Artifactory Operator v1.1.0 published

Openshift4/operator/artifactory-ha-operator/PROJECT

@@ -1,4 +1,8 @@
 domain: jfrog.com
 layout: helm.sdk.operatorframework.io/v1
 projectName: artifactory-ha-operator
+resources:
+- group: cache
+  kind: OpenshiftArtifactoryHa
+  version: v1alpha1
 version: 3-alpha

Openshift4/operator/artifactory-ha-operator/README.md

@@ -4,6 +4,12 @@ This code base is intended to deploy Artifactory HA as an operator to an Openshi
 
 Openshift OperatorHub has the latest official supported Cluster Service Version (CSV) for the OLM catalog.
 
+# Breaking Changes
+
+```
+v1.1.0 breaks existing upgrade path due to base helm chart breaking changes
+```
+
 ## Getting Started
 
 These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
@@ -141,4 +147,4 @@ We use [SemVer](http://semver.org/) for versioning. For the versions available,
 
 ## Contact
 
-Github Issues
+Github Issues

Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/artifactory-ha-operator.v1.1.0.clusterserviceversion.yaml

@@ -108,7 +108,9 @@ spec:
         name: ''
         version: apps/v1
       version: v1alpha1
-  description: '## Overview
+  description: '## [BREAKING] Upgrades from 1.0.0 to 1.1.x currently are not supported. New installations only.
+
+    ## Overview
 
     Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift
     cluster.

Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/manifests/artifactory-ha-operator.v1.1.0.clusterserviceversion.yaml

@@ -110,7 +110,9 @@ spec:
         name: ''
         version: apps/v1
       version: v1alpha1
-  description: '## Overview
+  description: '## [BREAKING] Upgrades from 1.0.0 to 1.1.x currently are not supported. New installations only.
+
+    ## Overview
 
     Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift
     cluster.

Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/metadata/openshiftartifactoryha-operator.package.yaml

@@ -0,0 +1,5 @@
+channels:
+- currentCSV: artifactory-ha-operator.v1.1.1
+  name: alpha
+defaultChannel: ''
+packageName: openshiftartifactoryha-operator

Openshift4/operator/artifactory-ha-operator/bundle/bundle-1.1.0.Dockerfile

@@ -1,12 +1,5 @@
 FROM scratch
 
-LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
-LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
-LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
-LABEL operators.operatorframework.io.bundle.package.v1=openshiftartifactoryha-operator
-LABEL operators.operatorframework.io.bundle.channels.v1=alpha
-LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
-
 LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/

Openshift4/operator/artifactory-ha-operator/config/crd/bases/charts.helm.k8s.io_openshiftartifactoryhas_crd.yaml

@@ -0,0 +1,23 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: openshiftartifactoryhas.charts.helm.k8s.io
+spec:
+  group: charts.helm.k8s.io
+  names:
+    kind: OpenshiftArtifactoryHa
+    listKind: OpenshiftArtifactoryHaList
+    plural: openshiftartifactoryhas
+    singular: openshiftartifactoryha
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      type: object
+      x-kubernetes-preserve-unknown-fields: true
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true

Openshift4/operator/artifactory-ha-operator/config/crd/kustomization.yaml

@@ -0,0 +1,6 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/cache.jfrog.com_openshiftartifactoryhas.yaml
+# +kubebuilder:scaffold:crdkustomizeresource

Openshift4/operator/artifactory-ha-operator/config/manager/manager.yaml

@@ -1,38 +1,34 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: controller-manager
-  name: system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
-  labels:
-    control-plane: controller-manager
+  name: artifactory-ha-operator
 spec:
+  replicas: 1
   selector:
     matchLabels:
-      control-plane: controller-manager
-  replicas: 1
+      name: artifactory-ha-operator
   template:
     metadata:
       labels:
-        control-plane: controller-manager
+        name: artifactory-ha-operator
     spec:
+      serviceAccountName: artifactory-ha-operator
       containers:
-      - image: controller:latest
-        args:
-        - "--enable-leader-election"
-        - "--leader-election-id=artifactory-ha-operator"
-        name: manager
-        resources:
-          limits:
-            cpu: 100m
-            memory: 90Mi
-          requests:
-            cpu: 100m
-            memory: 60Mi
-      terminationGracePeriodSeconds: 10
+        - name: artifactory-ha-operator
+          image: registry.connect.redhat.com/jfrog/artifactory-operator
+          imagePullPolicy: Always
+          env:
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: "artifactory-ha-operator"
+            - name: RELATED_IMAGE_ARTIFACTORY_IMAGE_REPOSITORY
+              value: "registry.connect.redhat.com/jfrog/artifactory-pro"
+            - name: RELATED_IMAGE_NGINX_IMAGE_REPOSITORY
+              value: "registry.redhat.io/rhel8/nginx-116"

Openshift4/operator/artifactory-ha-operator/config/rbac/namespace.yaml

@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: jfrog-artifactory

Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit openshiftartifactoryhas.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: openshiftartifactoryha-editor-role
+rules:
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas/status
+  verbs:
+  - get

Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view openshiftartifactoryhas.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: openshiftartifactoryha-viewer-role
+rules:
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cache.jfrog.com
+  resources:
+  - openshiftartifactoryhas/status
+  verbs:
+  - get

Openshift4/operator/artifactory-ha-operator/config/rbac/project.yaml

@@ -0,0 +1,89 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  creationTimestamp: null
+  name: project-request
+objects:
+- apiVersion: project.openshift.io/v1
+  kind: Project
+  metadata:
+    annotations:
+      openshift.io/description: JFrog Artifactory
+      openshift.io/display-name: jfrog-artifactory
+      openshift.io/requester: integrations@jfrog.com
+    creationTimestamp: null
+    name: jfrog-artifactory
+  spec: {}
+  status: {}
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    annotations:
+      openshift.io/description: Allows all pods in this namespace to pull images from
+        this namespace.  It is auto-managed by a controller; remove subjects to disable.
+    creationTimestamp: null
+    name: system:image-pullers
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: system:image-puller
+  subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:serviceaccounts:jfrog-artifactory
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    annotations:
+      openshift.io/description: Allows builds in this namespace to push images to
+        this namespace.  It is auto-managed by a controller; remove subjects to disable.
+    creationTimestamp: null
+    name: system:image-builders
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: system:image-builder
+  subjects:
+  - kind: ServiceAccount
+    name: builder
+    namespace: jfrog-artifactory
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    annotations:
+      openshift.io/description: Allows deploymentconfigs in this namespace to rollout
+        pods in this namespace.  It is auto-managed by a controller; remove subjects
+        to disable.
+    creationTimestamp: null
+    name: system:deployers
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: system:deployer
+  subjects:
+  - kind: ServiceAccount
+    name: deployer
+    namespace: jfrog-artifactory
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    creationTimestamp: null
+    name: admin
+    namespace: jfrog-artifactory
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: admin
+  subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: kubeadmin
+parameters:
+- name: PROJECT_NAME
+- name: PROJECT_DISPLAYNAME
+- name: PROJECT_DESCRIPTION
+- name: PROJECT_ADMIN_USER
+- name: PROJECT_REQUESTING_USER

Openshift4/operator/artifactory-ha-operator/config/rbac/role.yaml

@@ -1,31 +1,119 @@
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-  name: manager-role
+  creationTimestamp: null
+  name: artifactory-ha-operator
 rules:
-##
-## Base operator rules
-##
-# We need to get namespaces so the operator can read namespaces to ensure they exist
 - apiGroups:
-  - ""
+    - ""
   resources:
-  - namespaces
+    - pods
+    - services
+    - services/finalizers
+    - endpoints
+    - persistentvolumeclaims
+    - events
+    - configmaps
+    - secrets
+    - serviceaccounts
   verbs:
-  - get
-# We need to manage Helm release secrets
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
 - apiGroups:
-  - ""
+    - apps
   resources:
-  - secrets
+    - deployments
+    - daemonsets
+    - replicasets
+    - statefulsets
   verbs:
-  - "*"
-# We need to create events on CRs about things happening during reconciliation
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
 - apiGroups:
-  - ""
+    - ""
   resources:
-  - events
+    - namespaces
   verbs:
-  - create
-
-# +kubebuilder:scaffold:rules
+    - get
+- apiGroups:
+    - ""
+  resourceNames:
+    - artifactory-ha-operator
+  resources:
+    - '*'
+  verbs:
+    - '*'
+- apiGroups:
+    - ""
+  resources:
+    - events
+  verbs:
+    - create
+- apiGroups:
+    - monitoring.coreos.com
+  resources:
+    - servicemonitors
+  verbs:
+    - get
+    - create
+- apiGroups:
+    - apps
+  resourceNames:
+    - artifactory-ha-operator
+  resources:
+    - deployments/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - ""
+  resources:
+    - pods
+  verbs:
+    - get
+- apiGroups:
+    - apps
+  resources:
+    - replicasets
+    - deployments
+  verbs:
+    - get
+- apiGroups:
+    - charts.helm.k8s.io
+  resources:
+    - '*'
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - networking.k8s.io
+  resources:
+    - '*'
+  verbs:
+    - '*'
+- apiGroups:
+    - policy
+  resources:
+    - '*'
+  verbs:
+    - '*'
+- apiGroups:
+    - 'rbac.authorization.k8s.io'
+  resources:
+    - '*'
+  verbs:
+    - '*'

Openshift4/operator/artifactory-ha-operator/config/rbac/role_binding.yaml

@@ -1,12 +1,11 @@
+kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
 metadata:
-  name: manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: manager-role
+  name: artifactory-ha-operator
 subjects:
 - kind: ServiceAccount
-  name: default
-  namespace: system
+  name: artifactory-ha-operator
+roleRef:
+  kind: Role
+  name: artifactory-ha-operator
+  apiGroup: rbac.authorization.k8s.io

Openshift4/operator/artifactory-ha-operator/config/rbac/service_account.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: artifactory-ha-operator

Openshift4/operator/artifactory-ha-operator/config/samples/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml

@@ -0,0 +1,97 @@
+apiVersion: charts.helm.k8s.io/v1alpha1
+kind: OpenshiftArtifactoryHa
+metadata:
+  name: openshiftartifactoryha
+spec:
+  artifactory-ha:
+    database:
+      type: "OVERRIDE"
+      driver: "OVERRIDE"
+      url: "OVERRIDE"
+      user: "OVERRIDE"
+      password: "OVERRIDE"
+    initContainerImage: registry.connect.redhat.com/jfrog/init:1.0.1
+    waitForDatabase: true
+    installerInfo: '{ "productId": "Openshift_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "ArtifactoryVersion/{{ default .Chart.AppVersion .Values.artifactory.image.version }}" }, { "featureId": "{{ if .Values.postgresql.enabled }}postgresql{{ else }}{{ .Values.database.type }}{{ end }}/0.0.0" }, { "featureId": "Platform/Openshift" }, { "featureId": "Partner/ACC-006983" }, { "featureId": "Channel/Openshift" } ] }'
+    artifactory:
+      uid: "1000721030"
+      ## Change to use RH UBI images
+      image:
+        registry: registry.connect.redhat.com
+        repository: jfrog/artifactory-pro
+        tag: 7.9.0
+      node:
+        replicaCount: 2
+        waitForPrimaryStartup:
+          enabled: false
+      masterKey: "OVERRIDE"
+      joinKey: "OVERRIDE"
+    postgresql:
+      enabled: false
+    nginx:
+      uid: "1000720104"
+      gid: "1000720107"
+      image:
+        registry: registry.redhat.io
+        repository: rhel8/nginx-116
+        tag: latest
+      ## K8S secret name for the TLS secret to be used for SSL
+      tlsSecretName: "OVERRIDE"
+      service:
+        ssloffload: false
+      http:
+        externalPort: 80
+        internalPort: 8080
+      https:
+        externalPort: 443
+        internalPort: 8443
+      mainConf: |
+        # Main Nginx configuration file
+        worker_processes  4;
+        error_log  {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn;
+        pid        /tmp/nginx.pid;
+        events {
+          worker_connections  1024;
+        }
+        http {
+          include       /etc/nginx/mime.types;
+          default_type  application/octet-stream;
+          variables_hash_max_size 1024;
+          variables_hash_bucket_size 64;
+          server_names_hash_max_size 4096;
+          server_names_hash_bucket_size 128;
+          types_hash_max_size 2048;
+          types_hash_bucket_size 64;
+          proxy_read_timeout 2400s;
+          client_header_timeout 2400s;
+          client_body_timeout 2400s;
+          proxy_connect_timeout 75s;
+          proxy_send_timeout 2400s;
+          proxy_buffer_size 32k;
+          proxy_buffers 40 32k;
+          proxy_busy_buffers_size 64k;
+          proxy_temp_file_write_size 250m;
+          proxy_http_version 1.1;
+          client_body_buffer_size 128k;
+          log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+          '$status $body_bytes_sent "$http_referer" '
+          '"$http_user_agent" "$http_x_forwarded_for"';
+          log_format timing 'ip = $remote_addr '
+          'user = \"$remote_user\" '
+          'local_time = \"$time_local\" '
+          'host = $host '
+          'request = \"$request\" '
+          'status = $status '
+          'bytes = $body_bytes_sent '
+          'upstream = \"$upstream_addr\" '
+          'upstream_time = $upstream_response_time '
+          'request_time = $request_time '
+          'referer = \"$http_referer\" '
+          'UA = \"$http_user_agent\"';
+          access_log  {{ .Values.nginx.persistence.mountPath }}/logs/access.log  timing;
+          sendfile        on;
+          #tcp_nopush     on;
+          keepalive_timeout  65;
+          #gzip  on;
+          include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
+        }

Openshift4/operator/artifactory-ha-operator/config/samples/kustomization.yaml

@@ -0,0 +1,4 @@
+## Append samples you want in your CSV to this file as resources ##
+resources:
+- cache_v1alpha1_openshiftartifactoryha.yaml
+# +kubebuilder:scaffold:manifestskustomizesamples

Openshift4/operator/artifactory-ha-operator/watches.yaml

@@ -5,4 +5,4 @@
   chart: helm-charts/openshift-artifactory-ha
   overrideValues:
     artifactory-ha.artifactory.image.override: $RELATED_IMAGE_ARTIFACTORY_IMAGE_REPOSITORY
-    artifactory-ha.nginx.image.override: $RELATED_IMAGE_NGINX_IMAGE_REPOSITORY
+    artifactory-ha.nginx.image.override: $RELATED_IMAGE_NGINX_IMAGE_REPOSITORY