zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 01:06:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Openshift Xray Helm and relocated to helm or operator folder

Browse Source
This commit is contained in:
John Peterson
2020-10-01 17:20:12 -07:00
parent 36ab48f407
commit 2cc08a26b1
149 changed files with 133 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Openshift4/operator/xray-operator/CHANGELOG.md Executable file
View File

@@ -0,0 +1,15 @@
# JFrog Openshift Xray Chart Changelog
All changes to this chart will be documented in this file.
## [3.8.0] Aug 17, 2020
* Deploying JFrog Xray 3.8.0 as an Operator into Openshift
## [3.6.2] - July 28, 2020
* Deploying JFrog Xray 3.6.2 as an Operator into Openshift
## [3.5.2] - June 29, 2020
* Deploying JFrog Xray 3.5.2 as an Operator into Openshift
## [3.3.0] - May 22, 2020
* Deploying JFrog Xray 3.3.0 as an Operator initial version of Jfrog Xray supported

8
Openshift4/operator/xray-operator/CONTRIBUTING.md Normal file
View File

@@ -0,0 +1,8 @@
# JFrog welcomes community contribution!
Before we can accept your contribution, process your GitHub pull requests, and thank you full-heartedly, we request that you will fill out and submit JFrog's Contributor License Agreement (CLA).
[Click here](https://secure.echosign.com/public/hostedForm?formid=5IYKLZ2RXB543N) to submit the JFrog CLA.
This should only take a minute to complete and is a one-time process.
*Thanks for Your Contribution to the Community!* :-)

90
Openshift4/operator/xray-operator/README.md Normal file
View File

@@ -0,0 +1,90 @@
# JFrog Xray Enterprise Operator
This code base is intended to deploy Xray as an operator to an Openshift4 cluster. You can run the operator either through the operator-sdk, operator.yaml, or the Operatorhub.
Openshift OperatorHub has the latest official supported Cluster Service Version (CSV) for the OLM catalog.
## Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
## Prerequisites
###### Openshift 4 Cluster
Available on AWS, GCP, or Azure. Follow the Cloud installer guide available here:
[Openshift 4 Installers](https://cloud.redhat.com/openshift/install)
Or run it locally using CodeReadyContainers.
[Code Ready Container Installer](https://cloud.redhat.com/openshift/install/crc/installer-provisioned)
###### Openshift 4 Command Line Tools
Download and install the Openshift command line tool: oc
[Getting Started with CLI](https://docs.openshift.com/container-platform/4.2/cli_reference/openshift_cli/getting-started-cli.html)
## Cluster Setup
###### Security Context Constraints - Anyuid
Openshift only allows statefulsets / pods to run in specific user and group id ranges.
Xray currently uses users outside of this allowed range.
For this reason the service account for the operator in the jfrog-artifactory namespace must be granted anyuid privileges.
```
oc adm policy add-scc-to-user anyuid system:serviceaccount:jfrog-artifactory:xray-operator
```
Where anyuid is the Security context constraint being applied to the service account artifactory-ha-operator in namespace jfrog-artifactory.
In addition to this the restricted scc policy will need to be changed to allow anyuid:
```
oc patch scc restricted --patch '{"fsGroup":{"type":"RunAsAny"},"runAsUser":{"type":"RunAsAny"},"seLinuxContext":{"type":"RunAsAny"}}' --type=merge
```
## Installation types
###### OLM Catalog
To install via the OLM catalog download the operator from the Operator hub and install it via the Openshift console GUI
To test OLM catalog installs you will need to deploy the lastest ClusterServiceVersion found at:
```
deploy/olm-catalog/artifactory-ha-operator/X.X.X/xray-operator.vX.X.X.clusterserviceversion.yaml
```
This will install the operator into whatever cluster your kubectl or oc program is currently logged into.
Please refer to Local Testing section below for full instructions.
###### Operator YAML
To install the operator via the Operator YAML follow the Local Testing tests.
Instead of running operator-sdk up local for the last step run:
```
oc apply -f deploy/operator.yaml
```
This will deploy the operator into the cluster.
###### Operator-sdk local
Run:
```
cd JFrog-Cloud-Installers/Openshift4/xray-operator
operator-sdk up local
```
## Contributing
Please read [CONTRIBUTING.md](JFrog-Cloud-Installers/Openshift4/xray-operator/CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.
## Versioning
We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/jfrog/JFrog-Cloud-Installers/tags).
## Contact
Github Issues

11
Openshift4/operator/xray-operator/build/Dockerfile Normal file
View File

@@ -0,0 +1,11 @@
FROM quay.io/operator-framework/helm-operator:v0.16.0
LABEL name="JFrog Xray Enterprise Operator" \
description="Openshift operator to deploy JFrog Xray Enterprise based on the Red Hat Universal Base Image." \
vendor="JFrog" \
summary="JFrog Xray Enterprise Operator" \
com.jfrog.license_terms="https://jfrog.com/xray/eula/"
COPY licenses/ /licenses
COPY watches.yaml ${HOME}/watches.yaml
COPY helm-charts/ ${HOME}/helm-charts/

23
Openshift4/operator/xray-operator/bundle/openshiftxray-operator.crd.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: openshiftxrays.charts.helm.k8s.io
spec:
group: charts.helm.k8s.io
names:
kind: OpenshiftXray
listKind: OpenshiftXrayList
plural: openshiftxrays
singular: openshiftxray
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

4
Openshift4/operator/xray-operator/bundle/openshiftxray-operator.package.yaml Normal file
View File

@@ -0,0 +1,4 @@
packageName: openshiftxray-operator
channels:
- name: alpha
currentCSV: xray-operator.v1.0.3

340
Openshift4/operator/xray-operator/bundle/xray-operator.v1.0.0.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

341
Openshift4/operator/xray-operator/bundle/xray-operator.v1.0.1.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

341
Openshift4/operator/xray-operator/bundle/xray-operator.v1.0.2.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

376
Openshift4/operator/xray-operator/bundle/xray-operator.v1.0.3.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

23
Openshift4/operator/xray-operator/deploy/crds/charts.helm.k8s.io_openshiftxrays_crd.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: openshiftxrays.charts.helm.k8s.io
spec:
group: charts.helm.k8s.io
names:
kind: OpenshiftXray
listKind: OpenshiftXrayList
plural: openshiftxrays
singular: openshiftxray
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

69
Openshift4/operator/xray-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftxray_cr.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: charts.helm.k8s.io/v1alpha1
kind: OpenshiftXray
metadata:
name: openshiftxray
spec:
xray:
analysis:
image:
repository: registry.connect.redhat.com/jfrog/xray-analysis
version: 3.3.0
name: xray-analysis
podManagementPolicy: Parallel
preStartCommand: null
updateStrategy: RollingUpdate
database:
password: OVERRIDE
url: OVERRIDE
user: OVERRIDE
global:
postgresqlTlsSecret: null
indexer:
image:
repository: registry.connect.redhat.com/jfrog/xray-indexer
version: 3.3.0
name: xray-indexer
podManagementPolicy: Parallel
updateStrategy: RollingUpdate
persist:
image:
repository: registry.connect.redhat.com/jfrog/xray-persist
version: 3.3.0
name: xray-persist
persistence:
size: 10Gi
podManagementPolicy: Parallel
preStartCommand: null
updateStrategy: RollingUpdate
postgresql:
enabled: false
rabbitmq-ha:
enabled: true
image:
repository: registry.connect.redhat.com/jfrog/xray-rabbitmq
tag: 3.8.0
rabbitmqEpmdPort: 4369
rabbitmqManagerPort: 15672
rabbitmqNodePort: 5672
replicaCount: 1
replicaCount: 1
router:
image:
imagePullPolicy: IfNotPresent
repository: registry.connect.redhat.com/jfrog/xray-router
version: 1.2.1
name: router
server:
image:
repository: registry.connect.redhat.com/jfrog/xray-server
version: 3.3.0
name: xray-server
podManagementPolicy: Parallel
replicaCount: 1
updateStrategy: RollingUpdate
xray:
consoleLog: false
jfrogUrl: OVERRIDE
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

340
Openshift4/operator/xray-operator/deploy/olm-catalog/xray-operator/1.0.0/xray-operator.v1.0.0.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

341
Openshift4/operator/xray-operator/deploy/olm-catalog/xray-operator/1.0.1/xray-operator.v1.0.1.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

341
Openshift4/operator/xray-operator/deploy/olm-catalog/xray-operator/1.0.2/xray-operator.v1.0.2.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

376
Openshift4/operator/xray-operator/deploy/olm-catalog/xray-operator/1.0.3/xray-operator.v1.0.3.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

5
Openshift4/operator/xray-operator/deploy/olm-catalog/xray-operator/xray-operator.package.yaml Normal file
View File

@@ -0,0 +1,5 @@
channels:
- currentCSV: xray-operator.v1.0.0
name: alpha
defaultChannel: alpha
packageName: xray-operator

42
Openshift4/operator/xray-operator/deploy/operator.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: xray-operator
spec:
replicas: 1
selector:
matchLabels:
name: xray-operator
template:
metadata:
labels:
name: xray-operator
spec:
serviceAccountName: xray-operator
containers:
- name: xray-operator
image: registry.connect.redhat.com/jfrog/xray-operator
imagePullPolicy: Always
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "xray-operator"
- name: RELATED_IMAGE_XRAY_SERVER_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/xray-server"
- name: RELATED_IMAGE_XRAY_ANALYSIS_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/xray-analysis"
- name: RELATED_IMAGE_XRAY_PERSIST_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/xray-persist"
- name: RELATED_IMAGE_XRAY_INDEXER_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/xray-indexer"
- name: RELATED_IMAGE_XRAY_ROUTER_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/xray-router"
- name: RELATED_IMAGE_XRAY_RABBITMQ_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/xray-rabbitmq"

119
Openshift4/operator/xray-operator/deploy/role.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: xray-operator
rules:
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resourceNames:
- xray-operator
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- xray-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- apiGroups:
- charts.helm.k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- policy
resources:
- '*'
verbs:
- '*'
- apiGroups:
- 'rbac.authorization.k8s.io'
resources:
- '*'
verbs:
- '*'

11
Openshift4/operator/xray-operator/deploy/role_binding.yaml Normal file
View File

@@ -0,0 +1,11 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: xray-operator
subjects:
- kind: ServiceAccount
name: xray-operator
roleRef:
kind: Role
name: xray-operator
apiGroup: rbac.authorization.k8s.io

4
Openshift4/operator/xray-operator/deploy/service_account.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: xray-operator

10
Openshift4/operator/xray-operator/deploy/subscription.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: xray-operator
namespace: jfrog-artifactory
spec:
channel: alpha
name: xray-operator
source: xray-operator-csc
sourceNamespace: openshift-operators

11
Openshift4/operator/xray-operator/helm-charts/openshift-xray/CHANGELOG.md Normal file
View File

@@ -0,0 +1,11 @@
# JFrog Openshift Artifactory-Xray Chart Changelog
All changes to this chart will be documented in this file.
## [4.2.0] Aug 17, 2020
* Updating to Xray chart version 4.2.0 and Xray app version 3.8.0
## [4.1.2] July 28, 2020
* Updating to Xray chart version 4.1.2 and Xray app version 3.6.2
## [3.5.1] June 29, 2020
* Updating to Xray chart version 3.5.1 and Xray app version 3.5.2

17
Openshift4/operator/xray-operator/helm-charts/openshift-xray/Chart.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
appVersion: 3.8.0
description: Universal component scan for security and license inventory and impact
analysis
keywords:
- xray
- jfrog
maintainers:
- email: vinaya@jfrog.com
name: Vinay Aggarwal
- email: johnp@jfrog.com
name: John Peterson
name: openshift-xray
sources:
- https://bintray.com/jfrog/product/xray/view
- https://github.com/jfrog/charts
version: 4.2.0

201
Openshift4/operator/xray-operator/helm-charts/openshift-xray/LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

509
Openshift4/operator/xray-operator/helm-charts/openshift-xray/README.md Normal file
View File

@@ -0,0 +1,509 @@
# JFrog Xray HA on Kubernetes Helm Chart
## Openshift
The Xray chart has been made a subchart of this chart.
Note due to this change we now reference values through the subchart name as shown below:
original:
```
xray.jfrogUrl
```
now:
```
xray.xray.jfrogUrl
```
This is due to helm referencing the value through the subchart named xray now.
## Prerequisites Details
* Kubernetes 1.12+
## Chart Details
This chart will do the following:
* Optionally deploy PostgreSQL
* Deploy RabbitMQ (optionally as an HA cluster)
* Deploy JFrog Xray micro-services
## Requirements
- A running Kubernetes cluster
- Dynamic storage provisioning enabled
- Default StorageClass set to allow services using the default StorageClass for persistent storage
- A running Artifactory
- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed and setup to use the cluster
- [Helm](https://helm.sh/) v2 or v3 installed
## Install JFrog Xray
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
#### Artifactory Connection Details
In order to connect Xray to your Artifactory installation, you have to use a Join Key, hence it is *MANDATORY* to provide a Join Key and Jfrog Url to your Xray installation. Here's how you do that:
Retrieve the connection details of your Artifactory installation, from the UI - https://www.jfrog.com/confluence/display/JFROG/General+Security+Settings#GeneralSecuritySettings-ViewingtheJoinKey.
#### Initiate Installation
Provide join key and jfrog url as a parameter to the Xray chart installation:
```bash
helm upgrade --install --set xray.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY> \
--set xray.jfrogUrl=<YOUR_PREVIOUSLY_RETIREVED_BASE_URL> --namespace xray jfrog/xray
```
Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time.
```bash
# Create a secret containing the key. The key in the secret must be named join-key
kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>
# Pass the created secret to helm
helm upgrade --install --set xray.joinKeySecretName=my-secret --namespace xray jfrog/xray
```
**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set xray.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>`. In the second, this means always passing `--set xray.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
### System Configuration
Xray uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage.
## Status
See the status of your deployed **helm** releases
```bash
helm status xray
```
## Upgrade
To upgrade an existing Xray, you still use **helm**
```bash
# Update existing deployed version to 2.1.2
helm upgrade --set common.xrayVersion=2.1.2 jfrog/xray
```
If Xray was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/xray --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD}
```
If Xray was installed without providing a value to rabbitmq.rabbitmqPassword/rabbitmq-ha.rabbitmqPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
RABBITMQ_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/xray --set rabbitmq.rabbitmqPassword=${RABBITMQ_PASSWORD}/rabbitmq-ha.rabbitmqPassword=${RABBITMQ_PASSWORD}
```
If Xray was installed with all of the default values (e.g. with no user-provided values for rabbit/postgres), follow these steps:
1. Retrieve all current passwords (rabbitmq/postgresql) as explained in the above section.
2. Upgrade the release by passing the previously auto-generated secrets:
```bash
helm upgrade --install xray --namespace xray jfrog/xray --set rabbitmq-ha.rabbitmqPassword=<rabbit-password> --set postgresql.postgresqlPassword=<postgresql-password>
```
## Remove
Removing a **helm** release is done with
```bash
# Remove the Xray services and data tools
#On helm v2:
helm delete --purge xray
#On helm v3:
helm delete xray --namespace xray
# Remove the data disks
kubectl delete pvc -l release=xray
```
### Deploying Xray for small/medium/large instllations
In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml
### Create a unique Master Key
JFrog Xray requires a unique master key to be used by all micro-services in the same cluster. By default the chart has one set in values.yaml (`xray.masterKey`).
**This key is for demo purpose and should not be used in a production environment!**
You should generate a unique one and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Pass the created master key to helm
helm upgrade --install --set xray.masterKey=${MASTER_KEY} --namespace xray jfrog/xray
```
Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY}
# Pass the created secret to helm
helm upgrade --install xray --set xray.masterKeySecretName=my-secret --namespace xray jfrog/xray
```
**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set xray.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set xray.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
## Special deployments
This is a list of special use cases for non-standard deployments
### High Availability
For **high availability** of Xray, set the replica count to be equal or higher than **2**. Recommended is **3**.
> It is highly recommended to also set **RabbitMQ** to run as an HA cluster.
```bash
# Start Xray with 3 replicas per service and 3 replicas for RabbitMQ
helm upgarde --install xray --namespace xray --set server.replicaCount=3 jfrog/xray
```
### External Databases
There is an option to use external PostgreSQL database for your Xray.
#### PostgreSQL
##### PostgreSQL without TLS
To use an external **PostgreSQL**, you need to disable the use of the bundled **PostgreSQL** and set a custom **PostgreSQL** connection URL.
For this, pass the parameters: `postgresql.enabled=false` and `database.url=${XRAY_POSTGRESQL_CONN_URL}`.
**IMPORTANT:** Make sure the DB is already created before deploying Xray services
```bash
# Passing a custom PostgreSQL to Xray
# Example
export POSTGRESQL_HOST=custom-postgresql-host
export POSTGRESQL_PORT=5432
export POSTGRESQL_USER=xray
export POSTGRESQL_PASSWORD=password2_X
export POSTGRESQL_DATABASE=xraydb
export XRAY_POSTGRESQL_CONN_URL="postgres://${POSTGRESQL_HOST}:${POSTGRESQL_PORT}/${POSTGRESQL_DATABASE}?sslmode=disable"
helm upgrade --install xray --namespace xray \
--set postgresql.enabled=false \
--set database.url="${XRAY_POSTGRESQL_CONN_URL}" \
--set database.user="${POSTGRESQL_USER}" \
--set database.password="${POSTGRESQL_PASSWORD}" \
jfrog/xray
```
##### PostgreSQL with TLS
If external **PostgreSQL** is set with TLS, you need to disable the use of the bundled **PostgreSQL**, set a custom **PostgreSQL** connection URL and provide a secret with **PostgreSQL** TLS certificates.
Create the Kubernetes secret (assuming the local files are `client-cert.pem client-key.pem server-ca.pem`)
```bash
kubectl create secret generic postgres-tls --from-file=client-key.pem --from-file=client-cert.pem --from-file=server-ca.pem
```
**IMPORTANT:** `PostgreSQL` connection URL needs to have listed TLS files with the path `/var/opt/jfrog/xray/data/tls/`
and `sslmode==verify-ca` otherwise Xray will fail to connect to Postgres.
```bash
# Passing a custom PostgreSQL with TLS to Xray
# Example
export POSTGRESQL_HOST=custom-postgresql-host
export POSTGRESQL_PORT=5432
export POSTGRESQL_USER=xray
export POSTGRESQL_PASSWORD=password2_X
export POSTGRESQL_DATABASE=xraydb
export POSTGRESQL_SERVER_CA=server-ca.pem
export POSTGRESQL_CLIENT_CERT=client-key.pem
export POSTGRESQL_CLIENT_KEY=client-cert.pem
export POSTGRESQL_TLS_SECRET=postgres-tls
export XRAY_POSTGRESQL_CONN_URL="postgres://${POSTGRESQL_HOST}:${POSTGRESQL_PORT}/${POSTGRESQL_DATABASE}?sslrootcert=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_SERVER_CA}&sslkey=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_CLIENT_KEY}&sslcert=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_CLIENT_CERT}&sslmode=verify-ca"
helm upgrade --install xray --namespace xray \
--set postgresql.enabled=false \
--set database.url="${XRAY_POSTGRESQL_CONN_URL}" \
--set database.user="${POSTGRESQL_USER}" \
--set database.password="${POSTGRESQL_PASSWORD}" \
jfrog/xray
```
### Custom init containers
There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container.
For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out
```yaml
common:
## Add custom init containers executed before predefined init containers
customInitContainersBegin: |
## Init containers template goes here ##
## Add custom init containers executed after predefined init containers
customInitContainers: |
## Init containers template goes here ##
```
## Configuration
The following table lists the configurable parameters of the xray chart and their default values.
| Parameter | Description | Default |
|------------------------------|--------------------------------------------------|------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `imagePullPolicy` | Container pull policy | `IfNotPresent` |
| `initContainerImage` | Init container image | `alpine:3.6` |
| `xray.jfrogUrl` | Main Artifactory URL, without the `/artifactory` prefix .Mandatory | |
| `xray.persistence.mountPath` | Xray persistence mount path | `/var/opt/jfrog/xray` |
| `xray.masterKey` | Xray Master Key (Can be generated with `openssl rand -hex 32`) | `` |
| `xray.masterKeySecretName` | Xray Master Key secret name | |
| `xray.joinKey` | Xray Join Key to connect to Artifactory . Mandatory | `` |
| `xray.joinKeySecretName` | Xray Join Key secret name | |
| `xray.systemYaml` | Xray system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Xray+System+YAML | |
| `xray.autoscaling.enabled` | Enable Xray Pods autoscaling using `HorizontalPodAutoscaler` | `false` |
| `xray.autoscaling.minReplicas` | Minimum number of Xray replicas | `1` |
| `xray.autoscaling.maxReplicas` | Maximum number of Xray replicas | `1` |
| `xray.autoscaling.targetCPUUtilizationPercentage` | CPU usage percentage that will trigger autoscaling | `50` |
| `xray.autoscaling.targetMemoryUtilizationPercentage` | Memory usage percentage that will trigger autoscaling | `75` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created| `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.image.registry` | PostgreSQL Docker image registry | `docker.bintray.io` |
| `postgresql.image.repository` | PostgreSQL Docker image repository | `bitnami/postgresql` |
| `postgresql.image.tag` | PostgreSQL Docker image tag | `9.6.15-debian-9-r91` |
| `postgresql.postgresqlUsername` | PostgreSQL database user | `xray` |
| `postgresql.postgresqlPassword` | PostgreSQL database password | ` ` |
| `postgresql.postgresqlDatabase` | PostgreSQL database name | `xraydb` |
| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` |
| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `500` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.persistence.existingClaim` | PostgreSQL name of existing Persistent Volume Claim to use | ` ` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `postgresql.nodeSelector` | PostgreSQL node selector | `{}` |
| `postgresql.affinity` | PostgreSQL node affinity | `{}` |
| `postgresql.tolerations` | PostgreSQL node tolerations | `[]` |
| `database.url` | External database connection URL | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
| `database.secrets.url.name` | External database url `Secret` name | |
| `database.secrets.url.key` | External database url `Secret` key | |
| `rabbitmq.enabled` | RabbitMQ enabled uses rabbitmq | `false` |
| `rabbitmq.replicas` | RabbitMQ replica count | `1` |
| `rabbitmq.rbacEnabled` | If true, create & use RBAC resources | `true` |
| `rabbitmq.rabbitmq.username` | RabbitMQ application username | `guest` |
| `rabbitmq.rabbitmq.password` | RabbitMQ application password | |
| `rabbitmq.rabbitmq.existingPasswordSecret` | RabbitMQ existingPasswordSecret | |
| `rabbitmq.rabbitmq.erlangCookie` | RabbitMQ Erlang cookie | `XRAYRABBITMQCLUSTER`|
| `rabbitmq.service.nodePort` | RabbitMQ node port | `5672` |
| `rabbitmq.persistence.enabled` | If `true`, persistent volume claims are created | `true` |
| `rabbitmq.persistence.accessMode` | RabbitMQ persistent volume claims access mode | `ReadWriteOnce` |
| `rabbitmq.persistence.size` | RabbitMQ Persistent volume size | `20Gi` |
| `rabbitmq-ha.enabled` | RabbitMQ enabled uses rabbitmq-ha | `true` |
| `rabbitmq-ha.replicaCount` | RabbitMQ Number of replica | `1` |
| `rabbitmq-ha.rabbitmqUsername` | RabbitMQ application username | `guest` |
| `rabbitmq-ha.rabbitmqPassword` | RabbitMQ application password | ` ` |
| `rabbitmq-ha.existingSecret` | RabbitMQ existingSecret | ` ` |
| `rabbitmq-ha.rabbitmqErlangCookie` | RabbitMQ Erlang cookie | `XRAYRABBITMQCLUSTER`|
| `rabbitmq-ha.rabbitmqMemoryHighWatermark` | RabbitMQ Memory high watermark | `500MB` |
| `rabbitmq-ha.persistentVolume.enabled` | If `true`, persistent volume claims are created | `true` |
| `rabbitmq-ha.persistentVolume.size` | RabbitMQ Persistent volume size | `20Gi` |
| `rabbitmq-ha.rbac.create` | If true, create & use RBAC resources | `true` |
| `rabbitmq-ha.nodeSelector` | RabbitMQ node selector | `{}` |
| `rabbitmq-ha.tolerations` | RabbitMQ node tolerations | `[]` |
| `common.xrayVersion` | Xray image tag | `.Chart.AppVersion` |
| `common.preStartCommand` | Xray Custom command to run before startup. Runs BEFORE any microservice-specific preStartCommand | |
| `common.xrayUserId` | Xray User Id | `1035` |
| `common.xrayGroupId` | Xray Group Id | `1035` |
| `common.persistence.enabled` | Xray common persistence volume enabled | `false` |
| `common.persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` |
| `common.persistence.storageClass` | Storage class of backing PVC | `nil (uses default storage class annotation)` |
| `common.persistence.accessMode` | Xray common persistence volume access mode | `ReadWriteOnce` |
| `common.persistence.size` | Xray common persistence volume size | `50Gi` |
| `xray.systemYaml` | Xray system configuration (`system.yaml`) | `see values.yaml` |
| `common.customInitContainersBegin` | Custom init containers to run before existing init containers | ` ` |
| `common.customInitContainers` | Custom init containers to run after existing init containers | ` ` |
| `common.xrayConfig` | Additional xray yaml configuration to be written to xray_config.yaml file | See [values.yaml](stable/xray/values.yaml) |
| `database.url` | Xray external PostgreSQL URL | ` ` |
| `global.postgresqlTlsSecret` | Xray external PostgreSQL TLS files secret | ` ` |
| `analysis.name` | Xray Analysis name | `xray-analysis` |
| `analysis.image` | Xray Analysis container image | `docker.bintray.io/jfrog/xray-analysis` |
| `analysis.updateStrategy` | Xray Analysis update strategy | `RollingUpdate` |
| `analysis.podManagementPolicy` | Xray Analysis pod management policy | `Parallel` |
| `analysis.internalPort` | Xray Analysis internal port | `7000` |
| `analysis.externalPort` | Xray Analysis external port | `7000` |
| `analysis.livenessProbe` | Xray Analysis livenessProbe | See `values.yaml` |
| `analysis.readinessProbe` | Xray Analysis readinessProbe | See `values.yaml` |
| `analysis.persistence.size` | Xray Analysis storage size limit | `10Gi` |
| `analysis.resources` | Xray Analysis resources | `{}` |
| `analysis.preStartCommand` | Xray Analysis Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `analysis.nodeSelector` | Xray Analysis node selector | `{}` |
| `analysis.affinity` | Xray Analysis node affinity | `{}` |
| `analysis.tolerations` | Xray Analysis node tolerations | `[]` |
| `analysis.annotations` | Xray Analysis annotations | `{}` |
| `indexer.name` | Xray Indexer name | `xray-indexer` |
| `indexer.image` | Xray Indexer container image | `docker.bintray.io/jfrog/xray-indexer` |
| `indexer.annotations` | Xray Indexer annotations | `{}` |
| `indexer.updateStrategy` | Xray Indexer update strategy | `RollingUpdate` |
| `indexer.podManagementPolicy` | Xray Indexer pod management policy | `Parallel` |
| `indexer.internalPort` | Xray Indexer internal port | `7002` |
| `indexer.externalPort` | Xray Indexer external port | `7002` |
| `indexer.livenessProbe` | Xray Indexer livenessProbe | See `values.yaml` |
| `indexer.readinessProbe` | Xray Indexer readinessProbe | See `values.yaml` |
| `indexer.customVolumes` | Custom volumes | |
| `indexer.customVolumeMounts` | Custom Server volumeMounts | |
| `indexer.persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` |
| `indexer.persistence.storageClass` | Storage class of backing PVC | `nil (uses default storage class annotation)` |
| `indexer.persistence.enabled` | Xray Indexer persistence volume enabled | `false` |
| `indexer.persistence.accessMode` | Xray Indexer persistence volume access mode | `ReadWriteOnce` |
| `indexer.persistence.size` | Xray Indexer persistence volume size | `50Gi` |
| `indexer.resources` | Xray Indexer resources | `{}` |
| `indexer.preStartCommand` | Xray Indexer Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `indexer.nodeSelector` | Xray Indexer node selector | `{}` |
| `indexer.affinity` | Xray Indexer node affinity | `{}` |
| `indexer.tolerations` | Xray Indexer node tolerations | `[]` |
| `persist.name` | Xray Persist name | `xray-persist` |
| `persist.image` | Xray Persist container image | `docker.bintray.io/jfrog/xray-persist` |
| `persist.annotations` | Xray Persist annotations | `{}` |
| `persist.updateStrategy` | Xray Persist update strategy | `RollingUpdate` |
| `persist.podManagementPolicy` | Xray Persist pod management policy | `Parallel` |
| `persist.internalPort` | Xray Persist internal port | `7003` |
| `persist.externalPort` | Xray Persist external port | `7003` |
| `persist.livenessProbe` | Xray Persist livenessProbe | See `values.yaml` |
| `persist.readinessProbe` | Xray Persist readinessProbe | See `values.yaml` |
| `persist.persistence.size` | Xray Persist storage size limit | `10Gi` |
| `persist.preStartCommand` | Xray Persist Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `persist.resources` | Xray Persist resources | `{}` |
| `persist.nodeSelector` | Xray Persist node selector | `{}` |
| `persist.affinity` | Xray Persist node affinity | `{}` |
| `persist.tolerations` | Xray Persist node tolerations | `[]` |
| `server.name` | Xray server name | `xray-server` |
| `server.image` | Xray server container image | `docker.bintray.io/jfrog/xray-server` |
| `server.annotations` | Xray server annotations | `{}` |
| `server.customVolumes` | Custom volumes | |
| `server.customVolumeMounts` | Custom Server volumeMounts | |
| `server.replicaCount` | Xray services replica count | `1` |
| `server.updateStrategy` | Xray server update strategy | `RollingUpdate` |
| `server.podManagementPolicy` | Xray server pod management policy | `Parallel` |
| `server.internalPort` | Xray server internal port | `8000` |
| `server.externalPort` | Xray server external port | `80` |
| `server.service.name` | Xray server service name | `xray` |
| `server.service.type` | Xray server service type | `ClusterIP` |
| `server.service.annotations` | Xray server service annotations | `{}` |
| `server.livenessProbe` | Xray server livenessProbe | See `values.yaml` |
| `server.readinessProbe` | Xray server readinessProbe | See `values.yaml` |
| `server.preStartCommand` | Xray server Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `server.resources` | Xray server resources | `{}` |
| `server.nodeSelector` | Xray server node selector | `{}` |
| `server.affinity` | Xray server node affinity | `{}` |
| `server.tolerations` | Xray server node tolerations | `[]` |
| `router.name` | Router name | `router` |
| `router.image.repository` | Container image | `docker.bintray.io/jfrog/router` |
| `router.image.version` | Container image tag | `.Chart.AppVersion` |
| `router.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `router.internalPort` | Router internal port | `8082` |
| `router.externalPort` | Router external port | `8082` |
| `router.resources.requests.memory` | Router initial memory request | |
| `router.resources.requests.cpu` | Router initial cpu request | |
| `router.resources.limits.memory` | Router memory limit | |
| `router.resources.limits.cpu` | Router cpu limit | |
| `router.livenessProbe.enabled` | Enable Router livenessProbe | `true` |
| `router.livenessProbe.config` | Router livenessProbe configuration | See `values.yaml` |
| `router.readinessProbe.enabled` | Enable Router readinessProbe | `true` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.persistence.accessMode` | Router persistence access mode | `ReadWriteOnce` |
| `router.persistence.mountPath` | Router persistence mount path | `/var/opt/jfrog/router` |
| `router.persistence.size` | Router persistence size | `5Gi` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.nodeSelector` | Router node selector | `{}` |
| `router.affinity` | Router node affinity | `{}` |
| `router.tolerations` | Router node tolerations | `[]` |
| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` |
| `filebeat.name` | filebeat container name | `xray-filebeat` |
| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` |
| `filebeat.image.version` | filebeat Docker image version | `7.5.1` |
| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` |
| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/xray/values.yaml) |
| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/xray/values.yaml) |
| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 |
| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.resources.requests.memory` | Filebeat initial memory request | |
| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | |
| `filebeat.resources.limits.memory` | Filebeat memory limit | |
| `filebeat.resources.limits.cpu` | Filebeat cpu limit | |
| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/xray/values.yaml) |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Custom volumes
If you need to use a custom volume in a custom init or sidecar container, you can use this option.
For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out
```yaml
server:
## Add custom volumes
customVolumes: |
## Custom volume comes here ##
```
## Useful links
- https://www.jfrog.com/confluence/display/XRAY/Xray+High+Availability
- https://www.jfrog.com/confluence/display/EP/Getting+Started
- https://www.jfrog.com/confluence/

71
Openshift4/operator/xray-operator/helm-charts/openshift-xray/helminstall.sh Normal file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/env bash
# PreReq'd:
# helm install postgres bitnami/postgresql
# follow artifactory postgresql db setup:
# https://www.jfrog.com/confluence/display/JFROG/PostgreSQL
POSTGRES=$(helm ls | grep postgres | wc -l)
ARTIFACTORY=$(helm ls | grep artifactory | wc -l)
if [[ "$POSTGRES" =~ (0) ]]
then
echo "External DB is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Postgresql helm chart must be installed prior to installing this helm installer script."
echo ""
echo "helm install postgres bitnami/postgresql"
echo ""
echo "follow artifactory postgresql db setup:"
echo "https://www.jfrog.com/confluence/display/JFROG/PostgreSQL"
exit 1
elif [[ "$ARTIFACTORY" =~ (0) ]]
then
echo "Artifactory Instance is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Please use helm to first install Artifactory: openshift-artifactory-ha"
echo ""
echo "Then install Openshift xray helm chart once artifactory is ready."
echo ""
exit 1
else
echo "Installing Openshift Xray Helm"
fi
DBURL=""
if [[ -z "$1" ]]
then
DBURL="postgres://postgres-postgresql:5432/xraydb?sslmode=disable"
else
DBURL=$1
fi
DBUSER=""
if [[ -z "$2" ]]
then
DBUSER="artifactory"
else
DBUSER=$2
fi
DBPASS=""
if [[ -z "$3" ]]
then
DBPASS="password"
else
DBPASS=$3
fi
JFROGURL=""
if [[ -z "$4" ]]
then
JFROGURL="http://openshiftartifactoryha-nginx"
else
JFROGURL=$4
fi
# install via helm with default postgresql configuration
helm install xray . \
--set xray.database.url=$DBURL \
--set xray.database.user=$DBUSER \
--set xray.database.password=$DBPASS \
--set xray.xray.jfrogUrl=$JFROGURL

25
Openshift4/operator/xray-operator/helm-charts/openshift-xray/rabbitmq.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: rabbitmq
name: rabbitmq
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: rabbitmq
template:
metadata:
labels:
app: rabbitmq
spec:
containers:
- image: quay.io/jfrog/xray-rabbitmq-rh:3.8.0
imagePullPolicy: "Always"
name: xray-rabbitmq
ports:
- containerPort: 4369
- containerPort: 5672
- containerPort: 25672

26
Openshift4/operator/xray-operator/helm-charts/openshift-xray/rabbitmqservice.yaml Normal file
View File

@@ -0,0 +1,26 @@
kind: Service
apiVersion: v1
metadata:
name: rabbitmq-lb
labels:
app: rabbitmq
spec:
selector:
app: rabbitmq
ports:
- name: port1
protocol: TCP
port: 4369
targetPort: 4369
- name: port3
protocol: TCP
port: 5672
targetPort: 5672
- name: port4
protocol: TCP
port: 25672
targetPort: 25672
type: ClusterIP

6
Openshift4/operator/xray-operator/helm-charts/openshift-xray/requirements.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: xray
repository: https://charts.jfrog.io/
version: 4.2.0
digest: sha256:5e016b3e02e80668003980f2e0399f152f7d83e39957813db3aa3efa9651474f
generated: "2020-08-17T14:49:47.771127-07:00"

4
Openshift4/operator/xray-operator/helm-charts/openshift-xray/requirements.yaml Normal file
View File

@@ -0,0 +1,4 @@
dependencies:
- name: xray
version: 4.2.0
repository: https://charts.jfrog.io/

64
Openshift4/operator/xray-operator/helm-charts/openshift-xray/values.yaml Normal file
View File

@@ -0,0 +1,64 @@
xray:
analysis:
image:
repository: registry.connect.redhat.com/jfrog/xray-analysis
version: 3.6.2
name: xray-analysis
podManagementPolicy: Parallel
preStartCommand: null
updateStrategy: RollingUpdate
database:
password: OVERRIDE
url: OVERRIDE
user: OVERRIDE
global:
postgresqlTlsSecret: null
indexer:
image:
repository: registry.connect.redhat.com/jfrog/xray-indexer
version: 3.6.2
name: xray-indexer
podManagementPolicy: Parallel
updateStrategy: RollingUpdate
persist:
image:
repository: registry.connect.redhat.com/jfrog/xray-persist
version: 3.6.2
name: xray-persist
persistence:
size: 10Gi
podManagementPolicy: Parallel
preStartCommand: null
updateStrategy: RollingUpdate
postgresql:
enabled: false
rabbitmq-ha:
enabled: true
image:
repository: registry.connect.redhat.com/jfrog/xray-rabbitmq
tag: 3.8.0
rabbitmqEpmdPort: 4369
rabbitmqManagerPort: 15672
rabbitmqNodePort: 5672
replicaCount: 1
replicaCount: 1
router:
image:
imagePullPolicy: IfNotPresent
repository: registry.connect.redhat.com/jfrog/xray-router
version: 1.4.2
name: router
server:
image:
repository: registry.connect.redhat.com/jfrog/xray-server
version: 3.6.2
name: xray-server
podManagementPolicy: Parallel
replicaCount: 1
updateStrategy: RollingUpdate
unifiedUpgradeAllowed: true
xray:
consoleLog: false
jfrogUrl: OVERRIDE
joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

202
Openshift4/operator/xray-operator/licenses/LICENSE Executable file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

5
Openshift4/operator/xray-operator/watches.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
- version: v1alpha1
group: charts.helm.k8s.io
kind: OpenshiftXray
chart: helm-charts/openshift-xray