Skip to content

GitLab

Commit 6ae841fa authored by Joe Mayer's avatar Joe Mayer
Browse files
Options

Initial commit

parents
Hide whitespace changes
Inline Side-by-side
Showing with 7865 additions and 0 deletions

Too many changes to show.

To preserve performance only 532 of 532+ files are displayed.
Plain diff Email patch
charts/artifactory-ha/v0.4.4/templates/_helpers.tpl 0 → 100644
View file @ 6ae841fa
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "artifactory-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The primary node name
*/}}
{{- define "artifactory-ha.primary.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The member node name
*/}}
{{- define "artifactory-ha.node.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name nginx service.
*/}}
{{- define "artifactory-ha.nginx.name" -}}
{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.nginx.fullname" -}}
{{- if .Values.nginx.fullnameOverride -}}
{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nginx.name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "artifactory-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "artifactory-ha.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v0.4.4/templates/artifactory-binarystore.yaml 0 → 100644
View file @ 6ae841fa
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-bs
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
binarystore.xml: |-
{{- if eq .Values.artifactory.persistence.type "file-system" }}
<!-- File system replication -->
<config version="2">
<chain>
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<lenientLimit>2</lenientLimit>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="state-aware" type="state-aware"/>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</provider>
</chain>
<!-- Shards add local file-system provider configuration -->
<provider id="state-aware" type="state-aware">
<fileStoreDir>shard-fs-1</fileStoreDir>
<zone>local</zone>
</provider>
<!-- Shards dynamic remote provider configuration -->
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<serviceId>tester-remote1</serviceId>
<timeout>10000</timeout>
<zone>remote</zone>
<property name="header.remote.block" value="true"/>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "google-storage" }}
<!-- Google storage -->
<config version="2">
<chain>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry" type="retry">
<provider id="google-storage" type="google-storage"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>50000000000</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="file-system" type="file-system">
<fileStoreDir>{{ .Values.artifactory.persistence.mountPath }}/data/filestore</fileStoreDir>
<tempDir>/tmp</tempDir>
</provider>
<provider id="google-storage" type="google-storage">
<providerId>google-cloud-storage</providerId>
<endpoint>commondatastorage.googleapis.com</endpoint>
<httpsOnly>false</httpsOnly>
<bucketName>{{ .Values.artifactory.persistence.googleStorage.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.googleStorage.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.googleStorage.credential }}</credential>
<path>{{ .Values.artifactory.persistence.googleStorage.path }}</path>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "aws-s3" }}
<!-- AWS S3 -->
<config version="2">
<chain>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry" type="retry">
<provider id="s3" type="s3"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>50000000000</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="file-system" type="file-system">
<fileStoreDir>{{ .Values.artifactory.persistence.mountPath }}/data/filestore</fileStoreDir>
<tempDir>/tmp</tempDir>
</provider>
<provider id="s3" type="s3">
<endpoint>s3.amazonaws.com</endpoint>
<refreshCredentials>true</refreshCredentials>
<testConnection>false</testConnection>
<httpsOnly>true</httpsOnly>
<region>{{ .Values.artifactory.persistence.awsS3.region }}</region>
<bucketName>{{ .Values.artifactory.persistence.awsS3.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.awsS3.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.awsS3.credential }}</credential>
<path>{{ .Values.artifactory.persistence.awsS3.path }}</path>
</provider>
</config>
{{- end }}
charts/artifactory-ha/v0.4.4/templates/artifactory-nfs-pvc.yaml 0 → 100644
View file @ 6ae841fa
{{- if eq .Values.artifactory.persistence.type "nfs" }}
### Artifactory HA data
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-data-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-data-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
---
### Artifactory HA backup
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-backup-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-backup-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v0.4.4/templates/artifactory-node-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.node.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceName: {{ template "artifactory-ha.node.name" . }}
replicas: {{ .Values.artifactory.node.replicaCount }}
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- end }}
sleep 2;
done;
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{.Values.postgresql.postgresUser }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgres-password
{{- else }}
- name: DB_TYPE
value: '{{ .Values.database.type }}'
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: "
{{- if .Values.artifactory.javaOpts.other }}
{{ .Values.artifactory.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.other }}
{{ .Values.artifactory.node.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.xms }}
-Xms{{ .Values.artifactory.node.javaOpts.xms }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.xmx }}
-Xmx{{ .Values.artifactory.node.javaOpts.xmx }}
{{- end}}
{{- if .Values.artifactory.replicator.enabled }}
-Dartifactory.releasebundle.feature.enabled=true
{{- end }}
"
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: master-key
- name: HA_IS_PRIMARY
value: "false"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ART_PRIMARY_BASE_URL
value: 'http://{{ template "artifactory-ha.primary.name" . }}:8081/artifactory'
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
{{- end }}
resources:
{{ toYaml .Values.artifactory.node.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.artifactory.node.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.artifactory.node.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.artifactory.node.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir: {}
{{- else }}
{{- if .Values.artifactory.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: volume
spec:
{{- if .Values.artifactory.node.persistence.existingClaim }}
selector:
matchLabels:
app: artifactory-ha-member
{{- else }}
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/artifactory-plugin-inactiveservercleaner.yaml 0 → 100644
View file @ 6ae841fa
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-isc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
inactiveServerCleaner.groovy: |-
import org.artifactory.state.ArtifactoryServerState
import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService
import org.artifactory.common.ConstantValues
import org.slf4j.Logger
import java.util.concurrent.TimeUnit
jobs {
clean(interval: 90000, delay: 900000) {
runCleanupHAInactiveServers()
}
}
executions {
cleanHAInactiveServers() { params ->
runCleanupHAInactiveServers()
}
}
def runCleanupHAInactiveServers() {
def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService)
def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log)
artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers()
}
public class ArtifactoryInactiveServersCleaner {
private ArtifactoryServersCommonService artifactoryServersCommonService
private Logger log
ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) {
this.artifactoryServersCommonService = artifactoryServersCommonService
this.log = log
}
def cleanInactiveArtifactoryServers() {
log.info "Executing inactive artifactory servers cleaner plugin"
List<String> allMembers = artifactoryServersCommonService.getAllArtifactoryServers()
for (member in allMembers) {
def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat())
def noHeartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt()
if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || ( noHeartbeat && member.getServerState() != ArtifactoryServerState.CONVERTING && member.getServerState() != ArtifactoryServerState.STARTING )) {
try {
log.info "Inactive artifactory servers cleaning task found server ${member.serverId} to remove"
artifactoryServersCommonService.removeServer(member.serverId)
}catch (Exception e){
log.error "Error: Not able to remove ${member.serverId}, ${e.message}"
}
}
}
log.info "No inactive servers found"
}
}
\ No newline at end of file
charts/artifactory-ha/v0.4.4/templates/artifactory-primary-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceName: {{ template "artifactory-ha.primary.name" . }}
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- end }}
sleep 2;
done;
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.configMapName }}
cp -Lrfv /bootstrap/* /artifactory_extra_conf/
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{ .Values.postgresql.postgresUser }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgres-password
{{- else }}
- name: DB_TYPE
value: '{{ .Values.database.type }}'
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: "
{{- if .Values.artifactory.javaOpts.other }}
{{ .Values.artifactory.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.other }}
{{ .Values.artifactory.primary.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.xms }}
-Xms{{ .Values.artifactory.primary.javaOpts.xms }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.xmx }}
-Xmx{{ .Values.artifactory.primary.javaOpts.xmx }}
{{- end}}
{{- if .Values.artifactory.replicator.enabled }}
-Dartifactory.releasebundle.feature.enabled=true
{{- end }}
"
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: master-key
- name: HA_IS_PRIMARY
value: "true"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.artifactory.internalPortReplicator }}
{{- end }}
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
- name: artifactory-inactiveservercleaner
mountPath: "/tmp/plugins/inactiveServerCleaner.groovy"
subPath: inactiveServerCleaner.groovy
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
{{- if .Values.artifactory.license.secret }}
- name: artifactory-license
mountPath: "/artifactory_extra_conf/artifactory.cluster.license"
subPath: {{ .Values.artifactory.license.dataKey }}
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
{{- end }}
resources:
{{ toYaml .Values.artifactory.primary.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.artifactory.primary.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.artifactory.primary.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.artifactory.primary.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
configMap:
name: {{ .Values.artifactory.configMapName }}
{{- end}}
- name: artifactory-inactiveservercleaner
configMap:
name: {{ template "artifactory-ha.fullname" . }}-isc
{{- if .Values.artifactory.license.secret }}
- name: artifactory-license
secret:
secretName: {{ .Values.artifactory.license.secret }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir: {}
{{- else }}
{{- if .Values.artifactory.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: volume
spec:
{{- if .Values.artifactory.primary.persistence.existingClaim }}
selector:
matchLabels:
app: artifactory-ha-primary
{{- else }}
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/artifactory-role.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
rules:
{{ toYaml .Values.rbac.role.rules }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/artifactory-rolebinding.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "artifactory-ha.serviceAccountName" . }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: {{ template "artifactory-ha.fullname" . }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/artifactory-secrets.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: Opaque
data:
master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
{{- if .Values.database.password }}
db-password: {{ .Values.database.password | b64enc | quote }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/artifactory-service.yaml 0 → 100644
View file @ 6ae841fa
# Service for all Artifactory cluster nodes.
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
selector:
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
---
# Internal service for Artifactory primary node only!
# Used by member nodes to check readiness of primary node before starting up
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.artifactory.externalPortReplicator }}
targetPort: {{ .Values.artifactory.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end}}
selector:
role: {{ template "artifactory-ha.primary.name" . }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
charts/artifactory-ha/v0.4.4/templates/artifactory-serviceaccount.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.serviceAccountName" . }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/ingress.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- if .Values.ingress.hosts }}
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host }}
http:
paths:
- path:
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/artifactory-ha/v0.4.4/templates/nginx-deployment.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.nginx.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
spec:
replicas: {{ .Values.nginx.replicaCount }}
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
{{- if .Values.nginx.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- '/bin/sh'
- '-c'
- 'rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
name: nginx-volume
{{- end }}
- name: "wait-for-artifactory"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
until nc -z -w 2 {{ $serviceName }} {{ $servicePort }} && echo artifactory ok; do
sleep 2;
done;
securityContext:
runAsUser: {{ .Values.nginx.uid }}
fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}'
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.nginx.customConfigMap }}
cp -Lrf /tmp/nginx.conf /etc/nginx/nginx.conf;
{{- end }}
if [ -f /tmp/replicator-nginx.conf ]; then
cp -fv /tmp/replicator-nginx.conf /etc/nginx/conf.d/replicator-nginx.conf;
fi;
if [ -f /tmp/ssl/*.crt ]; then
rm -rf /var/opt/jfrog/nginx/ssl/example.*;
cp -fv /tmp/ssl/* /var/opt/jfrog/nginx/ssl;
fi;
until [ -f /etc/nginx/conf.d/artifactory.conf ]; do sleep 1; done;
if ! grep -q 'upstream' /etc/nginx/conf.d/artifactory.conf; then
sed -i -e 's,proxy_pass .*,proxy_pass http://{{ $serviceName }}:{{ $servicePort }}/artifactory/;,g' \
-e 's,server_name .*,server_name ~(?<repo>.+)\\.{{ $serviceName }} {{ $serviceName }};,g' \
/etc/nginx/conf.d/artifactory.conf;
fi;
if ! grep -q 'proxy_http_version' /etc/nginx/conf.d/artifactory.conf; then
sed -i 's,\(proxy_next_upstream .*\),proxy_http_version 1.1;\n \1,g' /etc/nginx/conf.d/artifactory.conf;
fi;
sleep 5; nginx -s reload; touch /var/log/nginx/conf.done
env:
- name: ART_BASE_URL
{{- if .Values.nginx.env.artUrl }}
value: {{ .Values.nginx.env.artUrl }}
{{- else }}
value: 'http://{{ $serviceName }}:{{ $servicePort }}/artifactory'
{{- end }}
- name: SSL
value: "{{ .Values.nginx.env.ssl }}"
- name: SKIP_AUTO_UPDATE_CONFIG
value: "{{ .Values.nginx.env.skipAutoConfigUpdate }}"
ports:
- containerPort: {{ .Values.nginx.internalPortHttp }}
- containerPort: {{ .Values.nginx.internalPortHttps }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.nginx.internalPortReplicator }}
{{- end }}
volumeMounts:
- name: nginx-volume
mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-nginx-config
mountPath: "/tmp/replicator-nginx.conf"
subPath: replicator-nginx.conf
{{- end }}
{{- if .Values.nginx.tlsSecretName }}
- name: ssl-secret-volume
mountPath: "/tmp/ssl"
{{- end }}
{{- if .Values.nginx.customConfigMap }}
- name: nginx-config
mountPath: "/tmp/"
{{- end }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- if .Values.nginx.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 80
initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.nginx.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 80
initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.nginx.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-nginx-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-nginx-config
{{- end}}
{{- if .Values.nginx.customConfigMap }}
- name: nginx-config
configMap:
name: {{ .Values.nginx.customConfigMap }}
{{- end }}
- name: nginx-volume
{{- if .Values.nginx.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.nginx.tlsSecretName }}
- name: ssl-secret-volume
secret:
secretName: {{ .Values.nginx.tlsSecretName }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/nginx-pvc.yaml 0 → 100644
View file @ 6ae841fa
{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }}
{{- if (not .Values.nginx.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.nginx.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.nginx.persistence.size | quote }}
{{- if .Values.nginx.persistence.storageClass }}
{{- if (eq "-" .Values.nginx.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nginx.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/nginx-replicator-conf.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.artifactory.replicator.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-replicator-nginx-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
replicator-nginx.conf: |
## Artifactory replicator
server {
listen {{ .Values.nginx.externalPortReplicator }};
server_name {{ include "artifactory-ha.fullname" . }};
client_max_body_size 0;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_pass http://{{ include "artifactory-ha.primary.name" . }}:{{ .Values.nginx.internalPortReplicator }};
proxy_http_version 1.1;
}
}
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v0.4.4/templates/nginx-service.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.nginx.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
{{- if .Values.nginx.service.annotations }}
annotations:
{{ toYaml .Values.nginx.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.nginx.service.type }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}}
loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}
{{ end -}}
externalTrafficPolicy: Local
{{- end }}
{{- if .Values.nginx.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.nginx.externalPortReplicator }}
targetPort: {{ .Values.nginx.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end }}
- port: {{ .Values.nginx.externalPortHttp }}
targetPort: {{ .Values.nginx.internalPortHttp }}
protocol: TCP
name: http
- port: {{ .Values.nginx.externalPortHttps }}
targetPort: {{ .Values.nginx.internalPortHttps }}
protocol: TCP
name: https
selector:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
{{- end }}
charts/artifactory-ha/v0.4.4/templates/replicator-configmap.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.artifactory.replicator.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
replicator.yaml: |-
externalUrl: {{ .Values.artifactory.replicator.publicUrl }}
internalUrl: http://localhost:6061
listenPort: 6061
{{- end -}}
charts/artifactory-ha/v0.4.4/values.yaml 0 → 100644
View file @ 6ae841fa
# Default values for artifactory-ha.
# This is a YAML-formatted file.
# Beware when changing values here. You should know what you are doing!
# Access the values with {{ .Values.key.subkey }}
# Common
initContainerImage: "alpine:3.6"
# For supporting pulling from private registries
imagePullSecrets:
## Role Based Access Control
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
rbac:
create: true
role:
## Rules to create. It follows the role specification
rules:
- apiGroups:
- ''
resources:
- services
- endpoints
- pods
verbs:
- get
- watch
- list
## Service Account
## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/
##
serviceAccount:
create: true
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fullname template
name:
ingress:
enabled: false
# Used to create an Ingress record.
hosts:
# - artifactory.domain.example
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - artifactory.domain.example
# Database
## Configuration values for the postgresql dependency
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
##
postgresql:
enabled: true
postgresDatabase: "artifactory"
postgresUser: "artifactory"
postgresPassword:
postgresConfig:
maxConnections: "1500"
service:
port: 5432
persistence:
enabled: true
size: 50Gi
resources: {}
# requests:
# memory: "512Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "500m"
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## you must specify the following database details
database:
type:
host:
port:
user:
password:
# Artifactory
artifactory:
name: artifactory-ha
image:
repository: "docker.bintray.io/jfrog/artifactory-pro"
# Note that by default we use appVersion to get image tag
# version: 6.3.2
pullPolicy: IfNotPresent
## Artifactory requires a unique master key
## You can generate one with the command:
## 'openssl rand -hex 32'
## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}'
## IMPORTANT: You should NOT use the example masterKey for a production deployment!
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
## Artifactory license secret.
## If artifactory.license.secret is passed, it will be mounted as
## ARTIFACTORY_HOME/etc/artifactory.cluster.license and loaded at run time.
## The dataKey should be the name of the secret data key created.
license:
secret:
dataKey:
## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter
configMapName:
## Extra postStart command to install JDBC driver for MySql/MariaDb/Oracle
# postStartCommand: "curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar && chown 1030:1030 /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar"
membershipPort: 10017
externalPort: 8081
internalPort: 8081
internalPortReplicator: 6061
externalPortReplicator: 6061
uid: 1030
## The following settings are to configure the frequency of the liveness and readiness probes
livenessProbe:
enabled: true
initialDelaySeconds: 180
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
persistence:
enabled: true
# local: false
redundancy: 3
mountPath: "/var/opt/jfrog/artifactory"
accessMode: ReadWriteOnce
size: 200Gi
## artifactory data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config
## Supported types are:
## file-system (default)
## nfs
## google-storage
## aws-s3
type: file-system
## For artifactory.persistence.type nfs
## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes
## cluster nodes.
## Need to have the following set
nfs:
# Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}'
ip:
haDataMount: "/data"
haBackupMount: "/backup"
dataDir: "/var/opt/jfrog/artifactory-ha"
backupDir: "/var/opt/jfrog/artifactory-backup"
capacity: 200Gi
## For artifactory.persistence.type google-storage
googleStorage:
# Set a unique bucket name
bucketName: "artifactory-ha-gcp"
identity:
credential:
path: "artifactory-ha/filestore"
## For artifactory.persistence.type aws-s3
awsS3:
# Set a unique bucket name
bucketName: "artifactory-ha-aws"
region:
identity:
credential:
path: "artifactory-ha/filestore"
service:
name: artifactory
type: ClusterIP
## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them)
## Supported pool values
## members
## all
pool: members
## The following Java options are passed to the java process running Artifactory.
## This will be passed to all cluster members. Primary and member nodes.
javaOpts:
other: "-Dartifactory.locking.provider.type=db"
## Artifactory Replicator is available only for Enterprise Plus
replicator:
enabled: false
publicUrl:
# Name of ConfigMap for Distribution Cert
distributionCerts:
## Type specific configurations.
## There is a difference between the primary and the member nodes.
## Customising their resources and java parameters is done here.
primary:
name: artifactory-ha-primary
persistence:
## Set existingClaim to true or false
## If true, you must prepare a PVC with the name e.g `artifactory-ha-primary`
existingClaim: false
## Resources for the primary node
resources: {}
# requests:
# memory: "1Gi"
# cpu: "500m"
# limits:
# memory: "2Gi"
# cpu: "1"
## The following Java options are passed to the java process running Artifactory primary node.
## You should set them according to the resources set above
javaOpts: {}
# xms: "1g"
# xmx: "2g"
# other:
nodeSelector: {}
tolerations: []
affinity: {}
node:
name: artifactory-ha-member
persistence:
## Set existingClaim to true or false
## If true, you must prepare a PVC with the name e.g `artifactory-ha-member`
existingClaim: false
replicaCount: 2
## Resources for the member nodes
resources: {}
# requests:
# memory: "1Gi"
# cpu: "500m"
# limits:
# memory: "2Gi"
# cpu: "1"
## The following Java options are passed to the java process running Artifactory member nodes.
## You should set them according to the resources set above
javaOpts: {}
# xms: "1g"
# xmx: "2g"
# other:
nodeSelector: {}
tolerations: []
affinity: {}
# Nginx
nginx:
enabled: true
name: nginx
replicaCount: 1
uid: 104
gid: 107
image:
repository: "docker.bintray.io/jfrog/nginx-artifactory-pro"
# Note that by default we use appVersion to get image tag
# version: 6.3.2
pullPolicy: IfNotPresent
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer
## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
## or pass from helm command line
## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}'
loadBalancerSourceRanges: []
## Provide static ip address
loadBalancerIP:
externalPortHttp: 80
internalPortHttp: 80
externalPortHttps: 443
internalPortHttps: 443
internalPortReplicator: 6061
externalPortReplicator: 6061
## The following settings are to configure the frequency of the liveness and readiness probes
livenessProbe:
enabled: true
initialDelaySeconds: 100
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
## The SSL secret that will be used by the Nginx pod
# tlsSecretName: chart-example-tls
env:
ssl: true
# artUrl: "http://artifactory:8081/artifactory"
skipAutoConfigUpdate: false
## Custom ConfigMap for nginx.conf
customConfigMap:
persistence:
mountPath: "/var/opt/jfrog/nginx"
enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
accessMode: ReadWriteOnce
size: 5Gi
## nginx data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
resources: {}
# requests:
# memory: "250Mi"
# cpu: "100m"
# limits:
# memory: "250Mi"
# cpu: "500m"
nodeSelector: {}
tolerations: []
affinity: {}
charts/artifactory-ha/v0.7.0/.helmignore 0 → 100644
View file @ 6ae841fa
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
OWNERS
\ No newline at end of file
charts/artifactory-ha/v0.7.0/CHANGELOG.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file.
## [0.7.0] - Oct 28, 2018
* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options
## [0.6.9] - Oct 23, 2018
* Fix providing external secret for database credentials
## [0.6.8] - Oct 22, 2018
* Allow user to configure externalTrafficPolicy for Loadbalancer
## [0.6.7] - Oct 22, 2018
* Updated ingress annotation support (with examples) to support docker registry v2
## [0.6.6] - Oct 21, 2018
* Updated Artifactory version to 6.5.2
## [0.6.5] - Oct 19, 2018
* Allow providing pre-existing secret containing master key
* Allow arbitrary annotations on primary and member node pods
* Enforce size limits when using local storage with `emptyDir`
* Allow `soft` or `hard` specification of member node anti-affinity
* Allow providing pre-existing secrets containing external database credentials
* Fix `s3` binary store provider to properly use the `cache-fs` provider
* Allow arbitrary properties when using the `s3` binary store provider
## [0.6.4] - Oct 18, 2018
* Updated Artifactory version to 6.5.1
## [0.6.3] - Oct 17, 2018
* Add Apache 2.0 license
## [0.6.2] - Oct 14, 2018
* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`)
## [0.6.1] - Oct 11, 2018
* Allows ingress default `backend` to be enabled or disabled (defaults to enabled)
## [0.6.0] - Oct 11, 2018
* Updated Artifactory version to 6.5.0
## [0.5.3] - Oct 9, 2018
* Quote ingress hosts to support wildcard names
## [0.5.2] - Oct 2, 2018
* Add `helm repo add jfrog https://charts.jfrog.io` to README
## [0.5.1] - Oct 2, 2018
* Set Artifactory to 6.4.1
## [0.5.0] - Sep 27, 2018
* Set Artifactory to 6.4.0
## [0.4.7] - Sep 26, 2018
* Add ci/test-values.yaml
## [0.4.6] - Sep 25, 2018
* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1
## [0.4.4] - Sep 2, 2018
* Updated Artifactory version to 6.3.2
## [0.4.0] - Aug 22, 2018
* Added support to run as non root
* Updated Artifactory version to 6.2.0
## [0.3.0] - Aug 22, 2018
* Enabled RBAC Support
* Added support for PostStartCommand (To download Database JDBC connector)
* Increased postgresql max_connections
* Added support for `nginx.conf` ConfigMap
* Updated Artifactory version to 6.1.0
charts/artifactory-ha/v0.7.0/Chart.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
name: artifactory-ha
home: https://www.jfrog.com/artifactory/
version: 0.7.0
appVersion: 6.5.2
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
keywords:
- artifactory
- jfrog
- devops
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
maintainers:
- name: jainishshah17
email: jainishs@jfrog.com
- name: eldada
email: eldada@jfrog.com
- name: rimusz
email: rimasm@jfrog.com
icon: https://raw.githubusercontent.com/jfrog/artifactory-dcos/master/images/jfrog_med.png
charts/artifactory-ha/v0.7.0/LICENSE 0 → 100644
View file @ 6ae841fa
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
charts/artifactory-ha/v0.7.0/OWNERS 0 → 100644
View file @ 6ae841fa
approvers:
- jainishshah17
- eldada
- rimusz
reviewers:
- jainishshah17
- eldada
- rimusz
\ No newline at end of file
charts/artifactory-ha/v0.7.0/README.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory High Availability Helm Chart
## Prerequisites Details
* Kubernetes 1.8+
* Artifactory HA license
## Chart Details
This chart will do the following:
* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes.
* Deploy a PostgreSQL database
* Deploy an Nginx server
## Artifactory HA architecture
The Artifactory HA cluster in this chart is made up of
- A single primary node
- Two member nodes, which can be resized at will
Load balancing is done to the member nodes only.
This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic.
> This can be controlled by the parameter `artifactory.service.pool`.
## Installing the Chart
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
To install the chart with the release name `artifactory-ha`:
```bash
helm install --name artifactory-ha jfrog/artifactory-ha
```
### Deploying Artifactory with replicator enabled
```bash
## Artifactory replicator is disabled by default. To enable it use the following:
helm install --name artifactory --set artifactory.replicator.enabled=true jfrog/artifactory-ha
```
### Accessing Artifactory
**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup.
Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it.
### Updating Artifactory
Once you have a new chart version, you can update your deployment with
```bash
helm upgrade artifactory-ha jfrog/artifactory-ha
```
This will apply any configuration changes on your existing deployment.
### Artifactory memory and CPU resources
The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out.
It is **highly** recommended to set these so you have full control of the allocated resources and limits.
See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware).
```bash
# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory)
helm install --name artifactory-ha \
--set artifactory.primary.resources.requests.cpu="500m" \
--set artifactory.primary.resources.limits.cpu="2" \
--set artifactory.primary.resources.requests.memory="1Gi" \
--set artifactory.primary.resources.limits.memory="4Gi" \
--set artifactory.primary.javaOpts.xms="1g" \
--set artifactory.primary.javaOpts.xmx="4g" \
--set artifactory.node.resources.requests.cpu="500m" \
--set artifactory.node.resources.limits.cpu="2" \
--set artifactory.node.resources.requests.memory="1Gi" \
--set artifactory.node.resources.limits.memory="4Gi" \
--set artifactory.node.javaOpts.xms="1g" \
--set artifactory.node.javaOpts.xmx="4g" \
--set postgresql.resources.requests.cpu="200m" \
--set postgresql.resources.limits.cpu="1" \
--set postgresql.resources.requests.memory="500Mi" \
--set postgresql.resources.limits.memory="1Gi" \
--set nginx.resources.requests.cpu="100m" \
--set nginx.resources.limits.cpu="250m" \
--set nginx.resources.requests.memory="250Mi" \
--set nginx.resources.limits.memory="500Mi" \
jfrog/artifactory-ha
```
> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`.
Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/).
### Create Distribution Certificates for Artifactory Enterprise Plus
```bash
# Create private.key and root.crt
openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out root.crt
```
Once Created, Use it to create ConfigMap
```bash
# Create ConfigMap distribution-certs
kubectl create configmap distribution-certs --from-file=private.key=private.key --from-file=root.crt=root.crt
```
Pass it to `helm`
```bash
helm install --name artifactory --set artifactory.distributionCerts=distribution-certs jfrog/artifactory-ha
```
### Artifactory storage
Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration)
In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings.
The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes.
> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter.
This is used to set how many replicas of a binary should be stored in the cluster's nodes.
Once this value is set on initial deployment, you can not update it using helm.
It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number.
#### NFS
To use an NFS server as your cluster's storage, you need to
- Setup an NFS server. Get its IP as `NFS_IP`
- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all
- Pass NFS parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=nfs \
--set artifactory.persistence.nfs.ip=${NFS_IP} \
...
```
#### Google Storage
To use a Google Storage bucket as the cluster's filestore
- Pass Google Storage parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
...
```
#### AWS S3
To use an AWS S3 bucket as the cluster's filestore
- Pass AWS S3 parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \
--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \
...
```
**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html)
### Create a unique Master Key
Artifactory HA cluster requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`).
**This key is for demo purpose and should not be used in a production environment!**
You should generate a unique one and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Pass the created master key to helm
helm install --name artifactory-ha --set artifactory.masterKey=${MASTER_KEY} jfrog/artifactory-ha
```
Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY}
# Pass the created secret to helm
helm install --name artifactory-ha --set artifactory.masterKeySecretName=my-secret jfrog/artifactory-ha
```
**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
### Install Artifactory HA license
For activating Artifactory HA, you must install an appropriate license. There are two ways to manage the license. **Artifactory UI** or a **Kubernetes Secret**.
The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** is for advanced users and is better suited for automation.
**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster!
##### Artifactory UI
Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details
##### Kubernetes Secret
You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/).
Prepare a text file with the license(s) written in it. If writing multiple licenses, it's important to put **two new lines between each license block**!
```bash
# Create the Kubernetes secret (assuming the local license file is 'art.lic')
kubectl create secret generic artifactory-cluster-license --from-file=./art.lic
# Pass the license to helm
helm install --name artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic jfrog/artifactory-ha
```
**NOTE:** You have to keep passing the license secret parameters as `--set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic` on all future calls to `helm install` and `helm upgrade`!
### Bootstrapping Artifactory
**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section.
* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration)
* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration)
Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below:
```
apiVersion: v1
kind: ConfigMap
metadata:
name: my-release-bootstrap-config
data:
artifactory.config.import.xml: |
<config contents>
security.import.xml: |
<config contents>
```
Create configMap in Kubernetes:
```bash
kubectl apply -f bootstrap-config.yaml
```
#### Pass the configMap to helm
```bash
helm install --name artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config jfrog/artifactory-ha
```
### Use custom nginx.conf with Nginx
Steps to create configMap with nginx.conf
* Create `nginx.conf` file.
```bash
kubectl create configmap nginx-config --from-file=nginx.conf
```
* Pass configMap to helm install
```bash
helm install --name artifactory-ha --set nginx.customConfigMap=nginx-config jfrog/artifactory-ha
```
### Scaling your Artifactory cluster
A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it.
##### Before scaling
**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart).
Get the current database password
```bash
export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgres-password}" | base64 --decode)
```
Use `--set postgresql.postgresPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster!
##### Scale up
Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes).
```bash
# Scale to 4 nodes (1 primary and 3 member nodes)
helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresPassword=${DB_PASSWORD} jfrog/artifactory-ha
```
##### Scale down
Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node.
```bash
# Scale down to 2 member nodes
helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresPassword=${DB_PASSWORD} jfrog/artifactory-ha
```
- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it
```bash
# List PVCs
kubectl get pvc
# Remove the PVC with highest ordinal!
# In this example, the highest node ordinal was 2, so need to remove its storage.
kubectl delete pvc volume-artifactory-node-2
```
### Use an external Database
There are cases where you will want to use a different database and not the enclosed **PostgreSQL**.
See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database)
> The official Artifactory Docker images include the PostgreSQL database driver.
> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib
This can be done with the following parameters
```bash
# Make sure your Artifactory Docker image has the MySQL database driver in it
...
--set postgresql.enabled=false \
--set artifactory.postStartCommand="curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar && chown 1030:1030 /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar" \
--set database.type=mysql \
--set database.host=${DB_HOST} \
--set database.port=${DB_PORT} \
--set database.user=${DB_USER} \
--set database.password=${DB_PASSWORD} \
...
```
**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`:
```bash
# Create a secret containing the database credentials
kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD}
...
--set postgresql.enabled=false \
--set database.secrets.user.name=my-secret \
--set database.secrets.user.key=user \
--set database.secrets.password.name=my-secret \
--set database.secrets.password.key=password \
...
```
### Deleting Artifactory
To delete the Artifactory HA cluster
```bash
helm delete --purge artifactory-ha
```
This will completely delete your Artifactory HA cluster.
**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them
```bash
kubectl delete pvc -l release=artifactory-ha
```
See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/)
### Custom Docker registry for your images
If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a
[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm
```bash
# Create a Docker registry secret called 'regsecret'
kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL}
```
Once created, you pass it to `helm`
```bash
helm install --name artifactory-ha --set imagePullSecrets=regsecret jfrog/artifactory-ha
```
## Configuration
The following table lists the configurable parameters of the artifactory chart and their default values.
| Parameter | Description | Default |
|------------------------------|-----------------------------------|-------------------------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `artifactory.name` | Artifactory name | `artifactory` |
| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` |
| `artifactory.image.version` | Container image tag | `.Chart.AppVersion` |
| `artifactory.masterKey` | Artifactory Master Key. Can be generated with `openssl rand -hex 32` |`FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`|
| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | |
| `artifactory.license.secret` | Artifactory license secret name | |
| `artifactory.license.dataKey`| Artifactory license secret data key | |
| `artifactory.service.name` | Artifactory service name to be set in Nginx configuration | `artifactory` |
| `artifactory.service.type` | Artifactory service type | `ClusterIP` |
| `artifactory.service.pool` | Artifactory instances to be in the load balancing pool. `members` or `all` | `members` |
| `artifactory.externalPort` | Artifactory service external port | `8081` |
| `artifactory.internalPort` | Artifactory service internal port | `8081` |
| `artifactory.internalPortReplicator` | Replicator service internal port | `6061` |
| `artifactory.externalPortReplicator` | Replicator service external port | `6061` |
| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` |
| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` |
| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` |
| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` |
| `artifactory.persistence.size` | Artifactory persistence or local volume size | `200Gi` |
| `artifactory.persistence.maxCacheSize` | Artifactory cache-fs provider maxCacheSize in bytes | `50000000000` |
| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` |
| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` |
| `artifactory.persistence.nfs.ip` | NFS server IP | |
| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` |
| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` |
| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory-ha` |
| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` |
| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` |
| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory-ha` |
| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | |
| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | |
| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory-ha/filestore` |
| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-ha` |
| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory-ha/filestore` |
| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` |
| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.javaOpts.other` | Artifactory extra java options (for all nodes) | `-Dartifactory.locking.provider.type=db` |
| `artifactory.replicator.enabled` | Enable Artifactory Replicator | `false` |
| `artifactory.distributionCerts` | Name of ConfigMap for Artifactory Distribution Certificate | |
| `artifactory.replicator.publicUrl` | Artifactory Replicator Public URL | |
| `artifactory.primary.resources.requests.memory` | Artifactory primary node initial memory request | |
| `artifactory.primary.resources.requests.cpu` | Artifactory primary node initial cpu request | |
| `artifactory.primary.resources.limits.memory` | Artifactory primary node memory limit | |
| `artifactory.primary.resources.limits.cpu` | Artifactory primary node cpu limit | |
| `artifactory.primary.javaOpts.xms` | Artifactory primary node java Xms size | |
| `artifactory.primary.javaOpts.xmx` | Artifactory primary node java Xms size | |
| `artifactory.primary.javaOpts.other` | Artifactory primary node additional java options | |
| `artifactory.node.replicaCount` | Artifactory member node replica count | `2` |
| `artifactory.node.minAvailable` | Artifactory member node min available count | `1` |
| `artifactory.node.resources.requests.memory` | Artifactory member node initial memory request | |
| `artifactory.node.resources.requests.cpu` | Artifactory member node initial cpu request | |
| `artifactory.node.resources.limits.memory` | Artifactory member node memory limit | |
| `artifactory.node.resources.limits.cpu` | Artifactory member node cpu limit | |
| `artifactory.node.javaOpts.xms` | Artifactory member node java Xms size | |
| `artifactory.node.javaOpts.xmx` | Artifactory member node java Xms size | |
| `artifactory.node.javaOpts.other` | Artifactory member node additional java options | |
| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` |
| `ingress.annotations` | Artifactory Ingress annotations | `{}` |
| `ingress.hosts` | Artifactory Ingress hostnames | `[]` |
| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` |
| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` |
| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | |
| `nginx.enabled` | Deploy nginx server | `true` |
| `nginx.name` | Nginx name | `nginx` |
| `nginx.replicaCount` | Nginx replica count | `1` |
| `nginx.uid` | Nginx User Id | `104` |
| `nginx.git` | Nginx Group Id | `107` |
| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` |
| `nginx.image.version` | Container version | `.Chart.AppVersion` |
| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `nginx.service.type` | Nginx service type | `LoadBalancer` |
| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | |
| `nginx.service.annotations` | Nginx service annotations | `{}` |
| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` |
| `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx | |
| `nginx.externalPortHttp` | Nginx service external port | `80` |
| `nginx.internalPortHttp` | Nginx service internal port | `80` |
| `nginx.externalPortHttps` | Nginx service external port | `443` |
| `nginx.internalPortHttps` | Nginx service internal port | `443` |
| `nginx.internalPortReplicator` | Replicator service internal port | `6061` |
| `nginx.externalPortReplicator` | Replicator service external port | `6061` |
| `nginx.livenessProbe.enabled` | would you like a liveness Probe to be enabled | `true` |
| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 100 |
| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | |
| `nginx.env.ssl` | Nginx Environment enable ssl | `true` |
| `nginx.env.skipAutoConfigUpdate` | Nginx Environment to disable auto configuration update | `false` |
| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` |
| `nginx.resources.requests.memory` | Nginx initial memory request | `250Mi` |
| `nginx.resources.requests.cpu` | Nginx initial cpu request | `100m` |
| `nginx.resources.limits.memory` | Nginx memory limit | `250Mi` |
| `nginx.resources.limits.cpu` | Nginx cpu limit | `500m` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.postgresDatabase` | PostgreSQL database name | `artifactory` |
| `postgresql.postgresUser` | PostgreSQL database user | `artifactory` |
| `postgresql.postgresPassword` | PostgreSQL database password | |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | |
| `database.host` | External database hostname | |
| `database.port` | External database port | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Ingress and TLS
To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:
```
helm install --name artifactory-ha \
--set ingress.enabled=true \
--set ingress.hosts[0]="artifactory.company.com" \
--set artifactory.service.type=NodePort \
--set nginx.enabled=false \
jfrog/artifactory-ha
```
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```console
kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file:
```
ingress:
## If true, Artifactory Ingress will be created
##
enabled: true
## Artifactory Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- artifactory.domain.com
annotations:
kubernetes.io/tls-acme: "true"
## Artifactory Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: artifactory-tls
hosts:
- artifactory.domain.com
```
### Ingress annotations
This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup.
```
ingress:
enabled: true
defaultBackend:
enabled: false
hosts:
- myhost.example.com
annotations:
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/proxy-read-timeout: "600"
ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
- hosts:
- "myhost.example.com"
```
## Useful links
- https://www.jfrog.com/confluence/display/EP/Getting+Started
- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory
- https://www.jfrog.com/confluence/
charts/artifactory-ha/v0.7.0/app-readme.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory High Availability Helm Chart
Universal Repository Manager supporting all major packaging formats, build tools and CI servers.
## Chart Details
This chart will do the following:
* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes.
* Deploy a PostgreSQL database
* Deploy an Nginx server(optional)
## Activate Your Artifactory Instance
Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it.
charts/artifactory-ha/v0.7.0/questions.yml 0 → 100644
View file @ 6ae841fa
categories:
- repository
labels:
io.rancher.certified: partner
questions:
- variable: defaultImage
default: "true"
description: "Use default Docker image"
label: Use Default Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: initContainerImage
default: "alpine:3.6"
description: "Init image name"
type: string
label: Init image name
- variable: artifactory.image.repository
default: "docker.bintray.io/jfrog/artifactory-pro"
description: "Artifactory image name"
type: string
label: Artifactory Image Name
- variable: artifactory.image.version
default: "6.5.2"
description: "Artifactory image tag"
type: string
label: Artifactory Image Tag
- variable: nginx.image.repository
default: "docker.bintray.io/jfrog/nginx-artifactory-pro"
description: "Nginx image name"
type: string
label: Nginx Image Name
- variable: nginx.image.version
default: "6.5.2"
description: "Nginx image tag"
type: string
label: Nginx Image Tag
- variable: ingress.enabled
default: true
description: "Expose app using Layer 7 Load Balancer - ingress"
type: boolean
label: Expose app using Layer 7 Load Balancer
show_subquestion_if: true
group: "Services and Load Balancing"
required: true
subquestions:
- variable: ingress.hosts[0]
default: "xip.io"
description: "Hostname to your artifactory installation"
type: hostname
required: true
label: Hostname
- variable: artifactory.persistence.enabled
default: false
description: "enable persistence storage for Artifactory"
type: boolean
label: Enable Persistent Storage for Artifactory
group: "Artifactory Storage"
required: true
show_subquestion_if: true
subquestions:
- variable: artifactory.persistence.size
default: "50Gi"
description: "Artifactory persistent volume size"
type: string
label: Artifactory Persistent Volume Size
required: true
- variable: artifactory.persistence.type
default: "file-system"
description: "Artifactory persistent volume size"
type: enum
label: Artifactory Persistent Storage Type
required: true
options:
- "file-system"
- "nfs"
- "google-storage"
- "aws-s3"
#Storage Type Settings
- variable: artifactory.persistence.nfs.ip
default: ""
type: string
group: "Artifactory Storage"
label: NFS Server IP
description: "NFS server IP"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.haDataMount
default: "/data"
type: string
label: NFS Data Directory
description: "NFS data directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.haBackupMount
default: "/backup"
type: string
label: NFS Backup Directory
description: "NFS backup directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.dataDir
default: "/var/opt/jfrog/artifactory-ha"
type: string
label: HA Data Directory
description: "HA data directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.backupDir
default: "/var/opt/jfrog/artifactory-backup"
type: string
label: HA Backup Directory
description: "HA backup directory "
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.capacity
default: "200Gi"
type: string
label: NFS PVC Size
description: "NFS PVC size "
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
#Google storage settings
- variable: artifactory.persistence.googleStorage.bucketName
default: "artifactory-ha-gcp"
type: string
label: Google Storage Bucket Name
description: "Google storage bucket name"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.identity
default: ""
type: string
label: Google Storage Service Account ID
description: "Google Storage service account id"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.credential
default: ""
type: string
label: Google Storage Service Account Key
description: "Google Storage service account key"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.path
default: "artifactory-ha/filestore"
type: string
label: Google Storage Path In Bucket
description: "Google Storage path in bucket"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
# awsS3 storage settings
- variable: artifactory.persistence.awsS3.bucketName
default: "artifactory-ha-aws"
type: string
label: AWS S3 Bucket Name
description: "AWS S3 bucket name"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.region
default: ""
type: string
label: AWS S3 Bucket Region
description: "AWS S3 bucket region"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.identity
default: ""
type: string
label: AWS S3 AWS_ACCESS_KEY_ID
description: "AWS S3 AWS_ACCESS_KEY_ID"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.credential
default: ""
type: string
label: AWS S3 AWS_SECRET_ACCESS_KEY
description: "AWS S3 AWS_SECRET_ACCESS_KEY"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.path
default: "artifactory-ha/filestore"
type: string
label: AWS S3 Path In Bucket
description: "AWS S3 path in bucket"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
# Nginx Settings
- variable: nginx.enabled
default: false
description: "Enable nginx server"
type: boolean
label: Enable Nginx Server
group: "Services and Load Balancing"
required: true
show_if: "ingress.enabled=false"
- variable: nginx.service.type
default: "LoadBalancer"
description: "Nginx service type"
type: enum
required: true
label: Nginx Service Type
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
options:
- "ClusterIP"
- "NodePort"
- "LoadBalancer"
- variable: nginx.service.loadBalancerIP
default: ""
description: "Provide Static IP to configure with Nginx"
type: string
label: Config Nginx LoadBalancer IP
show_if: "nginx.enabled=true&&nginx.service.type=LoadBalancer&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.tlsSecretName
default: ""
description: "Provide SSL Secret name to configure with Nginx"
type: string
label: Config Nginx SSL Secret
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.persistence.enabled
default: false
description: "enable persistence storage for nginx server"
type: boolean
label: Enable Persistent Storage for Nginx Service
group: "Services and Load Balancing"
show_if: "nginx.enabled=true&&ingress.enabled=false"
- variable: nginx.persistence.size
default: 5Gi
description: "Nginx persistent volume size"
type: string
label: Nginx Persistent Volume Size
group: "Services and Load Balancing"
show_if: "nginx.enabled=true&&nginx.persistence.enabled=true&&ingress.enabled=false"
- variable: nginx.persistence.storageClass
default: ""
description: "If undefined or null, uses the default StorageClass. Default to null"
type: storageclass
label: Default StorageClass for Nginx
show_if: "nginx.enabled=true&&nginx.persistence.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
# Database Settings
- variable: postgresql.enabled
default: true
description: "Enable PostgreSQL"
type: boolean
required: true
label: Enable PostgreSQL
group: "Database Settings"
show_subquestion_if: "true"
subquestions:
- variable: postgresql.persistence.enabled
default: false
description: "enable persistence storage for PostgreSQL"
type: boolean
label: Enable Persistent Storage for PostgreSQL
- variable: postgresql.persistence.size
default: 20Gi
description: "PostgreSQL persistent volume size"
type: string
label: PostgreSQL Persistent Volume Size
show_if: "postgresql.enabled=true&&postgresql.persistence.enabled=true"
- variable: postgresql.persistence.storageClass
default: ""
description: "If undefined or null, uses the default StorageClass. Default to null"
type: storageclass
label: Default StorageClass for PostgreSQL
show_if: "postgresql.enabled=true&&postgresql.persistence.enabled=true"
- variable: database.type
default: "postgresql"
description: "xternal database type (postgresql, mysql, oracle or mssql)"
type: enum
required: true
label: External Database Type
group: "Database Settings"
show_if: "postgresql.enabled=false"
options:
- "postgresql"
- "mysql"
- "oracle"
- "mssql"
- variable: database.host
default: ""
description: "External database hostname"
type: string
label: External Database Hostname
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.port
default: ""
description: "External database port"
type: string
label: External Database Port
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.user
default: ""
description: "External database username"
type: string
label: External Database Username
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.password
default: ""
description: "External database password"
type: string
label: External Database Password
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: advancedOptions
default: false
description: "Show advanced configurations"
label: Show Advanced Configurations
type: boolean
show_subquestion_if: true
group: "Advanced Options"
subquestions:
- variable: artifactory.primary.resources.requests.cpu
default: "500m"
description: "Artifactory primary node initial cpu request"
type: string
label: Artifactory Primary Node Initial CPU Request
- variable: artifactory.primary.resources.requests.memory
default: "1Gi"
description: "Artifactory primary node initial memory request"
type: string
label: Artifactory Primary Node Initial Memory Request
- variable: artifactory.primary.javaOpts.xms
default: "1g"
description: "Artifactory primary node java Xms size"
type: string
label: Artifactory Primary Node Java Xms Size
- variable: artifactory.primary.resources.limits.cpu
default: "2"
description: "Artifactory primary node cpu limit"
type: string
label: Artifactory Primary Node CPU Limit
- variable: artifactory.primary.resources.limits.memory
default: "4Gi"
description: "Artifactory primary node memory limit"
type: string
label: Artifactory Primary Node Memory Limit
- variable: artifactory.primary.javaOpts.xmx
default: "4g"
description: "Artifactory primary node java Xmx size"
type: string
label: Artifactory Primary Node Java Xmx Size
- variable: artifactory.node.resources.requests.cpu
default: "500m"
description: "Artifactory member node initial cpu request"
type: string
label: Artifactory Member Node Initial CPU Request
- variable: artifactory.node.resources.requests.memory
default: "2Gi"
description: "Artifactory member node initial memory request"
type: string
label: Artifactory Member Node Initial Memory Request
- variable: artifactory.node.javaOpts.xms
default: "1g"
description: "Artifactory member node java Xms size"
type: string
label: Artifactory Member Node Java Xms Size
- variable: artifactory.node.resources.limits.cpu
default: "2"
description: "Artifactory member node cpu limit"
type: string
label: Artifactory Member Node CPU Limit
- variable: artifactory.node.resources.limits.memory
default: "4Gi"
description: "Artifactory member node memory limit"
type: string
label: Artifactory Member Node Memory Limit
- variable: artifactory.node.javaOpts.xmx
default: "4g"
description: "Artifactory member node java Xmx size"
type: string
label: Artifactory Member Node Java Xmx Size
- variable: postgresql.node.resources.requests.cpu
default: "200m"
description: "PostgreSQL initial cpu request"
type: string
label: PostgreSQL Initial CPU Request
- variable: postgresql.node.resources.requests.memory
default: "500Mi"
description: "PostgreSQL initial memory request"
type: string
label: PostgreSQL Initial Memory Request
- variable: postgresql.node.resources.limits.cpu
default: "1"
description: "PostgreSQL cpu limit"
type: string
label: PostgreSQL CPU Limit
- variable: postgresql.node.resources.limits.memory
default: "1Gi"
description: "PostgreSQL memory limit"
type: string
label: PostgreSQL Memory Limit
charts/artifactory-ha/v0.7.0/requirements.lock 0 → 100644
View file @ 6ae841fa
dependencies:
- name: postgresql
repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.9.5
digest: sha256:7e07fb616d953e518e3373e2c5183290b4b6e94292a233528c0d52ffd42afc77
generated: 2018-10-28T06:26:39.466565306+02:00
charts/artifactory-ha/v0.7.0/requirements.yaml 0 → 100644
View file @ 6ae841fa
dependencies:
- name: postgresql
version: 0.9.5
repository: https://kubernetes-charts.storage.googleapis.com/
condition: postgresql.enabled
charts/artifactory-ha/v0.7.0/templates/NOTES.txt 0 → 100644
View file @ 6ae841fa
Congratulations. You have just deployed JFrog Artifactory HA!
{{- if (not .Values.artifactory.masterKeySecretName) and eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" }}
***************************************** WARNING ******************************************
* Your Artifactory master key is still set to the provided example: *
* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF *
* *
* You should change this to your own generated key: *
* $ export MASTER_KEY=$(openssl rand -hex 32) *
* $ echo ${MASTER_KEY} *
* *
* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' *
* *
* Alternatively, you can use a pre-existing secret with a key called master-key with *
* '--set artifactory.masterKeySecretName=${SECRET_NAME}' *
********************************************************************************************
{{- end }}
{{- if .Values.postgresql.enabled }}
DATABASE:
To extract the database password, run the following
export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgres-password}" | base64 --decode)
echo ${DB_PASSWORD}
{{- end }}
SETUP:
1. Get the Artifactory IP and URL
{{- if contains "NodePort" .Values.nginx.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
NOTE: It may take a few minutes for the LoadBalancer public IP to be available!
You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.nginx.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80
echo http://127.0.0.1:8080
{{- end }}
2. Open Artifactory in your browser
Default credential for Artifactory:
user: admin
password: password
{{- if .Values.artifactory.license.secret }}
3. Manage Artifactory license through the {{ .Values.artifactory.license.secret }} secret ONLY!
Since the artifactory license(s) is managed with a secret ({{ .Values.artifactory.license.secret }}), any change through the Artifactory UI might not be saved!
{{- else }}
3. Add HA licenses to activate Artifactory HA through the Artifactory UI
NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details.
{{- end }}
charts/artifactory-ha/v0.7.0/templates/_helpers.tpl 0 → 100644
View file @ 6ae841fa
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "artifactory-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The primary node name
*/}}
{{- define "artifactory-ha.primary.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The member node name
*/}}
{{- define "artifactory-ha.node.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name nginx service.
*/}}
{{- define "artifactory-ha.nginx.name" -}}
{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.nginx.fullname" -}}
{{- if .Values.nginx.fullnameOverride -}}
{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nginx.name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "artifactory-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "artifactory-ha.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v0.7.0/templates/artifactory-binarystore.yaml 0 → 100644
View file @ 6ae841fa
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-bs
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
binarystore.xml: |-
{{- if eq .Values.artifactory.persistence.type "file-system" }}
<!-- File system replication -->
<config version="2">
<chain>
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<lenientLimit>2</lenientLimit>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="state-aware" type="state-aware"/>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</provider>
</chain>
<!-- Shards add local file-system provider configuration -->
<provider id="state-aware" type="state-aware">
<fileStoreDir>shard-fs-1</fileStoreDir>
<zone>local</zone>
</provider>
<!-- Shards dynamic remote provider configuration -->
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<serviceId>tester-remote1</serviceId>
<timeout>10000</timeout>
<zone>remote</zone>
<property name="header.remote.block" value="true"/>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "google-storage" }}
<!-- Google storage -->
<config version="2">
<chain>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry" type="retry">
<provider id="google-storage" type="google-storage"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="file-system" type="file-system">
<fileStoreDir>{{ .Values.artifactory.persistence.mountPath }}/data/filestore</fileStoreDir>
<tempDir>/tmp</tempDir>
</provider>
<provider id="google-storage" type="google-storage">
<providerId>google-cloud-storage</providerId>
<endpoint>commondatastorage.googleapis.com</endpoint>
<httpsOnly>false</httpsOnly>
<bucketName>{{ .Values.artifactory.persistence.googleStorage.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.googleStorage.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.googleStorage.credential }}</credential>
<path>{{ .Values.artifactory.persistence.googleStorage.path }}</path>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "aws-s3" }}
<!-- AWS S3 -->
<config version="2">
<chain> <!--template="cluster-s3"-->
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry-s3" type="retry">
<provider id="s3" type="s3"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
</provider>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<property name="zones" value="local,remote"/>
</provider>
<provider id="s3" type="s3">
<endpoint>{{ .Values.artifactory.persistence.awsS3.endpoint }}</endpoint>
<refreshCredentials>{{ .Values.artifactory.persistence.awsS3.refreshCredentials }}</refreshCredentials>
<testConnection>{{ .Values.artifactory.persistence.awsS3.testConnection }}</testConnection>
<httpsOnly>true</httpsOnly>
<region>{{ .Values.artifactory.persistence.awsS3.region }}</region>
<bucketName>{{ .Values.artifactory.persistence.awsS3.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.awsS3.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.awsS3.credential }}</credential>
<path>{{ .Values.artifactory.persistence.awsS3.path }}</path>
{{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }}
<property name="{{ $key }}" value="{{ $value }}"/>
{{- end }}
</provider>
</config>
{{- end }}
charts/artifactory-ha/v0.7.0/templates/artifactory-nfs-pvc.yaml 0 → 100644
View file @ 6ae841fa
{{- if eq .Values.artifactory.persistence.type "nfs" }}
### Artifactory HA data
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-data-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-data-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
---
### Artifactory HA backup
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-backup-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-backup-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v0.7.0/templates/artifactory-node-pdb.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "artifactory-ha.fullname" . }}-node
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
release: {{ .Release.Name }}
minAvailable: {{ .Values.artifactory.node.minAvailable }}
charts/artifactory-ha/v0.7.0/templates/artifactory-node-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.node.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceName: {{ template "artifactory-ha.node.name" . }}
replicas: {{ .Values.artifactory.node.replicaCount }}
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore.yaml") . | sha256sum }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- end }}
sleep 2;
done;
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{.Values.postgresql.postgresUser }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgres-password
{{- else }}
- name: DB_TYPE
value: '{{ .Values.database.type }}'
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
{{- if .Values.database.secrets }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- else }}
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: "
{{- if .Values.artifactory.javaOpts.other }}
{{ .Values.artifactory.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.other }}
{{ .Values.artifactory.node.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.xms }}
-Xms{{ .Values.artifactory.node.javaOpts.xms }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.xmx }}
-Xmx{{ .Values.artifactory.node.javaOpts.xmx }}
{{- end}}
{{- if .Values.artifactory.replicator.enabled }}
-Dartifactory.releasebundle.feature.enabled=true
{{- end }}
"
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
key: master-key
- name: HA_IS_PRIMARY
value: "false"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ART_PRIMARY_BASE_URL
value: 'http://{{ template "artifactory-ha.primary.name" . }}:8081/artifactory'
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
{{- end }}
resources:
{{ toYaml .Values.artifactory.node.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.artifactory.node.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.artifactory.node.affinity }}
{{- with .Values.artifactory.node.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
role: {{ template "artifactory-ha.node.name" . }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
{{- with .Values.artifactory.node.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.persistence.local }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: volume
spec:
{{- if .Values.artifactory.node.persistence.existingClaim }}
selector:
matchLabels:
app: artifactory-ha-member
{{- else }}
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/artifactory-plugin-inactiveservercleaner.yaml 0 → 100644
View file @ 6ae841fa
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-isc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
inactiveServerCleaner.groovy: |-
import org.artifactory.state.ArtifactoryServerState
import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService
import org.artifactory.common.ConstantValues
import org.slf4j.Logger
import java.util.concurrent.TimeUnit
jobs {
clean(interval: 90000, delay: 900000) {
runCleanupHAInactiveServers()
}
}
executions {
cleanHAInactiveServers() { params ->
runCleanupHAInactiveServers()
}
}
def runCleanupHAInactiveServers() {
def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService)
def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log)
artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers()
}
public class ArtifactoryInactiveServersCleaner {
private ArtifactoryServersCommonService artifactoryServersCommonService
private Logger log
ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) {
this.artifactoryServersCommonService = artifactoryServersCommonService
this.log = log
}
def cleanInactiveArtifactoryServers() {
log.info "Executing inactive artifactory servers cleaner plugin"
List<String> allMembers = artifactoryServersCommonService.getAllArtifactoryServers()
for (member in allMembers) {
def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat())
def noHeartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt()
if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || ( noHeartbeat && member.getServerState() != ArtifactoryServerState.CONVERTING && member.getServerState() != ArtifactoryServerState.STARTING )) {
try {
log.info "Inactive artifactory servers cleaning task found server ${member.serverId} to remove"
artifactoryServersCommonService.removeServer(member.serverId)
}catch (Exception e){
log.error "Error: Not able to remove ${member.serverId}, ${e.message}"
}
}
}
log.info "No inactive servers found"
}
}
\ No newline at end of file
charts/artifactory-ha/v0.7.0/templates/artifactory-primary-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceName: {{ template "artifactory-ha.primary.name" . }}
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore.yaml") . | sha256sum }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- end }}
sleep 2;
done;
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.configMapName }}
cp -Lrfv /bootstrap/* /artifactory_extra_conf/
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{ .Values.postgresql.postgresUser }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgres-password
{{- else }}
- name: DB_TYPE
value: '{{ .Values.database.type }}'
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
{{- if .Values.database.secrets }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- else }}
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: "
{{- if .Values.artifactory.javaOpts.other }}
{{ .Values.artifactory.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.other }}
{{ .Values.artifactory.primary.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.xms }}
-Xms{{ .Values.artifactory.primary.javaOpts.xms }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.xmx }}
-Xmx{{ .Values.artifactory.primary.javaOpts.xmx }}
{{- end}}
{{- if .Values.artifactory.replicator.enabled }}
-Dartifactory.releasebundle.feature.enabled=true
{{- end }}
"
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
key: master-key
- name: HA_IS_PRIMARY
value: "true"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.artifactory.internalPortReplicator }}
{{- end }}
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
- name: artifactory-inactiveservercleaner
mountPath: "/tmp/plugins/inactiveServerCleaner.groovy"
subPath: inactiveServerCleaner.groovy
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
{{- if .Values.artifactory.license.secret }}
- name: artifactory-license
mountPath: "/artifactory_extra_conf/artifactory.cluster.license"
subPath: {{ .Values.artifactory.license.dataKey }}
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
{{- end }}
resources:
{{ toYaml .Values.artifactory.primary.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8081
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.artifactory.primary.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.artifactory.primary.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.artifactory.primary.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
configMap:
name: {{ .Values.artifactory.configMapName }}
{{- end}}
- name: artifactory-inactiveservercleaner
configMap:
name: {{ template "artifactory-ha.fullname" . }}-isc
{{- if .Values.artifactory.license.secret }}
- name: artifactory-license
secret:
secretName: {{ .Values.artifactory.license.secret }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.persistence.local }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: volume
spec:
{{- if .Values.artifactory.primary.persistence.existingClaim }}
selector:
matchLabels:
app: artifactory-ha-primary
{{- else }}
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/artifactory-role.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
rules:
{{ toYaml .Values.rbac.role.rules }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/artifactory-rolebinding.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "artifactory-ha.serviceAccountName" . }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: {{ template "artifactory-ha.fullname" . }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/artifactory-secrets.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: Opaque
data:
{{- if not .Values.artifactory.masterKeySecretName }}
master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
{{- end }}
{{- if .Values.database.password }}
db-password: {{ .Values.database.password | b64enc | quote }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/artifactory-service.yaml 0 → 100644
View file @ 6ae841fa
# Service for all Artifactory cluster nodes.
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
selector:
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
---
# Internal service for Artifactory primary node only!
# Used by member nodes to check readiness of primary node before starting up
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.artifactory.externalPortReplicator }}
targetPort: {{ .Values.artifactory.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end}}
selector:
role: {{ template "artifactory-ha.primary.name" . }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
charts/artifactory-ha/v0.7.0/templates/artifactory-serviceaccount.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.serviceAccountName" . }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/ingress.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.ingress.annotations }}
annotations:
{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if .Values.ingress.defaultBackend.enabled }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.ingress.hosts }}
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: /
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/artifactory-ha/v0.7.0/templates/nginx-deployment.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.nginx.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
spec:
replicas: {{ .Values.nginx.replicaCount }}
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
{{- if .Values.nginx.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- '/bin/sh'
- '-c'
- 'rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
name: nginx-volume
{{- end }}
- name: "wait-for-artifactory"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
until nc -z -w 2 {{ $serviceName }} {{ $servicePort }} && echo artifactory ok; do
sleep 2;
done;
securityContext:
runAsUser: {{ .Values.nginx.uid }}
fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}'
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.nginx.customConfigMap }}
cp -Lrf /tmp/nginx.conf /etc/nginx/nginx.conf;
{{- end }}
if [ -f /tmp/replicator-nginx.conf ]; then
cp -fv /tmp/replicator-nginx.conf /etc/nginx/conf.d/replicator-nginx.conf;
fi;
if [ -f /tmp/ssl/*.crt ]; then
rm -rf /var/opt/jfrog/nginx/ssl/example.*;
cp -fv /tmp/ssl/* /var/opt/jfrog/nginx/ssl;
fi;
until [ -f /etc/nginx/conf.d/artifactory.conf ]; do sleep 1; done;
if ! grep -q 'upstream' /etc/nginx/conf.d/artifactory.conf; then
sed -i -e 's,proxy_pass .*,proxy_pass http://{{ $serviceName }}:{{ $servicePort }}/artifactory/;,g' \
-e 's,server_name .*,server_name ~(?<repo>.+)\\.{{ $serviceName }} {{ $serviceName }};,g' \
/etc/nginx/conf.d/artifactory.conf;
fi;
if ! grep -q 'proxy_http_version' /etc/nginx/conf.d/artifactory.conf; then
sed -i 's,\(proxy_next_upstream .*\),proxy_http_version 1.1;\n \1,g' /etc/nginx/conf.d/artifactory.conf;
fi;
sleep 5; nginx -s reload; touch /var/log/nginx/conf.done
env:
- name: ART_BASE_URL
{{- if .Values.nginx.env.artUrl }}
value: {{ .Values.nginx.env.artUrl }}
{{- else }}
value: 'http://{{ $serviceName }}:{{ $servicePort }}/artifactory'
{{- end }}
- name: SSL
value: "{{ .Values.nginx.env.ssl }}"
- name: SKIP_AUTO_UPDATE_CONFIG
value: "{{ .Values.nginx.env.skipAutoConfigUpdate }}"
ports:
- containerPort: {{ .Values.nginx.internalPortHttp }}
- containerPort: {{ .Values.nginx.internalPortHttps }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.nginx.internalPortReplicator }}
{{- end }}
volumeMounts:
- name: nginx-volume
mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-nginx-config
mountPath: "/tmp/replicator-nginx.conf"
subPath: replicator-nginx.conf
{{- end }}
{{- if .Values.nginx.tlsSecretName }}
- name: ssl-secret-volume
mountPath: "/tmp/ssl"
{{- end }}
{{- if .Values.nginx.customConfigMap }}
- name: nginx-config
mountPath: "/tmp/"
{{- end }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- if .Values.nginx.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 80
initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.nginx.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 80
initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.nginx.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-nginx-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-nginx-config
{{- end}}
{{- if .Values.nginx.customConfigMap }}
- name: nginx-config
configMap:
name: {{ .Values.nginx.customConfigMap }}
{{- end }}
- name: nginx-volume
{{- if .Values.nginx.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.nginx.tlsSecretName }}
- name: ssl-secret-volume
secret:
secretName: {{ .Values.nginx.tlsSecretName }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/nginx-pvc.yaml 0 → 100644
View file @ 6ae841fa
{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled ) }}
{{- if (not .Values.nginx.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.nginx.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.nginx.persistence.size | quote }}
{{- if .Values.nginx.persistence.storageClass }}
{{- if (eq "-" .Values.nginx.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nginx.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/nginx-replicator-conf.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.artifactory.replicator.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-replicator-nginx-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
replicator-nginx.conf: |
## Artifactory replicator
server {
listen {{ .Values.nginx.externalPortReplicator }};
server_name {{ include "artifactory-ha.fullname" . }};
client_max_body_size 0;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_pass http://{{ include "artifactory-ha.primary.name" . }}:{{ .Values.nginx.internalPortReplicator }};
proxy_http_version 1.1;
}
}
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v0.7.0/templates/nginx-service.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.nginx.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
{{- if .Values.nginx.service.annotations }}
annotations:
{{ toYaml .Values.nginx.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.nginx.service.type }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}}
loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}
{{ end -}}
{{- if .Values.nginx.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }}
{{- end }}
{{- end }}
{{- if .Values.nginx.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.nginx.externalPortReplicator }}
targetPort: {{ .Values.nginx.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end }}
- port: {{ .Values.nginx.externalPortHttp }}
targetPort: {{ .Values.nginx.internalPortHttp }}
protocol: TCP
name: http
- port: {{ .Values.nginx.externalPortHttps }}
targetPort: {{ .Values.nginx.internalPortHttps }}
protocol: TCP
name: https
selector:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
{{- end }}
charts/artifactory-ha/v0.7.0/templates/replicator-configmap.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.artifactory.replicator.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
replicator.yaml: |-
externalUrl: {{ .Values.artifactory.replicator.publicUrl }}
internalUrl: http://localhost:6061
listenPort: 6061
{{- end -}}
charts/artifactory-ha/v0.7.0/values.yaml 0 → 100644
View file @ 6ae841fa
# Default values for artifactory-ha.
# This is a YAML-formatted file.
# Beware when changing values here. You should know what you are doing!
# Access the values with {{ .Values.key.subkey }}
# Common
initContainerImage: "alpine:3.6"
# For supporting pulling from private registries
imagePullSecrets:
## Role Based Access Control
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
rbac:
create: true
role:
## Rules to create. It follows the role specification
rules:
- apiGroups:
- ''
resources:
- services
- endpoints
- pods
verbs:
- get
- watch
- list
## Service Account
## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/
##
serviceAccount:
create: true
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fullname template
name:
ingress:
enabled: false
defaultBackend:
enabled: true
# Used to create an Ingress record.
hosts:
# - artifactory.domain.example
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - artifactory.domain.example
# Database
## Configuration values for the postgresql dependency
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
##
postgresql:
enabled: true
postgresDatabase: "artifactory"
postgresUser: "artifactory"
postgresPassword:
postgresConfig:
maxConnections: "1500"
service:
port: 5432
persistence:
enabled: true
size: 50Gi
resources: {}
# requests:
# memory: "512Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "500m"
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## you must specify the following database details
database:
type:
host:
port:
## If you would like this chart to create the secret containing the db
## password, use these values
user:
password:
## If you have existing Kubernetes secrets containing db credentials, use
## these values
secrets: {}
# user:
# name: "rds-artifactory"
# key: "db-user"
# password:
# name: "rds-artifactory"
# key: "db-password"
# Artifactory
artifactory:
name: artifactory-ha
image:
repository: "docker.bintray.io/jfrog/artifactory-pro"
# Note that by default we use appVersion to get image tag
# version:
pullPolicy: IfNotPresent
## Artifactory requires a unique master key
## You can generate one with the command:
## 'openssl rand -hex 32'
## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}'
## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName
## IMPORTANT: You should NOT use the example masterKey for a production deployment!
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# masterKeySecretName:
## Artifactory license secret.
## If artifactory.license.secret is passed, it will be mounted as
## ARTIFACTORY_HOME/etc/artifactory.cluster.license and loaded at run time.
## The dataKey should be the name of the secret data key created.
license:
secret:
dataKey:
## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter
configMapName:
## Extra postStart command to install JDBC driver for MySql/MariaDb/Oracle
# postStartCommand: "curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar && chown 1030:1030 /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar"
membershipPort: 10017
externalPort: 8081
internalPort: 8081
internalPortReplicator: 6061
externalPortReplicator: 6061
uid: 1030
## The following settings are to configure the frequency of the liveness and readiness probes
livenessProbe:
enabled: true
initialDelaySeconds: 180
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
persistence:
enabled: true
local: false
redundancy: 3
mountPath: "/var/opt/jfrog/artifactory"
accessMode: ReadWriteOnce
size: 200Gi
maxCacheSize: 50000000000
## artifactory data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config
## Supported types are:
## file-system (default)
## nfs
## google-storage
## aws-s3
type: file-system
## For artifactory.persistence.type nfs
## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes
## cluster nodes.
## Need to have the following set
nfs:
# Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}'
ip:
haDataMount: "/data"
haBackupMount: "/backup"
dataDir: "/var/opt/jfrog/artifactory-ha"
backupDir: "/var/opt/jfrog/artifactory-backup"
capacity: 200Gi
## For artifactory.persistence.type google-storage
googleStorage:
# Set a unique bucket name
bucketName: "artifactory-ha-gcp"
identity:
credential:
path: "artifactory-ha/filestore"
## For artifactory.persistence.type aws-s3
## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html
awsS3:
# Set a unique bucket name
bucketName: "artifactory-ha-aws"
endpoint:
region:
identity:
credential:
path: "artifactory-ha/filestore"
refreshCredentials: true
testConnection: false
## Additional properties to set on the s3 provider
properties: {}
# httpclient.max-connections: 100
service:
name: artifactory
type: ClusterIP
## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them)
## Supported pool values
## members
## all
pool: members
## The following Java options are passed to the java process running Artifactory.
## This will be passed to all cluster members. Primary and member nodes.
javaOpts:
other: "-Dartifactory.locking.provider.type=db"
## Artifactory Replicator is available only for Enterprise Plus
replicator:
enabled: false
publicUrl:
# Name of ConfigMap for Distribution Cert
distributionCerts:
annotations: {}
## Type specific configurations.
## There is a difference between the primary and the member nodes.
## Customising their resources and java parameters is done here.
primary:
name: artifactory-ha-primary
persistence:
## Set existingClaim to true or false
## If true, you must prepare a PVC with the name e.g `artifactory-ha-primary`
existingClaim: false
## Resources for the primary node
resources: {}
# requests:
# memory: "1Gi"
# cpu: "500m"
# limits:
# memory: "2Gi"
# cpu: "1"
## The following Java options are passed to the java process running Artifactory primary node.
## You should set them according to the resources set above
javaOpts: {}
# xms: "1g"
# xmx: "2g"
# other:
nodeSelector: {}
tolerations: []
affinity: {}
node:
name: artifactory-ha-member
persistence:
## Set existingClaim to true or false
## If true, you must prepare a PVC with the name e.g `artifactory-ha-member`
existingClaim: false
replicaCount: 2
minAvailable: 1
## Resources for the member nodes
resources: {}
# requests:
# memory: "1Gi"
# cpu: "500m"
# limits:
# memory: "2Gi"
# cpu: "1"
## The following Java options are passed to the java process running Artifactory member nodes.
## You should set them according to the resources set above
javaOpts: {}
# xms: "1g"
# xmx: "2g"
# other:
nodeSelector: {}
tolerations: []
## Complete specification of the "affinity" of the member nodes; if this is non-empty,
## "podAntiAffinity" values are not used.
affinity: {}
## Only used if "affinity" is empty
podAntiAffinity:
## Valid values are "soft" or "hard"; any other value indicates no anti-affinity
type: ""
topologyKey: "kubernetes.io/hostname"
# Nginx
nginx:
enabled: true
name: nginx
replicaCount: 1
uid: 104
gid: 107
image:
repository: "docker.bintray.io/jfrog/nginx-artifactory-pro"
# Note that by default we use appVersion to get image tag
# version:
pullPolicy: IfNotPresent
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer
## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
## or pass from helm command line
## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}'
loadBalancerSourceRanges: []
## Provide static ip address
loadBalancerIP:
## There are two available options: “Cluster” (default) and “Local”.
externalTrafficPolicy: Cluster
externalPortHttp: 80
internalPortHttp: 80
externalPortHttps: 443
internalPortHttps: 443
internalPortReplicator: 6061
externalPortReplicator: 6061
## The following settings are to configure the frequency of the liveness and readiness probes
livenessProbe:
enabled: true
initialDelaySeconds: 100
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
## The SSL secret that will be used by the Nginx pod
# tlsSecretName: chart-example-tls
env:
ssl: true
# artUrl: "http://artifactory:8081/artifactory"
skipAutoConfigUpdate: false
## Custom ConfigMap for nginx.conf
customConfigMap:
persistence:
mountPath: "/var/opt/jfrog/nginx"
enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
accessMode: ReadWriteOnce
size: 5Gi
## nginx data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
resources: {}
# requests:
# memory: "250Mi"
# cpu: "100m"
# limits:
# memory: "250Mi"
# cpu: "500m"
nodeSelector: {}
tolerations: []
affinity: {}
charts/artifactory-ha/v0.7.12/.helmignore 0 → 100644
View file @ 6ae841fa
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
OWNERS
\ No newline at end of file
charts/artifactory-ha/v0.7.12/CHANGELOG.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file.
## [0.7.12] - Dec 2, 2018
* Remove Java option "-Dartifactory.locking.provider.type=db". This is already the default setting.
## [0.7.11] - Nov 30, 2018
* Updated Artifactory version to 6.5.9
## [0.7.10] - Nov 29, 2018
* Fixed the volumeMount for the replicator.yaml
## [0.7.9] - Nov 29, 2018
* Optionally include primary node into poddisruptionbudget
## [0.7.8] - Nov 29, 2018
* Updated postgresql version to 9.6.11
## [0.7.7] - Nov 27, 2018
* Updated Artifactory version to 6.5.8
## [0.7.6] - Nov 18, 2018
* Added support for configMap to use custom Reverse Proxy Configuration with Nginx
## [0.7.5] - Nov 14, 2018
* Updated Artifactory version to 6.5.3
## [0.7.4] - Nov 13, 2018
* Allow pod anti-affinity settings to include primary node
## [0.7.3] - Nov 12, 2018
* Support artifactory.preStartCommand for running command before entrypoint starts
## [0.7.2] - Nov 7, 2018
* Support database.url parameter (DB_URL)
## [0.7.1] - Oct 29, 2018
* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted)
## [0.7.0] - Oct 28, 2018
* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options
## [0.6.9] - Oct 23, 2018
* Fix providing external secret for database credentials
## [0.6.8] - Oct 22, 2018
* Allow user to configure externalTrafficPolicy for Loadbalancer
## [0.6.7] - Oct 22, 2018
* Updated ingress annotation support (with examples) to support docker registry v2
## [0.6.6] - Oct 21, 2018
* Updated Artifactory version to 6.5.2
## [0.6.5] - Oct 19, 2018
* Allow providing pre-existing secret containing master key
* Allow arbitrary annotations on primary and member node pods
* Enforce size limits when using local storage with `emptyDir`
* Allow `soft` or `hard` specification of member node anti-affinity
* Allow providing pre-existing secrets containing external database credentials
* Fix `s3` binary store provider to properly use the `cache-fs` provider
* Allow arbitrary properties when using the `s3` binary store provider
## [0.6.4] - Oct 18, 2018
* Updated Artifactory version to 6.5.1
## [0.6.3] - Oct 17, 2018
* Add Apache 2.0 license
## [0.6.2] - Oct 14, 2018
* Make S3 endpoint configurable (was hardcoded with `s3.amazonaws.com`)
## [0.6.1] - Oct 11, 2018
* Allows ingress default `backend` to be enabled or disabled (defaults to enabled)
## [0.6.0] - Oct 11, 2018
* Updated Artifactory version to 6.5.0
## [0.5.3] - Oct 9, 2018
* Quote ingress hosts to support wildcard names
## [0.5.2] - Oct 2, 2018
* Add `helm repo add jfrog https://charts.jfrog.io` to README
## [0.5.1] - Oct 2, 2018
* Set Artifactory to 6.4.1
## [0.5.0] - Sep 27, 2018
* Set Artifactory to 6.4.0
## [0.4.7] - Sep 26, 2018
* Add ci/test-values.yaml
## [0.4.6] - Sep 25, 2018
* Add PodDisruptionBudget for member nodes, defaulting to minAvailable of 1
## [0.4.4] - Sep 2, 2018
* Updated Artifactory version to 6.3.2
## [0.4.0] - Aug 22, 2018
* Added support to run as non root
* Updated Artifactory version to 6.2.0
## [0.3.0] - Aug 22, 2018
* Enabled RBAC Support
* Added support for PostStartCommand (To download Database JDBC connector)
* Increased postgresql max_connections
* Added support for `nginx.conf` ConfigMap
* Updated Artifactory version to 6.1.0
charts/artifactory-ha/v0.7.12/Chart.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
appVersion: 6.5.9
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/artifactory-dcos/master/images/jfrog_med.png
keywords:
- artifactory
- jfrog
- devops
maintainers:
- email: jainishs@jfrog.com
name: jainishshah17
- email: eldada@jfrog.com
name: eldada
- email: rimasm@jfrog.com
name: rimusz
name: artifactory-ha
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
version: 0.7.12
charts/artifactory-ha/v0.7.12/LICENSE 0 → 100644
View file @ 6ae841fa
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
charts/artifactory-ha/v0.7.12/OWNERS 0 → 100644
View file @ 6ae841fa
approvers:
- jainishshah17
- eldada
- rimusz
reviewers:
- jainishshah17
- eldada
- rimusz
\ No newline at end of file
charts/artifactory-ha/v0.7.12/README.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory High Availability Helm Chart
## Prerequisites Details
* Kubernetes 1.8+
* Artifactory HA license
## Chart Details
This chart will do the following:
* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes.
* Deploy a PostgreSQL database
* Deploy an Nginx server
## Artifactory HA architecture
The Artifactory HA cluster in this chart is made up of
- A single primary node
- Two member nodes, which can be resized at will
Load balancing is done to the member nodes only.
This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic.
> This can be controlled by the parameter `artifactory.service.pool`.
## Installing the Chart
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
To install the chart with the release name `artifactory-ha`:
```bash
helm install --name artifactory-ha jfrog/artifactory-ha
```
### Deploying Artifactory with replicator enabled
```bash
## Artifactory replicator is disabled by default. To enable it use the following:
helm install --name artifactory --set artifactory.replicator.enabled=true jfrog/artifactory-ha
```
### Accessing Artifactory
**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup.
Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it.
### Updating Artifactory
Once you have a new chart version, you can update your deployment with
```bash
helm upgrade artifactory-ha jfrog/artifactory-ha
```
This will apply any configuration changes on your existing deployment.
### Artifactory memory and CPU resources
The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out.
It is **highly** recommended to set these so you have full control of the allocated resources and limits.
See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware).
```bash
# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory)
helm install --name artifactory-ha \
--set artifactory.primary.resources.requests.cpu="500m" \
--set artifactory.primary.resources.limits.cpu="2" \
--set artifactory.primary.resources.requests.memory="1Gi" \
--set artifactory.primary.resources.limits.memory="4Gi" \
--set artifactory.primary.javaOpts.xms="1g" \
--set artifactory.primary.javaOpts.xmx="4g" \
--set artifactory.node.resources.requests.cpu="500m" \
--set artifactory.node.resources.limits.cpu="2" \
--set artifactory.node.resources.requests.memory="1Gi" \
--set artifactory.node.resources.limits.memory="4Gi" \
--set artifactory.node.javaOpts.xms="1g" \
--set artifactory.node.javaOpts.xmx="4g" \
--set postgresql.resources.requests.cpu="200m" \
--set postgresql.resources.limits.cpu="1" \
--set postgresql.resources.requests.memory="500Mi" \
--set postgresql.resources.limits.memory="1Gi" \
--set nginx.resources.requests.cpu="100m" \
--set nginx.resources.limits.cpu="250m" \
--set nginx.resources.requests.memory="250Mi" \
--set nginx.resources.limits.memory="500Mi" \
jfrog/artifactory-ha
```
> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`.
Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/).
### Create Distribution Certificates for Artifactory Enterprise Plus
```bash
# Create private.key and root.crt
openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out root.crt
```
Once Created, Use it to create ConfigMap
```bash
# Create ConfigMap distribution-certs
kubectl create configmap distribution-certs --from-file=private.key=private.key --from-file=root.crt=root.crt
```
Pass it to `helm`
```bash
helm install --name artifactory --set artifactory.distributionCerts=distribution-certs jfrog/artifactory-ha
```
### Artifactory storage
Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration)
In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings.
The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes.
> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter.
This is used to set how many replicas of a binary should be stored in the cluster's nodes.
Once this value is set on initial deployment, you can not update it using helm.
It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number.
#### NFS
To use an NFS server as your cluster's storage, you need to
- Setup an NFS server. Get its IP as `NFS_IP`
- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all
- Pass NFS parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=nfs \
--set artifactory.persistence.nfs.ip=${NFS_IP} \
...
```
#### Google Storage
To use a Google Storage bucket as the cluster's filestore
- Pass Google Storage parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
...
```
#### AWS S3
To use an AWS S3 bucket as the cluster's filestore
- Pass AWS S3 parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \
--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \
...
```
**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html)
### Create a unique Master Key
Artifactory HA cluster requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`).
**This key is for demo purpose and should not be used in a production environment!**
You should generate a unique one and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Pass the created master key to helm
helm install --name artifactory-ha --set artifactory.masterKey=${MASTER_KEY} jfrog/artifactory-ha
```
Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY}
# Pass the created secret to helm
helm install --name artifactory-ha --set artifactory.masterKeySecretName=my-secret jfrog/artifactory-ha
```
**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
### Install Artifactory HA license
For activating Artifactory HA, you must install an appropriate license. There are two ways to manage the license. **Artifactory UI** or a **Kubernetes Secret**.
The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** is for advanced users and is better suited for automation.
**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster!
##### Artifactory UI
Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details
##### Kubernetes Secret
You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/).
Prepare a text file with the license(s) written in it. If writing multiple licenses, it's important to put **two new lines between each license block**!
```bash
# Create the Kubernetes secret (assuming the local license file is 'art.lic')
kubectl create secret generic artifactory-cluster-license --from-file=./art.lic
# Pass the license to helm
helm install --name artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic jfrog/artifactory-ha
```
**NOTE:** You have to keep passing the license secret parameters as `--set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic` on all future calls to `helm install` and `helm upgrade`!
### Bootstrapping Artifactory
**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section.
* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration)
* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration)
Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below:
```
apiVersion: v1
kind: ConfigMap
metadata:
name: my-release-bootstrap-config
data:
artifactory.config.import.xml: |
<config contents>
security.import.xml: |
<config contents>
```
Create configMap in Kubernetes:
```bash
kubectl apply -f bootstrap-config.yaml
```
#### Pass the configMap to helm
```bash
helm install --name artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config jfrog/artifactory-ha
```
### Use custom nginx.conf with Nginx
Steps to create configMap with nginx.conf
* Create `nginx.conf` file.
```bash
kubectl create configmap nginx-config --from-file=nginx.conf
```
* Pass configMap to helm install
```bash
helm install --name artifactory-ha --set nginx.customConfigMap=nginx-config jfrog/artifactory-ha
```
### Scaling your Artifactory cluster
A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it.
##### Before scaling
**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart).
Get the current database password
```bash
export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgres-password}" | base64 --decode)
```
Use `--set postgresql.postgresPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster!
##### Scale up
Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes).
```bash
# Scale to 4 nodes (1 primary and 3 member nodes)
helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresPassword=${DB_PASSWORD} jfrog/artifactory-ha
```
##### Scale down
Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node.
```bash
# Scale down to 2 member nodes
helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresPassword=${DB_PASSWORD} jfrog/artifactory-ha
```
- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it
```bash
# List PVCs
kubectl get pvc
# Remove the PVC with highest ordinal!
# In this example, the highest node ordinal was 2, so need to remove its storage.
kubectl delete pvc volume-artifactory-node-2
```
### Use an external Database
There are cases where you will want to use a different database and not the enclosed **PostgreSQL**.
See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database)
> The official Artifactory Docker images include the PostgreSQL database driver.
> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib
This can be done with the following parameters
```bash
# Make sure your Artifactory Docker image has the MySQL database driver in it
...
--set postgresql.enabled=false \
--set artifactory.preStartCommand="curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \
--set database.type=mysql \
--set database.host=${DB_HOST} \
--set database.port=${DB_PORT} \
--set database.user=${DB_USER} \
--set database.password=${DB_PASSWORD} \
...
```
**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`:
```bash
# Create a secret containing the database credentials
kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD}
...
--set postgresql.enabled=false \
--set database.secrets.user.name=my-secret \
--set database.secrets.user.key=user \
--set database.secrets.password.name=my-secret \
--set database.secrets.password.key=password \
...
```
### Deleting Artifactory
To delete the Artifactory HA cluster
```bash
helm delete --purge artifactory-ha
```
This will completely delete your Artifactory HA cluster.
**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them
```bash
kubectl delete pvc -l release=artifactory-ha
```
See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/)
### Custom Docker registry for your images
If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a
[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm
```bash
# Create a Docker registry secret called 'regsecret'
kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL}
```
Once created, you pass it to `helm`
```bash
helm install --name artifactory-ha --set imagePullSecrets=regsecret jfrog/artifactory-ha
```
## Configuration
The following table lists the configurable parameters of the artifactory chart and their default values.
| Parameter | Description | Default |
|------------------------------|-----------------------------------|-------------------------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `artifactory.name` | Artifactory name | `artifactory` |
| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` |
| `artifactory.image.version` | Container image tag | `.Chart.AppVersion` |
| `artifactory.masterKey` | Artifactory Master Key. Can be generated with `openssl rand -hex 32` |`FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`|
| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | |
| `artifactory.preStartCommand` | Command to run before entrypoint starts | |
| `artifactory.postStartCommand` | Command to run after container starts | |
| `artifactory.license.secret` | Artifactory license secret name | |
| `artifactory.license.dataKey`| Artifactory license secret data key | |
| `artifactory.service.name` | Artifactory service name to be set in Nginx configuration | `artifactory` |
| `artifactory.service.type` | Artifactory service type | `ClusterIP` |
| `artifactory.service.pool` | Artifactory instances to be in the load balancing pool. `members` or `all` | `members` |
| `artifactory.externalPort` | Artifactory service external port | `8081` |
| `artifactory.internalPort` | Artifactory service internal port | `8081` |
| `artifactory.internalPortReplicator` | Replicator service internal port | `6061` |
| `artifactory.externalPortReplicator` | Replicator service external port | `6061` |
| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` |
| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` |
| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` |
| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` |
| `artifactory.persistence.size` | Artifactory persistence or local volume size | `200Gi` |
| `artifactory.persistence.maxCacheSize` | Artifactory cache-fs provider maxCacheSize in bytes | `50000000000` |
| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` |
| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` |
| `artifactory.persistence.nfs.ip` | NFS server IP | |
| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` |
| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` |
| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory-ha` |
| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` |
| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` |
| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory-ha` |
| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | |
| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | |
| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory-ha/filestore` |
| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-ha` |
| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory-ha/filestore` |
| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` |
| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.javaOpts.other` | Artifactory additional java options (for all nodes) | |
| `artifactory.replicator.enabled` | Enable Artifactory Replicator | `false` |
| `artifactory.distributionCerts` | Name of ConfigMap for Artifactory Distribution Certificate | |
| `artifactory.replicator.publicUrl` | Artifactory Replicator Public URL | |
| `artifactory.primary.resources.requests.memory` | Artifactory primary node initial memory request | |
| `artifactory.primary.resources.requests.cpu` | Artifactory primary node initial cpu request | |
| `artifactory.primary.resources.limits.memory` | Artifactory primary node memory limit | |
| `artifactory.primary.resources.limits.cpu` | Artifactory primary node cpu limit | |
| `artifactory.primary.javaOpts.xms` | Artifactory primary node java Xms size | |
| `artifactory.primary.javaOpts.xmx` | Artifactory primary node java Xms size | |
| `artifactory.primary.javaOpts.other` | Artifactory primary node additional java options | |
| `artifactory.node.replicaCount` | Artifactory member node replica count | `2` |
| `artifactory.node.minAvailable` | Artifactory member node min available count | `1` |
| `artifactory.node.resources.requests.memory` | Artifactory member node initial memory request | |
| `artifactory.node.resources.requests.cpu` | Artifactory member node initial cpu request | |
| `artifactory.node.resources.limits.memory` | Artifactory member node memory limit | |
| `artifactory.node.resources.limits.cpu` | Artifactory member node cpu limit | |
| `artifactory.node.javaOpts.xms` | Artifactory member node java Xms size | |
| `artifactory.node.javaOpts.xmx` | Artifactory member node java Xms size | |
| `artifactory.node.javaOpts.other` | Artifactory member node additional java options | |
| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` |
| `ingress.annotations` | Artifactory Ingress annotations | `{}` |
| `ingress.hosts` | Artifactory Ingress hostnames | `[]` |
| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` |
| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` |
| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | |
| `nginx.enabled` | Deploy nginx server | `true` |
| `nginx.name` | Nginx name | `nginx` |
| `nginx.replicaCount` | Nginx replica count | `1` |
| `nginx.uid` | Nginx User Id | `104` |
| `nginx.git` | Nginx Group Id | `107` |
| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` |
| `nginx.image.version` | Container version | `.Chart.AppVersion` |
| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `nginx.service.type` | Nginx service type | `LoadBalancer` |
| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | |
| `nginx.service.annotations` | Nginx service annotations | `{}` |
| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` |
| `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx | |
| `nginx.externalPortHttp` | Nginx service external port | `80` |
| `nginx.internalPortHttp` | Nginx service internal port | `80` |
| `nginx.externalPortHttps` | Nginx service external port | `443` |
| `nginx.internalPortHttps` | Nginx service internal port | `443` |
| `nginx.internalPortReplicator` | Replicator service internal port | `6061` |
| `nginx.externalPortReplicator` | Replicator service external port | `6061` |
| `nginx.livenessProbe.enabled` | would you like a liveness Probe to be enabled | `true` |
| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 100 |
| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | |
| `nginx.env.ssl` | Nginx Environment enable ssl | `true` |
| `nginx.env.skipAutoConfigUpdate` | Nginx Environment to disable auto configuration update | `false` |
| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` |
| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory-ha.conf` | ` ` |
| `nginx.resources.requests.memory` | Nginx initial memory request | `250Mi` |
| `nginx.resources.requests.cpu` | Nginx initial cpu request | `100m` |
| `nginx.resources.limits.memory` | Nginx memory limit | `250Mi` |
| `nginx.resources.limits.cpu` | Nginx cpu limit | `500m` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.imageTag` | PostgreSQL version | `9.6.11` |
| `postgresql.postgresDatabase` | PostgreSQL database name | `artifactory` |
| `postgresql.postgresUser` | PostgreSQL database user | `artifactory` |
| `postgresql.postgresPassword` | PostgreSQL database password | |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | |
| `database.host` | External database hostname | |
| `database.port` | External database port | |
| `database.url` | External database connection URL | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
| `database.secrets.url.name ` | External database url `Secret` name | |
| `database.secrets.url.key` | External database url `Secret` key | |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Ingress and TLS
To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:
```
helm install --name artifactory-ha \
--set ingress.enabled=true \
--set ingress.hosts[0]="artifactory.company.com" \
--set artifactory.service.type=NodePort \
--set nginx.enabled=false \
jfrog/artifactory-ha
```
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```console
kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file:
```
ingress:
## If true, Artifactory Ingress will be created
##
enabled: true
## Artifactory Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- artifactory.domain.com
annotations:
kubernetes.io/tls-acme: "true"
## Artifactory Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: artifactory-tls
hosts:
- artifactory.domain.com
```
### Ingress annotations
This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup.
```
ingress:
enabled: true
defaultBackend:
enabled: false
hosts:
- myhost.example.com
annotations:
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/proxy-read-timeout: "600"
ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
- hosts:
- "myhost.example.com"
```
## Useful links
- https://www.jfrog.com/confluence/display/EP/Getting+Started
- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory
- https://www.jfrog.com/confluence/
charts/artifactory-ha/v0.7.12/ReverseProxyConfiguration.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory Reverse Proxy Settings using Nginx
#### Reverse Proxy
* To use Artifactory as docker registry it's mandatory to use Reverse Proxy.
* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate
the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server.
* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy)
* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing.
**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog.
#### Features of Artifactory Nginx
* Provides default configuration with self signed SSL certificate.
* Auto update reverse proxy configuration by pulling configuration generated by Reverse Proxy Configuration Generator from Artifactory using [REST API](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy#ConfiguringaReverseProxy-RESTAPI)
* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory
#### Steps to use Reverse Proxy Configuration Generator to configuration for reverse proxy in nginx (Artifactory Pro/Enterprise).
* Deploy Artifactory using helm chart with Nginx enabled.
* Go to Artifactory Admin -> HTTP Settings.
Example values:
```
Docker Access Method: SubDomain
Server Provider: Nginx
Internal Hostname: $ARTIFACTORY_SERVICE_NAME (Get Artifactory Service Name by running `kubectl get svc` command)
Public Server Name: $DOMAIN_NAME
SSL Key Path: /var/opt/jfrog/nginx/ssl/tls.key (If SSL Cert is provided via Secret)
SSL Certificate Path: /var/opt/jfrog/nginx/ssl/tls.crt (If SSL Cert is provided via Secret)
```
* Provide appropriate values and save configuration.
* Once configuration is saved Nginx will automatically fetch reverse proxy configuration snippet from Artifactory and apply it immediately.
#### Steps to use static configuration for reverse proxy in nginx.
1. Create `artifactory-ha.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d)
* Following is example `artifactory-ha.conf`
```bash
## add HA entries when ha is configure
upstream artifactory {
server artifactory-ha-artifactory-ha-primary:8081;
server artifactory-ha:8081;
}
## add ssl entries when https has been set in config
ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt;
ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 80 ;
server_name ~(?<repo>.+)\.jfrog.team jfrog.team;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/jfrog.team-access.log timing;
## error_log /var/log/nginx/jfrog.team-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://artifactory/artifactory/$1;
}
proxy_pass http://artifactory/artifactory/;
proxy_next_upstream http_503 non_idempotent;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
```
2. Create configMap of `artifactory-ha.conf` created with step above.
```bash
kubectl create configmap art-nginx-conf --from-file=artifactory-ha.conf
```
3. Deploy Artifactory using helm chart with auto configuration update disabled in nginx.
You can achieve it by setting value to `true` for `nginx.env.skipAutoConfigUpdate` and providing name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml)
Which sets Environment Variable `SKIP_AUTO_UPDATE_CONFIG=true` in Nginx container.
Following is command to set values at runtime:
```bash
helm install --name artifactory-ha --set nginx.env.skipAutoConfigUpdate=true,nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha
```
\ No newline at end of file
charts/artifactory-ha/v0.7.12/app-readme.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory High Availability Helm Chart
Universal Repository Manager supporting all major packaging formats, build tools and CI servers.
## Chart Details
This chart will do the following:
* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes.
* Deploy a PostgreSQL database
* Deploy an Nginx server(optional)
## Activate Your Artifactory Instance
Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it.
charts/artifactory-ha/v0.7.12/ci/test-values.yaml 0 → 100644
View file @ 6ae841fa
artifactory:
persistence:
enabled: false
postgresql:
postgresPassword: "password"
postgresConfig:
maxConnections: "102"
persistence:
enabled: false
nginx:
enabled: false
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: NodePort
charts/artifactory-ha/v0.7.12/questions.yml 0 → 100644
View file @ 6ae841fa
categories:
- repository
labels:
io.rancher.certified: partner
questions:
- variable: defaultImage
default: "true"
description: "Use default Docker image"
label: Use Default Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: initContainerImage
default: "alpine:3.6"
description: "Init image name"
type: string
label: Init image name
- variable: artifactory.image.repository
default: "docker.bintray.io/jfrog/artifactory-pro"
description: "Artifactory image name"
type: string
label: Artifactory Image Name
- variable: artifactory.image.version
default: "6.5.9"
description: "Artifactory image tag"
type: string
label: Artifactory Image Tag
- variable: nginx.image.repository
default: "docker.bintray.io/jfrog/nginx-artifactory-pro"
description: "Nginx image name"
type: string
label: Nginx Image Name
- variable: nginx.image.version
default: "6.5.9"
description: "Nginx image tag"
type: string
label: Nginx Image Tag
- variable: imagePullSecrets
description: "Image Pull Secret"
type: string
label: Image Pull Secret
# Services and LoadBalancing Settings
- variable: ingress.enabled
default: true
description: "Expose app using Layer 7 Load Balancer - ingress"
type: boolean
label: Expose app using Layer 7 Load Balancer
show_subquestion_if: true
group: "Services and Load Balancing"
required: true
subquestions:
- variable: ingress.hosts[0]
default: "xip.io"
description: "Hostname to your artifactory installation"
type: hostname
required: true
label: Hostname
# Nginx Settings
- variable: nginx.enabled
default: false
description: "Enable nginx server"
type: boolean
label: Enable Nginx Server
group: "Services and Load Balancing"
required: true
show_if: "ingress.enabled=false"
- variable: nginx.service.type
default: "LoadBalancer"
description: "Nginx service type"
type: enum
required: true
label: Nginx Service Type
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
options:
- "ClusterIP"
- "NodePort"
- "LoadBalancer"
- variable: nginx.service.loadBalancerIP
default: ""
description: "Provide Static IP to configure with Nginx"
type: string
label: Config Nginx LoadBalancer IP
show_if: "nginx.enabled=true&&nginx.service.type=LoadBalancer&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.tlsSecretName
default: ""
description: "Provide SSL Secret name to configure with Nginx"
type: string
label: Config Nginx SSL Secret
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.customArtifactoryConfigMap
default: ""
description: "Provide configMap name to configure Nginx with custom `artifactory.conf`"
type: string
label: ConfigMap for Nginx Artifactory Config
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.env.skipAutoConfigUpdate
default: "false"
description: "Skip Nginx Auto Configuration Update"
type: string
label: Skip Nginx Auto Configuration Update
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.persistence.enabled
default: false
description: "enable persistence storage for nginx server"
type: boolean
label: Enable Persistent Storage for Nginx Service
group: "Services and Load Balancing"
show_if: "nginx.enabled=true&&ingress.enabled=false"
- variable: nginx.persistence.size
default: 5Gi
description: "Nginx persistent volume size"
type: string
label: Nginx Persistent Volume Size
group: "Services and Load Balancing"
show_if: "nginx.enabled=true&&nginx.persistence.enabled=true&&ingress.enabled=false"
- variable: nginx.persistence.storageClass
default: ""
description: "If undefined or null, uses the default StorageClass. Default to null"
type: storageclass
label: Default StorageClass for Nginx
show_if: "nginx.enabled=true&&nginx.persistence.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.requests.cpu
default: "200m"
description: "Nginx initial cpu request"
type: string
label: Nginx Initial CPU Request
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.requests.memory
default: "500Mi"
description: "Nginx initial memory request"
type: string
label: Nginx Initial Memory Request
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.limits.cpu
default: "1"
description: "Nginx cpu limit"
type: string
label: Nginx CPU Limit
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.limits.memory
default: "1Gi"
description: "Nginx memory limit"
type: string
label: Nginx Memory Limit
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
# Artifactory Storage Settings
- variable: artifactory.persistence.enabled
default: true
description: "enable persistence storage for Artifactory"
type: boolean
label: Enable Persistent Storage for Artifactory
group: "Artifactory Storage"
required: true
show_subquestion_if: true
subquestions:
- variable: artifactory.persistence.size
default: "50Gi"
description: "Artifactory persistent volume size"
type: string
label: Artifactory Persistent Volume Size
required: true
- variable: artifactory.persistence.type
default: "file-system"
description: "Artifactory persistent volume size"
type: enum
label: Artifactory Persistent Storage Type
required: true
options:
- "file-system"
- "nfs"
- "google-storage"
- "aws-s3"
#Storage Type Settings
- variable: artifactory.persistence.nfs.ip
default: ""
type: string
group: "Artifactory Storage"
label: NFS Server IP
description: "NFS server IP"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.haDataMount
default: "/data"
type: string
label: NFS Data Directory
description: "NFS data directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.haBackupMount
default: "/backup"
type: string
label: NFS Backup Directory
description: "NFS backup directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.dataDir
default: "/var/opt/jfrog/artifactory-ha"
type: string
label: HA Data Directory
description: "HA data directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.backupDir
default: "/var/opt/jfrog/artifactory-backup"
type: string
label: HA Backup Directory
description: "HA backup directory "
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.capacity
default: "200Gi"
type: string
label: NFS PVC Size
description: "NFS PVC size "
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
#Google storage settings
- variable: artifactory.persistence.googleStorage.bucketName
default: "artifactory-ha-gcp"
type: string
label: Google Storage Bucket Name
description: "Google storage bucket name"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.identity
default: ""
type: string
label: Google Storage Service Account ID
description: "Google Storage service account id"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.credential
default: ""
type: string
label: Google Storage Service Account Key
description: "Google Storage service account key"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.path
default: "artifactory-ha/filestore"
type: string
label: Google Storage Path In Bucket
description: "Google Storage path in bucket"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
# awsS3 storage settings
- variable: artifactory.persistence.awsS3.bucketName
default: "artifactory-ha-aws"
type: string
label: AWS S3 Bucket Name
description: "AWS S3 bucket name"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.region
default: ""
type: string
label: AWS S3 Bucket Region
description: "AWS S3 bucket region"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.identity
default: ""
type: string
label: AWS S3 AWS_ACCESS_KEY_ID
description: "AWS S3 AWS_ACCESS_KEY_ID"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.credential
default: ""
type: string
label: AWS S3 AWS_SECRET_ACCESS_KEY
description: "AWS S3 AWS_SECRET_ACCESS_KEY"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.path
default: "artifactory-ha/filestore"
type: string
label: AWS S3 Path In Bucket
description: "AWS S3 path in bucket"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
# Database Settings
- variable: postgresql.enabled
default: true
description: "Enable PostgreSQL"
type: boolean
required: true
label: Enable PostgreSQL
group: "Database Settings"
show_subquestion_if: "true"
subquestions:
- variable: postgresql.persistence.enabled
default: false
description: "enable persistence storage for PostgreSQL"
type: boolean
label: Enable Persistent Storage for PostgreSQL
- variable: postgresql.persistence.size
default: 20Gi
description: "PostgreSQL persistent volume size"
type: string
label: PostgreSQL Persistent Volume Size
show_if: "postgresql.enabled=true&&postgresql.persistence.enabled=true"
- variable: postgresql.persistence.storageClass
default: ""
description: "If undefined or null, uses the default StorageClass. Default to null"
type: storageclass
label: Default StorageClass for PostgreSQL
show_if: "postgresql.enabled=true&&postgresql.persistence.enabled=true"
- variable: postgresql.resources.requests.cpu
default: "200m"
description: "PostgreSQL initial cpu request"
type: string
label: PostgreSQL Initial CPU Request
show_if: "postgresql.enabled=true"
- variable: postgresql.resources.requests.memory
default: "500Mi"
description: "PostgreSQL initial memory request"
type: string
label: PostgreSQL Initial Memory Request
show_if: "postgresql.enabled=true"
- variable: postgresql.resources.limits.cpu
default: "1"
description: "PostgreSQL cpu limit"
type: string
label: PostgreSQL CPU Limit
show_if: "postgresql.enabled=true"
- variable: postgresql.resources.limits.memory
default: "1Gi"
description: "PostgreSQL memory limit"
type: string
label: PostgreSQL Memory Limit
show_if: "postgresql.enabled=true"
- variable: database.type
default: "postgresql"
description: "xternal database type (postgresql, mysql, oracle or mssql)"
type: enum
required: true
label: External Database Type
group: "Database Settings"
show_if: "postgresql.enabled=false"
options:
- "postgresql"
- "mysql"
- "oracle"
- "mssql"
- variable: database.url
default: ""
description: "External database URL. If you set the url, leave host and port empty"
type: string
label: External Database URL
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.host
default: ""
description: "External database hostname"
type: string
label: External Database Hostname
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.port
default: ""
description: "External database port"
type: string
label: External Database Port
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.user
default: ""
description: "External database username"
type: string
label: External Database Username
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.password
default: ""
description: "External database password"
type: string
label: External Database Password
group: "Database Settings"
show_if: "postgresql.enabled=false"
# Advance Settings
- variable: advancedOptions
default: false
description: "Show advanced configurations"
label: Show Advanced Configurations
type: boolean
show_subquestion_if: true
group: "Advanced Options"
subquestions:
- variable: artifactory.masterKey
default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
description: "Artifactory master key"
type: string
label: Artifactory master key
- variable: artifactory.primary.resources.requests.cpu
default: "500m"
description: "Artifactory primary node initial cpu request"
type: string
label: Artifactory Primary Node Initial CPU Request
- variable: artifactory.primary.resources.requests.memory
default: "1Gi"
description: "Artifactory primary node initial memory request"
type: string
label: Artifactory Primary Node Initial Memory Request
- variable: artifactory.primary.javaOpts.xms
default: "1g"
description: "Artifactory primary node java Xms size"
type: string
label: Artifactory Primary Node Java Xms Size
- variable: artifactory.primary.resources.limits.cpu
default: "2"
description: "Artifactory primary node cpu limit"
type: string
label: Artifactory Primary Node CPU Limit
- variable: artifactory.primary.resources.limits.memory
default: "4Gi"
description: "Artifactory primary node memory limit"
type: string
label: Artifactory Primary Node Memory Limit
- variable: artifactory.primary.javaOpts.xmx
default: "4g"
description: "Artifactory primary node java Xmx size"
type: string
label: Artifactory Primary Node Java Xmx Size
- variable: artifactory.node.resources.requests.cpu
default: "500m"
description: "Artifactory member node initial cpu request"
type: string
label: Artifactory Member Node Initial CPU Request
- variable: artifactory.node.resources.requests.memory
default: "2Gi"
description: "Artifactory member node initial memory request"
type: string
label: Artifactory Member Node Initial Memory Request
- variable: artifactory.node.javaOpts.xms
default: "1g"
description: "Artifactory member node java Xms size"
type: string
label: Artifactory Member Node Java Xms Size
- variable: artifactory.node.resources.limits.cpu
default: "2"
description: "Artifactory member node cpu limit"
type: string
label: Artifactory Member Node CPU Limit
- variable: artifactory.node.resources.limits.memory
default: "4Gi"
description: "Artifactory member node memory limit"
type: string
label: Artifactory Member Node Memory Limit
- variable: artifactory.node.javaOpts.xmx
default: "4g"
description: "Artifactory member node java Xmx size"
type: string
label: Artifactory Member Node Java Xmx Size
charts/artifactory-ha/v0.7.12/requirements.lock 0 → 100644
View file @ 6ae841fa
dependencies:
- name: postgresql
repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.9.5
digest: sha256:7e07fb616d953e518e3373e2c5183290b4b6e94292a233528c0d52ffd42afc77
generated: 2018-10-28T06:26:39.466565306+02:00
charts/artifactory-ha/v0.7.12/requirements.yaml 0 → 100644
View file @ 6ae841fa
dependencies:
- name: postgresql
version: 0.9.5
repository: https://kubernetes-charts.storage.googleapis.com/
condition: postgresql.enabled
charts/artifactory-ha/v0.7.12/templates/NOTES.txt 0 → 100644
View file @ 6ae841fa
Congratulations. You have just deployed JFrog Artifactory HA!
{{- if (not .Values.artifactory.masterKeySecretName) and eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" }}
***************************************** WARNING ******************************************
* Your Artifactory master key is still set to the provided example: *
* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF *
* *
* You should change this to your own generated key: *
* $ export MASTER_KEY=$(openssl rand -hex 32) *
* $ echo ${MASTER_KEY} *
* *
* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' *
* *
* Alternatively, you can use a pre-existing secret with a key called master-key with *
* '--set artifactory.masterKeySecretName=${SECRET_NAME}' *
********************************************************************************************
{{- end }}
{{- if .Values.postgresql.enabled }}
DATABASE:
To extract the database password, run the following
export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgres-password}" | base64 --decode)
echo ${DB_PASSWORD}
{{- end }}
SETUP:
1. Get the Artifactory IP and URL
{{- if contains "NodePort" .Values.nginx.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
NOTE: It may take a few minutes for the LoadBalancer public IP to be available!
You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.nginx.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80
echo http://127.0.0.1:8080
{{- end }}
2. Open Artifactory in your browser
Default credential for Artifactory:
user: admin
password: password
{{- if .Values.artifactory.license.secret }}
3. Manage Artifactory license through the {{ .Values.artifactory.license.secret }} secret ONLY!
Since the artifactory license(s) is managed with a secret ({{ .Values.artifactory.license.secret }}), any change through the Artifactory UI might not be saved!
{{- else }}
3. Add HA licenses to activate Artifactory HA through the Artifactory UI
NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details.
{{- end }}
charts/artifactory-ha/v0.7.12/templates/_helpers.tpl 0 → 100644
View file @ 6ae841fa
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "artifactory-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The primary node name
*/}}
{{- define "artifactory-ha.primary.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The member node name
*/}}
{{- define "artifactory-ha.node.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name nginx service.
*/}}
{{- define "artifactory-ha.nginx.name" -}}
{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.nginx.fullname" -}}
{{- if .Values.nginx.fullnameOverride -}}
{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nginx.name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "artifactory-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "artifactory-ha.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v0.7.12/templates/artifactory-binarystore.yaml 0 → 100644
View file @ 6ae841fa
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-bs
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
binarystore.xml: |-
{{- if eq .Values.artifactory.persistence.type "file-system" }}
<!-- File system replication -->
<config version="2">
<chain>
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<lenientLimit>2</lenientLimit>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="state-aware" type="state-aware"/>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</provider>
</chain>
<!-- Shards add local file-system provider configuration -->
<provider id="state-aware" type="state-aware">
<fileStoreDir>shard-fs-1</fileStoreDir>
<zone>local</zone>
</provider>
<!-- Shards dynamic remote provider configuration -->
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<serviceId>tester-remote1</serviceId>
<timeout>10000</timeout>
<zone>remote</zone>
<property name="header.remote.block" value="true"/>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "google-storage" }}
<!-- Google storage -->
<config version="2">
<chain>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry" type="retry">
<provider id="google-storage" type="google-storage"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="file-system" type="file-system">
<fileStoreDir>{{ .Values.artifactory.persistence.mountPath }}/data/filestore</fileStoreDir>
<tempDir>/tmp</tempDir>
</provider>
<provider id="google-storage" type="google-storage">
<providerId>google-cloud-storage</providerId>
<endpoint>commondatastorage.googleapis.com</endpoint>
<httpsOnly>false</httpsOnly>
<bucketName>{{ .Values.artifactory.persistence.googleStorage.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.googleStorage.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.googleStorage.credential }}</credential>
<path>{{ .Values.artifactory.persistence.googleStorage.path }}</path>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "aws-s3" }}
<!-- AWS S3 -->
<config version="2">
<chain> <!--template="cluster-s3"-->
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry-s3" type="retry">
<provider id="s3" type="s3"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
</provider>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<property name="zones" value="local,remote"/>
</provider>
<provider id="s3" type="s3">
<endpoint>{{ .Values.artifactory.persistence.awsS3.endpoint }}</endpoint>
<refreshCredentials>{{ .Values.artifactory.persistence.awsS3.refreshCredentials }}</refreshCredentials>
<testConnection>{{ .Values.artifactory.persistence.awsS3.testConnection }}</testConnection>
<httpsOnly>true</httpsOnly>
<region>{{ .Values.artifactory.persistence.awsS3.region }}</region>
<bucketName>{{ .Values.artifactory.persistence.awsS3.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.awsS3.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.awsS3.credential }}</credential>
<path>{{ .Values.artifactory.persistence.awsS3.path }}</path>
{{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }}
<property name="{{ $key }}" value="{{ $value }}"/>
{{- end }}
</provider>
</config>
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-nfs-pvc.yaml 0 → 100644
View file @ 6ae841fa
{{- if eq .Values.artifactory.persistence.type "nfs" }}
### Artifactory HA data
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-data-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-data-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
---
### Artifactory HA backup
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-backup-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-backup-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v0.7.12/templates/artifactory-node-pdb.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "artifactory-ha.fullname" . }}-node
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
release: {{ .Release.Name }}
minAvailable: {{ .Values.artifactory.node.minAvailable }}
charts/artifactory-ha/v0.7.12/templates/artifactory-node-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.node.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceName: {{ template "artifactory-ha.node.name" . }}
replicas: {{ .Values.artifactory.node.replicaCount }}
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore.yaml") . | sha256sum }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
{{- if and .Values.database.host .Values.database.port }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- else }}
until true; do
{{- end }}
{{- end }}
sleep 2;
done;
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
{{- if .Values.artifactory.preStartCommand }}
command:
- '/bin/sh'
- '-c'
- >
echo "Running custom preStartCommand command";
{{ .Values.artifactory.preStartCommand }};
/entrypoint-artifactory.sh
{{- end }}
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{ .Values.postgresql.postgresUser }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgres-password
{{- else }}
- name: DB_TYPE
value: '{{ required "Must set database.type when not using the PostgreSQL sub-chart (postgresql.enabled=false) " .Values.database.type }}'
{{- if or .Values.database.url .Values.database.secrets.url }}
- name: DB_URL
{{- if .Values.database.url }}
value: '{{.Values.database.url }}'
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.url.name }}
key: {{ .Values.database.secrets.url.key }}
{{- end }}
{{- else }}
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
{{- end }}
{{- if .Values.database.secrets.user }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
{{- end }}
{{- if .Values.database.secrets.password }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- else }}
{{- if and .Values.database.type .Values.database.user }}
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
{{- end }}
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: "
{{- if .Values.artifactory.javaOpts.other }}
{{ .Values.artifactory.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.other }}
{{ .Values.artifactory.node.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.xms }}
-Xms{{ .Values.artifactory.node.javaOpts.xms }}
{{- end}}
{{- if .Values.artifactory.node.javaOpts.xmx }}
-Xmx{{ .Values.artifactory.node.javaOpts.xmx }}
{{- end}}
{{- if .Values.artifactory.replicator.enabled }}
-Dartifactory.releasebundle.feature.enabled=true
{{- end }}
"
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
key: master-key
- name: HA_IS_PRIMARY
value: "false"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ART_PRIMARY_BASE_URL
value: 'http://{{ template "artifactory-ha.primary.name" . }}:8081/artifactory'
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
subPath: replicator.yaml
{{- end }}
resources:
{{ toYaml .Values.artifactory.node.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8040
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8040
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.artifactory.node.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.artifactory.node.affinity }}
{{- with .Values.artifactory.node.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
{{- end }}
{{- with .Values.artifactory.node.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.persistence.local }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: volume
spec:
{{- if .Values.artifactory.node.persistence.existingClaim }}
selector:
matchLabels:
app: artifactory-ha-member
{{- else }}
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-plugin-inactiveservercleaner.yaml 0 → 100644
View file @ 6ae841fa
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-isc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
inactiveServerCleaner.groovy: |-
import org.artifactory.state.ArtifactoryServerState
import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService
import org.artifactory.common.ConstantValues
import org.slf4j.Logger
import java.util.concurrent.TimeUnit
jobs {
clean(interval: 90000, delay: 900000) {
runCleanupHAInactiveServers()
}
}
executions {
cleanHAInactiveServers() { params ->
runCleanupHAInactiveServers()
}
}
def runCleanupHAInactiveServers() {
def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService)
def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log)
artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers()
}
public class ArtifactoryInactiveServersCleaner {
private ArtifactoryServersCommonService artifactoryServersCommonService
private Logger log
ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) {
this.artifactoryServersCommonService = artifactoryServersCommonService
this.log = log
}
def cleanInactiveArtifactoryServers() {
log.info "Executing inactive artifactory servers cleaner plugin"
List<String> allMembers = artifactoryServersCommonService.getAllArtifactoryServers()
for (member in allMembers) {
def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat())
def noHeartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt()
if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || ( noHeartbeat && member.getServerState() != ArtifactoryServerState.CONVERTING && member.getServerState() != ArtifactoryServerState.STARTING )) {
try {
log.info "Inactive artifactory servers cleaning task found server ${member.serverId} to remove"
artifactoryServersCommonService.removeServer(member.serverId)
}catch (Exception e){
log.error "Error: Not able to remove ${member.serverId}, ${e.message}"
}
}
}
log.info "No inactive servers found"
}
}
\ No newline at end of file
charts/artifactory-ha/v0.7.12/templates/artifactory-primary-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceName: {{ template "artifactory-ha.primary.name" . }}
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore.yaml") . | sha256sum }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.persistence.enabled }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
command:
- 'sh'
- '-c'
- 'rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
{{- if and .Values.database.host .Values.database.port }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- else }}
until true; do
{{- end }}
{{- end }}
sleep 2;
done;
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
{{- if .Values.artifactory.preStartCommand }}
command:
- '/bin/sh'
- '-c'
- >
echo "Running custom preStartCommand command";
{{ .Values.artifactory.preStartCommand }};
/entrypoint-artifactory.sh
{{- end }}
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.configMapName }}
cp -Lrf /bootstrap/* /artifactory_extra_conf/;
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/replicator/etc;
cp -fv /tmp/replicator/replicator.yaml {{ .Values.artifactory.persistence.mountPath }}/replicator/etc/replicator.yaml;
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
cp -fv /tmp/access/etc/keys/private.key {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys;
cp -fv /tmp/access/etc/keys/root.crt {{ .Values.artifactory.persistence.mountPath }}/access/etc/keys/trusted;
{{- end }}
{{- if .Values.artifactory.postStartCommand }}
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{ .Values.postgresql.postgresUser }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgres-password
{{- else }}
- name: DB_TYPE
value: '{{ required "Must set database.type when not using the PostgreSQL sub-chart (postgresql.enabled=false) " .Values.database.type }}'
{{- if or .Values.database.url .Values.database.secrets.url }}
- name: DB_URL
{{- if .Values.database.url }}
value: '{{.Values.database.url }}'
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.url.name }}
key: {{ .Values.database.secrets.url.key }}
{{- end }}
{{- else }}
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
{{- end }}
{{- if .Values.database.secrets.user }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
{{- end }}
{{- if .Values.database.secrets.password }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- else }}
{{- if and .Values.database.type .Values.database.user }}
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
{{- end }}
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: "
{{- if .Values.artifactory.javaOpts.other }}
{{ .Values.artifactory.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.other }}
{{ .Values.artifactory.primary.javaOpts.other }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.xms }}
-Xms{{ .Values.artifactory.primary.javaOpts.xms }}
{{- end}}
{{- if .Values.artifactory.primary.javaOpts.xmx }}
-Xmx{{ .Values.artifactory.primary.javaOpts.xmx }}
{{- end}}
{{- if .Values.artifactory.replicator.enabled }}
-Dartifactory.releasebundle.feature.enabled=true
{{- end }}
"
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
key: master-key
- name: HA_IS_PRIMARY
value: "true"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.artifactory.internalPortReplicator }}
{{- end }}
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
- name: artifactory-inactiveservercleaner
mountPath: "/tmp/plugins/inactiveServerCleaner.groovy"
subPath: inactiveServerCleaner.groovy
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
{{- if .Values.artifactory.license.secret }}
- name: artifactory-license
mountPath: "/artifactory_extra_conf/artifactory.cluster.license"
subPath: {{ .Values.artifactory.license.dataKey }}
{{- end }}
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
mountPath: "/tmp/access/etc/keys"
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/tmp/replicator/replicator.yaml"
subPath: replicator.yaml
{{- end }}
resources:
{{ toYaml .Values.artifactory.primary.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8040
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: '/artifactory/webapp/#/login'
port: 8040
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- with .Values.artifactory.primary.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.artifactory.primary.affinity }}
{{- with .Values.artifactory.primary.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
{{- with .Values.artifactory.primary.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
configMap:
name: {{ template "artifactory-ha.fullname" . }}-bs
{{- if .Values.artifactory.distributionCerts }}
- name: distribution-certs
configMap:
name: {{ .Values.artifactory.distributionCerts }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
configMap:
name: {{ .Values.artifactory.configMapName }}
{{- end}}
- name: artifactory-inactiveservercleaner
configMap:
name: {{ template "artifactory-ha.fullname" . }}-isc
{{- if .Values.artifactory.license.secret }}
- name: artifactory-license
secret:
secretName: {{ .Values.artifactory.license.secret }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.persistence.local }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: volume
spec:
{{- if .Values.artifactory.primary.persistence.existingClaim }}
selector:
matchLabels:
app: artifactory-ha-primary
{{- else }}
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-role.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
rules:
{{ toYaml .Values.rbac.role.rules }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-rolebinding.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "artifactory-ha.serviceAccountName" . }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: {{ template "artifactory-ha.fullname" . }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-secrets.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: Opaque
data:
{{- if not .Values.artifactory.masterKeySecretName }}
master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
{{- end }}
{{- if .Values.database.password }}
db-password: {{ .Values.database.password | b64enc | quote }}
{{- end }}
charts/artifactory-ha/v0.7.12/templates/artifactory-service.yaml 0 → 100644
View file @ 6ae841fa
# Service for all Artifactory cluster nodes.
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
selector:
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
---
# Internal service for Artifactory primary node only!
# Used by member nodes to check readiness of primary node before starting up
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.artifactory.externalPortReplicator }}
targetPort: {{ .Values.artifactory.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end}}
selector:
role: {{ template "artifactory-ha.primary.name" . }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
charts/artifactory-ha/v0.7.12/templates/artifactory-serviceaccount.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.serviceAccountName" . }}
{{- end }}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment