zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 00:06:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Openshift Xray Helm and relocated to helm or operator folder

Browse Source
This commit is contained in:
John Peterson
2020-10-01 17:20:12 -07:00
parent 36ab48f407
commit 2cc08a26b1
149 changed files with 133 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Openshift4/helm/openshift-artifactory-ha/CHANGELOG.md Executable file
View File

@@ -0,0 +1,29 @@
# JFrog Openshift Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file.
## [4.1.0] - Sept 30, 2020
* Updating to latest jfrog/artifactory-ha helm chart version 4.1.0 artifactory version 7.9.0
## [3.1.0] - Aug 17, 2020
* Updating to latest jfrog/artifactory-ha helm chart version 3.1.0 artifactory version 7.7.3
## [3.0.5] - Jul 16, 2020
* Updating to latest jfrog/artifactory helm chart version 3.0.5 artifactory version 7.6.3
## [2.6.0] - June 29, 2020
* Updating to latest jfrog/artifactory helm chart version 2.6.0 artifactory version 7.6.1
## [2.4.6] - May 12, 2020
* Updating to latest jfrog/artifactory-ha helm chart version 2.4.6 artifactory version 7.4.3
## [2.3.0] - April 13, 2020
* Updating to latest jfrog/artifactory-ha helm chart version 2.3.0
## [2.2.9] - April 11, 2020
* Fixed issues with master key
## [2.1.9] - March 17, 2020
* Updated Artifactory version to 7.3.2
## [2.0.35] - March 09, 2020
* Updated Artifactory version to 7.2.1

19
Openshift4/helm/openshift-artifactory-ha/Chart.yaml Executable file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
appVersion: 7.9.0
description: Openshift JFrog Artifactory HA subcharting Artifactory HA to work in Openshift environment
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png
keywords:
- artifactory
- jfrog
- devops
maintainers:
- email: vinaya@jfrog.com
name: Vinay Aggarwal
- email: johnp@jfrog.com
name: John Peterson
name: openshift-artifactory-ha
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
version: 4.1.0

201
Openshift4/helm/openshift-artifactory-ha/LICENSE Executable file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

1454
Openshift4/helm/openshift-artifactory-ha/README.md Executable file
View File

File diff suppressed because it is too large Load Diff

57
Openshift4/helm/openshift-artifactory-ha/helminstall.sh Executable file
View File

@@ -0,0 +1,57 @@
#!/usr/bin/env bash
# PreReq'd:
# helm install postgres bitnami/postgresql
# follow artifactory postgresql db setup:
# https://www.jfrog.com/confluence/display/JFROG/PostgreSQL
POSTGRES=$(helm ls | grep postgres | wc -l)
if [[ "$POSTGRES" =~ (0) ]]
then
echo "External DB is required to run Jfrog Openshift Artifactory Helm chart"
echo ""
echo "Postgresql helm chart must be installed prior to installing this helm installer script."
echo ""
echo "helm install postgres bitnami/postgresql"
echo ""
echo "follow artifactory postgresql db setup:"
echo "https://www.jfrog.com/confluence/display/JFROG/PostgreSQL"
exit 1
else
if [[ -z "$1" ]]
then
echo "Installing Jfrog Artifactory Openshift Helm"
else
echo "Patching Environment for RunAsAnyUid"
# patch the restricted scc to allow the pods to run as anyuid
oc patch scc restricted --patch '{"fsGroup":{"type":"RunAsAny"},"runAsUser":{"type":"RunAsAny"},"seLinuxContext":{"type":"RunAsAny"}}' --type=merge
if [[ -f "artifactory.cluster.license" ]]
then
echo "Creating k8s secret for Artifactory cluster licenses from file: artifactory.cluster.license"
# create the license secret
oc create secret generic artifactory-license --from-file=artifactory.cluster.license
fi
if [[ -f "tls.crt" ]]
then
echo "Creating k8s secret for TLS tls-ingress from files tls.crt & tls.key"
# create the tls secret
oc create secret tls tls-ingress --cert=tls.crt --key=tls.key
fi
fi
fi
# install via helm with default postgresql configuration
helm install artifactory-ha . \
--set artifactory-ha.nginx.service.ssloffload=true \
--set artifactory-ha.nginx.tlsSecretName=tls-ingress \
--set artifactory-ha.artifactory.node.replicaCount=1 \
--set artifactory-ha.artifactory.license.secret=artifactory-license,artifactory-ha.artifactory.license.dataKey=artifactory.cluster.license \
--set artifactory-ha.database.type=postgresql \
--set artifactory-ha.database.driver=org.postgresql.Driver \
--set artifactory-ha.database.url=jdbc:postgresql://postgres-postgresql:5432/artifactory \
--set artifactory-ha.database.user=artifactory \
--set artifactory-ha.database.password=password \
--set artifactory-ha.artifactory.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE \
--set artifactory-ha.artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

6
Openshift4/helm/openshift-artifactory-ha/requirements.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: artifactory-ha
repository: https://charts.jfrog.io/
version: 4.1.0
digest: sha256:8df1fd70eeabbb7687da0dd534d2161a413389ec40f331d5eb8e95ae50119222
generated: "2020-09-30T12:30:08.142288-07:00"

4
Openshift4/helm/openshift-artifactory-ha/requirements.yaml Normal file
View File

@@ -0,0 +1,4 @@
dependencies:
- name: artifactory-ha
version: 4.1.0
repository: https://charts.jfrog.io/

99
Openshift4/helm/openshift-artifactory-ha/values.yaml Executable file
View File

@@ -0,0 +1,99 @@
# Openshift Artifactory HA
# This helm chart subcharts the latest jfrog/artifactory-ha chart
# and applies various things like initContainers, nginx mainConf, etc
# to enable the artifactory-ha helm chart to work in an openshift environment
artifactory-ha:
###################################
# EDIT TO YOUR DB CONFIGURATION
###################################
database:
type: "OVERRIDE"
driver: "OVERRIDE"
url: "OVERRIDE"
user: "OVERRIDE"
password: "OVERRIDE"
initContainerImage: registry.connect.redhat.com/jfrog/init:1.0.1
waitForDatabase: true
installerInfo: '{ "productId": "Openshift_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "ArtifactoryVersion/{{ default .Chart.AppVersion .Values.artifactory.image.version }}" }, { "featureId": "{{ if .Values.postgresql.enabled }}postgresql{{ else }}{{ .Values.database.type }}{{ end }}/0.0.0" }, { "featureId": "Platform/Openshift" }, { "featureId": "Partner/ACC-006983" }, { "featureId": "Channel/Openshift" } ] }'
artifactory:
uid: "1000721030"
## Change to use RH UBI images
image:
registry: registry.connect.redhat.com
repository: jfrog/artifactory-pro
tag: 7.9.0
node:
replicaCount: 2
waitForPrimaryStartup:
enabled: false
masterKey: "OVERRIDE"
joinKey: "OVERRIDE"
postgresql:
enabled: false
nginx:
uid: "1000720104"
gid: "1000720107"
image:
registry: registry.redhat.io
repository: rhel8/nginx-116
tag: latest
## K8S secret name for the TLS secret to be used for SSL
tlsSecretName: "OVERRIDE"
service:
ssloffload: false
http:
externalPort: 80
internalPort: 8080
https:
externalPort: 443
internalPort: 8443
mainConf: |
# Main Nginx configuration file
worker_processes 4;
error_log {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format timing 'ip = $remote_addr '
'user = \"$remote_user\" '
'local_time = \"$time_local\" '
'host = $host '
'request = \"$request\" '
'status = $status '
'bytes = $body_bytes_sent '
'upstream = \"$upstream_addr\" '
'upstream_time = $upstream_response_time '
'request_time = $request_time '
'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
}

5
Openshift4/helm/openshift-pipelines/CHANGELOG.md Executable file
View File

@@ -0,0 +1,5 @@
# JFrog Openshift Pipelines Chart Changelog
All changes to this chart will be documented in this file.
## [1.4.5] Sept 21, 2020
* Adding Openshift Pipelines helm chart version 1.4.5 app version 1.7.2

16
Openshift4/helm/openshift-pipelines/Chart.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
appVersion: 1.7.2
description: A Helm chart for JFrog Pipelines
home: https://jfrog.com/pipelines/
icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/pipelines/icon/pipelines-logo.png
keywords:
- pipelines
- jfrog
- devops
maintainers:
- email: vinaya@jfrog.com
name: Vinay Aggarwal
- email: johnp@jfrog.com
name: John Peterson
name: openshift-pipelines
version: 1.4.5

201
Openshift4/helm/openshift-pipelines/LICENSE Executable file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

223
Openshift4/helm/openshift-pipelines/README.md Executable file
View File

@@ -0,0 +1,223 @@
# JFrog Pipelines on Kubernetes Helm Chart
[JFrog Pipelines](https://jfrog.com/pipelines/)
## Prerequisites Details
* Kubernetes 1.12+
## Chart Details
This chart will do the following:
- Deploy PostgreSQL (optionally with an external PostgreSQL instance)
- Deploy RabbitMQ (optionally as an HA cluster)
- Deploy Redis (optionally as an HA cluster)
- Deploy Vault (optionally as an HA cluster)
- Deploy JFrog Pipelines
## Requirements
- A running Kubernetes cluster
- Dynamic storage provisioning enabled
- Default StorageClass set to allow services using the default StorageClass for persistent storage
- A running Artifactory 7.7.x with Enterprise+ License
- Precreated repository `jfrogpipelines` in Artifactory type `Generic` with layout `maven-2-default`
- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed and setup to use the cluster
- [Helm](https://helm.sh/) v2 or v3 installed
## Install JFrog Pipelines
### Add ChartCenter Helm repository
Before installing JFrog helm charts, you need to add the [ChartCenter helm repository](https://chartcenter.io) to your helm client
```bash
helm repo add center https://repo.chartcenter.io
helm repo update
```
### Artifactory Connection Details
In order to connect Pipelines to your Artifactory installation, you have to use a Join Key, hence it is *MANDATORY* to provide a Join Key and Jfrog Url to your Pipelines installation. Here's how you do that:
Retrieve the connection details of your Artifactory installation, from the UI - https://www.jfrog.com/confluence/display/JFROG/General+Security+Settings#GeneralSecuritySettings-ViewingtheJoinKey.
### Install Pipelines Chart with Ingress
#### Pre-requisites
Before deploying Pipelines you need to have the following
- A running Kubernetes cluster
- An [Artifactory ](https://hub.helm.sh/charts/jfrog/artifactory) or [Artifactory HA](https://hub.helm.sh/charts/jfrog/artifactory-ha) with Enterprise+ License
- Precreated repository `jfrogpipelines` in Artifactiry type `Generic` with layout `maven-2-default`
- Deployed [Nginx-ingress controller](https://hub.helm.sh/charts/stable/nginx-ingress)
- [Optional] Deployed [Cert-manager](https://hub.helm.sh/charts/jetstack/cert-manager) for automatic management of TLS certificates with [Lets Encrypt](https://letsencrypt.org/)
- [Optional] TLS secret needed for https access
#### Prepare configurations
Fetch the JFrog Pipelines helm chart to get the needed configuration files
```bash
helm fetch center/jfrog/pipelines --untar
```
Edit local copies of `values-ingress.yaml`, `values-ingress-passwords.yaml` and `values-ingress-external-secret.yaml` with the needed configuration values
- URLs in `values-ingress.yaml`
- Artifactory URL
- Ingress hosts
- Ingress tls secrets
- Passwords `uiUserPassword`, `postgresqlPassword` and `rabbitmq.password` must be set, and same for `masterKey` and `joinKey` in `values-ingress-passwords.yaml`
#### Install JFrog Pipelines
Install JFrog Pipelines
```bash
kubectl create ns pipelines
helm upgrade --install pipelines --namespace pipelines center/jfrog/pipelines -f pipelines/values-ingress.yaml -f pipelines/values-ingress-passwords.yaml
```
### Use external secret
**Note:** Best practice is to use external secrets instead of storing passwords in `values.yaml` files.
Don't forget to **update** URLs in `values-ingress-external-secret.yaml` file.
Fill in all required passwords, `masterKey` and `joinKey` in `values-ingress-passwords.yaml` and then create and install the external secret.
**Note:** Helm release name for secrets generation and `helm install` must be set the same, in this case it is `pipelines`.
With Helm v2:
```bash
## Generate pipelines-system-yaml secret
helm template --name-template pipelines pipelines/ -x templates/pipelines-system-yaml.yaml \
-f pipelines/values-ingress-external-secret.yaml -f pipelines/values-ingress-passwords.yaml | kubectl apply --namespace pipelines -f -
## Generate pipelines-database secret
helm template --name-template pipelines pipelines/ -x templates/database-secret.yaml \
-f pipelines/values-ingress-passwords.yaml | kubectl apply --namespace pipelines -f -
## Generate pipelines-rabbitmq-secret secret
helm template --name-template pipelines pipelines/ -x templates/rabbitmq-secret.yaml \
-f pipelines/values-ingress-passwords.yaml | kubectl apply --namespace pipelines -f -
```
With Helm v3:
```bash
## Generate pipelines-system-yaml secret
helm template --name-template pipelines pipelines/ -s templates/pipelines-system-yaml.yaml \
-f pipelines/values-ingress-external-secret.yaml -f pipelines/values-ingress-passwords.yaml | kubectl apply --namespace pipelines -f -
## Generate pipelines-database secret
helm template --name-template pipelines pipelines/ -s templates/database-secret.yaml \
-f pipelines/values-ingress-passwords.yaml | kubectl apply --namespace pipelines -f -
## Generate pipelines-rabbitmq-secret secret
helm template --name-template pipelines pipelines/ -s templates/rabbitmq-secret.yaml \
-f pipelines/values-ingress-passwords.yaml | kubectl apply --namespace pipelines -f -
```
Install JFrog Pipelines:
```bash
helm upgrade --install pipelines --namespace pipelines center/jfrog/pipelines -f values-ingress-external-secret.yaml
```
### Using external Rabbitmq
If you want to use external Rabbitmq, set `rabbitmq.enabled=false` and create `values-external-rabbitmq.yaml` with below yaml configuration
```yaml
rabbitmq:
enabled: false
internal_ip: "{{ .Release.Name }}-rabbitmq"
msg_hostname: "{{ .Release.Name }}-rabbitmq"
port: 5672
manager_port: 15672
ms_username: admin
ms_password: password
cp_username: admin
cp_password: password
build_username: admin
build_password: password
root_vhost_exchange_name: rootvhost
erlang_cookie: secretcookie
build_vhost_name: pipelines
root_vhost_name: pipelinesRoot
protocol: amqp
```
```bash
helm upgrade --install pipelines --namespace pipelines center/jfrog/pipelines -f values-external-rabbitmq.yaml
```
### Using external Vault
If you want to use external Vault, set `vault.enabled=false` and create `values-external-vault.yaml` with below yaml configuration
```yaml
vault:
enabled: false
global:
vault:
host: vault_url
port: vault_port
token: vault_token
## Set Vault token using existing secret
# existingSecret: vault-secret
```
If you store external Vault token in a pre-existing Kubernetes Secret, you can specify it via `existingSecret`.
To create a secret containing the Vault token:
```bash
kubectl create secret generic vault-secret --from-literal=token=${VAULT_TOKEN}
```
```bash
helm upgrade --install pipelines --namespace pipelines center/jfrog/pipelines -f values-external-vault.yaml
```
### Status
See the status of deployed **helm** release:
With Helm v2:
```bash
helm status pipelines
```
With Helm v3:
```bash
helm status pipelines --namespace pipelines
```
### Pipelines Version
- By default, the pipelines images will use the value `appVersion` in the Chart.yml. This can be over-ridden by adding `version` to the pipelines section of the values.yml
### Build Plane
#### Build Plane with static and dynamic node-pool VMs
To start using Pipelines you need to setup a Build Plane:
- For Static VMs Node-pool setup, please read [Managing Node Pools](https://www.jfrog.com/confluence/display/JFROG/Managing+Pipelines+Node+Pools#ManagingPipelinesNodePools-static-node-poolsAdministeringStaticNodePools).
- For Dynamic VMs Node-pool setup, please read [Managing Dynamic Node Pools](https://www.jfrog.com/confluence/display/JFROG/Managing+Pipelines+Node+Pools#ManagingPipelinesNodePools-dynamic-node-poolsAdministeringDynamicNodePools).
- For Kubernetes Node-pool setup, please read [Managing Dynamic Node Pools](https://www.jfrog.com/confluence/display/JFROG/Managing+Pipelines+Node+Pools#ManagingPipelinesNodePools-dynamic-node-poolsAdministeringDynamicNodePools).
## Useful links
- https://www.jfrog.com/confluence/display/JFROG/Pipelines+Quickstart
- https://www.jfrog.com/confluence/display/JFROG/Using+Pipelines
- https://www.jfrog.com/confluence/display/JFROG/Managing+Runtimes

35
Openshift4/helm/openshift-pipelines/helminstall.sh Executable file
View File

@@ -0,0 +1,35 @@
#!/usr/bin/env bash
echo "Installing Pipelines"
if [ -z "$MASTER_KEY" ]
then
MASTER_KEY=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
fi
if [ -z "$JOIN_KEY" ]
then
JOIN_KEY=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
fi
helm upgrade --install pipelines . \
--set pipelines.pipelines.jfrogUrl=http://openshiftartifactoryha-nginx \
--set pipelines.pipelines.jfrogUrlUI=http://openshiftartifactoryha-nginx \
--set pipelines.pipelines.masterKey=$MASTER_KEY \
--set pipelines.pipelines.joinKey=$JOIN_KEY \
--set pipelines.pipelines.accessControlAllowOrigins_0=http://openshiftartifactoryha-nginx \
--set pipelines.pipelines.accessControlAllowOrigins_1=http://openshiftartifactoryha-nginx \
--set pipelines.pipelines.msg.uiUser=monitor \
--set pipelines.pipelines.msg.uiUserPassword=monitor \
--set pipelines.postgresql.enabled=false \
--set pipelines.global.postgresql.host=postgres-postgresql \
--set pipelines.global.postgresql.port=5432 \
--set pipelines.global.postgresql.database=pipelinesdb \
--set pipelines.global.postgresql.user=artifactory \
--set pipelines.global.postgresql.password=password \
--set pipelines.global.postgresql.ssl=false \
--set pipelines.rabbitmq.rabbitmq.username=user \
--set pipelines.rabbitmq.rabbitmq.password=bitnami \
--set pipelines.rabbitmq.externalUrl=amqps://pipelines-rabbit.jfrog.tech \
--set pipelines.pipelines.api.externalUrl=http://pipelines-api.jfrog.tech \
--set pipelines.pipelines.www.externalUrl=http://pipelines-www.jfrog.tech

6
Openshift4/helm/openshift-pipelines/requirements.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: pipelines
repository: https://charts.jfrog.io/
version: 1.4.5
digest: sha256:83b0fa740797074925e7f237762ff493727faf58476c3884f247acc44428202b
generated: "2020-09-21T10:32:37.846331-07:00"

4
Openshift4/helm/openshift-pipelines/requirements.yaml Normal file
View File

@@ -0,0 +1,4 @@
dependencies:
- name: pipelines
version: 1.4.5
repository: https://charts.jfrog.io/

1123
Openshift4/helm/openshift-pipelines/values.yaml Executable file
View File

File diff suppressed because it is too large Load Diff

14
Openshift4/helm/openshift-xray/CHANGELOG.md Executable file
View File

@@ -0,0 +1,14 @@
# JFrog Openshift Artifactory-Xray Chart Changelog
All changes to this chart will be documented in this file.
## [6.0.6] Oct 1st, 2020
* Updating to Xray chart version 6.0.6 and Xray app version 3.8.8
## [4.2.0] Aug 17, 2020
* Updating to Xray chart version 4.2.0 and Xray app version 3.8.0
## [4.1.2] July 28, 2020
* Updating to Xray chart version 4.1.2 and Xray app version 3.6.2
## [3.5.1] June 29, 2020
* Updating to Xray chart version 3.5.1 and Xray app version 3.5.2

16
Openshift4/helm/openshift-xray/Chart.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
appVersion: 3.8.8
description: Universal component scan for security and license inventory and impact analysis
sources:
- https://bintray.com/jfrog/product/xray/view
- https://github.com/jfrog/charts
keywords:
- xray
- jfrog
maintainers:
- email: vinaya@jfrog.com
name: Vinay Aggarwal
- email: johnp@jfrog.com
name: John Peterson
name: openshift-xray
version: 6.0.6

201
Openshift4/helm/openshift-xray/LICENSE Executable file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

509
Openshift4/helm/openshift-xray/README.md Executable file
View File

@@ -0,0 +1,509 @@
# JFrog Xray HA on Kubernetes Helm Chart
## Openshift
The Xray chart has been made a subchart of this chart.
Note due to this change we now reference values through the subchart name as shown below:
original:
```
xray.jfrogUrl
```
now:
```
xray.xray.jfrogUrl
```
This is due to helm referencing the value through the subchart named xray now.
## Prerequisites Details
* Kubernetes 1.12+
## Chart Details
This chart will do the following:
* Optionally deploy PostgreSQL
* Deploy RabbitMQ (optionally as an HA cluster)
* Deploy JFrog Xray micro-services
## Requirements
- A running Kubernetes cluster
- Dynamic storage provisioning enabled
- Default StorageClass set to allow services using the default StorageClass for persistent storage
- A running Artifactory
- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed and setup to use the cluster
- [Helm](https://helm.sh/) v2 or v3 installed
## Install JFrog Xray
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
#### Artifactory Connection Details
In order to connect Xray to your Artifactory installation, you have to use a Join Key, hence it is *MANDATORY* to provide a Join Key and Jfrog Url to your Xray installation. Here's how you do that:
Retrieve the connection details of your Artifactory installation, from the UI - https://www.jfrog.com/confluence/display/JFROG/General+Security+Settings#GeneralSecuritySettings-ViewingtheJoinKey.
#### Initiate Installation
Provide join key and jfrog url as a parameter to the Xray chart installation:
```bash
helm upgrade --install --set xray.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY> \
--set xray.jfrogUrl=<YOUR_PREVIOUSLY_RETIREVED_BASE_URL> --namespace xray jfrog/xray
```
Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time.
```bash
# Create a secret containing the key. The key in the secret must be named join-key
kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>
# Pass the created secret to helm
helm upgrade --install --set xray.joinKeySecretName=my-secret --namespace xray jfrog/xray
```
**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set xray.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>`. In the second, this means always passing `--set xray.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
### System Configuration
Xray uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage.
## Status
See the status of your deployed **helm** releases
```bash
helm status xray
```
## Upgrade
To upgrade an existing Xray, you still use **helm**
```bash
# Update existing deployed version to 2.1.2
helm upgrade --set common.xrayVersion=2.1.2 jfrog/xray
```
If Xray was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/xray --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD}
```
If Xray was installed without providing a value to rabbitmq.rabbitmqPassword/rabbitmq-ha.rabbitmqPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
RABBITMQ_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/xray --set rabbitmq.rabbitmqPassword=${RABBITMQ_PASSWORD}/rabbitmq-ha.rabbitmqPassword=${RABBITMQ_PASSWORD}
```
If Xray was installed with all of the default values (e.g. with no user-provided values for rabbit/postgres), follow these steps:
1. Retrieve all current passwords (rabbitmq/postgresql) as explained in the above section.
2. Upgrade the release by passing the previously auto-generated secrets:
```bash
helm upgrade --install xray --namespace xray jfrog/xray --set rabbitmq-ha.rabbitmqPassword=<rabbit-password> --set postgresql.postgresqlPassword=<postgresql-password>
```
## Remove
Removing a **helm** release is done with
```bash
# Remove the Xray services and data tools
#On helm v2:
helm delete --purge xray
#On helm v3:
helm delete xray --namespace xray
# Remove the data disks
kubectl delete pvc -l release=xray
```
### Deploying Xray for small/medium/large instllations
In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml
### Create a unique Master Key
JFrog Xray requires a unique master key to be used by all micro-services in the same cluster. By default the chart has one set in values.yaml (`xray.masterKey`).
**This key is for demo purpose and should not be used in a production environment!**
You should generate a unique one and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Pass the created master key to helm
helm upgrade --install --set xray.masterKey=${MASTER_KEY} --namespace xray jfrog/xray
```
Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY}
# Pass the created secret to helm
helm upgrade --install xray --set xray.masterKeySecretName=my-secret --namespace xray jfrog/xray
```
**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set xray.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set xray.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
## Special deployments
This is a list of special use cases for non-standard deployments
### High Availability
For **high availability** of Xray, set the replica count to be equal or higher than **2**. Recommended is **3**.
> It is highly recommended to also set **RabbitMQ** to run as an HA cluster.
```bash
# Start Xray with 3 replicas per service and 3 replicas for RabbitMQ
helm upgarde --install xray --namespace xray --set server.replicaCount=3 jfrog/xray
```
### External Databases
There is an option to use external PostgreSQL database for your Xray.
#### PostgreSQL
##### PostgreSQL without TLS
To use an external **PostgreSQL**, you need to disable the use of the bundled **PostgreSQL** and set a custom **PostgreSQL** connection URL.
For this, pass the parameters: `postgresql.enabled=false` and `database.url=${XRAY_POSTGRESQL_CONN_URL}`.
**IMPORTANT:** Make sure the DB is already created before deploying Xray services
```bash
# Passing a custom PostgreSQL to Xray
# Example
export POSTGRESQL_HOST=custom-postgresql-host
export POSTGRESQL_PORT=5432
export POSTGRESQL_USER=xray
export POSTGRESQL_PASSWORD=password2_X
export POSTGRESQL_DATABASE=xraydb
export XRAY_POSTGRESQL_CONN_URL="postgres://${POSTGRESQL_HOST}:${POSTGRESQL_PORT}/${POSTGRESQL_DATABASE}?sslmode=disable"
helm upgrade --install xray --namespace xray \
--set postgresql.enabled=false \
--set database.url="${XRAY_POSTGRESQL_CONN_URL}" \
--set database.user="${POSTGRESQL_USER}" \
--set database.password="${POSTGRESQL_PASSWORD}" \
jfrog/xray
```
##### PostgreSQL with TLS
If external **PostgreSQL** is set with TLS, you need to disable the use of the bundled **PostgreSQL**, set a custom **PostgreSQL** connection URL and provide a secret with **PostgreSQL** TLS certificates.
Create the Kubernetes secret (assuming the local files are `client-cert.pem client-key.pem server-ca.pem`)
```bash
kubectl create secret generic postgres-tls --from-file=client-key.pem --from-file=client-cert.pem --from-file=server-ca.pem
```
**IMPORTANT:** `PostgreSQL` connection URL needs to have listed TLS files with the path `/var/opt/jfrog/xray/data/tls/`
and `sslmode==verify-ca` otherwise Xray will fail to connect to Postgres.
```bash
# Passing a custom PostgreSQL with TLS to Xray
# Example
export POSTGRESQL_HOST=custom-postgresql-host
export POSTGRESQL_PORT=5432
export POSTGRESQL_USER=xray
export POSTGRESQL_PASSWORD=password2_X
export POSTGRESQL_DATABASE=xraydb
export POSTGRESQL_SERVER_CA=server-ca.pem
export POSTGRESQL_CLIENT_CERT=client-key.pem
export POSTGRESQL_CLIENT_KEY=client-cert.pem
export POSTGRESQL_TLS_SECRET=postgres-tls
export XRAY_POSTGRESQL_CONN_URL="postgres://${POSTGRESQL_HOST}:${POSTGRESQL_PORT}/${POSTGRESQL_DATABASE}?sslrootcert=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_SERVER_CA}&sslkey=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_CLIENT_KEY}&sslcert=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_CLIENT_CERT}&sslmode=verify-ca"
helm upgrade --install xray --namespace xray \
--set postgresql.enabled=false \
--set database.url="${XRAY_POSTGRESQL_CONN_URL}" \
--set database.user="${POSTGRESQL_USER}" \
--set database.password="${POSTGRESQL_PASSWORD}" \
jfrog/xray
```
### Custom init containers
There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container.
For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out
```yaml
common:
## Add custom init containers executed before predefined init containers
customInitContainersBegin: |
## Init containers template goes here ##
## Add custom init containers executed after predefined init containers
customInitContainers: |
## Init containers template goes here ##
```
## Configuration
The following table lists the configurable parameters of the xray chart and their default values.
| Parameter | Description | Default |
|------------------------------|--------------------------------------------------|------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `imagePullPolicy` | Container pull policy | `IfNotPresent` |
| `initContainerImage` | Init container image | `alpine:3.6` |
| `xray.jfrogUrl` | Main Artifactory URL, without the `/artifactory` prefix .Mandatory | |
| `xray.persistence.mountPath` | Xray persistence mount path | `/var/opt/jfrog/xray` |
| `xray.masterKey` | Xray Master Key (Can be generated with `openssl rand -hex 32`) | `` |
| `xray.masterKeySecretName` | Xray Master Key secret name | |
| `xray.joinKey` | Xray Join Key to connect to Artifactory . Mandatory | `` |
| `xray.joinKeySecretName` | Xray Join Key secret name | |
| `xray.systemYaml` | Xray system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Xray+System+YAML | |
| `xray.autoscaling.enabled` | Enable Xray Pods autoscaling using `HorizontalPodAutoscaler` | `false` |
| `xray.autoscaling.minReplicas` | Minimum number of Xray replicas | `1` |
| `xray.autoscaling.maxReplicas` | Maximum number of Xray replicas | `1` |
| `xray.autoscaling.targetCPUUtilizationPercentage` | CPU usage percentage that will trigger autoscaling | `50` |
| `xray.autoscaling.targetMemoryUtilizationPercentage` | Memory usage percentage that will trigger autoscaling | `75` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created| `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.image.registry` | PostgreSQL Docker image registry | `docker.bintray.io` |
| `postgresql.image.repository` | PostgreSQL Docker image repository | `bitnami/postgresql` |
| `postgresql.image.tag` | PostgreSQL Docker image tag | `9.6.15-debian-9-r91` |
| `postgresql.postgresqlUsername` | PostgreSQL database user | `xray` |
| `postgresql.postgresqlPassword` | PostgreSQL database password | ` ` |
| `postgresql.postgresqlDatabase` | PostgreSQL database name | `xraydb` |
| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` |
| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `500` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.persistence.existingClaim` | PostgreSQL name of existing Persistent Volume Claim to use | ` ` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `postgresql.nodeSelector` | PostgreSQL node selector | `{}` |
| `postgresql.affinity` | PostgreSQL node affinity | `{}` |
| `postgresql.tolerations` | PostgreSQL node tolerations | `[]` |
| `database.url` | External database connection URL | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
| `database.secrets.url.name` | External database url `Secret` name | |
| `database.secrets.url.key` | External database url `Secret` key | |
| `rabbitmq.enabled` | RabbitMQ enabled uses rabbitmq | `false` |
| `rabbitmq.replicas` | RabbitMQ replica count | `1` |
| `rabbitmq.rbacEnabled` | If true, create & use RBAC resources | `true` |
| `rabbitmq.rabbitmq.username` | RabbitMQ application username | `guest` |
| `rabbitmq.rabbitmq.password` | RabbitMQ application password | |
| `rabbitmq.rabbitmq.existingPasswordSecret` | RabbitMQ existingPasswordSecret | |
| `rabbitmq.rabbitmq.erlangCookie` | RabbitMQ Erlang cookie | `XRAYRABBITMQCLUSTER`|
| `rabbitmq.service.nodePort` | RabbitMQ node port | `5672` |
| `rabbitmq.persistence.enabled` | If `true`, persistent volume claims are created | `true` |
| `rabbitmq.persistence.accessMode` | RabbitMQ persistent volume claims access mode | `ReadWriteOnce` |
| `rabbitmq.persistence.size` | RabbitMQ Persistent volume size | `20Gi` |
| `rabbitmq-ha.enabled` | RabbitMQ enabled uses rabbitmq-ha | `true` |
| `rabbitmq-ha.replicaCount` | RabbitMQ Number of replica | `1` |
| `rabbitmq-ha.rabbitmqUsername` | RabbitMQ application username | `guest` |
| `rabbitmq-ha.rabbitmqPassword` | RabbitMQ application password | ` ` |
| `rabbitmq-ha.existingSecret` | RabbitMQ existingSecret | ` ` |
| `rabbitmq-ha.rabbitmqErlangCookie` | RabbitMQ Erlang cookie | `XRAYRABBITMQCLUSTER`|
| `rabbitmq-ha.rabbitmqMemoryHighWatermark` | RabbitMQ Memory high watermark | `500MB` |
| `rabbitmq-ha.persistentVolume.enabled` | If `true`, persistent volume claims are created | `true` |
| `rabbitmq-ha.persistentVolume.size` | RabbitMQ Persistent volume size | `20Gi` |
| `rabbitmq-ha.rbac.create` | If true, create & use RBAC resources | `true` |
| `rabbitmq-ha.nodeSelector` | RabbitMQ node selector | `{}` |
| `rabbitmq-ha.tolerations` | RabbitMQ node tolerations | `[]` |
| `common.xrayVersion` | Xray image tag | `.Chart.AppVersion` |
| `common.preStartCommand` | Xray Custom command to run before startup. Runs BEFORE any microservice-specific preStartCommand | |
| `common.xrayUserId` | Xray User Id | `1035` |
| `common.xrayGroupId` | Xray Group Id | `1035` |
| `common.persistence.enabled` | Xray common persistence volume enabled | `false` |
| `common.persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` |
| `common.persistence.storageClass` | Storage class of backing PVC | `nil (uses default storage class annotation)` |
| `common.persistence.accessMode` | Xray common persistence volume access mode | `ReadWriteOnce` |
| `common.persistence.size` | Xray common persistence volume size | `50Gi` |
| `xray.systemYaml` | Xray system configuration (`system.yaml`) | `see values.yaml` |
| `common.customInitContainersBegin` | Custom init containers to run before existing init containers | ` ` |
| `common.customInitContainers` | Custom init containers to run after existing init containers | ` ` |
| `common.xrayConfig` | Additional xray yaml configuration to be written to xray_config.yaml file | See [values.yaml](stable/xray/values.yaml) |
| `database.url` | Xray external PostgreSQL URL | ` ` |
| `global.postgresqlTlsSecret` | Xray external PostgreSQL TLS files secret | ` ` |
| `analysis.name` | Xray Analysis name | `xray-analysis` |
| `analysis.image` | Xray Analysis container image | `docker.bintray.io/jfrog/xray-analysis` |
| `analysis.updateStrategy` | Xray Analysis update strategy | `RollingUpdate` |
| `analysis.podManagementPolicy` | Xray Analysis pod management policy | `Parallel` |
| `analysis.internalPort` | Xray Analysis internal port | `7000` |
| `analysis.externalPort` | Xray Analysis external port | `7000` |
| `analysis.livenessProbe` | Xray Analysis livenessProbe | See `values.yaml` |
| `analysis.readinessProbe` | Xray Analysis readinessProbe | See `values.yaml` |
| `analysis.persistence.size` | Xray Analysis storage size limit | `10Gi` |
| `analysis.resources` | Xray Analysis resources | `{}` |
| `analysis.preStartCommand` | Xray Analysis Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `analysis.nodeSelector` | Xray Analysis node selector | `{}` |
| `analysis.affinity` | Xray Analysis node affinity | `{}` |
| `analysis.tolerations` | Xray Analysis node tolerations | `[]` |
| `analysis.annotations` | Xray Analysis annotations | `{}` |
| `indexer.name` | Xray Indexer name | `xray-indexer` |
| `indexer.image` | Xray Indexer container image | `docker.bintray.io/jfrog/xray-indexer` |
| `indexer.annotations` | Xray Indexer annotations | `{}` |
| `indexer.updateStrategy` | Xray Indexer update strategy | `RollingUpdate` |
| `indexer.podManagementPolicy` | Xray Indexer pod management policy | `Parallel` |
| `indexer.internalPort` | Xray Indexer internal port | `7002` |
| `indexer.externalPort` | Xray Indexer external port | `7002` |
| `indexer.livenessProbe` | Xray Indexer livenessProbe | See `values.yaml` |
| `indexer.readinessProbe` | Xray Indexer readinessProbe | See `values.yaml` |
| `indexer.customVolumes` | Custom volumes | |
| `indexer.customVolumeMounts` | Custom Server volumeMounts | |
| `indexer.persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` |
| `indexer.persistence.storageClass` | Storage class of backing PVC | `nil (uses default storage class annotation)` |
| `indexer.persistence.enabled` | Xray Indexer persistence volume enabled | `false` |
| `indexer.persistence.accessMode` | Xray Indexer persistence volume access mode | `ReadWriteOnce` |
| `indexer.persistence.size` | Xray Indexer persistence volume size | `50Gi` |
| `indexer.resources` | Xray Indexer resources | `{}` |
| `indexer.preStartCommand` | Xray Indexer Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `indexer.nodeSelector` | Xray Indexer node selector | `{}` |
| `indexer.affinity` | Xray Indexer node affinity | `{}` |
| `indexer.tolerations` | Xray Indexer node tolerations | `[]` |
| `persist.name` | Xray Persist name | `xray-persist` |
| `persist.image` | Xray Persist container image | `docker.bintray.io/jfrog/xray-persist` |
| `persist.annotations` | Xray Persist annotations | `{}` |
| `persist.updateStrategy` | Xray Persist update strategy | `RollingUpdate` |
| `persist.podManagementPolicy` | Xray Persist pod management policy | `Parallel` |
| `persist.internalPort` | Xray Persist internal port | `7003` |
| `persist.externalPort` | Xray Persist external port | `7003` |
| `persist.livenessProbe` | Xray Persist livenessProbe | See `values.yaml` |
| `persist.readinessProbe` | Xray Persist readinessProbe | See `values.yaml` |
| `persist.persistence.size` | Xray Persist storage size limit | `10Gi` |
| `persist.preStartCommand` | Xray Persist Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `persist.resources` | Xray Persist resources | `{}` |
| `persist.nodeSelector` | Xray Persist node selector | `{}` |
| `persist.affinity` | Xray Persist node affinity | `{}` |
| `persist.tolerations` | Xray Persist node tolerations | `[]` |
| `server.name` | Xray server name | `xray-server` |
| `server.image` | Xray server container image | `docker.bintray.io/jfrog/xray-server` |
| `server.annotations` | Xray server annotations | `{}` |
| `server.customVolumes` | Custom volumes | |
| `server.customVolumeMounts` | Custom Server volumeMounts | |
| `server.replicaCount` | Xray services replica count | `1` |
| `server.updateStrategy` | Xray server update strategy | `RollingUpdate` |
| `server.podManagementPolicy` | Xray server pod management policy | `Parallel` |
| `server.internalPort` | Xray server internal port | `8000` |
| `server.externalPort` | Xray server external port | `80` |
| `server.service.name` | Xray server service name | `xray` |
| `server.service.type` | Xray server service type | `ClusterIP` |
| `server.service.annotations` | Xray server service annotations | `{}` |
| `server.livenessProbe` | Xray server livenessProbe | See `values.yaml` |
| `server.readinessProbe` | Xray server readinessProbe | See `values.yaml` |
| `server.preStartCommand` | Xray server Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `server.resources` | Xray server resources | `{}` |
| `server.nodeSelector` | Xray server node selector | `{}` |
| `server.affinity` | Xray server node affinity | `{}` |
| `server.tolerations` | Xray server node tolerations | `[]` |
| `router.name` | Router name | `router` |
| `router.image.repository` | Container image | `docker.bintray.io/jfrog/router` |
| `router.image.version` | Container image tag | `.Chart.AppVersion` |
| `router.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `router.internalPort` | Router internal port | `8082` |
| `router.externalPort` | Router external port | `8082` |
| `router.resources.requests.memory` | Router initial memory request | |
| `router.resources.requests.cpu` | Router initial cpu request | |
| `router.resources.limits.memory` | Router memory limit | |
| `router.resources.limits.cpu` | Router cpu limit | |
| `router.livenessProbe.enabled` | Enable Router livenessProbe | `true` |
| `router.livenessProbe.config` | Router livenessProbe configuration | See `values.yaml` |
| `router.readinessProbe.enabled` | Enable Router readinessProbe | `true` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.persistence.accessMode` | Router persistence access mode | `ReadWriteOnce` |
| `router.persistence.mountPath` | Router persistence mount path | `/var/opt/jfrog/router` |
| `router.persistence.size` | Router persistence size | `5Gi` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.nodeSelector` | Router node selector | `{}` |
| `router.affinity` | Router node affinity | `{}` |
| `router.tolerations` | Router node tolerations | `[]` |
| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` |
| `filebeat.name` | filebeat container name | `xray-filebeat` |
| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` |
| `filebeat.image.version` | filebeat Docker image version | `7.5.1` |
| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` |
| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/xray/values.yaml) |
| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/xray/values.yaml) |
| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 |
| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.resources.requests.memory` | Filebeat initial memory request | |
| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | |
| `filebeat.resources.limits.memory` | Filebeat memory limit | |
| `filebeat.resources.limits.cpu` | Filebeat cpu limit | |
| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/xray/values.yaml) |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Custom volumes
If you need to use a custom volume in a custom init or sidecar container, you can use this option.
For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out
```yaml
server:
## Add custom volumes
customVolumes: |
## Custom volume comes here ##
```
## Useful links
- https://www.jfrog.com/confluence/display/XRAY/Xray+High+Availability
- https://www.jfrog.com/confluence/display/EP/Getting+Started
- https://www.jfrog.com/confluence/

76
Openshift4/helm/openshift-xray/helminstall.sh Executable file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# PreReq'd:
# helm install postgres bitnami/postgresql
# follow artifactory postgresql db setup:
# https://www.jfrog.com/confluence/display/JFROG/PostgreSQL
POSTGRES=$(helm ls | grep postgres | wc -l)
ARTIFACTORY=$(helm ls | grep artifactory | wc -l)
if [[ "$POSTGRES" =~ (0) ]]
then
echo "External DB is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Postgresql helm chart must be installed prior to installing this helm installer script."
echo ""
echo "helm install postgres bitnami/postgresql"
echo ""
echo "follow artifactory postgresql db setup:"
echo "https://www.jfrog.com/confluence/display/JFROG/PostgreSQL"
exit 1
elif [[ "$ARTIFACTORY" =~ (0) ]]
then
echo "Artifactory Instance is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Please use helm to first install Artifactory: openshift-artifactory-ha"
echo ""
echo "Then install Openshift xray helm chart once artifactory is ready."
echo ""
exit 1
else
echo "Installing Openshift Xray Helm"
fi
DBURL=""
if [[ -z "$1" ]]
then
DBURL="postgres://postgres-postgresql:5432/xraydb?sslmode=disable"
else
DBURL=$1
fi
DBUSER=""
if [[ -z "$2" ]]
then
DBUSER="artifactory"
else
DBUSER=$2
fi
DBPASS=""
if [[ -z "$3" ]]
then
DBPASS="password"
else
DBPASS=$3
fi
JFROGURL=""
if [[ -z "$4" ]]
then
# HELM
JFROGURL="http://artifactory-ha-nginx"
# OPERATOR
# JFROGURL="http://openshiftartifactoryha-nginx"
else
JFROGURL=$4
fi
# install via helm with default postgresql configuration
helm install xray . \
--set xray.database.url=$DBURL \
--set xray.database.user=$DBUSER \
--set xray.database.password=$DBPASS \
--set xray.xray.jfrogUrl=$JFROGURL \
--set xray.xray.joinKey=EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE \
--set xray.xray.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

25
Openshift4/helm/openshift-xray/rabbitmq.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: rabbitmq
name: rabbitmq
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: rabbitmq
template:
metadata:
labels:
app: rabbitmq
spec:
containers:
- image: registry.connect.redhat.com/jfrog/xray-rabbitmq:3.8.9
imagePullPolicy: "Always"
name: xray-rabbitmq
ports:
- containerPort: 4369
- containerPort: 5672
- containerPort: 15672

26
Openshift4/helm/openshift-xray/rabbitmqservice.yaml Normal file
View File

@@ -0,0 +1,26 @@
kind: Service
apiVersion: v1
metadata:
name: rabbitmq-lb
labels:
app: rabbitmq
spec:
selector:
app: rabbitmq
ports:
- name: epmd
protocol: TCP
port: 4369
targetPort: 4369
- name: ampq
protocol: TCP
port: 5672
targetPort: 5672
- name: management
protocol: TCP
port: 15672
targetPort: 25672
type: ClusterIP

6
Openshift4/helm/openshift-xray/requirements.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: xray
repository: https://charts.jfrog.io/
version: 6.0.6
digest: sha256:339b5ec4e309ce2970ed34ebc700d6fe8f436d6cbe8dd5d352f0b080401752af
generated: "2020-10-01T15:04:29.008985-07:00"

4
Openshift4/helm/openshift-xray/requirements.yaml Normal file
View File

@@ -0,0 +1,4 @@
dependencies:
- name: xray
version: 6.0.6
repository: https://charts.jfrog.io/

101
Openshift4/helm/openshift-xray/values.yaml Executable file
View File

@@ -0,0 +1,101 @@
# Openshift Jfrog Xray
xray:
unifiedUpgradeAllowed: true
replicaCount: 1
xray:
masterKey: "OVERRIDE"
joinKey: "OVERRIDE"
consoleLog: false
jfrogUrl: "OVERRIDE"
postgresql:
enabled: false
database:
url: "OVERRIDE"
user: "OVERRIDE"
password: "OVERRIDE"
common:
xrayUserId: "1000721035"
xrayGroupId: "1000721035"
analysis:
name: xray-analysis
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-analysis
tag: 3.8.8
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
preStartCommand:
indexer:
name: xray-indexer
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-indexer
tag: 3.8.8
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
persist:
name: xray-persist
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-persist
tag: 3.8.8
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
persistence:
size: 10Gi
preStartCommand:
server:
name: xray-server
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-server
tag: 3.8.8
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
replicaCount: 1
router:
name: router
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-router
tag: 1.4.3
imagePullPolicy: IfNotPresent
rabbitmq-ha:
enabled: true
replicaCount: 1
image:
repository: registry.connect.redhat.com/jfrog/xray-rabbitmq
tag: 3.8.9
rabbitmqEpmdPort: 4369
rabbitmqNodePort: 5672
rabbitmqManagerPort: 15672
rabbitmqUsername: guest
rabbitmqPassword: guest
managementUsername: management
managementPassword: management
initContainer:
enabled: false
securityContext:
fsGroup: 1000721035
runAsUser: 1000721035
runAsGroup: 1000721035
livenessProbe:
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
exec:
command:
- /bin/sh
- -c
- 'rabbitmqctl status'
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 6
exec:
command:
- /bin/sh
- -c
- 'rabbitmqctl status'