diff --git a/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml b/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml index b6f8cec..bdc896e 100644 --- a/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml +++ b/Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml @@ -760,7 +760,8 @@ spec: internalPort: 443 image: pullPolicy: IfNotPresent - repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro + #repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro + repository: registry.redhat.io/rhel8/nginx-116 labels: {} livenessProbe: enabled: true @@ -819,7 +820,7 @@ spec: #tcp_nopush on; keepalive_timeout 65; #gzip on; - include /etc/nginx/conf.d/*.conf; + include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf; } name: nginx nodeSelector: {} diff --git a/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml b/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml index de12846..2876eaf 100644 --- a/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml +++ b/Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml @@ -583,7 +583,7 @@ metadata: ] capabilities: Basic Install name: artifactory-ha-operator.v1.0.0 - namespace: placeholder + namespace: jfrog-artifactory spec: apiservicedefinitions: {} customresourcedefinitions: {} @@ -729,6 +729,17 @@ spec: - update - watch serviceAccountName: artifactory-ha-operator + clusterPermissions: + - rules: + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - anyuid + verbs: + - use + serviceAccountName: artifactory-ha-operator strategy: deployment installModes: - supported: true diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml index 0c34ad8..f6c3215 100755 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml +++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml @@ -21,4 +21,4 @@ name: openshift-artifactory-ha sources: - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view - https://github.com/jfrog/charts -version: 2.0.25 +version: 2.0.31 diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/charts/artifactory-ha-2.0.25.tgz b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/charts/artifactory-ha-2.0.25.tgz deleted file mode 100644 index a3f1ca8..0000000 Binary files a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/charts/artifactory-ha-2.0.25.tgz and /dev/null differ diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/charts/artifactory-ha-2.0.31.tgz b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/charts/artifactory-ha-2.0.31.tgz new file mode 100644 index 0000000..20a8569 Binary files /dev/null and b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/charts/artifactory-ha-2.0.31.tgz differ diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helminstall.sh b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helminstall.sh index b7e77bc..d6767a7 100755 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helminstall.sh +++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helminstall.sh @@ -3,8 +3,7 @@ if [[ -z "$1" ]] then echo "Skipping creation of persistent volume examples. Ensure there is available PVs 200Gi per node for HA." -else - oc create -f pv-examples/ +else oc new-project jfrog-artifactory oc create serviceaccount svcaccount -n jfrog-artifactory oc adm policy add-scc-to-user privileged system:serviceaccount:jfrog-artifactory:svcaccount @@ -25,6 +24,5 @@ fi # install via helm helm install artifactory-ha . \ - --set nginx.tlsSecretName=tls-ingress \ - --set artifactory-ha.artifactory.node.replicaCount=1 \ + --set artifactory-ha.nginx.tlsSecretName=tls-ingress \ --set artifactory-ha.artifactory.license.secret=artifactory-license,artifactory-ha.artifactory.license.dataKey=artifactory.cluster.license diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0001-large.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0001-large.yaml deleted file mode 100644 index 8a36385..0000000 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0001-large.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: PersistentVolume -apiVersion: v1 -metadata: - name: pv0001-large -spec: - capacity: - storage: 200Gi - hostPath: - path: /mnt/pv-data/pv0001-large - accessModes: - - ReadWriteOnce - - ReadWriteMany - - ReadOnlyMany - persistentVolumeReclaimPolicy: Recycle - volumeMode: Filesystem diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0002-large.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0002-large.yaml deleted file mode 100644 index b96fa47..0000000 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0002-large.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: PersistentVolume -apiVersion: v1 -metadata: - name: pv0002-large -spec: - capacity: - storage: 200Gi - hostPath: - path: /mnt/pv-data/pv0002-large - accessModes: - - ReadWriteOnce - - ReadWriteMany - - ReadOnlyMany - persistentVolumeReclaimPolicy: Recycle - volumeMode: Filesystem diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0003-large.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0003-large.yaml deleted file mode 100644 index 476ad41..0000000 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0003-large.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: PersistentVolume -apiVersion: v1 -metadata: - name: pv0003-large -spec: - capacity: - storage: 200Gi - hostPath: - path: /mnt/pv-data/pv0003-large - accessModes: - - ReadWriteOnce - - ReadWriteMany - - ReadOnlyMany - persistentVolumeReclaimPolicy: Recycle - volumeMode: Filesystem diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0004-large.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0004-large.yaml deleted file mode 100644 index ae2fbda..0000000 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0004-large.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: PersistentVolume -apiVersion: v1 -metadata: - name: pv0004-large -spec: - capacity: - storage: 200Gi - hostPath: - path: /mnt/pv-data/pv0004-large - accessModes: - - ReadWriteOnce - - ReadWriteMany - - ReadOnlyMany - persistentVolumeReclaimPolicy: Recycle - volumeMode: Filesystem diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0005-large.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0005-large.yaml deleted file mode 100644 index 9488514..0000000 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0005-large.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: PersistentVolume -apiVersion: v1 -metadata: - name: pv0005-large -spec: - capacity: - storage: 200Gi - hostPath: - path: /mnt/pv-data/pv0005-large - accessModes: - - ReadWriteOnce - - ReadWriteMany - - ReadOnlyMany - persistentVolumeReclaimPolicy: Recycle - volumeMode: Filesystem diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.lock b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.lock index 97b3164..c9f98b1 100644 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.lock +++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: artifactory-ha repository: https://charts.jfrog.io/ - version: 2.0.25 -digest: sha256:1de97dca862a0b7e74fc937fbeff231119071a00cea8e42f92adb87c59fa554c -generated: "2020-03-09T12:41:44.126599-07:00" + version: 2.0.31 +digest: sha256:d7c2af74a0188ca8df2a97158c83b36f85dfae72c1b60ce4540a4e00da2d9a6f +generated: "2020-03-19T17:29:04.445679-07:00" diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.yaml index 1b41f8c..8ce3183 100644 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.yaml +++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: artifactory-ha - version: 2.0.25 + version: 2.0.31 repository: https://charts.jfrog.io/ diff --git a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml index 1991513..82edc7e 100755 --- a/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml +++ b/Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml @@ -2,11 +2,14 @@ # Requires one custom init container # to resolve the user id perm issue with redhat artifactory-ha: + initContainerImage: registry.redhat.io/ubi8-minimal + waitForDatabase: false artifactory: ## Add custom init containers execution before predefined init containers customInitContainersBegin: | - name: "redhat-custom-setup" - image: "{{ .Values.initContainerImage }}" + #image: "{{ .Values.initContainerImage }}" + image: {{ index .Values "initContainerImage" }} imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" command: - 'sh' @@ -17,4 +20,68 @@ artifactory-ha: volumeMounts: - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" name: volume - ## Add custom init containers + ## Change to use RH UBI images + image: + repository: "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro" + node: + waitForPrimaryStartup: + enabled: false + nginx: + image: + repository: "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro" + http: + externalPort: 80 + internalPort: 8080 + https: + externalPort: 443 + internalPort: 8443 + mainConf: | + # Main Nginx configuration file + worker_processes 4; + error_log {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn; + pid /tmp/nginx.pid; + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format timing 'ip = $remote_addr ' + 'user = \"$remote_user\" ' + 'local_time = \"$time_local\" ' + 'host = $host ' + 'request = \"$request\" ' + 'status = $status ' + 'bytes = $body_bytes_sent ' + 'upstream = \"$upstream_addr\" ' + 'upstream_time = $upstream_response_time ' + 'request_time = $request_time ' + 'referer = \"$http_referer\" ' + 'UA = \"$http_user_agent\"'; + access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing; + sendfile on; + #tcp_nopush on; + keepalive_timeout 65; + #gzip on; + include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf; + } diff --git a/Openshift4/artifactory-ha-operator/unload.sh b/Openshift4/artifactory-ha-operator/unload.sh index 343f2a4..37dab14 100755 --- a/Openshift4/artifactory-ha-operator/unload.sh +++ b/Openshift4/artifactory-ha-operator/unload.sh @@ -8,3 +8,9 @@ oc delete pods --all oc delete svc --all oc delete networkpolicies --all oc delete pvc --all +oc delete PodDisruptionBudget --all +for s in $(oc get secrets | grep artifactory | cut -f1 -d ' '); do + oc delete secret $s +done +oc delete serviceaccount artifactoryha-artifactory-ha +oc delete role artifactoryha-artifactory-ha