updates for new redhat ubi image and also temp fix for INST-550 bug

2026-01-21 01:06:55 -06:00 · 2020-02-13 11:51:35 -08:00
parent 47efd4f31d
commit 4be8a96fb6
13 changed files with 108 additions and 31 deletions
--- a/Openshift4/artifactory-ha-operator/README.md
+++ b/Openshift4/artifactory-ha-operator/README.md
@@ -0,0 +1,26 @@
+# Openshift 4 Artifactory Operator
+## Cluster Setup
+###### Security Context Constraints - Anyuid + Hostpath
+###### Persistent Volumes
+###### 
+## Installation types
+###### OLM Catalog
+To install via the OLM catalog download the operator from the Operator hub and install it via the Openshift console GUI
+
+To test OLM catalog installs you will need to deploy the lastest ClusterServiceVersion found at:
+ deploy/olm-catalog/artifactory-ha-operator/X.X.X/artifactory-ha-operator.vX.X.X.clusterserviceversion.yaml
+
+This will install the operator into whatever cluster your kubectl or oc program is currently logged into.
+
+Please refer to Local Testing section below for full instructions.
+
+###### Operator YAML
+To install the operator via the Operator YAML first follow the steps in 
+
+
+###### Operator-sdk local
+
+ 
+
+## Local Testing
+
--- a/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml
@@ -50,7 +50,7 @@ spec:
      path: null
    image:
      pullPolicy: IfNotPresent
-      repository: earlyaccess.jfrog.io/artifactory-pro
+      repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro
    internalArtifactoryPort: 8081
    internalPort: 8082
    javaOpts: {}
@@ -759,7 +759,7 @@ spec:
      internalPort: 443
    image:
      pullPolicy: IfNotPresent
-      repository: earlyaccess.jfrog.io/nginx-artifactory-pro
+      repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro
    labels: {}
    livenessProbe:
      enabled: true
--- a/Openshift4/artifactory-ha-operator/deploy/hostpathscc.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/hostpathscc.yaml
@@ -0,0 +1,18 @@
+kind: SecurityContextConstraints
+apiVersion: v1
+metadata:
+  name: hostpath
+allowPrivilegedContainer: false
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+fsGroup:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+users:
+- artifactory
+groups:
+- artifactory
+- jfrog-artifactory
--- a/Openshift4/artifactory-ha-operator/deploy/imagestream-nginx.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/imagestream-nginx.yaml
@@ -0,0 +1,6 @@
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  name: nginx-artifactory-pro
+  namespace: jfrog-artifactory
+
--- a/Openshift4/artifactory-ha-operator/deploy/imagestream-operator.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/imagestream-operator.yaml
--- a/Openshift4/artifactory-ha-operator/deploy/imagestream-pro.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/imagestream-pro.yaml
@@ -0,0 +1,6 @@
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  name: artifactory-pro
+  namespace: jfrog-artifactory
+
--- a/Openshift4/artifactory-ha-operator/deploy/namespace.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/namespace.yaml
@@ -2,16 +2,3 @@ kind: Namespace
 apiVersion: v1
 metadata:
  name: jfrog-artifactory
-  selfLink: /api/v1/namespaces/jfrog-artifactory
-  uid: 402ec7e9-3ca2-11ea-bd94-0ef0e3c74fbe
-  resourceVersion: '523038'
-  creationTimestamp: '2020-01-21T23:03:34Z'
-  annotations:
-    openshift.io/sa.scc.mcs: 's0:c23,c2'
-    openshift.io/sa.scc.supplemental-groups: 1000510000/10000
-    openshift.io/sa.scc.uid-range: 1000510000/10000
-spec:
-  finalizers:
-    - kubernetes
-status:
-  phase: Active
--- a/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml
@@ -50,7 +50,7 @@ metadata:
              },
              "image": {
                "pullPolicy": "IfNotPresent",
-                "repository": "earlyaccess.jfrog.io/artifactory-pro"
+                "repository": "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro"
              },
              "internalArtifactoryPort": 8081,
              "internalPort": 8082,
@@ -348,7 +348,7 @@ metadata:
              },
              "image": {
                "pullPolicy": "IfNotPresent",
-                "repository": "earlyaccess.jfrog.io/nginx-artifactory-pro"
+                "repository": "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro"
              },
              "labels": {},
              "livenessProbe": {
--- a/Openshift4/artifactory-ha-operator/deploy/operator.yaml
+++ b/Openshift4/artifactory-ha-operator/deploy/operator.yaml
@@ -16,7 +16,6 @@ spec:
      containers:
        - name: artifactory-ha-operator
          image: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-ha
-          #image: ubuntu
          imagePullPolicy: IfNotPresent
          env:
            - name: WATCH_NAMESPACE
--- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml
+++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 7.0.2
+appVersion: 7.0.7
 description: Universal Repository Manager supporting all major packaging formats,
  build tools and CI servers.
 home: https://www.jfrog.com/artifactory/
--- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml
+++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml
@@ -154,7 +154,7 @@ artifactory:
  name: artifactory-ha
  image:
    # repository: "docker.bintray.io/jfrog/artifactory-pro"
-    repository: "earlyaccess.jfrog.io/artifactory-pro"
+    repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro
    # Note that by default we use appVersion to get image tag
    # version:
    pullPolicy: IfNotPresent
@@ -356,16 +356,16 @@ artifactory:

  ## Extra environment variables that can be used to tune Artifactory to your needs.
  ## Uncomment and set value as needed
-  #extraEnvironmentVariables: |
-  #  - name: JF_SHARED_DATABSE_USERNAME
-  #    value: "artifactory"
-  #  - name: JF_SHARED_DATABASE_PASSWORD
-  #    valueFrom:
-  #      secretKeyRef:
-  #        name: {{ .Release.Name }}-postgresql
-  #        key: postgresql-password
-  #   - name: POSTGRES_DB
-  #     value: "artifactory"
+  extraEnvironmentVariables: |
+    - name: JF_SHARED_DATABSE_USERNAME
+      value: "artifactory"
+    - name: JF_SHARED_DATABASE_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Release.Name }}-postgresql
+          key: postgresql-password
+    - name: POSTGRES_DB
+      value: "artifactory"

  # TODO: Fix javaOpts for member nodes (currently uses primary settings for all nodes)
  systemYaml: |
@@ -1054,7 +1054,7 @@ nginx:
  gid: 107
  image:
    # repository: "docker.bintray.io/jfrog/nginx-artifactory-pro"
-    repository: "earlyaccess.jfrog.io/nginx-artifactory-pro"
+    repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro
    # Note that by default we use appVersion to get image tag
    # version:
    pullPolicy: IfNotPresent
--- a/Openshift4/artifactory-ha-operator/setup.sh
+++ b/Openshift4/artifactory-ha-operator/setup.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+oc project default
+oc apply -f helm-charts/openshift-artifactory-ha/pv-examples
+oc apply -f deploy/project.yaml
+oc apply -f deploy/namespace.yaml
+oc project jfrog-artifactory
+oc apply -f deploy/imagestream-nginx.yaml
+oc apply -f deploy/imagestream-pro.yaml
+oc apply -f deploy/imagestream-operator.yaml
+oc patch image.config.openshift.io/cluster --type=merge --patch='{"spec":{"registrySources":{"insecureRegistries":["default-route-openshift-image-registry.apps-crc.testing"]}}}'
+oc apply -f deploy/role.yaml
+oc apply -f deploy/role_binding.yaml
+oc apply -f deploy/service_account.yaml
+oc apply -f deploy/securitycontextconstraints.yaml
+oc adm policy add-scc-to-user  scc-admin system:serviceaccount:jfrog-artifactory:artifactory-ha-operator
+oc adm policy add-scc-to-user  scc-admin system:serviceaccount:jfrog-artifactory:default
+oc adm policy add-scc-to-user  anyuid system:serviceaccount:jfrog-artifactory:artifactory-ha-operator
+oc adm policy add-scc-to-user anyuid system:serviceaccount:jfrog-artifactory:default
+oc adm policy add-scc-to-group anyuid system:authenticated
+oc apply -f deploy/hostpathscc.yaml
+oc patch securitycontextconstraints.security.openshift.io/hostpath --type=merge --patch='{"allowHostDirVolumePlugin": true}'
+oc adm policy add-scc-to-user hostpath system:serviceaccount:jfrog-artifactory:artifactory-ha-operator
+oc apply -f deploy/crds/charts.helm.k8s.io_openshiftartifactoryhas_crd.yaml
+oc apply -f deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml
+oc create secret generic artifactory-license --from-file=../artifactory.cluster.license
--- a/Openshift4/artifactory-ha-operator/unload.sh
+++ b/Openshift4/artifactory-ha-operator/unload.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+oc project jfrog-artifactory
+oc delete deployments --all
+oc delete statefulsets --all
+oc delete configmaps --all
+oc delete deploymentconfigs --all
+oc delete pods --all
+oc delete svc --all
+oc delete networkpolicies --all
+oc delete pvc --all