mirror of
https://github.com/ZwareBear/JFrog-Cloud-Installers.git
synced 2026-01-21 11:06:56 -06:00
updates to ha chart v2.0.31, using redhat nginx and redhat ubi artifactory. plan to disable embedded postgresql for certification
This commit is contained in:
John Peterson
@@ -760,7 +760,8 @@ spec:
|
|||||||
internalPort: 443
|
internalPort: 443
|
||||||
image:
|
image:
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro
|
#repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro
|
||||||
|
repository: registry.redhat.io/rhel8/nginx-116
|
||||||
labels: {}
|
labels: {}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -819,7 +820,7 @@ spec:
|
|||||||
#tcp_nopush on;
|
#tcp_nopush on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
#gzip on;
|
#gzip on;
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
|
||||||
}
|
}
|
||||||
name: nginx
|
name: nginx
|
||||||
nodeSelector: {}
|
nodeSelector: {}
|
||||||
|
|||||||
@@ -583,7 +583,7 @@ metadata:
|
|||||||
]
|
]
|
||||||
capabilities: Basic Install
|
capabilities: Basic Install
|
||||||
name: artifactory-ha-operator.v1.0.0
|
name: artifactory-ha-operator.v1.0.0
|
||||||
namespace: placeholder
|
namespace: jfrog-artifactory
|
||||||
spec:
|
spec:
|
||||||
apiservicedefinitions: {}
|
apiservicedefinitions: {}
|
||||||
customresourcedefinitions: {}
|
customresourcedefinitions: {}
|
||||||
@@ -729,6 +729,17 @@ spec:
|
|||||||
- update
|
- update
|
||||||
- watch
|
- watch
|
||||||
serviceAccountName: artifactory-ha-operator
|
serviceAccountName: artifactory-ha-operator
|
||||||
|
clusterPermissions:
|
||||||
|
- rules:
|
||||||
|
- apiGroups:
|
||||||
|
- security.openshift.io
|
||||||
|
resources:
|
||||||
|
- securitycontextconstraints
|
||||||
|
resourceNames:
|
||||||
|
- anyuid
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
serviceAccountName: artifactory-ha-operator
|
||||||
strategy: deployment
|
strategy: deployment
|
||||||
installModes:
|
installModes:
|
||||||
- supported: true
|
- supported: true
|
||||||
|
|||||||
@@ -21,4 +21,4 @@ name: openshift-artifactory-ha
|
|||||||
sources:
|
sources:
|
||||||
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
|
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
|
||||||
- https://github.com/jfrog/charts
|
- https://github.com/jfrog/charts
|
||||||
version: 2.0.25
|
version: 2.0.31
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
@@ -4,7 +4,6 @@ if [[ -z "$1" ]]
|
|||||||
then
|
then
|
||||||
echo "Skipping creation of persistent volume examples. Ensure there is available PVs 200Gi per node for HA."
|
echo "Skipping creation of persistent volume examples. Ensure there is available PVs 200Gi per node for HA."
|
||||||
else
|
else
|
||||||
oc create -f pv-examples/
|
|
||||||
oc new-project jfrog-artifactory
|
oc new-project jfrog-artifactory
|
||||||
oc create serviceaccount svcaccount -n jfrog-artifactory
|
oc create serviceaccount svcaccount -n jfrog-artifactory
|
||||||
oc adm policy add-scc-to-user privileged system:serviceaccount:jfrog-artifactory:svcaccount
|
oc adm policy add-scc-to-user privileged system:serviceaccount:jfrog-artifactory:svcaccount
|
||||||
@@ -25,6 +24,5 @@ fi
|
|||||||
|
|
||||||
# install via helm
|
# install via helm
|
||||||
helm install artifactory-ha . \
|
helm install artifactory-ha . \
|
||||||
--set nginx.tlsSecretName=tls-ingress \
|
--set artifactory-ha.nginx.tlsSecretName=tls-ingress \
|
||||||
--set artifactory-ha.artifactory.node.replicaCount=1 \
|
|
||||||
--set artifactory-ha.artifactory.license.secret=artifactory-license,artifactory-ha.artifactory.license.dataKey=artifactory.cluster.license
|
--set artifactory-ha.artifactory.license.secret=artifactory-license,artifactory-ha.artifactory.license.dataKey=artifactory.cluster.license
|
||||||
|
|||||||
@@ -1,15 +0,0 @@
|
|||||||
kind: PersistentVolume
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: pv0001-large
|
|
||||||
spec:
|
|
||||||
capacity:
|
|
||||||
storage: 200Gi
|
|
||||||
hostPath:
|
|
||||||
path: /mnt/pv-data/pv0001-large
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadWriteMany
|
|
||||||
- ReadOnlyMany
|
|
||||||
persistentVolumeReclaimPolicy: Recycle
|
|
||||||
volumeMode: Filesystem
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
kind: PersistentVolume
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: pv0002-large
|
|
||||||
spec:
|
|
||||||
capacity:
|
|
||||||
storage: 200Gi
|
|
||||||
hostPath:
|
|
||||||
path: /mnt/pv-data/pv0002-large
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadWriteMany
|
|
||||||
- ReadOnlyMany
|
|
||||||
persistentVolumeReclaimPolicy: Recycle
|
|
||||||
volumeMode: Filesystem
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
kind: PersistentVolume
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: pv0003-large
|
|
||||||
spec:
|
|
||||||
capacity:
|
|
||||||
storage: 200Gi
|
|
||||||
hostPath:
|
|
||||||
path: /mnt/pv-data/pv0003-large
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadWriteMany
|
|
||||||
- ReadOnlyMany
|
|
||||||
persistentVolumeReclaimPolicy: Recycle
|
|
||||||
volumeMode: Filesystem
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
kind: PersistentVolume
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: pv0004-large
|
|
||||||
spec:
|
|
||||||
capacity:
|
|
||||||
storage: 200Gi
|
|
||||||
hostPath:
|
|
||||||
path: /mnt/pv-data/pv0004-large
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadWriteMany
|
|
||||||
- ReadOnlyMany
|
|
||||||
persistentVolumeReclaimPolicy: Recycle
|
|
||||||
volumeMode: Filesystem
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
kind: PersistentVolume
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: pv0005-large
|
|
||||||
spec:
|
|
||||||
capacity:
|
|
||||||
storage: 200Gi
|
|
||||||
hostPath:
|
|
||||||
path: /mnt/pv-data/pv0005-large
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadWriteMany
|
|
||||||
- ReadOnlyMany
|
|
||||||
persistentVolumeReclaimPolicy: Recycle
|
|
||||||
volumeMode: Filesystem
|
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: artifactory-ha
|
- name: artifactory-ha
|
||||||
repository: https://charts.jfrog.io/
|
repository: https://charts.jfrog.io/
|
||||||
version: 2.0.25
|
version: 2.0.31
|
||||||
digest: sha256:1de97dca862a0b7e74fc937fbeff231119071a00cea8e42f92adb87c59fa554c
|
digest: sha256:d7c2af74a0188ca8df2a97158c83b36f85dfae72c1b60ce4540a4e00da2d9a6f
|
||||||
generated: "2020-03-09T12:41:44.126599-07:00"
|
generated: "2020-03-19T17:29:04.445679-07:00"
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: artifactory-ha
|
- name: artifactory-ha
|
||||||
version: 2.0.25
|
version: 2.0.31
|
||||||
repository: https://charts.jfrog.io/
|
repository: https://charts.jfrog.io/
|
||||||
|
|||||||
@@ -2,11 +2,14 @@
|
|||||||
# Requires one custom init container
|
# Requires one custom init container
|
||||||
# to resolve the user id perm issue with redhat
|
# to resolve the user id perm issue with redhat
|
||||||
artifactory-ha:
|
artifactory-ha:
|
||||||
|
initContainerImage: registry.redhat.io/ubi8-minimal
|
||||||
|
waitForDatabase: false
|
||||||
artifactory:
|
artifactory:
|
||||||
## Add custom init containers execution before predefined init containers
|
## Add custom init containers execution before predefined init containers
|
||||||
customInitContainersBegin: |
|
customInitContainersBegin: |
|
||||||
- name: "redhat-custom-setup"
|
- name: "redhat-custom-setup"
|
||||||
image: "{{ .Values.initContainerImage }}"
|
#image: "{{ .Values.initContainerImage }}"
|
||||||
|
image: {{ index .Values "initContainerImage" }}
|
||||||
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
|
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
|
||||||
command:
|
command:
|
||||||
- 'sh'
|
- 'sh'
|
||||||
@@ -17,4 +20,68 @@ artifactory-ha:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
|
- mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
|
||||||
name: volume
|
name: volume
|
||||||
## Add custom init containers
|
## Change to use RH UBI images
|
||||||
|
image:
|
||||||
|
repository: "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro"
|
||||||
|
node:
|
||||||
|
waitForPrimaryStartup:
|
||||||
|
enabled: false
|
||||||
|
nginx:
|
||||||
|
image:
|
||||||
|
repository: "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro"
|
||||||
|
http:
|
||||||
|
externalPort: 80
|
||||||
|
internalPort: 8080
|
||||||
|
https:
|
||||||
|
externalPort: 443
|
||||||
|
internalPort: 8443
|
||||||
|
mainConf: |
|
||||||
|
# Main Nginx configuration file
|
||||||
|
worker_processes 4;
|
||||||
|
error_log {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn;
|
||||||
|
pid /tmp/nginx.pid;
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
variables_hash_max_size 1024;
|
||||||
|
variables_hash_bucket_size 64;
|
||||||
|
server_names_hash_max_size 4096;
|
||||||
|
server_names_hash_bucket_size 128;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
types_hash_bucket_size 64;
|
||||||
|
proxy_read_timeout 2400s;
|
||||||
|
client_header_timeout 2400s;
|
||||||
|
client_body_timeout 2400s;
|
||||||
|
proxy_connect_timeout 75s;
|
||||||
|
proxy_send_timeout 2400s;
|
||||||
|
proxy_buffer_size 32k;
|
||||||
|
proxy_buffers 40 32k;
|
||||||
|
proxy_busy_buffers_size 64k;
|
||||||
|
proxy_temp_file_write_size 250m;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
log_format timing 'ip = $remote_addr '
|
||||||
|
'user = \"$remote_user\" '
|
||||||
|
'local_time = \"$time_local\" '
|
||||||
|
'host = $host '
|
||||||
|
'request = \"$request\" '
|
||||||
|
'status = $status '
|
||||||
|
'bytes = $body_bytes_sent '
|
||||||
|
'upstream = \"$upstream_addr\" '
|
||||||
|
'upstream_time = $upstream_response_time '
|
||||||
|
'request_time = $request_time '
|
||||||
|
'referer = \"$http_referer\" '
|
||||||
|
'UA = \"$http_user_agent\"';
|
||||||
|
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
#gzip on;
|
||||||
|
include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
|
||||||
|
}
|
||||||
|
|||||||
@@ -8,3 +8,9 @@ oc delete pods --all
|
|||||||
oc delete svc --all
|
oc delete svc --all
|
||||||
oc delete networkpolicies --all
|
oc delete networkpolicies --all
|
||||||
oc delete pvc --all
|
oc delete pvc --all
|
||||||
|
oc delete PodDisruptionBudget --all
|
||||||
|
for s in $(oc get secrets | grep artifactory | cut -f1 -d ' '); do
|
||||||
|
oc delete secret $s
|
||||||
|
done
|
||||||
|
oc delete serviceaccount artifactoryha-artifactory-ha
|
||||||
|
oc delete role artifactoryha-artifactory-ha
|
||||||
|
|||||||
Reference in New Issue
Block a user