zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 06:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

JFrog Pipelines v1.8.0 as Openshift helm and operator

Browse Source
This commit is contained in:
John Peterson
2020-10-12 10:19:10 -07:00
parent b47a777448
commit c19effd7e7
203 changed files with 20124 additions and 1479 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,13 @@
The Pipelines Dashboard can be accessed via URL:
{{- if (and .Values.pipelines.www.ingress.enabled .Values.pipelines.www.ingress.tls) }}
{{- range .Values.pipelines.www.ingress.hosts }}
https://{{ . }}
{{- end }}
{{- else if .Values.pipelines.www.ingress.enabled }}
{{- range .Values.pipelines.www.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
{{ .Values.pipelines.www.externalUrl }}
{{- end }}

116
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,116 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "pipelines.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "pipelines.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
The services name
*/}}
{{- define "pipelines.services.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-services" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The api name
*/}}
{{- define "pipelines.api.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-api" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The www name
*/}}
{{- define "pipelines.www.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-www" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The msg name
*/}}
{{- define "pipelines.msg.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-msg" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The vault name
*/}}
{{- define "pipelines.vault.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-vault" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "pipelines.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "pipelines.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "pipelines.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "pipelines.labels" -}}
helm.sh/chart: {{ include "pipelines.chart" . }}
{{ include "pipelines.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "pipelines.selectorLabels" -}}
app.kubernetes.io/name: {{ include "pipelines.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Set grcp url
*/}}
{{- define "pipelines.grpc.url" -}}
{{- if (hasPrefix "https://" .Values.pipelines.jfrogUrl) }}
{{- printf "%s" (tpl .Values.pipelines.jfrogUrl . ) | replace "https://" "" }}
{{- else if (hasPrefix "http://" .Values.pipelines.jfrogUrl) }}
{{- printf "%s" (tpl .Values.pipelines.jfrogUrl . ) | replace "http://" "" }}
{{- else }}
{{- printf "%s" (tpl .Values.pipelines.jfrogUrl . ) }}
{{- end }}
{{- end -}}

40
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/api-ingress.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.pipelines.api.ingress.enabled -}}
{{- $fullName := include "pipelines.api.name" . -}}
{{- $ingressPath := .Values.pipelines.api.ingress.path -}}
{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.api.name" . }}
{{- with .Values.pipelines.api.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pipelines.api.ingress.tls }}
tls:
{{- range .Values.pipelines.api.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.pipelines.api.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: api
{{- end }}
{{- end }}

33
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/api-service.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "pipelines.api.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.api.name" . }}
{{- if .Values.pipelines.api.service.annotations }}
annotations:
{{- range $key, $value := .Values.pipelines.api.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.pipelines.api.service.type }}
{{- if .Values.pipelines.api.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.pipelines.api.service.loadBalancerIP }}
{{- end }}
{{- if .Values.pipelines.api.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.pipelines.api.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- port: {{ .Values.pipelines.api.service.port }}
{{- if eq .Values.pipelines.api.service.type "NodePort" }}
nodePort: 30000
{{- end }}
targetPort: 30000
protocol: TCP
name: api
selector:
{{- include "pipelines.selectorLabels" . | nindent 4 }}
component: {{ include "pipelines.services.name" . }}

20
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/buildplane-config-aws.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.buildPlane.dynamic.provider.aws.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-config-aws
labels:
{{- include "pipelines.labels" . | nindent 4 }}
data:
provider: aws
accountId: {{ default "userId" .Values.buildPlane.dynamic.customer.accountId | quote }}
nodePoolName: {{ default .Values.buildPlane.dynamic.provider.aws.nodePoolName .Values.buildPlane.dynamic.customer.nodePoolName | quote }}
nodelimit: {{ default .Values.buildPlane.dynamic.provider.aws.nodelimit .Values.buildPlane.dynamic.customer.nodelimit | quote }}
setAsDefault: '"true"'
instanceType: {{ .Values.buildPlane.dynamic.provider.aws.instanceType | quote }}
securityGroupId: {{ .Values.buildPlane.dynamic.provider.aws.securityGroupId | quote }}
subnetId: {{ .Values.buildPlane.dynamic.provider.aws.subnetId | quote }}
keyPairName: {{ .Values.buildPlane.dynamic.provider.aws.keyPairName | quote }}
vpcId: {{ .Values.buildPlane.dynamic.provider.aws.vpcId | quote }}
region: {{ .Values.buildPlane.dynamic.provider.aws.region | quote }}
{{- end }}

19
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/buildplane-config-k8s.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.buildPlane.dynamic.provider.k8s.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-config-k8s
labels:
{{- include "pipelines.labels" . | nindent 4 }}
data:
provider: k8s
accountId: {{ default "userId" .Values.buildPlane.dynamic.customer.accountId | quote }}
nodePoolName: {{ default .Values.buildPlane.dynamic.provider.k8s.nodePoolName .Values.buildPlane.dynamic.customer.nodePoolName | quote }}
nodelimit: {{ default .Values.buildPlane.dynamic.provider.k8s.nodelimit .Values.buildPlane.dynamic.customer.nodelimit | quote }}
setAsDefault: '"true"'
cpu: {{ .Values.buildPlane.dynamic.provider.k8s.cpu | quote }}
memory: {{ .Values.buildPlane.dynamic.provider.k8s.memory | quote }}
namespace: {{ .Values.buildPlane.dynamic.provider.k8s.namespace | quote }}
labels: {{ .Values.buildPlane.dynamic.provider.k8s.labels | quote }}
storageClass: {{ .Values.buildPlane.dynamic.provider.k8s.storageClass | quote }}
{{- end }}

12
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/buildplane-secret-aws.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and .Values.buildPlane.dynamic.provider.aws.enabled ( not .Values.buildPlane.dynamic.provider.aws.existingSecret ) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-creds-aws
labels:
{{- include "pipelines.labels" . | nindent 4 }}
type: Opaque
data:
accessKey: {{ .Values.buildPlane.dynamic.provider.aws.accessKey | b64enc | quote }}
secretKey: {{ .Values.buildPlane.dynamic.provider.aws.secretKey | b64enc | quote }}
{{- end }}

11
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/buildplane-secret-k8s.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if and .Values.buildPlane.dynamic.provider.k8s.enabled ( not .Values.buildPlane.dynamic.provider.k8s.existingSecret ) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-creds-k8s
labels:
{{- include "pipelines.labels" . | nindent 4 }}
type: Opaque
data:
kubeconfig: {{ .Values.buildPlane.dynamic.provider.k8s.kubeconfig | quote }}
{{- end }}

20
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/database-secret.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and (not .Values.global.postgresql.existingSecret) (not .Values.postgresql.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pipelines.fullname" . }}-database
labels:
{{- include "pipelines.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Values.postgresql.enabled }}
postgresql-password: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }}
postgresql-url: {{ (printf "postgres://%s:%s@%s-postgresql:%v/%s?sslmode=disable" .Values.postgresql.postgresqlUsername .Values.postgresql.postgresqlPassword .Release.Name .Values.postgresql.service.port .Values.postgresql.postgresqlDatabase) | b64enc }}
{{- else if and (not .Values.postgresql.enabled) (.Values.global.postgresql.ssl) }}
postgresql-password: {{ tpl .Values.global.postgresql.password . | b64enc | quote }}
postgresql-url: {{ tpl (printf "postgres://%s:%s@%v:%v/%s?sslmode=require" .Values.global.postgresql.user .Values.global.postgresql.password .Values.global.postgresql.host .Values.global.postgresql.port .Values.global.postgresql.database) . | b64enc }}
{{- else }}
postgresql-password: {{ tpl .Values.global.postgresql.password . | b64enc | quote }}
postgresql-url: {{ tpl (printf "postgres://%s:%s@%v:%v/%s?sslmode=disable" .Values.global.postgresql.user .Values.global.postgresql.password .Values.global.postgresql.host .Values.global.postgresql.port .Values.global.postgresql.database) . | b64enc }}
{{- end }}
{{- end }}

11
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/filebeat-config.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.filebeat.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "pipelines.fullname" . }}-filebeat-config
labels:
{{- include "pipelines.labels" . | nindent 4 }}
data:
filebeat.yml: |
{{ tpl .Values.filebeat.filebeatYml . | indent 4 }}
{{- end -}}

10
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-configmaps.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{ if .Values.pipelines.configMaps }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "pipelines.fullname" . }}-configmaps
labels:
{{- include "pipelines.labels" . | nindent 4 }}
data:
{{ tpl .Values.pipelines.configMaps . | nindent 2 }}
{{ end -}}

20
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-hpa.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.pipelines.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "pipelines.services.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "pipelines.services.name" . }}
minReplicas: {{ .Values.pipelines.autoscaling.minReplicas }}
maxReplicas: {{ .Values.pipelines.autoscaling.maxReplicas }}
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.pipelines.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}

10
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-role.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "pipelines.fullname" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
rules:
{{ toYaml .Values.pipelines.rbac.role.rules }}
{{- end }}

16
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-rolebinding.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "pipelines.fullname" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "pipelines.fullname" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: {{ include "pipelines.fullname" . }}
{{- end }}

21
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-service-headless.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "pipelines.services.name" . }}-headless
labels:
{{- include "pipelines.labels" . | nindent 4 }}
spec:
type: ClusterIP
clusterIP: None
ports:
- port: {{ .Values.pipelines.api.service.port }}
targetPort: 30000
protocol: TCP
name: api
- port: {{ .Values.pipelines.www.service.port }}
targetPort: 30001
protocol: TCP
name: www
selector:
{{- include "pipelines.selectorLabels" . | nindent 4 }}
component: {{ include "pipelines.services.name" . }}

468
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-statefulset.yaml Normal file
View File

@@ -0,0 +1,468 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "pipelines.services.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
spec:
serviceName: {{ include "pipelines.services.name" . }}-headless
{{- if not .Values.pipelines.autoscaling.enabled }}
replicas: {{ .Values.pipelines.replicaCount }}
{{- end }}
updateStrategy:
type: {{ .Values.pipelines.updateStrategy }}
selector:
matchLabels:
{{- include "pipelines.selectorLabels" . | nindent 6 }}
component: {{ include "pipelines.services.name" . }}
template:
metadata:
labels:
{{- include "pipelines.selectorLabels" . | nindent 8 }}
component: {{ include "pipelines.services.name" . }}
annotations:
checksum/systemyaml: {{ include (print $.Template.BasePath "/pipelines-system-yaml.yaml") . | sha256sum }}
checksum/secretdb: {{ include (print $.Template.BasePath "/database-secret.yaml") . | sha256sum }}
checksum/secretaws: {{ include (print $.Template.BasePath "/buildplane-secret-aws.yaml") . | sha256sum }}
checksum/configaws: {{ include (print $.Template.BasePath "/buildplane-config-aws.yaml") . | sha256sum }}
checksum/secretk8s: {{ include (print $.Template.BasePath "/buildplane-secret-k8s.yaml") . | sha256sum }}
checksum/configk8s: {{ include (print $.Template.BasePath "/buildplane-config-k8s.yaml") . | sha256sum }}
checksum/configfilebeat: {{ include (print $.Template.BasePath "/filebeat-config.yaml") . | sha256sum }}
spec:
serviceAccountName: {{ include "pipelines.fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
{{- with .Values.pipelines.customInitContainersBegin }}
{{- tpl . $ | nindent 8 }}
{{- end }}
- name: copy-system-yaml
image: "{{ .Values.initContainer.image }}"
imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
command:
- '/bin/sh'
- '-c'
- >
echo "Copy system.yaml to {{ .Values.pipelines.mountPath }}";
cp -fv /tmp/etc/system.yaml {{ .Values.pipelines.mountPath }}/system.yaml;
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: systemyaml
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
- name: wait-for-vault
image: "{{ .Values.initContainer.image }}"
imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
command:
- 'sh'
- '-c'
- >
echo "Waiting for Vault to come up...";
{{- if .Values.vault.enabled }}
until nc -z -w 2 {{ include "pipelines.vault.name" . }} {{ .Values.vault.service.port }} && echo Vault ok; do
{{- else }}
until nc -z -w 2 {{ tpl .Values.global.vault.host . }} {{ .Values.global.vault.port }} && echo Vault ok; do
{{- end }}
sleep 2;
done;
- name: pipelines-installer
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.pipelinesInit.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
env:
- name: VAULT_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.global.vault.existingSecret | default (printf "%s" "root-vault-secret") }}
key: token
{{- if .Values.vault.enabled }}
- name: PIPELINES_SHARED_DB_CONNECTIONSTRING
valueFrom:
secretKeyRef:
name: {{ .Values.global.postgresql.existingSecret | default (printf "%s-%s" (include "pipelines.fullname" .) "database") }}
key: postgresql-url
{{- end }}
- name: PIPELINES_NODE_ID
valueFrom:
fieldRef:
fieldPath: "metadata.name"
command:
- 'sh'
- '-c'
- >
{{- if .Values.rabbitmq.enabled }}
echo "Waiting for RabbitMQ to come up...";
until nc -z -w 2 {{ .Release.Name }}-rabbitmq {{ .Values.rabbitmq.service.port }} && echo rabbitmq ok; do
sleep 2;
done;
{{- end }}
{{- if .Values.redis.enabled }}
echo "Waiting for Redis to come up...";
until nc -z -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.redisPort }} && echo redis ok; do
sleep 2;
done;
{{- end }}
sleep 20;
./pipelines-k8s;
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
{{- if .Values.buildPlane.dynamic.provider.aws.enabled }}
- name: buildplane-creds-aws
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-creds
readOnly: true
- name: buildplane-config-aws
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-config
readOnly: true
{{- end }}
{{- if .Values.buildPlane.dynamic.provider.k8s.enabled }}
- name: buildplane-creds-k8s
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-creds
readOnly: true
- name: buildplane-config-k8s
mountPath: {{ .Values.pipelines.mountPath }}/buildplane-config
readOnly: true
{{- end }}
{{- with .Values.pipelines.customInitContainers }}
{{- tpl . $ | nindent 8 }}
{{- end }}
containers:
{{- if .Values.filebeat.enabled }}
- name: {{ .Values.filebeat.name }}
image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}"
imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }}
args:
- "-e"
- "-E"
- "http.enabled=true"
securityContext:
runAsUser: 0
resources:
{{ toYaml .Values.filebeat.resources | nindent 12 }}
volumeMounts:
- name: filebeat-config
mountPath: /usr/share/filebeat/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- end }}
- name: router
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.router.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.router.image.pullPolicy }}
env:
{{- if not .Values.router.routerConfiguration }}
- name: JF_ROUTER_SERVICEREGISTRY_URL
value: "{{ tpl .Values.pipelines.jfrogUrl . }}/access"
{{- end }}
- name: JF_ROUTER_SERVICEREGISTRY_GRPCADDRESS
value: "{{ include "pipelines.grpc.url" . }}"
- name: JF_ROUTER_ENTRYPOINTS_INTERNALPORT
value: "{{ .Values.pipelines.router.internalPort }}"
- name: JF_ROUTER_ENTRYPOINTS_EXTERNALPORT
value: "{{ .Values.pipelines.router.externalPort }}"
- name: JF_ROUTER_LOGGING_ROUTER_LOGLEVEL
value: "DEBUG"
- name: JF_SHARED_NODE_ID
valueFrom:
fieldRef:
fieldPath: "metadata.name"
- name: JF_SHARED_NODE_IP
valueFrom:
fieldRef:
fieldPath: "status.podIP"
- name: JF_SHARED_SECURITY_JOINKEY
value: "{{ .Values.pipelines.joinKey }}"
- name: JF_ROUTER_ENCRYPTSYSTEMCONFIG
value: "true"
ports:
- name: router
containerPort: {{ .Values.pipelines.router.internalPort }}
securityContext:
allowPrivilegeEscalation: false
resources:
{{ toYaml .Values.pipelines.router.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.router.mountPath }}
- name: api
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.api.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.api.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
env:
- name: PIPELINES_NODE_ID
valueFrom:
fieldRef:
fieldPath: "metadata.name"
ports:
- name: api
containerPort: 30000
{{- if .Values.pipelines.api.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.pipelines.api.livenessProbe.path}}
port: {{ .Values.pipelines.api.livenessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.api.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.api.livenessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.api.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.api.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.api.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.pipelines.api.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.pipelines.api.readinessProbe.path}}
port: {{ .Values.pipelines.api.readinessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.api.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.api.readinessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.api.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.api.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.api.readinessProbe.successThreshold }}
{{- end }}
resources:
{{- toYaml .Values.pipelines.api.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- with .Values.pipelines.customVolumeMounts }}
{{ tpl . $ | nindent 10 }}
{{- end }}
- name: www
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.www.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.www.image.pullPolicy }}
ports:
- name: www
containerPort: 30001
{{- if .Values.pipelines.www.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.pipelines.www.livenessProbe.path}}
port: {{ .Values.pipelines.www.livenessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.www.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.www.livenessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.www.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.www.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.www.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.pipelines.www.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.pipelines.www.readinessProbe.path}}
port: {{ .Values.pipelines.www.readinessProbe.port}}
initialDelaySeconds: {{ .Values.pipelines.www.readinessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.pipelines.www.readinessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.pipelines.www.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.pipelines.www.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.pipelines.www.readinessProbe.successThreshold }}
{{- end }}
resources:
{{- toYaml .Values.pipelines.www.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- with .Values.pipelines.customVolumeMounts }}
{{ tpl . $ | indent 10 }}
{{- end }}
- name: pipelinesync
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.pipelineSync.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.pipelineSync.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync
securityContext:
allowPrivilegeEscalation: false
runAsUser: 0
env:
- name: COMPONENT
value: pipelinesync
resources:
{{- toYaml .Values.pipelines.pipelineSync.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: runtrigger
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.runTrigger.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.runTrigger.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/runTrigger
env:
- name: COMPONENT
value: runtrigger
resources:
{{- toYaml .Values.pipelines.runTrigger.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: steptrigger
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.stepTrigger.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.stepTrigger.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/stepTrigger
env:
- name: COMPONENT
value: steptrigger
resources:
{{- toYaml .Values.pipelines.stepTrigger.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: cron
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.cron.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.cron.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/cron
env:
- name: COMPONENT
value: cron
resources:
{{- toYaml .Values.pipelines.cron.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: nexec
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.nexec.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.nexec.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/nexec
env:
- name: COMPONENT
value: nexec
resources:
{{- toYaml .Values.pipelines.nexec.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: hookhandler
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.hookHandler.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.hookHandler.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/hookHandler
env:
- name: COMPONENT
value: hookhandler
resources:
{{- toYaml .Values.pipelines.hookHandler.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: marshaller
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.marshaller.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.marshaller.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/marshaller
env:
- name: COMPONENT
value: marshaller
resources:
{{- toYaml .Values.pipelines.marshaller.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: logup
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.logup.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.logup.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/logup
env:
- name: COMPONENT
value: logup
resources:
{{- toYaml .Values.pipelines.logup.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
- name: extensionsync
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.extensionSync.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.extensionSync.image.pullPolicy }}
workingDir: /opt/jfrog/pipelines/app/micro/extensionSync
env:
- name: COMPONENT
value: extensionsync
resources:
{{- toYaml .Values.pipelines.extensionSync.resources | nindent 12 }}
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: jfrog-pipelines-logs
mountPath: {{ .Values.pipelines.logPath }}
{{- with .Values.pipelines.customSidecarContainers }}
{{ tpl . $ | nindent 8 }}
{{- end }}
{{- with .Values.pipelines.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.pipelines.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.pipelines.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- with .Values.pipelines.customVolumes }}
{{ tpl . $ | nindent 6 }}
{{- end }}
- name: jfrog-pipelines-folder
emptyDir: {}
- name: jfrog-pipelines-logs
emptyDir: {}
- name: systemyaml
secret:
secretName: {{ .Values.existingSecret | default (printf "%s-%s" (include "pipelines.fullname" .) "system-yaml") }}
{{- if .Values.pipelines.configMaps }}
- name: pipelines-configmaps
configMap:
name: {{ include "pipelines.fullname" . }}-configmaps
{{- end }}
{{- if .Values.buildPlane.dynamic.provider.aws.enabled }}
- name: buildplane-creds-aws
secret:
secretName: {{ .Values.buildPlane.dynamic.provider.aws.existingSecret | default (printf "%s-dynamic-buildplane-creds-aws" (include "pipelines.fullname" .)) }}
- name: buildplane-config-aws
configMap:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-config-aws
{{- end }}
{{- if .Values.buildPlane.dynamic.provider.k8s.enabled }}
- name: buildplane-creds-k8s
secret:
secretName: {{ .Values.buildPlane.dynamic.provider.k8s.existingSecret | default (printf "%s-dynamic-buildplane-creds-k8s" (include "pipelines.fullname" .)) }}
- name: buildplane-config-k8s
configMap:
name: {{ include "pipelines.fullname" . }}-dynamic-buildplane-config-k8s
{{- end }}
{{- if .Values.filebeat.enabled }}
- name: filebeat-config
configMap:
name: {{ include "pipelines.fullname" . }}-filebeat-config
{{- end }}

13
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/pipelines-system-yaml.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pipelines.fullname" . }}-system-yaml
labels:
{{- include "pipelines.labels" . | nindent 4 }}
type: Opaque
data:
stringData:
system.yaml: |
{{ tpl .Values.pipelines.systemYaml . | indent 4 }}
{{- end }}

12
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/rabbitmq-secret.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if and (not .Values.rabbitmq.rabbitmq.existingErlangSecret) (not .Values.rabbitmq.rabbitmq.existingPasswordSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "pipelines.fullname" . }}-rabbitmq-secret
labels:
{{- include "pipelines.labels" . | nindent 4 }}
type: Opaque
data:
rabbitmq-erlang-cookie: {{ .Values.rabbitmq.rabbitmq.erlangCookie | b64enc | quote }}
rabbitmq-password: {{ .Values.rabbitmq.rabbitmq.password | b64enc | quote }}
{{- end }}

34
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/rabbitmq-service-vm-int-lb.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if and (.Values.rabbitmq.serviceVmLb.enabled) (.Values.rabbitmq.serviceVmLb.loadBalancerIP) }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "pipelines.name" . }}-rabbitmq-vm-int-lb
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: rabbitmq-vm-int-lb
{{- if (.Values.rabbitmq.serviceVmLb.annotations) }}
annotations:
{{- range $key, $value := .Values.rabbitmq.serviceVmLb.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: LoadBalancer
loadBalancerIP: {{ .Values.rabbitmq.serviceVmLb.loadBalancerIP }}
{{- if (.Values.rabbitmq.serviceVmLb.loadBalancerSourceRanges) }}
loadBalancerSourceRanges:
{{ toYaml (.Values.rabbitmq.serviceVmLb.loadBalancerSourceRanges) | indent 4 }}
{{- end }}
ports:
- name: stats
port: 15672
protocol: TCP
targetPort: stats
- name: amqp
port: 5672
protocol: TCP
targetPort: amqp
selector:
app: rabbitmq
release: {{ .Release.Name }}
{{- end }}

6
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "pipelines.fullname" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}

10
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-configmaps.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if and .Values.vault.enabled .Values.vault.configMaps }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "pipelines.vault.name" . }}-configmaps
labels:
{{- include "pipelines.labels" . | nindent 4 }}
data:
{{ tpl .Values.vault.configMaps . | nindent 2 }}
{{- end }}

11
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-role.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if and .Values.vault.enabled .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "pipelines.vault.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
rules:
{{ toYaml .Values.vault.rbac.role.rules }}
{{- end }}

16
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-rolebinding.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if and .Values.vault.enabled .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "pipelines.vault.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "pipelines.vault.name" . }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: {{ include "pipelines.vault.name" . }}
{{- end }}

11
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if and (not .Values.global.vault.existingSecret) (not .Values.vault.enabled) }}
apiVersion: v1
kind: Secret
metadata:
name: root-vault-secret
labels:
{{- include "pipelines.labels" . | nindent 4 }}
type: Opaque
data:
token: {{ tpl .Values.global.vault.token . | b64enc | quote }}
{{- end }}

23
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-service-headless.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.vault.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "pipelines.vault.name" . }}-headless
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: {{ .Values.vault.service.port }}
targetPort: 30100
protocol: TCP
- name: server
port: 30101
protocol: TCP
selector:
{{- include "pipelines.selectorLabels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
{{- end }}

22
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-service.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if .Values.vault.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "pipelines.vault.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
spec:
type: ClusterIP
ports:
- name: http
port: {{ .Values.vault.service.port }}
targetPort: 30100
protocol: TCP
- name: server
port: 30101
protocol: TCP
selector:
{{- include "pipelines.selectorLabels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
{{- end }}

9
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- if .Values.vault.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "pipelines.vault.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
{{- end }}

197
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/vault-statefulset.yaml Normal file
View File

@@ -0,0 +1,197 @@
{{- if .Values.vault.enabled }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "pipelines.vault.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.vault.name" . }}
spec:
serviceName: {{ include "pipelines.vault.name" . }}-headless
replicas: 1
updateStrategy:
type: {{ .Values.vault.updateStrategy }}
selector:
matchLabels:
{{- include "pipelines.selectorLabels" . | nindent 6 }}
component: {{ include "pipelines.vault.name" . }}
template:
metadata:
labels:
{{- include "pipelines.selectorLabels" . | nindent 8 }}
component: {{ include "pipelines.vault.name" . }}
spec:
serviceAccountName: {{ include "pipelines.vault.name" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
{{- with .Values.vault.customInitContainersBegin }}
{{- tpl . $ | nindent 8 }}
{{- end }}
- name: config
image: '{{ .Values.initContainer.image }}'
imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
env:
- name: PIPELINES_SHARED_DB_CONNECTIONSTRING
valueFrom:
secretKeyRef:
name: {{ .Values.global.postgresql.existingSecret | default (printf "%s-%s" (include "pipelines.fullname" .) "database") }}
key: postgresql-url
command: ["/bin/sh", "-c"]
args:
- |
cat > /etc/vault/config/vault.hcl <<EOF
listener "tcp" {
address = "0.0.0.0:30100"
tls_disable = 1
}
storage "postgresql" {
connection_url = "${PIPELINES_SHARED_DB_CONNECTIONSTRING}"
}
max_lease_ttl = "768h"
disable_mlock = {{ .Values.vault.disablemlock }}
EOF
volumeMounts:
- name: vault-config
mountPath: /etc/vault/config
- name: wait-for-db
image: '{{ .Values.initContainer.image }}'
imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
command:
- 'sh'
- '-c'
- >
echo "Waiting for Postgres to come up...";
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
until nc -z -w 2 {{ tpl .Values.global.postgresql.host . }} {{ .Values.global.postgresql.port }} && echo database ok; do
{{- end }}
sleep 2;
done;
sleep 10;
- name: create-vault-table
image: "{{ .Values.imageRegistry }}/{{ .Values.pipelines.pipelinesInit.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.pipelines.pipelinesInit.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | nindent 12 }}
env:
- name: PIPELINES_SHARED_DB_CONNECTIONSTRING
valueFrom:
secretKeyRef:
name: {{ .Values.global.postgresql.existingSecret | default (printf "%s-%s" (include "pipelines.fullname" .) "database") }}
key: postgresql-url
command:
- 'sh'
- '-c'
- >
echo "Copy system.yaml to {{ .Values.pipelines.mountPath }}";
cp -fv /tmp/etc/system.yaml {{ .Values.pipelines.mountPath }}/system.yaml;
echo "Creating Vault Table...";
./pipelines-k8s initVault;
volumeMounts:
- name: jfrog-pipelines-folder
mountPath: {{ .Values.pipelines.mountPath }}
- name: systemyaml
mountPath: "/tmp/etc/system.yaml"
subPath: system.yaml
{{- with .Values.vault.customInitContainers }}
{{- tpl . $ | nindent 8 }}
{{- end }}
containers:
- name: vault-init
image: "{{ .Values.imageRegistry }}/{{ .Values.vault.init.image.repository }}:{{ default .Chart.AppVersion .Values.pipelines.version }}"
imagePullPolicy: {{ .Values.vault.init.image.pullPolicy }}
env:
- name: CHECK_INTERVAL
value: "10s"
- name: VAULT_NAMESPACE
value: {{ .Release.Namespace }}
- name: VAULT_ADDRESS
value: "http://localhost:30100"
resources:
requests:
memory: 10Mi
cpu: 10m
limits:
memory: 50Mi
cpu: 50m
- name: vault
image: "{{ .Values.vault.image.repository }}:{{ .Values.vault.image.tag }}"
imagePullPolicy: {{ .Values.vault.image.pullPolicy }}
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: "status.podIP"
- name: "VAULT_API_ADDR"
value: "http://$(POD_IP):30100"
- name: "VAULT_CLUSTER_ADDR"
value: "http://$(POD_IP):30101"
args:
- "server"
- "-config=/etc/vault/config/vault.hcl"
ports:
- name: http
containerPort: 30100
protocol: "TCP"
- name: server
containerPort: 30101
protocol: "TCP"
readinessProbe:
httpGet:
path: "/v1/sys/health?standbyok=true"
port: 30100
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
resources:
{{- toYaml .Values.vault.resources | nindent 12 }}
securityContext:
capabilities:
add:
- IPC_LOCK
volumeMounts:
- name: vault-config
mountPath: /etc/vault/config
{{- with .Values.vault.customVolumeMounts }}
{{ tpl . $ | indent 12 }}
{{- end }}
{{- with .Values.vault.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.vault.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.vault.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
{{- with .Values.vault.customVolumes }}
{{ tpl . $ | nindent 8 }}
{{- end }}
- name: vault-config
emptyDir: {}
- name: jfrog-pipelines-folder
emptyDir: {}
- name: systemyaml
secret:
secretName: {{ .Values.existingSecret | default (printf "%s-%s" (include "pipelines.fullname" .) "system-yaml") }}
{{- if .Values.vault.configMaps }}
- name: vault-configmaps
configMap:
name: {{ include "pipelines.vault.name" . }}-configmaps
{{- end }}
{{- end }}

40
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/www-ingress.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.pipelines.www.ingress.enabled }}
{{- $fullName := include "pipelines.www.name" . -}}
{{- $ingressPath := .Values.pipelines.www.ingress.path -}}
{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.www.name" . }}
{{- with .Values.pipelines.www.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pipelines.www.ingress.tls }}
tls:
{{- range .Values.pipelines.www.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.pipelines.www.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: www
{{- end }}
{{- end }}

33
Openshift4/helm/openshift-pipelines/charts/pipelines/templates/www-service.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "pipelines.www.name" . }}
labels:
{{- include "pipelines.labels" . | nindent 4 }}
component: {{ include "pipelines.www.name" . }}
{{- if .Values.pipelines.www.service.annotations }}
annotations:
{{- range $key, $value := .Values.pipelines.www.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.pipelines.www.service.type }}
{{- if .Values.pipelines.www.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.pipelines.www.service.loadBalancerIP }}
{{- end }}
{{- if .Values.pipelines.www.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.pipelines.www.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
- port: {{ .Values.pipelines.www.service.port }}
{{- if eq .Values.pipelines.www.service.type "NodePort" }}
nodePort: 30001
{{- end }}
targetPort: 30001
protocol: TCP
name: www
selector:
{{- include "pipelines.selectorLabels" . | nindent 4 }}
component: {{ include "pipelines.services.name" . }}