Artifactory 7.12.6 and Xray 3.15.1 for Openshift

2026-01-21 05:06:56 -06:00 · 2021-01-17 11:31:35 -08:00
parent 67851b0f03
commit b9862ca181
21 changed files with 583 additions and 100 deletions
--- a/Openshift4/operator/artifactory-ha-operator/Dockerfile
+++ b/Openshift4/operator/artifactory-ha-operator/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM quay.io/operator-framework/helm-operator:v1.0.1
+FROM quay.io/operator-framework/helm-operator:v1.3.0
 LABEL name="JFrog Artifactory Enterprise Operator" \
      description="Openshift operator to deploy JFrog Artifactory Enterprise based on the Red Hat Universal Base Image." \
      vendor="JFrog" \
--- a/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/manifests/artifactory-ha-operator.v1.1.5.clusterserviceversion.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/manifests/artifactory-ha-operator.v1.1.5.clusterserviceversion.yaml
--- a/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/manifests/openshiftartifactoryhas.charts.helm.k8s.io.crd.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/manifests/openshiftartifactoryhas.charts.helm.k8s.io.crd.yaml
@@ -0,0 +1,29 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  name: openshiftartifactoryhas.charts.helm.k8s.io
+spec:
+  group: charts.helm.k8s.io
+  names:
+    kind: OpenshiftArtifactoryHa
+    listKind: OpenshiftArtifactoryHaList
+    plural: openshiftartifactoryhas
+    singular: openshiftartifactoryha
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ''
+    plural: ''
+  conditions: null
+  storedVersions: null
--- a/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/metadata/annotations.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/metadata/annotations.yaml
@@ -0,0 +1,12 @@
+annotations:
+  operators.operatorframework.io.bundle.channel.default.v1: alpha
+  operators.operatorframework.io.bundle.channels.v1: alpha
+  operators.operatorframework.io.bundle.manifests.v1: manifests/
+  operators.operatorframework.io.bundle.mediatype.v1: registry+v1
+  operators.operatorframework.io.bundle.metadata.v1: metadata/
+  operators.operatorframework.io.bundle.package.v1: openshiftartifactoryha-operator
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.3.0
+  operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
+  operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1
+  operators.operatorframework.io.test.config.v1: tests/scorecard/
+  operators.operatorframework.io.test.mediatype.v1: scorecard+v1
--- a/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/metadata/openshiftartifactoryha-operator.package.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/metadata/openshiftartifactoryha-operator.package.yaml
@@ -0,0 +1,5 @@
+channels:
+- currentCSV: artifactory-ha-operator.v1.1.5
+  name: alpha
+defaultChannel: ''
+packageName: openshiftartifactoryha-operator
--- a/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/tests/scorecard/config.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/bundle/1.1.5/tests/scorecard/config.yaml
@@ -0,0 +1,43 @@
+kind: Configuration
+apiversion: scorecard.operatorframework.io/v1alpha3
+metadata:
+  name: config
+stages:
+- parallel: true
+  tests:
+  - image: quay.io/operator-framework/scorecard-test:latest
+    entrypoint:
+    - scorecard-test
+    - basic-check-spec
+    labels:
+      suite: basic
+      test: basic-check-spec-test
+  - image: quay.io/operator-framework/scorecard-test:latest
+    entrypoint:
+    - scorecard-test
+    - olm-bundle-validation
+    labels:
+      suite: olm
+      test: olm-bundle-validation-test
+  - image: quay.io/operator-framework/scorecard-test:latest
+    entrypoint:
+    - scorecard-test
+    - olm-crds-have-validation
+    labels:
+      suite: olm
+      test: olm-crds-have-validation-test
+  - image: quay.io/operator-framework/scorecard-test:latest
+    entrypoint:
+    - scorecard-test
+    - olm-crds-have-resources
+    labels:
+      suite: olm
+      test: olm-crds-have-resources-test
+  - image: quay.io/operator-framework/scorecard-test:latest
+    entrypoint:
+    - scorecard-test
+    - olm-spec-descriptors
+    labels:
+      suite: olm
+      test: olm-spec-descriptors-test
+
--- a/Openshift4/operator/artifactory-ha-operator/bundle/bundle-1.1.5.Dockerfile
+++ b/Openshift4/operator/artifactory-ha-operator/bundle/bundle-1.1.5.Dockerfile
@@ -0,0 +1,19 @@
+FROM scratch
+
+LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
+LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
+LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
+LABEL operators.operatorframework.io.bundle.package.v1=openshiftartifactoryha-operator
+LABEL operators.operatorframework.io.bundle.channels.v1=alpha
+LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.3.0
+LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
+LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1
+LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
+LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
+
+COPY 1.1.5/manifests /manifests/
+COPY 1.1.5/metadata /metadata/
+LABEL com.redhat.openshift.versions="v4.5,v4.6"
+LABEL com.redhat.delivery.operator.bundle=true
+LABEL com.redhat.delivery.backport=true
--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/CHANGELOG.md
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/CHANGELOG.md
@@ -1,6 +1,12 @@
 # JFrog  Openshift Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.

+## [4.7.6] - Jan 11, 2021
+* Updating to latest jfrog/artifactory-ha helm chart version 4.7.6 artifactory version 7.12.6
+
+## [4.5.5] - Dec 18, 2020
+* Updating to latest jfrog/artifactory-ha helm chart version 4.5.5 artifactory version 7.11.5
+
 ## [4.5.4] - Dec 2, 2020
 * Updating to latest jfrog/artifactory-ha helm chart version 4.5.4 artifactory version 7.11.5

--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 7.11.5
+appVersion: 7.12.6
 description: Openshift JFrog Artifactory HA subcharting Artifactory HA to work in Openshift environment
 home: https://www.jfrog.com/artifactory/
 icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png
@@ -16,4 +16,4 @@ name: openshift-artifactory-ha
 sources:
 - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
 - https://github.com/jfrog/charts
-version: 4.5.4
+version: 4.7.6
--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/README.md
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/README.md
@@ -1,6 +1,7 @@
 # JFrog Artifactory High Availability Helm Chart

 ## Openshift
+
 The Artifactory HA chart has been made a subchart of this chart.

 Note due to this change we now reference values through the subchart name as shown below:
@@ -22,7 +23,27 @@ This is due to helm referencing them through the subchart artifactory-ha now.
 To deploy this helm chart you will need to be a cluster admin w/ access to the anyuid scc.

 ````bash
-oc adm policy add-scc-to-user anyuid -z my_user_name
+oc adm policy add-scc-to-user anyuid -z my_service_account -n my_namespace
+````
+
+## Deploying the Helm Chart
+
+1. Deploy a Postgresql to use an external database. You can find additional information on how to configure your Postgresql database for Artifactory [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+the+Database).
+2. Run `helm dep build` to pull the subchart referenced by the `requirements.yaml`
+3. Update POSTGRES_HOST variable below and install `openshift-artifactory-ha` with the example commands:
+
+````bash
+POSTGRES_HOST=postgres-postgresql
+MASTER_KEY=$(openssl rand -hex 32)
+JOIN_KEY=$(openssl rand -hex 32)
+helm upgrade --install openshift-artifactory-ha . \
+               --set artifactory-ha.database.type=postgresql \
+               --set artifactory-ha.database.driver=org.postgresql.Driver \
+               --set artifactory-ha.database.url=jdbc:postgresql://$POSTGRES_HOST:5432/artifactory \
+               --set artifactory-ha.database.user=artifactory \
+               --set artifactory-ha.database.password=password \
+               --set artifactory-ha.artifactory.joinKey=$JOIN_KEY \
+               --set artifactory-ha.artifactory.masterKey=$MASTER_KEY
 ````

 ## Prerequisites Details
--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helminstall.sh
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helminstall.sh
@@ -1,65 +0,0 @@
-#!/usr/bin/env bash
-
-# PreReq'd:
-# helm install postgres bitnami/postgresql
-# follow artifactory postgresql db setup:
-# https://www.jfrog.com/confluence/display/JFROG/PostgreSQL
-POSTGRES=$(helm ls | grep postgres | wc -l)
-
-if [[ "$POSTGRES" =~ (0) ]]
-then
-  echo "External DB is required to run Jfrog Openshift Artifactory Helm chart"
-  echo ""
-  echo "Postgresql helm chart must be installed prior to installing this helm installer script."
-  echo ""
-  echo "helm install postgres bitnami/postgresql"
-  echo ""
-  echo "follow artifactory postgresql db setup:"
-  echo "https://www.jfrog.com/confluence/display/JFROG/PostgreSQL"
-  exit 1
-else
-  if [[ -z "$1" ]]
-  then
-    echo "Installing Jfrog Artifactory Openshift Helm"
-  else
-    echo "Patching Environment for RunAsAnyUid"
-    # patch the restricted scc to allow the pods to run as anyuid
-    oc patch scc restricted --patch '{"fsGroup":{"type":"RunAsAny"},"runAsUser":{"type":"RunAsAny"},"seLinuxContext":{"type":"RunAsAny"}}' --type=merge
-    if [[ -f "artifactory.cluster.license" ]]
-    then
-      echo "Creating k8s secret for Artifactory cluster licenses from file: artifactory.cluster.license"
-      # create the license secret
-      oc create secret generic artifactory-license --from-file=artifactory.cluster.license
-    fi
-    
-    if [[ -f "tls.crt" ]]
-    then
-      echo "Creating k8s secret for TLS tls-ingress from files tls.crt & tls.key"
-      # create the tls secret
-      oc create secret tls tls-ingress --cert=tls.crt --key=tls.key
-    fi
-  fi
-fi
-
-MASTER_KEY=$(openssl rand -hex 32)
-JOIN_KEY=$(openssl rand -hex 32)
-
-# install via helm with default postgresql configuration
-helm install artifactory-ha . \
-               --set artifactory-ha.nginx.service.ssloffload=true \
-               --set artifactory-ha.nginx.tlsSecretName=tls-ingress \
-               --set artifactory-ha.artifactory.node.replicaCount=1 \
-               --set artifactory-ha.artifactory.license.secret=artifactory-license,artifactory-ha.artifactory.license.dataKey=artifactory.cluster.license \
-               --set artifactory-ha.database.type=postgresql \
-               --set artifactory-ha.database.driver=org.postgresql.Driver \
-               --set artifactory-ha.database.url=jdbc:postgresql://postgres-postgresql:5432/artifactory \
-               --set artifactory-ha.database.user=artifactory \
-               --set artifactory-ha.database.password=password \
-               --set artifactory-ha.artifactory.joinKey=$JOIN_KEY \
-               --set artifactory-ha.artifactory.masterKey=$MASTER_KEY
-
-
-echo "*** IMPORTANT ****"
-echo "export MASTER_KEY=$MASTER_KEY"
-echo "export JOIN_KEY=$JOIN_KEY"
-echo "*** SUCCESS ****"
--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helmupgrade.sh
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helmupgrade.sh
@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-# install via helm with default postgresql configuration
-helm upgrade --install artifactory-ha . \
-               --set artifactory-ha.nginx.service.ssloffload=true \
-               --set artifactory-ha.nginx.tlsSecretName=tls-ingress \
-               --set artifactory-ha.artifactory.node.replicaCount=1 \
-               --set artifactory-ha.artifactory.license.secret=artifactory-license,artifactory-ha.artifactory.license.dataKey=artifactory.cluster.license \
-               --set artifactory-ha.database.type=postgresql \
-               --set artifactory-ha.database.driver=org.postgresql.Driver \
-               --set artifactory-ha.database.url=jdbc:postgresql://postgres-postgresql:5432/artifactory \
-               --set artifactory-ha.database.user=artifactory \
-               --set artifactory-ha.database.password=password \
-               --set artifactory-ha.artifactory.joinKey=$JOIN_KEY \
-               --set artifactory-ha.artifactory.masterKey=$MASTER_KEY \
-               --set artifactory-ha.databaseUpgradeReady=true
-
--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.lock
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: artifactory-ha
  repository: https://charts.jfrog.io/
-  version: 4.5.4
-digest: sha256:a1206fb1e2339a524d11c7ccff47216e426e1d475508430b670fac9f0ec81ddf
-generated: "2020-12-02T16:39:18.100741-08:00"
+  version: 4.7.6
+digest: sha256:f3e6b2b4494175cbadde85700458d8e3383ebb6e9c9a3c9cda19136bc55f4187
+generated: "2021-01-11T11:49:29.797662-08:00"
--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.yaml
@@ -1,4 +1,4 @@
 dependencies:
  - name: artifactory-ha
-    version: 4.5.4
+    version: 4.7.6
    repository: https://charts.jfrog.io/
--- a/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml
+++ b/Openshift4/operator/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml
@@ -10,7 +10,7 @@ artifactory-ha:
    url: "OVERRIDE"
    user: "OVERRIDE"
    password: "OVERRIDE"
-  initContainerImage: registry.connect.redhat.com/jfrog/init:7.11.5-1
+  initContainerImage: registry.connect.redhat.com/jfrog/init:7.12.6-1
  waitForDatabase: true
  installerInfo: '{ "productId": "Openshift_artifactory-ha/{{ .Chart.Version }}", "features": [ { "featureId": "ArtifactoryVersion/{{ default .Chart.AppVersion .Values.artifactory.image.version }}" }, { "featureId": "{{ if .Values.postgresql.enabled }}postgresql{{ else }}{{ .Values.database.type }}{{ end }}/0.0.0" }, { "featureId": "Platform/Openshift" }, { "featureId": "Partner/ACC-006983" }, { "featureId": "Channel/Openshift" } ] }'
  artifactory:
@@ -19,7 +19,7 @@ artifactory-ha:
    image:
      registry: registry.connect.redhat.com
      repository: jfrog/artifactory-pro
-      tag: 7.11.5-1
+      tag: 7.12.6-1
    node:
      replicaCount: 2
      waitForPrimaryStartup:
--- a/Openshift4/operator/xray-operator/bundle/1.1.6/manifests/xray-operator.v1.1.6.clusterserviceversion.yaml
+++ b/Openshift4/operator/xray-operator/bundle/1.1.6/manifests/xray-operator.v1.1.6.clusterserviceversion.yaml
@@ -159,6 +159,7 @@ spec:

    Openshift Operator to deploy JFrog Xray Continuous Security scanner into your Openshift cluster.

+    NOTE: Artifactory is required for JFrog Xray to connect with and scan artifacts against.

    ## Security Context Constraints

@@ -222,6 +223,11 @@ spec:
    JFROG_URL is the external ip or DNS of your Artifactory to connect Xray to. Artifactory
    is required to use this operator.

+    You can set your JFROG_URL to the service name of your Artifactory Nginx:
+
+    ```
+    oc get svc -n my_namespace | grep nginx
+    ```

    DATABASE_URL must be a Postgresql URL in the format: