From 4be8a96fb6b0d8df1ce42b6364e7ede2cff9af9d Mon Sep 17 00:00:00 2001 From: John Peterson Date: Thu, 13 Feb 2020 11:51:35 -0800 Subject: [PATCH] updates for new redhat ubi image and also temp fix for INST-550 bug --- Openshift4/artifactory-ha-operator/README.md | 26 +++++++++++++++++++ ...io_v1alpha1_openshiftartifactoryha_cr.yaml | 4 +-- .../deploy/hostpathscc.yaml | 18 +++++++++++++ .../deploy/imagestream-nginx.yaml | 6 +++++ ...estream.yaml => imagestream-operator.yaml} | 0 .../deploy/imagestream-pro.yaml | 6 +++++ .../deploy/namespace.yaml | 13 ---------- ...operator.v1.0.0.clusterserviceversion.yaml | 4 +-- .../deploy/operator.yaml | 1 - .../openshift-artifactory-ha/Chart.yaml | 2 +- .../openshift-artifactory-ha/values.yaml | 24 ++++++++--------- Openshift4/artifactory-ha-operator/setup.sh | 25 ++++++++++++++++++ Openshift4/artifactory-ha-operator/unload.sh | 10 +++++++ 13 files changed, 108 insertions(+), 31 deletions(-) create mode 100644 Openshift4/artifactory-ha-operator/README.md create mode 100644 Openshift4/artifactory-ha-operator/deploy/hostpathscc.yaml create mode 100644 Openshift4/artifactory-ha-operator/deploy/imagestream-nginx.yaml rename Openshift4/artifactory-ha-operator/deploy/{imagestream.yaml => imagestream-operator.yaml} (100%) create mode 100644 Openshift4/artifactory-ha-operator/deploy/imagestream-pro.yaml create mode 100755 Openshift4/artifactory-ha-operator/setup.sh create mode 100755 Openshift4/artifactory-ha-operator/unload.sh diff --git a/Openshift4/artifactory-ha-operator/README.md b/Openshift4/artifactory-ha-operator/README.md new file mode 100644 index 0000000..5bebad5 --- /dev/null +++ b/Openshift4/artifactory-ha-operator/README.md @@ -0,0 +1,26 @@ +# Openshift 4 Artifactory Operator +## Cluster Setup +###### Security Context Constraints - Anyuid + Hostpath +###### Persistent Volumes +###### +## Installation types +###### OLM Catalog +To install via the OLM catalog download the operator from the Operator hub and install it via the Openshift console GUI + +To test OLM catalog installs you will need to deploy the lastest ClusterServiceVersion found at: + deploy/olm-catalog/artifactory-ha-operator/X.X.X/artifactory-ha-operator.vX.X.X.clusterserviceversion.yaml + +This will install the operator into whatever cluster your kubectl or oc program is currently logged into. + +Please refer to Local Testing section below for full instructions. + +###### Operator YAML +To install the operator via the Operator YAML first follow the steps in + + +###### Operator-sdk local + + + +## Local Testing + diff --git a/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml b/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml index da682db..ae1ad6a 100644 --- a/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml +++ b/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml @@ -50,7 +50,7 @@ spec: path: null image: pullPolicy: IfNotPresent - repository: earlyaccess.jfrog.io/artifactory-pro + repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro internalArtifactoryPort: 8081 internalPort: 8082 javaOpts: {} @@ -759,7 +759,7 @@ spec: internalPort: 443 image: pullPolicy: IfNotPresent - repository: earlyaccess.jfrog.io/nginx-artifactory-pro + repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro labels: {} livenessProbe: enabled: true diff --git a/Openshift4/artifactory-ha-operator/deploy/hostpathscc.yaml b/Openshift4/artifactory-ha-operator/deploy/hostpathscc.yaml new file mode 100644 index 0000000..13eef79 --- /dev/null +++ b/Openshift4/artifactory-ha-operator/deploy/hostpathscc.yaml @@ -0,0 +1,18 @@ +kind: SecurityContextConstraints +apiVersion: v1 +metadata: + name: hostpath +allowPrivilegedContainer: false +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +fsGroup: + type: RunAsAny +supplementalGroups: + type: RunAsAny +users: +- artifactory +groups: +- artifactory +- jfrog-artifactory diff --git a/Openshift4/artifactory-ha-operator/deploy/imagestream-nginx.yaml b/Openshift4/artifactory-ha-operator/deploy/imagestream-nginx.yaml new file mode 100644 index 0000000..a0ef6b3 --- /dev/null +++ b/Openshift4/artifactory-ha-operator/deploy/imagestream-nginx.yaml @@ -0,0 +1,6 @@ +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + name: nginx-artifactory-pro + namespace: jfrog-artifactory + diff --git a/Openshift4/artifactory-ha-operator/deploy/imagestream.yaml b/Openshift4/artifactory-ha-operator/deploy/imagestream-operator.yaml similarity index 100% rename from Openshift4/artifactory-ha-operator/deploy/imagestream.yaml rename to Openshift4/artifactory-ha-operator/deploy/imagestream-operator.yaml diff --git a/Openshift4/artifactory-ha-operator/deploy/imagestream-pro.yaml b/Openshift4/artifactory-ha-operator/deploy/imagestream-pro.yaml new file mode 100644 index 0000000..4c4ba85 --- /dev/null +++ b/Openshift4/artifactory-ha-operator/deploy/imagestream-pro.yaml @@ -0,0 +1,6 @@ +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + name: artifactory-pro + namespace: jfrog-artifactory + diff --git a/Openshift4/artifactory-ha-operator/deploy/namespace.yaml b/Openshift4/artifactory-ha-operator/deploy/namespace.yaml index 1be0be1..b94caf4 100644 --- a/Openshift4/artifactory-ha-operator/deploy/namespace.yaml +++ b/Openshift4/artifactory-ha-operator/deploy/namespace.yaml @@ -2,16 +2,3 @@ kind: Namespace apiVersion: v1 metadata: name: jfrog-artifactory - selfLink: /api/v1/namespaces/jfrog-artifactory - uid: 402ec7e9-3ca2-11ea-bd94-0ef0e3c74fbe - resourceVersion: '523038' - creationTimestamp: '2020-01-21T23:03:34Z' - annotations: - openshift.io/sa.scc.mcs: 's0:c23,c2' - openshift.io/sa.scc.supplemental-groups: 1000510000/10000 - openshift.io/sa.scc.uid-range: 1000510000/10000 -spec: - finalizers: - - kubernetes -status: - phase: Active diff --git a/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml b/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml index 0a3b20c..de12846 100644 --- a/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml +++ b/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml @@ -50,7 +50,7 @@ metadata: }, "image": { "pullPolicy": "IfNotPresent", - "repository": "earlyaccess.jfrog.io/artifactory-pro" + "repository": "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro" }, "internalArtifactoryPort": 8081, "internalPort": 8082, @@ -348,7 +348,7 @@ metadata: }, "image": { "pullPolicy": "IfNotPresent", - "repository": "earlyaccess.jfrog.io/nginx-artifactory-pro" + "repository": "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro" }, "labels": {}, "livenessProbe": { diff --git a/Openshift4/artifactory-ha-operator/deploy/operator.yaml b/Openshift4/artifactory-ha-operator/deploy/operator.yaml index c0d5a69..e32db4a 100644 --- a/Openshift4/artifactory-ha-operator/deploy/operator.yaml +++ b/Openshift4/artifactory-ha-operator/deploy/operator.yaml @@ -16,7 +16,6 @@ spec: containers: - name: artifactory-ha-operator image: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-ha - #image: ubuntu imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml index 0e1989f..af5ff44 100755 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml +++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 7.0.2 +appVersion: 7.0.7 description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. home: https://www.jfrog.com/artifactory/ diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml index 64af84e..242803c 100755 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml +++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml @@ -154,7 +154,7 @@ artifactory: name: artifactory-ha image: # repository: "docker.bintray.io/jfrog/artifactory-pro" - repository: "earlyaccess.jfrog.io/artifactory-pro" + repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro # Note that by default we use appVersion to get image tag # version: pullPolicy: IfNotPresent @@ -356,16 +356,16 @@ artifactory: ## Extra environment variables that can be used to tune Artifactory to your needs. ## Uncomment and set value as needed - #extraEnvironmentVariables: | - # - name: JF_SHARED_DATABSE_USERNAME - # value: "artifactory" - # - name: JF_SHARED_DATABASE_PASSWORD - # valueFrom: - # secretKeyRef: - # name: {{ .Release.Name }}-postgresql - # key: postgresql-password - # - name: POSTGRES_DB - # value: "artifactory" + extraEnvironmentVariables: | + - name: JF_SHARED_DATABSE_USERNAME + value: "artifactory" + - name: JF_SHARED_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgresql + key: postgresql-password + - name: POSTGRES_DB + value: "artifactory" # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes) systemYaml: | @@ -1054,7 +1054,7 @@ nginx: gid: 107 image: # repository: "docker.bintray.io/jfrog/nginx-artifactory-pro" - repository: "earlyaccess.jfrog.io/nginx-artifactory-pro" + repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro # Note that by default we use appVersion to get image tag # version: pullPolicy: IfNotPresent diff --git a/Openshift4/artifactory-ha-operator/setup.sh b/Openshift4/artifactory-ha-operator/setup.sh new file mode 100755 index 0000000..3bef5e9 --- /dev/null +++ b/Openshift4/artifactory-ha-operator/setup.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +oc project default +oc apply -f helm-charts/openshift-artifactory-ha/pv-examples +oc apply -f deploy/project.yaml +oc apply -f deploy/namespace.yaml +oc project jfrog-artifactory +oc apply -f deploy/imagestream-nginx.yaml +oc apply -f deploy/imagestream-pro.yaml +oc apply -f deploy/imagestream-operator.yaml +oc patch image.config.openshift.io/cluster --type=merge --patch='{"spec":{"registrySources":{"insecureRegistries":["default-route-openshift-image-registry.apps-crc.testing"]}}}' +oc apply -f deploy/role.yaml +oc apply -f deploy/role_binding.yaml +oc apply -f deploy/service_account.yaml +oc apply -f deploy/securitycontextconstraints.yaml +oc adm policy add-scc-to-user scc-admin system:serviceaccount:jfrog-artifactory:artifactory-ha-operator +oc adm policy add-scc-to-user scc-admin system:serviceaccount:jfrog-artifactory:default +oc adm policy add-scc-to-user anyuid system:serviceaccount:jfrog-artifactory:artifactory-ha-operator +oc adm policy add-scc-to-user anyuid system:serviceaccount:jfrog-artifactory:default +oc adm policy add-scc-to-group anyuid system:authenticated +oc apply -f deploy/hostpathscc.yaml +oc patch securitycontextconstraints.security.openshift.io/hostpath --type=merge --patch='{"allowHostDirVolumePlugin": true}' +oc adm policy add-scc-to-user hostpath system:serviceaccount:jfrog-artifactory:artifactory-ha-operator +oc apply -f deploy/crds/charts.helm.k8s.io_openshiftartifactoryhas_crd.yaml +oc apply -f deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml +oc create secret generic artifactory-license --from-file=../artifactory.cluster.license diff --git a/Openshift4/artifactory-ha-operator/unload.sh b/Openshift4/artifactory-ha-operator/unload.sh new file mode 100755 index 0000000..343f2a4 --- /dev/null +++ b/Openshift4/artifactory-ha-operator/unload.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +oc project jfrog-artifactory +oc delete deployments --all +oc delete statefulsets --all +oc delete configmaps --all +oc delete deploymentconfigs --all +oc delete pods --all +oc delete svc --all +oc delete networkpolicies --all +oc delete pvc --all