Skip to content

GitLab

Commit 6ae841fa authored by Joe Mayer's avatar Joe Mayer
Browse files
Options

Initial commit

parents
Hide whitespace changes
Inline Side-by-side
Showing with 9788 additions and 0 deletions

Too many changes to show.

To preserve performance only 532 of 532+ files are displayed.
Plain diff Email patch
charts/artifactory-ha/v1.0.0/Chart.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
appVersion: 6.13.1
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/artifactory-dcos/master/images/jfrog_med.png
keywords:
- artifactory
- jfrog
- devops
maintainers:
- email: amithk@jfrog.com
name: amithins
- email: daniele@jfrog.com
name: danielezer
- email: eldada@jfrog.com
name: eldada
- email: rimasm@jfrog.com
name: rimusz
name: artifactory-ha
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
version: 1.0.0
charts/artifactory-ha/v1.0.0/LICENSE 0 → 100644
View file @ 6ae841fa
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
charts/artifactory-ha/v1.0.0/README.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory High Availability Helm Chart
## Prerequisites Details
* Kubernetes 1.8+
* Artifactory HA license
## Chart Details
This chart will do the following:
* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes.
* Deploy a PostgreSQL database
* Deploy an Nginx server
## Artifactory HA architecture
The Artifactory HA cluster in this chart is made up of
- A single primary node
- Two member nodes, which can be resized at will
Load balancing is done to the member nodes only.
This leaves the primary node free to handle jobs and tasks and not be interrupted by inbound traffic.
> This can be controlled by the parameter `artifactory.service.pool`.
## Installing the Chart
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
To install the chart with the release name `artifactory-ha`:
```bash
helm install --name artifactory-ha jfrog/artifactory-ha
```
### Deploying Artifactory with replicator
The [Artifactory replicator](https://www.jfrog.com/confluence/display/RTF/Replicator) is used with an [Enterprise Plus](https://www.jfrog.com/confluence/display/EP/Welcome+to+JFrog+Enterprise+Plus) license.
```bash
## Artifactory replicator is disabled by default. When the replicator is enabled, the replicator.publicUrl parameter is required. To enable it use the following:
helm install --name artifactory --set artifactory.replicator.enabled=true --set artifactory.replicator.publicUrl=<artifactory_url>:<replicator_port> jfrog/artifactory-ha
```
### Deploying Artifactory for small/medium/large instllations
In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml
### Accessing Artifactory
**NOTE:** It might take a few minutes for Artifactory's public IP to become available, and the nodes to complete initial setup.
Follow the instructions outputted by the install command to get the Artifactory IP and URL to access it.
### Updating Artifactory
Once you have a new chart version, you can update your deployment with
```bash
helm upgrade artifactory-ha jfrog/artifactory-ha
```
If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/artifactory-ha --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD}
```
This will apply any configuration changes on your existing deployment.
### Artifactory memory and CPU resources
The Artifactory HA Helm chart comes with support for configured resource requests and limits to all pods. By default, these settings are commented out.
It is **highly** recommended to set these so you have full control of the allocated resources and limits.
See more information on [setting resources for your Artifactory based on planned usage](https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware).
```bash
# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory)
helm install --name artifactory-ha \
--set artifactory.primary.resources.requests.cpu="500m" \
--set artifactory.primary.resources.limits.cpu="2" \
--set artifactory.primary.resources.requests.memory="1Gi" \
--set artifactory.primary.resources.limits.memory="4Gi" \
--set artifactory.primary.javaOpts.xms="1g" \
--set artifactory.primary.javaOpts.xmx="4g" \
--set artifactory.node.resources.requests.cpu="500m" \
--set artifactory.node.resources.limits.cpu="2" \
--set artifactory.node.resources.requests.memory="1Gi" \
--set artifactory.node.resources.limits.memory="4Gi" \
--set artifactory.node.javaOpts.xms="1g" \
--set artifactory.node.javaOpts.xmx="4g" \
--set initContainers.resources.requests.cpu="10m" \
--set initContainers.resources.limits.cpu="250m" \
--set initContainers.resources.requests.memory="64Mi" \
--set initContainers.resources.limits.memory="128Mi" \
--set postgresql.resources.requests.cpu="200m" \
--set postgresql.resources.limits.cpu="1" \
--set postgresql.resources.requests.memory="500Mi" \
--set postgresql.resources.limits.memory="1Gi" \
--set nginx.resources.requests.cpu="100m" \
--set nginx.resources.limits.cpu="250m" \
--set nginx.resources.requests.memory="250Mi" \
--set nginx.resources.limits.memory="500Mi" \
jfrog/artifactory-ha
```
> Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.[primary|node].javaOpts.xms` and `artifactory.[primary|node].javaOpts.xmx`.
Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/).
### Artifactory storage
Artifactory HA support a wide range of storage back ends. You can see more details on [Artifactory HA storage options](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup#HAInstallationandSetup-SettingUpYourStorageConfiguration)
In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings.
The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes.
> **IMPORTANT:** All storage configurations (except NFS) come with a default `artifactory.persistence.redundancy` parameter.
This is used to set how many replicas of a binary should be stored in the cluster's nodes.
Once this value is set on initial deployment, you can not update it using helm.
It is recommended to set this to a number greater than half of your cluster's size, and never scale your cluster down to a size smaller than this number.
#### Existing volume claim
###### Primary node
In order to use an existing volume claim for the Artifactory primary storage, you need to:
- Create a persistent volume claim by the name `volume-<release-name>-artifactory-ha-primary-0` e.g `volume-myrelease-artifactory-ha-primary-0`
- Pass a parameter to `helm install` and `helm upgrade`
```bash
...
--set artifactory.primary.persistence.existingClaim=true
```
###### Member nodes
In order to use an existing volume claim for the Artifactory member nodes storage, you need to:
- Create persistent volume claims according to the number of replicas defined at `artifactory.node.replicaCount` by the names `volume-<release-name>-artifactory-ha-member-<ordinal-number>`, e.g `volume-myrelease-artifactory-ha-member-0` and `volume-myrelease-artifactory-ha-primary-1`.
- Pass a parameter to `helm install` and `helm upgrade`
```bash
...
--set artifactory.node.persistence.existingClaim=true
```
#### Existing shared volume claim
In order to use an existing claim (for data and backup) that is to be shared across all nodes, you need to:
- Create PVCs with ReadWriteMany that match the naming conventions:
```
{{ template "artifactory-ha.fullname" . }}-data-pvc-<claim-ordinal>
{{ template "artifactory-ha.fullname" . }}-backup-pvc
```
An example that shows 2 existing claims to be used:
```
myexample-data-pvc-0
myexample-data-pvc-1
myexample-backup-pvc
```
- Set the artifactory.persistence.fileSystem.existingSharedClaim.enabled in values.yaml to true:
```
-- set artifactory.persistence.fileSystem.existingSharedClaim.enabled=true
-- set artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims=2
```
#### NFS
To use an NFS server as your cluster's storage, you need to
- Setup an NFS server. Get its IP as `NFS_IP`
- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all
- Pass NFS parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=nfs \
--set artifactory.persistence.nfs.ip=${NFS_IP} \
...
```
#### Google Storage
To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider)
- Pass Google Storage parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
...
```
#### AWS S3
To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider)
- Pass AWS S3 parameters to `helm install` and `helm upgrade`
```bash
...
# With explicit credentials:
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \
--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \
...
...
# With using existing IAM role
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \
...
```
**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html)
#### Microsoft Azure Blob Storage
To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider)
- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=azure-blob \
--set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \
--set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \
--set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \
--set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \
...
```
#### Custom binarystore.xml
You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).<br>
There are two options for this
1. Editing directly in [values.yaml](values.yaml)
```yaml
artifactory:
persistence:
binarystoreXml: |
<!-- Your custom binarystore.xml snippet -->
```
2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command
```yaml
# Prepare your custom Secret file (custom-binarystore.yaml)
kind: Secret
apiVersion: v1
metadata:
name: custom-binarystore
labels:
app: artifactory
chart: artifactory
stringData:
binarystore.xml: |-
<!-- Your custom binarystore.xml snippet -->
```
```bash
# Create a secret from the file
kubectl apply -n artifactory -f ./custom-binarystore.yaml
# Pass it to your helm install command:
helm install --name artifactory-ha --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore jfrog/artifactory-ha
```
### Create a unique Master Key
Artifactory HA cluster requires a unique master key. By default the chart has one set in values.yaml (`artifactory.masterKey`).
**This key is for demo purpose and should not be used in a production environment!**
You should generate a unique one and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Pass the created master key to helm
helm install --name artifactory-ha --set artifactory.masterKey=${MASTER_KEY} jfrog/artifactory-ha
```
Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time.
```bash
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
# Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY}
# Pass the created secret to helm
helm install --name artifactory-ha --set artifactory.masterKeySecretName=my-secret jfrog/artifactory-ha
```
**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
### Install Artifactory HA license
For activating Artifactory HA, you must install an appropriate license. There are three ways to manage the license. **Artifactory UI**, **REST API**, or a **Kubernetes Secret**.
The easier and recommended way is the **Artifactory UI**. Using the **Kubernetes Secret** or **REST API** is for advanced users and is better suited for automation.
**IMPORTANT:** You should use only one of the following methods. Switching between them while a cluster is running might disable your Artifactory HA cluster!
##### Artifactory UI
Once primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See [HA installation and setup](https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup) for more details. **Note that you should enter all licenses at once, with each license is separated by a newline.** If you add the licenses one at a time, you may get redirected to a node without a license and the UI won't load for that node.
##### REST API
You can add licenses via REST API (https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-InstallHAClusterLicenses). Note that the REST API expects "\n" for the newlines in the licenses.
##### Kubernetes Secret
You can deploy the Artifactory license(s) as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/).
Prepare a text file with the license(s) written in it. If writing multiple licenses (must be in the same file), it's important to put **two new lines between each license block**!
```bash
# Create the Kubernetes secret (assuming the local license file is 'art.lic')
kubectl create secret generic artifactory-cluster-license --from-file=./art.lic
# Pass the license to helm
helm install --name artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic jfrog/artifactory-ha
```
**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
Updating the license should be done via Artifactory UI or REST API.
##### Create the secret as part of the helm release
values.yaml
```yaml
artifactory:
license:
licenseKey: |-
<LICENSE_KEY1>
<LICENSE_KEY2>
<LICENSE_KEY3>
```
```bash
helm install --name artifactory-ha -f values.yaml jfrog/artifactory-ha
```
**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
Updating the license should be done via Artifactory UI or REST API.
If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file
### Configure NetworkPolicy
NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system.
In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects.
For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything.
A full (but very wide open) example that results in 2 NetworkPolicy objects being created:
```yaml
networkpolicy:
# Allows all ingress and egress to/from artifactory primary and member pods.
- name: artifactory
podSelector:
matchLabels:
app: artifactory-ha
egress:
- {}
ingress:
- {}
# Allows connectivity from artifactory-ha pods to postgresql pods, but no traffic leaving postgresql pod.
- name: postgresql
podSelector:
matchLabels:
app: postgresql
ingress:
- from:
- podSelector:
matchLabels:
app: artifactory-ha
```
### Artifactory JMX Configuration
** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans
Enable JMX in your deployment:
```bash
helm install --name artifactory \
--set artifactory.primary.javaOpts.jmx.enabled=true \
--set artifactory.node.javaOpts.jmx.enabled=true \
jfrog/artifactory-ha
```
This will enable access to Artifactory with JMX on the default port (9010).
** You have the option to change the port by setting ```artifactory.primary.javaOpts.jmx.port``` and ```artifactory.node.javaOpts.jmx.port```
to your choice of port
In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps:
1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer:
```bash
helm install --name artifactory \
--set artifactory.primary.javaOpts.jmx.enabled=true \
--set artifactory.node.javaOpts.jmx.enabled=true \
--set artifactory.service.type=LoadBalancer \
jfrog/artifactory-ha
```
2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with
```artifactory.primary.javaOpts.jmx.host``` and ```artifactory.node.javaOpts.jmx.host```), So in order to connect to Artifactory
with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such:
```
<artifactory-primary-service-ip> artifactory-ha-<release-name>-primary
<artifactory-node-service-ip> <release-name>
```
3. Launch jconsole with the service address and port:
```bash
jconsole artifactory-ha-<release-name>-primary:<primary-jmx-port>
jconsole <release-name>:<node-jmx-port>
```
### Access creds. bootstraping
**IMPORTANT:** Bootsrapping access creds. will allow access for the user access-admin from certain IP's.
* User guide to [bootstrap Artifactory Access credentials](https://www.jfrog.com/confluence/display/ACC/Configuring+Access)
1. Create `access-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password:
```yaml
artifactory:
accessAdmin:
ip: "<IP_RANGE>" #Example: "*"
password: "<PASSWD>"
```
2. Apply the `access-creds-values.yaml` file:
```bash
helm upgrade --install artifactory-ha jfrog/artifactory-ha -f access-creds-values.yaml
```
### Bootstrapping Artifactory
**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section.
* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration)
* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration)
Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: my-release-bootstrap-config
data:
artifactory.config.import.xml: |
<config contents>
security.import.xml: |
<config contents>
```
Create configMap in Kubernetes:
```bash
kubectl apply -f bootstrap-config.yaml
```
#### Pass the configMap to helm
```bash
helm install --name artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config jfrog/artifactory-ha
```
### Use custom nginx.conf with Nginx
Steps to create configMap with nginx.conf
* Create `nginx.conf` file.
```bash
kubectl create configmap nginx-config --from-file=nginx.conf
```
* Pass configMap to helm install
```bash
helm install --name artifactory-ha --set nginx.customConfigMap=nginx-config jfrog/artifactory-ha
```
### Scaling your Artifactory cluster
A key feature in Artifactory HA is the ability to set an initial cluster size with `--set artifactory.node.replicaCount=${CLUSTER_SIZE}` and if needed, resize it.
##### Before scaling
**IMPORTANT:** When scaling, you need to explicitly pass the database password if it's an auto generated one (this is the default with the enclosed PostgreSQL helm chart).
Get the current database password
```bash
export DB_PASSWORD=$(kubectl get $(kubectl get secret -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
Use `--set postgresql.postgresqlPassword=${DB_PASSWORD}` with every scale action to prevent a miss configured cluster!
##### Scale up
Let's assume you have a cluster with **2** member nodes, and you want to scale up to **3** member nodes (a total of 4 nodes).
```bash
# Scale to 4 nodes (1 primary and 3 member nodes)
helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=3 --set postgresql.postgresqlPassword=${DB_PASSWORD} jfrog/artifactory-ha
```
##### Scale down
Let's assume you have a cluster with **3** member nodes, and you want to scale down to **2** member node.
```bash
# Scale down to 2 member nodes
helm upgrade --install artifactory-ha --set artifactory.node.replicaCount=2 --set postgresql.postgresqlPassword=${DB_PASSWORD} jfrog/artifactory-ha
```
- **NOTE:** Since Artifactory is running as a Kubernetes Stateful Set, the removal of the node will **not** remove the persistent volume. You need to explicitly remove it
```bash
# List PVCs
kubectl get pvc
# Remove the PVC with highest ordinal!
# In this example, the highest node ordinal was 2, so need to remove its storage.
kubectl delete pvc volume-artifactory-node-2
```
### Use an external Database
#### PostgreSQL
There are cases where you will want to use external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the database name.
This can be done with the following parameters
```bash
...
--set postgresql.enabled=false \
--set database.type=postgresql \
--set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \
--set database.user=${DB_USER} \
--set database.password=${DB_PASSWORD} \
...
```
**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
#### Other DB type
There are cases where you will want to use a different database and not the enclosed **PostgreSQL**.
See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database)
> The official Artifactory Docker images include the PostgreSQL database driver.
> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib
This can be done with the following parameters
```bash
# Make sure your Artifactory Docker image has the MySQL database driver in it
...
--set postgresql.enabled=false \
--set artifactory.preStartCommand="wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \
--set database.type=mysql \
--set database.host=${DB_HOST} \
--set database.port=${DB_PORT} \
--set database.user=${DB_USER} \
--set database.password=${DB_PASSWORD} \
...
```
**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
#### Using pre-existing Kubernetes Secret
If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`:
```bash
# Create a secret containing the database credentials
kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD}
...
--set postgresql.enabled=false \
--set database.secrets.user.name=my-secret \
--set database.secrets.user.key=user \
--set database.secrets.password.name=my-secret \
--set database.secrets.password.key=password \
...
```
### Deleting Artifactory
To delete the Artifactory HA cluster
```bash
helm delete --purge artifactory-ha
```
This will completely delete your Artifactory HA cluster.
**NOTE:** Since Artifactory is running as Kubernetes Stateful Sets, the removal of the helm release will **not** remove the persistent volumes. You need to explicitly remove them
```bash
kubectl delete pvc -l release=artifactory-ha
```
See more details in the official [Kubernetes Stateful Set removal page](https://kubernetes.io/docs/tasks/run-application/delete-stateful-set/)
### Custom Docker registry for your images
If you need to pull your Docker images from a private registry (for example, when you have a custom image with a MySQL database driver), you need to create a
[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm
```bash
# Create a Docker registry secret called 'regsecret'
kubectl create secret docker-registry regsecret --docker-server=${DOCKER_REGISTRY} --docker-username=${DOCKER_USER} --docker-password=${DOCKER_PASS} --docker-email=${DOCKER_EMAIL}
```
Once created, you pass it to `helm`
```bash
helm install --name artifactory-ha --set imagePullSecrets=regsecret jfrog/artifactory-ha
```
### Logger sidecars
This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml)
Get list of containers in the pod
```bash
kubectl get pods -n <NAMESPACE> <POD_NAME> -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n'
```
View specific log
```bash
kubectl logs -n <NAMESPACE> <POD_NAME> -c <LOG_CONTAINER_NAME>
```
### Custom init containers
There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container.
For this, there is a section for writing custom init containers before and after the predefined init containers in the [values.yaml](values.yaml) . By default it's commented out
```yaml
artifactory:
## Add custom init containers executed before predefined init containers
customInitContainersBegin: |
## Init containers template goes here ##
## Add custom init containers executed after predefined init containers
customInitContainers: |
## Init containers template goes here ##
```
### Custom sidecar containers
There are cases where an extra sidecar container is needed. For example monitoring agents or log collection.
For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out
```yaml
artifactory:
## Add custom sidecar containers
customSidecarContainers: |
## Sidecar containers template goes here ##
```
You can configure the sidecar to run as a custom user if needed by setting the following in the container template
```yaml
# Example of running container as root (id 0)
securityContext:
runAsUser: 0
fsGroup: 0
```
### Custom volumes
If you need to use a custom volume in a custom init or sidecar container, you can use this option.
For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out
```yaml
artifactory:
## Add custom volumes
customVolumes: |
## Custom volume comes here ##
```
### Add Artifactory User Plugin during installation
If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option.
Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command:
```bash
# Secret with single user plugin
kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory-ha
# Secret with single user plugin with configuration file
kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory-ha
```
Add plugin secret names to `plugins.yaml` as following:
```yaml
artifactory:
userPluginSecrets:
- archive-old-artifacts
- webhook
```
You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows:
```bash
helm install --name artifactory-ha -f plugins.yaml jfrog/artifactory-ha
```
Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file:
```yaml
artifactory-ha: # Name of the artifactory-ha dependency
artifactory:
userPluginSecrets:
- '{{ template "my-chart.fullname" . }}'
```
NOTE: By defining userPluginSecrets, this overrides any pre-defined plugins from the container image that are stored in /tmp/plugins. At this time [artifactory-pro:6.9.0](https://bintray.com/jfrog/artifactory-pro) is distributed with `internalUser.groovy` plugin. If you need this plugin in addition to your user plugins, you should include these additional plugins as part of your userPluginSecrets.
## Configuration
The following table lists the configurable parameters of the artifactory chart and their default values.
| Parameter | Description | Default |
|------------------------------|-----------------------------------|-------------------------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `logger.image.repository` | repository for logger image | `busybox` |
| `logger.image.tag` | tag for logger image | `1.30` |
| `artifactory.name` | Artifactory name | `artifactory` |
| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` |
| `artifactory.image.version` | Container image tag | `.Chart.AppVersion` |
| `artifactory.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` |
| `artifactory.catalinaLoggers` | Artifactory Tomcat loggers (see values.yaml for possible values) | `[]` |
| `artifactory.customInitContainersBegin`| Custom init containers to run before existing init containers | |
| `artifactory.customInitContainers`| Custom init containers to run after existing init containers | |
| `artifactory.customSidecarContainers`| Custom sidecar containers | |
| `artifactory.customVolumes` | Custom volumes | |
| `artifactory.customVolumeMounts` | Custom Artifactory volumeMounts | |
| `artifactory.userPluginSecrets` | Array of secret names for Artifactory user plugins | |
| `artifactory.masterKey` | Artifactory Master Key. Can be generated with `openssl rand -hex 32` |`FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`|
| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | |
| `artifactory.accessAdmin.ip` | Artifactory access-admin ip to be set upon startup, can use (*) for 0.0.0.0| 127.0.0.1 |
| `artifactory.accessAdmin.password` | Artifactory access-admin password to be set upon startup| |
| `artifactory.accessAdmin.secret` | Artifactory access-admin secret name | |
| `artifactory.accessAdmin.dataKey` | Artifactory access-admin secret data key | |
| `artifactory.preStartCommand` | Command to run before entrypoint starts | |
| `artifactory.postStartCommand` | Command to run after container starts | |
| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used. | |
| `artifactory.license.secret` | Artifactory license secret name | |
| `artifactory.license.dataKey`| Artifactory license secret data key | |
| `artifactory.service.name` | Artifactory service name to be set in Nginx configuration | `artifactory` |
| `artifactory.service.type` | Artifactory service type | `ClusterIP` |
| `artifactory.service.clusterIP`| Specific cluster IP or `None` for headless services | `nil` |
| `artifactory.service.pool` | Artifactory instances to be in the load balancing pool. `members` or `all` | `members` |
| `artifactory.externalPort` | Artifactory service external port | `8081` |
| `artifactory.internalPort` | Artifactory service internal port | `8081` |
| `artifactory.internalPortReplicator` | Replicator service internal port | `6061` |
| `artifactory.externalPortReplicator` | Replicator service external port | `6061` |
| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. Supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | |
| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` |
| `artifactory.livenessProbe.path` | liveness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `artifactory.readinessProbe.path` | readiness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.copyOnEveryStartup` | List of files to copy on startup from source (which is absolute) to target (which is relative to ARTIFACTORY_HOME | |
| `artifactory.deleteDBPropertiesOnStartup` | Whether to delete the ARTIFACTORY_HOME/etc/db.properties file on startup. Disabling this will remove the ability for the db.properties to be updated with any DB-related environment variables change (e.g. DB_HOST, DB_URL) | `true` |
| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` |
| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` |
| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` |
| `artifactory.persistence.size` | Artifactory persistence or local volume size | `200Gi` |
| `artifactory.persistence.binarystoreXml` | Artifactory binarystore.xml template | See `values.yaml` |
| `artifactory.persistence.customBinarystoreXmlSecret` | A custom Secret for binarystore.xml | `` |
| `artifactory.persistence.maxCacheSize` | Artifactory cache-fs provider maxCacheSize in bytes | `50000000000` |
| `artifactory.persistence.cacheProviderDir` | the root folder of binaries for the filestore cache. If the value specified starts with a forward slash ("/") it is considered the fully qualified path to the filestore folder. Otherwise, it is considered relative to the *baseDataDir*. | `cache` |
| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` |
| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` |
| `artifactory.persistence.nfs.ip` | NFS server IP | |
| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` |
| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` |
| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory-ha` |
| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` |
| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` |
| `artifactory.persistence.eventual.numberOfThreads` | Eventual number of threads | `10` |
| `artifactory.persistence.googleStorage.endpoint` | Google Storage API endpoint| `storage.googleapis.com` |
| `artifactory.persistence.googleStorage.httpsOnly` | Google Storage API has to be consumed https only| `false` |
| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory-ha` |
| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | |
| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | |
| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory-ha/filestore` |
| `artifactory.persistence.googleStorage.bucketExists`| Google Storage bucket exists therefore does not need to be created.| `false` |
| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-ha` |
| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | |
| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | |
| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory-ha/filestore` |
| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) |
| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.persistence.awsS3.s3AwsVersion` | AWS S3 signature version | `AWS4-HMAC-SHA256` |
| `artifactory.persistence.azureBlob.accountName` | Azure Blob Storage account name | `` |
| `artifactory.persistence.azureBlob.accountKey` | Azure Blob Storage account key | `` |
| `artifactory.persistence.azureBlob.endpoint` | Azure Blob Storage endpoint | `` |
| `artifactory.persistence.azureBlob.containerName` | Azure Blob Storage container name | `` |
| `artifactory.persistence.azureBlob.testConnection` | Azure Blob Storage test connection | `false` |
| `artifactory.persistence.fileSystem.existingSharedClaim` | Enable using an existing shared pvc | `false` |
| `artifactory.persistence.fileStorage.dataDir` | HA data directory | `/var/opt/jfrog/artifactory/artifactory-data` |
| `artifactory.persistence.fileStorage.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` |
| `artifactory.javaOpts.other` | Artifactory additional java options (for all nodes) | |
| `artifactory.replicator.enabled` | Enable Artifactory Replicator | `false` |
| `artifactory.replicator.publicUrl` | Artifactory Replicator Public URL | |
| `artifactory.primary.labels` | Artifactory primary node labels | `{}` |
| `artifactory.primary.resources.requests.memory` | Artifactory primary node initial memory request | |
| `artifactory.primary.resources.requests.cpu` | Artifactory primary node initial cpu request | |
| `artifactory.primary.resources.limits.memory` | Artifactory primary node memory limit | |
| `artifactory.primary.resources.limits.cpu` | Artifactory primary node cpu limit | |
| `artifactory.primary.javaOpts.xms` | Artifactory primary node java Xms size | |
| `artifactory.primary.javaOpts.xmx` | Artifactory primary node java Xms size | |
| `artifactory.primary.javaOpts.corePoolSize` | The number of async processes that can run in parallel in the primary node - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `16` |
| `artifactory.primary.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` |
| `artifactory.primary.javaOpts.jmx.port` | JMX Port number | `9010` |
| `artifactory.primary.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory-ha.primary.name" $ }}` |
| `artifactory.primary.javaOpts.jmx.ssl` | Enable SSL | `false` |
| `artifactory.primary.javaOpts.other` | Artifactory primary node additional java options | |
| `artifactory.primary.persistence.existingClaim` | Whether to use an existing pvc for the primary node | `false` |
| `artifactory.node.labels` | Artifactory member node labels | `{}` |
| `artifactory.node.replicaCount` | Artifactory member node replica count | `2` |
| `artifactory.node.minAvailable` | Artifactory member node min available count | `1` |
| `artifactory.node.resources.requests.memory` | Artifactory member node initial memory request | |
| `artifactory.node.resources.requests.cpu` | Artifactory member node initial cpu request | |
| `artifactory.node.resources.limits.memory` | Artifactory member node memory limit | |
| `artifactory.node.resources.limits.cpu` | Artifactory member node cpu limit | |
| `artifactory.node.javaOpts.xms` | Artifactory member node java Xms size | |
| `artifactory.node.javaOpts.xmx` | Artifactory member node java Xms size | |
| `artifactory.node.javaOpts.corePoolSize` | The number of async processes that can run in parallel in the member nodes - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `16` |
| `artifactory.node.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` |
| `artifactory.node.javaOpts.jmx.port` | JMX Port number | `9010` |
| `artifactory.node.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory-ha.fullname" $ }}` |
| `artifactory.node.javaOpts.jmx.ssl` | Enable SSL | `false` |
| `artifactory.node.javaOpts.other` | Artifactory member node additional java options | |
| `artifactory.node.persistence.existingClaim` | Whether to use existing PVCs for the member nodes | `false` |
| `artifactory.terminationGracePeriodSeconds` | Termination grace period (seconds) | `30s` |
| `initContainers.resources.requests.memory` | Init containers initial memory request | |
| `initContainers.resources.requests.cpu` | Init containers initial cpu request | |
| `initContainers.resources.limits.memory` | Init containers memory limit | |
| `initContainers.resources.limits.cpu` | Init containers cpu limit | |
| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` |
| `ingress.annotations` | Artifactory Ingress annotations | `{}` |
| `ingress.labels` | Artifactory Ingress labels | `{}` |
| `ingress.hosts` | Artifactory Ingress hostnames | `[]` |
| `ingress.path` | Artifactory Ingress path | `/` |
| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` |
| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` |
| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | |
| `ingress.additionalRules` | Ingress additional rules to be added to the Artifactory ingress. | `[]` |
| `nginx.enabled` | Deploy nginx server | `true` |
| `nginx.name` | Nginx name | `nginx` |
| `nginx.replicaCount` | Nginx replica count | `1` |
| `nginx.uid` | Nginx User Id | `104` |
| `nginx.gid` | Nginx Group Id | `107` |
| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` |
| `nginx.image.version` | Container version | `.Chart.AppVersion` |
| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `nginx.labels` | Nginx deployment labels | `{}` |
| `nginx.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` |
| `nginx.mainConf` | Content of the Artifactory nginx main nginx.conf config file | `see values.yaml` |
| `nginx.artifactoryConf` | Content of Artifactory nginx artifactory.conf config file | `see values.yaml` |
| `nginx.service.type` | Nginx service type | `LoadBalancer` |
| `nginx.service.clusterIP` | Specific cluster IP or `None` for headless services | `nil` |
| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | |
| `nginx.service.labels` | Nginx service labels | `{}` |
| `nginx.service.annotations` | Nginx service annotations | `{}` |
| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` |
| `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx | |
| `nginx.externalPortHttp` | Nginx service external port | `80` |
| `nginx.internalPortHttp` | Nginx service internal port | `80` |
| `nginx.externalPortHttps` | Nginx service external port | `443` |
| `nginx.internalPortHttps` | Nginx service internal port | `443` |
| `nginx.internalPortReplicator` | Replicator service internal port | `6061` |
| `nginx.externalPortReplicator` | Replicator service external port | `6061` |
| `nginx.livenessProbe.enabled` | would you like a liveness Probe to be enabled | `true` |
| `nginx.livenessProbe.path` | liveness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 100 |
| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `nginx.readinessProbe.path` | Readiness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | |
| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` |
| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory-ha.conf` | ` ` |
| `nginx.resources.requests.memory` | Nginx initial memory request | `250Mi` |
| `nginx.resources.requests.cpu` | Nginx initial cpu request | `100m` |
| `nginx.resources.limits.memory` | Nginx memory limit | `250Mi` |
| `nginx.resources.limits.cpu` | Nginx cpu limit | `500m` |
| `nginx.persistence.mountPath` | Nginx persistence volume mount path | `"/var/opt/jfrog/nginx"` |
| `nginx.persistence.enabled` | Nginx persistence volume enabled. This is only available when the nginx.replicaCount is set to 1 | `false` |
| `nginx.persistence.accessMode` | Nginx persistence volume access mode | `ReadWriteOnce` |
| `nginx.persistence.size` | Nginx persistence volume size | `5Gi` |
| `waitForDatabase` | Wait for database (using wait-for-db init container) | `true` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.imageTag` | PostgreSQL version | `9.6.11` |
| `postgresql.postgresqlDatabase` | PostgreSQL database name | `artifactory` |
| `postgresql.postgresqlUsername` | PostgreSQL database user | `artifactory` |
| `postgresql.postgresqlPassword` | PostgreSQL database password | |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | |
| `database.host` | External database hostname | |
| `database.port` | External database port | |
| `database.url` | External database connection URL | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
| `database.secrets.url.name ` | External database url `Secret` name | |
| `database.secrets.url.key` | External database url `Secret` key | |
| `networkpolicy.name` | Becomes part of the NetworkPolicy object name | `artifactory` |
| `networkpolicy.podselector` | Contains the YAML that specifies how to match pods. Usually using matchLabels. | |
| `networkpolicy.ingress` | YAML snippet containing to & from rules applied to incoming traffic | `- {}` (open to all inbound traffic) |
| `networkpolicy.egress` | YAML snippet containing to & from rules applied to outgoing traffic | `- {}` (open to all outbound traffic) |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Ingress and TLS
To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:
```bash
helm install --name artifactory-ha \
--set ingress.enabled=true \
--set ingress.hosts[0]="artifactory.company.com" \
--set artifactory.service.type=NodePort \
--set nginx.enabled=false \
jfrog/artifactory-ha
```
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```bash
kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file:
```yaml
ingress:
## If true, Artifactory Ingress will be created
##
enabled: true
## Artifactory Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- artifactory.domain.com
annotations:
kubernetes.io/tls-acme: "true"
## Artifactory Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: artifactory-tls
hosts:
- artifactory.domain.com
```
### Ingress annotations
This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup.
```yaml
ingress:
enabled: true
defaultBackend:
enabled: false
hosts:
- myhost.example.com
annotations:
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/proxy-read-timeout: "600"
ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
- hosts:
- "myhost.example.com"
```
### Ingress additional rules
You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray.
In order to do that, simply add the following to a `artifactory-ha-values.yaml` file:
```yaml
ingress:
enabled: true
defaultBackend:
enabled: false
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite "(?i)/xray(/|$)(.*)" /$2 break;
additionalRules: |
- host: <MY_HOSTNAME>
http:
paths:
- path: /
backend:
serviceName: <XRAY_SERVER_SERVICE_NAME>
servicePort: <XRAY_SERVER_SERVICE_PORT>
- path: /xray
backend:
serviceName: <XRAY_SERVER_SERVICE_NAME>
servicePort: <XRAY_SERVER_SERVICE_PORT>
- path: /artifactory
backend:
serviceName: {{ template "artifactory.nginx.fullname" . }}
servicePort: {{ .Values.nginx.externalPortHttp }}
```
and running:
```bash
helm upgrade --install artifactory-ha jfrog/artifactory-ha -f artifactory-ha-values.yaml
```
## Useful links
- https://www.jfrog.com/confluence/display/EP/Getting+Started
- https://www.jfrog.com/confluence/display/RTF/Installing+Artifactory
- https://www.jfrog.com/confluence/
charts/artifactory-ha/v1.0.0/ReverseProxyConfiguration.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory Reverse Proxy Settings using Nginx
#### Reverse Proxy
* To use Artifactory as docker registry it's mandatory to use Reverse Proxy.
* Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate
the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server.
* To learn about configuring NGINX or Apache for reverse proxy refer to documentation provided on [JFrog wiki](https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy)
* By default Artifactory helm chart uses Nginx for reverse proxy and load balancing.
**Note**: Nginx image distributed with Artifactory helm chart is custom image managed and maintained by JFrog.
#### Features of Artifactory Nginx
* Provides default configuration with self signed SSL certificate generated on each helm install/upgrade.
* Persist configuration and SSL certificate in `/var/opt/jfrog/nginx` directory
#### Changing the default Artifactory nginx conf
Use a values.yaml file for changing the value of nginx.mainConf or nginx.artifactoryConf
These configuration will be mounted to the nginx container using a configmap.
For example:
1. Create a values file `nginx-values.yaml` with the following values:
```yaml
nginx:
artifactoryConf: |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt;
ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen {{ .Values.nginx.internalPortHttps }} ssl;
listen {{ .Values.nginx.internalPortHttp }} ;
## Change to you DNS name you use to access Artifactory
server_name ~(?<repo>.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }};
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory-access.log timing;
## error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
if ( $repo != "" ) {
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break;
}
rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3;
rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1;
}
proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
```
2. Install/upgrade artifactory:
```bash
helm upgrade --install artifactory-ha jfrog/artifactory-ha -f nginx-values.yaml
```
#### Steps to use static configuration for reverse proxy in nginx.
1. Get Artifactory service name using this command `kubectl get svc -n $NAMESPACE`
2. Create `artifactory.conf` file with nginx configuration. More [nginx configuration examples](https://github.com/jfrog/artifactory-docker-examples/tree/master/files/nginx/conf.d)
Following is example `artifactory.conf`
**Note**:
* Create file with name `artifactory.conf` as it's fixed in configMap key.
* Replace `artifactory-artifactory` with service name taken from step 1.
```bash
## add ssl entries when https has been set in config
ssl_certificate /var/opt/jfrog/nginx/ssl/tls.crt;
ssl_certificate_key /var/opt/jfrog/nginx/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 80;
## Change to you DNS name you use to access Artifactory
server_name ~(?<repo>.+)\.artifactory-artifactory artifactory-artifactory;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory-access.log timing;
## error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
if ( $repo != "" ) {
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break;
}
rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3;
rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://artifactory-artifactory:8081/artifactory/$1 break;
}
proxy_pass http://artifactory-artifactory:8081/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
```
3. Create configMap of `artifactory.conf` created with step above.
```bash
kubectl create configmap art-nginx-conf --from-file=artifactory.conf
```
4. Deploy Artifactory using helm chart.
You can achieve this by providing the name of configMap created above to `nginx.customArtifactoryConfigMap` in [values.yaml](values.yaml)
Following is command to set values at runtime:
```bash
helm install --name artifactory-ha nginx.customArtifactoryConfigMap=art-nginx-conf jfrog/artifactory-ha
```
\ No newline at end of file
charts/artifactory-ha/v1.0.0/UPGRADE_NOTES.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory Chart Upgrade Notes
This file describes special upgrade notes needed at specific versions
## Upgrade from 0.X to 1.X
**DOWNTIME IS REQUIRED FOR AN UPGRADE!**
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you!**
* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is not backward compatible with the old version (`0.9.5`)!
* Note the following **PostgreSQL** Helm chart changes
* The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used
* **PostgreSQL** is deployed as a StatefulSet
* See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations
* Upgrade
* Due to breaking changes in the **PostgreSQL** Helm chart, a migration of the database is needed from the old to the new database
* The recommended migration process is the [full system export and import](https://www.jfrog.com/confluence/display/RTF/Importing+and+Exporting)
* **NOTE:** To save time, export only metadata and configuration (check `Exclude Content` in the `System Import & Export`) since the Artifactory filestore is persisted
* Upgrade steps:
1. Block user access to Artifactory (do not shutdown)
a. Scale down the cluster to primary node only (`node.replicaCount=0`) so the exported db and configuration will be kept on one known node (the primary)
b. If your Artifactory HA K8s service is set to member nodes only (`service.pool=members`) you will need to access the primary node directly (use `kubectl port-forward`)
2. Perform `Export System` from the `Admin` -> `Import & Export` -> `System` -> `Export System`
a. Check `Exclude Content` to save export size (as Artifactory filestore will persist across upgrade)
b. Choose to save the export on the persisted Artifactory volume (`/var/opt/jfrog/artifactory/`)
c. Click `Export` (this can take some time)
3. Run the `helm upgrade` with the new version. Old PostgreSQL will be removed and new one deployed
a. You must pass explicit "ready for upgrade flag" with `--set databaseUpgradeReady=yes`. Failing to provide this will block the upgrade!
4. Once ready, open Artifactory UI (you might need to re-enter a valid license). Skip all onboarding wizard steps
a. **NOTE:** Don't worry you can't see the old config and files. It will all restore with the system import in the next step
5. Perform `Import System` from the `Admin` -> `Import & Export` -> `System` -> `Import System`
a. Browse to where the export was saved Artifactory volume (`/var/opt/jfrog/artifactory/<directory-you-set>`)
b. Click `Import` (this can take some time)
6. Restore access to Artifactory
a. Scale the cluster member nodes back to the original size
* Artifactory should now be ready to get back to normal operation
charts/artifactory-ha/v1.0.0/app-readme.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory High Availability Helm Chart
Universal Repository Manager supporting all major packaging formats, build tools and CI servers.
## Chart Details
This chart will do the following:
* Deploy Artifactory highly available cluster. 1 primary node and 2 member nodes.
* Deploy a PostgreSQL database
* Deploy an Nginx server(optional)
## Useful links
Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/)
## Activate Your Artifactory Instance
Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it.
charts/artifactory-ha/v1.0.0/charts/postgresql/Chart.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
appVersion: 11.5.0
description: Chart for PostgreSQL, an object-relational database management system
(ORDBMS) with an emphasis on extensibility and on standards-compliance.
engine: gotpl
home: https://www.postgresql.org/
icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png
keywords:
- postgresql
- postgres
- database
- sql
- replication
- cluster
maintainers:
- email: containers@bitnami.com
name: Bitnami
- email: cedric@desaintmartin.fr
name: desaintmartin
name: postgresql
sources:
- https://github.com/bitnami/bitnami-docker-postgresql
version: 6.5.3
charts/artifactory-ha/v1.0.0/charts/postgresql/README.md 0 → 100644
View file @ 6ae841fa
# PostgreSQL
[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance.
## TL;DR;
```console
$ helm install stable/postgresql
```
## Introduction
This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/).
## Prerequisites
- Kubernetes 1.12+
- Helm 2.11+ or Helm 3.0-beta3+
- PV provisioner support in the underlying infrastructure
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm install --name my-release stable/postgresql
```
The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
The following tables lists the configurable parameters of the PostgreSQL chart and their default values.
| Parameter | Description | Default |
| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |
| `global.imageRegistry` | Global Docker Image registry | `nil` |
| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` |
| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` |
| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` |
| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` |
| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` |
| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `global.storageClass` | Global storage class for dynamic provisioning | `nil` |
| `image.registry` | PostgreSQL Image registry | `docker.io` |
| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` |
| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `image.debug` | Specify if debug values should be set | `false` |
| `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` |
| `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` |
| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` |
| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` |
| `replication.enabled` | Enable replication | `false` |
| `replication.user` | Replication user | `repl_user` |
| `replication.password` | Replication user password | `repl_password` |
| `replication.slaveReplicas` | Number of slaves replicas | `1` |
| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` |
| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` |
| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` |
| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` |
| `postgresqlUsername` | PostgreSQL admin user | `postgres` |
| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ |
| `postgresqlDatabase` | PostgreSQL database | `nil` |
| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) |
| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` |
| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` |
| `postgresqlConfiguration` | Runtime Config Parameters | `nil` |
| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` |
| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` |
| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` |
| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` |
| `initdbScripts` | Dictionary of initdb scripts | `nil` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` |
| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.port` | PostgreSQL port | `5432` |
| `service.nodePort` | Kubernetes Service nodePort | `nil` |
| `service.annotations` | Annotations for PostgreSQL service, the value is evaluated as a template. | {} |
| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` |
| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | [] |
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
| `persistence.enabled` | Enable persistence using PVC | `true` |
| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` |
| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` |
| `persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` |
| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` |
| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` |
| `persistence.annotations` | Annotations for the PVC | `{}` |
| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` |
| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` |
| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` |
| `master.anotations` | Map of annotations to add to the statefulset (postgresql master) | `{}` |
| `master.labels` | Map of labels to add to the statefulset (postgresql master) | `{}` |
| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` |
| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` |
| `master.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql master) | `[]` |
| `master.extraVolumes` | Additional volumes to add to the pods (postgresql master) | `[]` |
| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` |
| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` |
| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` |
| `slave.anotations` | Map of annotations to add to the statefulsets (postgresql slave) | `{}` |
| `slave.labels` | Map of labels to add to the statefulsets (postgresql slave) | `{}` |
| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` |
| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` |
| `slave.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql slave) | `[]` |
| `slave.extraVolumes` | Additional volumes to add to the pods (postgresql slave) | `[]` |
| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` |
| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` |
| `serviceAcccount.name` | Name of existing service account | `nil` |
| `livenessProbe.enabled` | Would you like a livenessProbe to be enabled | `true` |
| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 |
| `livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `livenessProbe.timeoutSeconds` | When the probe times out | 5 |
| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 |
| `readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `readinessProbe.timeoutSeconds` | When the probe times out | 5 |
| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.service.type` | Kubernetes Service type | `ClusterIP` |
| `service.clusterIP` | Static clusterIP or None for headless services | `nil` |
| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` |
| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` |
| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` |
| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` |
| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` |
| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` |
| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Image name | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Image tag | `{TAG_NAME}` |
| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `metrics.securityContext.enabled` | Enable security context for metrics | `false` |
| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` |
| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 |
| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 |
| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 |
| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 |
| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 |
| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 |
| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `{}` |
| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install --name my-release \
--set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \
stable/postgresql
```
The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
$ helm install --name my-release -f values.yaml stable/postgresql
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Production configuration and horizontal scaling
This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one.
- Enable replication:
```diff
- replication.enabled: false
+ replication.enabled: true
```
- Number of slaves replicas:
```diff
- replication.slaveReplicas: 1
+ replication.slaveReplicas: 2
```
- Set synchronous commit mode:
```diff
- replication.synchronousCommit: "off"
+ replication.synchronousCommit: "on"
```
- Number of replicas that will have synchronous replication:
```diff
- replication.numSynchronousReplicas: 0
+ replication.numSynchronousReplicas: 1
```
- Start a prometheus exporter:
```diff
- metrics.enabled: false
+ metrics.enabled: true
```
To horizontally scale this chart, you can use the `--replicas` flag to modify the number of nodes in your PostgreSQL deployment. Also you can use the `values-production.yaml` file or modify the parameters shown above.
### Change PostgreSQL version
To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0-debian-9-r0`
### postgresql.conf / pg_hba.conf files as configMap
This helm chart also supports to customize the whole configuration file.
Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server.
Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}.
In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options.
### Allow settings to be loaded from files other than the default `postgresql.conf`
If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory.
Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`.
Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option.
### Initialize a fresh instance
The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap.
Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict.
In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter.
The allowed extensions are `.sh`, `.sql` and `.sql.gz`.
### Metrics
The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml).
The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details.
### Use of global variables
In more complex scenarios, we may have the following tree of dependencies
```
+--------------+
| |
+------------+ Chart 1 +-----------+
| | | |
| --------+------+ |
| | |
| | |
| | |
| | |
v v v
+-------+------+ +--------+------+ +--------+------+
| | | | | |
| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 |
| | | | | |
+--------------+ +---------------+ +---------------+
```
The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters:
```
postgresql.postgresqlPassword=testtest
subchart1.postgresql.postgresqlPassword=testtest
subchart2.postgresql.postgresqlPassword=testtest
postgresql.postgresqlDatabase=db1
subchart1.postgresql.postgresqlDatabase=db1
subchart2.postgresql.postgresqlDatabase=db1
```
If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows:
```
global.postgresql.postgresqlPassword=testtest
global.postgresql.postgresqlDatabase=db1
```
This way, the credentials will be available in all of the subcharts.
## Persistence
The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container.
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.
See the [Parameters](#parameters) section to configure the PVC or to disable persistence.
## NetworkPolicy
To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
```console
$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```
With NetworkPolicy enabled, traffic will be limited to just port 5432.
For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL.
This label will be displayed in the output of a successful install.
## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image
- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image.
- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift.
### Deploy chart using Docker Official PostgreSQL Image
From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image.
Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory.
```
helm install --name postgres \
--set image.repository=postgres \
--set image.tag=10.6 \
--set postgresqlDataDir=/data/pgdata \
--set persistence.mountPath=/data/ \
stable/postgresql
```
## Upgrade
It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart:
```bash
$ helm upgrade my-release bitnami/influxdb \
--set postgresqlPassword=[POSTGRESQL_PASSWORD] \
--set replication.password=[REPLICATION_PASSWORD]
```
> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes.
## 5.0.0
In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/).
For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs:
```bash
Welcome to the Bitnami postgresql container
Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql
Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues
Send us your feedback at containers@bitnami.com
INFO ==> ** Starting PostgreSQL setup **
NFO ==> Validating settings in POSTGRESQL_* env vars..
INFO ==> Initializing PostgreSQL database...
INFO ==> postgresql.conf file not detected. Generating it...
INFO ==> pg_hba.conf file not detected. Generating it...
INFO ==> Deploying PostgreSQL with persisted data...
INFO ==> Configuring replication parameters
INFO ==> Loading custom scripts...
INFO ==> Enabling remote connections
INFO ==> Stopping PostgreSQL...
INFO ==> ** PostgreSQL setup finished! **
INFO ==> ** Starting PostgreSQL **
[1] FATAL: database files are incompatible with server
[1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3.
```
In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one.
### 4.0.0
This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately.
IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error
```
The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development
```
### 3.0.0
This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods.
It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride.
#### Breaking changes
- `affinty` has been renamed to `master.affinity` and `slave.affinity`.
- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`.
- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`.
### 2.0.0
In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps:
- Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running
```console
$ kubectl get svc
```
- Install (not upgrade) the new version
```console
$ helm repo update
$ helm install --name my-release stable/postgresql
```
- Connect to the new pod (you can obtain the name by running `kubectl get pods`):
```console
$ kubectl exec -it NAME bash
```
- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart:
```console
$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql
```
After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`).
This operation could take some time depending on the database size.
- Once you have the backup file, you can restore it with a command like the one below:
```console
$ psql -U postgres DATABASE_NAME < /tmp/backup.sql
```
In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt).
If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below.
```console
$ psql -U postgres
postgres=# drop database DATABASE_NAME;
postgres=# create database DATABASE_NAME;
postgres=# create user USER_NAME;
postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD';
postgres=# grant all privileges on database DATABASE_NAME to USER_NAME;
postgres=# alter database DATABASE_NAME owner to USER_NAME;
```
charts/artifactory-ha/v1.0.0/charts/postgresql/files/README.md 0 → 100644
View file @ 6ae841fa
Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map.
charts/artifactory-ha/v1.0.0/charts/postgresql/files/conf.d/README.md 0 → 100644
View file @ 6ae841fa
If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files.
These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`.
More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file).
charts/artifactory-ha/v1.0.0/charts/postgresql/files/docker-entrypoint-initdb.d/README.md 0 → 100644
View file @ 6ae841fa
You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image.
More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository.
\ No newline at end of file
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/NOTES.txt 0 → 100644
View file @ 6ae841fa
** Please be patient while the chart is being deployed **
PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster:
{{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection
{{- if .Values.replication.enabled }}
{{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection
{{- end }}
To get the password for "{{ template "postgresql.username" . }}" run:
export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode)
To connect to your database run the following command:
kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
--labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }}{{- if .Values.postgresqlDatabase }} -d {{ .Values.postgresqlDatabase }}{{- end }} -p {{ template "postgresql.port" . }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label {{ template "postgresql.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster.
{{- end }}
To connect to your database from outside the cluster execute the following commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "postgresql.fullname" . }})
{{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }}{{- if .Values.postgresqlDatabase }} -d {{ .Values.postgresqlDatabase }}{{- end }}
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "postgresql.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
{{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }}{{- if .Values.postgresqlDatabase }} -d {{ .Values.postgresqlDatabase }}{{- end }}
{{- else if contains "ClusterIP" .Values.service.type }}
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "postgresql.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} &
{{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }}{{- if .Values.postgresqlDatabase }} -d {{ .Values.postgresqlDatabase }}{{- end }} -p {{ template "postgresql.port" . }}
{{- end }}
{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/_helpers.tpl 0 → 100644
View file @ 6ae841fa
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "postgresql.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "postgresql.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "postgresql.master.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}}
{{- if .Values.replication.enabled -}}
{{- printf "%s-%s" $fullname "master" | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "postgresql.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}}
"extensions/v1beta1"
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}}
"networking.k8s.io/v1"
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "postgresql.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper PostgreSQL image name
*/}}
{{- define "postgresql.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL password
*/}}
{{- define "postgresql.password" -}}
{{- if .Values.global.postgresql.postgresqlPassword }}
{{- .Values.global.postgresql.postgresqlPassword -}}
{{- else if .Values.postgresqlPassword -}}
{{- .Values.postgresqlPassword -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL replication password
*/}}
{{- define "postgresql.replication.password" -}}
{{- if .Values.global.postgresql.replicationPassword }}
{{- .Values.global.postgresql.replicationPassword -}}
{{- else if .Values.replication.password -}}
{{- .Values.replication.password -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL username
*/}}
{{- define "postgresql.username" -}}
{{- if .Values.global.postgresql.postgresqlUsername }}
{{- .Values.global.postgresql.postgresqlUsername -}}
{{- else -}}
{{- .Values.postgresqlUsername -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL replication username
*/}}
{{- define "postgresql.replication.username" -}}
{{- if .Values.global.postgresql.replicationUser }}
{{- .Values.global.postgresql.replicationUser -}}
{{- else -}}
{{- .Values.replication.user -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL port
*/}}
{{- define "postgresql.port" -}}
{{- if .Values.global.postgresql.servicePort }}
{{- .Values.global.postgresql.servicePort -}}
{{- else -}}
{{- .Values.service.port -}}
{{- end -}}
{{- end -}}
{{/*
Return PostgreSQL created database
*/}}
{{- define "postgresql.database" -}}
{{- if .Values.global.postgresql.postgresqlDatabase }}
{{- .Values.global.postgresql.postgresqlDatabase -}}
{{- else if .Values.postgresqlDatabase -}}
{{- .Values.postgresqlDatabase -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper image name to change the volume permissions
*/}}
{{- define "postgresql.volumePermissions.image" -}}
{{- $registryName := .Values.volumePermissions.image.registry -}}
{{- $repositoryName := .Values.volumePermissions.image.repository -}}
{{- $tag := .Values.volumePermissions.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper PostgreSQL metrics image name
*/}}
{{- define "postgresql.metrics.image" -}}
{{- $registryName := default "docker.io" .Values.metrics.image.registry -}}
{{- $repositoryName := .Values.metrics.image.repository -}}
{{- $tag := default "latest" .Values.metrics.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Get the password secret.
*/}}
{{- define "postgresql.secretName" -}}
{{- if .Values.global.postgresql.existingSecret }}
{{- printf "%s" .Values.global.postgresql.existingSecret -}}
{{- else if .Values.existingSecret -}}
{{- printf "%s" .Values.existingSecret -}}
{{- else -}}
{{- printf "%s" (include "postgresql.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "postgresql.createSecret" -}}
{{- if .Values.global.postgresql.existingSecret }}
{{- else if .Values.existingSecret -}}
{{- else -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Get the configuration ConfigMap name.
*/}}
{{- define "postgresql.configurationCM" -}}
{{- if .Values.configurationConfigMap -}}
{{- printf "%s" (tpl .Values.configurationConfigMap $) -}}
{{- else -}}
{{- printf "%s-configuration" (include "postgresql.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the extended configuration ConfigMap name.
*/}}
{{- define "postgresql.extendedConfigurationCM" -}}
{{- if .Values.extendedConfConfigMap -}}
{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}}
{{- else -}}
{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the initialization scripts ConfigMap name.
*/}}
{{- define "postgresql.initdbScriptsCM" -}}
{{- if .Values.initdbScriptsConfigMap -}}
{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}}
{{- else -}}
{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Get the initialization scripts Secret name.
*/}}
{{- define "postgresql.initdbScriptsSecret" -}}
{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "postgresql.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.metrics.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- range .Values.volumePermissions.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Get the readiness probe command
*/}}
{{- define "postgresql.readinessProbeCommand" -}}
- |
{{- if (include "postgresql.database" .) }}
pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
{{- if contains "bitnami/" .Values.image.repository }}
[ -f /opt/bitnami/postgresql/tmp/.initialized ]
{{- end -}}
{{- end -}}
{{/*
Return the proper Storage Class
*/}}
{{- define "postgresql.storageClass" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
*/}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.storageClass -}}
{{- if (eq "-" .Values.persistence.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Renders a value that contains template.
Usage:
{{ include "postgresql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "logstash.tplValue" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/configmap.yaml 0 → 100644
View file @ 6ae841fa
{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "postgresql.fullname" . }}-configuration
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
data:
{{- if (.Files.Glob "files/postgresql.conf") }}
{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }}
{{- else if .Values.postgresqlConfiguration }}
postgresql.conf: |
{{- range $key, $value := default dict .Values.postgresqlConfiguration }}
{{ $key | snakecase }}={{ $value }}
{{- end }}
{{- end }}
{{- if (.Files.Glob "files/pg_hba.conf") }}
{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }}
{{- else if .Values.pgHbaConfiguration }}
pg_hba.conf: |
{{ .Values.pgHbaConfiguration | indent 4 }}
{{- end }}
{{ end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/extended-config-configmap.yaml 0 → 100644
View file @ 6ae841fa
{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "postgresql.fullname" . }}-extended-configuration
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
data:
{{- with .Files.Glob "files/conf.d/*.conf" }}
{{ .AsConfig | indent 2 }}
{{- end }}
{{ with .Values.postgresqlExtendedConf }}
override.conf: |
{{- range $key, $value := . }}
{{ $key | snakecase }}={{ $value }}
{{- end }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/initialization-configmap.yaml 0 → 100644
View file @ 6ae841fa
{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "postgresql.fullname" . }}-init-scripts
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }}
binaryData:
{{- range $path, $bytes := . }}
{{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
{{- end }}
{{- end }}
data:
{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }}
{{ .AsConfig | indent 2 }}
{{- end }}
{{- with .Values.initdbScripts }}
{{ toYaml . | indent 2 }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/metrics-svc.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}-metrics
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{ toYaml .Values.metrics.service.annotations | indent 4 }}
spec:
type: {{ .Values.metrics.service.type }}
{{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
{{- end }}
ports:
- name: metrics
port: 9187
targetPort: metrics
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
role: master
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/networkpolicy.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
podSelector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
ingress:
# Allow inbound connections
- ports:
- port: {{ template "postgresql.port" . }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "postgresql.fullname" . }}-client: "true"
- podSelector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
role: slave
{{- end }}
# Allow prometheus scrapes
- ports:
- port: 9187
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/secrets.yaml 0 → 100644
View file @ 6ae841fa
{{- if (include "postgresql.createSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
postgresql-password: {{ include "postgresql.password" . | b64enc | quote }}
{{- if .Values.replication.enabled }}
postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }}
{{- end }}
{{- end -}}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/serviceaccount.yaml 0 → 100644
View file @ 6ae841fa
{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
name: {{ template "postgresql.fullname" . }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/servicemonitor.yaml 0 → 100644
View file @ 6ae841fa
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "postgresql.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name }}
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/statefulset-slaves.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.replication.enabled }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "postgresql.fullname" . }}-slave"
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.slave.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.slave.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
serviceName: {{ template "postgresql.fullname" . }}-headless
replicas: {{ .Values.replication.slaveReplicas }}
selector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
role: slave
template:
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
role: slave
{{- with .Values.slave.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.slave.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- include "postgresql.imagePullSecrets" . | indent 6 }}
{{- if .Values.slave.nodeSelector }}
nodeSelector:
{{ toYaml .Values.slave.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.slave.affinity }}
affinity:
{{ toYaml .Values.slave.affinity | indent 8 }}
{{- end }}
{{- if .Values.slave.tolerations }}
tolerations:
{{ toYaml .Values.slave.tolerations | indent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if .Values.serviceAccount.enabled }}
serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
initContainers:
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
command:
- sh
- -c
- |
mkdir -p {{ .Values.persistence.mountPath }}/data
chmod 700 {{ .Values.persistence.mountPath }}/data
find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
securityContext:
runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
containers:
- name: {{ template "postgresql.fullname" . }}
image: {{ template "postgresql.image" . }}
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: POSTGRESQL_VOLUME_DIR
value: "{{ .Values.persistence.mountPath }}"
- name: POSTGRESQL_PORT_NUMBER
value: "{{ template "postgresql.port" . }}"
{{- if .Values.persistence.mountPath }}
- name: PGDATA
value: {{ .Values.postgresqlDataDir | quote }}
{{- end }}
- name: POSTGRES_REPLICATION_MODE
value: "slave"
- name: POSTGRES_REPLICATION_USER
value: {{ include "postgresql.replication.username" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_REPLICATION_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
{{- else }}
- name: POSTGRES_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-replication-password
{{- end }}
- name: POSTGRES_CLUSTER_APP_NAME
value: {{ .Values.replication.applicationName }}
- name: POSTGRES_MASTER_HOST
value: {{ template "postgresql.fullname" . }}
- name: POSTGRES_MASTER_PORT_NUMBER
value: {{ include "postgresql.port" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
ports:
- name: postgresql
containerPort: {{ template "postgresql.port" . }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command:
- sh
- -c
{{- if (include "postgresql.database" .) }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command:
- sh
- -c
- -e
{{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
volumeMounts:
{{- if .Values.usePasswordFile }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
{{- if .Values.persistence.enabled }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{ end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
mountPath: /bitnami/postgresql/conf/conf.d/
{{- end }}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
- name: postgresql-config
mountPath: /bitnami/postgresql/conf
{{- end }}
{{- if .Values.slave.extraVolumeMounts }}
{{- toYaml .Values.slave.extraVolumeMounts | nindent 12 }}
{{- end }}
volumes:
{{- if .Values.usePasswordFile }}
- name: postgresql-password
secret:
secretName: {{ template "postgresql.secretName" . }}
{{- end }}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
- name: postgresql-config
configMap:
name: {{ template "postgresql.configurationCM" . }}
{{- end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
configMap:
name: {{ template "postgresql.extendedConfigurationCM" . }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- end }}
{{- if .Values.slave.extraVolumes }}
{{- toYaml .Values.slave.extraVolumes | nindent 8 }}
{{- end }}
updateStrategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "Recreate" .Values.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data
{{- with .Values.persistence.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "postgresql.storageClass" . }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "postgresql.master.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.master.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.master.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
serviceName: {{ template "postgresql.fullname" . }}-headless
replicas: 1
updateStrategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "Recreate" .Values.updateStrategy.type) }}
rollingUpdate: null
{{- end }}
selector:
matchLabels:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
role: master
template:
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
role: master
{{- with .Values.master.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.master.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- include "postgresql.imagePullSecrets" . | indent 6 }}
{{- if .Values.master.nodeSelector }}
nodeSelector:
{{ toYaml .Values.master.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.master.affinity }}
affinity:
{{ toYaml .Values.master.affinity | indent 8 }}
{{- end }}
{{- if .Values.master.tolerations }}
tolerations:
{{ toYaml .Values.master.tolerations | indent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if .Values.serviceAccount.enabled }}
serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
initContainers:
- name: init-chmod-data
image: {{ template "postgresql.volumePermissions.image" . }}
imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}"
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
command:
- sh
- -c
- |
mkdir -p {{ .Values.persistence.mountPath }}/data
chmod 700 {{ .Values.persistence.mountPath }}/data
find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}
securityContext:
runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
containers:
- name: {{ template "postgresql.fullname" . }}
image: {{ template "postgresql.image" . }}
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: POSTGRESQL_PORT_NUMBER
value: "{{ template "postgresql.port" . }}"
- name: POSTGRESQL_VOLUME_DIR
value: "{{ .Values.persistence.mountPath }}"
{{- if .Values.postgresqlInitdbArgs }}
- name: POSTGRES_INITDB_ARGS
value: {{ .Values.postgresqlInitdbArgs | quote }}
{{- end }}
{{- if .Values.postgresqlInitdbWalDir }}
- name: POSTGRES_INITDB_WALDIR
value: {{ .Values.postgresqlInitdbWalDir | quote }}
{{- end }}
{{- if .Values.persistence.mountPath }}
- name: PGDATA
value: {{ .Values.postgresqlDataDir | quote }}
{{- end }}
{{- if .Values.replication.enabled }}
- name: POSTGRES_REPLICATION_MODE
value: "master"
- name: POSTGRES_REPLICATION_USER
value: {{ include "postgresql.replication.username" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_REPLICATION_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password"
{{- else }}
- name: POSTGRES_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-replication-password
{{- end }}
{{- if not (eq .Values.replication.synchronousCommit "off")}}
- name: POSTGRES_SYNCHRONOUS_COMMIT_MODE
value: {{ .Values.replication.synchronousCommit | quote }}
- name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS
value: {{ .Values.replication.numSynchronousReplicas | quote }}
{{- end }}
- name: POSTGRES_CLUSTER_APP_NAME
value: {{ .Values.replication.applicationName }}
{{- end }}
- name: POSTGRES_USER
value: {{ include "postgresql.username" . | quote }}
{{- if .Values.usePasswordFile }}
- name: POSTGRES_PASSWORD_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
{{- else }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
{{- if (include "postgresql.database" .) }}
- name: POSTGRES_DB
value: {{ (include "postgresql.database" .) | quote }}
{{- end }}
{{- if .Values.extraEnv }}
{{- include "postgresql.tplValue" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
{{- end }}
ports:
- name: postgresql
containerPort: {{ template "postgresql.port" . }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
exec:
command:
- sh
- -c
{{- if (include "postgresql.database" .) }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -d {{ (include "postgresql.database" .) | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- else }}
- exec pg_isready -U {{ include "postgresql.username" . | quote }} -h 127.0.0.1 -p {{ template "postgresql.port" . }}
{{- end }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
exec:
command:
- sh
- -c
- -e
{{- include "postgresql.readinessProbeCommand" . | nindent 16 }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- end }}
volumeMounts:
{{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d/
{{- end }}
{{- if .Values.initdbScriptsSecret }}
- name: custom-init-scripts-secret
mountPath: /docker-entrypoint-initdb.d/secret
{{- end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
mountPath: /bitnami/postgresql/conf/conf.d/
{{- end }}
{{- if .Values.usePasswordFile }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
{{- if .Values.persistence.enabled }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }}
- name: postgresql-config
mountPath: /bitnami/postgresql/conf
{{- end }}
{{- if .Values.master.extraVolumeMounts }}
{{- toYaml .Values.master.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
image: {{ template "postgresql.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.metrics.securityContext.runAsUser }}
{{- end }}
env:
{{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }}
- name: DATA_SOURCE_URI
value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.port" .)) $database | quote }}
{{- if .Values.usePasswordFile }}
- name: DATA_SOURCE_PASS_FILE
value: "/opt/bitnami/postgresql/secrets/postgresql-password"
{{- else }}
- name: DATA_SOURCE_PASS
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secretName" . }}
key: postgresql-password
{{- end }}
- name: DATA_SOURCE_USER
value: {{ template "postgresql.username" . }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
{{- end }}
volumeMounts:
{{- if .Values.usePasswordFile }}
- name: postgresql-password
mountPath: /opt/bitnami/postgresql/secrets/
{{- end }}
ports:
- name: metrics
containerPort: 9187
{{- if .Values.metrics.resources }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- end }}
volumes:
{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}}
- name: postgresql-config
configMap:
name: {{ template "postgresql.configurationCM" . }}
{{- end }}
{{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }}
- name: postgresql-extended-config
configMap:
name: {{ template "postgresql.extendedConfigurationCM" . }}
{{- end }}
{{- if .Values.usePasswordFile }}
- name: postgresql-password
secret:
secretName: {{ template "postgresql.secretName" . }}
{{- end }}
{{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
name: {{ template "postgresql.initdbScriptsCM" . }}
{{- end }}
{{- if .Values.initdbScriptsSecret }}
- name: custom-init-scripts-secret
secret:
secretName: {{ template "postgresql.initdbScriptsSecret" . }}
{{- end }}
{{- if .Values.master.extraVolumes }}
{{- toYaml .Values.master.extraVolumes | nindent 8 }}
{{- end }}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
{{- with .Values.persistence.existingClaim }}
claimName: {{ tpl . $ }}
{{- end }}
{{- else if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: data
{{- with .Values.persistence.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "postgresql.storageClass" . }}
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/svc-headless.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}-headless
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: postgresql
port: {{ template "postgresql.port" . }}
targetPort: postgresql
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/svc-read.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.replication.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}-read
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.service.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: postgresql
port: {{ template "postgresql.port" . }}
targetPort: postgresql
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
role: slave
{{- end }}
charts/artifactory-ha/v1.0.0/charts/postgresql/templates/svc.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
kind: Service
metadata:
name: {{ template "postgresql.fullname" . }}
labels:
app: {{ template "postgresql.name" . }}
chart: {{ template "postgresql.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.service.annotations }}
annotations:
{{ tpl (toYaml .) $ | indent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ with .Values.service.loadBalancerSourceRanges }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
{{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
ports:
- name: postgresql
port: {{ template "postgresql.port" . }}
targetPort: postgresql
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
selector:
app: {{ template "postgresql.name" . }}
release: {{ .Release.Name | quote }}
role: master
charts/artifactory-ha/v1.0.0/charts/postgresql/values-production.yaml 0 → 100644
View file @ 6ae841fa
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
global:
postgresql: {}
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
##
image:
registry: docker.io
repository: bitnami/postgresql
tag: 11.5.0-debian-9-r60
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH and NAMI debugging in minideb
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
debug: false
## String to partially override postgresql.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override postgresql.fullname template
##
# fullnameOverride:
##
## Init containers parameters:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
##
volumePermissions:
enabled: true
image:
registry: docker.io
repository: bitnami/minideb
tag: stretch
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container Security Context
securityContext:
runAsUser: 0
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Pod Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
enabled: false
## Name of an already existing service account. Setting this value disables the automatic service account creation.
# name:
replication:
enabled: true
user: repl_user
password: repl_password
slaveReplicas: 2
## Set synchronous commit mode: on, off, remote_apply, remote_write and local
## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL
synchronousCommit: "on"
## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication
## NOTE: It cannot be > slaveReplicas
numSynchronousReplicas: 1
## Replication Cluster application name. Useful for defining multiple replication policies
applicationName: my_application
## PostgreSQL admin user
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
postgresqlUsername: postgres
## PostgreSQL password
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
##
# postgresqlPassword:
## PostgreSQL password using existing secret
## existingSecret: secret
## Mount PostgreSQL secret as a file instead of passing environment variable
# usePasswordFile: false
## Create a database
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run
##
# postgresqlDatabase:
## PostgreSQL data dir
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
postgresqlDataDir: /bitnami/postgresql/data
## Specify extra initdb args
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
# postgresqlInitdbArgs:
## Specify a custom location for the PostgreSQL transaction log
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
# postgresqlInitdbWalDir:
## PostgreSQL configuration
## Specify runtime configuration parameters as a dict, using camelCase, e.g.
## {"sharedBuffers": "500MB"}
## Alternatively, you can put your postgresql.conf under the files/ directory
## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
##
# postgresqlConfiguration:
## PostgreSQL extended configuration
## As above, but _appended_ to the main configuration
## Alternatively, you can put your *.conf under the files/conf.d/ directory
## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
##
# postgresqlExtendedConf:
## PostgreSQL client authentication configuration
## Specify content for pg_hba.conf
## Default: do not create pg_hba.conf
## Alternatively, you can put your pg_hba.conf under the files/ directory
# pgHbaConfiguration: |-
# local all all trust
# host all all localhost trust
# host mydatabase mysuser 192.168.0.0/24 md5
## ConfigMap with PostgreSQL configuration
## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration
# configurationConfigMap:
## ConfigMap with PostgreSQL extended configuration
# extendedConfConfigMap:
## initdb scripts
## Specify dictionary of scripts to be run at first boot
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
##
# initdbScripts:
# my_init_script.sh: |
# #!/bin/sh
# echo "Do something."
## ConfigMap with scripts to be run at first boot
## NOTE: This will override initdbScripts
# initdbScriptsConfigMap:
## Secret with scripts to be run at first boot (in case it contains sensitive information)
## NOTE: This can work along initdbScripts or initdbScriptsConfigMap
# initdbScriptsSecret:
## Optional duration in seconds the pod needs to terminate gracefully.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
# terminationGracePeriodSeconds: 30
## PostgreSQL service configuration
service:
## PosgresSQL service type
type: ClusterIP
# clusterIP: None
port: 5432
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required.
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
annotations: {}
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
# loadBalancerSourceRanges:
# - 10.10.10.0/24
## PostgreSQL data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
## If defined, PVC must be created manually before volume will be bound
## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart
##
# existingClaim:
## The path the volume will be mounted at, useful when using different
## PostgreSQL images.
##
mountPath: /bitnami/postgresql
## The subdirectory of the volume to mount to, useful in dev environments
## and one PV for multiple services.
##
subPath: ""
# storageClass: "-"
accessModes:
- ReadWriteOnce
size: 8Gi
annotations: {}
## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
updateStrategy:
type: RollingUpdate
##
## PostgreSQL Master parameters
##
master:
## Node, affinity and tolerations labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
affinity: {}
tolerations: []
labels: {}
annotations: {}
podLabels: {}
podAnnotations: {}
## Additional PostgreSQL Master Volume mounts
##
extraVolumeMounts: []
## Additional PostgreSQL Master Volumes
##
extraVolumes: []
##
## PostgreSQL Slave parameters
##
slave:
## Node, affinity and tolerations labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
affinity: {}
tolerations: []
labels: {}
annotations: {}
podLabels: {}
podAnnotations: {}
## Additional PostgreSQL Slave Volume mounts
##
extraVolumeMounts: []
## Additional PostgreSQL Slave Volumes
##
extraVolumes: []
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
memory: 256Mi
cpu: 250m
networkPolicy:
## Enable creation of NetworkPolicy resources.
##
enabled: false
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the port PostgreSQL is listening
## on. When true, PostgreSQL will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure metrics exporter
##
metrics:
enabled: true
# resources: {}
service:
type: ClusterIP
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9187"
loadBalancerIP:
serviceMonitor:
enabled: false
additionalLabels: {}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.5.1-debian-9-r73
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: false
runAsUser: 1001
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
## Configure extra options for liveness and readiness probes
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
# Define custom environment variables to pass to the image here
extraEnv: {}
charts/artifactory-ha/v1.0.0/charts/postgresql/values.schema.json 0 → 100644
View file @ 6ae841fa
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"postgresqlUsername": {
"type": "string",
"title": "Admin user",
"form": "username"
},
"postgresqlPassword": {
"type": "string",
"title": "Password",
"form": "password"
},
"persistence": {
"type": "object",
"properties": {
"size": {
"type": "string",
"title": "Disk Size",
"form": "diskSize",
"render": "slider",
"sliderMin": 1,
"sliderMax": 100,
"sliderUnit": "Gi"
}
}
},
"resources": {
"type": "object",
"title": "Required Resources",
"description": "Configure resource requests",
"form": "resources",
"properties": {
"requests": {
"type": "object",
"properties": {
"memory": {
"type": "string",
"form": "memoryRequest",
"render": "slider",
"title": "Memory Request",
"sliderMin": 10,
"sliderMax": 2048,
"sliderUnit": "Mi"
},
"cpu": {
"type": "string",
"form": "cpuRequest",
"render": "slider",
"title": "CPU Request",
"sliderMin": 10,
"sliderMax": 2000,
"sliderUnit": "m"
}
}
}
}
},
"replication": {
"type": "object",
"form": "replication",
"title": "Replication Details",
"properties": {
"enabled": {
"type": "boolean",
"title": "Enable Replication",
"form": "enableReplication",
"enables": "replication"
},
"slaveReplicas": {
"type": "integer",
"title": "Slave Replicas",
"form": "slaveReplicas"
}
}
},
"volumePermissions": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"form": "enableVolumePermissions",
"title": "Enable Init Containers",
"description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup"
}
}
},
"metrics": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"title": "Configure metrics exporter",
"form": "enableMetrics"
}
}
}
}
}
charts/artifactory-ha/v1.0.0/charts/postgresql/values.yaml 0 → 100644
View file @ 6ae841fa
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
global:
postgresql: {}
# imageRegistry: myRegistryName
# imagePullSecrets:
# - myRegistryKeySecretName
# storageClass: myStorageClass
## Bitnami PostgreSQL image version
## ref: https://hub.docker.com/r/bitnami/postgresql/tags/
##
image:
registry: docker.io
repository: bitnami/postgresql
tag: 11.5.0-debian-9-r60
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH and NAMI debugging in minideb
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
debug: false
## String to partially override postgresql.fullname template (will maintain the release name)
##
# nameOverride:
## String to fully override postgresql.fullname template
##
# fullnameOverride:
##
## Init containers parameters:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
##
volumePermissions:
enabled: true
image:
registry: docker.io
repository: bitnami/minideb
tag: stretch
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container Security Context
securityContext:
runAsUser: 0
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
## Pod Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
enabled: false
## Name of an already existing service account. Setting this value disables the automatic service account creation.
# name:
replication:
enabled: false
user: repl_user
password: repl_password
slaveReplicas: 1
## Set synchronous commit mode: on, off, remote_apply, remote_write and local
## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL
synchronousCommit: "off"
## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication
## NOTE: It cannot be > slaveReplicas
numSynchronousReplicas: 0
## Replication Cluster application name. Useful for defining multiple replication policies
applicationName: my_application
## PostgreSQL admin user
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
postgresqlUsername: postgres
## PostgreSQL password
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run
##
# postgresqlPassword:
## PostgreSQL password using existing secret
## existingSecret: secret
## Mount PostgreSQL secret as a file instead of passing environment variable
# usePasswordFile: false
## Create a database
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run
##
# postgresqlDatabase:
## PostgreSQL data dir
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
postgresqlDataDir: /bitnami/postgresql/data
## Specify extra initdb args
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
# postgresqlInitdbArgs:
## Specify a custom location for the PostgreSQL transaction log
## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md
##
# postgresqlInitdbWalDir:
## PostgreSQL configuration
## Specify runtime configuration parameters as a dict, using camelCase, e.g.
## {"sharedBuffers": "500MB"}
## Alternatively, you can put your postgresql.conf under the files/ directory
## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
##
# postgresqlConfiguration:
## PostgreSQL extended configuration
## As above, but _appended_ to the main configuration
## Alternatively, you can put your *.conf under the files/conf.d/ directory
## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf
##
# postgresqlExtendedConf:
## PostgreSQL client authentication configuration
## Specify content for pg_hba.conf
## Default: do not create pg_hba.conf
## Alternatively, you can put your pg_hba.conf under the files/ directory
# pgHbaConfiguration: |-
# local all all trust
# host all all localhost trust
# host mydatabase mysuser 192.168.0.0/24 md5
## ConfigMap with PostgreSQL configuration
## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration
# configurationConfigMap:
## ConfigMap with PostgreSQL extended configuration
# extendedConfConfigMap:
## initdb scripts
## Specify dictionary of scripts to be run at first boot
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
##
# initdbScripts:
# my_init_script.sh: |
# #!/bin/sh
# echo "Do something."
## ConfigMap with scripts to be run at first boot
## NOTE: This will override initdbScripts
# initdbScriptsConfigMap:
## Secret with scripts to be run at first boot (in case it contains sensitive information)
## NOTE: This can work along initdbScripts or initdbScriptsConfigMap
# initdbScriptsSecret:
## Optional duration in seconds the pod needs to terminate gracefully.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
# terminationGracePeriodSeconds: 30
## PostgreSQL service configuration
service:
## PosgresSQL service type
type: ClusterIP
# clusterIP: None
port: 5432
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required.
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
annotations: {}
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
# loadBalancerSourceRanges:
# - 10.10.10.0/24
## PostgreSQL data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
## If defined, PVC must be created manually before volume will be bound
## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart
##
# existingClaim:
## The path the volume will be mounted at, useful when using different
## PostgreSQL images.
##
mountPath: /bitnami/postgresql
## The subdirectory of the volume to mount to, useful in dev environments
## and one PV for multiple services.
##
subPath: ""
# storageClass: "-"
accessModes:
- ReadWriteOnce
size: 8Gi
annotations: {}
## updateStrategy for PostgreSQL StatefulSet and its slaves StatefulSets
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
updateStrategy:
type: RollingUpdate
##
## PostgreSQL Master parameters
##
master:
## Node, affinity and tolerations labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
affinity: {}
tolerations: []
labels: {}
annotations: {}
podLabels: {}
podAnnotations: {}
## Additional PostgreSQL Master Volume mounts
##
extraVolumeMounts: []
## Additional PostgreSQL Master Volumes
##
extraVolumes: []
##
## PostgreSQL Slave parameters
##
slave:
## Node, affinity and tolerations labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
affinity: {}
tolerations: []
labels: {}
annotations: {}
podLabels: {}
podAnnotations: {}
## Additional PostgreSQL Slave Volume mounts
##
extraVolumeMounts: []
## Additional PostgreSQL Slave Volumes
##
extraVolumes: []
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
memory: 256Mi
cpu: 250m
networkPolicy:
## Enable creation of NetworkPolicy resources.
##
enabled: false
## The Policy model to apply. When set to false, only pods with the correct
## client label will have network access to the port PostgreSQL is listening
## on. When true, PostgreSQL will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Configure metrics exporter
##
metrics:
enabled: false
# resources: {}
service:
type: ClusterIP
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9187"
loadBalancerIP:
serviceMonitor:
enabled: false
additionalLabels: {}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.5.1-debian-9-r73
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: false
runAsUser: 1001
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
## Configure extra options for liveness and readiness probes
livenessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
# Define custom environment variables to pass to the image here
extraEnv: {}
charts/artifactory-ha/v1.0.0/ci/ingress-values.yaml 0 → 100644
View file @ 6ae841fa
artifactory:
persistence:
enabled: true
postgresql:
postgresqlPassword: "password"
postgresqlConfiguration:
max_connections: "102"
persistence:
enabled: true
nginx:
enabled: false
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: NodePort
ingress:
enabled: true
defaultBackend:
enabled: false
hosts:
- artifactory.test.com
annotations:
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/proxy-read-timeout: "600"
ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "0"
charts/artifactory-ha/v1.0.0/ci/nginx-values.yaml 0 → 100644
View file @ 6ae841fa
artifactory:
persistence:
enabled: true
loggers:
- request.log
- access.log
catalinaLoggers:
- localhost.log
postgresql:
postgresqlPassword: "password"
postgresqlConfiguration:
max_connections: "102"
persistence:
enabled: true
nginx:
enabled: true
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: NodePort
loggers:
- access.log
- error.log
charts/artifactory-ha/v1.0.0/questions.yml 0 → 100644
View file @ 6ae841fa
categories:
- repository
labels:
io.rancher.certified: partner
questions:
- variable: defaultImage
default: "true"
description: "Use default Docker image"
label: Use Default Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: initContainerImage
default: "alpine:3.10"
description: "Init image name"
type: string
label: Init image name
- variable: artifactory.image.repository
default: "docker.bintray.io/jfrog/artifactory-pro"
description: "Artifactory image name"
type: string
label: Artifactory Image Name
- variable: artifactory.image.version
default: "6.13.1"
description: "Artifactory image tag"
type: string
label: Artifactory Image Tag
- variable: nginx.image.repository
default: "docker.bintray.io/jfrog/nginx-artifactory-pro"
description: "Nginx image name"
type: string
label: Nginx Image Name
- variable: nginx.image.version
default: "6.13.1"
description: "Nginx image tag"
type: string
label: Nginx Image Tag
- variable: imagePullSecrets
description: "Image Pull Secret"
type: string
label: Image Pull Secret
# Services and LoadBalancing Settings
- variable: ingress.enabled
default: true
description: "Expose app using Layer 7 Load Balancer - ingress"
type: boolean
label: Expose app using Layer 7 Load Balancer
show_subquestion_if: true
group: "Services and Load Balancing"
required: true
subquestions:
- variable: ingress.hosts[0]
default: "xip.io"
description: "Hostname to your artifactory installation"
type: hostname
required: true
label: Hostname
# Nginx Settings
- variable: nginx.enabled
default: false
description: "Enable nginx server"
type: boolean
label: Enable Nginx Server
group: "Services and Load Balancing"
required: true
show_if: "ingress.enabled=false"
- variable: nginx.service.type
default: "LoadBalancer"
description: "Nginx service type"
type: enum
required: true
label: Nginx Service Type
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
options:
- "ClusterIP"
- "NodePort"
- "LoadBalancer"
- variable: nginx.service.loadBalancerIP
default: ""
description: "Provide Static IP to configure with Nginx"
type: string
label: Config Nginx LoadBalancer IP
show_if: "nginx.enabled=true&&nginx.service.type=LoadBalancer&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.tlsSecretName
default: ""
description: "Provide SSL Secret name to configure with Nginx"
type: string
label: Config Nginx SSL Secret
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.customArtifactoryConfigMap
default: ""
description: "Provide configMap name to configure Nginx with custom `artifactory.conf`"
type: string
label: ConfigMap for Nginx Artifactory Config
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.env.skipAutoConfigUpdate
default: "false"
description: "Skip Nginx Auto Configuration Update"
type: string
label: Skip Nginx Auto Configuration Update
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.persistence.enabled
default: false
description: "enable persistence storage for nginx server"
type: boolean
label: Enable Persistent Storage for Nginx Service
group: "Services and Load Balancing"
show_if: "nginx.enabled=true&&ingress.enabled=false"
- variable: nginx.persistence.size
default: 5Gi
description: "Nginx persistent volume size"
type: string
label: Nginx Persistent Volume Size
group: "Services and Load Balancing"
show_if: "nginx.enabled=true&&nginx.persistence.enabled=true&&ingress.enabled=false"
- variable: nginx.persistence.storageClass
default: ""
description: "If undefined or null, uses the default StorageClass. Default to null"
type: storageclass
label: Default StorageClass for Nginx
show_if: "nginx.enabled=true&&nginx.persistence.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.requests.cpu
default: "200m"
description: "Nginx initial cpu request"
type: string
label: Nginx Initial CPU Request
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.requests.memory
default: "500Mi"
description: "Nginx initial memory request"
type: string
label: Nginx Initial Memory Request
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.limits.cpu
default: "1"
description: "Nginx cpu limit"
type: string
label: Nginx CPU Limit
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
- variable: nginx.resources.limits.memory
default: "1Gi"
description: "Nginx memory limit"
type: string
label: Nginx Memory Limit
show_if: "nginx.enabled=true&&ingress.enabled=false"
group: "Services and Load Balancing"
# Artifactory Storage Settings
- variable: artifactory.persistence.enabled
default: true
description: "enable persistence storage for Artifactory"
type: boolean
label: Enable Persistent Storage for Artifactory
group: "Artifactory Storage"
required: true
show_subquestion_if: true
subquestions:
- variable: artifactory.persistence.size
default: "50Gi"
description: "Artifactory persistent volume size"
type: string
label: Artifactory Persistent Volume Size
required: true
- variable: artifactory.persistence.type
default: "file-system"
description: "Artifactory persistent volume size"
type: enum
label: Artifactory Persistent Storage Type
required: true
options:
- "file-system"
- "nfs"
- "google-storage"
- "aws-s3"
#Storage Type Settings
- variable: artifactory.persistence.nfs.ip
default: ""
type: string
group: "Artifactory Storage"
label: NFS Server IP
description: "NFS server IP"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.haDataMount
default: "/data"
type: string
label: NFS Data Directory
description: "NFS data directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.haBackupMount
default: "/backup"
type: string
label: NFS Backup Directory
description: "NFS backup directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.dataDir
default: "/var/opt/jfrog/artifactory-ha"
type: string
label: HA Data Directory
description: "HA data directory"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.backupDir
default: "/var/opt/jfrog/artifactory-backup"
type: string
label: HA Backup Directory
description: "HA backup directory "
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
- variable: artifactory.persistence.nfs.capacity
default: "200Gi"
type: string
label: NFS PVC Size
description: "NFS PVC size "
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=nfs"
#Google storage settings
- variable: artifactory.persistence.googleStorage.bucketName
default: "artifactory-ha-gcp"
type: string
label: Google Storage Bucket Name
description: "Google storage bucket name"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.identity
default: ""
type: string
label: Google Storage Service Account ID
description: "Google Storage service account id"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.credential
default: ""
type: string
label: Google Storage Service Account Key
description: "Google Storage service account key"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
- variable: artifactory.persistence.googleStorage.path
default: "artifactory-ha/filestore"
type: string
label: Google Storage Path In Bucket
description: "Google Storage path in bucket"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=google-storage"
# awsS3 storage settings
- variable: artifactory.persistence.awsS3.bucketName
default: "artifactory-ha-aws"
type: string
label: AWS S3 Bucket Name
description: "AWS S3 bucket name"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.region
default: ""
type: string
label: AWS S3 Bucket Region
description: "AWS S3 bucket region"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.identity
default: ""
type: string
label: AWS S3 AWS_ACCESS_KEY_ID
description: "AWS S3 AWS_ACCESS_KEY_ID"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.credential
default: ""
type: string
label: AWS S3 AWS_SECRET_ACCESS_KEY
description: "AWS S3 AWS_SECRET_ACCESS_KEY"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
- variable: artifactory.persistence.awsS3.path
default: "artifactory-ha/filestore"
type: string
label: AWS S3 Path In Bucket
description: "AWS S3 path in bucket"
group: "Artifactory Storage"
show_if: "artifactory.persistence.enabled=true&&artifactory.persistence.type=aws-s3"
# Database Settings
- variable: postgresql.enabled
default: true
description: "Enable PostgreSQL"
type: boolean
required: true
label: Enable PostgreSQL
group: "Database Settings"
show_subquestion_if: "true"
subquestions:
- variable: postgresql.persistence.enabled
default: false
description: "enable persistence storage for PostgreSQL"
type: boolean
label: Enable Persistent Storage for PostgreSQL
- variable: postgresql.persistence.size
default: 20Gi
description: "PostgreSQL persistent volume size"
type: string
label: PostgreSQL Persistent Volume Size
show_if: "postgresql.enabled=true&&postgresql.persistence.enabled=true"
- variable: postgresql.persistence.storageClass
default: ""
description: "If undefined or null, uses the default StorageClass. Default to null"
type: storageclass
label: Default StorageClass for PostgreSQL
show_if: "postgresql.enabled=true&&postgresql.persistence.enabled=true"
- variable: postgresql.resources.requests.cpu
default: "200m"
description: "PostgreSQL initial cpu request"
type: string
label: PostgreSQL Initial CPU Request
show_if: "postgresql.enabled=true"
- variable: postgresql.resources.requests.memory
default: "500Mi"
description: "PostgreSQL initial memory request"
type: string
label: PostgreSQL Initial Memory Request
show_if: "postgresql.enabled=true"
- variable: postgresql.resources.limits.cpu
default: "1"
description: "PostgreSQL cpu limit"
type: string
label: PostgreSQL CPU Limit
show_if: "postgresql.enabled=true"
- variable: postgresql.resources.limits.memory
default: "1Gi"
description: "PostgreSQL memory limit"
type: string
label: PostgreSQL Memory Limit
show_if: "postgresql.enabled=true"
- variable: database.type
default: "postgresql"
description: "xternal database type (postgresql, mysql, oracle or mssql)"
type: enum
required: true
label: External Database Type
group: "Database Settings"
show_if: "postgresql.enabled=false"
options:
- "postgresql"
- "mysql"
- "oracle"
- "mssql"
- variable: database.url
default: ""
description: "External database URL. If you set the url, leave host and port empty"
type: string
label: External Database URL
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.host
default: ""
description: "External database hostname"
type: string
label: External Database Hostname
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.port
default: ""
description: "External database port"
type: string
label: External Database Port
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.user
default: ""
description: "External database username"
type: string
label: External Database Username
group: "Database Settings"
show_if: "postgresql.enabled=false"
- variable: database.password
default: ""
description: "External database password"
type: string
label: External Database Password
group: "Database Settings"
show_if: "postgresql.enabled=false"
# Advance Settings
- variable: advancedOptions
default: false
description: "Show advanced configurations"
label: Show Advanced Configurations
type: boolean
show_subquestion_if: true
group: "Advanced Options"
subquestions:
- variable: artifactory.masterKey
default: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
description: "Artifactory master key"
type: string
label: Artifactory master key
- variable: artifactory.primary.resources.requests.cpu
default: "500m"
description: "Artifactory primary node initial cpu request"
type: string
label: Artifactory Primary Node Initial CPU Request
- variable: artifactory.primary.resources.requests.memory
default: "1Gi"
description: "Artifactory primary node initial memory request"
type: string
label: Artifactory Primary Node Initial Memory Request
- variable: artifactory.primary.javaOpts.xms
default: "1g"
description: "Artifactory primary node java Xms size"
type: string
label: Artifactory Primary Node Java Xms Size
- variable: artifactory.primary.resources.limits.cpu
default: "2"
description: "Artifactory primary node cpu limit"
type: string
label: Artifactory Primary Node CPU Limit
- variable: artifactory.primary.resources.limits.memory
default: "4Gi"
description: "Artifactory primary node memory limit"
type: string
label: Artifactory Primary Node Memory Limit
- variable: artifactory.primary.javaOpts.xmx
default: "4g"
description: "Artifactory primary node java Xmx size"
type: string
label: Artifactory Primary Node Java Xmx Size
- variable: artifactory.node.resources.requests.cpu
default: "500m"
description: "Artifactory member node initial cpu request"
type: string
label: Artifactory Member Node Initial CPU Request
- variable: artifactory.node.resources.requests.memory
default: "2Gi"
description: "Artifactory member node initial memory request"
type: string
label: Artifactory Member Node Initial Memory Request
- variable: artifactory.node.javaOpts.xms
default: "1g"
description: "Artifactory member node java Xms size"
type: string
label: Artifactory Member Node Java Xms Size
- variable: artifactory.node.resources.limits.cpu
default: "2"
description: "Artifactory member node cpu limit"
type: string
label: Artifactory Member Node CPU Limit
- variable: artifactory.node.resources.limits.memory
default: "4Gi"
description: "Artifactory member node memory limit"
type: string
label: Artifactory Member Node Memory Limit
- variable: artifactory.node.javaOpts.xmx
default: "4g"
description: "Artifactory member node java Xmx size"
type: string
label: Artifactory Member Node Java Xmx Size
charts/artifactory-ha/v1.0.0/requirements.lock 0 → 100644
View file @ 6ae841fa
dependencies:
- name: postgresql
repository: https://kubernetes-charts.storage.googleapis.com/
version: 6.5.3
digest: sha256:5074ce11914b886ccd7925916115f4370ffe2343c39968a69e40ab2ccd593de6
generated: 2019-10-27T16:15:40.559563+02:00
charts/artifactory-ha/v1.0.0/requirements.yaml 0 → 100644
View file @ 6ae841fa
dependencies:
- name: postgresql
version: 6.5.3
repository: https://kubernetes-charts.storage.googleapis.com/
condition: postgresql.enabled
charts/artifactory-ha/v1.0.0/templates/NOTES.txt 0 → 100644
View file @ 6ae841fa
Congratulations. You have just deployed JFrog Artifactory HA!
{{- if and (not .Values.artifactory.masterKeySecretName) (eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") }}
***************************************** WARNING ******************************************
* Your Artifactory master key is still set to the provided example: *
* artifactory.masterKey=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF *
* *
* You should change this to your own generated key: *
* $ export MASTER_KEY=$(openssl rand -hex 32) *
* $ echo ${MASTER_KEY} *
* *
* Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}' *
* *
* Alternatively, you can use a pre-existing secret with a key called master-key with *
* '--set artifactory.masterKeySecretName=${SECRET_NAME}' *
********************************************************************************************
{{- end }}
{{- if .Values.postgresql.enabled }}
DATABASE:
To extract the database password, run the following
export DB_PASSWORD=$(kubectl get --namespace {{ .Release.Namespace }} $(kubectl get secret --namespace {{ .Release.Namespace }} -o name | grep postgresql) -o jsonpath="{.data.postgresql-password}" | base64 --decode)
echo ${DB_PASSWORD}
{{- end }}
SETUP:
1. Get the Artifactory IP and URL
{{- if contains "NodePort" .Values.nginx.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
{{- else if contains "LoadBalancer" .Values.nginx.service.type }}
NOTE: It may take a few minutes for the LoadBalancer public IP to be available!
You can watch the status of the service by running 'kubectl get svc -w {{ template "artifactory-ha.nginx.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.nginx.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
{{- else if contains "ClusterIP" .Values.nginx.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component={{ .Values.nginx.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:80
echo http://127.0.0.1:8080
{{- end }}
2. Open Artifactory in your browser
Default credential for Artifactory:
user: admin
password: password
{{- if .Values.artifactory.license.secret }}
3. Manage Artifactory license through the {{ .Values.artifactory.license.secret }} secret ONLY!
Since the artifactory license(s) is managed with a secret ({{ .Values.artifactory.license.secret }}), any change through the Artifactory UI might not be saved!
{{- else }}
3. Add HA licenses to activate Artifactory HA through the Artifactory UI
NOTE: Each Artifactory node requires a valid license. See https://www.jfrog.com/confluence/display/RTF/HA+Installation+and+Setup for more details.
{{- end }}
{{ if or .Values.artifactory.primary.javaOpts.jmx.enabled .Values.artifactory.node.javaOpts.jmx.enabled }}
JMX configuration:
{{- if not (contains "LoadBalancer" .Values.artifactory.service.type) }}
If you want to access JMX from you computer with jconsole, you should set ".Values.artifactory.service.type=LoadBalancer" !!!
{{ end }}
1. Get the Artifactory service IP:
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
export PRIMARY_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.primary.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
{{- end }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
export MEMBER_SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "artifactory-ha.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
{{- end }}
2. Map the service name to the service IP in /etc/hosts:
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
sudo sh -c "echo \"${PRIMARY_SERVICE_IP} {{ template "artifactory-ha.primary.name" . }}\" >> /etc/hosts"
{{- end }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
sudo sh -c "echo \"${MEMBER_SERVICE_IP} {{ template "artifactory-ha.fullname" . }}\" >> /etc/hosts"
{{- end }}
3. Launch jconsole:
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
jconsole {{ template "artifactory-ha.primary.name" . }}:{{ .Values.artifactory.primary.javaOpts.jmx.port }}
{{- end }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
jconsole {{ template "artifactory-ha.fullname" . }}:{{ .Values.artifactory.node.javaOpts.jmx.port }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/_helpers.tpl 0 → 100644
View file @ 6ae841fa
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "artifactory-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The primary node name
*/}}
{{- define "artifactory-ha.primary.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-primary" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
The member node name
*/}}
{{- define "artifactory-ha.node.name" -}}
{{- $name := .Release.Name | trunc 29 -}}
{{- printf "%s-%s-member" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name nginx service.
*/}}
{{- define "artifactory-ha.nginx.name" -}}
{{- default .Values.nginx.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "artifactory-ha.nginx.fullname" -}}
{{- if .Values.nginx.fullnameOverride -}}
{{- .Values.nginx.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nginx.name -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "artifactory-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "artifactory-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "artifactory-ha.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Generate SSL certificates
*/}}
{{- define "artifactory-ha.gen-certs" -}}
{{- $altNames := list ( printf "%s.%s" (include "artifactory-ha.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "artifactory-ha.name" .) .Release.Namespace ) -}}
{{- $ca := genCA "artifactory-ca" 365 -}}
{{- $cert := genSignedCert ( include "artifactory-ha.name" . ) nil $altNames 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end -}}
charts/artifactory-ha/v1.0.0/templates/access-bootstrap-creds.yaml 0 → 100644
View file @ 6ae841fa
{{- if not (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) }}
{{- if .Values.artifactory.accessAdmin.password }}
kind: Secret
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
bootstrap.creds: {{ (printf "access-admin@%s=%s" .Values.artifactory.accessAdmin.ip .Values.artifactory.accessAdmin.password) | b64enc }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/artifactory-binarystore-secret.yaml 0 → 100644
View file @ 6ae841fa
{{- if not .Values.artifactory.persistence.customBinarystoreXmlSecret }}
kind: Secret
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-binarystore
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
stringData:
binarystore.xml: |-
{{ tpl .Values.artifactory.persistence.binarystoreXml . | indent 4 }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/artifactory-installer-info.yaml 0 → 100644
View file @ 6ae841fa
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-installer-info
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
installer-info.json: |
{
"productId": "Helm_artifactory-ha/{{ .Chart.Version }}",
"features": [
{
"featureId": "ArtifactoryVersion/{{ default .Chart.AppVersion .Values.artifactory.image.version }}"
},
{
"featureId": "{{ if .Values.postgresql.enabled }}postgresql{{ else }}{{ default "derby" .Values.database.type }}{{ end }}/0.0.0"
},
{
"featureId": "Platform/{{ default "kubernetes" .Values.installer.platform }}"
}
]
}
charts/artifactory-ha/v1.0.0/templates/artifactory-license-secret.yaml 0 → 100644
View file @ 6ae841fa
{{- with .Values.artifactory.license.licenseKey }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" $ }}-license
labels:
app: {{ template "artifactory-ha.name" $ }}
chart: {{ template "artifactory-ha.chart" $ }}
heritage: {{ $.Release.Service }}
release: {{ $.Release.Name }}
type: Opaque
data:
artifactory.lic: {{ . | b64enc | quote }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v1.0.0/templates/artifactory-networkpolicy.yaml 0 → 100644
View file @ 6ae841fa
{{- range .Values.networkpolicy }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "artifactory-ha.fullname" $ }}-{{ .name }}-networkpolicy
labels:
app: {{ template "artifactory-ha.name" $ }}
chart: {{ template "artifactory-ha.chart" $ }}
release: {{ $.Release.Name }}
heritage: {{ $.Release.Service }}
spec:
{{- if .podSelector }}
podSelector:
{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}}
{{ else }}
podSelector: {}
{{- end }}
policyTypes:
{{- if .ingress }}
- Ingress
{{- end }}
{{- if .egress }}
- Egress
{{- end }}
{{- if .ingress }}
ingress:
{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}}
{{- end }}
{{- if .egress }}
egress:
{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}}
{{- end }}
---
{{- end -}}
\ No newline at end of file
charts/artifactory-ha/v1.0.0/templates/artifactory-nfs-pvc.yaml 0 → 100644
View file @ 6ae841fa
{{- if eq .Values.artifactory.persistence.type "nfs" }}
### Artifactory HA data
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-data-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haDataMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-data-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-data-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
---
### Artifactory HA backup
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pv
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
id: {{ template "artifactory-ha.name" . }}-backup-pv
type: nfs-volume
spec:
capacity:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
server: {{ .Values.artifactory.persistence.nfs.ip }}
path: "{{ .Values.artifactory.persistence.nfs.haBackupMount }}"
readOnly: false
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.fullname" . }}-backup-pvc
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: nfs-volume
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: {{ .Values.artifactory.persistence.nfs.capacity }}
selector:
matchLabels:
id: {{ template "artifactory-ha.name" . }}-backup-pv
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v1.0.0/templates/artifactory-node-pdb.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "artifactory-ha.fullname" . }}-node
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
release: {{ .Release.Name }}
minAvailable: {{ .Values.artifactory.node.minAvailable }}
charts/artifactory-ha/v1.0.0/templates/artifactory-node-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.node.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- if .Values.artifactory.node.labels }}
{{ toYaml .Values.artifactory.node.labels | indent 4 }}
{{- end }}
spec:
serviceName: {{ template "artifactory-ha.node.name" . }}
replicas: {{ .Values.artifactory.node.replicaCount }}
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.node.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
role: {{ template "artifactory-ha.node.name" . }}
heritage: {{ .Release.Service }}
component: {{ .Values.artifactory.name }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds}}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.customInitContainersBegin }}
{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }};
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
{{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found;
rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found;
rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found;
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}"
{{- end }}
- name: artifactory-ha-backup
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if .Values.waitForDatabase }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
{{- if and .Values.database.host .Values.database.port }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- else }}
until true; do
{{- end }}
{{- end }}
sleep 2;
done;
{{- end }}
{{- if .Values.artifactory.customInitContainers }}
{{ tpl .Values.artifactory.customInitContainers . | indent 6 }}
{{- end }}
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.userPluginSecrets }}
echo "Copying plugins";
cp -Lrf /tmp/plugin/*/* /tmp/plugins;
{{- end }}
{{- if .Values.artifactory.preStartCommand }}
echo "Running custom preStartCommand command";
{{ tpl .Values.artifactory.preStartCommand . }};
{{- end }}
/entrypoint-artifactory.sh
{{- if .Values.artifactory.postStartCommand }}
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
echo;
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{ .Values.postgresql.postgresqlUsername }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgresql-password
{{- else }}
- name: DB_TYPE
value: '{{ required "Must set database.type when not using the PostgreSQL sub-chart (postgresql.enabled=false) " .Values.database.type }}'
{{- if or .Values.database.url .Values.database.secrets.url }}
- name: DB_URL
{{- if .Values.database.url }}
value: '{{.Values.database.url }}'
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.url.name }}
key: {{ .Values.database.secrets.url.key }}
{{- end }}
{{- else }}
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
{{- end }}
{{- if .Values.database.secrets.user }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
{{- end }}
{{- if .Values.database.secrets.password }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- else }}
{{- if and .Values.database.type .Values.database.user }}
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
{{- end }}
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: >
{{- with .Values.artifactory.node.javaOpts }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory-ha.fullname" $ }}
{{- end }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- if $.Values.artifactory.javaOpts.other }}
{{ $.Values.artifactory.javaOpts.other }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
key: master-key
- name: HA_IS_PRIMARY
value: "false"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ART_PRIMARY_BASE_URL
value: 'http://{{ template "artifactory-ha.primary.name" . }}:8081/artifactory'
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: HA_DATA_DIR
value: "{{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
{{- range .Values.artifactory.extraEnvironmentVariables }}
- name: {{ .name }}
value: '{{ tpl .value $ }}'
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
{{- if .Values.artifactory.node.javaOpts.jmx.enabled }}
- containerPort: {{ .Values.artifactory.node.javaOpts.jmx.port }}
{{- end }}
volumeMounts:
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
mountPath: "/tmp/plugins/"
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
mountPath: "/tmp/plugin/{{ tpl . $ }}"
{{- end }}
{{- end }}
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}"
{{- end }}
- name: artifactory-ha-backup
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/replicator_extra_conf/replicator.yaml"
subPath: replicator.yaml
{{- end }}
- name: installer-info
mountPath: "/artifactory_extra_conf/info/installer-info.json"
subPath: installer-info.json
{{- if .Values.artifactory.customVolumeMounts }}
{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.artifactory.node.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.artifactory.readinessProbe.path }}
port: 8040
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.artifactory.livenessProbe.path }}
port: 8040
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- tail
args:
- '-F'
- '{{ $mountPath }}/logs/{{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
{{- end }}
{{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- 'sh'
- '-c'
- 'sh /scripts/tail-log.sh {{ $mountPath }}/logs/catalina {{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
- name: catalina-logger
mountPath: /scripts/tail-log.sh
subPath: tail-log.sh
{{- end }}
{{- end }}
{{- if .Values.artifactory.customSidecarContainers }}
{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }}
{{- end }}
{{- with .Values.artifactory.node.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.artifactory.node.affinity }}
{{- with .Values.artifactory.node.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
{{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
{{- end }}
{{- with .Values.artifactory.node.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
secret:
{{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }}
secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-binarystore
{{- end }}
- name: installer-info
configMap:
name: {{ template "artifactory-ha.fullname" . }}-installer-info
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
emptyDir: {}
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
secret:
secretName: {{ tpl . $ }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if .Values.artifactory.catalinaLoggers }}
- name: catalina-logger
configMap:
name: {{ template "artifactory-ha.fullname" . }}-catalina-logger
{{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }}
{{- end }}
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.customVolumes }}
{{ tpl .Values.artifactory.customVolumes . | indent 6 }}
{{- end }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: volume
{{- if not .Values.artifactory.node.persistence.existingClaim }}
spec:
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/artifactory-primary-statefulset.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- if and .Release.IsUpgrade .Values.postgresql.enabled }}
databaseUpgradeReady: {{ required "\n\n*********\nIMPORTANT: UPGRADE FAILED to prevent data loss!\nReview CHANGELOG.md (https://github.com/jfrog/charts/blob/master/stable/artifactory-ha/CHANGELOG.md) and prepare PostgreSQL DB migration before upgrading.\nOnce ready, explicitly pass 'databaseUpgradeReady=yes' to upgrade and complete migration after server starts!\n" .Values.databaseUpgradeReady | quote }}
{{- end }}
{{- if .Values.artifactory.primary.labels }}
{{ toYaml .Values.artifactory.primary.labels | indent 4 }}
{{- end }}
spec:
serviceName: {{ template "artifactory-ha.primary.name" . }}
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
role: {{ template "artifactory-ha.primary.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
role: {{ template "artifactory-ha.primary.name" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore-secret.yaml") . | sha256sum }}
{{- if not (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) }}
checksum/access-creds: {{ include (print $.Template.BasePath "/access-bootstrap-creds.yaml") . | sha256sum }}
{{- end }}
{{- range $key, $value := .Values.artifactory.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.artifactory.terminationGracePeriodSeconds }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
securityContext:
runAsUser: {{ .Values.artifactory.uid }}
fsGroup: {{ .Values.artifactory.uid }}
initContainers:
{{- if .Values.artifactory.customInitContainersBegin }}
{{ tpl .Values.artifactory.customInitContainersBegin . | indent 6 }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
mkdir -p {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }};
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
{{- end }}
{{- if .Values.artifactory.deleteDBPropertiesOnStartup }}
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- 'rm -fv {{ .Values.artifactory.persistence.mountPath }}/etc/db.properties'
volumeMounts:
- mountPath: {{ .Values.artifactory.persistence.mountPath | quote }}
name: volume
{{- end }}
- name: "remove-lost-found"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
rm -rfv {{ .Values.artifactory.persistence.mountPath }}/lost+found;
rm -rfv {{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}/lost+found;
rm -rfv {{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}/lost+found;
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}"
{{- end }}
- name: artifactory-ha-backup
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if or (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) .Values.artifactory.accessAdmin.password }}
- name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
echo "Preparing custom Access bootstrap.creds";
mkdir -p {{ .Values.artifactory.persistence.mountPath }}/access/etc;
cp -Lrf /tmp/access/bootstrap.creds {{ .Values.artifactory.persistence.mountPath }}/access/etc/bootstrap.creds;
chmod 600 {{ .Values.artifactory.persistence.mountPath }}/access/etc/bootstrap.creds;
volumeMounts:
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
- name: access-bootstrap-creds
mountPath: "/tmp/access/bootstrap.creds"
{{- if and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey }}
subPath: {{ .Values.artifactory.accessAdmin.dataKey }}
{{- else }}
subPath: bootstrap.creds
{{- end }}
{{- end }}
{{- if .Values.waitForDatabase }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
{{- if .Values.postgresql.enabled }}
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
{{- else }}
{{- if and .Values.database.host .Values.database.port }}
until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; do
{{- else }}
until true; do
{{- end }}
{{- end }}
sleep 2;
done;
{{- end }}
{{- if .Values.artifactory.customInitContainers }}
{{ tpl .Values.artifactory.customInitContainers . | indent 6 }}
{{- end }}
containers:
- name: {{ .Values.artifactory.name }}
image: '{{ .Values.artifactory.image.repository }}:{{ default .Chart.AppVersion .Values.artifactory.image.version }}'
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
securityContext:
allowPrivilegeEscalation: false
command:
- '/bin/sh'
- '-c'
- >
{{- if .Values.artifactory.configMapName }}
echo "Copying bootstrap configs";
cp -Lrf /bootstrap/* /artifactory_extra_conf/;
{{- end }}
{{- if .Values.artifactory.userPluginSecrets }}
echo "Copying plugins";
cp -Lrf /tmp/plugin/*/* /tmp/plugins;
{{- end }}
{{- range .Values.artifactory.copyOnEveryStartup }}
cp -Lrf {{ .source }} {{ $.Values.artifactory.persistence.mountPath }}/{{ .target }};
{{- end }}
{{- if .Values.artifactory.preStartCommand }}
echo "Running custom preStartCommand command";
{{ tpl .Values.artifactory.preStartCommand . }};
{{- end }}
/entrypoint-artifactory.sh
{{- if .Values.artifactory.postStartCommand }}
lifecycle:
postStart:
exec:
command:
- '/bin/sh'
- '-c'
- >
{{ .Values.artifactory.postStartCommand }}
{{- end }}
env:
{{- if .Values.postgresql.enabled }}
- name: DB_TYPE
value: 'postgresql'
- name: DB_HOST
value: '{{ .Release.Name }}-postgresql'
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
- name: DB_USER
value: '{{ .Values.postgresql.postgresqlUsername }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: postgresql-password
{{- else }}
- name: DB_TYPE
value: '{{ required "Must set database.type when not using the PostgreSQL sub-chart (postgresql.enabled=false) " .Values.database.type }}'
{{- if or .Values.database.url .Values.database.secrets.url }}
- name: DB_URL
{{- if .Values.database.url }}
value: '{{.Values.database.url }}'
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.url.name }}
key: {{ .Values.database.secrets.url.key }}
{{- end }}
{{- else }}
- name: DB_HOST
value: '{{ .Values.database.host }}'
- name: DB_PORT
value: '{{ .Values.database.port }}'
{{- end }}
{{- if .Values.database.secrets.user }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.user.name }}
key: {{ .Values.database.secrets.user.key }}
{{- end }}
{{- if .Values.database.secrets.password }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.secrets.password.name }}
key: {{ .Values.database.secrets.password.key }}
{{- else }}
{{- if and .Values.database.type .Values.database.user }}
- name: DB_USER
value: '{{ .Values.database.user }}'
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "artifactory-ha.fullname" . }}
key: db-password
{{- end }}
{{- end }}
{{- end }}
- name: EXTRA_JAVA_OPTIONS
value: >
{{- with .Values.artifactory.primary.javaOpts }}
-Dartifactory.async.corePoolSize={{ .corePoolSize }}
{{- if .xms }}
-Xms{{ .xms }}
{{- end }}
{{- if .xmx }}
-Xmx{{ .xmx }}
{{- end }}
{{- if .jmx.enabled }}
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.rmi.port={{ .jmx.port }}
-Dcom.sun.management.jmxremote.ssl={{ .jmx.ssl }}
{{- if .jmx.host }}
-Djava.rmi.server.hostname={{ tpl .jmx.host $ }}
{{- else }}
-Djava.rmi.server.hostname={{ template "artifactory-ha.primary.name" $ }}
{{- end }}
-Dcom.sun.management.jmxremote.authenticate=false
{{- end }}
{{- if .other }}
{{ .other }}
{{- end }}
{{- if $.Values.artifactory.javaOpts.other }}
{{ $.Values.artifactory.javaOpts.other }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: START_LOCAL_REPLICATOR
value: "true"
{{- end }}
- name: ARTIFACTORY_MASTER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
key: master-key
- name: HA_IS_PRIMARY
value: "true"
- name: HA_MEMBERSHIP_PORT
value: "{{ .Values.artifactory.membershipPort }}"
- name: HA_NODE_ID
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
- name: HA_DATA_DIR
value: "{{ tpl .Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir . }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: HA_DATA_DIR
value: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: HA_BACKUP_DIR
value: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- end }}
{{- range .Values.artifactory.extraEnvironmentVariables }}
- name: {{ .name }}
value: '{{ tpl .value $ }}'
{{- end }}
ports:
- containerPort: {{ .Values.artifactory.internalPort }}
{{- if .Values.artifactory.primary.javaOpts.jmx.enabled }}
- containerPort: {{ .Values.artifactory.primary.javaOpts.jmx.port }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.artifactory.internalPortReplicator }}
{{- end }}
volumeMounts:
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
mountPath: "/tmp/plugins/"
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
mountPath: "/tmp/plugin/{{ tpl . $ }}"
{{- end }}
{{- end }}
- name: volume
mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
mountPath: "{{ tpl $.Values.artifactory.persistence.fileSystem.existingSharedClaim.dataDir $ }}/filestore{{ $sharedClaimNumber }}"
{{- end }}
- name: artifactory-ha-backup
mountPath: "{{ $.Values.artifactory.persistence.fileSystem.existingSharedClaim.backupDir }}"
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
mountPath: "{{ .Values.artifactory.persistence.nfs.dataDir }}"
- name: artifactory-ha-backup
mountPath: "{{ .Values.artifactory.persistence.nfs.backupDir }}"
{{- else }}
- name: binarystore-xml
mountPath: "/artifactory_extra_conf/binarystore.xml"
subPath: binarystore.xml
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
mountPath: "/bootstrap/"
{{- end }}
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
- name: artifactory-license
mountPath: "/artifactory_extra_conf/artifactory.cluster.license"
{{- if .Values.artifactory.license.secret }}
subPath: {{ .Values.artifactory.license.dataKey }}
{{- else if .Values.artifactory.license.licenseKey }}
subPath: artifactory.lic
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
mountPath: "/replicator_extra_conf/replicator.yaml"
subPath: replicator.yaml
{{- end }}
- name: installer-info
mountPath: "/artifactory_extra_conf/info/installer-info.json"
subPath: installer-info.json
{{- if .Values.artifactory.customVolumeMounts }}
{{ tpl .Values.artifactory.customVolumeMounts . | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.artifactory.primary.resources | indent 10 }}
{{- if .Values.artifactory.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.artifactory.readinessProbe.path }}
port: 8040
initialDelaySeconds: {{ .Values.artifactory.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.artifactory.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.artifactory.livenessProbe.path }}
port: 8040
initialDelaySeconds: {{ .Values.artifactory.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.artifactory.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.artifactory.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.artifactory.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.artifactory.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.artifactory.persistence.mountPath }}
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- tail
args:
- '-F'
- '{{ $mountPath }}/logs/{{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
{{- end }}
{{ if .Values.artifactory.catalinaLoggers }}
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- 'sh'
- '-c'
- 'sh /scripts/tail-log.sh {{ $mountPath }}/logs/catalina {{ . }}'
volumeMounts:
- name: volume
mountPath: {{ $mountPath }}
- name: catalina-logger
mountPath: /scripts/tail-log.sh
subPath: tail-log.sh
{{- end }}
{{- end }}
{{- if .Values.artifactory.customSidecarContainers }}
{{ tpl .Values.artifactory.customSidecarContainers . | indent 6 }}
{{- end }}
{{- with .Values.artifactory.primary.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.artifactory.primary.affinity }}
{{- with .Values.artifactory.primary.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- else if eq .Values.artifactory.primary.podAntiAffinity.type "soft" }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- else if eq .Values.artifactory.primary.podAntiAffinity.type "hard" }}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.artifactory.primary.podAntiAffinity.topologyKey }}
labelSelector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
{{- end }}
{{- with .Values.artifactory.primary.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: binarystore-xml
secret:
{{- if .Values.artifactory.persistence.customBinarystoreXmlSecret }}
secretName: {{ .Values.artifactory.persistence.customBinarystoreXmlSecret }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-binarystore
{{- end }}
- name: installer-info
configMap:
name: {{ template "artifactory-ha.fullname" . }}-installer-info
{{- if .Values.artifactory.userPluginSecrets }}
- name: tmp-plugins
emptyDir: {}
{{- range .Values.artifactory.userPluginSecrets }}
- name: {{ tpl . $ }}
secret:
secretName: {{ tpl . $ }}
{{- end }}
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: replicator-config
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
{{- if .Values.artifactory.configMapName }}
- name: bootstrap-config
configMap:
name: {{ .Values.artifactory.configMapName }}
{{- end}}
{{- if .Values.artifactory.catalinaLoggers }}
- name: catalina-logger
configMap:
name: {{ template "artifactory-ha.fullname" . }}-catalina-logger
{{- end }}
{{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
- name: artifactory-license
secret:
{{- if .Values.artifactory.license.secret }}
secretName: {{ .Values.artifactory.license.secret }}
{{- else if .Values.artifactory.license.licenseKey }}
secretName: {{ template "artifactory-ha.fullname" . }}-license
{{- end }}
{{- end }}
{{- if or (and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey) .Values.artifactory.accessAdmin.password }}
- name: access-bootstrap-creds
secret:
{{- if and .Values.artifactory.accessAdmin.secret .Values.artifactory.accessAdmin.dataKey }}
secretName: {{ .Values.artifactory.accessAdmin.secret }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-bootstrap-creds
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "file-system" }}
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) }}
- name: artifactory-ha-data-{{ $sharedClaimNumber }}
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-data-pvc-{{ $sharedClaimNumber }}
{{- end }}
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" $ }}-backup-pvc
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "nfs" }}
- name: artifactory-ha-data
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-data-pvc
- name: artifactory-ha-backup
persistentVolumeClaim:
claimName: {{ template "artifactory-ha.fullname" . }}-backup-pvc
{{- end }}
{{- if .Values.artifactory.customVolumes }}
{{ tpl .Values.artifactory.customVolumes . | indent 6 }}
{{- end }}
{{- if not .Values.artifactory.persistence.enabled }}
- name: volume
emptyDir:
sizeLimit: {{ .Values.artifactory.persistence.size }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: volume
{{- if not .Values.artifactory.primary.persistence.existingClaim }}
spec:
{{- if .Values.artifactory.persistence.storageClass }}
{{- if (eq "-" .Values.artifactory.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.artifactory.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes: [ "{{ .Values.artifactory.persistence.accessMode }}" ]
resources:
requests:
storage: {{ .Values.artifactory.persistence.size }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/artifactory-role.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
rules:
{{ toYaml .Values.rbac.role.rules }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/artifactory-rolebinding.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "artifactory-ha.serviceAccountName" . }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: {{ template "artifactory-ha.fullname" . }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/artifactory-secrets.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
kind: Secret
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
type: Opaque
data:
{{- if not .Values.artifactory.masterKeySecretName }}
master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
{{- end }}
{{- if .Values.database.password }}
db-password: {{ .Values.database.password | b64enc | quote }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/artifactory-service.yaml 0 → 100644
View file @ 6ae841fa
# Service for all Artifactory cluster nodes.
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }}
{{- end }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
{{- with .Values.artifactory.node.javaOpts.jmx }}
{{- if .enabled }}
- port: {{ .port }}
targetPort: {{ .port }}
protocol: TCP
name: jmx
{{- end }}
{{- end }}
selector:
{{- if eq .Values.artifactory.service.pool "members" }}
role: {{ template "artifactory-ha.node.name" . }}
{{- end }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
---
# Internal service for Artifactory primary node only!
# Used by member nodes to check readiness of primary node before starting up
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.primary.name" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
type: {{ .Values.artifactory.service.type }}
{{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }}
clusterIP: {{ .Values.artifactory.service.clusterIP }}
{{- end }}
ports:
- port: {{ .Values.artifactory.externalPort }}
targetPort: {{ .Values.artifactory.internalPort }}
protocol: TCP
name: http
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.artifactory.externalPortReplicator }}
targetPort: {{ .Values.artifactory.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end}}
{{- with .Values.artifactory.primary.javaOpts.jmx }}
{{- if .enabled }}
- port: {{ .port }}
targetPort: {{ .port }}
protocol: TCP
name: jmx
{{- end }}
{{- end }}
selector:
role: {{ template "artifactory-ha.primary.name" . }}
app: {{ template "artifactory-ha.name" . }}
component: "{{ .Values.artifactory.name }}"
release: {{ .Release.Name }}
charts/artifactory-ha/v1.0.0/templates/artifactory-serviceaccount.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.artifactory.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "artifactory-ha.serviceAccountName" . }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/catalina-logger-configmap.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.artifactory.catalinaLoggers }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-catalina-logger
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
tail-log.sh: |
#!/bin/sh
LOG_DIR=$1
LOG_NAME=$2
PID=
# Wait for log dir to appear
while [ ! -d ${LOG_DIR} ]; do
sleep 1
done
sleep 5
cd ${LOG_DIR}
LOG_PREFIX=$(echo ${LOG_NAME} | awk -F\. '{print $1}')
# Find the log to tail
LOG_FILE=$(ls -1t ./${LOG_PREFIX}.*.log | head -1)
# echo "Tailing ${LOG_FILE}"
tail -F ${LOG_FILE} &
PID=$!
# Loop forever to see if a new log was created
while true; do
# Find the latest log
NEW_LOG_FILE=$(ls -1t ./${LOG_PREFIX}.*.log | head -1)
# If a new log file is found, kill old tail and switch to tailing it
if [ "${LOG_FILE}" != "${NEW_LOG_FILE}" ]; then
kill -9 ${PID}
wait $! 2>/dev/null
LOG_FILE=${NEW_LOG_FILE}
# echo "Tailing ${LOG_FILE}"
tail -F ${LOG_FILE} &
PID=$!
fi
sleep 2
done
{{- end }}
charts/artifactory-ha/v1.0.0/templates/ingress.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
{{- if semverCompare ">=v1.14.0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ template "artifactory-ha.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.ingress.labels }}
{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}}
{{- end}}
{{- if .Values.ingress.annotations }}
annotations:
{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
{{- end }}
spec:
{{- if .Values.ingress.defaultBackend.enabled }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
rules:
{{- if .Values.ingress.hosts }}
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
- path: {{ $.Values.ingress.path }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- with .Values.ingress.additionalRules }}
{{ tpl . $ | indent 2 }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/artifactory-ha/v1.0.0/templates/nginx-artifactory-conf.yaml 0 → 100644
View file @ 6ae841fa
{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
artifactory.conf: |
{{ tpl .Values.nginx.artifactoryConf . | indent 4 }}
{{- end }}
\ No newline at end of file
charts/artifactory-ha/v1.0.0/templates/nginx-certificate-secret.yaml 0 → 100644
View file @ 6ae841fa
{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: {{ template "artifactory-ha.fullname" . }}-nginx-certificate
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/nginx-conf.yaml 0 → 100644
View file @ 6ae841fa
{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-nginx-conf
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
nginx.conf: |
{{ tpl .Values.nginx.mainConf . | indent 4 }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/nginx-deployment.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.nginx.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
{{- if .Values.nginx.labels }}
{{ toYaml .Values.nginx.labels | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.nginx.replicaCount }}
selector:
matchLabels:
app: {{ template "artifactory-ha.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
template:
metadata:
annotations:
checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-conf.yaml") . | sha256sum }}
checksum/nginx-artifactory-conf: {{ include (print $.Template.BasePath "/nginx-artifactory-conf.yaml") . | sha256sum }}
checksum/replicator-conf: {{ include (print $.Template.BasePath "/replicator-configmap.yaml") . | sha256sum }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
component: {{ .Values.nginx.name }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
initContainers:
- name: "setup"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- '/bin/sh'
- '-c'
- >
rm -rfv {{ .Values.nginx.persistence.mountPath }}/lost+found;
mkdir -p {{ .Values.nginx.persistence.mountPath }}/logs;
volumeMounts:
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
name: nginx-volume
securityContext:
runAsUser: {{ .Values.nginx.uid }}
fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: '{{ .Values.nginx.image.repository }}:{{ default .Chart.AppVersion .Values.nginx.image.version }}'
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
command:
- 'nginx'
- '-g'
- 'daemon off;'
ports:
- containerPort: {{ .Values.nginx.internalPortHttp }}
- containerPort: {{ .Values.nginx.internalPortHttps }}
{{- if .Values.artifactory.replicator.enabled }}
- containerPort: {{ .Values.nginx.internalPortReplicator }}
{{- end }}
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: nginx-artifactory-conf
mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/"
{{- if .Values.artifactory.replicator.enabled }}
- name: nginx-replicator-conf
mountPath: "{{ .Values.nginx.persistence.mountPath }}/conf.d/replicator/"
{{- end }}
- name: nginx-volume
mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
- name: ssl-certificates
mountPath: "{{ .Values.nginx.persistence.mountPath }}/ssl"
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- if .Values.nginx.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.nginx.readinessProbe.path }}
port: 80
initialDelaySeconds: {{ .Values.nginx.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.readinessProbe.successThreshold }}
{{- end }}
{{- if .Values.nginx.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.nginx.livenessProbe.path }}
port: 80
initialDelaySeconds: {{ .Values.nginx.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nginx.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.nginx.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.nginx.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.nginx.livenessProbe.successThreshold }}
{{- end }}
{{- $image := .Values.logger.image.repository }}
{{- $tag := .Values.logger.image.tag }}
{{- $mountPath := .Values.nginx.persistence.mountPath }}
{{- range .Values.nginx.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: '{{ $image }}:{{ $tag }}'
command:
- tail
args:
- '-F'
- '{{ $mountPath }}/logs/{{ . }}'
volumeMounts:
- name: nginx-volume
mountPath: {{ $mountPath }}
{{- end }}
{{- with .Values.nginx.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nginx.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: nginx-conf
configMap:
{{- if .Values.nginx.customConfigMap }}
name: {{ .Values.nginx.customConfigMap }}
{{- else }}
name: {{ template "artifactory-ha.fullname" . }}-nginx-conf
{{- end }}
- name: nginx-artifactory-conf
configMap:
{{- if .Values.nginx.customArtifactoryConfigMap }}
name: {{ .Values.nginx.customArtifactoryConfigMap }}
{{- else }}
name: {{ template "artifactory-ha.fullname" . }}-nginx-artifactory-conf
{{- end }}
{{- if .Values.artifactory.replicator.enabled }}
- name: nginx-replicator-conf
configMap:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
{{- end }}
- name: nginx-volume
{{- if .Values.nginx.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nginx.persistence.existingClaim | default (include "artifactory-ha.nginx.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
- name: ssl-certificates
secret:
{{- if .Values.nginx.tlsSecretName }}
secretName: {{ .Values.nginx.tlsSecretName }}
{{- else }}
secretName: {{ template "artifactory-ha.fullname" . }}-nginx-certificate
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/nginx-pvc.yaml 0 → 100644
View file @ 6ae841fa
{{- if and .Values.nginx.persistence.enabled (.Values.nginx.enabled) (eq (int .Values.nginx.replicaCount) 1) }}
{{- if (not .Values.nginx.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.nginx.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.nginx.persistence.size | quote }}
{{- if .Values.nginx.persistence.storageClass }}
{{- if (eq "-" .Values.nginx.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nginx.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/nginx-service.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.nginx.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "artifactory-ha.nginx.fullname" . }}
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: {{ .Values.nginx.name }}
{{- if .Values.nginx.service.labels }}
{{ toYaml .Values.nginx.service.labels | indent 4 }}
{{- end }}
{{- if .Values.nginx.service.annotations }}
annotations:
{{ toYaml .Values.nginx.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.nginx.service.type }}
{{- if and (eq .Values.nginx.service.type "ClusterIP") .Values.nginx.service.clusterIP }}
clusterIP: {{ .Values.nginx.service.clusterIP }}
{{- end }}
{{- if eq .Values.nginx.service.type "LoadBalancer" }}
{{ if .Values.nginx.service.loadBalancerIP -}}
loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}
{{ end -}}
{{- if .Values.nginx.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }}
{{- end }}
{{- end }}
{{- if .Values.nginx.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.nginx.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
ports:
{{- if .Values.artifactory.replicator.enabled }}
- port: {{ .Values.nginx.externalPortReplicator }}
targetPort: {{ .Values.nginx.internalPortReplicator }}
protocol: TCP
name: replicator
{{- end }}
- port: {{ .Values.nginx.externalPortHttp }}
targetPort: {{ .Values.nginx.internalPortHttp }}
protocol: TCP
name: http
- port: {{ .Values.nginx.externalPortHttps }}
targetPort: {{ .Values.nginx.internalPortHttps }}
protocol: TCP
name: https
selector:
app: {{ template "artifactory-ha.name" . }}
component: {{ .Values.nginx.name }}
release: {{ .Release.Name }}
{{- end }}
charts/artifactory-ha/v1.0.0/templates/replicator-configmap.yaml 0 → 100644
View file @ 6ae841fa
{{- if .Values.artifactory.replicator.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "artifactory-ha.fullname" . }}-replicator-config
labels:
app: {{ template "artifactory-ha.name" . }}
chart: {{ template "artifactory-ha.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
replicator.yaml: |-
externalUrl: {{ required "artifactory.replicator.publicUrl is required when artifactory.replicator.enabled is true" .Values.artifactory.replicator.publicUrl }}
internalUrl: http://localhost:{{ .Values.nginx.internalPortReplicator }}
listenPort: {{ .Values.nginx.internalPortReplicator }}
replicator-nginx.conf: |
## Artifactory replicator
server {
listen {{ .Values.nginx.externalPortReplicator }};
server_name {{ include "artifactory-ha.fullname" . }};
client_max_body_size 0;
location / {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_pass http://{{ include "artifactory-ha.primary.name" . }}:{{ .Values.nginx.internalPortReplicator }};
proxy_http_version 1.1;
}
}
{{- end }}
charts/artifactory-ha/v1.0.0/values-large.yaml 0 → 100644
View file @ 6ae841fa
artifactory:
primary:
resources:
requests:
memory: "6Gi"
cpu: "4"
limits:
memory: "10Gi"
cpu: "8"
javaOpts:
xms: "6g"
xmx: "8g"
node:
replicaCount: 3
resources:
requests:
memory: "6Gi"
cpu: "4"
limits:
memory: "10Gi"
cpu: "8"
javaOpts:
xms: "6g"
xmx: "8g"
charts/artifactory-ha/v1.0.0/values-medium.yaml 0 → 100644
View file @ 6ae841fa
artifactory:
primary:
resources:
requests:
memory: "4Gi"
cpu: "2"
limits:
memory: "8Gi"
cpu: "6"
javaOpts:
xms: "4g"
xmx: "6g"
node:
replicaCount: 2
resources:
requests:
memory: "4Gi"
cpu: "2"
limits:
memory: "8Gi"
cpu: "6"
javaOpts:
xms: "4g"
xmx: "6g"
charts/artifactory-ha/v1.0.0/values-small.yaml 0 → 100644
View file @ 6ae841fa
artifactory:
primary:
resources:
requests:
memory: "4Gi"
cpu: "2"
limits:
memory: "6Gi"
cpu: "4"
javaOpts:
xms: "4g"
xmx: "4g"
node:
replicaCount: 1
resources:
requests:
memory: "4Gi"
cpu: "2"
limits:
memory: "6Gi"
cpu: "4"
javaOpts:
xms: "4g"
xmx: "4g"
charts/artifactory-ha/v1.0.0/values.yaml 0 → 100644
View file @ 6ae841fa
# Default values for artifactory-ha.
# This is a YAML-formatted file.
# Beware when changing values here. You should know what you are doing!
# Access the values with {{ .Values.key.subkey }}
# Common
initContainerImage: "alpine:3.10"
installer:
type:
platform:
# For supporting pulling from private registries
imagePullSecrets:
## Role Based Access Control
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
rbac:
create: true
role:
## Rules to create. It follows the role specification
rules:
- apiGroups:
- ''
resources:
- services
- endpoints
- pods
verbs:
- get
- watch
- list
## Service Account
## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/
##
serviceAccount:
create: true
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fullname template
name:
ingress:
enabled: false
defaultBackend:
enabled: true
# Used to create an Ingress record.
hosts: []
path: /
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labels:
# traffic-type: external
# traffic-type: internal
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - artifactory.domain.example
# Additional ingress rules
additionalRules: []
networkpolicy:
# Allows all ingress and egress
- name: artifactory
podSelector:
matchLabels:
app: artifactory-ha
egress:
- {}
ingress:
- {}
# Uncomment to allow only artifactory pods to communicate with postgresql (if postgresql.enabled is true)
# - name: postgresql
# podSelector:
# matchLabels:
# app: postgresql
# ingress:
# - from:
# - podSelector:
# matchLabels:
# app: artifactory-ha
## Database configurations
## Use the wait-for-db init container. Set to false to skip
waitForDatabase: true
## Configuration values for the postgresql dependency
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
##
postgresql:
enabled: true
image:
registry: docker.bintray.io
repository: bitnami/postgresql
tag: 9.6.15-debian-9-r77
postgresqlUsername: artifactory
postgresqlPassword:
postgresqlDatabase: artifactory
postgresqlConfiguration:
listen_addresses: "'*'"
max_connections: "1500"
persistence:
enabled: true
size: 50Gi
service:
port: 5432
resources: {}
# requests:
# memory: "512Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "500m"
## If NOT using the PostgreSQL in this chart (postgresql.enabled=false),
## you MUST specify custom database details here or Artifactory will NOT start
database:
type:
host:
port:
## If you set the url, leave host and port empty
url:
## If you would like this chart to create the secret containing the db
## password, use these values
user:
password:
## If you have existing Kubernetes secrets containing db credentials, use
## these values
secrets: {}
# user:
# name: "rds-artifactory"
# key: "db-user"
# password:
# name: "rds-artifactory"
# key: "db-password"
# url:
# name: "rds-artifactory"
# key: "db-url"
logger:
image:
repository: 'busybox'
tag: '1.30'
# Artifactory
artifactory:
name: artifactory-ha
image:
repository: "docker.bintray.io/jfrog/artifactory-pro"
# Note that by default we use appVersion to get image tag
# version:
pullPolicy: IfNotPresent
# Delete the db.properties file in ARTIFACTORY_HOME/etc/db.properties
deleteDBPropertiesOnStartup: true
# Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup
copyOnEveryStartup:
# # absolute path
# - source: /artifactory_extra_conf/binarystore.xml
# # relative to ARTIFACTORY_HOME/
# target: etc/
# # absolute path
# - source: /artifactory_extra_conf/artifactory.lic
# # relative to ARTIFACTORY_HOME/
# target: etc/
# Sidecar containers for tailing Artifactory logs
loggers: []
# - request.log
# - event.log
# - binarystore.log
# - request_trace.log
# - access.log
# - artifactory.log
# - build_info_migration.log
# Sidecar containers for tailing Tomcat (catalina) logs
catalinaLoggers: []
# - catalina.log
# - host-manager.log
# - localhost.log
# - manager.log
## Add custom init containers execution before predefined init containers
customInitContainersBegin: |
# - name: "custom-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# command:
# - 'sh'
# - '-c'
# - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup'
# volumeMounts:
# - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
# name: volume
## Add custom init containers
## Add custom init containers execution after predefined init containers
customInitContainers: |
# - name: "custom-setup"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# command:
# - 'sh'
# - '-c'
# - 'touch {{ .Values.artifactory.persistence.mountPath }}/example-custom-setup'
# volumeMounts:
# - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
# name: volume
## Add custom sidecar containers
# - The provided example uses a custom volume (customVolumes)
# - The provided example shows running container as root (id 0)
customSidecarContainers: |
# - name: "sidecar-list-etc"
# image: "{{ .Values.initContainerImage }}"
# imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
# securityContext:
# runAsUser: 0
# fsGroup: 0
# command:
# - 'sh'
# - '-c'
# - 'sh /scripts/script.sh'
# volumeMounts:
# - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
# name: volume
# - mountPath: "/scripts/script.sh"
# name: custom-script
# subPath: script.sh
# resources:
# requests:
# memory: "32Mi"
# cpu: "50m"
# limits:
# memory: "128Mi"
# cpu: "100m"
## Add custom volumes
customVolumes: |
# - name: custom-script
# configMap:
# name: custom-script
## Add custom volumesMounts
customVolumeMounts: |
# - name: custom-script
# mountPath: "/scripts/script.sh"
# subPath: script.sh
## Artifactory requires a unique master key
## You can generate one with the command:
## 'openssl rand -hex 32'
## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}'
## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName
## IMPORTANT: You should NOT use the example masterKey for a production deployment!
masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# masterKeySecretName:
accessAdmin:
ip: "127.0.0.1"
password:
secret:
dataKey:
## Artifactory license.
license:
## licenseKey is the license key in plain text. Use either this or the license.secret setting
licenseKey:
## If artifactory.license.secret is passed, it will be mounted as
## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time.
secret:
## The dataKey should be the name of the secret data key created.
dataKey:
## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter
configMapName:
## List of secrets for Artifactory user plugins.
## One Secret per plugin's files.
userPluginSecrets:
# - archive-old-artifacts
# - build-cleanup
# - webhook
# - '{{ template "my-chart.fullname" . }}'
## Extra pre-start command to install JDBC driver for MySql/MariaDb/Oracle
# preStartCommand: "wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar"
## Extra post-start command to run extra commands after container starts
# postStartCommand:
## Extra environment variables that can be used to tune Artifactory to your needs.
## Uncomment and set value as needed
extraEnvironmentVariables:
# - name: SERVER_XML_ARTIFACTORY_PORT
# value: "8081"
# - name: SERVER_XML_ARTIFACTORY_MAX_THREADS
# value: "200"
# - name: SERVER_XML_ACCESS_MAX_THREADS
# value: "50"
# - name: SERVER_XML_ARTIFACTORY_EXTRA_CONFIG
# value: ""
# - name: SERVER_XML_ACCESS_EXTRA_CONFIG
# value: ""
# - name: SERVER_XML_EXTRA_CONNECTOR
# value: ""
# - name: DB_POOL_MAX_ACTIVE
# value: "100"
# - name: DB_POOL_MAX_IDLE
# value: "10"
membershipPort: 10017
externalPort: 8081
internalPort: 8081
internalPortReplicator: 6061
externalPortReplicator: 6061
uid: 1030
terminationGracePeriodSeconds: 30
## The following settings are to configure the frequency of the liveness and readiness probes
livenessProbe:
enabled: true
path: '/artifactory/webapp/#/login'
initialDelaySeconds: 180
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
readinessProbe:
enabled: true
path: '/artifactory/webapp/#/login'
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
persistence:
enabled: true
local: false
redundancy: 3
mountPath: "/var/opt/jfrog/artifactory"
accessMode: ReadWriteOnce
size: 200Gi
## Use a custom Secret to be mounted as your binarystore.xml
## NOTE: This will ignore all settings below that make up binarystore.xml
customBinarystoreXmlSecret:
maxCacheSize: 50000000000
cacheProviderDir: cache
eventual:
numberOfThreads: 10
## artifactory data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config
## Supported types are:
## file-system (default)
## nfs
## google-storage
## aws-s3
## azure-blob
type: file-system
## Use binarystoreXml to provide a custom binarystore.xml
## This can be a template or hardcoded.
binarystoreXml: |
{{- if eq .Values.artifactory.persistence.type "file-system" }}
<!-- File system replication -->
{{- if .Values.artifactory.persistence.fileSystem.existingSharedClaim.enabled }}
<!-- File Storage - Dynamic for Artifactory files, pre-created for DATA and BACKUP -->
<config version="4">
<chain>
<provider id="cache-fs" type="cache-fs"> <!-- This is a cached filestore -->
<provider id="sharding" type="sharding"> <!-- This is a sharding provider -->
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}}
<sub-provider id="shard{{ $sharedClaimNumber }}" type="state-aware"/>
{{- end }}
</provider>
</provider>
</chain>
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
</provider>
// Specify the read and write strategy and redundancy for the sharding binary provider
<provider id="sharding" type="sharding">
<readBehavior>roundRobin</readBehavior>
<writeBehavior>percentageFreeSpace</writeBehavior>
<redundancy>2</redundancy>
</provider>
{{- range $sharedClaimNumber, $e := until (.Values.artifactory.persistence.fileSystem.existingSharedClaim.numberOfExistingClaims|int) -}}
//For each sub-provider (mount), specify the filestore location
<provider id="shard{{ $sharedClaimNumber }}" type="state-aware">
<fileStoreDir>filestore{{ $sharedClaimNumber }}</fileStoreDir>
</provider>
{{- end }}
</config>
{{- else }}
<config version="2">
<chain>
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<lenientLimit>2</lenientLimit>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="state-aware" type="state-aware"/>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</provider>
</chain>
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
</provider>
<!-- Shards add local file-system provider configuration -->
<provider id="state-aware" type="state-aware">
<fileStoreDir>shard-fs-1</fileStoreDir>
<zone>local</zone>
</provider>
<!-- Shards dynamic remote provider configuration -->
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<serviceId>tester-remote1</serviceId>
<timeout>10000</timeout>
<zone>remote</zone>
<property name="header.remote.block" value="true"/>
</provider>
</config>
{{- end }}
{{- end }}
{{- if eq .Values.artifactory.persistence.type "google-storage" }}
<!-- Google storage -->
<config version="2">
<chain>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<minSpareUploaderExecutor>2</minSpareUploaderExecutor>
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry" type="retry">
<provider id="google-storage" type="google-storage"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
<property name="zones" value="local,remote"/>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="file-system" type="file-system">
<fileStoreDir>{{ .Values.artifactory.persistence.mountPath }}/data/filestore</fileStoreDir>
<tempDir>/tmp</tempDir>
</provider>
<provider id="google-storage" type="google-storage">
<providerId>google-cloud-storage</providerId>
<endpoint>{{ .Values.artifactory.persistence.googleStorage.endpoint }}</endpoint>
<httpsOnly>{{ .Values.artifactory.persistence.googleStorage.httpsOnly }}</httpsOnly>
<bucketName>{{ .Values.artifactory.persistence.googleStorage.bucketName }}</bucketName>
<identity>{{ .Values.artifactory.persistence.googleStorage.identity }}</identity>
<credential>{{ .Values.artifactory.persistence.googleStorage.credential }}</credential>
<path>{{ .Values.artifactory.persistence.googleStorage.path }}</path>
<bucketExists>{{ .Values.artifactory.persistence.googleStorage.bucketExists }}</bucketExists>
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "aws-s3" }}
<!-- AWS S3 -->
<config version="2">
<chain> <!--template="cluster-s3"-->
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry-s3" type="retry">
<provider id="s3" type="s3"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
</provider>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="remote" type="remote">
<checkPeriod>30</checkPeriod>
<timeout>10000</timeout>
<zone>remote</zone>
</provider>
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
<property name="zones" value="local,remote"/>
</provider>
<provider id="s3" type="s3">
<endpoint>{{ .Values.artifactory.persistence.awsS3.endpoint }}</endpoint>
{{- if .Values.artifactory.persistence.awsS3.roleName }}
<roleName>{{ .Values.artifactory.persistence.awsS3.roleName }}</roleName>
<refreshCredentials>true</refreshCredentials>
{{- else }}
<refreshCredentials>{{ .Values.artifactory.persistence.awsS3.refreshCredentials }}</refreshCredentials>
{{- end }}
<s3AwsVersion>{{ .Values.artifactory.persistence.awsS3.s3AwsVersion }}</s3AwsVersion>
<testConnection>{{ .Values.artifactory.persistence.awsS3.testConnection }}</testConnection>
<httpsOnly>true</httpsOnly>
<region>{{ .Values.artifactory.persistence.awsS3.region }}</region>
<bucketName>{{ .Values.artifactory.persistence.awsS3.bucketName }}</bucketName>
{{- if .Values.artifactory.persistence.awsS3.identity }}
<identity>{{ .Values.artifactory.persistence.awsS3.identity }}</identity>
{{- end }}
{{- if .Values.artifactory.persistence.awsS3.credential }}
<credential>{{ .Values.artifactory.persistence.awsS3.credential }}</credential>
{{- end }}
<path>{{ .Values.artifactory.persistence.awsS3.path }}</path>
{{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }}
<property name="{{ $key }}" value="{{ $value }}"/>
{{- end }}
</provider>
</config>
{{- end }}
{{- if eq .Values.artifactory.persistence.type "azure-blob" }}
<!-- Azure Blob Storage -->
<config version="2">
<chain> <!--template="cluster-azure-blob-storage"-->
<provider id="cache-fs" type="cache-fs">
<provider id="sharding-cluster" type="sharding-cluster">
<sub-provider id="eventual-cluster" type="eventual-cluster">
<provider id="retry-azure-blob-storage" type="retry">
<provider id="azure-blob-storage" type="azure-blob-storage"/>
</provider>
</sub-provider>
<dynamic-provider id="remote" type="remote"/>
</provider>
</provider>
</chain>
<!-- Set max cache-fs size -->
<provider id="cache-fs" type="cache-fs">
<maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
<cacheProviderDir>{{ .Values.artifactory.persistence.cacheProviderDir }}</cacheProviderDir>
</provider>
<!-- cluster eventual Azure Blob Storage Service default chain -->
<provider id="sharding-cluster" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>2</redundancy>
<lenientLimit>1</lenientLimit>
<property name="zones" value="local,remote"/>
</provider>
<provider id="remote" type="remote">
<zone>remote</zone>
</provider>
<provider id="eventual-cluster" type="eventual-cluster">
<zone>local</zone>
</provider>
<!--cluster eventual template-->
<provider id="azure-blob-storage" type="azure-blob-storage">
<accountName>{{ .Values.artifactory.persistence.azureBlob.accountName }}</accountName>
<accountKey>{{ .Values.artifactory.persistence.azureBlob.accountKey }}</accountKey>
<endpoint>{{ .Values.artifactory.persistence.azureBlob.endpoint }}</endpoint>
<containerName>{{ .Values.artifactory.persistence.azureBlob.containerName }}</containerName>
<testConnection>{{ .Values.artifactory.persistence.azureBlob.testConnection }}</testConnection>
</provider>
</config>
{{- end }}
## For artifactory.persistence.type file-system
fileSystem:
## You may also use existing shared claims for the data and backup storage. This allows storage (NAS for example) to be used for Data and Backup dirs which are safe to share across multiple artifactory nodes.
## You may specify numberOfExistingClaims to indicate how many of these existing shared claims to mount. (Default = 1)
## Create PVCs with ReadWriteMany that match the naming convetions:
## {{ template "artifactory-ha.fullname" . }}-data-pvc-<claim-ordinal>
## {{ template "artifactory-ha.fullname" . }}-backup-pvc
## Example (using numberOfExistingClaims: 2)
## myexample-data-pvc-0
## myexample-data-pvc-1
## myexample-backup-pvc
## Note: While you need two PVC fronting two PVs, multiple PVs can be attached to the same storage in many cases allowing you to share an underlying drive.
## Need to have the following set
existingSharedClaim:
enabled: false
numberOfExistingClaims: 1
## Should be a child directory of {{ .Values.artifactory.persistence.mountPath }}
dataDir: "{{ .Values.artifactory.persistence.mountPath }}/artifactory-data"
backupDir: "/var/opt/jfrog/artifactory-backup"
## For artifactory.persistence.type nfs
## If using NFS as the shared storage, you must have a running NFS server that is accessible by your Kubernetes
## cluster nodes.
## Need to have the following set
nfs:
# Must pass actual IP of NFS server with '--set For artifactory.persistence.nfs.ip=${NFS_IP}'
ip:
haDataMount: "/data"
haBackupMount: "/backup"
dataDir: "/var/opt/jfrog/artifactory-ha"
backupDir: "/var/opt/jfrog/artifactory-backup"
capacity: 200Gi
## For artifactory.persistence.type google-storage
googleStorage:
endpoint: storage.googleapis.com
httpsOnly: false
# Set a unique bucket name
bucketName: "artifactory-ha-gcp"
identity:
credential:
path: "artifactory-ha/filestore"
bucketExists: false
## For artifactory.persistence.type aws-s3
## IMPORTANT: Make sure S3 `endpoint` and `region` match! See https://docs.aws.amazon.com/general/latest/gr/rande.html
awsS3:
# Set a unique bucket name
bucketName: "artifactory-ha-aws"
endpoint:
region:
roleName:
identity:
credential:
path: "artifactory-ha/filestore"
refreshCredentials: true
testConnection: false
s3AwsVersion: "AWS4-HMAC-SHA256"
## Additional properties to set on the s3 provider
properties: {}
# httpclient.max-connections: 100
## For artifactory.persistence.type azure-blob
azureBlob:
accountName:
accountKey:
endpoint:
containerName:
testConnection: false
service:
name: artifactory
type: ClusterIP
## Which nodes in the cluster should be in the external load balancer pool (have external traffic routed to them)
## Supported pool values
## members
## all
pool: members
## The following Java options are passed to the java process running Artifactory.
## This will be passed to all cluster members. Primary and member nodes.
javaOpts: {}
# other: ""
## Artifactory Replicator is available only for Enterprise Plus
replicator:
enabled: false
publicUrl:
annotations: {}
## Type specific configurations.
## There is a difference between the primary and the member nodes.
## Customising their resources and java parameters is done here.
primary:
name: artifactory-ha-primary
labels: {}
persistence:
## Set existingClaim to true or false
## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-primary-0`
existingClaim: false
## Resources for the primary node
resources: {}
# requests:
# memory: "1Gi"
# cpu: "500m"
# limits:
# memory: "2Gi"
# cpu: "1"
## The following Java options are passed to the java process running Artifactory primary node.
## You should set them according to the resources set above
javaOpts:
# xms: "1g"
# xmx: "2g"
corePoolSize: 16
jmx:
enabled: false
port: 9010
host:
ssl: false
# other: ""
nodeSelector: {}
tolerations: []
affinity: {}
## Only used if "affinity" is empty
podAntiAffinity:
## Valid values are "soft" or "hard"; any other value indicates no anti-affinity
type: ""
topologyKey: "kubernetes.io/hostname"
node:
name: artifactory-ha-member
labels: {}
persistence:
## Set existingClaim to true or false
## If true, you must prepare a PVC with the name e.g `volume-myrelease-artifactory-ha-member-0`
existingClaim: false
replicaCount: 2
minAvailable: 1
## Resources for the member nodes
resources: {}
# requests:
# memory: "1Gi"
# cpu: "500m"
# limits:
# memory: "2Gi"
# cpu: "1"
## The following Java options are passed to the java process running Artifactory member nodes.
## You should set them according to the resources set above
javaOpts:
# xms: "1g"
# xmx: "2g"
corePoolSize: 16
jmx:
enabled: false
port: 9010
host:
ssl: false
# other: ""
# xms: "1g"
# xmx: "2g"
# other: ""
nodeSelector: {}
tolerations: []
## Complete specification of the "affinity" of the member nodes; if this is non-empty,
## "podAntiAffinity" values are not used.
affinity: {}
## Only used if "affinity" is empty
podAntiAffinity:
## Valid values are "soft" or "hard"; any other value indicates no anti-affinity
type: ""
topologyKey: "kubernetes.io/hostname"
# Init containers
initContainers:
resources: {}
# requests:
# memory: "64Mi"
# cpu: "10m"
# limits:
# memory: "128Mi"
# cpu: "250m"
# Nginx
nginx:
enabled: true
name: nginx
labels: {}
replicaCount: 1
uid: 104
gid: 107
image:
repository: "docker.bintray.io/jfrog/nginx-artifactory-pro"
# Note that by default we use appVersion to get image tag
# version:
pullPolicy: IfNotPresent
# Sidecar containers for tailing Nginx logs
loggers: []
# - access.log
# - error.log
mainConf: |
# Main Nginx configuration file
worker_processes 4;
error_log {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format timing 'ip = $remote_addr '
'user = \"$remote_user\" '
'local_time = \"$time_local\" '
'host = $host '
'request = \"$request\" '
'status = $status '
'bytes = $body_bytes_sent '
'upstream = \"$upstream_addr\" '
'upstream_time = $upstream_response_time '
'request_time = $request_time '
'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"';
access_log {{ .Values.nginx.persistence.mountPath }}/logs/access.log timing;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
{{- if .Values.artifactory.replicator.enabled }}
include /etc/nginx/conf.d/replicator/*.conf;
{{- end }}
}
artifactoryConf: |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt;
ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen {{ .Values.nginx.internalPortHttps }} ssl;
listen {{ .Values.nginx.internalPortHttp }} ;
server_name ~(?<repo>.+)\.{{ include "artifactory-ha.fullname" . }} {{ include "artifactory-ha.fullname" . }}
{{- range .Values.ingress.hosts -}}
{{- if contains "." . -}}
{{ "" | indent 0 }} ~(?<repo>.+)\.{{ . }}
{{- end -}}
{{- end -}};
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory-access.log timing;
## error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
if ( $repo != "" ) {
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break;
}
rewrite ^/(v1|v2)/([^/]+)(.*)$ /artifactory/api/docker/$2/$1/$3;
rewrite ^/(v1|v2)/ /artifactory/api/docker/$1/;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/$1;
}
proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer
## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
## or pass from helm command line
## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}'
loadBalancerSourceRanges: []
## Provide static ip address
loadBalancerIP:
## There are two available options: “Cluster” (default) and “Local”.
externalTrafficPolicy: Cluster
labels: {}
# label-key: label-value
externalPortHttp: 80
internalPortHttp: 80
externalPortHttps: 443
internalPortHttps: 443
internalPortReplicator: 6061
externalPortReplicator: 6061
## The following settings are to configure the frequency of the liveness and readiness probes
livenessProbe:
enabled: true
path: '/artifactory/webapp/#/login'
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
readinessProbe:
enabled: true
path: '/artifactory/webapp/#/login'
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
## The SSL secret that will be used by the Nginx pod
# tlsSecretName: chart-example-tls
## Custom ConfigMap for nginx.conf
customConfigMap:
## Custom ConfigMap for artifactory.conf
customArtifactoryConfigMap:
persistence:
mountPath: "/var/opt/jfrog/nginx"
enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
accessMode: ReadWriteOnce
size: 5Gi
## nginx data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
resources: {}
# requests:
# memory: "250Mi"
# cpu: "100m"
# limits:
# memory: "250Mi"
# cpu: "500m"
nodeSelector: {}
tolerations: []
affinity: {}
charts/artifactory-jcr/v0.1.0/CHANGELOG.md 0 → 100644
View file @ 6ae841fa
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
## [0.1.0] - Nov 20, 2019
* Initial release of the JFrog Container Registry helm chart
charts/artifactory-jcr/v0.1.0/Chart.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
appVersion: 6.15.0
description: JFrog Container Registry
home: https://www.jfrog.com/artifactory/
icon: file://../jfrog_med.png
keywords:
- artifactory
- jfrog
- container
- registry
- devops
- jfrog-container-registry
maintainers:
- email: amithk@jfrog.com
name: amithins
- email: daniele@jfrog.com
name: danielezer
- email: eldada@jfrog.com
name: eldada
- email: rimasm@jfrog.com
name: rimusz
- email: vinaya@jfrog.com
name: vinaya
name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
version: 0.1.0
charts/artifactory-jcr/v0.1.0/LICENSE 0 → 100644
View file @ 6ae841fa
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
charts/artifactory-jcr/v0.1.0/README.md 0 → 100644
View file @ 6ae841fa
# JFrog Container Registry Helm Chart
## Prerequisites Details
* Kubernetes 1.6+
## Chart Details
This chart will do the following:
* Deploy JFrog Container Registry
* Deploy an optional Nginx server
* Deploy an optional PostgreSQL Database
* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/)
## Installing the Chart
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
To install the chart with the release name `jfrog-container-registry`:
```bash
helm install --name jfrog-container-registry jfrog/artifactory-jcr
```
### Accessing JFrog Container Registry
**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available.
### Updating JFrog Container Registry
Once you have a new chart version, you can upgrade your deployment with
```bash
helm upgrade jfrog-container-registry jfrog/artifactory-jcr
```
### Deleting JFrog Container Registry
```bash
helm delete --purge jfrog-container-registry
```
This will delete your JFrog Container Registry deployment.<br>
**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with
```bash
kubectl delete pvc ...
kubectl delete pv ...
```
## Configuration
The following table lists the **basic** configurable parameters of the JFrog Container Registry chart and their default values.
**NOTE:** All supported parameters are documented in the main [artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory).
| Parameter | Description | Default |
|------------------------------------------------|-----------------------------------|---------------------------------------------------|
| `artifactory.artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-jcr` |
| `artifactory.artifactory.image.version` | Container tag | `.Chart.AppVersion` |
| `artifactory.nginx.enabled` | Deploy nginx server | `true` |
| `artifactory.nginx.service.type` | Nginx service type | `LoadBalancer` |
| `artifactory.nginx.tlsSecretName` | TLS secret for Nginx pod | `` |
| `artifactory.ingress.enabled` | Enable Ingress (should come with `artifactory.nginx.enabled=false`) | `false` |
| `artifactory.ingress.tls` | Ingress TLS configuration (YAML) | `[]` |
| `artifactory.postgresql.enabled` | Use the Artifactory PostgreSQL sub chart | `true` |
| `artifactory.database` | Custom database configuration (if not using bundled PostgreSQL sub-chart) | |
| `postgresql.enabled` | Enable the Artifactory PostgreSQL sub chart | `true` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Ingress and TLS
To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:
```bash
helm install --name artifactory \
--set artifactory.nginx.enabled=false \
--set artifactory.ingress.enabled=true \
--set artifactory.ingress.hosts[0]="artifactory.company.com" \
--set artifactory.artifactory.service.type=NodePort \
jfrog/artifactory-jcr
```
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```bash
kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file:
```yaml
artifactory:
artifactory:
ingress:
## If true, Artifactory Ingress will be created
##
enabled: true
## Artifactory Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- jfrog-container-registry.domain.com
annotations:
kubernetes.io/tls-acme: "true"
## Artifactory Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: artifactory-tls
hosts:
- jfrog-container-registry.domain.com
```
## Useful links
https://www.jfrog.com
https://www.jfrog.com/confluence/
charts/artifactory-jcr/v0.1.0/app-readme.md 0 → 100644
View file @ 6ae841fa
# JFrog Container Registry Helm Chart
Universal Repository Manager supporting all major packaging formats, build tools and CI servers.
## Chart Details
This chart will do the following:
* Deploy JFrog Container Registry
* Deploy an optional Nginx server
* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/)
## Useful links
Blog: [Herd Trust Into Your Rancher Labs Multi-Cloud Strategy with Artifactory](https://jfrog.com/blog/herd-trust-into-your-rancher-labs-multi-cloud-strategy-with-artifactory/)
## Activate Your Artifactory Instance
Don't have a license? Please send an email to [rancher-jfrog-licenses@jfrog.com](mailto:rancher-jfrog-licenses@jfrog.com) to get it.
\ No newline at end of file
charts/artifactory-jcr/v0.1.0/charts/artifactory/.helmignore 0 → 100644
View file @ 6ae841fa
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
OWNERS
\ No newline at end of file
charts/artifactory-jcr/v0.1.0/charts/artifactory/CHANGELOG.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
## [8.2.1] - Nov 18, 2019
* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html)
## [8.2.0] - Nov 18, 2019
* Updated Artifactory version to 6.15.0
## [8.1.11] - Nov 17, 2019
* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup
## [8.1.10] - Nov 17, 2019
* Fix creation of double slash in nginx artifactory configuration
## [8.1.9] - Nov 14, 2019
* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error
## [8.1.8] - Nov 12, 2019
* Updated Artifactory version to 6.14.1
## [8.1.7] - Nov 9, 2019
* Additional documentation for masterKey
## [8.1.6] - Nov 10, 2019
* Update PostgreSQL chart version to 7.0.1
* Use formal PostgreSQL configuration format
## [8.1.5] - Nov 8, 2019
* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer`
## [8.1.4] - Nov 6, 2019
* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is
## [8.1.3] - Nov 6, 2019
* Add nodeselector support for Postgresql
## [8.1.2] - Nov 5, 2019
* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles
## [8.1.1] - Nov 4, 2019
* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files
## [8.1.0] - Nov 3, 2019
* Updated Artifactory version to 6.14.0
## [8.0.1] - Nov 3, 2019
* Make sure the artifactory pod exits when one of the pre-start stages fail
## [8.0.0] - Oct 27, 2019
**IMPORTANT - BREAKING CHANGES!**<br>
**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!**
* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**!
* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)!
* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)!
* Note the following **PostgreSQL** Helm chart changes
* The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used
* **PostgreSQL** is deployed as a StatefulSet
* See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations
## [7.18.3] - Oct 24, 2019
* Change the preStartCommand to support templating
## [7.18.2] - Oct 21, 2019
* Add support for setting `artifactory.labels`
* Add support for setting `nginx.labels`
## [7.18.1] - Oct 10, 2019
* Updated Artifactory version to 6.13.1
## [7.18.0] - Oct 7, 2019
* Updated Artifactory version to 6.13.0
## [7.17.5] - Sep 24, 2019
* Option to skip wait-for-db init container with '--set waitForDatabase=false'
## [7.17.4] - Sep 11, 2019
* Updated Artifactory version to 6.12.2
## [7.17.3] - Sep 9, 2019
* Updated Artifactory version to 6.12.1
## [7.17.2] - Aug 22, 2019
* Fix the nginx server_name directive used with ingress.hosts
## [7.17.1] - Aug 21, 2019
* Enable the Artifactory container's liveness and readiness probes
## [7.17.0] - Aug 21, 2019
* Updated Artifactory version to 6.12.0
## [7.16.11] - Aug 14, 2019
* Updated Artifactory version to 6.11.6
## [7.16.10] - Aug 11, 2019
* Fix Ingress routing and add an example
## [7.16.9] - Aug 5, 2019
* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one)
* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist
## [7.16.8] - Aug 4, 2019
* Improve binarystore config
1. Convert to a secret
2. Move config to values.yaml
3. Support an external secret
## [7.16.7] - Jul 29, 2019
* Don't create the nginx configmaps when nginx.enabled is false
## [7.16.6] - Jul 24, 2019
* Simplify nginx setup and shorten initial wait for probes
## [7.16.5] - Jul 22, 2019
* Change Ingress API to be compatible with recent kubernetes versions
## [7.16.4] - Jul 22, 2019
* Updated Artifactory version to 6.11.3
## [7.16.3] - Jul 11, 2019
* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration
## [7.16.2] - Jul 3, 2019
* Fix values key in reverse proxy example
## [7.16.1] - Jul 1, 2019
* Updated Artifactory version to 6.11.1
## [7.16.0] - Jun 27, 2019
* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified
## [7.15.8] - Jun 27, 2019
* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation
## [7.15.6] - Jun 24, 2019
* Update chart maintainers
## [7.15.5] - Jun 24, 2019
* Change Nginx to point to the artifactory externalPort
## [7.15.4] - Jun 23, 2019
* Add the option to provide an IP for the access-admin endpoints
## [7.15.3] - Jun 23, 2019
* Add values files for small, medium and large installations
## [7.15.2] - Jun 20, 2019
* Add missing terminationGracePeriodSeconds to values.yaml
## [7.15.1] - Jun 19, 2019
* Updated Artifactory version to 6.10.4
## [7.15.0] - Jun 17, 2019
* Use configmaps for nginx configuration and remove nginx postStart command
## [7.14.8] - Jun 18, 2019
* Add the option to provide additional ingress rules
## [7.14.7] - Jun 14, 2019
* Updated readme with improved external database setup example
## [7.14.6] - Jun 11, 2019
* Updated Artifactory version to 6.10.3
* Updated installer-info template
## [7.14.5] - Jun 6, 2019
* Updated Google Cloud Storage API URL and https settings
## [7.14.4] - Jun 5, 2019
* Delete the db.properties file on Artifactory startup
## [7.14.3] - Jun 3, 2019
* Updated Artifactory version to 6.10.2
## [7.14.2] - May 21, 2019
* Updated Artifactory version to 6.10.1
## [7.14.1] - May 19, 2019
* Fix missing logger image tag
## [7.14.0] - May 7, 2019
* Updated Artifactory version to 6.10.0
## [7.13.21] - May 5, 2019
* Add support for setting `artifactory.async.corePoolSize`
## [7.13.20] - May 2, 2019
* Remove unused property `artifactory.releasebundle.feature.enabled`
## [7.13.19] - May 1, 2019
* Fix indentation issue with the replicator system property
## [7.13.18] - Apr 30, 2019
* Add support for JMX monitoring
## [7.13.17] - Apr 25, 2019
* Added support for `cacheProviderDir`
## [7.13.16] - Apr 18, 2019
* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx
## [7.13.15] - Apr 16, 2019
* Updated documentation for Reverse Proxy Configuration
## [7.13.14] - Apr 15, 2019
* Added support for `customVolumeMounts`
## [7.13.13] - Aprl 12, 2019
* Added support for `bucketExists` flag for googleStorage
## [7.13.12] - Apr 11, 2019
* Replace `curl` examples with `wget` due to the new base image
## [7.13.11] - Aprl 07, 2019
* Add support for providing the Artifactory license as a parameter
## [7.13.10] - Apr 10, 2019
* Updated Artifactory version to 6.9.1
## [7.13.9] - Aprl 04, 2019
* Add support for templated extraEnvironmentVariables
## [7.13.8] - Aprl 07, 2019
* Change network policy API group
## [7.13.7] - Aprl 04, 2019
* Bugfix for userPluginSecrets
## [7.13.6] - Apr 4, 2019
* Add information about upgrading Artifactory with auto-generated postgres password
## [7.13.5] - Aprl 03, 2019
* Added installer info
## [7.13.4] - Aprl 03, 2019
* Allow secret names for user plugins to contain template language
## [7.13.3] - Apr 02, 2019
* Allow NetworkPolicy configurations (defaults to allow all)
## [7.13.2] - Aprl 01, 2019
* Add support for user plugin secret
## [7.13.1] - Mar 27, 2019
* Add the option to copy a list of files to ARTIFACTORY_HOME on startup
## [7.13.0] - Mar 26, 2019
* Updated Artifactory version to 6.9.0
## [7.12.18] - Mar 25, 2019
* Add CI tests for persistence, ingress support and nginx
## [7.12.17] - Mar 22, 2019
* Add the option to change the default access-admin password
## [7.12.16] - Mar 22, 2019
* Added support for `<artifactory|nginx>.<readiness|liveness>Probe.path` to customise the paths used for health probes
## [7.12.15] - Mar 21, 2019
* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers
* Added support for `artifactory.customVolumes` to create custom volumes
## [7.12.14] - Mar 21, 2019
* Make ingress path configurable
## [7.12.13] - Mar 19, 2019
* Move the copy of bootstrap config from postStart to preStart
## [7.12.12] - Mar 19, 2019
* Fix existingClaim example
## [7.12.11] - Mar 18, 2019
* Add information about nginx persistence
## [7.12.10] - Mar 15, 2019
* Wait for nginx configuration file before using it
## [7.12.9] - Mar 15, 2019
* Revert securityContext changes since they were causing issues
## [7.12.8] - Mar 15, 2019
* Fix issue #247 (init container failing to run)
## [7.12.7] - Mar 14, 2019
* Updated Artifactory version to 6.8.7
* Add support for Artifactory-CE for C++
## [7.12.6] - Mar 13, 2019
* Move securityContext to container level
## [7.12.5] - Mar 11, 2019
* Updated Artifactory version to 6.8.6
## [7.12.4] - Mar 8, 2019
* Fix existingClaim option
## [7.12.3] - Mar 5, 2019
* Updated Artifactory version to 6.8.4
## [7.12.2] - Mar 4, 2019
* Add support for catalina logs sidecars
## [7.12.1] - Feb 27, 2019
* Updated Artifactory version to 6.8.3
## [7.12.0] - Feb 25, 2019
* Add nginx support for tail sidecars
## [7.11.1] - Feb 20, 2019
* Added support for enterprise storage
## [7.10.2] - Feb 19, 2019
* Updated Artifactory version to 6.8.2
## [7.10.1] - Feb 17, 2019
* Updated Artifactory version to 6.8.1
* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage
## [7.10.0] - Feb 15, 2019
* Updated Artifactory version to 6.8.0
## [7.9.6] - Feb 13, 2019
* Updated Artifactory version to 6.7.3
## [7.9.5] - Feb 12, 2019
* Add support for tail sidecars to view logs from k8s api
## [7.9.4] - Feb 6, 2019
* Fix support for customizing statefulset `terminationGracePeriodSeconds`
## [7.9.3] - Feb 5, 2019
* Add instructions on how to deploy Artifactory with embedded Derby database
## [7.9.2] - Feb 5, 2019
* Add support for customizing statefulset `terminationGracePeriodSeconds`
## [7.9.1] - Feb 3, 2019
* Updated Artifactory version to 6.7.2
## [7.9.0] - Jan 23, 2019
* Updated Artifactory version to 6.7.0
## [7.8.9] - Jan 22, 2019
* Added support for `artifactory.customInitContainers` to create custom init containers
## [7.8.8] - Jan 17, 2019
* Added support of values ingress.labels
## [7.8.7] - Jan 16, 2019
* Mount replicator.yaml (config) directly to /replicator_extra_conf
## [7.8.6] - Jan 13, 2019
* Fix documentation about nginx group id
## [7.8.5] - Jan 13, 2019
* Updated Artifactory version to 6.6.5
## [7.8.4] - Jan 8, 2019
* Make artifactory.replicator.publicUrl required when the replicator is enabled
## [7.8.3] - Jan 1, 2019
* Updated Artifactory version to 6.6.3
* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory
## [7.8.2] - Dec 28, 2018
* Fix location `replicator.yaml` is copied to
## [7.8.1] - Dec 27, 2018
* Updated Artifactory version to 6.6.1
## [7.8.0] - Dec 20, 2018
* Updated Artifactory version to 6.6.0
## [7.7.13] - Dec 17, 2018
* Updated Artifactory version to 6.5.13
## [7.7.12] - Dec 12, 2018
* Fix documentation about Artifactory license setup using secret
## [7.7.11] - Dec 10, 2018
* Fix issue when using existing claim
## [7.7.10] - Dec 5, 2018
* Remove Distribution certificates creation.
## [7.7.9] - Nov 30, 2018
* Updated Artifactory version to 6.5.9
## [7.7.8] - Nov 29, 2018
* Updated postgresql version to 9.6.11
## [7.7.7] - Nov 27, 2018
* Updated Artifactory version to 6.5.8
## [7.7.6] - Nov 19, 2018
* Added support for configMap to use custom Reverse Proxy Configuration with Nginx
## [7.7.5] - Nov 14, 2018
* Fix location of `nodeSelector`, `affinity` and `tolerations`
## [7.7.4] - Nov 14, 2018
* Updated Artifactory version to 6.5.3
## [7.7.3] - Nov 12, 2018
* Support artifactory.preStartCommand for running command before entrypoint starts
## [7.7.2] - Nov 7, 2018
* Support database.url parameter (DB_URL)
## [7.7.1] - Oct 29, 2018
* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted)
## [7.7.0] - Oct 28, 2018
* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options
## [7.6.8] - Oct 23, 2018
* Fix providing external secret for database credentials
## [7.6.7] - Oct 23, 2018
* Allow user to configure externalTrafficPolicy for Loadbalancer
## [7.6.6] - Oct 22, 2018
* Updated ingress annotation support (with examples) to support docker registry v2
## [7.6.5] - Oct 21, 2018
* Updated Artifactory version to 6.5.2
## [7.6.4] - Oct 19, 2018
* Allow providing pre-existing secret containing master key
* Allow arbitrary annotations on primary and member node pods
* Enforce size limits when using local storage with `emptyDir`
* Allow providing pre-existing secrets containing external database credentials
## [7.6.3] - Oct 18, 2018
* Updated Artifactory version to 6.5.1
## [7.6.2] - Oct 17, 2018
* Add Apache 2.0 license
## [7.6.1] - Oct 11, 2018
* Supports master-key in the secrets and stateful-set
* Allows ingress default `backend` to be enabled or disabled (defaults to enabled)
## [7.6.0] - Oct 11, 2018
* Updated Artifactory version to 6.5.0
## [7.5.4] - Oct 9, 2018
* Quote ingress hosts to support wildcard names
## [7.5.3] - Oct 4, 2018
* Add PostgreSQL resources template
## [7.5.2] - Oct 2, 2018
* Add `helm repo add jfrog https://charts.jfrog.io` to README
## [7.5.1] - Oct 2, 2018
* Set Artifactory to 6.4.1
## [7.5.0] - Sep 27, 2018
* Set Artifactory to 6.4.0
## [7.4.3] - Sep 26, 2018
* Add ci/test-values.yaml
## [7.4.2] - Sep 2, 2018
* Updated Artifactory version to 6.3.2
* Removed unused PVC
## [7.4.0] - Aug 22, 2018
* Added support to run as non root
* Updated Artifactory version to 6.2.0
## [7.3.0] - Aug 22, 2018
* Enabled RBAC Support
* Added support for PostStartCommand (To download Database JDBC connector)
* Increased postgresql max_connections
* Added support for `nginx.conf` ConfigMap
* Updated Artifactory version to 6.1.0
charts/artifactory-jcr/v0.1.0/charts/artifactory/Chart.yaml 0 → 100644
View file @ 6ae841fa
apiVersion: v1
appVersion: 6.15.0
description: Universal Repository Manager supporting all major packaging formats,
build tools and CI servers.
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/artifactory-dcos/master/images/jfrog_med.png
keywords:
- artifactory
- jfrog
- devops
maintainers:
- email: amithk@jfrog.com
name: amithins
- email: daniele@jfrog.com
name: danielezer
- email: eldada@jfrog.com
name: eldada
- email: rimasm@jfrog.com
name: rimusz
name: artifactory
sources:
- https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
- https://github.com/jfrog/charts
version: 8.2.1
charts/artifactory-jcr/v0.1.0/charts/artifactory/LICENSE 0 → 100644
View file @ 6ae841fa
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
charts/artifactory-jcr/v0.1.0/charts/artifactory/README.md 0 → 100644
View file @ 6ae841fa
# JFrog Artifactory Helm Chart
## Prerequisites Details
* Kubernetes 1.6+
* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/)
## Chart Details
This chart will do the following:
* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set)
* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed)
* Deploy an optional Nginx server
* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/)
## Installing the Chart
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart
To install the chart with the release name `artifactory`:
```bash
helm install --name artifactory jfrog/artifactory
```
### Deploying Artifactory OSS
By default it will run Artifactory-Pro to run Artifactory-OSS use following command:
```bash
helm install --name artifactory --set artifactory.image.repository=docker.bintray.io/jfrog/artifactory-oss jfrog/artifactory
```
### Deploying Artifactory CE for C++
By default it will run Artifactory-Pro to run Artifactory-CE for C++ use following command:
```bash
helm install --name artifactory --set artifactory.image.repository=docker.bintray.io/jfrog/artifactory-cpp-ce jfrog/artifactory
```
### Deploying Artifactory with embedded Derby database
By default, this chart deploys Artifactory with PostgreSQL (running in a separate pod).
It's possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded [Derby database](https://db.apache.org/derby/).
```bash
# Disable the default postgresql
helm install --name artifactory --set postgresql.enabled=false jfrog/artifactory
```
Artifactory will start with it's embedded Derby database.
### Deploying Artifactory with replicator
The [Artifactory replicator](https://www.jfrog.com/confluence/display/RTF/Replicator) is used with an [Enterprise Plus](https://www.jfrog.com/confluence/display/EP/Welcome+to+JFrog+Enterprise+Plus) license.
```bash
## Artifactory replicator is disabled by default. When the replicator is enabled, the replicator.publicUrl parameter is required. To enable it use the following:
helm install --name artifactory --set artifactory.replicator.enabled=true --set artifactory.replicator.publicUrl=<artifactory_url>:<replicator_port> jfrog/artifactory
```
### Deploying Artifactory for small/medium/large instllations
In the chart directory, we have added three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. The values are derived from the following [documentation](https://www.jfrog.com/confluence/display/EP/Installing+on+Kubernetes#InstallingonKubernetes-Systemrequirements). You can find them in the corresponding chart directory - values-small.yaml, values-medium.yaml and values-large.yaml
### Accessing Artifactory
**NOTE:** It might take a few minutes for Artifactory's public IP to become available.
Follow the instructions outputted by the install command to get the Artifactory IP to access it.
### Updating Artifactory
Once you have a new chart version, you can update your deployment with
```bash
helm upgrade artifactory --namespace artifactory jfrog/artifactory
```
If artifactory was installed without providing a value to postgresql.postgresqlPassword (a password was autogenerated), follow these instructions:
1. Get the current password by running:
```bash
POSTGRES_PASSWORD=$(kubectl get secret -n <namespace> <myrelease>-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
```
2. Upgrade the release by passing the previously auto-generated secret:
```bash
helm upgrade <myrelease> jfrog/artifactory --set postgresql.postgresqlPassword=${POSTGRES_PASSWORD}
```
This will apply any configuration changes on your existing deployment.
### Artifactory memory and CPU resources
The Artifactory Helm chart comes with support for configured resource requests and limits to Artifactory, Nginx and PostgreSQL. By default, these settings are commented out.
It is **highly** recommended to set these so you have full control of the allocated resources and limits.
Artifactory java memory parameters can (and should) also be set to match the allocated resources with `artifactory.javaOpts.xms` and `artifactory.javaOpts.xmx`.
```bash
# Example of setting resource requests and limits to all pods (including passing java memory settings to Artifactory)
helm install --name artifactory \
--set artifactory.resources.requests.cpu="500m" \
--set artifactory.resources.limits.cpu="2" \
--set artifactory.resources.requests.memory="1Gi" \
--set artifactory.resources.limits.memory="4Gi" \
--set artifactory.javaOpts.xms="1g" \
--set artifactory.javaOpts.xmx="4g" \
--set nginx.resources.requests.cpu="100m" \
--set nginx.resources.limits.cpu="250m" \
--set nginx.resources.requests.memory="250Mi" \
--set nginx.resources.limits.memory="500Mi" \
jfrog/artifactory
```
Get more details on configuring Artifactory in the [official documentation](https://www.jfrog.com/confluence/).
### Artifactory storage
When using an enterprise license. Artifactory supports a wide range of storage back ends. You can see more details on [Artifactory Filestore options](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore)
In this chart, you set the type of storage you want with `artifactory.persistence.type` and pass the required configuration settings.
The default storage in this chart is the `file-system` replication, where the data is replicated to all nodes.
#### NFS
To use an NFS server as your cluster's storage, you need to
- Setup an NFS server. Get its IP as `NFS_IP`
- Create a `data` and `backup` directories on the NFS exported directory with write permissions to all
- Pass NFS parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=nfs \
--set artifactory.persistence.nfs.ip=${NFS_IP} \
...
```
#### Google Storage
To use a Google Storage bucket as the cluster's filestore. See [Google Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-GoogleStorageBinaryProvider)
- Pass Google Storage parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
...
```
#### AWS S3
**NOTE** Keep in mind that when using the `aws-s3` persistence type, you will not be able to provide an IAM on the pod level.
In order to grant permissions to Artifactory using an IAM role, you will have to attach the said IAM role to the machine(s) on which Artifactory is running.
This is due to the fact that the `aws-s3` template uses the `JetS3t` library to interact with AWS. If you want to grant an IAM role at the pod level, see the `AWS S3 Vs` section.
To use an AWS S3 bucket as the cluster's filestore. See [S3 Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3BinaryProvider)
- Pass AWS S3 parameters to `helm install` and `helm upgrade`
```bash
...
# With explicit credentials:
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.identity=${AWS_ACCESS_KEY_ID} \
--set artifactory.persistence.awsS3.credential=${AWS_SECRET_ACCESS_KEY} \
...
...
# With using existing IAM role
--set artifactory.persistence.type=aws-s3 \
--set artifactory.persistence.awsS3.endpoint=${AWS_S3_ENDPOINT} \
--set artifactory.persistence.awsS3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3.roleName=${AWS_ROLE_NAME} \
...
```
**NOTE:** Make sure S3 `endpoint` and `region` match. See [AWS documentation on endpoint](https://docs.aws.amazon.com/general/latest/gr/rande.html)
#### AWS S3 V3
To use an AWS S3 bucket as the cluster's filestore and access it with the official AWS SDK, See [S3 Official SDK Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate).
This filestore template uses the official AWS SDK, unlike th`aws-s3` implementation that uses the `JetS3t` library.
Use this template if you want to attach an IAM role to the Artifactory pod directly (as opposed to attaching it to the machine/s that Artifactory will run on).
**NOTE** This will have to be combined with a k8s mechanism for attaching IAM roles to pods, like [kube2iam](https://github.com/helm/charts/tree/master/stable/kube2iam) or anything similar.
- Pass AWS S3 V3 parameters and the annotation pointing to the IAM role (when using an IAM role. this is kube2iam specific and may vary depending on the implementation) to `helm install` and `helm upgrade`
```bash
# With explicit credentials:
--set artifactory.persistence.type=aws-s3-v3 \
--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \
--set artifactory.persistence.awsS3V3.identity=${AWS_ACCESS_KEY_ID} \
--set artifactory.persistence.awsS3V3.credential=${AWS_SECRET_ACCESS_KEY} \
...
```
```bash
# With using existing IAM role
--set artifactory.persistence.type=aws-s3-v3 \
--set artifactory.persistence.awsS3V3.region=${AWS_REGION} \
--set artifactory.persistence.awsS3V3.bucketName=${AWS_S3_BUCKET_NAME} \
--set artifactory.annotations.'iam\.amazonaws\.com/role'=${AWS_IAM_ROLE_ARN}
...
```
#### Microsoft Azure Blob Storage
To use Azure Blob Storage as the cluster's filestore. See [Azure Blob Storage Binary Provider](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider)
- Pass Azure Blob Storage parameters to `helm install` and `helm upgrade`
```bash
...
--set artifactory.persistence.type=azure-blob \
--set artifactory.persistence.azureBlob.accountName=${AZURE_ACCOUNT_NAME} \
--set artifactory.persistence.azureBlob.accountKey=${AZURE_ACCOUNT_KEY} \
--set artifactory.persistence.azureBlob.endpoint=${AZURE_ENDPOINT} \
--set artifactory.persistence.azureBlob.containerName=${AZURE_CONTAINER_NAME} \
...
```
* To use a persistent volume claim as cache dir together with Azure Blob Storage, additionally pass the following parameters to `helm install` and `helm upgrade` (make sure `mountPath` and `cacheProviderDir` point to the same location)
```bash
...
--set artifactory.persistence.existingClaim=${YOUR_CLAIM} \
--set artifactory.persistence.mountPath=/opt/cache-dir \
--set artifactory.persistence.cacheProviderDir=/opt/cache-dir \
...
```
#### Custom binarystore.xml
You have an option to provide a custom [binarystore.xml](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore).<br>
There are two options for this
1. Editing directly in [values.yaml](values.yaml)
```yaml
artifactory:
persistence:
binarystoreXml: |
<!-- The custom XML snippet -->
<config version="v1">
<chain template="file-system"/>
</config>
```
2. Create your own [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) and pass it to your `helm install` command
```yaml
# Prepare your custom Secret file (custom-binarystore.yaml)
kind: Secret
apiVersion: v1
metadata:
name: custom-binarystore
labels:
app: artifactory
chart: artifactory
stringData:
binarystore.xml: |-
<!-- The custom XML snippet -->
<config version="v1">
<chain template="file-system"/>
</config>
```
```bash
# Create a secret from the file
kubectl apply -n artifactory -f ./custom-binarystore.yaml
# Pass it to your helm install command:
helm install --name artifactory --namespace artifactory --set artifactory.persistence.customBinarystoreXmlSecret=custom-binarystore jfrog/artifactory
```
### Customizing Database password
You can override the specified database password (set in [values.yaml](values.yaml)), by passing it as a parameter in the install command line
```bash
helm install --name artifactory --namespace artifactory --set postgresql.postgresqlPassword=12_hX34qwerQ2 jfrog/artifactory
```
You can customise other parameters in the same way, by passing them on `helm install` command line.
### Deleting Artifactory
```bash
helm delete --purge artifactory
```
This will completely delete your Artifactory Pro deployment.
**IMPORTANT:** This will also delete your data volumes. You will lose all data!
### Kubernetes Secret for Artifactory License
##### Use an existing secret
You can deploy the Artifactory license as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/).
Prepare a text file with the license written in it and create a Kubernetes secret from it.
```bash
# Create the Kubernetes secret (assuming the local license file is 'art.lic')
kubectl create secret generic artifactory-license --from-file=./art.lic
# Pass the license to helm
helm install --name artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic jfrog/artifactory
```
**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
Updating the license should be done via Artifactory UI or REST API.
If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file
##### Create the secret as part of the helm release
values.yaml
```yaml
artifactory:
license:
licenseKey: |-
<LICENSE_KEY>
```
```bash
helm install --name artifactory-ha -f values.yaml jfrog/artifactory-ha
```
**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
Updating the license should be done via Artifactory UI or REST API.
If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file
### Configure NetworkPolicy
NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system.
In the `networkpolicy` section of values.yaml you can specify a list of NetworkPolicy objects.
For podSelector, ingress and egress, if nothing is provided then a default `- {}` is applied which is to allow everything.
A full (but very wide open) example that results in 2 NetworkPolicy objects being created:
```yaml
networkpolicy:
# Allows all ingress and egress to/from artifactory.
- name: artifactory
podSelector:
matchLabels:
app: artifactory
egress:
- {}
ingress:
- {}
# Allows connectivity from artifactory pods to postgresql pods, but no traffic leaving postgresql pod.
- name: postgres
podSelector:
matchLabels:
app: postgresql
ingress:
- from:
- podSelector:
matchLabels:
app: artifactory
```
### Artifactory JMX Configuration
** You can see some information about the exposed MBeans here - https://www.jfrog.com/confluence/display/RTF/Artifactory+JMX+MBeans
Enable JMX in your deployment:
```bash
helm install --name artifactory \
--set artifactory.javaOpts.jmx.enabled=true \
jfrog/artifactory
```
This will enable access to Artifactory with JMX on the default port (9010).
** You have the option to change the port by setting ```artifactory.javaOpts.jmx.port``` to your choice of port
In order to connect to Artifactory using JMX with jconsole (or any similar tool) installed on your computer, follow the following steps:
1. Enable JMX as described above and Change the Artifactory service to be of type LoadBalancer:
```bash
helm install --name artifactory \
--set artifactory.javaOpts.jmx.enabled=true \
--set artifactory.service.type=LoadBalancer \
jfrog/artifactory
```
2. The default setting for java.rmi.server.hostname is the service name (this is also configurable with ```artifactory.javaOpts.jmx.host```).
So in order to connect to Artifactory with jconsole you should map the Artifactory kuberentes service IP to the service name using your hosts file as such:
```
<artifactory-service-ip> artifactory-<release-name>
```
3. Launch jconsole with the service address and port:
```bash
jconsole artifactory-<release-name>:<jmx-port>
```
### Access creds. bootstraping
**IMPORTANT:** Bootsrapping access creds. will automatically trigger a restart to the Artifactory pod and will allow access for the user `access-admin` from certain IP's.
* User guide to [bootstrap Artifactory Access credentials](https://www.jfrog.com/confluence/display/ACC/Configuring+Access)
1. Create `access-creds-values.yaml` and provide the IP (By default 127.0.0.1) and password:
```yaml
artifactory:
accessAdmin:
ip: "<IP_RANGE>" #Example: "*"
password: "<PASSWD>"
```
2. Apply the `access-creds-values.yaml` file:
```bash
helm upgrade --install artifactory jfrog/artifactory -f access-creds-values.yaml
```
3. Restart Artifactory Pod (`Kubectl delete pod <pod_name>`)
### Bootstrapping Artifactory
**IMPORTANT:** Bootstrapping Artifactory needs license. Pass license as shown in above section.
* User guide to [bootstrap Artifactory Global Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheGlobalConfiguration)
* User guide to [bootstrap Artifactory Security Configuration](https://www.jfrog.com/confluence/display/RTF/Configuration+Files#ConfigurationFiles-BootstrappingtheSecurityConfiguration)
1. Create `bootstrap-config.yaml` with artifactory.config.import.xml and security.import.xml as shown below:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: my-release-bootstrap-config
data:
artifactory.config.import.xml: |
<config contents>
security.import.xml: |
<config contents>
```
2. Create configMap in Kubernetes:
```bash
kubectl apply -f bootstrap-config.yaml
```
3. Pass the configMap to helm
```bash
helm install --name artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config jfrog/artifactory
```
OR
```bash
helm install --name artifactory --set artifactory.license.licenseKey=<LICENSE_KEY>,artifactory.configMapName=my-release-bootstrap-config jfrog/artifactory
```
### Use custom nginx.conf with Nginx
Steps to create configMap with nginx.conf
* Create `nginx.conf` file.
```bash
kubectl create configmap nginx-config --from-file=nginx.conf
```
* Pass configMap to helm install
```bash
helm install --name artifactory --set nginx.customConfigMap=nginx-config jfrog/artifactory
```
### Use an external Database
#### PostgreSQL
There are cases where you will want to use an external PostgreSQL with a different database name e.g. `my-artifactory-db`, then you need set a custom PostgreSQL connection URL, where `my-artifactory-db` is the name of the database.
This can be done with the following parameters
```bash
...
--set postgresql.enabled=false \
--set database.type=postgresql \
--set database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \
--set database.user=${DB_USER} \
--set database.password=${DB_PASSWORD} \
...
```
**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
#### Other DB type
There are cases where you will want to use a different database and not the enclosed **PostgreSQL**.
See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database)
> The official Artifactory Docker images include the PostgreSQL database driver.
> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib
This can be done with the following parameters
```bash
# Make sure your Artifactory Docker image has the MySQL database driver in it
...
--set postgresql.enabled=false \
--set artifactory.preStartCommand="wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \
--set database.type=mysql \
--set database.host=${DB_HOST} \
--set database.port=${DB_PORT} \
--set database.user=${DB_USER} \
--set database.password=${DB_PASSWORD} \
...
```
**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
#### Using pre-existing Kubernetes Secret
If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`:
```bash
# Create a secret containing the database credentials
kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD}
...
--set postgresql.enabled=false \
--set database.secrets.user.name=my-secret \
--set database.secrets.user.key=user \
--set database.secrets.password.name=my-secret \
--set database.secrets.password.key=password \
--set database.secrets.url.name=my-secret \
--set database.secrets.url.key=url \
...
```
### Deleting Artifactory
To delete the Artifactory.
```bash
helm delete --purge artifactory
```
This will completely delete your Artifactory HA cluster.
### Custom Docker registry for your images
If you need to pull your Docker images from a private registry, you need to create a
[Kubernetes Docker registry secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) and pass it to helm
```bash
# Create a Docker registry secret called 'regsecret'
kubectl create secret docker-registry regsecret --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
Once created, you pass it to `helm`
```bash
helm install --name artifactory --set imagePullSecrets=regsecret jfrog/artifactory
```
### Logger sidecars
This chart provides the option to add sidecars to tail various logs from Artifactory. See the available values in [values.yaml](values.yaml)
Get list of containers in the pod
```bash
kubectl get pods -n <NAMESPACE> <POD_NAME> -o jsonpath='{.spec.containers[*].name}' | tr ' ' '\n'
```
View specific log
```bash
kubectl logs -n <NAMESPACE> <POD_NAME> -c <LOG_CONTAINER_NAME>
```
### Custom init containers
There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container.
For this, there is a section for writing a custom init container in the [values.yaml](values.yaml). By default it's commented out
```yaml
artifactory:
## Add custom init containers
customInitContainers: |
## Init containers template goes here ##
```
### Custom sidecar containers
There are cases where an extra sidecar container is needed. For example monitoring agents or log collection.
For this, there is a section for writing a custom sidecar container in the [values.yaml](values.yaml). By default it's commented out
```yaml
artifactory:
## Add custom sidecar containers
customSidecarContainers: |
## Sidecar containers template goes here ##
```
### Custom volumes
If you need to use a custom volume in a custom init or sidecar container, you can use this option.
For this, there is a section for defining custom volumes in the [values.yaml](values.yaml). By default it's commented out
```yaml
artifactory:
## Add custom volumes
customVolumes: |
## Custom volume comes here ##
```
You can configure the sidecar to run as a custom user if needed by setting the following in the container template
```yaml
# Example of running container as root (id 0)
securityContext:
runAsUser: 0
fsGroup: 0
```
### Add Artifactory User Plugin during installation
If you need to add [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins), you can use this option.
Create a secret with [Artifactory User Plugin](https://github.com/jfrog/artifactory-user-plugins) by following command:
```bash
# Secret with single user plugin
kubectl create secret generic archive-old-artifacts --from-file=archiveOldArtifacts.groovy --namespace=artifactory
# Secret with single user plugin with configuration file
kubectl create secret generic webhook --from-file=webhook.groovy --from-file=webhook.config.json.sample --namespace=artifactory
```
Add plugin secret names to `plugins.yaml` as following:
```yaml
artifactory:
userPluginSecrets:
- archive-old-artifacts
- webhook
```
You can now pass the created `plugins.yaml` file to helm install command to deploy Artifactory with user plugins as follows:
```bash
helm install --name artifactory -f plugins.yaml jfrog/artifactory
```
Alternatively, you may be in a situation in which you would like to create a secret in a Helm chart that depends on this chart. In this scenario, the name of the secret is likely dynamically generated via template functions, so passing a statically named secret isn't possible. In this case, the chart supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function - simply pass the raw string containing the templating language used to name your secret as a value instead by adding the following to your chart's `values.yaml` file:
```yaml
artifactory: # Name of the artifactory dependency
artifactory:
userPluginSecrets:
- '{{ template "my-chart.fullname" . }}'
```
NOTE: By defining userPluginSecrets, this overrides any pre-defined plugins from the container image that are stored in /tmp/plugins. At this time [artifactory-pro:6.9.0](https://bintray.com/jfrog/artifactory-pro) is distributed with `internalUser.groovy` plugin. If you need this plugin in addition to your user plugins, you should include these additional plugins as part of your userPluginSecrets.
## Configuration
The following table lists the configurable parameters of the artifactory chart and their default values.
| Parameter | Description | Default |
|---------------------------|-----------------------------------|----------------------------------------------------------|
| `imagePullSecrets` | Docker registry pull secret | |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template |
| `serviceAccount.annotations` | Artifactory service account annotations | `` |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `rbac.role.rules` | Rules to create | `[]` |
| `logger.image.repository` | repository for logger image | `busybox` |
| `logger.image.tag` | tag for logger image | `1.30` |
| `artifactory.name` | Artifactory name | `artifactory` |
| `artifactory.replicaCount` | Replica count for Artifactory deployment| `1` |
| `artifactory.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-pro` |
| `artifactory.image.version` | Container tag | `.Chart.AppVersion` |
| `artifactory.labels` | Artifactory labels | `{}` |
| `artifactory.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` |
| `artifactory.catalinaLoggers` | Artifactory Tomcat loggers (see values.yaml for possible values) | `[]` |
| `artifactory.customInitContainers`| Custom init containers | |
| `artifactory.customSidecarContainers`| Custom sidecar containers | |
| `artifactory.customVolumes` | Custom volumes | |
| `artifactory.customVolumeMounts` | Custom Artifactory volumeMounts | |
| `artifactory.userPluginSecrets` | Array of secret names for Artifactory user plugins | |
| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used. | |
| `artifactory.license.secret` | Artifactory license secret name | |
| `artifactory.license.dataKey`| Artifactory license secret data key | |
| `artifactory.service.name`| Artifactory service name to be set in Nginx configuration | `artifactory` |
| `artifactory.service.type`| Artifactory service type | `ClusterIP` |
| `artifactory.service.loadBalancerSourceRanges`| Artifactory service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | |
| `artifactory.service.annotations` | Artifactory service annotations | `{}` |
| `artifactory.externalPort` | Artifactory service external port | `8081` |
| `artifactory.internalPort` | Artifactory service internal port | `8081` |
| `artifactory.internalPortReplicator` | Replicator service internal port | `6061` |
| `artifactory.externalPortReplicator` | Replicator service external port | `6061` |
| `artifactory.livenessProbe.enabled` | Enable liveness probe | `true` |
| `artifactory.livenessProbe.path` | Liveness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `artifactory.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 180 |
| `artifactory.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.masterKey` | Artifactory masterkey. A 128-Bit key size (hexadecimal encoded) string (32 hex characters). Can be generated with `openssl rand -hex 16`.
NOTE: This key is generated only once and cannot be updated once created | `` |
| `artifactory.masterKeySecretName` | Artifactory Master Key secret name | |
| `artifactory.accessAdmin.ip` | Artifactory access-admin ip to be set upon startup, can use (*) for 0.0.0.0| 127.0.0.1 |
| `artifactory.accessAdmin.password` | Artifactory access-admin password to be set upon startup| |
| `artifactory.accessAdmin.secret` | Artifactory access-admin secret name | |
| `artifactory.accessAdmin.dataKey` | Artifactory access-admin secret data key | |
| `artifactory.preStartCommand` | Command to run before entrypoint starts | |
| `artifactory.postStartCommand` | Command to run after container starts | |
| `artifactory.extraEnvironmentVariables` | Extra environment variables to pass to Artifactory. Supports evaluating strings as templates via the [`tpl`](https://helm.sh/docs/charts_tips_and_tricks/#using-the-tpl-function) function. See [documentation](https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker#InstallingwithDocker-SupportedEnvironmentVariables) | |
| `artifactory.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `artifactory.readinessProbe.path` | Readiness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `artifactory.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `artifactory.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `artifactory.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
| `artifactory.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 |
| `artifactory.deleteDBPropertiesOnStartup` | Whether to delete the ARTIFACTORY_HOME/etc/db.properties file on startup. Disabling this will remove the ability for the db.properties to be updated with any DB-related environment variables change (e.g. DB_HOST, DB_URL) | `true` |
| `artifactory.copyOnEveryStartup` | List of files to copy on startup from source (which is absolute) to target (which is relative to ARTIFACTORY_HOME | |
| `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"` |
| `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true` |
| `artifactory.persistence.existingClaim` | Artifactory persistence volume claim name | |
| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce` |
| `artifactory.persistence.size` | Artifactory persistence or local volume size | `20Gi` |
| `artifactory.persistence.binarystoreXml` | Artifactory binarystore.xml template | See `values.yaml` |
| `artifactory.persistence.customBinarystoreXmlSecret` | A custom Secret for binarystore.xml | `` |
| `artifactory.persistence.maxCacheSize` | The maximum storage allocated for the cache in bytes. | `50000000000` |
| `artifactory.persistence.cacheProviderDir` | the root folder of binaries for the filestore cache. If the value specified starts with a forward slash ("/") it is considered the fully qualified path to the filestore folder. Otherwise, it is considered relative to the *baseDataDir*. | `cache` |
| `artifactory.persistence.type` | Artifactory HA storage type | `file-system` |
| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy | `3` |
| `artifactory.persistence.nfs.ip` | NFS server IP | |
| `artifactory.persistence.nfs.haDataMount` | NFS data directory | `/data` |
| `artifactory.persistence.nfs.haBackupMount` | NFS backup directory | `/backup` |
| `artifactory.persistence.nfs.dataDir` | HA data directory | `/var/opt/jfrog/artifactory` |
| `artifactory.persistence.nfs.backupDir` | HA backup directory | `/var/opt/jfrog/artifactory-backup` |
| `artifactory.persistence.nfs.capacity` | NFS PVC size | `200Gi` |
| `artifactory.persistence.eventual.numberOfThreads` | Eventual number of threads | `10` |
| `artifactory.persistence.googleStorage.endpoint` | Google Storage API endpoint| `storage.googleapis.com` |
| `artifactory.persistence.googleStorage.httpsOnly` | Google Storage API has to be consumed https only| `false` |
| `artifactory.persistence.googleStorage.bucketName` | Google Storage bucket name | `artifactory` |
| `artifactory.persistence.googleStorage.identity` | Google Storage service account id | |
| `artifactory.persistence.googleStorage.credential` | Google Storage service account key | |
| `artifactory.persistence.googleStorage.path` | Google Storage path in bucket | `artifactory/filestore` |
| `artifactory.persistence.googleStorage.bucketExists`| Google Storage bucket exists therefore does not need to be created.| `false` |
| `artifactory.persistence.awsS3.bucketName` | AWS S3 bucket name | `artifactory-aws` |
| `artifactory.persistence.awsS3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3.roleName` | AWS S3 IAM role name | |
| `artifactory.persistence.awsS3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3.properties` | AWS S3 additional properties | |
| `artifactory.persistence.awsS3.path` | AWS S3 path in bucket | `artifactory/filestore` |
| `artifactory.persistence.awsS3.refreshCredentials` | AWS S3 renew credentials on expiration | `true` (When roleName is used, this parameter will be set to true) |
| `artifactory.persistence.awsS3.httpsOnly` | AWS S3 https access to the bucket only | `true` |
| `artifactory.persistence.awsS3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.persistence.awsS3.s3AwsVersion` | AWS S3 signature version | `AWS4-HMAC-SHA256` |
| `artifactory.persistence.awsS3V3.testConnection` | AWS S3 test connection on start up | `false` |
| `artifactory.persistence.awsS3V3.identity` | AWS S3 AWS_ACCESS_KEY_ID | |
| `artifactory.persistence.awsS3V3.credential` | AWS S3 AWS_SECRET_ACCESS_KEY | |
| `artifactory.persistence.awsS3V3.region` | AWS S3 bucket region | |
| `artifactory.persistence.awsS3V3.bucketName` | AWS S3 bucket name | `artifactory-aws` |
| `artifactory.persistence.awsS3V3.path` | AWS S3 path in bucket | `artifactory/filestore` |
| `artifactory.persistence.awsS3V3.endpoint` | AWS S3 bucket endpoint | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
| `artifactory.persistence.awsS3V3.kmsServerSideEncryptionKeyId` | AWS S3 encryption key ID or alias | |
| `artifactory.persistence.awsS3V3.kmsKeyRegion` | AWS S3 KMS Key region | |
| `artifactory.persistence.awsS3V3.kmsCryptoMode` | AWS S3 KMS encryption mode | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate |
| `artifactory.persistence.awsS3V3.useInstanceCredentials` | AWS S3 Use default authentication mechanism | See https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-authentication |
| `artifactory.persistence.awsS3V3.usePresigning` | AWS S3 Use URL signing | `false` |
| `artifactory.persistence.awsS3V3.signatureExpirySeconds` | AWS S3 Validity period in seconds for signed URLs | `300` |
| `artifactory.persistence.awsS3V3.cloudFrontDomainName` | AWS CloudFront domain name | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)|
| `artifactory.persistence.awsS3V3.cloudFrontKeyPairId` | AWS CloudFront key pair ID | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)|
| `artifactory.persistence.awsS3V3.cloudFrontPrivateKey` | AWS CloudFront private key | See https://www.jfrog.com/confluence/display/RTF/Direct+Cloud+Storage+Download#DirectCloudStorageDownload-UsingCloudFront(Optional)|
| `artifactory.persistence.azureBlob.accountName` | Azure Blob Storage account name | `` |
| `artifactory.persistence.azureBlob.accountKey` | Azure Blob Storage account key | `` |
| `artifactory.persistence.azureBlob.endpoint` | Azure Blob Storage endpoint | `` |
| `artifactory.persistence.azureBlob.containerName` | Azure Blob Storage container name | `` |
| `artifactory.persistence.azureBlob.testConnection` | Azure Blob Storage test connection | `false` |
| `artifactory.resources.requests.memory` | Artifactory initial memory request | |
| `artifactory.resources.requests.cpu` | Artifactory initial cpu request | |
| `artifactory.resources.limits.memory` | Artifactory memory limit | |
| `artifactory.resources.limits.cpu` | Artifactory cpu limit | |
| `artifactory.javaOpts.xms` | Artifactory java Xms size | |
| `artifactory.javaOpts.xmx` | Artifactory java Xms size | |
| `artifactory.javaOpts.corePoolSize` | The number of async processes that can run in parallel - https://jfrog.com/knowledge-base/how-do-i-tune-artifactory-for-heavy-loads/ | `8` |
| `artifactory.javaOpts.jmx.enabled` | Enable JMX monitoring | `false` |
| `artifactory.javaOpts.jmx.port` | JMX Port number | `9010` |
| `artifactory.javaOpts.jmx.host` | JMX hostname (parsed as a helm template) | `{{ template "artifactory.fullname" $ }}` |
| `artifactory.javaOpts.jmx.ssl` | Enable SSL | `false` |
| `artifactory.javaOpts.other` | Artifactory additional java options | |
| `artifactory.replicator.enabled` | Enable Artifactory Replicator | `false` |
| `artifactory.replicator.publicUrl` | Artifactory Replicator Public URL | |
| `artifactory.terminationGracePeriodSeconds` | Termination grace period (seconds) | `30s` |
| `ingress.enabled` | If true, Artifactory Ingress will be created | `false` |
| `ingress.annotations` | Artifactory Ingress annotations | `{}` |
| `ingress.labels` | Artifactory Ingress labels | `{}` |
| `ingress.hosts` | Artifactory Ingress hostnames | `[]` |
| `ingress.path` | Artifactory Ingress path | `/` |
| `ingress.tls` | Artifactory Ingress TLS configuration (YAML) | `[]` |
| `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` |
| `ingress.annotations` | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. | |
| `ingress.additionalRules` | Ingress additional rules to be added to the Artifactory ingress. | `[]` |
| `nginx.name` | Nginx name | `nginx` |
| `nginx.enabled` | Deploy nginx server | `true` |
| `nginx.replicaCount` | Nginx replica count | `1` |
| `nginx.uid` | Nginx User Id | `104` |
| `nginx.gid` | Nginx Group Id | `107` |
| `nginx.image.repository` | Container image | `docker.bintray.io/jfrog/nginx-artifactory-pro` |
| `nginx.image.version` | Container tag | `.Chart.AppVersion` |
| `nginx.image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `nginx.labels` | Nginx deployment labels | `{}` |
| `nginx.loggers` | Artifactory loggers (see values.yaml for possible values) | `[]` |
| `nginx.mainConf` | Content of the Artifactory nginx main nginx.conf config file | `see values.yaml` |
| `nginx.artifactoryConf` | Content of Artifactory nginx artifactory.conf config file | `see values.yaml` |
| `nginx.service.type`| Nginx service type | `LoadBalancer` |
| `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) | |
| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` |
| `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx | |
| `nginx.externalPortHttp` | Nginx service external port | `80` |
| `nginx.internalPortHttp` | Nginx service internal port | `80` |
| `nginx.externalPortHttps` | Nginx service external port | `443` |
| `nginx.internalPortHttps` | Nginx service internal port | `443` |
| `nginx.internalPortReplicator` | Replicator service internal port | `6061` |
| `nginx.externalPortReplicator` | Replicator service external port | `6061` |
| `nginx.livenessProbe.enabled` | Enable liveness probe | `true` |
| `nginx.livenessProbe.path` | Liveness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `nginx.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 60 |
| `nginx.livenessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.livenessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 |
| `nginx.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1|
| `nginx.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` |
| `nginx.readinessProbe.path` | Readiness probe HTTP Get path | `/artifactory/webapp/#/login` |
| `nginx.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60 |
| `nginx.readinessProbe.periodSeconds` | How often to perform the probe | 10 |
| `nginx.readinessProbe.timeoutSeconds` | When the probe times out | 10 |
| `nginx.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 10 |
| `nginx.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 1 |
| `nginx.tlsSecretName` | SSL secret that will be used by the Nginx pod | |
| `nginx.customConfigMap` | Nginx CustomeConfigMap name for `nginx.conf` | ` ` |
| `nginx.customArtifactoryConfigMap`| Nginx CustomeConfigMap name for `artifactory.conf` | ` ` |
| `nginx.persistence.mountPath` | Nginx persistence volume mount path | `"/var/opt/jfrog/nginx"` |
| `nginx.persistence.enabled` | Nginx persistence volume enabled | `false` |
| `nginx.persistence.accessMode` | Nginx persistence volume access mode | `ReadWriteOnce` |
| `nginx.persistence.size` | Nginx persistence volume size | `5Gi` |
| `nginx.resources.requests.memory` | Nginx initial memory request | |
| `nginx.resources.requests.cpu` | Nginx initial cpu request | |
| `nginx.resources.limits.memory` | Nginx memory limit | |
| `nginx.resources.limits.cpu` | Nginx cpu limit | |
| `waitForDatabase` | Wait for database (using wait-for-db init container) | `true` |
| `postgresql.enabled` | Use enclosed PostgreSQL as database | `true` |
| `postgresql.imageTag` | PostgreSQL version | `9.6.11` |
| `postgresql.postgresqlDatabase` | PostgreSQL database name | `artifactory` |
| `postgresql.postgresqlUsername` | PostgreSQL database user | `artifactory` |
| `postgresql.postgresqlPassword` | PostgreSQL database password | |
| `postgresql.persistence.enabled` | PostgreSQL use persistent storage | `true` |
| `postgresql.persistence.size` | PostgreSQL persistent storage size | `50Gi` |
| `postgresql.service.port` | PostgreSQL database port | `5432` |
| `postgresql.resources.requests.memory` | PostgreSQL initial memory request | |
| `postgresql.resources.requests.cpu` | PostgreSQL initial cpu request | |
| `postgresql.resources.limits.memory` | PostgreSQL memory limit | |
| `postgresql.resources.limits.cpu` | PostgreSQL cpu limit | |
| `database.type` | External database type (`postgresql`, `mysql`, `oracle` or `mssql`) | |
| `database.host` | External database hostname | |
| `database.port` | External database port | |
| `database.url` | External database connection URL | |
| `database.user` | External database username | |
| `database.password` | External database password | |
| `database.secrets.user.name` | External database username `Secret` name | |
| `database.secrets.user.key` | External database username `Secret` key | |
| `database.secrets.password.name` | External database password `Secret` name | |
| `database.secrets.password.key` | External database password `Secret` key | |
| `database.secrets.url.name ` | External database url `Secret` name | |
| `database.secrets.url.key` | External database url `Secret` key | |
| `networkpolicy.name` | Becomes part of the NetworkPolicy object name | `artifactory` |
| `networkpolicy.podselector` | Contains the YAML that specifies how to match pods. Usually using matchLabels. | |
| `networkpolicy.ingress` | YAML snippet containing to & from rules applied to incoming traffic | `- {}` (open to all inbound traffic) |
| `networkpolicy.egress` | YAML snippet containing to & from rules applied to outgoing traffic | `- {}` (open to all outbound traffic) |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Ingress and TLS
To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:
```bash
helm install --name artifactory \
--set ingress.enabled=true \
--set ingress.hosts[0]="artifactory.company.com" \
--set artifactory.service.type=NodePort \
--set nginx.enabled=false \
jfrog/artifactory
```
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```bash
kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file:
```yaml
ingress:
## If true, Artifactory Ingress will be created
##
enabled: true
## Artifactory Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- artifactory.domain.com
annotations:
kubernetes.io/tls-acme: "true"
## Artifactory Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: artifactory-tls
hosts:
- artifactory.domain.com
```
### Ingress annotations
This example specifically enables Artifactory to work as a Docker Registry using the Repository Path method. See [Artifactory as Docker Registry](https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry) documentation for more information about this setup.
```yaml
ingress:
enabled: true
defaultBackend:
enabled: false
hosts:
- myhost.example.com
annotations:
ingress.kubernetes.io/force-ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/proxy-read-timeout: "600"
ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
nginx.ingress.kubernetes.io/proxy-body-size: "0"
tls:
- hosts:
- "myhost.example.com"
```
### Ingress additional rules
You have the option to add additional ingress rules to the Artifactory ingress. An example for this use case can be routing the /xray path to Xray.
In order to do that, simply add the following to a `artifactory-values.yaml` file:
```yaml
ingress:
enabled: true
defaultBackend:
enabled: false
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite "(?i)/xray(/|$)(.*)" /$2 break;
additionalRules: |
- host: <MY_HOSTNAME>
http:
paths:
- path: /
backend:
serviceName: <XRAY_SERVER_SERVICE_NAME>
servicePort: <XRAY_SERVER_SERVICE_PORT>
- path: /xray
backend:
serviceName: <XRAY_SERVER_SERVICE_NAME>
servicePort: <XRAY_SERVER_SERVICE_PORT>
- path: /artifactory
backend:
serviceName: {{ template "artifactory.nginx.fullname" . }}
servicePort: {{ .Values.nginx.externalPortHttp }}
```
and running:
```bash
helm upgrade --install xray jfrog/artifactory -f artifactory-values.yaml
```
## Useful links
https://www.jfrog.com
https://www.jfrog.com/confluence/
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment