HOME/artifactory/var/etc/access/keys/trusted folder. circleOfTrustCertificatesSecret: # unifiedSecretInstallation flag enables single unified secret holding all the artifactory secrets - unifiedSecretInstallation: false + unifiedSecretInstallation: true # For HA installation, set this value > 1. This is only supported in Artifactory 7.25.x (appVersions) and above. replicaCount: 1 # minAvailable: 1 @@ -319,7 +320,7 @@ artifactory: connector: maxThreads: 200 sendReasonPhrase: false - extraConfig: 'acceptCount="100"' + extraConfig: 'acceptCount="400"' # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. # To enable set `.Values.artifactory.openMetrics.enabled` to `true` # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics @@ -733,6 +734,22 @@ artifactory: jfconnect_service: enabled: false {{- end }} + {{- if and .Values.federation.enabled (not (regexMatch "^.*(oss|cpp-ce|jcr).*$" .Values.artifactory.image.repository)) }} + federation: + enabled: true + extraJavaOpts: {{ .Values.federation.extraJavaOpts }} + port: {{ .Values.federation.internalPort }} + rtfs: + database: + driver: org.postgresql.Driver + type: postgresql + username: {{ .Values.federation.database.username }} + password: {{ .Values.federation.database.password }} + url: jdbc:postgresql://{{ .Values.federation.database.host }}:{{ .Values.federation.database.port }}/{{ .Values.federation.database.name }} + {{- else }} + federation: + enabled: false + {{- end }} {{- if .Values.event.webhooks }} event: webhooks: {{ toYaml .Values.event.webhooks | nindent 6 }} @@ -1326,6 +1343,66 @@ integration: failureThreshold: 90 periodSeconds: 5 timeoutSeconds: {{ .Values.probes.timeoutSeconds }} +federation: + name: federation + enabled: false + internalPort: 8085 + extraJavaOpts: "" + # This section should be removed once rtfs service is GA + database: + port: 5432 + host: postgresql + name: rtfs + username: rtfs + password: "" + ## Extra environment variables that can be used to tune federation to your needs. + ## Uncomment and set value as needed + extraEnvironmentVariables: + # - name: MY_ENV_VAR + # value: "" + resources: {} + # requests: + # memory: "100Mi" + # cpu: "100m" + # limits: + # memory: "1Gi" + # cpu: "1" + + # Add lifecycle hooks for federation container + lifecycle: {} + # postStart: + # exec: + # command: ["/bin/sh", "-c", "echo Hello from the postStart handler"] + # preStop: + # exec: + # command: ["/bin/sh","-c","echo Hello from the preStop handler"] + + ## The following settings are to configure the frequency of the liveness and startup probes when splitServicesToContainers set to true + livenessProbe: + enabled: true + config: | + exec: + command: + - sh + - -c + - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.federation.internalPort }}/rtfs/sync/ping + initialDelaySeconds: {{ if semverCompare " Date: Tue, 12 Sep 2023 20:22:13 +0530 Subject: [PATCH 2/4] [distribution] 2.20.1 release --- stable/distribution/CHANGELOG.md | 14 ++++++++ stable/distribution/Chart.yaml | 4 +-- .../distribution-servicemonitor.yaml | 33 +++++++++++++++++++ .../templates/distribution-statefulset.yaml | 3 ++ stable/distribution/values.yaml | 28 ++++++++++++---- 5 files changed, 73 insertions(+), 9 deletions(-) create mode 100644 stable/distribution/templates/distribution-servicemonitor.yaml diff --git a/stable/distribution/CHANGELOG.md b/stable/distribution/CHANGELOG.md index 7d7326dc7..2460ab722 100644 --- a/stable/distribution/CHANGELOG.md +++ b/stable/distribution/CHANGELOG.md @@ -1,6 +1,20 @@ # JFrog Distribution Chart Changelog All changes to this project chart be documented in this file. +## [102.20.1] - Aug 29, 2023 +* Updated redis version tag to `7.2.0-debian-11-r2` +* Enabled `unifiedSecretInstallation` by default + +## [102.19.1] - Aug 04, 2023 +* Changed selectors in ServiceMonitor object to empty values + +## [102.19.0] - Jun 12, 2023 +* Updated postgresql multi-arch tag version to `13.10.0-debian-11-r14` +* Updated redis multi-arch tag version to `7.0.11-debian-11-r19` + +## [102.18.0] - Mar 02, 2023 +* Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1793` + ## [102.17.0] - Jan 30, 2023 * Updated jfrogUrl text path to copy * Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1760` diff --git a/stable/distribution/Chart.yaml b/stable/distribution/Chart.yaml index 6d875d9b4..52f9ebb24 100644 --- a/stable/distribution/Chart.yaml +++ b/stable/distribution/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.17.0 +appVersion: 2.20.1 dependencies: - condition: postgresql.enabled name: postgresql @@ -19,4 +19,4 @@ name: distribution sources: - https://github.com/jfrog/charts type: application -version: 102.17.0 +version: 102.20.1 diff --git a/stable/distribution/templates/distribution-servicemonitor.yaml b/stable/distribution/templates/distribution-servicemonitor.yaml new file mode 100644 index 000000000..b8efc7be3 --- /dev/null +++ b/stable/distribution/templates/distribution-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Values.serviceMonitor.name }} + namespace: {{ .Values.serviceMonitor.kubePromFullName }} + labels: + app: {{ .Values.serviceMonitor.kubePromApp }} + release: {{ .Values.serviceMonitor.kubePromFullName }} + app.kubernetes.io/name: {{ include "distribution.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Chart.AppVersion }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- end }} +spec: + jobLabel: {{ .Values.serviceMonitor.jobLabel }} + selector: {{ toYaml .Values.serviceMonitor.selector | nindent 4 }} + namespaceSelector: {{ toYaml .Values.serviceMonitor.namespaceSelector | nindent 4 }} + endpoints: + - path: /api/v1/metrics + bearerTokenSecret: + key: token + name: {{ .Values.serviceMonitor.tokenName }} + honorLabels: true + honorTimestamps: false + interval: {{ .Values.serviceMonitor.interval }} + scheme: http + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + port: {{ .Values.serviceMonitor.port }} + tlsConfig: + insecureSkipVerify: true +{{- end }} diff --git a/stable/distribution/templates/distribution-statefulset.yaml b/stable/distribution/templates/distribution-statefulset.yaml index 045c0265b..68021fe0c 100644 --- a/stable/distribution/templates/distribution-statefulset.yaml +++ b/stable/distribution/templates/distribution-statefulset.yaml @@ -39,6 +39,9 @@ spec: release: {{ .Release.Name }} role: {{ template "distribution.name" . }} component: {{ .Values.distribution.name }} + {{- with .Values.distribution.labels }} +{{ toYaml . | indent 8 }} + {{- end }} annotations: {{- if not .Values.distribution.unifiedSecretInstallation }} checksum/database-secrets: {{ include (print $.Template.BasePath "/database-secrets.yaml") . | sha256sum }} diff --git a/stable/distribution/values.yaml b/stable/distribution/values.yaml index 6d8e2e805..1445b9fa9 100644 --- a/stable/distribution/values.yaml +++ b/stable/distribution/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override distribution.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1760 +initContainerImage: releases-docker.jfrog.io/ubi9/ubi-minimal:9.1.0.1793 # Init containers initContainers: resources: @@ -138,7 +138,7 @@ postgresql: image: registry: releases-docker.jfrog.io repository: bitnami/postgresql - tag: 13.9.0-debian-11-r11 + tag: 13.10.0-debian-11-r14 postgresqlUsername: distribution postgresqlPassword: "" postgresqlDatabase: distribution @@ -195,7 +195,7 @@ redis: image: registry: releases-docker.jfrog.io repository: bitnami/redis - tag: 7.0.6-debian-11-r0 + tag: 7.2.0-debian-11-r2 pullPolicy: IfNotPresent port: 6379 password: "" @@ -332,7 +332,7 @@ logger: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.1.0.1760 + tag: 9.1.0.1793 distribution: name: distribution ## Note that by default we use appVersion to get image tag/version @@ -342,7 +342,7 @@ distribution: # tag: imagePullPolicy: IfNotPresent # unifiedSecretInstallation flag enables single unified secret holding all the distribution secrets - unifiedSecretInstallation: false + unifiedSecretInstallation: true ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ schedulerName: # Create a priority class for the Distribution pod or use an existing one @@ -553,7 +553,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.56.0 + tag: 7.73.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled @@ -634,7 +634,7 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.12.0 + tag: 1.13.6 imagePullPolicy: IfNotPresent internalPort: 8036 resources: {} @@ -763,3 +763,17 @@ hostAliases: [] ## Specify common probes parameters probes: timeoutSeconds: 5 +## @param serviceMonitor Declaratively specifies how groups of Kubernetes services should be monitored. +## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md +serviceMonitor: + enabled: false + name: distribution-metrics-service + interval: 30s + jobLabel: distribution-metrics + port: http-distro + scrapeTimeout: 15s + tokenName: "" + kubePromApp: "" + kubePromFullName: "" + namespaceSelector: {} + selector: {} From 575c7bdfd83a7a21d9d6166bc88d72c62b10e372 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Tue, 12 Sep 2023 20:22:53 +0530 Subject: [PATCH 3/4] [xray] 3.82.6 release --- stable/xray/CHANGELOG.md | 2 +- stable/xray/Chart.yaml | 4 ++-- stable/xray/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index f08eb3df1..c4d5d0fd5 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.80.9] - Jul 16, 2023 +## [103.82.6] - Jul 16, 2023 * Added `podSecurityContext.enabled` and `containerSecurityContext.enabled` to support openshift ## [103.79.0] - Jul 3, 2023 diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index d6cbdc3bc..0a4de9960 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.80.9 +appVersion: 3.82.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -24,4 +24,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.80.9 +version: 103.82.6 diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index 368bd9436..ad89a65b8 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -1111,7 +1111,7 @@ router: image: registry: releases-docker.jfrog.io repository: jfrog/router - tag: 7.74.0 + tag: 7.78.0 imagePullPolicy: IfNotPresent serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled. From fb3c13854541b850b05011107a19903f17ea86f5 Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Tue, 12 Sep 2023 20:23:15 +0530 Subject: [PATCH 4/4] [jfrog-platform] 10.15.0 release --- stable/jfrog-platform/CHANGELOG.md | 11 ++++++ stable/jfrog-platform/Chart.lock | 10 +++--- stable/jfrog-platform/Chart.yaml | 10 +++--- stable/jfrog-platform/templates/_helpers.tpl | 35 ++++++++++++++++--- .../templates/migration-hook.yaml | 22 ++++++++++-- stable/jfrog-platform/values.yaml | 22 +++++++++--- 6 files changed, 89 insertions(+), 21 deletions(-) diff --git a/stable/jfrog-platform/CHANGELOG.md b/stable/jfrog-platform/CHANGELOG.md index 6091aad7c..eea0a0e8a 100644 --- a/stable/jfrog-platform/CHANGELOG.md +++ b/stable/jfrog-platform/CHANGELOG.md @@ -1,6 +1,17 @@ # JFrog Platform Chart Changelog (GA releases only) All changes to this chart will be documented in this file. +## [10.15.0] - Sep 12, 2023 +**IMPORTANT** +* Enabled `unifiedSecretInstallation` to true by default,which enables single unified secret holding all of each product secrets +* Update dependency artifactory chart version to 107.68.7 +* Update dependency xray chart version to 103.82.6 +* Update dependency distribution chart version to 102.20.1 +* Fixed - Support to configure privateRegistry for xray pre-upgrade-hook +* Fixed rabbitmq feature flag conditions for pre-upgrade hook command execution +* Updated redis version to `7.2.0-debian-11-r2` +* Update global.versions.router version to `7.78.0` + ## [10.14.8] - Aug 29, 2023 * Update dependency artifactory chart version to 107.63.14 * Update dependency insight chart version to 101.15.3 diff --git a/stable/jfrog-platform/Chart.lock b/stable/jfrog-platform/Chart.lock index 74cf654f8..fc099e988 100644 --- a/stable/jfrog-platform/Chart.lock +++ b/stable/jfrog-platform/Chart.lock @@ -10,13 +10,13 @@ dependencies: version: 12.10.1 - name: artifactory repository: https://charts.jfrog.io/ - version: 107.63.14 + version: 107.68.7 - name: xray repository: https://charts.jfrog.io/ - version: 103.80.9 + version: 103.82.6 - name: distribution repository: https://charts.jfrog.io/ - version: 102.19.1 + version: 102.20.1 - name: insight repository: https://charts.jfrog.io/ version: 101.15.3 @@ -26,5 +26,5 @@ dependencies: - name: pipelines repository: https://charts.jfrog.io/ version: 101.43.2 -digest: sha256:634e4b12012125224d36353c170c561dbf2dd1d41180a5a3d45f65d7078e1666 -generated: "2023-08-29T16:23:26.687789+05:30" +digest: sha256:990eca96be356f9f6c9831e38d84114481395cbb3de6ccfe2bf2e3e9dcb3096a +generated: "2023-09-12T06:35:05.322817+05:30" diff --git a/stable/jfrog-platform/Chart.yaml b/stable/jfrog-platform/Chart.yaml index 3031b5f83..34dac43ac 100644 --- a/stable/jfrog-platform/Chart.yaml +++ b/stable/jfrog-platform/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.63.14 +appVersion: 7.68.7 dependencies: - condition: postgresql.enabled name: postgresql @@ -16,15 +16,15 @@ dependencies: - condition: artifactory.enabled name: artifactory repository: https://charts.jfrog.io/ - version: 107.63.14 + version: 107.68.7 - condition: xray.enabled name: xray repository: https://charts.jfrog.io/ - version: 103.80.9 + version: 103.82.6 - condition: distribution.enabled name: distribution repository: https://charts.jfrog.io/ - version: 102.19.1 + version: 102.20.1 - condition: insight.enabled name: insight repository: https://charts.jfrog.io/ @@ -59,4 +59,4 @@ name: jfrog-platform sources: - https://github.com/jfrog/charts type: application -version: 10.14.8 +version: 10.15.0 diff --git a/stable/jfrog-platform/templates/_helpers.tpl b/stable/jfrog-platform/templates/_helpers.tpl index fb6b19d48..a84d63c84 100644 --- a/stable/jfrog-platform/templates/_helpers.tpl +++ b/stable/jfrog-platform/templates/_helpers.tpl @@ -62,6 +62,35 @@ Create the name of the service account to use {{- end }} {{- end }} +{{/* +Return the registry of a service +*/}} +{{- define "jfrog-platform.getRegistryByService" -}} +{{- $dot := index . 0 }} +{{- $service := index . 1 }} +{{- if $dot.Values.global.imageRegistry }} + {{- $dot.Values.global.imageRegistry }} +{{- else -}} + {{- if (eq $service "migrationHook") -}} + {{- index $dot.Values.rabbitmq.migration.image.registry -}} + {{- else -}} + {{- index $dot.Values $service "image" "registry" -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Resolve imagePullSecrets value +*/}} +{{- define "jfrog-platform.imagePullSecrets" -}} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + {{/* Custom init container for Postgres setup */}} @@ -143,8 +172,7 @@ Custom init container for Postgres setup name: {{ tpl .Values.database.secrets.user.name . }} key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} - {{- $chartFullName := printf "%s.fullname" .Chart.Name }} - name: {{ include $chartFullName . }}-database-creds + name: {{ .Chart.Name }}-unified-secret key: db-user {{- end }} - name: DB_PASSWORD @@ -154,8 +182,7 @@ Custom init container for Postgres setup name: {{ tpl .Values.database.secrets.password.name . }} key: {{ tpl .Values.database.secrets.password.key . }} {{- else if .Values.database.password }} - {{- $chartFullName := printf "%s.fullname" .Chart.Name }} - name: {{ include $chartFullName . }}-database-creds + name: {{ .Chart.Name }}-unified-secret key: db-password {{- end }} - name: PGPASSWORD diff --git a/stable/jfrog-platform/templates/migration-hook.yaml b/stable/jfrog-platform/templates/migration-hook.yaml index f14c8ecb6..3a52f1ab6 100644 --- a/stable/jfrog-platform/templates/migration-hook.yaml +++ b/stable/jfrog-platform/templates/migration-hook.yaml @@ -85,14 +85,32 @@ spec: {{- if .Values.rabbitmq.podSecurityContext.enabled }} securityContext: {{- omit .Values.rabbitmq.podSecurityContext "enabled" | toYaml | nindent 4 }} {{- end }} + {{- if .Values.global.imagePullSecrets }} + {{- include "jfrog-platform.imagePullSecrets" . | indent 2 }} + {{- end }} containers: - name: pre-upgrade-container - image: releases-docker.jfrog.io/bitnami/kubectl:1.24.12 + image: "{{ include "jfrog-platform.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}" imagePullPolicy: IfNotPresent {{- if .Values.rabbitmq.containerSecurityContext.enabled }} securityContext: {{- tpl (omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} {{- end }} - command: ['sh', '-c', 'kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all ; if [ "$?" -ne 0 ]; then echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] "; exit 1; fi' ] + command: + - sh + - -c + - | + #!/bin/sh + if [ "$(kubectl get pods -l "app.kubernetes.io/name={{ template "rabbitmq.name" . }}" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; then + kubectl exec -it {{ .Release.Name }}-{{ template "rabbitmq.name" . }}-0 -- rabbitmqctl enable_feature_flag all + if [ "$?" -ne 0 ]; then + echo "Failed to perform the migration. Please make sure to enable the feature flag in rabbitmq manually [rabbitmqctl enable_feature_flag all] " + exit 1 + else + echo Feature flags executed successfully! + fi + else + echo "Rabbitmq pod is not in running state. Ignoring feature flag migration for rabbitmq" + fi restartPolicy: Never terminationGracePeriodSeconds: 0 {{- end }} diff --git a/stable/jfrog-platform/values.yaml b/stable/jfrog-platform/values.yaml index a22334b43..a08d44a24 100644 --- a/stable/jfrog-platform/values.yaml +++ b/stable/jfrog-platform/values.yaml @@ -23,7 +23,7 @@ global: ## For example : For artifactory, using global.versions.artifactory ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion versions: - router: 7.76.0 + router: 7.78.0 # artifactory: # xray: # distribution: @@ -178,6 +178,10 @@ rabbitmq: migration: ## Migration is required to be performed only once hence this option can be disabled once the feature flags are enabled in rabbitmq. enabled: true + image: + registry: releases-docker.jfrog.io + repository: bitnami/kubectl + tag: 1.24.12 ## Service account for the pre-upgrade hook to perform rabbitmq migration serviceAccount: create: true @@ -212,14 +216,15 @@ redis: enabled: true image: repository: bitnami/redis - tag: 7.0.9-debian-11-r6 + tag: 7.2.0-debian-11-r2 cluster: enabled: false usePassword: false artifactory: - installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.14.8-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' enabled: true + unifiedUpgradeAllowed: true + installerInfo: '{"productId": "Helm_JFrogPlatform/{{ printf "10.15.0-%s" .Chart.AppVersion }}", "features": [ { "featureId": "Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"}]}' postgresql: enabled: false waitForDatabase: false @@ -233,6 +238,7 @@ artifactory: mc: enabled: true artifactory: + unifiedSecretInstallation: true # Note: For HA deployments, set replicaCount >1 (recommended 3) replicaCount: 1 migration: @@ -246,6 +252,8 @@ artifactory: xray: enabled: true unifiedUpgradeAllowed: true + xray: + unifiedSecretInstallation: true postgresql: enabled: false database: @@ -271,18 +279,21 @@ xray: distribution: enabled: true unifiedUpgradeAllowed: true + distribution: + unifiedSecretInstallation: true postgresql: enabled: false - image: - tag: 7.0.9-debian-11-r6 database: url: '{{ include "database.url" . }}' user: distribution password: distribution + insight: enabled: true unifiedUpgradeAllowed: true + insightServer: + unifiedSecretInstallation: true postgresql: enabled: false database: @@ -308,6 +319,7 @@ pipelines: user: "apiuser" password: "pipeline" pipelines: + unifiedSecretInstallation: true msg: uiUserPassword: password redis: