updates to openshift documentation

Openshift4/CONTRIBUTING.md

@@ -2,7 +2,77 @@
 
 Before we can accept your contribution, process your GitHub pull requests, and thank you full-heartedly, we request that you will fill out and submit JFrog's Contributor License Agreement (CLA).
 
-[Click here](https://secure.echosign.com/public/hostedForm?formid=5IYKLZ2RXB543N) to submit the JFrog CLA.
+[Click here](https://gist.github.com/jfrog-ecosystem/7d4fbeaac18edbd3cfc38831125acbb3) to view the JFrog CLA.
+
+Please comment in your pull request to mark your acceptance for now until CLA assistant is fixed.
+
+"I have read the CLA Document and I hereby sign the CLA"
+
 This should only take a minute to complete and is a one-time process.
 
 *Thanks for Your Contribution to the Community!* :-)
+
+## Pull Request Process ##
+
+- Fork this repository.
+- Clone the forked repository to your local machine and perform the proposed changes. 
+- Test the changes in your own K8s environment and confirm everything works end to end.
+- Update the CHANGELOG.md
+- Submit a PR with the relevant information and check the applicable boxes and fill out the questions.
+
+## Acceptance Criteria ##
+
+- Pull requests must pass all automated checks
+- CHANGELOG.md has relevant changes
+- README.md has been updated if required
+- One approval from JFrog reviewers
+
+Upon the success of the above the pull request will be mergable into master branch. Upon merge the source branch will be removed.
+
+Increase the version numbers in any examples files and the README.md to the new version that this Pull Request would represent. The versioning scheme we use is SemVer.
+You may merge the Pull Request in once you have the sign-off of one other developer.
+ 
+## Code of Conduct
+### Our Pledge
+ 
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+ 
+### Our Standards
+ 
+Examples of behavior that contributes to creating a positive environment include:
+ ````
+   Using welcoming and inclusive language
+   Being respectful of differing viewpoints and experiences
+   Gracefully accepting constructive criticism
+   Focusing on what is best for the company
+   Showing empathy towards other colleagues
+ ````
+
+Examples of unacceptable behavior by participants include:
+ 
+ ````
+   The use of sexualized language or imagery and unwelcome sexual attention or advances
+   Trolling, insulting/derogatory comments, and personal or political attacks
+   Public or private harassment
+   Publishing others' private information, such as a physical or electronic address, without explicit permission
+   Other conduct which could reasonably be considered inappropriate in a professional setting
+ ````
+### Our Responsibilities
+ 
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+ 
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+ 
+## Scope
+ 
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project. Examples of representing a project include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+ 
+## Enforcement
+ 
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at Slack #xray_splunk .  All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+ 
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+ 
+## Attribution
+ 
+This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at http://contributor-covenant.org/version/1/4

Openshift4/README.md

@@ -1,72 +1,87 @@
 # JFrog Unified Platform On Openshift 
 
-This code base is intended to deploy JFrog Unified Platform products as either helm or an operator to an Openshift4 cluster. 
+JFrog Unified Platform on Openshift official support is for the operator deployment only through Openshift's Operatorhub.
 
-You can run the operator either through the operator-sdk, operator.yaml, or the OperatorHub OLM (CSV).
+Openshift OperatorHub will contain the latest official supported version. We strive to always release every minor version to Openshift's Operatorhub.
 
-Openshift OperatorHub has the latest official supported version to deploy via the GUI.
+## Repo Layout
 
-Optionally you can deploy into Openshift4 as helm.
+| Folder                          | Purpose                                                 |
+|---------------------------------|---------------------------------------------------------|
+| helm                            | Contains the Openshift Helm charts used by the Operator |
+| helm/openshift-artifactory-ha   | Openshift Artifactory HA helm chart                     |
+| helm/openshift-xray             | Openshift Xray helm chart                               |
+| helm/openshift-pipelines        | Opneshift Pipelines helm chart                          | 
+| operator                        | Contains the Openshift certified operators code base    |
+| operator/artifactory-ha-operator| Artifactory Enterprise Operator                         |
+| operator/xray-operator          | Xray Enterprise Operator                                |
+| operator/pipeline-operator      | Pipelines Operator (Beta)                               |
 
-## Prerequisites
+## How to install?
 
-###### Openshift 4 Cluster
+You can find the Redhat certified Operators in the Operatorhub in your Openshift web console.
 
-Available on AWS, GCP, or Azure. Follow the Cloud installer guide available here:
+You will need to be an administrator of your Openshift cluster to install our operator.
 
-[Openshift 4 Installers](https://cloud.redhat.com/openshift/install)
+Additional steps can be found at [JFrog Partner support wiki](https://www.jfrog.com/confluence/display/JFROG/JFrog+Partner+Integrations#JFrogPartnerIntegrations-redhatopenshift]).
 
-Or run it locally using CodeReadyContainers or your own on-perm solution.
+## Security Context Constraints
 
-[Code Ready Container Installer](https://cloud.redhat.com/openshift/install/crc/installer-provisioned)
+The `restricted` security context constraint will prevent the helm or operator from deploying into Openshift on most namespaces.
 
-Note if you are going to use CRC / On-prem to run the Operators you will need to ensure:
+To enable either the helm chart or operator to deploy into your Openshift cluster access to the `anyuid` security context constraint will need to be apply to the relevant service account in the associated namespace.
 
-``` 
- - create at least one Persistent volume of 200Gi per Artifactory node used in HA configuration
- - create at least 3 or more additional Persistent volumes 100Gi in size or more for Postgresql, Rabbitmq, and other components used.
-```
+Below is an example of applying the `anyuid` scc to the service account `openshiftartifactoryha-artifactory-ha` in the namespace `artifactory`:
 
-###### Openshift 4 Command Line Tools
+`oc adm policy add-scc-to-user anyuid -z openshiftartifactoryha-artifactory-ha -n artifactory`
 
-Download and install the Openshift command line tool: oc
+Once the `anyuid` scc has been applied to the correct service accounts the helm charts or operators will deploy into your Openshift cluster.
 
-[Getting Started with CLI](https://docs.openshift.com/container-platform/4.2/cli_reference/openshift_cli/getting-started-cli.html)
+## Custom User or Group Ids
 
-## Next Steps
+The images uploaded to `registry.redhat.connect.com` that the helm charts and operators use have been modified from the standard docker images available at `docker.bintray.io`
 
-To install JFrog Operators please use the web console's OperatorHub to install the official operators. This is the easiest way to install it. 
+These images have been customized to run in the Openshift user id and group id range of `1000720000/10000`
 
-If you wish to install the operator(s) locally please refer to the instructions that can be found in the README under artifactory-ha-operator.
+If you need to use another custom user id and/or group id range you can change the `uid` and `gid` values in `values.yaml` of the relevant helm chart or operator yaml deployment.
 
-## Helm Deployments
+## No Root Environments
 
-The necessary helm fixes for it to work in Openshift have been patched for each product in the following subfolders:
+Some environments do not allow root. In these scenarios users can remove the `customInitContainersBegin` from the example values.yaml below:
 
-Artifactory HA Helm Chart:
-```
-openshift-artifactory-ha
-```
+````text
+    customInitContainersBegin: |
+      - name: "prepare-uid-persistent-volume"
+        image: "{{ .Values.initContainerImage }}"
+        imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
+        command:
+          - 'sh'
+          - '-c'
+          - >
+            chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.persistence.mountPath }}
+        securityContext:
+            runAsUser: 0
+        volumeMounts:
+          - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
+            name: volume
+````
 
-Xray Helm Chart:
-``` 
-openshift-xray
-```
+Once this has been removed there is no other root user permissions are required to deploy into Openshift.
 
-However to use helm you will need to apply RunAsAny shown below:
+## Why are there different helm charts?
 
-```
-oc patch scc restricted --patch '{"fsGroup":{"type":"RunAsAny"},"runAsUser":{"type":"RunAsAny"},"seLinuxContext":{"type":"RunAsAny"}}' --type=merge
-```
+The charts in the helm folder are used specifically to create the helm based operator for the certification process to enable it into the Openshift Operatorhub as a certified operator.
 
-Once your cluster has been patched you can then deploy via helm using the openshift charts shown above.
+The `values.yaml` contained in those relevant charts have been modified to work in Redhat Openshift. The base chart however has not been changed only made a sub-chart.
+
+Helm users can reference the `values.yaml` to modify their own deployments to work with Openshift.
 
 ## Contributing
-Please read [CONTRIBUTING.md](JFrog-Cloud-Installers/Openshift4/artifactory-ha-operator/CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.
+Please read [CONTRIBUTING.md](JFrog-Cloud-Installers/Openshift4/CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.
 
 ## Versioning
 We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/jfrog/JFrog-Cloud-Installers/tags).
 
 ## Contact
 
-Github issues
+Github issues are the preferred way to communicate with the team. The team is notified via Slack when a new issue is created.

Openshift4/helm/openshift-artifactory-ha/README.md

@@ -1,6 +1,7 @@
 # JFrog Artifactory High Availability Helm Chart
 
 ## Openshift
+
 The Artifactory HA chart has been made a subchart of this chart.
 
 Note due to this change we now reference values through the subchart name as shown below:
@@ -22,18 +23,29 @@ This is due to helm referencing them through the subchart artifactory-ha now.
 To deploy this helm chart you will need to be a cluster admin w/ access to the anyuid scc.
 
 ````bash
-oc adm policy add-scc-to-user anyuid -z my_user_name
+oc adm policy add-scc-to-user anyuid -z my_service_account -n my_namespace
 ````
 
 ## Deploying the Helm Chart
 
-To deploy the helm chart from this folder first pull the dependency charts with:
+1. Deploy a Postgresql to use an external database. You can find additional information on how to configure your Postgresql database for Artifactory [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+the+Database).
+2. Run `helm dep build` to pull the subchart referenced by the `requirements.yaml`
+3. Update POSTGRES_HOST variable below and install `openshift-artifactory-ha` with the example commands:
 
 ````bash
-helm dep build
+POSTGRES_HOST=postgres-postgresql
+MASTER_KEY=$(openssl rand -hex 32)
+JOIN_KEY=$(openssl rand -hex 32)
+helm upgrade --install openshift-artifactory-ha . \
+               --set artifactory-ha.database.type=postgresql \
+               --set artifactory-ha.database.driver=org.postgresql.Driver \
+               --set artifactory-ha.database.url=jdbc:postgresql://$POSTGRES_HOST:5432/artifactory \
+               --set artifactory-ha.database.user=artifactory \
+               --set artifactory-ha.database.password=password \
+               --set artifactory-ha.artifactory.joinKey=$JOIN_KEY \
+               --set artifactory-ha.artifactory.masterKey=$MASTER_KEY
 ````
 
-
 ## Prerequisites Details
 
 * Kubernetes 1.12+

Openshift4/helm/openshift-xray/README.md

@@ -17,6 +17,38 @@ xray.xray.jfrogUrl
 
 This is due to helm referencing the value through the subchart named xray now.
 
+## Security Context Constraints
+
+To deploy this helm chart you will need to be a cluster admin w/ access to the anyuid scc.
+
+````bash
+oc adm policy add-scc-to-user anyuid -z my_service_account -n my_namespace
+````
+
+# Master and Join Key
+
+The master and join key used to deploy Artifactory must be supplied to Xray at the time of installation.
+
+## Deploying the Helm Chart
+
+1. Deploy a Postgresql to use an external database. You can find additional information on how to configure your Postgresql database [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+the+Database).
+2. Run `helm dep build` to pull the subchart referenced by the `requirements.yaml`
+3. Update POSTGRES_HOST, MASTER_KEY, JOIN_KEY variables below and install `openshift-xray` with the example commands:
+
+````bash
+POSTGRES_HOST=postgres-postgresql
+MASTER_KEY=my_artifactory_master_key
+JOIN_KEY=my_artifactory_join_key
+helm upgrade --install openshift-xray . \
+               --set xray.database.url=postgres://$POSTGRES_HOST:5432/xraydb?sslmode=disable \
+               --set xray.database.user=artifactory \
+               --set xray.database.password=password \
+               --set xray.xray.jfrogUrl=http://openshift-artifactory-ha-nginx" \
+               --set xray.xray.joinKey=$JOIN_KEY \
+               --set xray.xray.masterKey=$MASTER_KEY
+````
+
+
 ## Prerequisites Details
 
 * Kubernetes 1.12+

Openshift4/operator/artifactory-ha-operator/README.md

@@ -10,7 +10,7 @@ Openshift OperatorHub has the latest official supported Cluster Service Version
 To deploy this helm chart you will need to be a cluster admin w/ access to the anyuid scc.
 
 ````bash
-oc adm policy add-scc-to-user anyuid -z artifactory-ha-operator
+oc adm policy add-scc-to-user anyuid -z artifactory-ha-operator -n namespace
 ````
 
 ## Getting Started