Skip to content

C
charts
Commit 79197c41 by Jainish Shah Committed by Guangbo
Options

Updating Artifactory-ha version to v0.8.3

* moved latest to v0.7.12 * adding v0.8.3 to latest
parent 718c2a86
Showing with 1360 additions and 78 deletions
charts/artifactory-ha/latest/CHANGELOG.md
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file.
## [0.8.3] - Jan 1, 2019
* Updated Artifactory version to 6.6.3
* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory
## [0.8.2] - Dec 28, 2018
* Fix location `replicator.yaml` is copied to
## [0.8.1] - Dec 27, 2018
* Updated Artifactory version to 6.6.1
## [0.8.0] - Dec 20, 2018
* Updated Artifactory version to 6.6.0
## [0.7.17] - Dec 17, 2018
* Updated Artifactory version to 6.5.13
## [0.7.16] - Dec 12, 2018
* Fix documentation about Artifactory license setup using secret
## [0.7.15] - Dec 9, 2018
* AWS S3 add `roleName` for using IAM role
## [0.7.14] - Dec 6, 2018
* AWS S3 `identity` and `credential` are now added only if have a value to allow using IAM role
## [0.7.13] - Dec 5, 2018
* Remove Distribution certificates creation.
## [0.7.12] - Dec 2, 2018
* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting.
......
charts/artifactory-ha/latest/Chart.yaml
apiVersion: v1
appVersion: 6.5.9
name: artifactory-ha
home: https://www.jfrog.com/artifactory/
version: 0.8.3
appVersion: 6.6.3
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/artifactory-dcos/master/images/jfrog_med.png
keywords:
- artifactory
- jfrog
- devops
maintainers:
- email: jainishs@jfrog.com
name: jainishshah17
- email: eldada@jfrog.com
name: eldada
- email: rimasm@jfrog.com
name: rimusz
name: artifactory-ha
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
version: 0.7.12
maintainers:
- name: jainishshah17
email: jainishs@jfrog.com
- name: eldada
email: eldada@jfrog.com
- name: rimusz
email: rimasm@jfrog.com
icon: https://raw.githubusercontent.com/jfrog/artifactory-dcos/master/images/jfrog_med.png
charts/artifactory-ha/latest/README.md
......@@ -88,22 +88,6 @@ helm install --name artifactory-ha \
Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/).
### Create Distribution Certificates for Artifactory Enterprise Plus
```bash
# Create private.key and root.crt
openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out root.crt
```
Once Created, Use it to create ConfigMap
```bash
# Create ConfigMap distribution-certs
kubectl create configmap distribution-certs --from-file=private.key=private.key --from-file=root.crt=root.crt
```
Pass it to `helm`
```bash
helm install --name artifactory --set artifactory.distributionCerts=distribution-certs jfrog/artifactory-ha
```
### Artifactory storage
Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration)
......@@ -143,12 +127,21 @@ To use an AWS S3 bucket as the cluster's filestore
- Pass AWS S3 parameters to `helm install` and `helm upgrade`
```bash
...
# With explicit credentials:
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \
--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \
...
...
# With using existing IAM role
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \
...
```
**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html)
......@@ -191,7 +184,7 @@ Once primary cluster is running, open Artifactory UI and insert the license(s) i
##### Kubernetes Secret
You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/).
Prepare a text file with the license(s) written in it. If writing multiple licenses, it's important to put **two new lines between each license block**!
Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**!
```bash
# Create the Kubernetes secret (assuming the local license file is 'art.lic')
kubectl create secret generic artifactory-cluster-license --from-file=./art.lic
......@@ -199,7 +192,8 @@ kubectl create secret generic artifactory-cluster-license --from-file=./art.lic
# Pass the license to helm
helm install --name artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic jfrog/artifactory-ha
```
**NOTE:** You have to keep passing the license secret parameters as `--set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic` on all future calls to `helm install` and `helm upgrade`!
**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
Updating the license should be done via Artifactory UI or REST API.
### Bootstrapping Artifactory
**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section.
......@@ -364,6 +358,7 @@ The following table lists the configurable parameters of the artifactory chart a
| `artifactory.internalPort` | Artifactory service internal port | `8081` |
| `artifactory.internalPortReplicator` | Replicator service internal port | `6061` |
| `artifactory.externalPortReplicator` | Replicator service external port | `6061` |
| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | |
| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` |
| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
......@@ -396,14 +391,15 @@ The following table lists the configurable parameters of the artifactory chart a
| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-ha` |
| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | |
| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | |
| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory-ha/filestore` |
| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` |
| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) |
| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.javaOpts.other` | Artifactory additional java options (for all nodes) | |
| `artifactory.replicator.enabled` | Enable Artifactory Replicator | `false` |
| `artifactory.distributionCerts` | Name of ConfigMap for Artifactory Distribution Certificate | |
| `artifactory.replicator.publicUrl` | Artifactory Replicator Public URL | |
| `artifactory.primary.resources.requests.memory` | Artifactory primary node initial memory request | |
| `artifactory.primary.resources.requests.cpu` | Artifactory primary node initial cpu request | |
......
charts/artifactory-ha/latest/app-readme.md
......@@ -9,5 +9,8 @@ This chart will do the following:
* Deploy a PostgreSQL database
* Deploy an Nginx server(optional)
## Useful links
Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/)
## Activate Your Artifactory Instance
Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it.
charts/artifactory-ha/latest/questions.yml
......@@ -22,7 +22,7 @@ questions:
type: string
label: Artifactory Image Name
- variable: artifactory.image.version
default: "6.5.9"
default: "6.6.3"
description: "Artifactory image tag"
type: string
label: Artifactory Image Tag
......@@ -32,7 +32,7 @@ questions:
type: string
label: Nginx Image Name
- variable: nginx.image.version
default: "6.5.9"
default: "6.6.3"
description: "Nginx image tag"
type: string
label: Nginx Image Tag
......
charts/artifactory-ha/latest/templates/artifactory-binarystore.yaml
......@@ -135,13 +135,22 @@ data:
<provider id="s3" type="s3">
<endpoint>{{ .Values.artifactory.persistence.awsS3.endpoint }}</endpoint>
{{- if .Values.artifactory.persistence.awsS3.roleName }}
<roleName>{{ .Values.artifactory.persistence.awsS3.roleName }}</roleName>
<refreshCredentials>true</refreshCredentials>
{{- else }}
<refreshCredentials>{{ .Values.artifactory.persistence.awsS3.refreshCredentials }}</refreshCredentials>
{{- end }}
<testConnection>{{ .Values.artifactory.persistence.awsS3.testConnection }}</testConnection>
<httpsOnly>true</httpsOnly>
<region>{{ .Values.artifactory.persistence.awsS3.region }}</region>
<bucketName>{{ .Values.artifactory.persistence.awsS3.bucketName }}</bucketName>
{{- if .Values.artifactory.persistence.awsS3.identity }}
<identity>{{ .Values.artifactory.persistence.awsS3.identity }}</identity>
{{- end }}
{{- if .Values.artifactory.persistence.awsS3.credential }}
<credential>{{ .Values.artifactory.persistence.awsS3.credential }}</credential>
{{- end }}
<path>{{ .Values.artifactory.persistence.awsS3.path }}</path>
{{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }}
<property name="{{ $key }}" value="{{ $value }}"/>
......
charts/artifactory-ha/latest/templates/artifactory-node-statefulset.yaml
......@@ -40,18 +40,19 @@ spec:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
- >
if [ -d {{ .Values.artifactory.persistence.mountPath }}/lost+found ]; then
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found
fi
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
......@@ -92,14 +93,8 @@ spec:
- '-c'
- >
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
mkdir -p /opt/jfrog/artifactory/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml /opt/jfrog/artifactory/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
......@@ -206,6 +201,10 @@ spec:
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
{{- range .Values.artifactory.extraEnvironmentVariables }}
- name: {{ .name }}
value: '{{ .value }}'
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
volumeMounts:
......@@ -221,10 +220,6 @@ spec:
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
......@@ -298,11 +293,6 @@ spec:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
......@@ -316,7 +306,7 @@ spec:
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.persistence.local }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
......
charts/artifactory-ha/latest/templates/artifactory-primary-statefulset.yaml
......@@ -40,18 +40,19 @@ spec:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
- >
if [ -d {{ .Values.artifactory.persistence.mountPath }}/lost+found ]; then
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found
fi
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
......@@ -95,14 +96,8 @@ spec:
cp -Lrf /bootstrap/* /artifactory_extra_conf/;
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
mkdir -p /opt/jfrog/artifactory/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml /opt/jfrog/artifactory/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
......@@ -207,6 +202,10 @@ spec:
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
{{- range .Values.artifactory.extraEnvironmentVariables }}
- name: {{ .name }}
value: '{{ .value }}'
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
{{- if .Values.artifactory.replicator.enabled }}
......@@ -237,10 +236,6 @@ spec:
mountPath: "/artifactory_extra_conf/artifactory.cluster.license"
subPath: {{ .Values.artifactory.license.dataKey }}
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
......@@ -308,11 +303,6 @@ spec:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
......@@ -339,7 +329,7 @@ spec:
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.persistence.local }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
......
charts/artifactory-ha/latest/values.yaml
......@@ -135,6 +135,24 @@ artifactory:
## Extra post-start command to run extra commands after container starts
# postStartCommand:
## Extra environment variables that can be used to tune Artifactory to your needs.
## Uncomment and set value as needed
extraEnvironmentVariables:
# - name: SERVER_XML_ARTIFACTORY_PORT
# value: "8081"
# - name: SERVER_XML_ARTIFACTORY_MAX_THREADS
# value: "200"
# - name: SERVER_XML_ACCESS_MAX_THREADS
# value: "50"
# - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG
# value: ""
# - name: SERVER_XML_ACCESS_EXTRA_CONFIG
# value: ""
# - name: DB_POOL_MAX_ACTIVE
# value: "100"
# - name: DB_POOL_MAX_IDLE
# value: "10"
membershipPort: 10017
externalPort: 8081
internalPort: 8081
......@@ -208,6 +226,7 @@ artifactory:
bucketName: "artifactory-ha-aws"
endpoint:
region:
roleName:
identity:
credential:
path: "artifactory-ha/filestore"
......@@ -233,8 +252,6 @@ artifactory:
replicator:
enabled: false
publicUrl:
# Name of ConfigMap for Distribution Cert
distributionCerts:
annotations: {}
......
charts/artifactory-ha/v0.7.12/.helmignore 0 → 100644
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
OWNERS
\ No newline at end of file
charts/artifactory-ha/v0.7.12/CHANGELOG.md 0 → 100644
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file.
## [0.7.12] - Dec 2, 2018
* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting.
## [0.7.11] - Nov 30, 2018
* Updated Artifactory version to 6.5.9
## [0.7.10] - Nov 29, 2018
* Fixed the volumeMount for the replicator.yaml
## [0.7.9] - Nov 29, 2018
* Optionally include primary node into poddisruptionbudget
## [0.7.8] - Nov 29, 2018
* Updated postgresql version to 9.6.11
## [0.7.7] - Nov 27, 2018
* Updated Artifactory version to 6.5.8
## [0.7.6] - Nov 18, 2018
* Added support for configMap to use custom Reverse Proxy Configuration with Nginx
## [0.7.5] - Nov 14, 2018
* Updated Artifactory version to 6.5.3
## [0.7.4] - Nov 13, 2018
* Allow pod anti-affinity settings to include primary node
## [0.7.3] - Nov 12, 2018
* Support artifactory.preStartCommand for running command before entrypoint starts
## [0.7.2] - Nov 7, 2018
* Support database.url parameter (DB_URL)
## [0.7.1] - Oct 29, 2018
* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted)
## [0.7.0] - Oct 28, 2018
* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options
## [0.6.9] - Oct 23, 2018
* Fix providing external secret for database credentials
## [0.6.8] - Oct 22, 2018
* Allow user to configure externalTrafficPolicy for Loadbalancer
## [0.6.7] - Oct 22, 2018
* Updated ingress annotation support (with examples) to support docker registry v2
## [0.6.6] - Oct 21, 2018
* Updated Artifactory version to 6.5.2
## [0.6.5] - Oct 19, 2018
* Allow providing pre-existing secret containing master key
* Allow arbitrary annotations on primary and member node pods
* Enforce size limits when using local storage with `emptyDir`
* Allow `soft` or `hard` specification of member node anti-affinity
* Allow providing pre-existing secrets containing external database credentials
* Fix `s3` binary store provider to properly use the `cache-fs` provider
* Allow arbitrary properties when using the `s3` binary store provider
## [0.6.4] - Oct 18, 2018
* Updated Artifactory version to 6.5.1
## [0.6.3] - Oct 17, 2018
* Add Apache 2.0 license
## [0.6.2] - Oct 14, 2018
* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`)
## [0.6.1] - Oct 11, 2018
* Allows ingress default `backend` to be enabled or disabled (defaults to enabled)
## [0.6.0] - Oct 11, 2018
* Updated Artifactory version to 6.5.0
## [0.5.3] - Oct 9, 2018
* Quote ingress hosts to support wildcard names
## [0.5.2] - Oct 2, 2018
* Add `helm repo add jfrog https://charts.jfrog.io` to README
## [0.5.1] - Oct 2, 2018
* Set Artifactory to 6.4.1
## [0.5.0] - Sep 27, 2018
* Set Artifactory to 6.4.0
## [0.4.7] - Sep 26, 2018
* Add ci/test-values.yaml
## [0.4.6] - Sep 25, 2018
* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1
## [0.4.4] - Sep 2, 2018
* Updated Artifactory version to 6.3.2
## [0.4.0] - Aug 22, 2018
* Added support to run as non root
* Updated Artifactory version to 6.2.0
## [0.3.0] - Aug 22, 2018
* Enabled RBAC Support
* Added support for PostStartCommand (To download Database JDBC connector)
* Increased postgresql max_connections
* Added support for `nginx.conf` ConfigMap
* Updated Artifactory version to 6.1.0
charts/artifactory-ha/v0.7.12/Chart.yaml 0 → 100644
apiVersion: v1
appVersion: 6.5.9
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/artifactory-dcos/master/images/jfrog_med.png
keywords:
- artifactory
- jfrog
- devops
maintainers:
- email: jainishs@jfrog.com
name: jainishshah17
- email: eldada@jfrog.com
name: eldada
- email: rimasm@jfrog.com
name: rimusz
name: artifactory-ha
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
version: 0.7.12
charts/artifactory-ha/v0.7.12/OWNERS 0 → 100644
approvers:
- jainishshah17
- eldada
- rimusz
reviewers:
- jainishshah17
- eldada
- rimusz
\ No newline at end of file
charts/artifactory-ha/v0.7.12/ReverseProxyConfiguration.md 0 → 100644
# JFrog Artifactory Reverse Proxy Settings using Nginx
#### Reverse Proxy
* To use Artifactory as docker registry it's mandatory to use Reverse Proxy.
* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate
the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server.
* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy)
* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing.
**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog.
#### Features of Artifactory Nginx
* Provides default configuration with self signed SSL certificate.
* Auto update reverse proxy configuration by pulling configuration generated by Reverse Proxy Configuration Generator from Artifactory using [REST API](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy#ConfiguringaReverseProxy-RESTAPI)
* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory
#### Steps to use Reverse Proxy Configuration Generator to configuration for reverse proxy in nginx (Artifactory Pro/Enterprise).
* Deploy Artifactory using helm chart with Nginx enabled.
* Go to Artifactory Admin -> HTTP Settings.
Example values:
```
Docker Access Method: SubDomain
Server Provider: Nginx
Internal Hostname: $ARTIFACTORY_SERVICE_NAME (Get Artifactory Service Name by running `kubectl get svc` command)
Public Server Name: $DOMAIN_NAME
SSL Key Path: /var/opt/jfrog/nginx/ssl/tls.key (If SSL Cert is provided via Secret)
SSL Certificate Path: /var/opt/jfrog/nginx/ssl/tls.crt (If SSL Cert is provided via Secret)
```
* Provide appropriate values and save configuration.
* Once configuration is saved Nginx will automatically fetch reverse proxy configuration snippet from Artifactory and apply it immediately.
#### Steps to use static configuration for reverse proxy in nginx.
1. Create `artifactory-ha.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d)
* Following is example `artifactory-ha.conf`
```bash
## add HA entries when ha is configure
upstream artifactory {
server artifactory-ha-artifactory-ha-primary:8081;
server artifactory-ha:8081;
}
## add ssl entries when https has been set in config
ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt;
ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 80 ;
server_name ~(?<repo>.+)\.jfrog.team jfrog.team;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/jfrog.team-access.log timing;
## error_log /var/log/nginx/jfrog.team-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://artifactory/artifactory/$1;
}
proxy_pass http://artifactory/artifactory/;
proxy_next_upstream http_503 non_idempotent;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
```
2. Create configMap of `artifactory-ha.conf` created with step above.
```bash
kubectl create configmap art-nginx-conf --from-file=artifactory-ha.conf
```
3. Deploy Artifactory using helm chart with auto configuration update disabled in nginx.
You can achieve it by setting value to `true` for `nginx.env.skipAutoConfigUpdate` and providing name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml)
Which sets Environment Variable `SKIP_AUTO_UPDATE_CONFIG=true` in Nginx container.
Following is command to set values at runtime:
```bash
helm install --name artifactory-ha --set nginx.env.skipAutoConfigUpdate=true,nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha
```
\ No newline at end of file
charts/artifactory-ha/v0.7.12/app-readme.md 0 → 100644
# JFrog Artifactory High Availability Helm Chart
Universal Repository Manager supporting all major packaging formats, build tools and CI servers.
## Chart Details
This chart will do the following:
* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes.
* Deploy a PostgreSQL database
* Deploy an Nginx server(optional)
## Activate Your Artifactory Instance
Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it.
charts/artifactory-ha/v0.7.12/ci/test-values.yaml 0 → 100644
artifactory:
persistence:
enabled: false
postgresql:
postgresPassword: "password"
postgresConfig:
maxConnections: "102"
persistence:
enabled: false
nginx:
enabled: false
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: NodePort
charts/artifactory-ha/v0.7.12/requirements.lock 0 → 100644
dependencies:
- name: postgresql
repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.9.5
digest: sha256:7e07fb616d953e518e3373e2c5183290b4b6e94292a233528c0d52ffd42afc77
generated: 2018-10-28T06:26:39.466565306+02:00
charts/artifactory-ha/v0.7.12/requirements.yaml 0 → 100644
dependencies:
- name: postgresql
version: 0.9.5
repository: https://kubernetes-charts.storage.googleapis.com/
condition: postgresql.enabled
charts/artifactory-ha/v0.7.12/templates/NOTES.txt 0 → 100644
Congratulations. You have just deployed JFrog Artifactory HA!
{{- if (not .Values.artifactory.masterKeySecretName) and eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" }}
***************************************** WARNING ******************************************
* Your Artifactory master key is still set to the provided example: *
* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF *
* *
* You should change this to your own generated key: *
* $ export MASTER_KEY=$(openssl rand -hex 32) *
* $ echo ${MASTER_KEY} *
* *
* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' *
* *
* Alternatively, you can use a pre-existing secret with a key called master-key with *
* '--set artifactory.masterKeySecretName=${SECRET_NAME}' *
********************************************************************************************
{{- end }}
{{- if .Values.postgresql.enabled }}
DATABASE:
To extract the database password, run the following
export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgres-password}" | base64 --decode)
echo ${DB_PASSWORD}
{{- end }}
SETUP:
1. Get the Artifactory IP and URL
{{- if contains "NodePort" .Values.nginx.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
NOTE: It may take a few minutes for the LoadBalancer public IP to be available!
You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.nginx.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80
echo http://127.0.0.1:8080
{{- end }}
2. Open Artifactory in your browser
Default credential for Artifactory:
user: admin
password: password
{{- if .Values.artifactory.license.secret }}
3. Manage Artifactory license through the {{ .Values.artifactory.license.secret }} secret ONLY!
Since the artifactory license(s) is managed with a secret ({{ .Values.artifactory.license.secret }}), any change through the Artifactory UI might not be saved!
{{- else }}
3. Add HA licenses to activate Artifactory HA through the Artifactory UI
NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details.
{{- end }}
charts/artifactory-ha/v0.7.12/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "artifactory-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The primary node name
*/}}
{{- define "artifactory-ha.primary.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The member node name
*/}}
{{- define "artifactory-ha.node.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name nginx service.
*/}}
{{- define "artifactory-ha.nginx.name" -}}
{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.nginx.fullname" -}}
{{- if .Values.nginx.fullnameOverride -}}
{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nginx.name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "artifactory-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "artifactory-ha.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v0.7.12/templates/artifactory-binarystore.yaml 0 → 100644
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-bs
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
binarystore.xml: |-
{{- if eq .Values.artifactory.persistence.type "file-system" }}
<!-- File system replication -->
<config version="2">
<chain>
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<lenientLimit>2</lenientLimit>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="state-aware" type="state-aware"/>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</provider>
</chain>
<!-- Shards add local file-system provider configuration -->
<provider id="state-aware" type="state-aware">
<fileStoreDir>shard-fs-1</fileStoreDir>
<zone>local</zone>
</provider>
<!-- Shards dynamic remote provider configuration -->
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<serviceId>tester-remote1</serviceId>
<timeout>10000</timeout>
<zone>remote</zone>
<property name="header.remote.block" value="true"/>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "google-storage" }}
<!-- Google storage -->
<config version="2">
<chain>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry" type="retry">
<provider id="google-storage" type="google-storage"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="file-system" type="file-system">
<fileStoreDir>{{ .Values.artifactory.persistence.mountPath }}/data/filestore</fileStoreDir>
<tempDir>/tmp</tempDir>
</provider>
<provider id="google-storage" type="google-storage">
<providerId>google-cloud-storage</providerId>
<endpoint>commondatastorage.googleapis.com</endpoint>
<httpsOnly>false</httpsOnly>
<bucketName>{{ .Values.artifactory.persistence.googleStorage.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.googleStorage.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.googleStorage.credential }}</credential>
<path>{{ .Values.artifactory.persistence.googleStorage.path }}</path>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "aws-s3" }}
<!-- AWS S3 -->
<config version="2">
<chain> <!--template="cluster-s3"-->
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry-s3" type="retry">
<provider id="s3" type="s3"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
</provider>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<property name="zones" value="local,remote"/>
</provider>
<provider id="s3" type="s3">
<endpoint>{{ .Values.artifactory.persistence.awsS3.endpoint }}</endpoint>
<refreshCredentials>{{ .Values.artifactory.persistence.awsS3.refreshCredentials }}</refreshCredentials>
<testConnection>{{ .Values.artifactory.persistence.awsS3.testConnection }}</testConnection>
<httpsOnly>true</httpsOnly>
<region>{{ .Values.artifactory.persistence.awsS3.region }}</region>
<bucketName>{{ .Values.artifactory.persistence.awsS3.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.awsS3.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.awsS3.credential }}</credential>
<path>{{ .Values.artifactory.persistence.awsS3.path }}</path>
{{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }}
<property name="{{ $key }}" value="{{ $value }}"/>
{{- end }}
</provider>
</config>
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-nfs-pvc.yaml 0 → 100644
{{- if eq .Values.artifactory.persistence.type "nfs" }}
### Artifactory HA data
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-data-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-data-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
---
### Artifactory HA backup
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-backup-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-backup-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v0.7.12/templates/artifactory-node-pdb.yaml 0 → 100644
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "artifactory-ha.fullname" . }}-node
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
release: {{ .Release.Name }}
minAvailable: {{ .Values.artifactory.node.minAvailable }}
charts/artifactory-ha/v0.7.12/templates/artifactory-plugin-inactiveservercleaner.yaml 0 → 100644
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-isc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
inactiveServerCleaner.groovy: |-
import org.artifactory.state.ArtifactoryServerState
import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService
import org.artifactory.common.ConstantValues
import org.slf4j.Logger
import java.util.concurrent.TimeUnit
jobs {
clean(interval: 90000, delay: 900000) {
runCleanupHAInactiveServers()
}
}
executions {
cleanHAInactiveServers() { params ->
runCleanupHAInactiveServers()
}
}
def runCleanupHAInactiveServers() {
def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService)
def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log)
artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers()
}
public class ArtifactoryInactiveServersCleaner {
private ArtifactoryServersCommonService artifactoryServersCommonService
private Logger log
ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) {
this.artifactoryServersCommonService = artifactoryServersCommonService
this.log = log
}
def cleanInactiveArtifactoryServers() {
log.info "Executing inactive artifactory servers cleaner plugin"
List<String> allMembers = artifactoryServersCommonService.getAllArtifactoryServers()
for (member in allMembers) {
def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat())
def noHeartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt()
if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || ( noHeartbeat && member.getServerState() != ArtifactoryServerState.CONVERTING && member.getServerState() != ArtifactoryServerState.STARTING )) {
try {
log.info "Inactive artifactory servers cleaning task found server ${member.serverId} to remove"
artifactoryServersCommonService.removeServer(member.serverId)
}catch (Exception e){
log.error "Error: Not able to remove ${member.serverId}, ${e.message}"
}
}
}
log.info "No inactive servers found"
}
}
\ No newline at end of file
charts/artifactory-ha/v0.7.12/templates/artifactory-role.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
rules:
{{ toYaml .Values.rbac.role.rules }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-rolebinding.yaml 0 → 100644
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "artifactory-ha.serviceAccountName" . }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: {{ template "artifactory-ha.fullname" . }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-secrets.yaml 0 → 100644
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: Opaque
data:
{{- if not .Values.artifactory.masterKeySecretName }}
master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
{{- end }}
{{- if .Values.database.password }}
db-password: {{ .Values.database.password | b64enc | quote }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-service.yaml 0 → 100644
# Service for all Artifactory cluster nodes.
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
selector:
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
---
# Internal service for Artifactory primary node only!
# Used by member nodes to check readiness of primary node before starting up
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.artifactory.externalPortReplicator }}
targetPort: {{ .Values.artifactory.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end}}
selector:
role: {{ template "artifactory-ha.primary.name" . }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
charts/artifactory-ha/v0.7.12/templates/artifactory-serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.serviceAccountName" . }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/ingress.yaml 0 → 100644
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.ingress.annotations }}
annotations:
{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if .Values.ingress.defaultBackend.enabled }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.ingress.hosts }}
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/artifactory-ha/v0.7.12/templates/nginx-deployment.yaml 0 → 100644
{{- if .Values.nginx.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
spec:
replicas: {{ .Values.nginx.replicaCount }}
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
{{- if .Values.nginx.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- '/bin/sh'
- '-c'
- 'rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
name: nginx-volume
{{- end }}
- name: "wait-for-artifactory"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
until nc -z -w 2 {{ $serviceName }} {{ $servicePort }} && echo artifactory ok; do
sleep 2;
done;
securityContext:
runAsUser: {{ .Values.nginx.uid }}
fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}'
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.nginx.customConfigMap }}
cp -Lrf /tmp/nginx.conf /etc/nginx/nginx.conf;
{{- end }}
{{- if .Values.nginx.customArtifactoryConfigMap }}
cp -Lrf /tmp/conf.d/artifactory*.conf /etc/nginx/conf.d/artifactory.conf;
{{- else }}
if ! grep -q 'upstream' /etc/nginx/conf.d/artifactory.conf; then
sed -i -e 's,proxy_pass .*,proxy_pass http://{{ $serviceName }}:{{ $servicePort }}/artifactory/;,g' \
-e 's,server_name .*,server_name ~(?<repo>.+)\\.{{ $serviceName }} {{ $serviceName }};,g' \
/etc/nginx/conf.d/artifactory.conf;
fi;
{{- end }}
if [ -f /tmp/replicator-nginx.conf ]; then
cp -fv /tmp/replicator-nginx.conf /etc/nginx/conf.d/replicator-nginx.conf;
fi;
if [ -f /tmp/ssl/*.crt ]; then
rm -rf /var/opt/jfrog/nginx/ssl/example.*;
cp -fv /tmp/ssl/* /var/opt/jfrog/nginx/ssl;
fi;
until [ -f /etc/nginx/conf.d/artifactory.conf ]; do sleep 1; done;
sleep 5; nginx -s reload; touch /var/log/nginx/conf.done
env:
- name: ART_BASE_URL
{{- if .Values.nginx.env.artUrl }}
value: {{ .Values.nginx.env.artUrl }}
{{- else }}
value: 'http://{{ $serviceName }}:{{ $servicePort }}/artifactory'
{{- end }}
- name: SSL
value: "{{ .Values.nginx.env.ssl }}"
{{- if .Values.nginx.customArtifactoryConfigMap }}
- name: SKIP_AUTO_UPDATE_CONFIG
value: "true"
{{- else }}
- name: SKIP_AUTO_UPDATE_CONFIG
value: "{{ .Values.nginx.env.skipAutoConfigUpdate }}"
{{- end }}
ports:
- containerPort: {{ .Values.nginx.internalPortHttp }}
- containerPort: {{ .Values.nginx.internalPortHttps }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.nginx.internalPortReplicator }}
{{- end }}
volumeMounts:
- name: nginx-volume
mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-nginx-config
mountPath: "/tmp/replicator-nginx.conf"
subPath: replicator-nginx.conf
{{- end }}
{{- if .Values.nginx.tlsSecretName }}
- name: ssl-secret-volume
mountPath: "/tmp/ssl"
{{- end }}
{{- if .Values.nginx.customConfigMap }}
- name: nginx-config
mountPath: "/tmp/"
{{- end }}
{{- if .Values.nginx.customArtifactoryConfigMap }}
- name: artifactory-nginx-config
mountPath: "/tmp/conf.d"
{{- end }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- if .Values.nginx.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 80
initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.nginx.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 80
initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.nginx.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-nginx-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-nginx-config
{{- end}}
{{- if .Values.nginx.customConfigMap }}
- name: nginx-config
configMap:
name: {{ .Values.nginx.customConfigMap }}
{{- end }}
{{- if .Values.nginx.customArtifactoryConfigMap }}
- name: artifactory-nginx-config
configMap:
name: {{ .Values.nginx.customArtifactoryConfigMap }}
{{- end}}
- name: nginx-volume
{{- if .Values.nginx.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.nginx.tlsSecretName }}
- name: ssl-secret-volume
secret:
secretName: {{ .Values.nginx.tlsSecretName }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/nginx-pvc.yaml 0 → 100755
{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }}
{{- if (not .Values.nginx.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.nginx.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.nginx.persistence.size | quote }}
{{- if .Values.nginx.persistence.storageClass }}
{{- if (eq "-" .Values.nginx.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nginx.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/nginx-replicator-conf.yaml 0 → 100644
{{- if .Values.artifactory.replicator.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-replicator-nginx-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
replicator-nginx.conf: |
## Artifactory replicator
server {
listen {{ .Values.nginx.externalPortReplicator }};
server_name {{ include "artifactory-ha.fullname" . }};
client_max_body_size 0;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_pass http://{{ include "artifactory-ha.primary.name" . }}:{{ .Values.nginx.internalPortReplicator }};
proxy_http_version 1.1;
}
}
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v0.7.12/templates/nginx-service.yaml 0 → 100644
{{- if .Values.nginx.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
{{- if .Values.nginx.service.annotations }}
annotations:
{{ toYaml .Values.nginx.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.nginx.service.type }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}}
loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}
{{ end -}}
{{- if .Values.nginx.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }}
{{- end }}
{{- end }}
{{- if .Values.nginx.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.nginx.externalPortReplicator }}
targetPort: {{ .Values.nginx.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end }}
- port: {{ .Values.nginx.externalPortHttp }}
targetPort: {{ .Values.nginx.internalPortHttp }}
protocol: TCP
name: http
- port: {{ .Values.nginx.externalPortHttps }}
targetPort: {{ .Values.nginx.internalPortHttps }}
protocol: TCP
name: https
selector:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/replicator-configmap.yaml 0 → 100644
{{- if .Values.artifactory.replicator.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
replicator.yaml: |-
externalUrl: {{ .Values.artifactory.replicator.publicUrl }}
internalUrl: http://localhost:6061
listenPort: 6061
{{- end -}}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment