zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 09:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

Artifactory Operator v1.1.0 published

Browse Source
This commit is contained in:
John Peterson
2020-10-02 20:25:06 -07:00
parent c49b583510
commit 2cdddcf59d
21 changed files with 1912 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Openshift4/operator/artifactory-ha-operator/PROJECT
View File

@@ -1,4 +1,8 @@
domain: jfrog.com domain: jfrog.com
layout: helm.sdk.operatorframework.io/v1 layout: helm.sdk.operatorframework.io/v1
projectName: artifactory-ha-operator projectName: artifactory-ha-operator
resources:
- group: cache
kind: OpenshiftArtifactoryHa
version: v1alpha1
version: 3-alpha version: 3-alpha

6
Openshift4/operator/artifactory-ha-operator/README.md
View File

@@ -4,6 +4,12 @@ This code base is intended to deploy Artifactory HA as an operator to an Openshi
Openshift OperatorHub has the latest official supported Cluster Service Version (CSV) for the OLM catalog. Openshift OperatorHub has the latest official supported Cluster Service Version (CSV) for the OLM catalog.
# Breaking Changes
```
v1.1.0 breaks existing upgrade path due to base helm chart breaking changes
```
## Getting Started ## Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system. These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

4
Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/artifactory-ha-operator.v1.1.0.clusterserviceversion.yaml
View File

@@ -108,7 +108,9 @@ spec:
name: '' name: ''
version: apps/v1 version: apps/v1
version: v1alpha1 version: v1alpha1
description: '## Overview description: '## [BREAKING] Upgrades from 1.0.0 to 1.1.x currently are not supported. New installations only.
## Overview
Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift
cluster. cluster.

4
Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/manifests/artifactory-ha-operator.v1.1.0.clusterserviceversion.yaml
View File

@@ -110,7 +110,9 @@ spec:
name: '' name: ''
version: apps/v1 version: apps/v1
version: v1alpha1 version: v1alpha1
description: '## Overview description: '## [BREAKING] Upgrades from 1.0.0 to 1.1.x currently are not supported. New installations only.
## Overview
Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift
cluster. cluster.

5
Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/metadata/openshiftartifactoryha-operator.package.yaml Normal file
View File

@@ -0,0 +1,5 @@
channels:
- currentCSV: artifactory-ha-operator.v1.1.1
name: alpha
defaultChannel: ''
packageName: openshiftartifactoryha-operator

7
Openshift4/operator/artifactory-ha-operator/bundle/bundle-1.1.0.Dockerfile
View File

@@ -1,12 +1,5 @@
FROM scratch FROM scratch
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=openshiftartifactoryha-operator
LABEL operators.operatorframework.io.bundle.channels.v1=alpha
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/

388
Openshift4/operator/artifactory-ha-operator/config/crd/bases/cache.jfrog.com_openshiftartifactoryhas.yaml Normal file
View File

File diff suppressed because one or more lines are too long

23
Openshift4/operator/artifactory-ha-operator/config/crd/bases/charts.helm.k8s.io_openshiftartifactoryhas_crd.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: openshiftartifactoryhas.charts.helm.k8s.io
spec:
group: charts.helm.k8s.io
names:
kind: OpenshiftArtifactoryHa
listKind: OpenshiftArtifactoryHaList
plural: openshiftartifactoryhas
singular: openshiftartifactoryha
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

6
Openshift4/operator/artifactory-ha-operator/config/crd/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/cache.jfrog.com_openshiftartifactoryhas.yaml
# +kubebuilder:scaffold:crdkustomizeresource

50
Openshift4/operator/artifactory-ha-operator/config/manager/manager.yaml
View File

@@ -1,38 +1,34 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: system
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: controller-manager name: artifactory-ha-operator
namespace: system
labels:
control-plane: controller-manager
spec: spec:
replicas: 1
selector: selector:
matchLabels: matchLabels:
control-plane: controller-manager name: artifactory-ha-operator
replicas: 1
template: template:
metadata: metadata:
labels: labels:
control-plane: controller-manager name: artifactory-ha-operator
spec: spec:
serviceAccountName: artifactory-ha-operator
containers: containers:
- image: controller:latest - name: artifactory-ha-operator
args: image: registry.connect.redhat.com/jfrog/artifactory-operator
- "--enable-leader-election" imagePullPolicy: Always
- "--leader-election-id=artifactory-ha-operator" env:
name: manager - name: WATCH_NAMESPACE
resources: valueFrom:
limits: fieldRef:
cpu: 100m fieldPath: metadata.namespace
memory: 90Mi - name: POD_NAME
requests: valueFrom:
cpu: 100m fieldRef:
memory: 60Mi fieldPath: metadata.name
terminationGracePeriodSeconds: 10 - name: OPERATOR_NAME
value: "artifactory-ha-operator"
- name: RELATED_IMAGE_ARTIFACTORY_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/artifactory-pro"
- name: RELATED_IMAGE_NGINX_IMAGE_REPOSITORY
value: "registry.redhat.io/rhel8/nginx-116"

4
Openshift4/operator/artifactory-ha-operator/config/rbac/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: jfrog-artifactory

24
Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_editor_role.yaml Normal file
View File

@@ -0,0 +1,24 @@
# permissions for end users to edit openshiftartifactoryhas.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: openshiftartifactoryha-editor-role
rules:
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas/status
verbs:
- get

20
Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_viewer_role.yaml Normal file
View File

@@ -0,0 +1,20 @@
# permissions for end users to view openshiftartifactoryhas.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: openshiftartifactoryha-viewer-role
rules:
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas
verbs:
- get
- list
- watch
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas/status
verbs:
- get

89
Openshift4/operator/artifactory-ha-operator/config/rbac/project.yaml Normal file
View File

@@ -0,0 +1,89 @@
apiVersion: template.openshift.io/v1
kind: Template
metadata:
creationTimestamp: null
name: project-request
objects:
- apiVersion: project.openshift.io/v1
kind: Project
metadata:
annotations:
openshift.io/description: JFrog Artifactory
openshift.io/display-name: jfrog-artifactory
openshift.io/requester: integrations@jfrog.com
creationTimestamp: null
name: jfrog-artifactory
spec: {}
status: {}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows all pods in this namespace to pull images from
this namespace. It is auto-managed by a controller; remove subjects to disable.
creationTimestamp: null
name: system:image-pullers
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-puller
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:jfrog-artifactory
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows builds in this namespace to push images to
this namespace. It is auto-managed by a controller; remove subjects to disable.
creationTimestamp: null
name: system:image-builders
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-builder
subjects:
- kind: ServiceAccount
name: builder
namespace: jfrog-artifactory
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows deploymentconfigs in this namespace to rollout
pods in this namespace. It is auto-managed by a controller; remove subjects
to disable.
creationTimestamp: null
name: system:deployers
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:deployer
subjects:
- kind: ServiceAccount
name: deployer
namespace: jfrog-artifactory
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: admin
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubeadmin
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER

112
Openshift4/operator/artifactory-ha-operator/config/rbac/role.yaml
View File

@@ -1,31 +1,119 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: Role
metadata: metadata:
name: manager-role creationTimestamp: null
name: artifactory-ha-operator
rules: rules:
## - apiGroups:
## Base operator rules - ""
## resources:
# We need to get namespaces so the operator can read namespaces to ensure they exist - pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- namespaces - namespaces
verbs: verbs:
- get - get
# We need to manage Helm release secrets
- apiGroups: - apiGroups:
- "" - ""
resourceNames:
- artifactory-ha-operator
resources: resources:
- secrets - '*'
verbs: verbs:
- "*" - '*'
# We need to create events on CRs about things happening during reconciliation
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- events - events
verbs: verbs:
- create - create
- apiGroups:
# +kubebuilder:scaffold:rules - monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- artifactory-ha-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- apiGroups:
- charts.helm.k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- policy
resources:
- '*'
verbs:
- '*'
- apiGroups:
- 'rbac.authorization.k8s.io'
resources:
- '*'
verbs:
- '*'

15
Openshift4/operator/artifactory-ha-operator/config/rbac/role_binding.yaml
View File

@@ -1,12 +1,11 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: metadata:
name: manager-rolebinding name: artifactory-ha-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: artifactory-ha-operator
namespace: system roleRef:
kind: Role
name: artifactory-ha-operator
apiGroup: rbac.authorization.k8s.io

4
Openshift4/operator/artifactory-ha-operator/config/rbac/service_account.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: artifactory-ha-operator

1093
Openshift4/operator/artifactory-ha-operator/config/samples/cache_v1alpha1_openshiftartifactoryha.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

97
Openshift4/operator/artifactory-ha-operator/config/samples/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: charts.helm.k8s.io/v1alpha1
kind: OpenshiftArtifactoryHa
metadata:
name: openshiftartifactoryha
spec:
artifactory-ha:
database:
type: "OVERRIDE"
driver: "OVERRIDE"
url: "OVERRIDE"
user: "OVERRIDE"
password: "OVERRIDE"
initContainerImage: registry.connect.redhat.com/jfrog/init:1.0.1
waitForDatabase: true
installerInfo: '{ "productId": "Openshift_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "ArtifactoryVersion/{{ default .Chart.AppVersion .Values.artifactory.image.version }}" }, { "featureId": "{{ if .Values.postgresql.enabled }}postgresql{{ else }}{{ .Values.database.type }}{{ end }}/0.0.0" }, { "featureId": "Platform/Openshift" }, { "featureId": "Partner/ACC-006983" }, { "featureId": "Channel/Openshift" } ] }'
artifactory:
uid: "1000721030"
## Change to use RH UBI images
image:
registry: registry.connect.redhat.com
repository: jfrog/artifactory-pro
tag: 7.9.0
node:
replicaCount: 2
waitForPrimaryStartup:
enabled: false
masterKey: "OVERRIDE"
joinKey: "OVERRIDE"
postgresql:
enabled: false
nginx:
uid: "1000720104"
gid: "1000720107"
image:
registry: registry.redhat.io
repository: rhel8/nginx-116
tag: latest
## K8S secret name for the TLS secret to be used for SSL
tlsSecretName: "OVERRIDE"
service:
ssloffload: false
http:
externalPort: 80
internalPort: 8080
https:
externalPort: 443
internalPort: 8443
mainConf: |
# Main Nginx configuration file
worker_processes 4;
error_log {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format timing 'ip = $remote_addr '
'user = \"$remote_user\" '
'local_time = \"$time_local\" '
'host = $host '
'request = \"$request\" '
'status = $status '
'bytes = $body_bytes_sent '
'upstream = \"$upstream_addr\" '
'upstream_time = $upstream_response_time '
'request_time = $request_time '
'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
}

4
Openshift4/operator/artifactory-ha-operator/config/samples/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
## Append samples you want in your CSV to this file as resources ##
resources:
- cache_v1alpha1_openshiftartifactoryha.yaml
# +kubebuilder:scaffold:manifestskustomizesamples