NAME: pipelines LAST DEPLOYED: Wed Sep 23 10:16:50 2020 NAMESPACE: default STATUS: pending-install REVISION: 1 TEST SUITE: None USER-SUPPLIED VALUES: pipelines: global: postgresql: database: pipelinesdb host: postgres-postgresql password: password port: 5432 ssl: false user: artifactory pipelines: accessControlAllowOrigins_0: http://openshiftartifactoryha-nginx accessControlAllowOrigins_1: http://openshiftartifactoryha-nginx api: externalUrl: http://pipelines-api.jfrog.tech jfrogUrl: http://openshiftartifactoryha-nginx jfrogUrlUI: http://openshiftartifactoryha-nginx joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF msg: uiUser: monitor uiUserPassword: monitor www: externalUrl: http://pipelines-www.jfrog.tech postgresql: enabled: false rabbitmq: externalUrl: amqps://pipelines-rabbit.jfrog.tech rabbitmq: password: guest username: guest COMPUTED VALUES: pipelines: buildPlane: dynamic: customer: accountId: "" nodePoolName: "" nodelimit: "" provider: aws: accessKey: "" enabled: false existingSecret: null instanceType: c4.xlarge keyPairName: testaccountSSHKeyPair nodePoolName: aws-dynamic-node-pool nodelimit: "3" region: us-east-1 secretKey: "" securityGroupId: testsecuritygroupId subnetId: test-subnetId vpcId: testVPCId k8s: cpu: "1" enabled: false existingSecret: null kubeconfig: "" labels: null memory: "1000" namespace: default nodePoolName: k8s-dynamic-node-pool nodelimit: "3" storageClass: standard existingSecret: null filebeat: enabled: false filebeatYml: | logging.level: info path.data: {{ .Values.pipelines.logPath }}/filebeat name: pipelines-filebeat queue.spool: ~ filebeat.inputs: - type: log enabled: true close_eof: ${CLOSE:false} paths: - {{ .Values.pipelines.logPath }}/*.log fields: service: "jfpip" log_type: "pipelines" output: logstash: hosts: ["{{ .Values.filebeat.logstashUrl }}"] image: repository: docker.elastic.co/beats/filebeat version: 7.5.1 livenessProbe: exec: command: - sh - -c - | #!/usr/bin/env bash -e curl --fail 127.0.0.1:5066 failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 logstashUrl: logstash:5044 name: pipelines-filebeat readinessProbe: exec: command: - sh - -c - | #!/usr/bin/env bash -e filebeat test output failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 resources: {} terminationGracePeriod: 10 global: postgresql: database: pipelinesdb host: postgres-postgresql password: password port: 5432 ssl: false user: artifactory vault: host: OVERRIDE port: OVERRIDE token: OVERRIDE imagePullSecrets: null imageRegistry: registry.connect.redhat.com initContainer: image: quay.io/jfrog/init:1.0.0 pullPolicy: IfNotPresent pipelines: accessControlAllowOrigins_0: http://openshiftartifactoryha-nginx accessControlAllowOrigins_1: http://openshiftartifactoryha-nginx affinity: {} api: externalUrl: http://pipelines-api.jfrog.tech image: pullPolicy: IfNotPresent repository: jfrog/pipelines-api ingress: annotations: {} enabled: false hosts: - chart-example.local path: / tls: [] resources: {} service: annotations: null loadBalancerIP: null loadBalancerSourceRanges: [] port: 30000 type: ClusterIP artifactoryServiceId: FFFFFFFFFFFF authToken: c7595edd-b63d-4fd6-9e1e-13924d6637f0 autoscaling: enabled: false maxReplicas: 3 minReplicas: 1 targetCPUUtilizationPercentage: 70 configMaps: "" cron: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} customInitContainers: | - name: "redhat-custom-setup" image: quay.io/jfrog/init:1.0.0 imagePullPolicy: Always command: - 'sh' - '-c' - 'chown -R 1117:1117 /opt/jfrog/pipelines/var/etc' securityContext: runAsUser: 0 volumeMounts: - mountPath: "/opt/jfrog/pipelines/var/etc" name: volume customSidecarContainers: "" customVolumeMounts: "" customVolumes: "" extensionSync: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} hookHandler: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} jfrogUrl: http://openshiftartifactoryha-nginx jfrogUrlUI: http://openshiftartifactoryha-nginx joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE licenseId: FFFFFFFFF logPath: /opt/jfrog/pipelines/var/log logup: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} marshaller: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF mountPath: /opt/jfrog/pipelines/var/etc msg: uiUser: monitor uiUserPassword: monitor nexec: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} nodeSelector: {} pipelineSync: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} pipelinesInit: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-installer resources: {} rabbitmqHealthCheckIntervalInMins: 1 rbac: role: rules: - apiGroups: - "" - extensions - apps resources: - deployments - persistentvolumes - persistentvolumeclaims - pods - deployments/scale verbs: - '*' replicaCount: 1 rootBucket: jfrogpipelines router: externalPort: 8082 image: pullPolicy: IfNotPresent repository: jfrog/pipelines-router internalPort: 8046 mountPath: /opt/jfrog/router/var/etc resources: {} runTrigger: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} serviceId: jfpip@12345 stepTrigger: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-micro resources: {} systemYaml: | shared: ## Artifactory configuration ## artifactory: ## Artifactory URL ## baseUrl: "{{ tpl (required "\n\npipelines.jfrogUrl is required!\n" .Values.pipelines.jfrogUrl) . }}" ## Unified UI URL ## baseUrlUI: "{{ tpl (required "\n\npipelines.jfrogUrlUI is required!\n" .Values.pipelines.jfrogUrlUI) . }}" ## Pipelines Service ID ## serviceId: "{{ .Values.pipelines.serviceId }}" ## Artifactory Service ID ## artifactoryServiceId: "{{ .Values.pipelines.artifactoryServiceId }}" ## Artifactory License ID ## licenseId: "{{ .Values.pipelines.licenseId }}" ## Proxy to connect to Artifactory ## proxy: url: "" username: "" password: "" ## Router configuration ## router: ip: "" accessPort: {{ .Values.pipelines.router.internalPort }} dataPort: {{ .Values.pipelines.router.externalPort }} joinKey: "{{ .Values.pipelines.joinKey }}" security: masterKey: "{{ .Values.pipelines.masterKey }}" ## Database configuration ## db: type: "postgres" {{- if .Values.postgresql.enabled }} ip: {{ tpl .Release.Name . }}-postgresql port: "{{ .Values.postgresql.service.port }}" name: {{ .Values.postgresql.postgresqlDatabase }} username: {{ .Values.postgresql.postgresqlUsername }} password: {{ .Values.postgresql.postgresqlPassword }} {{- else }} ip: {{ tpl .Values.global.postgresql.host . }} port: "{{ .Values.global.postgresql.port }}" name: {{ .Values.global.postgresql.database }} username: {{ .Values.global.postgresql.user }} password: {{ .Values.global.postgresql.password }} {{- end }} externalUrl: "" {{- if .Values.postgresql.enabled }} connectionString: "{{ tpl (printf "postgres://%s:%s@%s-postgresql:%v/%s" .Values.postgresql.postgresqlUsername .Values.postgresql.postgresqlPassword .Release.Name .Values.postgresql.service.port .Values.postgresql.postgresqlDatabase) . }}" {{- else if and (not .Values.postgresql.enabled) (.Values.global.postgresql.ssl) }} connectionString: "{{ tpl (printf "postgres://%s:%s@%v:%v/%s?sslmode=require" .Values.global.postgresql.user .Values.global.postgresql.password .Values.global.postgresql.host .Values.global.postgresql.port .Values.global.postgresql.database) . }}" {{- else }} connectionString: "{{ tpl (printf "postgres://%s:%s@%v:%v/%s" .Values.global.postgresql.user .Values.global.postgresql.password .Values.global.postgresql.host .Values.global.postgresql.port .Values.global.postgresql.database) . }}" {{- end }} ## RabbitMQ configuration ## msg: {{- if .Values.rabbitmq.enabled }} ip: {{ .Release.Name }}-rabbitmq port: {{ .Values.rabbitmq.service.port }} adminPort: {{ .Values.rabbitmq.service.managerPort }} erlangCookie: {{ .Values.rabbitmq.rabbitmq.erlangCookie }} username: {{ .Values.rabbitmq.rabbitmq.username }} password: {{ .Values.rabbitmq.rabbitmq.password }} defaultExchange: pipelinesEx amqpVhost: pipelines amqpRootVhost: pipelinesRoot {{- else }} ip: {{ tpl .Values.rabbitmq.internal_ip . }} port: {{ .Values.rabbitmq.port}} adminPort: {{ .Values.rabbitmq.manager_port }} erlangCookie: {{ .Values.rabbitmq.erlang_cookie }} username: {{ .Values.rabbitmq.ms_username }} password: {{ .Values.rabbitmq.ms_password }} defaultExchange: {{ .Values.rabbitmq.root_vhost_exchange_name }} amqpVhost: {{ .Values.rabbitmq.build_vhost_name}} amqpRootVhost: {{ .Values.rabbitmq.root_vhost_name }} protocol: {{ .Values.rabbitmq.protocol }} {{- end }} queues: - "core.pipelineSync" - "core.runTrigger" - "core.stepTrigger" - "core.marshaller" - "cluster.init" - "core.logup" - "www.signals" - "core.nexec" - "core.hookHandler" - "core.extensionSync" ui: {{- if .Values.rabbitmq.enabled }} username: {{ .Values.pipelines.msg.uiUser }} password: {{ .Values.pipelines.msg.uiUserPassword }} {{- else }} protocol: http username: {{ .Values.rabbitmq.cp_username }} password: {{ .Values.rabbitmq.cp_password }} {{- end }} external: ## URL for build plane VMs to access RabbitMQ {{- if .Values.rabbitmq.externalUrl }} url: {{ .Values.rabbitmq.externalUrl }} {{- else if (and .Values.rabbitmq.serviceVmLb.enabled .Values.rabbitmq.serviceVmLb.loadBalancerIP) }} url: amqp://{{ .Values.rabbitmq.serviceVmLb.loadBalancerIP }} {{- else if .Values.rabbitmq.enabled }} url: amqp://{{ tpl .Release.Name . }}-rabbitmq {{- else }} url: {{ .Values.rabbitmq.protocol }}://{{ tpl .Values.rabbitmq.msg_hostname . }}:{{ .Values.rabbitmq.port }} {{- end }} rootUrl: "" adminUrl: "" {{- if not .Values.rabbitmq.enabled }} build: username: {{ .Values.rabbitmq.build_username }} password: {{ .Values.rabbitmq.build_password }} {{- end }} ## Vault configuration ## vault: {{- if .Values.vault.enabled }} ip: {{ include "pipelines.vault.name" . }} port: {{ .Values.vault.service.port }} {{- else }} ip: {{ .Values.global.vault.host }} port: {{ .Values.global.vault.port }} {{- end }} ## DO NOT CHANGE THE TOKEN VALUE!!! token: "_VAULT_TOKEN_" unsealKeys: - "" - "" - "" - "" - "" ## Redis configuration ## redis: ip: {{ .Release.Name }}-redis-master port: 6379 clusterEnabled: false ## This section is used for bringing up the core services and setting up ## configurations required by the installer & the services ## core: ## id is automatically determined based on the current hostname ## or set using the SHARED_NODE_ID environment variable. ## id: "afd8df9d08bf257ae9b7d7dbbf348b7a3a574ebdd3a61d350d4b64e3129dee85" installerIP: "1.2.3.4" installerAuthToken: "{{ .Values.pipelines.authToken }}" installerImage: "jfrog/pipelines-installer" registryUrl: "{{ .Values.imageRegistry }}" os: "Ubuntu_16.04" osDistribution: "xenial" architecture: "x86_64" dockerVersion: "" runMode: "{{ .Values.runMode }}" user: "" group: "" noVerifySsl: false ignoreTLSErrors: false controlplaneVersion: "{{ default .Chart.AppVersion .Values.pipelines.version }}" buildplaneVersion: "{{ default .Chart.AppVersion .Values.pipelines.version }}" accessControlAllowOrigins: - {{ .Values.pipelines.accessControlAllowOrigins_0 }} - {{ .Values.pipelines.accessControlAllowOrigins_1 }} rabbitmqHealthCheckIntervalInMins: {{ .Values.pipelines.rabbitmqHealthCheckIntervalInMins}} ## Global proxy settings, to be applied to all services ## proxy: httpProxy: "" httpsProxy: "" noProxy: "" username: "" password: "" ## Mailserver settings ## mailserver: host: "" port: "" username: "" password: "" tls: "" ssl: "" apiRetryIntervalMs: 3000 accountSyncFrequencyHr: 1 imageRegistrySecret: "{{ .Values.imagePullSecrets }}" hardDeleteIntervalInMins: 60 configBackupCount: 5 lastUpdateTime: "" callHomeUrl: "https://api.bintray.com/products/jfrog/pipelines/stats/usage" allowCallHome: true serviceInstanceHealthCheckIntervalInMins: 1 serviceInstanceStatsCutOffIntervalInHours: 24 ## Service configuration ## services: api: name: {{ include "pipelines.api.name" . }} port: {{ .Values.pipelines.api.service.port }} {{- if (and .Values.pipelines.api.ingress.enabled .Values.pipelines.api.ingress.tls) }} {{- range .Values.pipelines.api.ingress.hosts }} externalUrl: https://{{ . }} {{- end }} {{- else if .Values.pipelines.api.ingress.enabled }} {{- range .Values.pipelines.api.ingress.hosts }} externalUrl: http://{{ . }} {{- end }} {{- else }} externalUrl: {{ .Values.pipelines.api.externalUrl }} {{- end }} www: name: {{ include "pipelines.www.name" . }} port: {{ .Values.pipelines.www.service.port }} {{- if (and .Values.pipelines.www.ingress.enabled .Values.pipelines.www.ingress.tls) }} {{- range .Values.pipelines.www.ingress.hosts }} externalUrl: https://{{ . }} {{- end }} {{- else if .Values.pipelines.www.ingress.enabled }} {{- range .Values.pipelines.www.ingress.hosts }} externalUrl: http://{{ . }} {{- end }} {{- else }} externalUrl: {{ .Values.pipelines.www.externalUrl }} {{- end }} sessionSecret: "{{ .Values.pipelines.authToken }}" pipelineSync: name: pipelineSync runTrigger: name: runTrigger stepTrigger: name: stepTrigger cron: name: cron nexec: name: nexec hookHandler: name: hookHandler marshaller: name: marshaller extensionSync: name: extensionSync ## Runtime configuration ## runtime: rootBucket: "{{ .Values.pipelines.rootBucket }}" defaultMinionCount: 1 nodeCacheIntervalMS: 600000 jobConsoleBatchSize: 10 jobConsoleBufferIntervalMs: 3 maxDiskUsagePercentage: 90 stepTimeoutMS: 3600000 nodeStopDayOfWeek: 0 nodeStopIntervalDays: 30 maxNodeCheckInDelayMin: 15 defaultMinionInstanceSize: "c4.large" allowDynamicNodes: true allowCustomNodes: true {{- range $key, $value := .Values.runtimeOverride }} {{ $key }}: {{ $value | quote }} {{- end }} languageImages: - architecture: x86_64 os: Ubuntu_16.04 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-u16node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: Ubuntu_16.04 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-u16java defaultVersion: 13 - architecture: x86_64 os: Ubuntu_16.04 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-u16cpp defaultVersion: 9.0.0 - architecture: x86_64 os: Ubuntu_16.04 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-u16go defaultVersion: 1.12.14 - architecture: x86_64 os: Ubuntu_18.04 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-u18node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: Ubuntu_18.04 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-u18java defaultVersion: 13 - architecture: x86_64 os: Ubuntu_18.04 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-u18cpp defaultVersion: 9.0.0 - architecture: x86_64 os: Ubuntu_18.04 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-u18go defaultVersion: 1.12.14 - architecture: x86_64 os: CentOS_7 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-c7node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: CentOS_7 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-c7java defaultVersion: 11 - architecture: x86_64 os: CentOS_7 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-c7cpp defaultVersion: 3.4.2 - architecture: x86_64 os: CentOS_7 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-c7go defaultVersion: 1.12.14 - architecture: x86_64 os: WindowsServer_2019 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-w19node defaultVersion: 10.18.0 - architecture: x86_64 os: WindowsServer_2019 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-w19java defaultVersion: 11 - architecture: x86_64 os: WindowsServer_2019 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-w19cpp defaultVersion: 9.0.0 - architecture: x86_64 os: WindowsServer_2019 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-w19go defaultVersion: 1.12.14 - architecture: x86_64 os: WindowsServer_2019 language: dotnetcore registryUrl: docker.bintray.io image: jfrog/pipelines-w19dotnetcore isDefault: true defaultVersion: 3.1 - architecture: x86_64 os: RHEL_7 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-c7node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: RHEL_7 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-c7java defaultVersion: 11 - architecture: x86_64 os: RHEL_7 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-c7cpp defaultVersion: 3.4.2 - architecture: x86_64 os: RHEL_7 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-c7go defaultVersion: 1.12.14 tolerations: [] updateStrategy: RollingUpdate version: 1.7.1 www: externalUrl: http://pipelines-www.jfrog.tech image: pullPolicy: IfNotPresent repository: jfrog/pipelines-www ingress: annotations: {} enabled: false hosts: - chart-example.local path: / tls: [] resources: {} service: annotations: null loadBalancerIP: null loadBalancerSourceRanges: [] port: 30001 type: ClusterIP postgresql: enabled: false extraEnv: [] global: postgresql: database: pipelinesdb host: null password: "" port: 5432 ssl: false user: apiuser vault: host: null port: null token: null image: debug: false pullPolicy: IfNotPresent registry: docker.bintray.io repository: bitnami/postgresql tag: 9.6.18-debian-10-r7 ldap: baseDN: "" bind_password: null bindDN: "" enabled: false port: "" prefix: "" scheme: "" search_attr: "" search_filter: "" server: "" suffix: "" tls: false url: "" livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 master: affinity: {} annotations: {} extraInitContainers: [] extraVolumeMounts: [] extraVolumes: [] labels: {} nodeSelector: {} podAnnotations: {} podLabels: {} priorityClassName: "" resources: {} service: {} sidecars: [] tolerations: [] metrics: enabled: false image: pullPolicy: IfNotPresent registry: docker.io repository: bitnami/postgres-exporter tag: 0.8.0-debian-10-r72 livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 prometheusRule: additionalLabels: {} enabled: false namespace: "" rules: [] readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 securityContext: enabled: false runAsUser: 1001 service: annotations: prometheus.io/port: "9187" prometheus.io/scrape: "true" loadBalancerIP: null type: ClusterIP serviceMonitor: additionalLabels: {} enabled: false networkPolicy: allowExternal: true enabled: false explicitNamespacesSelector: {} persistence: accessModes: - ReadWriteOnce annotations: {} enabled: true existingClaim: null mountPath: /bitnami/postgresql size: 50Gi subPath: "" postgresqlDataDir: /bitnami/postgresql/data postgresqlDatabase: pipelinesdb postgresqlPassword: "" postgresqlUsername: apiuser readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 replication: applicationName: my_application enabled: false numSynchronousReplicas: 0 password: repl_password slaveReplicas: 1 synchronousCommit: "off" user: repl_user resources: requests: cpu: 250m memory: 256Mi securityContext: enabled: true fsGroup: 1001 runAsUser: 1001 service: annotations: {} port: 5432 type: ClusterIP serviceAccount: enabled: false shmVolume: chmod: enabled: true enabled: true slave: affinity: {} annotations: {} extraInitContainers: | # - name: do-something # image: busybox # command: ['do', 'something'] extraVolumeMounts: [] extraVolumes: [] labels: {} nodeSelector: {} podAnnotations: {} podLabels: {} priorityClassName: "" service: {} sidecars: [] tolerations: [] updateStrategy: type: RollingUpdate volumePermissions: enabled: false image: pullPolicy: Always registry: docker.io repository: bitnami/minideb tag: buster securityContext: runAsUser: 0 rabbitmq: affinity: {} enabled: true externalUrl: amqps://pipelines-rabbit.jfrog.tech extraSecrets: {} extraVolumeMounts: [] extraVolumes: [] forceBoot: enabled: false global: postgresql: database: pipelinesdb host: postgres-postgresql password: password port: 5432 ssl: false user: artifactory vault: host: OVERRIDE port: OVERRIDE token: OVERRIDE image: debug: false pullPolicy: IfNotPresent registry: registry.connect.redhat.com repository: jfrog/xray-rabbitmq tag: 3.8.6 ingress: annotations: null enabled: false path: / tls: true tlsSecret: OVERRIDE ldap: enabled: false port: "389" server: "" tls: enabled: false user_dn_pattern: cn=${username},dc=example,dc=org livenessProbe: commandOverride: [] enabled: true failureThreshold: 6 initialDelaySeconds: 120 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 20 metrics: enabled: false plugins: rabbitmq_prometheus podAnnotations: prometheus.io/port: '{{ .Values.metrics.port }}' prometheus.io/scrape: "true" port: 9419 prometheusRule: additionalLabels: {} enabled: false namespace: "" rules: [] serviceMonitor: additionalLabels: {} enabled: false honorLabels: false interval: 30s networkPolicy: allowExternal: true enabled: false nodeSelector: {} persistence: accessMode: ReadWriteOnce enabled: true path: /opt/bitnami/rabbitmq/var/lib/rabbitmq size: 20Gi podAnnotations: {} podDisruptionBudget: {} podLabels: {} podManagementPolicy: OrderedReady protocol: amqps rabbitmq: advancedConfiguration: "" clustering: address_type: hostname k8s_domain: cluster.local rebalance: false configuration: |- ## Clustering cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s cluster_formation.k8s.host = kubernetes.default.svc.cluster.local cluster_formation.node_cleanup.interval = 10 cluster_formation.node_cleanup.only_log_warning = true cluster_partition_handling = autoheal # queue master locator queue_master_locator=min-masters # enable guest user loopback_users.guest = false env: {} erlangCookie: PIPELINESRABBITMQCLUSTER extraConfiguration: |- #disk_free_limit.absolute = 50MB #management.load_definitions = /app/load_definition.json extraPlugins: "" loadDefinition: enabled: false secretName: load-definition logs: '-' maxAvailableSchedulers: 2 onlineSchedulers: 1 password: guest plugins: rabbitmq_management rabbitmq_peer_discovery_k8s setUlimitNofiles: true tls: caCertificate: "" enabled: false failIfNoPeerCert: true serverCertificate: "" serverKey: "" sslOptionsVerify: verify_peer ulimitNofiles: "65536" username: guest rbacEnabled: true readinessProbe: commandOverride: [] enabled: true failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 20 replicas: 1 resources: {} securityContext: enabled: true extra: {} fsGroup: 1001 runAsUser: 1001 service: annotations: {} distPort: 25672 managerPort: 15672 port: 5672 tlsPort: 5671 type: ClusterIP serviceVmLb: annotations: null enabled: false loadBalancerIP: null loadBalancerSourceRanges: [] tolerations: [] updateStrategy: type: RollingUpdate volumePermissions: enabled: false image: pullPolicy: Always registry: docker.io repository: bitnami/minideb tag: buster resources: {} rbac: create: true redis: cluster: enabled: false slaveCount: 2 clusterDomain: cluster.local configmap: |- # Enable AOF https://redis.io/topics/persistence#append-only-file appendonly yes # Disable RDB persistence, AOF persistence already enabled. save "" enabled: true global: postgresql: database: pipelinesdb host: postgres-postgresql password: password port: 5432 ssl: false user: artifactory redis: {} vault: host: OVERRIDE port: OVERRIDE token: OVERRIDE image: pullPolicy: IfNotPresent registry: registry.redhat.io repository: rhel8/redis-5 tag: 1-98 master: affinity: {} command: "" configmap: |- appendonly yes loglevel notice disableCommands: - FLUSHDB - FLUSHALL extraFlags: [] livenessProbe: enabled: true failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 persistence: accessModes: - ReadWriteOnce enabled: true matchExpressions: {} matchLabels: {} path: /data size: 8Gi subPath: "" podAnnotations: {} podLabels: {} readinessProbe: enabled: true failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: {} service: annotations: {} labels: {} loadBalancerIP: null port: 6379 type: ClusterIP statefulset: updateStrategy: RollingUpdate metrics: enabled: false image: pullPolicy: IfNotPresent registry: docker.io repository: bitnami/redis-exporter tag: 1.5.2-debian-10-r21 podAnnotations: prometheus.io/port: "9121" prometheus.io/scrape: "true" prometheusRule: additionalLabels: {} enabled: false namespace: "" rules: [] service: annotations: {} labels: {} type: ClusterIP serviceMonitor: enabled: false selector: prometheus: kube-prometheus networkPolicy: enabled: false ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} password: "" persistence: {} podSecurityPolicy: create: false rbac: create: false role: rules: [] redisPort: 6379 securityContext: enabled: true fsGroup: 1001 runAsUser: 1001 sentinel: configmap: null downAfterMilliseconds: 60000 enabled: false failoverTimeout: 18000 image: pullPolicy: IfNotPresent registry: docker.io repository: bitnami/redis-sentinel tag: 5.0.8-debian-10-r25 initialCheckTimeout: 5 livenessProbe: enabled: true failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 masterSet: mymaster parallelSyncs: 1 port: 26379 quorum: 2 readinessProbe: enabled: true failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 service: annotations: {} labels: {} loadBalancerIP: null redisPort: 6379 sentinelPort: 26379 type: ClusterIP staticID: false usePassword: true serviceAccount: create: false name: null slave: affinity: {} command: /run.sh configmap: null disableCommands: - FLUSHDB - FLUSHALL extraFlags: [] livenessProbe: enabled: true failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 persistence: accessModes: - ReadWriteOnce enabled: true matchExpressions: {} matchLabels: {} path: /data size: 8Gi subPath: "" podAnnotations: {} podLabels: {} port: 6379 readinessProbe: enabled: true failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 10 resources: {} service: annotations: {} labels: {} loadBalancerIP: null port: 6379 type: ClusterIP statefulset: updateStrategy: RollingUpdate sysctlImage: command: [] enabled: false mountHostSys: false pullPolicy: Always registry: docker.io repository: bitnami/minideb resources: {} tag: buster usePassword: false usePasswordFile: false volumePermissions: enabled: false image: pullPolicy: Always registry: docker.io repository: bitnami/minideb tag: buster resources: {} runMode: production runtimeOverride: {} securityContext: enabled: true gid: 1030 uid: 1030 vault: affinity: {} configMaps: "" customInitContainers: "" customVolumeMounts: "" customVolumes: "" disablemlock: false enabled: true image: pullPolicy: IfNotPresent repository: registry.connect.redhat.com/jfrog/pipelines-vault tag: 1.7.1 init: image: pullPolicy: IfNotPresent repository: jfrog/pipelines-vault-init nodeSelector: {} rbac: role: rules: - apiGroups: - "" resources: - secrets verbs: - '*' resources: {} service: port: 30100 type: ClusterIP tolerations: [] updateStrategy: RollingUpdate HOOKS: MANIFEST: --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: pipelines-rabbitmq namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" secrets: - name: "pipelines-rabbitmq" --- # Source: openshift-pipelines/charts/pipelines/templates/service-account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: pipelines labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm --- # Source: openshift-pipelines/charts/pipelines/templates/vault-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: pipelines-pipelines-vault labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-vault --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/secrets.yaml apiVersion: v1 kind: Secret metadata: name: pipelines-rabbitmq namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" type: Opaque data: rabbitmq-password: "Z3Vlc3Q=" rabbitmq-erlang-cookie: "UElQRUxJTkVTUkFCQklUTVFDTFVTVEVS" --- # Source: openshift-pipelines/charts/pipelines/templates/database-secret.yaml apiVersion: v1 kind: Secret metadata: name: pipelines-database labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm type: Opaque data: postgresql-password: "cGFzc3dvcmQ=" postgresql-url: cG9zdGdyZXM6Ly9hcnRpZmFjdG9yeTpwYXNzd29yZEBwb3N0Z3Jlcy1wb3N0Z3Jlc3FsOjU0MzIvcGlwZWxpbmVzZGI/c3NsbW9kZT1kaXNhYmxl --- # Source: openshift-pipelines/charts/pipelines/templates/pipelines-system-yaml.yaml apiVersion: v1 kind: Secret metadata: name: pipelines-system-yaml labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm type: Opaque data: stringData: system.yaml: | shared: ## Artifactory configuration ## artifactory: ## Artifactory URL ## baseUrl: "http://openshiftartifactoryha-nginx" ## Unified UI URL ## baseUrlUI: "http://openshiftartifactoryha-nginx" ## Pipelines Service ID ## serviceId: "jfpip@12345" ## Artifactory Service ID ## artifactoryServiceId: "FFFFFFFFFFFF" ## Artifactory License ID ## licenseId: "FFFFFFFFF" ## Proxy to connect to Artifactory ## proxy: url: "" username: "" password: "" ## Router configuration ## router: ip: "" accessPort: 8046 dataPort: 8082 joinKey: "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" security: masterKey: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" ## Database configuration ## db: type: "postgres" ip: postgres-postgresql port: "5432" name: pipelinesdb username: artifactory password: password externalUrl: "" connectionString: "postgres://artifactory:password@postgres-postgresql:5432/pipelinesdb" ## RabbitMQ configuration ## msg: ip: pipelines-rabbitmq port: 5672 adminPort: 15672 erlangCookie: PIPELINESRABBITMQCLUSTER username: guest password: guest defaultExchange: pipelinesEx amqpVhost: pipelines amqpRootVhost: pipelinesRoot queues: - "core.pipelineSync" - "core.runTrigger" - "core.stepTrigger" - "core.marshaller" - "cluster.init" - "core.logup" - "www.signals" - "core.nexec" - "core.hookHandler" - "core.extensionSync" ui: username: monitor password: monitor external: ## URL for build plane VMs to access RabbitMQ url: amqps://pipelines-rabbit.jfrog.tech rootUrl: "" adminUrl: "" ## Vault configuration ## vault: ip: pipelines-pipelines-vault port: 30100 ## DO NOT CHANGE THE TOKEN VALUE!!! token: "_VAULT_TOKEN_" unsealKeys: - "" - "" - "" - "" - "" ## Redis configuration ## redis: ip: pipelines-redis-master port: 6379 clusterEnabled: false ## This section is used for bringing up the core services and setting up ## configurations required by the installer & the services ## core: ## id is automatically determined based on the current hostname ## or set using the SHARED_NODE_ID environment variable. ## id: "afd8df9d08bf257ae9b7d7dbbf348b7a3a574ebdd3a61d350d4b64e3129dee85" installerIP: "1.2.3.4" installerAuthToken: "c7595edd-b63d-4fd6-9e1e-13924d6637f0" installerImage: "jfrog/pipelines-installer" registryUrl: "registry.connect.redhat.com" os: "Ubuntu_16.04" osDistribution: "xenial" architecture: "x86_64" dockerVersion: "" runMode: "production" user: "" group: "" noVerifySsl: false ignoreTLSErrors: false controlplaneVersion: "1.7.1" buildplaneVersion: "1.7.1" accessControlAllowOrigins: - http://openshiftartifactoryha-nginx - http://openshiftartifactoryha-nginx rabbitmqHealthCheckIntervalInMins: 1 ## Global proxy settings, to be applied to all services ## proxy: httpProxy: "" httpsProxy: "" noProxy: "" username: "" password: "" ## Mailserver settings ## mailserver: host: "" port: "" username: "" password: "" tls: "" ssl: "" apiRetryIntervalMs: 3000 accountSyncFrequencyHr: 1 imageRegistrySecret: "" hardDeleteIntervalInMins: 60 configBackupCount: 5 lastUpdateTime: "" callHomeUrl: "https://api.bintray.com/products/jfrog/pipelines/stats/usage" allowCallHome: true serviceInstanceHealthCheckIntervalInMins: 1 serviceInstanceStatsCutOffIntervalInHours: 24 ## Service configuration ## services: api: name: pipelines-pipelines-api port: 30000 externalUrl: http://pipelines-api.jfrog.tech www: name: pipelines-pipelines-www port: 30001 externalUrl: http://pipelines-www.jfrog.tech sessionSecret: "c7595edd-b63d-4fd6-9e1e-13924d6637f0" pipelineSync: name: pipelineSync runTrigger: name: runTrigger stepTrigger: name: stepTrigger cron: name: cron nexec: name: nexec hookHandler: name: hookHandler marshaller: name: marshaller extensionSync: name: extensionSync ## Runtime configuration ## runtime: rootBucket: "jfrogpipelines" defaultMinionCount: 1 nodeCacheIntervalMS: 600000 jobConsoleBatchSize: 10 jobConsoleBufferIntervalMs: 3 maxDiskUsagePercentage: 90 stepTimeoutMS: 3600000 nodeStopDayOfWeek: 0 nodeStopIntervalDays: 30 maxNodeCheckInDelayMin: 15 defaultMinionInstanceSize: "c4.large" allowDynamicNodes: true allowCustomNodes: true languageImages: - architecture: x86_64 os: Ubuntu_16.04 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-u16node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: Ubuntu_16.04 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-u16java defaultVersion: 13 - architecture: x86_64 os: Ubuntu_16.04 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-u16cpp defaultVersion: 9.0.0 - architecture: x86_64 os: Ubuntu_16.04 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-u16go defaultVersion: 1.12.14 - architecture: x86_64 os: Ubuntu_18.04 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-u18node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: Ubuntu_18.04 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-u18java defaultVersion: 13 - architecture: x86_64 os: Ubuntu_18.04 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-u18cpp defaultVersion: 9.0.0 - architecture: x86_64 os: Ubuntu_18.04 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-u18go defaultVersion: 1.12.14 - architecture: x86_64 os: CentOS_7 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-c7node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: CentOS_7 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-c7java defaultVersion: 11 - architecture: x86_64 os: CentOS_7 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-c7cpp defaultVersion: 3.4.2 - architecture: x86_64 os: CentOS_7 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-c7go defaultVersion: 1.12.14 - architecture: x86_64 os: WindowsServer_2019 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-w19node defaultVersion: 10.18.0 - architecture: x86_64 os: WindowsServer_2019 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-w19java defaultVersion: 11 - architecture: x86_64 os: WindowsServer_2019 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-w19cpp defaultVersion: 9.0.0 - architecture: x86_64 os: WindowsServer_2019 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-w19go defaultVersion: 1.12.14 - architecture: x86_64 os: WindowsServer_2019 language: dotnetcore registryUrl: docker.bintray.io image: jfrog/pipelines-w19dotnetcore isDefault: true defaultVersion: 3.1 - architecture: x86_64 os: RHEL_7 language: node registryUrl: docker.bintray.io image: jfrog/pipelines-c7node isDefault: true defaultVersion: 10.18.0 - architecture: x86_64 os: RHEL_7 language: java registryUrl: docker.bintray.io image: jfrog/pipelines-c7java defaultVersion: 11 - architecture: x86_64 os: RHEL_7 language: cpp registryUrl: docker.bintray.io image: jfrog/pipelines-c7cpp defaultVersion: 3.4.2 - architecture: x86_64 os: RHEL_7 language: go registryUrl: docker.bintray.io image: jfrog/pipelines-c7go defaultVersion: 1.12.14 --- # Source: openshift-pipelines/charts/pipelines/templates/rabbitmq-secret.yaml apiVersion: v1 kind: Secret metadata: name: pipelines-rabbitmq-secret labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm type: Opaque data: rabbitmq-erlang-cookie: "UElQRUxJTkVTUkFCQklUTVFDTFVTVEVS" rabbitmq-password: "Z3Vlc3Q=" --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/configuration.yaml apiVersion: v1 kind: ConfigMap metadata: name: pipelines-rabbitmq-config namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" data: enabled_plugins: |- [rabbitmq_management, rabbitmq_peer_discovery_k8s]. rabbitmq.conf: |- ##username and password default_user=guest default_pass=CHANGEME ## Clustering cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s cluster_formation.k8s.host = kubernetes.default.svc.cluster.local cluster_formation.node_cleanup.interval = 10 cluster_formation.node_cleanup.only_log_warning = true cluster_partition_handling = autoheal # queue master locator queue_master_locator=min-masters # enable guest user loopback_users.guest = false #disk_free_limit.absolute = 50MB #management.load_definitions = /app/load_definition.json --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/healthchecks.yaml apiVersion: v1 kind: ConfigMap metadata: name: pipelines-rabbitmq-healthchecks namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" data: rabbitmq-health-check: |- #!/bin/sh START_FLAG=/opt/bitnami/rabbitmq/var/lib/rabbitmq/.start if [ -f ${START_FLAG} ]; then rabbitmqctl node_health_check RESULT=$? if [ $RESULT -ne 0 ]; then rabbitmqctl status exit $? fi rm -f ${START_FLAG} exit ${RESULT} fi rabbitmq-api-check $1 $2 rabbitmq-api-check: |- #!/bin/sh set -e URL=$1 EXPECTED=$2 ACTUAL=$(curl --silent --show-error --fail "${URL}") echo "${ACTUAL}" test "${EXPECTED}" = "${ACTUAL}" --- # Source: openshift-pipelines/charts/pipelines/charts/redis/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: pipelines-redis namespace: default labels: app: redis chart: redis-10.6.3 heritage: Helm release: pipelines data: redis.conf: |- # User-supplied configuration: # Enable AOF https://redis.io/topics/persistence#append-only-file appendonly yes # Disable RDB persistence, AOF persistence already enabled. save "" master.conf: |- dir /data # User-supplied master configuration: appendonly yes loglevel notice rename-command FLUSHDB "" rename-command FLUSHALL "" replica.conf: |- dir /data slave-read-only yes rename-command FLUSHDB "" rename-command FLUSHALL "" --- # Source: openshift-pipelines/charts/pipelines/charts/redis/templates/health-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: pipelines-redis-health namespace: default labels: app: redis chart: redis-10.6.3 heritage: Helm release: pipelines data: ping_readiness_local.sh: |- #!/bin/bash response=$( timeout -s 9 $1 \ redis-cli \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_local.sh: |- #!/bin/bash response=$( timeout -s 9 $1 \ redis-cli \ -h localhost \ -p $REDIS_PORT \ ping ) if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then echo "$response" exit 1 fi ping_readiness_master.sh: |- #!/bin/bash response=$( timeout -s 9 $1 \ redis-cli \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$response" != "PONG" ]; then echo "$response" exit 1 fi ping_liveness_master.sh: |- #!/bin/bash response=$( timeout -s 9 $1 \ redis-cli \ -h $REDIS_MASTER_HOST \ -p $REDIS_MASTER_PORT_NUMBER \ ping ) if [ "$response" != "PONG" ] && [ "$response" != "LOADING Redis is loading the dataset in memory" ]; then echo "$response" exit 1 fi ping_readiness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? exit $exit_status ping_liveness_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? exit $exit_status --- # Source: openshift-pipelines/charts/pipelines/templates/pipelines-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: pipelines labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm rules: - apiGroups: - "" - extensions - apps resources: - deployments - persistentvolumes - persistentvolumeclaims - pods - deployments/scale verbs: - '*' --- # Source: openshift-pipelines/charts/pipelines/templates/pipelines-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: pipelines labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm subjects: - kind: ServiceAccount name: pipelines namespace: default roleRef: kind: ClusterRole apiGroup: rbac.authorization.k8s.io name: pipelines --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipelines-rabbitmq-endpoint-reader namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get"] - apiGroups: [""] resources: ["events"] verbs: ["create"] --- # Source: openshift-pipelines/charts/pipelines/templates/vault-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: pipelines-pipelines-vault labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-vault rules: - apiGroups: - "" resources: - secrets verbs: - '*' --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/rolebinding.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipelines-rabbitmq-endpoint-reader namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" subjects: - kind: ServiceAccount name: pipelines-rabbitmq roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pipelines-rabbitmq-endpoint-reader --- # Source: openshift-pipelines/charts/pipelines/templates/vault-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: pipelines-pipelines-vault labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-vault subjects: - kind: ServiceAccount name: pipelines-pipelines-vault roleRef: kind: Role apiGroup: rbac.authorization.k8s.io name: pipelines-pipelines-vault --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/svc-headless.yaml apiVersion: v1 kind: Service metadata: name: pipelines-rabbitmq-headless namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" spec: clusterIP: None ports: - name: epmd port: 4369 targetPort: epmd - name: amqp port: 5672 targetPort: amqp - name: dist port: 25672 targetPort: dist - name: stats port: 15672 targetPort: stats selector: app: rabbitmq release: "pipelines" --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/svc.yaml apiVersion: v1 kind: Service metadata: name: pipelines-rabbitmq namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" spec: type: ClusterIP ports: - name: epmd port: 4369 targetPort: epmd nodePort: null - name: amqp port: 5672 targetPort: amqp nodePort: null - name: dist port: 25672 targetPort: dist nodePort: null - name: stats port: 15672 targetPort: stats nodePort: null selector: app: rabbitmq release: "pipelines" --- # Source: openshift-pipelines/charts/pipelines/charts/redis/templates/headless-svc.yaml apiVersion: v1 kind: Service metadata: name: pipelines-redis-headless namespace: default labels: app: redis chart: redis-10.6.3 release: pipelines heritage: Helm spec: type: ClusterIP clusterIP: None ports: - name: redis port: 6379 targetPort: redis selector: app: redis release: pipelines --- # Source: openshift-pipelines/charts/pipelines/charts/redis/templates/redis-master-svc.yaml apiVersion: v1 kind: Service metadata: name: pipelines-redis-master namespace: default labels: app: redis chart: redis-10.6.3 release: pipelines heritage: Helm spec: type: ClusterIP ports: - name: redis port: 6379 targetPort: redis selector: app: redis release: pipelines role: master --- # Source: openshift-pipelines/charts/pipelines/templates/api-service.yaml apiVersion: v1 kind: Service metadata: name: pipelines-pipelines-api labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-api spec: type: ClusterIP ports: - port: 30000 targetPort: 30000 protocol: TCP name: api selector: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-services --- # Source: openshift-pipelines/charts/pipelines/templates/pipelines-service-headless.yaml apiVersion: v1 kind: Service metadata: name: pipelines-pipelines-services-headless labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP clusterIP: None ports: - port: 30000 targetPort: 30000 protocol: TCP name: api - port: 30001 targetPort: 30001 protocol: TCP name: www selector: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-services --- # Source: openshift-pipelines/charts/pipelines/templates/vault-service-headless.yaml apiVersion: v1 kind: Service metadata: name: pipelines-pipelines-vault-headless labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-vault spec: type: ClusterIP clusterIP: None ports: - name: http port: 30100 targetPort: 30100 protocol: TCP - name: server port: 30101 protocol: TCP selector: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-vault --- # Source: openshift-pipelines/charts/pipelines/templates/vault-service.yaml apiVersion: v1 kind: Service metadata: name: pipelines-pipelines-vault labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-vault spec: type: ClusterIP ports: - name: http port: 30100 targetPort: 30100 protocol: TCP - name: server port: 30101 protocol: TCP selector: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-vault --- # Source: openshift-pipelines/charts/pipelines/templates/www-service.yaml apiVersion: v1 kind: Service metadata: name: pipelines-pipelines-www labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-www spec: type: ClusterIP ports: - port: 30001 targetPort: 30001 protocol: TCP name: www selector: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-services --- # Source: openshift-pipelines/charts/pipelines/charts/rabbitmq/templates/statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: pipelines-rabbitmq namespace: default labels: app: rabbitmq chart: rabbitmq-6.25.0 release: "pipelines" heritage: "Helm" spec: serviceName: pipelines-rabbitmq-headless podManagementPolicy: OrderedReady replicas: 1 updateStrategy: type: RollingUpdate selector: matchLabels: app: rabbitmq release: "pipelines" template: metadata: labels: app: rabbitmq release: "pipelines" chart: rabbitmq-6.25.0 annotations: checksum/secret: cd200625b24962e95e00a823013671ecf528464dc6d000ff2103710176764a2a spec: serviceAccountName: pipelines-rabbitmq terminationGracePeriodSeconds: 10 containers: - name: rabbitmq image: registry.connect.redhat.com/jfrog/xray-rabbitmq:3.8.6 imagePullPolicy: "IfNotPresent" command: - bash - -ec - | mkdir -p /opt/bitnami/rabbitmq/.rabbitmq/ mkdir -p /opt/bitnami/rabbitmq/etc/rabbitmq/ touch /opt/bitnami/rabbitmq/var/lib/rabbitmq/.start #persist the erlang cookie in both places for server and cli tools echo $RABBITMQ_ERL_COOKIE > /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie cp /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie /opt/bitnami/rabbitmq/.rabbitmq/ #change permission so only the user has access to the cookie file chmod 600 /opt/bitnami/rabbitmq/.rabbitmq/.erlang.cookie /opt/bitnami/rabbitmq/var/lib/rabbitmq/.erlang.cookie #copy the mounted configuration to both places cp /opt/bitnami/rabbitmq/conf/* /opt/bitnami/rabbitmq/etc/rabbitmq # Apply resources limits ulimit -n "${RABBITMQ_ULIMIT_NOFILES}" #replace the default password that is generated sed -i "/CHANGEME/cdefault_pass=${RABBITMQ_PASSWORD//\\/\\\\}" /opt/bitnami/rabbitmq/etc/rabbitmq/rabbitmq.conf exec rabbitmq-server volumeMounts: - name: config-volume mountPath: /opt/bitnami/rabbitmq/conf - name: healthchecks mountPath: /usr/local/sbin/rabbitmq-api-check subPath: rabbitmq-api-check - name: healthchecks mountPath: /usr/local/sbin/rabbitmq-health-check subPath: rabbitmq-health-check - name: data mountPath: "/opt/bitnami/rabbitmq/var/lib/rabbitmq" ports: - name: epmd containerPort: 4369 - name: amqp containerPort: 5672 - name: dist containerPort: 25672 - name: stats containerPort: 15672 livenessProbe: exec: command: - sh - -c - rabbitmq-api-check "http://guest:$RABBITMQ_PASSWORD@127.0.0.1:15672/api/healthchecks/node" '{"status":"ok"}' initialDelaySeconds: 120 timeoutSeconds: 20 periodSeconds: 30 failureThreshold: 6 successThreshold: 1 readinessProbe: exec: command: - sh - -c - rabbitmq-health-check "http://guest:$RABBITMQ_PASSWORD@127.0.0.1:15672/api/healthchecks/node" '{"status":"ok"}' initialDelaySeconds: 10 timeoutSeconds: 20 periodSeconds: 30 failureThreshold: 3 successThreshold: 1 env: - name: BITNAMI_DEBUG value: "false" - name: MY_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: K8S_SERVICE_NAME value: "pipelines-rabbitmq-headless" - name: K8S_ADDRESS_TYPE value: hostname - name: RABBITMQ_NODENAME value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local" - name: K8S_HOSTNAME_SUFFIX value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local" - name: RABBITMQ_LOGS value: "-" - name: RABBITMQ_ULIMIT_NOFILES value: "65536" - name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS value: +S 2:1 - name: RABBITMQ_USE_LONGNAME value: "true" - name: RABBITMQ_ERL_COOKIE valueFrom: secretKeyRef: name: pipelines-rabbitmq key: rabbitmq-erlang-cookie - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: pipelines-rabbitmq key: rabbitmq-password securityContext: fsGroup: 1001 runAsUser: 1001 volumes: - name: config-volume configMap: name: pipelines-rabbitmq-config items: - key: rabbitmq.conf path: rabbitmq.conf - key: enabled_plugins path: enabled_plugins - name: healthchecks configMap: name: pipelines-rabbitmq-healthchecks items: - key: rabbitmq-health-check path: rabbitmq-health-check mode: 111 - key: rabbitmq-api-check path: rabbitmq-api-check mode: 111 volumeClaimTemplates: - metadata: name: data labels: app: rabbitmq release: "pipelines" heritage: "Helm" spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "20Gi" --- # Source: openshift-pipelines/charts/pipelines/charts/redis/templates/redis-master-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: pipelines-redis-master namespace: default labels: app: redis chart: redis-10.6.3 release: pipelines heritage: Helm spec: selector: matchLabels: app: redis release: pipelines role: master serviceName: pipelines-redis-headless template: metadata: labels: app: redis chart: redis-10.6.3 release: pipelines role: master annotations: checksum/health: 5d2e8523ae6c0cac2452aab66904ac5b5d6dc0a529ac4e9333177b412c6e8fd1 checksum/configmap: 58a5a052638c9f5d1252ef740b81decddd00d24176a06b07b57f3e4b1987e666 checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 spec: securityContext: fsGroup: 1001 serviceAccountName: "default" containers: - name: redis image: "registry.redhat.io/rhel8/redis-5:1-98" imagePullPolicy: "IfNotPresent" securityContext: runAsUser: 1001 command: - /bin/bash - -c - | if [[ -n $REDIS_PASSWORD_FILE ]]; then password_aux=`cat ${REDIS_PASSWORD_FILE}` export REDIS_PASSWORD=$password_aux fi if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf fi if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf fi ARGS=("--port" "${REDIS_PORT}") ARGS+=("--protected-mode" "no") ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") redis-server "${ARGS[@]}" env: - name: REDIS_REPLICATION_MODE value: master - name: ALLOW_EMPTY_PASSWORD value: "yes" - name: REDIS_PORT value: "6379" ports: - name: redis containerPort: 6379 livenessProbe: initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_liveness_local.sh 5 readinessProbe: initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 exec: command: - sh - -c - /health/ping_readiness_local.sh 5 resources: {} volumeMounts: - name: health mountPath: /health - name: redis-data mountPath: /data subPath: - name: config mountPath: /opt/bitnami/redis/mounted-etc - name: redis-tmp-conf mountPath: /opt/bitnami/redis/etc/ volumes: - name: health configMap: name: pipelines-redis-health defaultMode: 0755 - name: config configMap: name: pipelines-redis - name: redis-tmp-conf emptyDir: {} volumeClaimTemplates: - metadata: name: redis-data labels: app: redis release: pipelines heritage: Helm component: master spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "8Gi" selector: updateStrategy: type: RollingUpdate --- # Source: openshift-pipelines/charts/pipelines/templates/pipelines-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: pipelines-pipelines-services labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm spec: serviceName: pipelines-pipelines-services-headless replicas: 1 updateStrategy: type: RollingUpdate selector: matchLabels: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-services template: metadata: labels: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-services annotations: checksum/systemyaml: f5d51f2f399be165ea4c3d48b085ab08baed54b2591828cd38fb5f847af16cae checksum/secretdb: 48459e973b36b16071c353caa94a8ca3d3b446a893f79f86af191ce6f3856887 checksum/secretaws: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b checksum/configaws: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b checksum/secretk8s: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b checksum/configk8s: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b checksum/configfilebeat: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 spec: serviceAccountName: pipelines initContainers: - name: copy-system-yaml image: "quay.io/jfrog/init:1.0.0" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false command: - '/bin/sh' - '-c' - > echo "Copy system.yaml to /opt/jfrog/pipelines/var/etc"; cp -fv /tmp/etc/system.yaml /opt/jfrog/pipelines/var/etc/system.yaml; volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: systemyaml mountPath: "/tmp/etc/system.yaml" subPath: system.yaml - name: wait-for-vault image: "quay.io/jfrog/init:1.0.0" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false command: - 'sh' - '-c' - > echo "Waiting for Vault to come up..."; until nc -z -w 2 pipelines-pipelines-vault 30100 && echo Vault ok; do sleep 2; done; - name: pipelines-installer image: "registry.connect.redhat.com/jfrog/pipelines-installer:1.7.1" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false env: - name: VAULT_TOKEN valueFrom: secretKeyRef: name: root-vault-secret key: token - name: PIPELINES_SHARED_DB_CONNECTIONSTRING valueFrom: secretKeyRef: name: pipelines-database key: postgresql-url - name: PIPELINES_NODE_ID valueFrom: fieldRef: fieldPath: "metadata.name" command: - 'sh' - '-c' - > echo "Waiting for RabbitMQ to come up..."; until nc -z -w 2 pipelines-rabbitmq 5672 && echo rabbitmq ok; do sleep 2; done; echo "Waiting for Redis to come up..."; until nc -z -w 2 pipelines-redis-master 6379 && echo redis ok; do sleep 2; done; sleep 20; ./pipelines-k8s; echo "Setting router as user for system.yaml"; chown 1117:1117 /opt/jfrog/pipelines/var/etc/system.yaml; volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: "redhat-custom-setup" image: quay.io/jfrog/init:1.0.0 imagePullPolicy: Always command: - 'sh' - '-c' - 'chown -R 1117:1117 /opt/jfrog/pipelines/var/etc' securityContext: runAsUser: 0 volumeMounts: - mountPath: "/opt/jfrog/pipelines/var/etc" name: volume containers: - name: router image: "registry.connect.redhat.com/jfrog/pipelines-router:1.7.1" imagePullPolicy: IfNotPresent env: - name: JF_ROUTER_SERVICEREGISTRY_URL value: "http://openshiftartifactoryha-nginx/access" - name: JF_ROUTER_SERVICEREGISTRY_GRPCADDRESS value: "openshiftartifactoryha-nginx" - name: JF_ROUTER_ENTRYPOINTS_INTERNALPORT value: "8046" - name: JF_ROUTER_ENTRYPOINTS_EXTERNALPORT value: "8082" - name: JF_ROUTER_LOGGING_ROUTER_LOGLEVEL value: "DEBUG" - name: JF_SHARED_NODE_ID valueFrom: fieldRef: fieldPath: "metadata.name" - name: JF_SHARED_NODE_IP valueFrom: fieldRef: fieldPath: "status.podIP" - name: JF_SHARED_SECURITY_JOINKEY value: "EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE" - name: JF_ROUTER_ENCRYPTSYSTEMCONFIG value: "true" ports: - name: router containerPort: 8046 securityContext: allowPrivilegeEscalation: false resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/router/var/etc - name: api image: "registry.connect.redhat.com/jfrog/pipelines-api:1.7.1" imagePullPolicy: IfNotPresent env: - name: PIPELINES_NODE_ID valueFrom: fieldRef: fieldPath: "metadata.name" ports: - name: api containerPort: 30000 livenessProbe: httpGet: path: / port: api initialDelaySeconds: 10 timeoutSeconds: 5 failureThreshold: 6 readinessProbe: httpGet: path: / port: api initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 5 resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: www image: "registry.connect.redhat.com/jfrog/pipelines-www:1.7.1" imagePullPolicy: IfNotPresent ports: - name: www containerPort: 30001 livenessProbe: httpGet: path: / port: www initialDelaySeconds: 10 failureThreshold: 6 timeoutSeconds: 5 readinessProbe: httpGet: path: / port: www initialDelaySeconds: 10 timeoutSeconds: 3 periodSeconds: 5 resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: pipelinesync image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/pipelineSync env: - name: COMPONENT value: pipelinesync resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: runtrigger image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/runTrigger env: - name: COMPONENT value: runtrigger resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: steptrigger image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/stepTrigger env: - name: COMPONENT value: steptrigger resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: cron image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/cron env: - name: COMPONENT value: cron resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: nexec image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/nexec env: - name: COMPONENT value: nexec resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: hookhandler image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/hookHandler env: - name: COMPONENT value: hookhandler resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: marshaller image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/marshaller env: - name: COMPONENT value: marshaller resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: logup image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/logup env: - name: COMPONENT value: logup resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log - name: extensionsync image: "registry.connect.redhat.com/jfrog/pipelines-micro:1.7.1" imagePullPolicy: IfNotPresent workingDir: /opt/jfrog/pipelines/app/micro/extensionSync env: - name: COMPONENT value: extensionsync resources: {} volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: jfrog-pipelines-logs mountPath: /opt/jfrog/pipelines/var/log volumes: - name: jfrog-pipelines-folder emptyDir: {} - name: jfrog-pipelines-logs emptyDir: {} - name: systemyaml secret: secretName: pipelines-system-yaml --- # Source: openshift-pipelines/charts/pipelines/templates/vault-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: pipelines-pipelines-vault labels: helm.sh/chart: pipelines-1.4.5 app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines app.kubernetes.io/version: "1.7.2" app.kubernetes.io/managed-by: Helm component: pipelines-pipelines-vault spec: serviceName: pipelines-pipelines-vault-headless replicas: 1 updateStrategy: type: RollingUpdate selector: matchLabels: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-vault template: metadata: labels: app.kubernetes.io/name: pipelines app.kubernetes.io/instance: pipelines component: pipelines-pipelines-vault spec: serviceAccountName: pipelines-pipelines-vault initContainers: - name: config image: 'quay.io/jfrog/init:1.0.0' imagePullPolicy: IfNotPresent env: - name: PIPELINES_SHARED_DB_CONNECTIONSTRING valueFrom: secretKeyRef: name: pipelines-database key: postgresql-url command: ["/bin/sh", "-c"] args: - | cat > /etc/vault/config/vault.hcl < echo "Waiting for Postgres to come up..."; until nc -z -w 2 postgres-postgresql 5432 && echo database ok; do sleep 2; done; sleep 10; - name: create-vault-table image: "registry.connect.redhat.com/jfrog/pipelines-installer:1.7.1" imagePullPolicy: IfNotPresent env: - name: PIPELINES_SHARED_DB_CONNECTIONSTRING valueFrom: secretKeyRef: name: pipelines-database key: postgresql-url command: - 'sh' - '-c' - > echo "Copy system.yaml to /opt/jfrog/pipelines/var/etc"; cp -fv /tmp/etc/system.yaml /opt/jfrog/pipelines/var/etc/system.yaml; echo "Creating Vault Table..."; ./pipelines-k8s initVault; volumeMounts: - name: jfrog-pipelines-folder mountPath: /opt/jfrog/pipelines/var/etc - name: systemyaml mountPath: "/tmp/etc/system.yaml" subPath: system.yaml containers: - name: vault-init image: "registry.connect.redhat.com/jfrog/pipelines-vault-init:1.7.1" imagePullPolicy: IfNotPresent env: - name: CHECK_INTERVAL value: "10s" - name: VAULT_NAMESPACE value: default - name: VAULT_ADDRESS value: "http://localhost:30100" resources: requests: memory: 10Mi cpu: 10m limits: memory: 50Mi cpu: 50m - name: vault image: "registry.connect.redhat.com/jfrog/pipelines-vault:1.7.1" imagePullPolicy: IfNotPresent env: - name: POD_IP valueFrom: fieldRef: fieldPath: "status.podIP" - name: "VAULT_API_ADDR" value: "http://$(POD_IP):30100" - name: "VAULT_CLUSTER_ADDR" value: "http://$(POD_IP):30101" args: - "server" - "-config=/etc/vault/config/vault.hcl" ports: - name: http containerPort: 30100 protocol: "TCP" - name: server containerPort: 30101 protocol: "TCP" readinessProbe: httpGet: path: "/v1/sys/health?standbyok=true" port: 30100 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 resources: {} securityContext: capabilities: add: - IPC_LOCK volumeMounts: - name: vault-config mountPath: /etc/vault/config volumes: - name: vault-config emptyDir: {} - name: jfrog-pipelines-folder emptyDir: {} - name: systemyaml secret: secretName: pipelines-system-yaml