zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 07:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Artifactory Operator v1.1.0 published

Browse Source
This commit is contained in:
John Peterson
2020-10-02 20:25:06 -07:00
parent c49b583510
commit 2cdddcf59d
21 changed files with 1912 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Openshift4/operator/artifactory-ha-operator/PROJECT
View File

@@ -1,4 +1,8 @@
domain: jfrog.com
layout: helm.sdk.operatorframework.io/v1
projectName: artifactory-ha-operator
resources:
- group: cache
kind: OpenshiftArtifactoryHa
version: v1alpha1
version: 3-alpha

8
Openshift4/operator/artifactory-ha-operator/README.md
View File

@@ -4,6 +4,12 @@ This code base is intended to deploy Artifactory HA as an operator to an Openshi
Openshift OperatorHub has the latest official supported Cluster Service Version (CSV) for the OLM catalog.
# Breaking Changes
```
v1.1.0 breaks existing upgrade path due to base helm chart breaking changes
```
## Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
@@ -141,4 +147,4 @@ We use [SemVer](http://semver.org/) for versioning. For the versions available,
## Contact
Github Issues
Github Issues

4
Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/artifactory-ha-operator.v1.1.0.clusterserviceversion.yaml
View File

@@ -108,7 +108,9 @@ spec:
name: ''
version: apps/v1
version: v1alpha1
description: '## Overview
description: '## [BREAKING] Upgrades from 1.0.0 to 1.1.x currently are not supported. New installations only.
## Overview
Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift
cluster.

4
Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/manifests/artifactory-ha-operator.v1.1.0.clusterserviceversion.yaml
View File

@@ -110,7 +110,9 @@ spec:
name: ''
version: apps/v1
version: v1alpha1
description: '## Overview
description: '## [BREAKING] Upgrades from 1.0.0 to 1.1.x currently are not supported. New installations only.
## Overview
Openshift Operator to deploy JFrog Artifactory Enterprise into your Openshift
cluster.

5
Openshift4/operator/artifactory-ha-operator/bundle/1.1.0/metadata/openshiftartifactoryha-operator.package.yaml Normal file
View File

@@ -0,0 +1,5 @@
channels:
- currentCSV: artifactory-ha-operator.v1.1.1
name: alpha
defaultChannel: ''
packageName: openshiftartifactoryha-operator

7
Openshift4/operator/artifactory-ha-operator/bundle/bundle-1.1.0.Dockerfile
View File

@@ -1,12 +1,5 @@
FROM scratch
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=openshiftartifactoryha-operator
LABEL operators.operatorframework.io.bundle.channels.v1=alpha
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/

388
Openshift4/operator/artifactory-ha-operator/config/crd/bases/cache.jfrog.com_openshiftartifactoryhas.yaml Normal file
View File

File diff suppressed because one or more lines are too long

23
Openshift4/operator/artifactory-ha-operator/config/crd/bases/charts.helm.k8s.io_openshiftartifactoryhas_crd.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: openshiftartifactoryhas.charts.helm.k8s.io
spec:
group: charts.helm.k8s.io
names:
kind: OpenshiftArtifactoryHa
listKind: OpenshiftArtifactoryHaList
plural: openshiftartifactoryhas
singular: openshiftartifactoryha
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

6
Openshift4/operator/artifactory-ha-operator/config/crd/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/cache.jfrog.com_openshiftartifactoryhas.yaml
# +kubebuilder:scaffold:crdkustomizeresource

50
Openshift4/operator/artifactory-ha-operator/config/manager/manager.yaml
View File

@@ -1,38 +1,34 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
name: artifactory-ha-operator
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
name: artifactory-ha-operator
template:
metadata:
labels:
control-plane: controller-manager
name: artifactory-ha-operator
spec:
serviceAccountName: artifactory-ha-operator
containers:
- image: controller:latest
args:
- "--enable-leader-election"
- "--leader-election-id=artifactory-ha-operator"
name: manager
resources:
limits:
cpu: 100m
memory: 90Mi
requests:
cpu: 100m
memory: 60Mi
terminationGracePeriodSeconds: 10
- name: artifactory-ha-operator
image: registry.connect.redhat.com/jfrog/artifactory-operator
imagePullPolicy: Always
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "artifactory-ha-operator"
- name: RELATED_IMAGE_ARTIFACTORY_IMAGE_REPOSITORY
value: "registry.connect.redhat.com/jfrog/artifactory-pro"
- name: RELATED_IMAGE_NGINX_IMAGE_REPOSITORY
value: "registry.redhat.io/rhel8/nginx-116"

4
Openshift4/operator/artifactory-ha-operator/config/rbac/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: jfrog-artifactory

24
Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_editor_role.yaml Normal file
View File

@@ -0,0 +1,24 @@
# permissions for end users to edit openshiftartifactoryhas.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: openshiftartifactoryha-editor-role
rules:
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas/status
verbs:
- get

20
Openshift4/operator/artifactory-ha-operator/config/rbac/openshiftartifactoryha_viewer_role.yaml Normal file
View File

@@ -0,0 +1,20 @@
# permissions for end users to view openshiftartifactoryhas.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: openshiftartifactoryha-viewer-role
rules:
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas
verbs:
- get
- list
- watch
- apiGroups:
- cache.jfrog.com
resources:
- openshiftartifactoryhas/status
verbs:
- get

89
Openshift4/operator/artifactory-ha-operator/config/rbac/project.yaml Normal file
View File

@@ -0,0 +1,89 @@
apiVersion: template.openshift.io/v1
kind: Template
metadata:
creationTimestamp: null
name: project-request
objects:
- apiVersion: project.openshift.io/v1
kind: Project
metadata:
annotations:
openshift.io/description: JFrog Artifactory
openshift.io/display-name: jfrog-artifactory
openshift.io/requester: integrations@jfrog.com
creationTimestamp: null
name: jfrog-artifactory
spec: {}
status: {}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows all pods in this namespace to pull images from
this namespace. It is auto-managed by a controller; remove subjects to disable.
creationTimestamp: null
name: system:image-pullers
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-puller
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:jfrog-artifactory
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows builds in this namespace to push images to
this namespace. It is auto-managed by a controller; remove subjects to disable.
creationTimestamp: null
name: system:image-builders
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-builder
subjects:
- kind: ServiceAccount
name: builder
namespace: jfrog-artifactory
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows deploymentconfigs in this namespace to rollout
pods in this namespace. It is auto-managed by a controller; remove subjects
to disable.
creationTimestamp: null
name: system:deployers
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:deployer
subjects:
- kind: ServiceAccount
name: deployer
namespace: jfrog-artifactory
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
name: admin
namespace: jfrog-artifactory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubeadmin
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER

126
Openshift4/operator/artifactory-ha-operator/config/rbac/role.yaml
View File

@@ -1,31 +1,119 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
kind: Role
metadata:
name: manager-role
creationTimestamp: null
name: artifactory-ha-operator
rules:
##
## Base operator rules
##
# We need to get namespaces so the operator can read namespaces to ensure they exist
- apiGroups:
- ""
- ""
resources:
- namespaces
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- serviceaccounts
verbs:
- get
# We need to manage Helm release secrets
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- apps
resources:
- secrets
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- "*"
# We need to create events on CRs about things happening during reconciliation
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- ""
resources:
- events
- namespaces
verbs:
- create
# +kubebuilder:scaffold:rules
- get
- apiGroups:
- ""
resourceNames:
- artifactory-ha-operator
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- artifactory-ha-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- apiGroups:
- charts.helm.k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- policy
resources:
- '*'
verbs:
- '*'
- apiGroups:
- 'rbac.authorization.k8s.io'
resources:
- '*'
verbs:
- '*'

15
Openshift4/operator/artifactory-ha-operator/config/rbac/role_binding.yaml
View File

@@ -1,12 +1,11 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
name: artifactory-ha-operator
subjects:
- kind: ServiceAccount
name: default
namespace: system
name: artifactory-ha-operator
roleRef:
kind: Role
name: artifactory-ha-operator
apiGroup: rbac.authorization.k8s.io

4
Openshift4/operator/artifactory-ha-operator/config/rbac/service_account.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: artifactory-ha-operator

1093
Openshift4/operator/artifactory-ha-operator/config/samples/cache_v1alpha1_openshiftartifactoryha.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

97
Openshift4/operator/artifactory-ha-operator/config/samples/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: charts.helm.k8s.io/v1alpha1
kind: OpenshiftArtifactoryHa
metadata:
name: openshiftartifactoryha
spec:
artifactory-ha:
database:
type: "OVERRIDE"
driver: "OVERRIDE"
url: "OVERRIDE"
user: "OVERRIDE"
password: "OVERRIDE"
initContainerImage: registry.connect.redhat.com/jfrog/init:1.0.1
waitForDatabase: true
installerInfo: '{ "productId": "Openshift_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "ArtifactoryVersion/{{ default .Chart.AppVersion .Values.artifactory.image.version }}" }, { "featureId": "{{ if .Values.postgresql.enabled }}postgresql{{ else }}{{ .Values.database.type }}{{ end }}/0.0.0" }, { "featureId": "Platform/Openshift" }, { "featureId": "Partner/ACC-006983" }, { "featureId": "Channel/Openshift" } ] }'
artifactory:
uid: "1000721030"
## Change to use RH UBI images
image:
registry: registry.connect.redhat.com
repository: jfrog/artifactory-pro
tag: 7.9.0
node:
replicaCount: 2
waitForPrimaryStartup:
enabled: false
masterKey: "OVERRIDE"
joinKey: "OVERRIDE"
postgresql:
enabled: false
nginx:
uid: "1000720104"
gid: "1000720107"
image:
registry: registry.redhat.io
repository: rhel8/nginx-116
tag: latest
## K8S secret name for the TLS secret to be used for SSL
tlsSecretName: "OVERRIDE"
service:
ssloffload: false
http:
externalPort: 80
internalPort: 8080
https:
externalPort: 443
internalPort: 8443
mainConf: |
# Main Nginx configuration file
worker_processes 4;
error_log {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format timing 'ip = $remote_addr '
'user = \"$remote_user\" '
'local_time = \"$time_local\" '
'host = $host '
'request = \"$request\" '
'status = $status '
'bytes = $body_bytes_sent '
'upstream = \"$upstream_addr\" '
'upstream_time = $upstream_response_time '
'request_time = $request_time '
'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
}

4
Openshift4/operator/artifactory-ha-operator/config/samples/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
## Append samples you want in your CSV to this file as resources ##
resources:
- cache_v1alpha1_openshiftartifactoryha.yaml
# +kubebuilder:scaffold:manifestskustomizesamples

2
Openshift4/operator/artifactory-ha-operator/watches.yaml
View File

@@ -5,4 +5,4 @@
chart: helm-charts/openshift-artifactory-ha
overrideValues:
artifactory-ha.artifactory.image.override: $RELATED_IMAGE_ARTIFACTORY_IMAGE_REPOSITORY
artifactory-ha.nginx.image.override: $RELATED_IMAGE_NGINX_IMAGE_REPOSITORY
artifactory-ha.nginx.image.override: $RELATED_IMAGE_NGINX_IMAGE_REPOSITORY