zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 16:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

Openshift4 operator for Artifactory HA v7.0.2

Browse Source
This commit is contained in:
John Peterson
2020-02-11 10:33:42 -08:00
parent 0e662f38ca
commit 17250d1413
160 changed files with 19388 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
Openshift4/artifactoryha-helm/templates/NOTES.txt Executable file
View File

@@ -0,0 +1,113 @@
Congratulations. You have just deployed JFrog Artifactory HA!
{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }}
***************************************** WARNING ******************************************
* Your Artifactory master key is still set to the provided example: *
* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF *
* *
* You should change this to your own generated key: *
* $ export MASTER_KEY=$(openssl rand -hex 32) *
* $ echo ${MASTER_KEY} *
* *
* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' *
* *
* Alternatively, you can use a pre-existing secret with a key called master-key with *
* '--set artifactory.masterKeySecretName=${SECRET_NAME}' *
********************************************************************************************
{{- end }}
{{ if eq .Values.artifactory.joinKey "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" }}
***************************************** WARNING ******************************************
* Your Artifactory join key is still set to the provided example: *
* artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE *
* *
* You should change this to your own generated key: *
* $ export JOIN_KEY=$(openssl rand -hex 16) *
* $ echo ${JOIN_KEY} *
* *
* Pass the created master key to helm with '--set artifactory.joinKey=${JOIN_KEY}' *
* *
********************************************************************************************
{{- end }}
{{- if .Values.postgresql.enabled }}
DATABASE:
To extract the database password, run the following
export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode)
echo ${DB_PASSWORD}
{{- end }}
SETUP:
1. Get the Artifactory IP and URL
{{- if contains "NodePort" .Values.nginx.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
NOTE: It may take a few minutes for the LoadBalancer public IP to be available!
You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.nginx.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80
echo http://127.0.0.1:8080
{{- end }}
2. Open Artifactory in your browser
Default credential for Artifactory:
user: admin
password: password
{{- if .Values.artifactory.license.secret }}
3. Manage Artifactory license through the {{ .Values.artifactory.license.secret }} secret ONLY!
Since the artifactory license(s) is managed with a secret ({{ .Values.artifactory.license.secret }}), any change through the Artifactory UI might not be saved!
{{- else }}
3. Add HA licenses to activate Artifactory HA through the Artifactory UI
NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details.
{{- end }}
{{ if or .Values.artifactory.primary.javaOpts.jmx.enabled .Values.artifactory.node.javaOpts.jmx.enabled }}
JMX configuration:
{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }}
If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!!
{{ end }}
1. Get the Artifactory service IP:
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
export PRIMARY_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.primary.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
{{- end }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
export MEMBER_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
{{- end }}
2. Map the service name to the service IP in /etc/hosts:
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
sudo sh -c "echo \"${PRIMARY_SERVICE_IP} {{ template "artifactory-ha.primary.name" . }}\" >> /etc/hosts"
{{- end }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts"
{{- end }}
3. Launch jconsole:
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }}
{{- end }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }}
{{- end }}
{{- end }}

103
Openshift4/artifactoryha-helm/templates/_helpers.tpl Executable file
View File

@@ -0,0 +1,103 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "artifactory-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The primary node name
*/}}
{{- define "artifactory-ha.primary.name" -}}
{{- if .Values.nameOverride -}}
{{- printf "%s-primary" .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
The member node name
*/}}
{{- define "artifactory-ha.node.name" -}}
{{- if .Values.nameOverride -}}
{{- printf "%s-member" .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name nginx service.
*/}}
{{- define "artifactory-ha.nginx.name" -}}
{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.nginx.fullname" -}}
{{- if .Values.nginx.fullnameOverride -}}
{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nginx.name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "artifactory-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "artifactory-ha.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Generate SSL certificates
*/}}
{{- define "artifactory-ha.gen-certs" -}}
{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}}
{{- $ca := genCA "artifactory-ca" 365 -}}
{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end -}}

15
Openshift4/artifactoryha-helm/templates/access-bootstrap-creds.yaml Executable file
View File

@@ -0,0 +1,15 @@
{{- if not (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) }}
{{- if .Values.artifactory.accessAdmin.password }}
kind: Secret
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
bootstrap.creds: {{ (printf "access-admin@%s=%s" .Values.artifactory.accessAdmin.ip .Values.artifactory.accessAdmin.password) | b64enc }}
{{- end }}
{{- end }}

14
Openshift4/artifactoryha-helm/templates/artifactory-binarystore-secret.yaml Executable file
View File

@@ -0,0 +1,14 @@
{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
kind: Secret
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-binarystore
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
stringData:
binarystore.xml: |-
{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }}
{{- end }}

13
Openshift4/artifactoryha-helm/templates/artifactory-configmaps.yaml Executable file
View File

@@ -0,0 +1,13 @@
{{ if .Values.artifactory.configMaps }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-configmaps
labels:
app: {{ template "artifactory-ha.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
{{ tpl .Values.artifactory.configMaps . | indent 2 }}
{{ end -}}

25
Openshift4/artifactoryha-helm/templates/artifactory-installer-info.yaml Executable file
View File

@@ -0,0 +1,25 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-installer-info
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
installer-info.json: |
{
"productId": "Helm_artifactory-ha/{{ .Chart.Version }}",
"features": [
{
"featureId": "ArtifactoryVersion/{{ default .Chart.AppVersion .Values.artifactory.image.version }}"
},
{
"featureId": "{{ if .Values.postgresql.enabled }}postgresql{{ else }}{{ default "derby" .Values.database.type }}{{ end }}/0.0.0"
},
{
"featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"
}
]
}

14
Openshift4/artifactoryha-helm/templates/artifactory-license-secret.yaml Executable file
View File

@@ -0,0 +1,14 @@
{{- with .Values.artifactory.license.licenseKey }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" $ }}-license
labels:
app: {{ template "artifactory-ha.name" $ }}
chart: {{ template "artifactory-ha.chart" $ }}
heritage: {{ $.Release.Service }}
release: {{ $.Release.Name }}
type: Opaque
data:
artifactory.lic: {{ . | b64enc | quote }}
{{- end }}

34
Openshift4/artifactoryha-helm/templates/artifactory-networkpolicy.yaml Executable file
View File

@@ -0,0 +1,34 @@
{{- range .Values.networkpolicy }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy
labels:
app: {{ template "artifactory-ha.name" $ }}
chart: {{ template "artifactory-ha.chart" $ }}
release: {{ $.Release.Name }}
heritage: {{ $.Release.Service }}
spec:
{{- if .podSelector }}
podSelector:
{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}}
{{ else }}
podSelector: {}
{{- end }}
policyTypes:
{{- if .ingress }}
- Ingress
{{- end }}
{{- if .egress }}
- Egress
{{- end }}
{{- if .ingress }}
ingress:
{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}}
{{- end }}
{{- if .egress }}
egress:
{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}}
{{- end }}
---
{{- end -}}

101
Openshift4/artifactoryha-helm/templates/artifactory-nfs-pvc.yaml Executable file
View File

@@ -0,0 +1,101 @@
{{- if eq .Values.artifactory.persistence.type "nfs" }}
### Artifactory HA data
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-data-pv
type: nfs-volume
spec:
{{- if .Values.artifactory.persistence.nfs.mountOptions }}
mountOptions:
{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }}
{{- end }}
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-data-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
---
### Artifactory HA backup
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-backup-pv
type: nfs-volume
spec:
{{- if .Values.artifactory.persistence.nfs.mountOptions }}
mountOptions:
{{ toYaml .Values.artifactory.persistence.nfs.mountOptions | indent 4 }}
{{- end }}
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-backup-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}

19
Openshift4/artifactoryha-helm/templates/artifactory-node-pdb.yaml Executable file
View File

@@ -0,0 +1,19 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "artifactory-ha.fullname" . }}-node
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
release: {{ .Release.Name }}
minAvailable: {{ .Values.artifactory.node.minAvailable }}

510
Openshift4/artifactoryha-helm/templates/artifactory-node-statefulset.yaml Executable file
View File

@@ -0,0 +1,510 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.node.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
force-update: "{{ randAlpha 63 | lower }}"
{{- if .Values.artifactory.node.labels }}
{{ toYaml .Values.artifactory.node.labels | indent 4 }}
{{- end }}
spec:
serviceName: {{ template "artifactory-ha.node.name" . }}
replicas: {{ .Values.artifactory.node.replicaCount }}
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
role: {{ template "artifactory-ha.node.name" . }}
heritage: {{ .Release.Service }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }}
checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.artifactory.priorityClass.existingPriorityClass }}
priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }}
{{- else -}}
{{- if .Values.artifactory.priorityClass.create }}
priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.customInitContainersBegin }}
{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.persistence.enabled }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }};
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
{{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: 'copy-system-yaml'
image: '{{ .Values.initContainerImage }}'
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.node.waitForPrimaryStartup.enabled }}
echo "Sleeping to allow time for primary node to come up";
sleep {{ .Values.artifactory.node.waitForPrimaryStartup.seconds }};
{{- end }}
echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc;
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted;
cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml;
echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists";
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found;
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
- name: systemyaml
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
{{- if .Values.artifactory.customPersistentPodVolumeClaim }}
- name: "prepare-custom-persistent-volume"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
securityContext:
runAsUser: 0
volumeMounts:
- name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}
mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
{{- end }}
{{- if .Values.waitForDatabase }}
{{- if or .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
sleep 2;
done;
{{- end }}
{{- end }}
{{- if .Values.artifactory.customInitContainers }}
{{ tpl .Values.artifactory.customInitContainers . | indent 6 }}
{{- end }}
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.userPluginSecrets }}
echo "Copying plugins";
cp -Lrf /tmp/plugin/*/* /tmp/plugins;
{{- end }}
{{- if .Values.artifactory.preStartCommand }}
echo "Running custom preStartCommand command";
{{ tpl .Values.artifactory.preStartCommand . }};
{{- end }}
/entrypoint-artifactory.sh
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
echo;
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.database.secrets.user }}
- name: JF_SHARED_DATABSE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
{{- end }}
{{- if .Values.database.secrets.password }}
- name: JF_SHARED_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- end }}
{{- if .Values.database.secrets.url }}
- name: JF_SHARED_DATABSE_URL
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.url.name }}
key: {{ .Values.database.secrets.url.key }}
{{- end }}
- name: JF_SHARED_NODE_PRIMARY
value: "false"
- name: JF_SHARED_NODE_HAENABLED
value: "true"
- name: JF_SHARED_DATABSE_USERNAME
value: "artifactory"
- name: JF_SHARED_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgresql-password
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
- containerPort: {{ .Values.artifactory.internalArtifactoryPort }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
- containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }}
{{- end }}
volumeMounts:
{{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }}
{{- end }}
{{- if .Values.artifactory.customPersistentPodVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}
mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
{{- end }}
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
mountPath: "/tmp/plugins/"
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
mountPath: "/tmp/plugin/{{ tpl . $ }}"
{{- end }}
{{- end }}
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}"
{{- end }}
- name: artifactory-ha-backup
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
{{- if .Values.artifactory.binarystore.enabled }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- end }}
- name: installer-info
mountPath: "/artifactory_extra_conf/info/installer-info.json"
subPath: installer-info.json
{{- if .Values.artifactory.customVolumeMounts }}
{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.artifactory.node.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.artifactory.readinessProbe.path }}
port: {{ .Values.artifactory.internalPort }}
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.artifactory.livenessProbe.path }}
port: {{ .Values.artifactory.internalPort }}
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- tail
args:
- '-F'
- '{{ $mountPath }}/logs/{{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
{{- end }}
{{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- 'sh'
- '-c'
- 'sh /scripts/tail-log.sh {{ $mountPath }}/logs/catalina {{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
- name: catalina-logger
mountPath: /scripts/tail-log.sh
subPath: tail-log.sh
{{- end }}
{{- end }}
{{- if .Values.filebeat.enabled }}
- name: {{ .Values.filebeat.name }}
image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}"
imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }}
args:
- "-e"
- "-E"
- "http.enabled=true"
securityContext:
runAsUser: 0
volumeMounts:
- name: filebeat-config
mountPath: /usr/share/filebeat/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
livenessProbe:
{{ toYaml .Values.filebeat.livenessProbe | indent 10 }}
readinessProbe:
{{ toYaml .Values.filebeat.readinessProbe | indent 10 }}
resources:
{{ toYaml .Values.filebeat.resources | indent 10 }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
{{- end }}
{{- if .Values.artifactory.customSidecarContainers }}
{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }}
{{- end }}
{{- with .Values.artifactory.node.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.artifactory.node.affinity }}
{{- with .Values.artifactory.node.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
{{- end }}
{{- with .Values.artifactory.node.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
{{- if .Values.artifactory.binarystore.enabled }}
- name: binarystore-xml
secret:
{{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }}
secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-binarystore
{{- end }}
{{- end }}
- name: installer-info
configMap:
name: {{ template "artifactory-ha.fullname" . }}-installer-info
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
emptyDir: {}
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
secret:
secretName: {{ tpl . $ }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.catalinaLoggers }}
- name: catalina-logger
configMap:
name: {{ template "artifactory-ha.fullname" . }}-catalina-logger
{{- end }}
{{- if .Values.artifactory.configMaps }}
- name: artifactory-configmaps
configMap:
name: {{ template "artifactory-ha.fullname" . }}-configmaps
{{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }}
{{- end }}
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
- name: systemyaml
secret:
secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml
{{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
persistentVolumeClaim:
claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
{{- end }}
{{- if .Values.filebeat.enabled }}
- name: filebeat-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-filebeat-config
{{- end }}
{{- if .Values.artifactory.customVolumes }}
{{ tpl .Values.artifactory.customVolumes . | indent 6 }}
{{- end }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- end }}
volumeClaimTemplates:
{{- if .Values.artifactory.persistence.enabled }}
- metadata:
name: volume
{{- if not .Values.artifactory.node.persistence.existingClaim }}
spec:
{{- if .Values.artifactory.persistence.storageClassName }}
{{- if (eq "-" .Values.artifactory.persistence.storageClassName) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.customPersistentPodVolumeClaim }}
- metadata:
name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}
spec:
{{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}
{{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}"
{{- end }}
{{- end }}
accessModes:
{{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }}
{{- end }}

593
Openshift4/artifactoryha-helm/templates/artifactory-primary-statefulset.yaml Executable file
View File

@@ -0,0 +1,593 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
force-update: "{{ randAlpha 63 | lower }}"
{{- if .Release.IsUpgrade }}
unifiedUpgradeAllowed: {{ required "\n\n**************************************\nSTOP! UPGRADE from Artifactory 6.x currently not supported!\nIf this is an upgrade over an existing Artifactory 7.x, explicitly pass 'unifiedUpgradeAllowed=true' to upgrade.\n**************************************\n" .Values.unifiedUpgradeAllowed | quote }}
{{- end }}
{{- if and .Release.IsUpgrade .Values.postgresql.enabled }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE FAILED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) and prepare PostgreSQL DB migration before upgrading.\nOnce ready, explicitly pass 'databaseUpgradeReady=yes' to upgrade and complete migration after server starts!\n" .Values.databaseUpgradeReady | quote }}
{{- end }}
{{- if .Values.artifactory.primary.labels }}
{{ toYaml .Values.artifactory.primary.labels | indent 4 }}
{{- end }}
spec:
serviceName: {{ template "artifactory-ha.primary.name" . }}
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
role: {{ template "artifactory-ha.primary.name" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }}
checksum/systemyaml: {{ include (print $.Template.BasePath "/artifactory-system-yaml.yaml") . | sha256sum }}
{{- if not (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) }}
checksum/access-creds: {{ include (print $.Template.BasePath "/access-bootstrap-creds.yaml") . | sha256sum }}
{{- end }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.artifactory.priorityClass.existingPriorityClass }}
priorityClassName: {{ .Values.artifactory.priorityClass.existingPriorityClass }}
{{- else -}}
{{- if .Values.artifactory.priorityClass.create }}
priorityClassName: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.customInitContainersBegin }}
{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }}
{{- end }}
{{- if .Values.artifactory.persistence.enabled }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }};
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
{{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found;
rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found;
rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found;
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}"
{{- end }}
- name: artifactory-ha-backup
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if or (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) .Values.artifactory.accessAdmin.password }}
- name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
echo "Preparing custom Access bootstrap.creds";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc;
cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/access/etc/bootstrap.creds;
chmod 600 {{ .Values.artifactory.persistence.mountPath }}/access/etc/bootstrap.creds;
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
- name: access-bootstrap-creds
mountPath: "/tmp/access/bootstrap.creds"
{{- if and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey }}
subPath: {{ .Values.artifactory.accessAdmin.dataKey }}
{{- else }}
subPath: bootstrap.creds
{{- end }}
{{- end }}
{{- end }}
- name: 'copy-system-yaml'
image: '{{ .Values.initContainerImage }}'
command:
- '/bin/sh'
- '-c'
- >
echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc;
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted;
cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml;
echo "Remove {{ .Values.artifactory.persistence.mountPath }}/lost+found folder if exists";
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found;
volumeMounts:
- name: volume
mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
- name: systemyaml
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
{{- if .Values.artifactory.customPersistentPodVolumeClaim }}
- name: "prepare-custom-persistent-volume"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
securityContext:
runAsUser: 0
volumeMounts:
- name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}
mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
{{- end }}
{{- if .Values.waitForDatabase }}
{{- if or .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
sleep 2;
done;
{{- end }}
{{- end }}
{{- if .Values.artifactory.customInitContainers }}
{{ tpl .Values.artifactory.customInitContainers . | indent 6 }}
{{- end }}
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
command:
- '/bin/sh'
- '-c'
- >
set -e;
{{- if .Values.artifactory.configMapName }}
echo "Copying bootstrap configs";
cp -Lrf /bootstrap/* /artifactory_extra_conf/;
{{- end }}
{{- if .Values.artifactory.userPluginSecrets }}
echo "Copying plugins";
cp -Lrf /tmp/plugin/*/* /tmp/plugins;
{{- end }}
{{- range .Values.artifactory.copyOnEveryStartup }}
{{- $targetPath := printf "%s/%s" $.Values.artifactory.persistence.mountPath .target }}
{{- $baseDirectory := regexFind ".*/" $targetPath }}
mkdir -p {{ $baseDirectory }};
cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }};
{{- end }}
{{- if .Values.artifactory.preStartCommand }}
echo "Running custom preStartCommand command";
{{ tpl .Values.artifactory.preStartCommand . }};
{{- end }}
/entrypoint-artifactory.sh
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
echo;
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.database.secrets.user }}
- name: JF_SHARED_DATABSE_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
{{- end }}
{{- if .Values.database.secrets.password }}
- name: JF_SHARED_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- end }}
{{- if .Values.database.secrets.url }}
- name: JF_SHARED_DATABSE_URL
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.url.name }}
key: {{ .Values.database.secrets.url.key }}
{{- end }}
- name: JF_SHARED_NODE_PRIMARY
value: "true"
- name: JF_SHARED_NODE_HAENABLED
value: "true"
- name: JF_SHARED_DATABSE_USERNAME
value: "artifactory"
- name: JF_SHARED_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgresql-password
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
- containerPort: {{ .Values.artifactory.internalArtifactoryPort }}
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
- containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }}
{{- end }}
volumeMounts:
{{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
mountPath: {{ .Values.artifactory.customPersistentVolumeClaim.mountPath }}
{{- end }}
{{- if .Values.artifactory.customPersistentPodVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}
mountPath: {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }}
{{- end }}
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
mountPath: "/tmp/plugins/"
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
mountPath: "/tmp/plugin/{{ tpl . $ }}"
{{- end }}
{{- end }}
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}"
{{- end }}
- name: artifactory-ha-backup
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
{{- if .Values.artifactory.binarystore.enabled }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
- name: artifactory-license
mountPath: "/artifactory_extra_conf/artifactory.cluster.license"
{{- if .Values.artifactory.license.secret }}
subPath: {{ .Values.artifactory.license.dataKey }}
{{- else if .Values.artifactory.license.licenseKey }}
subPath: artifactory.lic
{{- end }}
{{- end }}
- name: installer-info
mountPath: "/artifactory_extra_conf/info/installer-info.json"
subPath: installer-info.json
{{- if .Values.artifactory.customVolumeMounts }}
{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.artifactory.primary.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.artifactory.readinessProbe.path }}
port: {{ .Values.artifactory.internalPort }}
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.artifactory.livenessProbe.path }}
port: {{ .Values.artifactory.internalPort }}
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- tail
args:
- '-F'
- '{{ $mountPath }}/logs/{{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
{{- end }}
{{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- 'sh'
- '-c'
- 'sh /scripts/tail-log.sh {{ $mountPath }}/logs/catalina {{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
- name: catalina-logger
mountPath: /scripts/tail-log.sh
subPath: tail-log.sh
{{- end }}
{{- end }}
{{- if .Values.filebeat.enabled }}
- name: {{ .Values.filebeat.name }}
image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}"
imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }}
args:
- "-e"
- "-E"
- "http.enabled=true"
securityContext:
runAsUser: 0
volumeMounts:
- name: filebeat-config
mountPath: /usr/share/filebeat/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
livenessProbe:
{{ toYaml .Values.filebeat.livenessProbe | indent 10 }}
readinessProbe:
{{ toYaml .Values.filebeat.readinessProbe | indent 10 }}
resources:
{{ toYaml .Values.filebeat.resources | indent 10 }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
{{- end }}
{{- if .Values.artifactory.customSidecarContainers }}
{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }}
{{- end }}
{{- with .Values.artifactory.primary.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.artifactory.primary.affinity }}
{{- with .Values.artifactory.primary.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
{{- with .Values.artifactory.primary.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
{{- if .Values.artifactory.binarystore.enabled }}
- name: binarystore-xml
secret:
{{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }}
secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-binarystore
{{- end }}
{{- end }}
- name: installer-info
configMap:
name: {{ template "artifactory-ha.fullname" . }}-installer-info
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
emptyDir: {}
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
secret:
secretName: {{ tpl . $ }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
configMap:
name: {{ .Values.artifactory.configMapName }}
{{- end}}
{{- if .Values.artifactory.catalinaLoggers }}
- name: catalina-logger
configMap:
name: {{ template "artifactory-ha.fullname" . }}-catalina-logger
{{- end }}
{{- if .Values.artifactory.configMaps }}
- name: artifactory-configmaps
configMap:
name: {{ template "artifactory-ha.fullname" . }}-configmaps
{{- end }}
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
- name: artifactory-license
secret:
{{- if .Values.artifactory.license.secret }}
secretName: {{ .Values.artifactory.license.secret }}
{{- else if .Values.artifactory.license.licenseKey }}
secretName: {{ template "artifactory-ha.fullname" . }}-license
{{- end }}
{{- end }}
{{- if or (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) .Values.artifactory.accessAdmin.password }}
- name: access-bootstrap-creds
secret:
{{- if and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey }}
secretName: {{ .Values.artifactory.accessAdmin.secret }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }}
{{- end }}
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
- name: systemyaml
secret:
secretName: {{ template "artifactory-ha.primary.name" . }}-system-yaml
{{- if .Values.artifactory.customPersistentVolumeClaim }}
- name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
persistentVolumeClaim:
claimName: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
{{- end }}
{{- if .Values.filebeat.enabled }}
- name: filebeat-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-filebeat-config
{{- end }}
{{- if .Values.artifactory.customVolumes }}
{{ tpl .Values.artifactory.customVolumes . | indent 6 }}
{{- end }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- end }}
volumeClaimTemplates:
{{- if .Values.artifactory.persistence.enabled }}
- metadata:
name: volume
{{- if not .Values.artifactory.primary.persistence.existingClaim }}
spec:
{{- if .Values.artifactory.persistence.storageClassName }}
{{- if (eq "-" .Values.artifactory.persistence.storageClassName) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClassName }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.customPersistentPodVolumeClaim }}
- metadata:
name: {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}
spec:
{{- if .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}
{{- if (eq "-" .Values.artifactory.customPersistentPodVolumeClaim.storageClassName) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.customPersistentPodVolumeClaim.storageClassName }}"
{{- end }}
{{- end }}
accessModes:
{{- range .Values.artifactory.customPersistentPodVolumeClaim.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }}
{{- end }}

9
Openshift4/artifactoryha-helm/templates/artifactory-priority-class.yaml Executable file
View File

@@ -0,0 +1,9 @@
{{- if .Values.artifactory.priorityClass.create }}
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: {{ default (include "artifactory-ha.fullname" .) .Values.artifactory.priorityClass.name }}
value: {{ .Values.artifactory.priorityClass.value }}
globalDefault: false
description: "Artifactory priority class"
{{- end }}

14
Openshift4/artifactoryha-helm/templates/artifactory-role.yaml Executable file
View File

@@ -0,0 +1,14 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
rules:
{{ toYaml .Values.rbac.role.rules }}
{{- end }}

19
Openshift4/artifactoryha-helm/templates/artifactory-rolebinding.yaml Executable file
View File

@@ -0,0 +1,19 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "artifactory-ha.serviceAccountName" . }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: {{ template "artifactory-ha.fullname" . }}
{{- end }}

17
Openshift4/artifactoryha-helm/templates/artifactory-secrets.yaml Executable file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: Opaque
data:
{{- if not .Values.artifactory.masterKeySecretName }}
master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
{{- end }}
{{- if .Values.database.password }}
db-password: {{ .Values.database.password | b64enc | quote }}
{{- end }}

88
Openshift4/artifactoryha-helm/templates/artifactory-service.yaml Executable file
View File

@@ -0,0 +1,88 @@
# Service for all Artifactory cluster nodes.
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- if .Values.artifactory.service.annotations }}
annotations:
{{ toYaml .Values.artifactory.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.artifactory.service.type }}
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }}
{{- end }}
{{- if .Values.artifactory.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.artifactory.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: {{ .Release.Name }}-router
- port: {{ .Values.artifactory.externalArtifactoryPort }}
targetPort: {{ .Values.artifactory.internalArtifactoryPort }}
protocol: TCP
name: {{ .Release.Name }}-artifactory
{{- with .Values.artifactory.node.javaOpts.jmx }}
{{- if .enabled }}
- port: {{ .port }}
targetPort: {{ .port }}
protocol: TCP
name: jmx
{{- end }}
{{- end }}
selector:
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
---
# Internal service for Artifactory primary node only!
# Used by member nodes to check readiness of primary node before starting up
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }}
{{- end }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: {{ .Release.Name }}-router
- port: {{ .Values.artifactory.externalArtifactoryPort }}
targetPort: {{ .Values.artifactory.internalArtifactoryPort }}
protocol: TCP
name: {{ .Release.Name }}-artifactory
{{- with .Values.artifactory.primary.javaOpts.jmx }}
{{- if .enabled }}
- port: {{ .port }}
targetPort: {{ .port }}
protocol: TCP
name: jmx
{{- end }}
{{- end }}
selector:
role: {{ template "artifactory-ha.primary.name" . }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}

16
Openshift4/artifactoryha-helm/templates/artifactory-serviceaccount.yaml Executable file
View File

@@ -0,0 +1,16 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- if .Values.serviceAccount.annotations }}
annotations:
{{ tpl (toYaml .) $ | indent 4 }}
{{- end}}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.serviceAccountName" . }}
{{- end }}

27
Openshift4/artifactoryha-helm/templates/artifactory-storage-pvc.yaml Executable file
View File

@@ -0,0 +1,27 @@
{{ if .Values.artifactory.customPersistentVolumeClaim }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.artifactory.customPersistentVolumeClaim.name }}
labels:
app: {{ template "artifactory-ha.name" . }}
version: "{{ .Values.artifactory.version }}"
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
accessModes:
{{- range .Values.artifactory.customPersistentVolumeClaim.accessModes }}
- {{ . | quote }}
{{- end }}
{{- if .Values.artifactory.customPersistentVolumeClaim.storageClassName }}
{{- if (eq "-" .Values.artifactory.customPersistentVolumeClaim.storageClassName) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.customPersistentVolumeClaim.storageClassName }}"
{{- end }}
{{- end }}
resources:
requests:
storage: {{ .Values.artifactory.customPersistentVolumeClaim.size | quote }}
{{ end -}}

14
Openshift4/artifactoryha-helm/templates/artifactory-system-yaml.yaml Executable file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.primary.name" . }}-system-yaml
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: Opaque
stringData:
system.yaml: |
{{ tpl .Values.artifactory.systemYaml . | indent 4 }}

53
Openshift4/artifactoryha-helm/templates/catalina-logger-configmap.yaml Executable file
View File

@@ -0,0 +1,53 @@
{{- if .Values.artifactory.catalinaLoggers }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-catalina-logger
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
tail-log.sh: |
#!/bin/sh
LOG_DIR=$1
LOG_NAME=$2
PID=
# Wait for log dir to appear
while [ ! -d ${LOG_DIR} ]; do
sleep 1
done
sleep 5
cd ${LOG_DIR}
LOG_PREFIX=$(echo ${LOG_NAME} | awk -F\. '{print $1}')
# Find the log to tail
LOG_FILE=$(ls -1t ./${LOG_PREFIX}.*.log | head -1)
# echo "Tailing ${LOG_FILE}"
tail -F ${LOG_FILE} &
PID=$!
# Loop forever to see if a new log was created
while true; do
# Find the latest log
NEW_LOG_FILE=$(ls -1t ./${LOG_PREFIX}.*.log | head -1)
# If a new log file is found, kill old tail and switch to tailing it
if [ "${LOG_FILE}" != "${NEW_LOG_FILE}" ]; then
kill -9 ${PID}
wait $! 2>/dev/null
LOG_FILE=${NEW_LOG_FILE}
# echo "Tailing ${LOG_FILE}"
tail -F ${LOG_FILE} &
PID=$!
fi
sleep 2
done
{{- end }}

15
Openshift4/artifactoryha-helm/templates/filebeat-configmap.yaml Executable file
View File

@@ -0,0 +1,15 @@
{{- if .Values.filebeat.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.name" . }}-filebeat-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
data:
filebeat.yml: |
{{ tpl .Values.filebeat.filebeatYml . | indent 4 }}
{{- end -}}

56
Openshift4/artifactoryha-helm/templates/ingress.yaml Executable file
View File

@@ -0,0 +1,56 @@
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
{{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}}
{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.ingress.labels }}
{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}}
{{- end}}
{{- if .Values.ingress.annotations }}
annotations:
force-update: "{{ randAlpha 63 | lower }}"
{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if .Values.ingress.defaultBackend.enabled }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
rules:
{{- if .Values.ingress.hosts }}
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: {{ $.Values.ingress.routerPath }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
- path: {{ $.Values.ingress.artifactoryPath }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $artifactoryServicePort }}
{{- end -}}
{{- end -}}
{{- with .Values.ingress.additionalRules }}
{{ tpl . $ | indent 2 }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}

14
Openshift4/artifactoryha-helm/templates/nginx-artifactory-conf.yaml Executable file
View File

@@ -0,0 +1,14 @@
{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
artifactory.conf: |
{{ tpl .Values.nginx.artifactoryConf . | indent 4 }}
{{- end }}

14
Openshift4/artifactoryha-helm/templates/nginx-certificate-secret.yaml Executable file
View File

@@ -0,0 +1,14 @@
{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }}
{{- end }}

14
Openshift4/artifactoryha-helm/templates/nginx-conf.yaml Executable file
View File

@@ -0,0 +1,14 @@
{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-nginx-conf
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
nginx.conf: |
{{ tpl .Values.nginx.mainConf . | indent 4 }}
{{- end }}

185
Openshift4/artifactoryha-helm/templates/nginx-deployment.yaml Executable file
View File

@@ -0,0 +1,185 @@
{{- if .Values.nginx.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
{{- if .Values.nginx.labels }}
{{ toYaml .Values.nginx.labels | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.nginx.replicaCount }}
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
template:
metadata:
annotations:
checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }}
checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.nginx.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
- name: "setup"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- '/bin/sh'
- '-c'
- >
rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found;
mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs;
volumeMounts:
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
name: nginx-volume
securityContext:
runAsUser: {{ .Values.nginx.uid }}
fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}'
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- 'nginx'
- '-g'
- 'daemon off;'
ports:
# DEPRECATION NOTE: The following is to maintain support for values pre 1.3.1 and
# will be cleaned up in a later version
{{- if .Values.nginx.http }}
{{- if .Values.nginx.http.enabled }}
- containerPort: {{ .Values.nginx.http.internalPort }}
{{- end }}
{{- else }} # DEPRECATED
- containerPort: {{ .Values.nginx.internalPortHttp }}
{{- end }}
{{- if .Values.nginx.https }}
{{- if .Values.nginx.https.enabled }}
- containerPort: {{ .Values.nginx.https.internalPort }}
{{- end }}
{{- else }} # DEPRECATED
- containerPort: {{ .Values.nginx.internalPortHttps }}
{{- end }}
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: nginx-artifactory-conf
mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/"
- name: nginx-volume
mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
- name: ssl-certificates
mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl"
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- if .Values.nginx.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.nginx.readinessProbe.path }}
{{- if .Values.nginx.http.enabled }}
port: {{ .Values.nginx.http.internalPort }}
scheme: HTTP
{{- else }}
port: {{ .Values.nginx.https.internalPort }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.nginx.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.nginx.livenessProbe.path }}
{{- if .Values.nginx.http.enabled }}
port: {{ .Values.nginx.http.internalPort }}
scheme: HTTP
{{- else }}
port: {{ .Values.nginx.https.internalPort }}
scheme: HTTPS
{{- end }}
initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.nginx.persistence.mountPath }}
{{- range .Values.nginx.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- tail
args:
- '-F'
- '{{ $mountPath }}/logs/{{ . }}'
volumeMounts:
- name: nginx-volume
mountPath: {{ $mountPath }}
{{- end }}
{{- with .Values.nginx.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: nginx-conf
configMap:
{{- if .Values.nginx.customConfigMap }}
name: {{ .Values.nginx.customConfigMap }}
{{- else }}
name: {{ template "artifactory-ha.fullname" . }}-nginx-conf
{{- end }}
- name: nginx-artifactory-conf
configMap:
{{- if .Values.nginx.customArtifactoryConfigMap }}
name: {{ .Values.nginx.customArtifactoryConfigMap }}
{{- else }}
name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf
{{- end }}
- name: nginx-volume
{{- if .Values.nginx.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
- name: ssl-certificates
secret:
{{- if .Values.nginx.tlsSecretName }}
secretName: {{ .Values.nginx.tlsSecretName }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate
{{- end }}
{{- end }}

26
Openshift4/artifactoryha-helm/templates/nginx-pvc.yaml Executable file
View File

@@ -0,0 +1,26 @@
{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }}
{{- if (not .Values.nginx.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.nginx.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.nginx.persistence.size | quote }}
{{- if .Values.nginx.persistence.storageClass }}
{{- if (eq "-" .Values.nginx.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nginx.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

69
Openshift4/artifactoryha-helm/templates/nginx-service.yaml Executable file
View File

@@ -0,0 +1,69 @@
{{- if .Values.nginx.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
{{- if .Values.nginx.service.labels }}
{{ toYaml .Values.nginx.service.labels | indent 4 }}
{{- end }}
{{- if .Values.nginx.service.annotations }}
annotations:
{{ toYaml .Values.nginx.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.nginx.service.type }}
{{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }}
clusterIP: {{ .Values.nginx.service.clusterIP }}
{{- end }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}}
loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}
{{ end -}}
{{- if .Values.nginx.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }}
{{- end }}
{{- end }}
{{- if .Values.nginx.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
# DEPRECATION NOTE: The following is to maintain support for values pre 1.3.0 and
# will be cleaned up in a later verion
{{- if .Values.nginx.http }}
{{- if .Values.nginx.http.enabled }}
- port: {{ .Values.nginx.http.externalPort }}
targetPort: {{ .Values.nginx.http.internalPort }}
protocol: TCP
name: http
{{- end }}
{{- else }} # DEPRECATED
- port: {{ .Values.nginx.externalPortHttp }}
targetPort: {{ .Values.nginx.internalPortHttp }}
protocol: TCP
name: http
{{- end }}
{{- if .Values.nginx.https }}
{{- if .Values.nginx.https.enabled }}
- port: {{ .Values.nginx.https.externalPort }}
targetPort: {{ .Values.nginx.https.internalPort }}
protocol: TCP
name: https
{{- end }}
{{- else }} # DEPRECATED
- port: {{ .Values.nginx.externalPortHttps }}
targetPort: {{ .Values.nginx.internalPortHttps }}
protocol: TCP
name: https
{{- end }}
selector:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
{{- end }}