From 4bead0f3eb97851d2ea7b0fa464c17f5cf64b9bb Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Tue, 4 Oct 2022 19:52:43 +0530 Subject: [PATCH] [pipelines] 1.27.5 release --- stable/pipelines/CHANGELOG.md | 12 ++- stable/pipelines/Chart.yaml | 4 +- stable/pipelines/templates/_helpers.tpl | 48 +-------- .../templates/pipelines-statefulset.yaml | 41 +++++++ .../templates/pipelines-unified-secret.yaml | 26 +++++ stable/pipelines/values.yaml | 100 ++++++++++-------- 6 files changed, 139 insertions(+), 92 deletions(-) diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md index 84f9faf89..6d79a98af 100644 --- a/stable/pipelines/CHANGELOG.md +++ b/stable/pipelines/CHANGELOG.md @@ -1,14 +1,22 @@ # JFrog Pipelines Chart Changelog All changes to this chart to be documented in this file. -## [101.26.0] - Aug 2, 2022 +## [101.27.5] - Sep 28, 2022 +* Added `observability` service in pipelines +* Removed `newProbes.enabled`, default to new probes +* Fixed bug for `unifiedSecretInstallation` support in observability +* Fixed stringData secret keys value issue, moving data to stringData vault.sql and postgresql-connection keys + +## [101.26.0] - Aug 25, 2022 * Added flag `pipelines.schedulerName` to set for the pods the value of schedulerName field [GH-1606](https://github.com/jfrog/charts/issues/1606) * Added config to reset log level +* Change default go runtime images to 1.19 -## [101.25.0] - July 21, 2022 +## [101.25.0] - Aug 25, 2022 * Additional fix for default path for api external url * Fixed custom CA init container behavior * Updated rabbitmq version to `3.9.21-debian-11-r0` +* Added support to truncate (> 63 chars) for unifiedCustomSecretVolumeName ## [101.24.2] - June 22, 2022 * Only set k8sImagePullSecret key if one is configured in values.yaml diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml index 14b358d3d..22cb65244 100644 --- a/stable/pipelines/Chart.yaml +++ b/stable/pipelines/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.26.0 +appVersion: 1.27.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -32,4 +32,4 @@ name: pipelines sources: - https://github.com/jfrog/charts type: application -version: 101.26.0 +version: 101.27.5 diff --git a/stable/pipelines/templates/_helpers.tpl b/stable/pipelines/templates/_helpers.tpl index 49f87b693..bcd02941b 100644 --- a/stable/pipelines/templates/_helpers.tpl +++ b/stable/pipelines/templates/_helpers.tpl @@ -331,55 +331,11 @@ if [ -f /tmp/certs/tls.crt ]; then cp -v /tmp/certs/tls.crt {{ .Values.pipelines chown -R 1066:1066 {{ .Values.pipelines.mountPath }} {{- end -}} -{{/* -pipelines liveness probe -*/}} -{{- define "pipelines.livenessProbe" -}} -{{- if .Values.newProbes -}} -{{- printf "%s" "/v1/system/liveness" -}} -{{- else -}} -{{- printf "%s" "/" -}} -{{- end -}} -{{- end -}} - -{{/* -pipelines readiness probe -*/}} -{{- define "pipelines.readinessProbe" -}} -{{- if .Values.newProbes -}} -{{- printf "%s" "/v1/system/readiness" -}} -{{- else -}} -{{- printf "%s" "/" -}} -{{- end -}} -{{- end -}} - -{{/* -router liveness probe -*/}} -{{- define "pipelines.router.livenessProbe" -}} -{{- if .Values.newProbes -}} -{{- printf "%s" "/router/api/v1/system/liveness" -}} -{{- else -}} -{{- printf "%s" "/router/api/v1/system/health" -}} -{{- end -}} -{{- end -}} - -{{/* -router readiness probe -*/}} -{{- define "pipelines.router.readinessProbe" -}} -{{- if .Values.newProbes -}} -{{- printf "%s" "/router/api/v1/system/readiness" -}} -{{- else -}} -{{- printf "%s" "/router/api/v1/system/health" -}} -{{- end -}} -{{- end -}} - {{/* Resolve pipelines requiredServiceTypes value */}} {{- define "pipelines.router.requiredServiceTypes" -}} -{{- $requiredTypes := "jfpip" -}} +{{- $requiredTypes := "jfpip,jfob" -}} {{- $requiredTypes -}} {{- end -}} @@ -399,7 +355,7 @@ nodeSelector: Resolve unifiedCustomSecretVolumeName value */}} {{- define "pipelines.unifiedCustomSecretVolumeName" -}} -{{- printf "%s-%s" (include "pipelines.name" .) ("unified-secret-volume") -}} +{{- printf "%s-%s" (include "pipelines.name" .) ("unified-secret-volume") | trunc 63 -}} {{- end -}} {{/* diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml index e6f2fda41..7d1d0b0fe 100644 --- a/stable/pipelines/templates/pipelines-statefulset.yaml +++ b/stable/pipelines/templates/pipelines-statefulset.yaml @@ -454,6 +454,47 @@ spec: {{- if .Values.pipelines.router.readinessProbe.enabled }} readinessProbe: {{ tpl .Values.pipelines.router.readinessProbe.config . | indent 12 }} + {{- end }} + - name: observability + image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }} + imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }} + securityContext: + runAsNonRoot: false + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + env: + - name: JF_SHARED_SECURITY_MASTERKEY + valueFrom: + secretKeyRef: + {{- if not .Values.pipelines.unifiedSecretInstallation }} + name: "{{ include "pipelines.masterKeySecretName" . }}" + {{- else }} + name: "{{ template "pipelines.name" . }}-unified-secret" + {{- end }} + key: master-key + - name: JF_SHARED_SECURITY_JOINKEY + valueFrom: + secretKeyRef: + {{- if not .Values.pipelines.unifiedSecretInstallation }} + name: "{{ include "pipelines.joinKeySecretName" . }}" + {{- else }} + name: "{{ template "pipelines.name" . }}-unified-secret" + {{- end }} + key: join-key + resources: + {{ toYaml .Values.pipelines.observability.resources | indent 12 }} + {{- if .Values.pipelines.observability.startupProbe.enabled }} + volumeMounts: + - name: jfrog-pipelines-logs + mountPath: {{ .Values.pipelines.observability.logPath }} + startupProbe: +{{ tpl .Values.pipelines.observability.startupProbe.config . | indent 12 }} + {{- end }} + {{- if .Values.pipelines.observability.livenessProbe.enabled }} + livenessProbe: +{{ tpl .Values.pipelines.observability.livenessProbe.config . | indent 12 }} {{- end }} - name: api image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "api" ) }} diff --git a/stable/pipelines/templates/pipelines-unified-secret.yaml b/stable/pipelines/templates/pipelines-unified-secret.yaml index 00b8eb8c3..b688dce7a 100644 --- a/stable/pipelines/templates/pipelines-unified-secret.yaml +++ b/stable/pipelines/templates/pipelines-unified-secret.yaml @@ -23,6 +23,32 @@ stringData: {{- end }} {{- end }} + vault.sql: | + CREATE TABLE IF NOT EXISTS vault_kv_store ( + parent_path TEXT COLLATE "C" NOT NULL, + path TEXT COLLATE "C", + key TEXT COLLATE "C", + value BYTEA, + CONSTRAINT pkey PRIMARY KEY (path, key) + ); + + CREATE INDEX parent_path_idx ON vault_kv_store (parent_path); + + CREATE TABLE IF NOT EXISTS vault_ha_locks ( + ha_key TEXT COLLATE "C" NOT NULL, + ha_identity TEXT COLLATE "C" NOT NULL, + ha_value TEXT COLLATE "C", + valid_until TIMESTAMP WITH TIME ZONE NOT NULL, + CONSTRAINT ha_key PRIMARY KEY (ha_key) + ); + + postgresql-connection: | + {{- if .Values.postgresql.enabled }} + {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} + {{- else }} + {{ tpl .Values.global.postgresql.host . }} {{ .Values.global.postgresql.port }} + {{- end }} + data: {{- if or .Values.pipelines.masterKey .Values.global.masterKey }} {{- if not (or .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName) }} diff --git a/stable/pipelines/values.yaml b/stable/pipelines/values.yaml index f97d3c58e..d72736199 100644 --- a/stable/pipelines/values.yaml +++ b/stable/pipelines/values.yaml @@ -352,7 +352,7 @@ pipelines: command: - sh - -c - - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.pipelines.api.service.port }}{{ include "pipelines.livenessProbe" . }} + - curl --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.pipelines.api.service.port }}/v1/system/liveness initialDelaySeconds: {{ if semverCompare "