zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 15:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

updated xray for helm

Browse Source
This commit is contained in:
Aayush-sood94
2021-02-03 22:21:17 +05:30
parent 2c29cb4049
commit eebdb54628
119 changed files with 11114 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
Openshift4/helm/xray-operator/helm-charts/openshift-xray/CHANGELOG.md Executable file
View File

@@ -0,0 +1,33 @@
# JFrog Openshift Artifactory-Xray Chart Changelog
All changes to this chart will be documented in this file.
## [6.10.0] Feb 3, 2021
* Updating to Xray chart version 6.10.0 and Xray app version 3.16.0
## [6.8.3] Dec 29, 2020
* Updating to Xray chart version 6.8.3 and Xray app version 3.15.1
## [6.5.1] Dec 2, 2020
* Updating to Xray chart version 6.5.1 and Xray app version 3.12.0
## [6.4.2] Nov 20, 2020
* Updating to Xray chart version 6.4.2 and Xray app version 3.11.2
## [6.2.1] Oct 23rd, 2020
* Updating to Xray chart version 6.2.1 and Xray app version 3.10.3
## [6.1.2] Oct 22nd, 2020
* Updating to Xray chart version 6.1.2 and Xray app version 3.9.1
## [6.0.6] Oct 1st, 2020
* Updating to Xray chart version 6.0.6 and Xray app version 3.8.8
## [4.2.0] Aug 17, 2020
* Updating to Xray chart version 4.2.0 and Xray app version 3.8.0
## [4.1.2] July 28, 2020
* Updating to Xray chart version 4.1.2 and Xray app version 3.6.2
## [3.5.1] June 29, 2020
* Updating to Xray chart version 3.5.1 and Xray app version 3.5.2

16
Openshift4/helm/xray-operator/helm-charts/openshift-xray/Chart.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
appVersion: 3.16.0
description: Universal component scan for security and license inventory and impact analysis
sources:
- https://bintray.com/jfrog/product/xray/view
- https://github.com/jfrog/charts
keywords:
- xray
- jfrog
maintainers:
- email: vinaya@jfrog.com
name: Vinay Aggarwal
- email: johnp@jfrog.com
name: John Peterson
name: openshift-xray
version: 6.10.0

201
Openshift4/helm/xray-operator/helm-charts/openshift-xray/LICENSE Executable file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

541
Openshift4/helm/xray-operator/helm-charts/openshift-xray/README.md Executable file
View File

@@ -0,0 +1,541 @@
# JFrog Xray HA on Kubernetes Helm Chart
## Openshift
The Xray chart has been made a subchart of this chart.
Note due to this change we now reference values through the subchart name as shown below:
original:
```
xray.jfrogUrl
```
now:
```
xray.xray.jfrogUrl
```
This is due to helm referencing the value through the subchart named xray now.
## Security Context Constraints
To deploy this helm chart you will need to be a cluster admin w/ access to the anyuid scc.
````bash
oc adm policy add-scc-to-user anyuid -z my_service_account -n my_namespace
````
# Master and Join Key
The master and join key used to deploy Artifactory must be supplied to Xray at the time of installation.
## Deploying the Helm Chart
1. Deploy a Postgresql to use an external database. You can find additional information on how to configure your Postgresql database [here](https://www.jfrog.com/confluence/display/JFROG/Configuring+the+Database).
2. Run `helm dep build` to pull the subchart referenced by the `requirements.yaml`
3. Update POSTGRES_HOST, MASTER_KEY, JOIN_KEY variables below and install `openshift-xray` with the example commands:
````bash
POSTGRES_HOST=postgres-postgresql
MASTER_KEY=my_artifactory_master_key
JOIN_KEY=my_artifactory_join_key
helm upgrade --install openshift-xray . \
--set xray.database.url=postgres://$POSTGRES_HOST:5432/xraydb?sslmode=disable \
--set xray.database.user=artifactory \
--set xray.database.password=password \
--set xray.xray.jfrogUrl=http://openshift-artifactory-ha-nginx" \
--set xray.xray.joinKey=$JOIN_KEY \
--set xray.xray.masterKey=$MASTER_KEY
````
## Prerequisites Details
* Kubernetes 1.12+
## Chart Details
This chart will do the following:
* Optionally deploy PostgreSQL
* Deploy RabbitMQ (optionally as an HA cluster)
* Deploy JFrog Xray micro-services
## Requirements
- A running Kubernetes cluster
- Dynamic storage provisioning enabled
- Default StorageClass set to allow services using the default StorageClass for persistent storage
- A running Artifactory
- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed and setup to use the cluster
- [Helm](https://helm.sh/) v2 or v3 installed
## Install JFrog Xray
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
#### Artifactory Connection Details
In order to connect Xray to your Artifactory installation, you have to use a Join Key, hence it is *MANDATORY* to provide a Join Key and Jfrog Url to your Xray installation. Here's how you do that:
Retrieve the connection details of your Artifactory installation, from the UI - https://www.jfrog.com/confluence/display/JFROG/General+Security+Settings#GeneralSecuritySettings-ViewingtheJoinKey.
#### Initiate Installation
Provide join key and jfrog url as a parameter to the Xray chart installation:
```bash
helm upgrade --install --set xray.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY> \
--set xray.jfrogUrl=<YOUR_PREVIOUSLY_RETIREVED_BASE_URL> --namespace xray jfrog/xray
```
Alternatively, you can create a secret containing the join key manually and pass it to the template at install/upgrade time.
```bash
# Create a secret containing the key. The key in the secret must be named join-key
kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>
# Pass the created secret to helm
helm upgrade --install --set xray.joinKeySecretName=my-secret --namespace xray jfrog/xray
```
**NOTE:** In either case, make sure to pass the same join key on all future calls to `helm install` and `helm upgrade`! This means always passing `--set xray.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>`. In the second, this means always passing `--set xray.joinKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
### System Configuration
Xray uses a common system configuration file - `system.yaml`. See [official documentation](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) on its usage.
## Status
See the status of your deployed **helm** releases
```bash
helm status xray
```
## Upgrade
To upgrade an existing Xray, you still use **helm**
```bash
# Update existing deployed version to 2.1.2
helm upgrade --set common.xrayVersion=2.1.2 jfrog/xray
```
If Xray was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/xray --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD}
```
If Xray was installed without providing a value to rabbitmq.rabbitmqPassword/rabbitmq-ha.rabbitmqPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
RABBITMQ_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/xray --set rabbitmq.rabbitmqPassword=${RABBITMQ_PASSWORD}/rabbitmq-ha.rabbitmqPassword=${RABBITMQ_PASSWORD}
```
If Xray was installed with all of the default values (e.g. with no user-provided values for rabbit/postgres), follow these steps:
1. Retrieve all current passwords (rabbitmq/postgresql) as explained in the above section.
2. Upgrade the release by passing the previously auto-generated secrets:
```bash
helm upgrade --install xray --namespace xray jfrog/xray --set rabbitmq-ha.rabbitmqPassword=<rabbit-password> --set postgresql.postgresqlPassword=<postgresql-password>
```
## Remove
Removing a **helm** release is done with
```bash
# Remove the Xray services and data tools
#On helm v2:
helm delete --purge xray
#On helm v3:
helm delete xray --namespace xray
# Remove the data disks
kubectl delete pvc -l release=xray
```
### Deploying Xray for small/medium/large instllations
In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml
### Create a unique Master Key
JFrog Xray requires a unique master key to be used by all micro-services in the same cluster. By default the chart has one set in values.yaml (`xray.masterKey`).
**This key is for demo purpose and should not be used in a production environment!**
You should generate a unique one and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Pass the created master key to helm
helm upgrade --install --set xray.masterKey=${MASTER_KEY} --namespace xray jfrog/xray
```
Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY}
# Pass the created secret to helm
helm upgrade --install xray --set xray.masterKeySecretName=my-secret --namespace xray jfrog/xray
```
**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set xray.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set xray.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
## Special deployments
This is a list of special use cases for non-standard deployments
### High Availability
For **high availability** of Xray, set the replica count to be equal or higher than **2**. Recommended is **3**.
> It is highly recommended to also set **RabbitMQ** to run as an HA cluster.
```bash
# Start Xray with 3 replicas per service and 3 replicas for RabbitMQ
helm upgarde --install xray --namespace xray --set server.replicaCount=3 jfrog/xray
```
### External Databases
There is an option to use external PostgreSQL database for your Xray.
#### PostgreSQL
##### PostgreSQL without TLS
To use an external **PostgreSQL**, you need to disable the use of the bundled **PostgreSQL** and set a custom **PostgreSQL** connection URL.
For this, pass the parameters: `postgresql.enabled=false` and `database.url=${XRAY_POSTGRESQL_CONN_URL}`.
**IMPORTANT:** Make sure the DB is already created before deploying Xray services
```bash
# Passing a custom PostgreSQL to Xray
# Example
export POSTGRESQL_HOST=custom-postgresql-host
export POSTGRESQL_PORT=5432
export POSTGRESQL_USER=xray
export POSTGRESQL_PASSWORD=password2_X
export POSTGRESQL_DATABASE=xraydb
export XRAY_POSTGRESQL_CONN_URL="postgres://${POSTGRESQL_HOST}:${POSTGRESQL_PORT}/${POSTGRESQL_DATABASE}?sslmode=disable"
helm upgrade --install xray --namespace xray \
--set postgresql.enabled=false \
--set database.url="${XRAY_POSTGRESQL_CONN_URL}" \
--set database.user="${POSTGRESQL_USER}" \
--set database.password="${POSTGRESQL_PASSWORD}" \
jfrog/xray
```
##### PostgreSQL with TLS
If external **PostgreSQL** is set with TLS, you need to disable the use of the bundled **PostgreSQL**, set a custom **PostgreSQL** connection URL and provide a secret with **PostgreSQL** TLS certificates.
Create the Kubernetes secret (assuming the local files are `client-cert.pem client-key.pem server-ca.pem`)
```bash
kubectl create secret generic postgres-tls --from-file=client-key.pem --from-file=client-cert.pem --from-file=server-ca.pem
```
**IMPORTANT:** `PostgreSQL` connection URL needs to have listed TLS files with the path `/var/opt/jfrog/xray/data/tls/`
and `sslmode==verify-ca` otherwise Xray will fail to connect to Postgres.
```bash
# Passing a custom PostgreSQL with TLS to Xray
# Example
export POSTGRESQL_HOST=custom-postgresql-host
export POSTGRESQL_PORT=5432
export POSTGRESQL_USER=xray
export POSTGRESQL_PASSWORD=password2_X
export POSTGRESQL_DATABASE=xraydb
export POSTGRESQL_SERVER_CA=server-ca.pem
export POSTGRESQL_CLIENT_CERT=client-key.pem
export POSTGRESQL_CLIENT_KEY=client-cert.pem
export POSTGRESQL_TLS_SECRET=postgres-tls
export XRAY_POSTGRESQL_CONN_URL="postgres://${POSTGRESQL_HOST}:${POSTGRESQL_PORT}/${POSTGRESQL_DATABASE}?sslrootcert=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_SERVER_CA}&sslkey=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_CLIENT_KEY}&sslcert=/var/opt/jfrog/xray/data/tls/${POSTGRESQL_CLIENT_CERT}&sslmode=verify-ca"
helm upgrade --install xray --namespace xray \
--set postgresql.enabled=false \
--set database.url="${XRAY_POSTGRESQL_CONN_URL}" \
--set database.user="${POSTGRESQL_USER}" \
--set database.password="${POSTGRESQL_PASSWORD}" \
jfrog/xray
```
### Custom init containers
There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container.
For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out
```yaml
common:
## Add custom init containers executed before predefined init containers
customInitContainersBegin: |
## Init containers template goes here ##
## Add custom init containers executed after predefined init containers
customInitContainers: |
## Init containers template goes here ##
```
## Configuration
The following table lists the configurable parameters of the xray chart and their default values.
| Parameter | Description | Default |
|------------------------------|--------------------------------------------------|------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `imagePullPolicy` | Container pull policy | `IfNotPresent` |
| `initContainerImage` | Init container image | `alpine:3.6` |
| `xray.jfrogUrl` | Main Artifactory URL, without the `/artifactory` prefix .Mandatory | |
| `xray.persistence.mountPath` | Xray persistence mount path | `/var/opt/jfrog/xray` |
| `xray.masterKey` | Xray Master Key (Can be generated with `openssl rand -hex 32`) | `` |
| `xray.masterKeySecretName` | Xray Master Key secret name | |
| `xray.joinKey` | Xray Join Key to connect to Artifactory . Mandatory | `` |
| `xray.joinKeySecretName` | Xray Join Key secret name | |
| `xray.systemYaml` | Xray system configuration (`system.yaml`) as described here - https://www.jfrog.com/confluence/display/JFROG/Xray+System+YAML | |
| `xray.autoscaling.enabled` | Enable Xray Pods autoscaling using `HorizontalPodAutoscaler` | `false` |
| `xray.autoscaling.minReplicas` | Minimum number of Xray replicas | `1` |
| `xray.autoscaling.maxReplicas` | Maximum number of Xray replicas | `1` |
| `xray.autoscaling.targetCPUUtilizationPercentage` | CPU usage percentage that will trigger autoscaling | `50` |
| `xray.autoscaling.targetMemoryUtilizationPercentage` | Memory usage percentage that will trigger autoscaling | `75` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created| `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.image.registry` | PostgreSQL Docker image registry | `docker.bintray.io` |
| `postgresql.image.repository` | PostgreSQL Docker image repository | `bitnami/postgresql` |
| `postgresql.image.tag` | PostgreSQL Docker image tag | `9.6.15-debian-9-r91` |
| `postgresql.postgresqlUsername` | PostgreSQL database user | `xray` |
| `postgresql.postgresqlPassword` | PostgreSQL database password | ` ` |
| `postgresql.postgresqlDatabase` | PostgreSQL database name | `xraydb` |
| `postgresql.postgresqlExtendedConf.listenAddresses` | PostgreSQL listen address | `"'*'"` |
| `postgresql.postgresqlExtendedConf.maxConnections` | PostgreSQL max_connections parameter | `500` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.persistence.existingClaim` | PostgreSQL name of existing Persistent Volume Claim to use | ` ` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `postgresql.nodeSelector` | PostgreSQL node selector | `{}` |
| `postgresql.affinity` | PostgreSQL node affinity | `{}` |
| `postgresql.tolerations` | PostgreSQL node tolerations | `[]` |
| `database.url` | External database connection URL | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
| `database.secrets.url.name` | External database url `Secret` name | |
| `database.secrets.url.key` | External database url `Secret` key | |
| `rabbitmq.enabled` | RabbitMQ enabled uses rabbitmq | `false` |
| `rabbitmq.replicas` | RabbitMQ replica count | `1` |
| `rabbitmq.rbacEnabled` | If true, create & use RBAC resources | `true` |
| `rabbitmq.rabbitmq.username` | RabbitMQ application username | `guest` |
| `rabbitmq.rabbitmq.password` | RabbitMQ application password | |
| `rabbitmq.rabbitmq.existingPasswordSecret` | RabbitMQ existingPasswordSecret | |
| `rabbitmq.rabbitmq.erlangCookie` | RabbitMQ Erlang cookie | `XRAYRABBITMQCLUSTER`|
| `rabbitmq.service.nodePort` | RabbitMQ node port | `5672` |
| `rabbitmq.persistence.enabled` | If `true`, persistent volume claims are created | `true` |
| `rabbitmq.persistence.accessMode` | RabbitMQ persistent volume claims access mode | `ReadWriteOnce` |
| `rabbitmq.persistence.size` | RabbitMQ Persistent volume size | `20Gi` |
| `rabbitmq-ha.enabled` | RabbitMQ enabled uses rabbitmq-ha | `true` |
| `rabbitmq-ha.replicaCount` | RabbitMQ Number of replica | `1` |
| `rabbitmq-ha.rabbitmqUsername` | RabbitMQ application username | `guest` |
| `rabbitmq-ha.rabbitmqPassword` | RabbitMQ application password | ` ` |
| `rabbitmq-ha.existingSecret` | RabbitMQ existingSecret | ` ` |
| `rabbitmq-ha.rabbitmqErlangCookie` | RabbitMQ Erlang cookie | `XRAYRABBITMQCLUSTER`|
| `rabbitmq-ha.rabbitmqMemoryHighWatermark` | RabbitMQ Memory high watermark | `500MB` |
| `rabbitmq-ha.persistentVolume.enabled` | If `true`, persistent volume claims are created | `true` |
| `rabbitmq-ha.persistentVolume.size` | RabbitMQ Persistent volume size | `20Gi` |
| `rabbitmq-ha.rbac.create` | If true, create & use RBAC resources | `true` |
| `rabbitmq-ha.nodeSelector` | RabbitMQ node selector | `{}` |
| `rabbitmq-ha.tolerations` | RabbitMQ node tolerations | `[]` |
| `common.xrayVersion` | Xray image tag | `.Chart.AppVersion` |
| `common.preStartCommand` | Xray Custom command to run before startup. Runs BEFORE any microservice-specific preStartCommand | |
| `common.xrayUserId` | Xray User Id | `1035` |
| `common.xrayGroupId` | Xray Group Id | `1035` |
| `common.persistence.enabled` | Xray common persistence volume enabled | `false` |
| `common.persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` |
| `common.persistence.storageClass` | Storage class of backing PVC | `nil (uses default storage class annotation)` |
| `common.persistence.accessMode` | Xray common persistence volume access mode | `ReadWriteOnce` |
| `common.persistence.size` | Xray common persistence volume size | `50Gi` |
| `xray.systemYaml` | Xray system configuration (`system.yaml`) | `see values.yaml` |
| `common.customInitContainersBegin` | Custom init containers to run before existing init containers | ` ` |
| `common.customInitContainers` | Custom init containers to run after existing init containers | ` ` |
| `common.xrayConfig` | Additional xray yaml configuration to be written to xray_config.yaml file | See [values.yaml](stable/xray/values.yaml) |
| `database.url` | Xray external PostgreSQL URL | ` ` |
| `global.postgresqlTlsSecret` | Xray external PostgreSQL TLS files secret | ` ` |
| `analysis.name` | Xray Analysis name | `xray-analysis` |
| `analysis.image` | Xray Analysis container image | `docker.bintray.io/jfrog/xray-analysis` |
| `analysis.updateStrategy` | Xray Analysis update strategy | `RollingUpdate` |
| `analysis.podManagementPolicy` | Xray Analysis pod management policy | `Parallel` |
| `analysis.internalPort` | Xray Analysis internal port | `7000` |
| `analysis.externalPort` | Xray Analysis external port | `7000` |
| `analysis.livenessProbe` | Xray Analysis livenessProbe | See `values.yaml` |
| `analysis.readinessProbe` | Xray Analysis readinessProbe | See `values.yaml` |
| `analysis.persistence.size` | Xray Analysis storage size limit | `10Gi` |
| `analysis.resources` | Xray Analysis resources | `{}` |
| `analysis.preStartCommand` | Xray Analysis Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `analysis.nodeSelector` | Xray Analysis node selector | `{}` |
| `analysis.affinity` | Xray Analysis node affinity | `{}` |
| `analysis.tolerations` | Xray Analysis node tolerations | `[]` |
| `analysis.annotations` | Xray Analysis annotations | `{}` |
| `indexer.name` | Xray Indexer name | `xray-indexer` |
| `indexer.image` | Xray Indexer container image | `docker.bintray.io/jfrog/xray-indexer` |
| `indexer.annotations` | Xray Indexer annotations | `{}` |
| `indexer.updateStrategy` | Xray Indexer update strategy | `RollingUpdate` |
| `indexer.podManagementPolicy` | Xray Indexer pod management policy | `Parallel` |
| `indexer.internalPort` | Xray Indexer internal port | `7002` |
| `indexer.externalPort` | Xray Indexer external port | `7002` |
| `indexer.livenessProbe` | Xray Indexer livenessProbe | See `values.yaml` |
| `indexer.readinessProbe` | Xray Indexer readinessProbe | See `values.yaml` |
| `indexer.customVolumes` | Custom volumes | |
| `indexer.customVolumeMounts` | Custom Server volumeMounts | |
| `indexer.persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` |
| `indexer.persistence.storageClass` | Storage class of backing PVC | `nil (uses default storage class annotation)` |
| `indexer.persistence.enabled` | Xray Indexer persistence volume enabled | `false` |
| `indexer.persistence.accessMode` | Xray Indexer persistence volume access mode | `ReadWriteOnce` |
| `indexer.persistence.size` | Xray Indexer persistence volume size | `50Gi` |
| `indexer.resources` | Xray Indexer resources | `{}` |
| `indexer.preStartCommand` | Xray Indexer Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `indexer.nodeSelector` | Xray Indexer node selector | `{}` |
| `indexer.affinity` | Xray Indexer node affinity | `{}` |
| `indexer.tolerations` | Xray Indexer node tolerations | `[]` |
| `persist.name` | Xray Persist name | `xray-persist` |
| `persist.image` | Xray Persist container image | `docker.bintray.io/jfrog/xray-persist` |
| `persist.annotations` | Xray Persist annotations | `{}` |
| `persist.updateStrategy` | Xray Persist update strategy | `RollingUpdate` |
| `persist.podManagementPolicy` | Xray Persist pod management policy | `Parallel` |
| `persist.internalPort` | Xray Persist internal port | `7003` |
| `persist.externalPort` | Xray Persist external port | `7003` |
| `persist.livenessProbe` | Xray Persist livenessProbe | See `values.yaml` |
| `persist.readinessProbe` | Xray Persist readinessProbe | See `values.yaml` |
| `persist.persistence.size` | Xray Persist storage size limit | `10Gi` |
| `persist.preStartCommand` | Xray Persist Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `persist.resources` | Xray Persist resources | `{}` |
| `persist.nodeSelector` | Xray Persist node selector | `{}` |
| `persist.affinity` | Xray Persist node affinity | `{}` |
| `persist.tolerations` | Xray Persist node tolerations | `[]` |
| `server.name` | Xray server name | `xray-server` |
| `server.image` | Xray server container image | `docker.bintray.io/jfrog/xray-server` |
| `server.annotations` | Xray server annotations | `{}` |
| `server.customVolumes` | Custom volumes | |
| `server.customVolumeMounts` | Custom Server volumeMounts | |
| `server.replicaCount` | Xray services replica count | `1` |
| `server.updateStrategy` | Xray server update strategy | `RollingUpdate` |
| `server.podManagementPolicy` | Xray server pod management policy | `Parallel` |
| `server.internalPort` | Xray server internal port | `8000` |
| `server.externalPort` | Xray server external port | `80` |
| `server.service.name` | Xray server service name | `xray` |
| `server.service.type` | Xray server service type | `ClusterIP` |
| `server.service.annotations` | Xray server service annotations | `{}` |
| `server.livenessProbe` | Xray server livenessProbe | See `values.yaml` |
| `server.readinessProbe` | Xray server readinessProbe | See `values.yaml` |
| `server.preStartCommand` | Xray server Custom command to run before startup. Runs AFTER the `common.preStartCommand` | |
| `server.resources` | Xray server resources | `{}` |
| `server.nodeSelector` | Xray server node selector | `{}` |
| `server.affinity` | Xray server node affinity | `{}` |
| `server.tolerations` | Xray server node tolerations | `[]` |
| `router.name` | Router name | `router` |
| `router.image.repository` | Container image | `docker.bintray.io/jfrog/router` |
| `router.image.version` | Container image tag | `.Chart.AppVersion` |
| `router.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `router.internalPort` | Router internal port | `8082` |
| `router.externalPort` | Router external port | `8082` |
| `router.resources.requests.memory` | Router initial memory request | |
| `router.resources.requests.cpu` | Router initial cpu request | |
| `router.resources.limits.memory` | Router memory limit | |
| `router.resources.limits.cpu` | Router cpu limit | |
| `router.livenessProbe.enabled` | Enable Router livenessProbe | `true` |
| `router.livenessProbe.config` | Router livenessProbe configuration | See `values.yaml` |
| `router.readinessProbe.enabled` | Enable Router readinessProbe | `true` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.persistence.accessMode` | Router persistence access mode | `ReadWriteOnce` |
| `router.persistence.mountPath` | Router persistence mount path | `/var/opt/jfrog/router` |
| `router.persistence.size` | Router persistence size | `5Gi` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.readinessProbe.config` | Router readinessProbe configuration | See `values.yaml` |
| `router.nodeSelector` | Router node selector | `{}` |
| `router.affinity` | Router node affinity | `{}` |
| `router.tolerations` | Router node tolerations | `[]` |
| `filebeat.enabled` | Enable a filebeat container to send your logs to a log management solution like ELK | `false` |
| `filebeat.name` | filebeat container name | `xray-filebeat` |
| `filebeat.image.repository` | filebeat Docker image repository | `docker.elastic.co/beats/filebeat` |
| `filebeat.image.version` | filebeat Docker image version | `7.5.1` |
| `filebeat.logstashUrl` | The URL to the central Logstash service, if you have one | `logstash:5044` |
| `filebeat.livenessProbe.exec.command` | liveness probe exec command | see [values.yaml](stable/xray/values.yaml) |
| `filebeat.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `filebeat.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.readinessProbe.exec.command` | readiness probe exec command | see [values.yaml](stable/xray/values.yaml) |
| `filebeat.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `filebeat.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 180 |
| `filebeat.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `filebeat.resources.requests.memory` | Filebeat initial memory request | |
| `filebeat.resources.requests.cpu` | Filebeat initial cpu request | |
| `filebeat.resources.limits.memory` | Filebeat memory limit | |
| `filebeat.resources.limits.cpu` | Filebeat cpu limit | |
| `filebeat.filebeatYml` | Filebeat yaml configuration file | see [values.yaml](stable/xray/values.yaml) |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Custom volumes
If you need to use a custom volume in a custom init or sidecar container, you can use this option.
For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out
```yaml
server:
## Add custom volumes
customVolumes: |
## Custom volume comes here ##
```
## Useful links
- https://www.jfrog.com/confluence/display/XRAY/Xray+High+Availability
- https://www.jfrog.com/confluence/display/EP/Getting+Started
- https://www.jfrog.com/confluence/

76
Openshift4/helm/xray-operator/helm-charts/openshift-xray/helminstall.sh Executable file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# PreReq'd:
# helm install postgres bitnami/postgresql
# follow artifactory postgresql db setup:
# https://www.jfrog.com/confluence/display/JFROG/PostgreSQL
POSTGRES=$(helm ls | grep postgres | wc -l)
ARTIFACTORY=$(helm ls | grep artifactory | wc -l)
if [[ "$POSTGRES" =~ (0) ]]
then
echo "External DB is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Postgresql helm chart must be installed prior to installing this helm installer script."
echo ""
echo "helm install postgres bitnami/postgresql"
echo ""
echo "follow artifactory postgresql db setup:"
echo "https://www.jfrog.com/confluence/display/JFROG/PostgreSQL"
exit 1
elif [[ "$ARTIFACTORY" =~ (0) ]]
then
echo "Artifactory Instance is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Please use helm to first install Artifactory: openshift-artifactory-ha"
echo ""
echo "Then install Openshift xray helm chart once artifactory is ready."
echo ""
exit 1
else
echo "Installing Openshift Xray Helm"
fi
DBURL=""
if [[ -z "$1" ]]
then
DBURL="postgres://postgres-postgresql:5432/xraydb?sslmode=disable"
else
DBURL=$1
fi
DBUSER=""
if [[ -z "$2" ]]
then
DBUSER="artifactory"
else
DBUSER=$2
fi
DBPASS=""
if [[ -z "$3" ]]
then
DBPASS="password"
else
DBPASS=$3
fi
JFROGURL=""
if [[ -z "$4" ]]
then
# HELM
JFROGURL="http://artifactory-ha-nginx"
# OPERATOR
#JFROGURL="http://openshiftartifactoryha-nginx"
else
JFROGURL=$4
fi
# install via helm with default postgresql configuration
helm install xray . \
--set xray.database.url=$DBURL \
--set xray.database.user=$DBUSER \
--set xray.database.password=$DBPASS \
--set xray.xray.jfrogUrl=$JFROGURL \
--set xray.xray.joinKey=$JOIN_KEY \
--set xray.xray.masterKey=$MASTER_KEY

76
Openshift4/helm/xray-operator/helm-charts/openshift-xray/helmupgrade.sh Executable file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# PreReq'd:
# helm install postgres bitnami/postgresql
# follow artifactory postgresql db setup:
# https://www.jfrog.com/confluence/display/JFROG/PostgreSQL
POSTGRES=$(helm ls | grep postgres | wc -l)
ARTIFACTORY=$(helm ls | grep artifactory | wc -l)
if [[ "$POSTGRES" =~ (0) ]]
then
echo "External DB is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Postgresql helm chart must be installed prior to installing this helm installer script."
echo ""
echo "helm install postgres bitnami/postgresql"
echo ""
echo "follow artifactory postgresql db setup:"
echo "https://www.jfrog.com/confluence/display/JFROG/PostgreSQL"
exit 1
elif [[ "$ARTIFACTORY" =~ (0) ]]
then
echo "Artifactory Instance is required to run Jfrog Openshift Xray Helm chart"
echo ""
echo "Please use helm to first install Artifactory: openshift-artifactory-ha"
echo ""
echo "Then install Openshift xray helm chart once artifactory is ready."
echo ""
exit 1
else
echo "Installing Openshift Xray Helm"
fi
DBURL=""
if [[ -z "$1" ]]
then
DBURL="postgres://postgres-postgresql:5432/xraydb?sslmode=disable"
else
DBURL=$1
fi
DBUSER=""
if [[ -z "$2" ]]
then
DBUSER="artifactory"
else
DBUSER=$2
fi
DBPASS=""
if [[ -z "$3" ]]
then
DBPASS="password"
else
DBPASS=$3
fi
JFROGURL=""
if [[ -z "$4" ]]
then
# HELM
#JFROGURL="http://artifactory-ha-nginx"
# OPERATOR
JFROGURL="http://openshiftartifactoryha-nginx"
else
JFROGURL=$4
fi
# install via helm with default postgresql configuration
helm upgrade --install xray . \
--set xray.database.url=$DBURL \
--set xray.database.user=$DBUSER \
--set xray.database.password=$DBPASS \
--set xray.xray.jfrogUrl=$JFROGURL \
--set xray.xray.joinKey=$JOIN_KEY \
--set xray.xray.masterKey=$MASTER_KEY

25
Openshift4/helm/xray-operator/helm-charts/openshift-xray/rabbitmq.yaml Executable file
View File

@@ -0,0 +1,25 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: rabbitmq
name: rabbitmq
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: rabbitmq
template:
metadata:
labels:
app: rabbitmq
spec:
containers:
- image: registry.connect.redhat.com/jfrog/xray-rabbitmq:3.8.9
imagePullPolicy: "Always"
name: xray-rabbitmq
ports:
- containerPort: 4369
- containerPort: 5672
- containerPort: 15672

26
Openshift4/helm/xray-operator/helm-charts/openshift-xray/rabbitmqservice.yaml Executable file
View File

@@ -0,0 +1,26 @@
kind: Service
apiVersion: v1
metadata:
name: rabbitmq-lb
labels:
app: rabbitmq
spec:
selector:
app: rabbitmq
ports:
- name: epmd
protocol: TCP
port: 4369
targetPort: 4369
- name: ampq
protocol: TCP
port: 5672
targetPort: 5672
- name: management
protocol: TCP
port: 15672
targetPort: 25672
type: ClusterIP

6
Openshift4/helm/xray-operator/helm-charts/openshift-xray/requirements.lock Executable file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: xray
repository: https://charts.jfrog.io/
version: 6.10.0
digest: sha256:f35c5c16ba304a670af922a378888e2cb25f10a1a9dcbb1862faa53d584349af
generated: "2021-02-03T17:55:09.2063304+05:30"

4
Openshift4/helm/xray-operator/helm-charts/openshift-xray/requirements.yaml Executable file
View File

@@ -0,0 +1,4 @@
dependencies:
- name: xray
version: 6.10.0
repository: https://charts.jfrog.io/

111
Openshift4/helm/xray-operator/helm-charts/openshift-xray/values.yaml Executable file
View File

@@ -0,0 +1,111 @@
# Openshift Jfrog Xray
xray:
unifiedUpgradeAllowed: true
replicaCount: 1
xray:
consoleLog: false
jfrogUrl: "OVERRIDE"
postgresql:
enabled: false
database:
url: "OVERRIDE"
user: "OVERRIDE"
password: "OVERRIDE"
initContainerImage: registry.connect.redhat.com/jfrog/init:1.0.1
common:
xrayUserId: "1000721035"
xrayGroupId: "1000721035"
xrayVersion: "3.16.0-1"
customInitContainers: |
- name: "prepare-uid-persistent-volume"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
command:
- 'sh'
- '-c'
- >
chown -Rv {{ .Values.common.xrayUserId }}:{{ .Values.common.xrayGroupId }} {{ .Values.xray.persistence.mountPath }}
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: "{{ .Values.xray.persistence.mountPath }}"
name: data-volume
analysis:
name: xray-analysis
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-analysis
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
preStartCommand:
indexer:
name: xray-indexer
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-indexer
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
persist:
name: xray-persist
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-persist
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
persistence:
size: 10Gi
preStartCommand:
server:
name: xray-server
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-server
updateStrategy: RollingUpdate
podManagementPolicy: Parallel
replicaCount: 1
router:
name: router
image:
registry: registry.connect.redhat.com
repository: jfrog/xray-router
imagePullPolicy: IfNotPresent
tag: 3.16.0-1
rabbitmq-ha:
enabled: true
replicaCount: 1
image:
repository: registry.connect.redhat.com/jfrog/xray-rabbitmq
tag: 3.16.0-1
rabbitmqEpmdPort: 4369
rabbitmqNodePort: 5672
rabbitmqManagerPort: 15672
rabbitmqUsername: guest
rabbitmqPassword: guest
managementUsername: management
managementPassword: management
initContainer:
enabled: false
securityContext:
fsGroup: 1000721035
runAsUser: 1000721035
runAsGroup: 1000721035
livenessProbe:
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
exec:
command:
- /bin/sh
- -c
- 'rabbitmqctl status'
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 6
exec:
command:
- /bin/sh
- -c
- 'rabbitmqctl status'