From 73dbaff9ce898039bf1be7ba0e47cc64fa871980 Mon Sep 17 00:00:00 2001 From: danielmi Date: Tue, 5 Jan 2021 05:42:36 +0000 Subject: [PATCH] artifactory-oss 7.12.5 --- Dockerfile | 6 +- Jenkinsfile | 2 +- Jenkinsfile.tmp | 2 + download.yaml | 4 +- helm/CHANGELOG.md | 3 + helm/Chart.yaml | 4 +- helm/charts/artifactory/CHANGELOG.md | 30 ++ helm/charts/artifactory/Chart.yaml | 6 +- helm/charts/artifactory/README.md | 29 +- .../artifactory/ci/access-tls-values.yaml | 2 + helm/charts/artifactory/ci/global-values.yaml | 2 + .../charts/artifactory/templates/_helpers.tpl | 14 +- .../templates/additional-resources.yaml | 3 + .../templates/artifactory-statefulset.yaml | 45 +- .../templates/artifactory-system-yaml.yaml | 2 +- .../templates/fluentd-configmap.yaml | 14 - .../templates/metrics-service.yaml | 25 -- .../artifactory/templates/servicemonitor.yaml | 31 -- helm/charts/artifactory/values.yaml | 406 ++---------------- helm/requirements.lock | 6 +- helm/requirements.yaml | 4 +- 21 files changed, 122 insertions(+), 518 deletions(-) create mode 100644 Jenkinsfile.tmp create mode 100644 helm/charts/artifactory/templates/additional-resources.yaml delete mode 100644 helm/charts/artifactory/templates/fluentd-configmap.yaml delete mode 100644 helm/charts/artifactory/templates/metrics-service.yaml delete mode 100644 helm/charts/artifactory/templates/servicemonitor.yaml diff --git a/Dockerfile b/Dockerfile index fdb207a..280e361 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,20 +2,20 @@ ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.2 -FROM docker.bintray.io/jfrog/artifactory-oss:7.11.5 AS base +FROM docker.bintray.io/jfrog/artifactory-oss:7.12.5 AS base FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} LABEL org.opencontainers.image.title="JFrog Artifactory OSS" \ org.opencontainers.image.description="JFrog Artifactory OSS image based on the Red Hat Universal Base Image for DSOP." \ org.opencontainers.image.url="https://jfrog.com" \ - org.opencontainers.image.version="7.11.5" \ + org.opencontainers.image.version="7.12.5" \ maintainer="cht@dsop.io" USER root # Set vars -ARG ARTIFACTORY_VERSION=7.11.5 +ARG ARTIFACTORY_VERSION=7.12.5 ENV JF_ARTIFACTORY_USER=artifactory \ ARTIFACTORY_VERSION=${ARTIFACTORY_VERSION} \ ARTIFACTORY_BOOTSTRAP=/artifactory_bootstrap \ diff --git a/Jenkinsfile b/Jenkinsfile index b0199e3..ac3b07f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "7.11.5") +dccscrPipeline(version: "7.12.5") diff --git a/Jenkinsfile.tmp b/Jenkinsfile.tmp new file mode 100644 index 0000000..ac3b07f --- /dev/null +++ b/Jenkinsfile.tmp @@ -0,0 +1,2 @@ +@Library('DCCSCR@master') _ +dccscrPipeline(version: "7.12.5") diff --git a/download.yaml b/download.yaml index 4fffb70..1e5b306 100644 --- a/download.yaml +++ b/download.yaml @@ -1,3 +1,3 @@ resources: - - url: "docker://docker.bintray.io/jfrog/artifactory-oss@sha256:9792ca19a3a723a23ad6b41ad34fd7c2e5b6a5088ebd8b2a79cd7cd45067dbda" - tag: "docker.bintray.io/jfrog/artifactory-oss:7.11.5" \ No newline at end of file + - url: "docker://docker.bintray.io/jfrog/artifactory-oss@sha256:bc53370d6cc3457c56fe7cb11a38cb606ea4b2116f9dbd3a5b84e70ea3b531de" + tag: "docker.bintray.io/jfrog/artifactory-oss:7.12.5" \ No newline at end of file diff --git a/helm/CHANGELOG.md b/helm/CHANGELOG.md index fe189f6..1d53cba 100644 --- a/helm/CHANGELOG.md +++ b/helm/CHANGELOG.md @@ -1,6 +1,9 @@ # JFrog Artifactory OSS Chart Changelog All changes to this chart will be documented in this file. +## [3.4.0] - Jan 4, 2020 +* Update dependency Artifactory chart version to 11.7.4 (Artifactory 7.12.5) + ## [3.3.1] - Dec 1, 2020 * Update dependency Artifactory chart version to 11.5.4 (Artifactory 7.11.5) diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 1634703..640dedd 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 7.11.5 +appVersion: 7.12.5 description: JFrog Artifactory OSS home: https://www.jfrog.com/artifactory/ icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png @@ -15,4 +15,4 @@ maintainers: name: artifactory-oss sources: - https://github.com/jfrog/charts -version: 3.3.1 +version: 3.4.0 diff --git a/helm/charts/artifactory/CHANGELOG.md b/helm/charts/artifactory/CHANGELOG.md index 792e8d2..9a35fa0 100644 --- a/helm/charts/artifactory/CHANGELOG.md +++ b/helm/charts/artifactory/CHANGELOG.md @@ -1,6 +1,36 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. +## [11.7.4] - Jan 04, 2020 +* Fixed gid support for statefulset + +## [11.7.3] - Dec 31, 2020 +* Added gid support for statefulset +* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset + +## [11.7.2] - Dec 29, 2020 +* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) +* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml) +* Updated Artifactory version to 7.12.5 + +## [11.7.1] - Dec 21, 2020 +* Updated Artifactory version to 7.12.3 + +## [11.7.0] - Dec 18, 2020 +* Updated Artifactory version to 7.12.2 +* Added `.Values.artifactory.openMetrics.enabled` + +## [11.6.1] - Dec 11, 2020 +* Added configurable `.Values.global.versions.artifactory` in values.yaml + +## [11.6.0] - Dec 10, 2020 +* Update postgresql tag version to `12.5.0-debian-10-r25` +* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` +* Updated chart maintainers email + +## [11.5.5] - Dec 4, 2020 +* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` + ## [11.5.4] - Dec 1, 2020 * Improve error message returned when attempting helm upgrade command diff --git a/helm/charts/artifactory/Chart.yaml b/helm/charts/artifactory/Chart.yaml index 33ef6d0..4f98e28 100644 --- a/helm/charts/artifactory/Chart.yaml +++ b/helm/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 7.11.5 +appVersion: 7.12.5 description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. home: https://www.jfrog.com/artifactory/ @@ -9,10 +9,10 @@ keywords: - jfrog - devops maintainers: -- email: helm@jfrog.com +- email: installers@jfrog.com name: Chart Maintainers at JFrog name: artifactory sources: - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view - https://github.com/jfrog/charts -version: 11.5.4 +version: 11.7.4 diff --git a/helm/charts/artifactory/README.md b/helm/charts/artifactory/README.md index 7e82fcd..9c7551c 100644 --- a/helm/charts/artifactory/README.md +++ b/helm/charts/artifactory/README.md @@ -1134,35 +1134,16 @@ helm upgrade --install nginx-ingress --namespace nginx-ingress center/kubernetes ``` This will start sending your Artifactory logs to the log aggregator of your choice, based on your configuration in the `filebeatYml` -### Prometheus Metrics +### Log Analytics -If you want to enable Prometheus metrics you can use the `metrics` configuration options. By default this option requires that the Promtheus Operator already be deployed and the associated CRDs created. +#### FluentD, Prometheus and Grafana -The simplest way is to install Artifactory with the following command: +To configure Prometheus and Grafana to gather metrics from Artifactory through the use of FluentD, please refer to the log analytics repo: -```bash -helm upgrade --install artifactory --namespace artifactory --set metrics.enabled=true center/jfrog/artifactory -``` - -This will create a new service exposing the Prometheus metrics as well as a ServiceMonitor object for the Prometheus Operator to start scraping. - -The `ServiceMonitor` creation can be disabled by setting `metrics.serviceMonitor.enabled` to `false` for environments that are not using the Prometheus Operator. - -```bash -helm upgrade --install artifactory --namespace artifactory --set metrics.enabled=true --set metrics.serviceMonitor.enabled=false center/jfrog/artifactory -``` - -NOTE: Enabling this does NOT create a container which actually parses the log files for metrics. See the Fluentd section below. - -### Fluentd +https://github.com/jfrog/log-analytics-prometheus -The suggested way to parse the log files for metrics is to install Fluentd as a sidecar container. This can be done with the `fluentd` configuration options. - -```bash -helm upgrade --install artifactory --namespace artifactory --set fluentd.enabled=true center/jfrog/artifactory -``` +That repo contains a file `artifactory-values.yaml` that can be used to deploy Prometheus, Service Monitor, and Grafana with this chart. -This will install Artifactory with Fluentd running as a sidecar container sharing the persistent volume where the log files are written. ## Useful links - https://www.jfrog.com/confluence/display/EP/Getting+Started diff --git a/helm/charts/artifactory/ci/access-tls-values.yaml b/helm/charts/artifactory/ci/access-tls-values.yaml index 10d8f00..4dabc95 100644 --- a/helm/charts/artifactory/ci/access-tls-values.yaml +++ b/helm/charts/artifactory/ci/access-tls-values.yaml @@ -1,6 +1,8 @@ databaseUpgradeReady: true # To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release postgresql: + image: + tag: 12.3.0-debian-10-r71 postgresqlPassword: password access: accessConfig: diff --git a/helm/charts/artifactory/ci/global-values.yaml b/helm/charts/artifactory/ci/global-values.yaml index 9700360..8c964a8 100644 --- a/helm/charts/artifactory/ci/global-values.yaml +++ b/helm/charts/artifactory/ci/global-values.yaml @@ -3,6 +3,8 @@ databaseUpgradeReady: true postgresql: postgresqlPassword: password global: + versions: + artifactory: 7.11.2 masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE customInitContainers: | diff --git a/helm/charts/artifactory/templates/_helpers.tpl b/helm/charts/artifactory/templates/_helpers.tpl index 24c6078..14b571f 100644 --- a/helm/charts/artifactory/templates/_helpers.tpl +++ b/helm/charts/artifactory/templates/_helpers.tpl @@ -214,6 +214,9 @@ Return the proper artifactory chart image names {{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} {{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} {{- if $dot.Values.global }} + {{- if and $dot.Values.global.versions.artifactory (or (eq $indexReference "artifactory") (eq $indexReference "nginx") ) }} + {{- $tag = $dot.Values.global.versions.artifactory | toString -}} + {{- end -}} {{- if $dot.Values.global.imageRegistry }} {{- printf "%s/%s:%s" $dot.Values.global.imageRegistry $repositoryName $tag -}} {{- else -}} @@ -222,4 +225,13 @@ Return the proper artifactory chart image names {{- else -}} {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Return the proper artifactory app version +*/}} +{{- define "artifactory.app.version" -}} +{{- $image := split ":" ((include "artifactory.getImageInfoByValue" (list . "artifactory")) | toString) -}} +{{- $tag := $image._1 -}} +{{- printf "%s" $tag -}} +{{- end -}} diff --git a/helm/charts/artifactory/templates/additional-resources.yaml b/helm/charts/artifactory/templates/additional-resources.yaml new file mode 100644 index 0000000..c4d06f0 --- /dev/null +++ b/helm/charts/artifactory/templates/additional-resources.yaml @@ -0,0 +1,3 @@ +{{ if .Values.additionalResources }} +{{ tpl .Values.additionalResources . }} +{{- end -}} diff --git a/helm/charts/artifactory/templates/artifactory-statefulset.yaml b/helm/charts/artifactory/templates/artifactory-statefulset.yaml index f93e596..524fcbc 100644 --- a/helm/charts/artifactory/templates/artifactory-statefulset.yaml +++ b/helm/charts/artifactory/templates/artifactory-statefulset.yaml @@ -62,9 +62,11 @@ spec: {{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }} {{- include "artifactory.imagePullSecrets" . | indent 6 }} {{- end }} + {{- if .Values.artifactory.setSecurityContext }} securityContext: runAsUser: {{ .Values.artifactory.uid }} - fsGroup: {{ .Values.artifactory.uid }} + fsGroup: {{ .Values.artifactory.gid }} + {{- end }} initContainers: {{- if or .Values.artifactory.customInitContainersBegin .Values.global.customInitContainersBegin }} {{ tpl (include "artifactory.customInitContainersBegin" .) . | indent 6 }} @@ -133,8 +135,8 @@ spec: echo "Copy system.yaml to {{ .Values.artifactory.persistence.mountPath }}/etc"; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/etc/access/keys/trusted; - {{- if .Values.systemYaml.existingSecret }} - cp -fv /tmp/etc/{{ .Values.systemYaml.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; + {{- if .Values.systemYamlOverride.existingSecret }} + cp -fv /tmp/etc/{{ .Values.systemYamlOverride.dataKey }} {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; {{- else }} cp -fv /tmp/etc/system.yaml {{ .Values.artifactory.persistence.mountPath }}/etc/system.yaml; {{- end }} @@ -184,11 +186,11 @@ spec: volumeMounts: - name: artifactory-volume mountPath: {{ .Values.artifactory.persistence.mountPath | quote }} - {{- if or .Values.systemYaml.existingSecret .Values.artifactory.systemYaml }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - name: systemyaml - {{- if .Values.systemYaml.existingSecret }} - mountPath: "/tmp/etc/{{.Values.systemYaml.dataKey}}" - subPath: {{ .Values.systemYaml.dataKey }} + {{- if .Values.systemYamlOverride.existingSecret }} + mountPath: "/tmp/etc/{{.Values.systemYamlOverride.dataKey}}" + subPath: {{ .Values.systemYamlOverride.dataKey }} {{- else if .Values.artifactory.systemYaml }} mountPath: "/tmp/etc/system.yaml" subPath: system.yaml @@ -216,8 +218,8 @@ spec: - 'sh' - '-c' - > - echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}" - chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} + echo "Setting ownership {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} on PVC {{ .Values.artifactory.customPersistentPodVolumeClaim.name }}" + chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.gid }} {{ .Values.artifactory.customPersistentPodVolumeClaim.mountPath }} securityContext: runAsUser: 0 volumeMounts: @@ -263,7 +265,7 @@ spec: cp -fv /tmp/migrationHelmInfo.yaml $scriptsPath/migrationHelmInfo.yaml; cp -fv /tmp/migrationStatus.sh $scriptsPath/migrationStatus.sh; mkdir -p {{ .Values.artifactory.persistence.mountPath }}/log; - bash $scriptsPath/migrationStatus.sh {{ default .Chart.AppVersion .Values.artifactory.image.tag }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; + bash $scriptsPath/migrationStatus.sh {{ include "artifactory.app.version" . }} {{ .Values.artifactory.migration.timeoutSeconds }} > >(tee {{ .Values.artifactory.persistence.mountPath }}/log/helm-migration.log) 2>&1; env: {{- if and (not .Values.waitForDatabase) (not .Values.postgresql.enabled) }} - name: SKIP_WAIT_FOR_EXTERNAL_DB @@ -568,20 +570,6 @@ spec: {{ toYaml .Values.filebeat.resources | indent 10 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }} {{- end }} - {{- if .Values.fluentd.enabled }} - - name: fluentd - image: "{{ .Values.fluentd.image.repository }}:{{ .Values.fluentd.image.tag }}" - volumeMounts: - - mountPath: /opt/bitnami/fluentd/conf/ - name: fluentd-config - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: artifactory-volume - env: - - name: JF_PRODUCT_DATA_INTERNAL - value: {{ .Values.artifactory.persistence.mountPath }} - - name: FLUENTD_CONF - value: fluentd.conf - {{- end }} {{- if or .Values.artifactory.customSidecarContainers .Values.global.customSidecarContainers }} {{ tpl (include "artifactory.customSidecarContainers" .) . | indent 6 }} {{- end }} @@ -673,10 +661,10 @@ spec: emptyDir: sizeLimit: {{ .Values.artifactory.persistence.size }} {{- end }} - {{- if or .Values.systemYaml.existingSecret .Values.artifactory.systemYaml }} + {{- if or .Values.systemYamlOverride.existingSecret .Values.artifactory.systemYaml }} - name: systemyaml secret: - secretName: {{ default (printf "%s-%s" (include "artifactory.fullname" .) "systemyaml") .Values.systemYaml.existingSecret }} + secretName: {{ default (printf "%s-%s" (include "artifactory.fullname" .) "systemyaml") .Values.systemYamlOverride.existingSecret }} {{- end }} {{- if .Values.access.accessConfig }} - name: access-config @@ -706,11 +694,6 @@ spec: emptyDir: sizeLimit: {{ .Values.artifactory.persistence.size }} {{- end }} - {{- if .Values.fluentd.enabled }} - - name: fluentd-config - configMap: - name: {{ template "artifactory.name" . }}-fluentd-config - {{- end }} {{- with .Values.artifactory.persistence }} {{- if and .enabled (not .existingClaim) }} volumeClaimTemplates: diff --git a/helm/charts/artifactory/templates/artifactory-system-yaml.yaml b/helm/charts/artifactory/templates/artifactory-system-yaml.yaml index 2efebcf..f368792 100644 --- a/helm/charts/artifactory/templates/artifactory-system-yaml.yaml +++ b/helm/charts/artifactory/templates/artifactory-system-yaml.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.systemYaml.existingSecret }} +{{- if not .Values.systemYamlOverride.existingSecret }} apiVersion: v1 kind: Secret metadata: diff --git a/helm/charts/artifactory/templates/fluentd-configmap.yaml b/helm/charts/artifactory/templates/fluentd-configmap.yaml deleted file mode 100644 index 7d6e09a..0000000 --- a/helm/charts/artifactory/templates/fluentd-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.fluentd.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "artifactory.name" . }}-fluentd-config - labels: - app: {{ template "artifactory.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - fluentd.conf: | -{{ tpl .Values.fluentd.fluentdConf . | indent 4 }} -{{- end -}} diff --git a/helm/charts/artifactory/templates/metrics-service.yaml b/helm/charts/artifactory/templates/metrics-service.yaml deleted file mode 100644 index 277b6d5..0000000 --- a/helm/charts/artifactory/templates/metrics-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory.fullname" . }}-metrics - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - component: metrics - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - ports: - - name: tcp-metrics - port: {{ .Values.metrics.service.port }} - protocol: TCP - selector: - app: {{ template "artifactory.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} -{{- end }} diff --git a/helm/charts/artifactory/templates/servicemonitor.yaml b/helm/charts/artifactory/templates/servicemonitor.yaml deleted file mode 100644 index c8aa72a..0000000 --- a/helm/charts/artifactory/templates/servicemonitor.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "artifactory.fullname" . }} - labels: - app: {{ template "artifactory.name" . }} - chart: {{ template "artifactory.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.metrics.serviceMonitor.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app: {{ template "artifactory.name" . }} - component: metrics - release: {{ .Release.Name }} - endpoints: - - port: tcp-metrics - {{- with .Values.metrics.serviceMonitor }} - path: {{ .path }} - {{- with .interval }} - interval: {{ . }} - {{- end }} - {{- with .scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - {{- end }} -{{- end }} diff --git a/helm/charts/artifactory/values.yaml b/helm/charts/artifactory/values.yaml index 8504c95..dcbf72f 100644 --- a/helm/charts/artifactory/values.yaml +++ b/helm/charts/artifactory/values.yaml @@ -5,9 +5,15 @@ # Access the values with {{ .Values.key.subkey }} -global: {} +global: + # imageRegistry: docker.bintray.io # imagePullSecrets: # - myRegistryKeySecretName + ## Chart.AppVersion can be overidden using global.versions.artifactory or .Values.artifactory.image.tag + ## Note: Order of preference is 1) global.versions 2) .Values.artifactory.image.tag 3) Chart.AppVersion + ## This applies also for nginx images (.Values.nginx.image.tag) + versions: {} + # artifactory: # joinKey: # masterKey: # joinKeySecretName: @@ -48,10 +54,10 @@ installerInfo: '{"productId": "Helm_artifactory/{{ .Chart.Version }}", "features ## Artifactory systemYaml override ## This is for advanced usecases where users wants to provide their own systemYaml for configuring artifactory ## Refer: https://www.jfrog.com/confluence/display/JFROG/Artifactory+System+YAML -## Note: This will override existing systemYaml in values.yaml +## Note: This will override existing (default) .Values.artifactory.systemYaml in values.yaml ## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example. -## Note: Order of preference is 1) customInitContainers 2) systemYaml existingSecret 3) default systemYaml in values.yaml -systemYaml: +## Note: Order of preference is 1) customInitContainers 2) systemYamlOverride existingSecret 3) default systemYaml in values.yaml +systemYamlOverride: ## You can use a pre-existing secret by specifying existingSecret existingSecret: ## The dataKey should be the name of the secret data key created. @@ -174,6 +180,12 @@ artifactory: maxThreads: 200 extraConfig: 'acceptCount="100"' + # Support for open metrics is only available for Artifactory 7.7.x (appVersions) and above. + # To enable set `.Values.artifactory.openMetrics.enabled` to `true` + # Refer - https://www.jfrog.com/confluence/display/JFROG/Open+Metrics + openMetrics: + enabled: false + # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup copyOnEveryStartup: # # Absolute path @@ -477,6 +489,10 @@ artifactory: {{- end }} {{- end }} artifactory: + {{- if .Values.artifactory.openMetrics }} + metrics: + enabled: {{ .Values.artifactory.openMetrics.enabled }} + {{- end }} database: maxOpenConnections: {{ .Values.artifactory.database.maxOpenConnections }} tomcat: @@ -538,8 +554,13 @@ artifactory: externalArtifactoryPort: 8081 internalArtifactoryPort: 8081 uid: 1030 + gid: 1030 terminationGracePeriodSeconds: 30 + ## By default, the Artifactory StatefulSet is created with a securityContext that sets the `runAsUser` and the `fsGroup` to the `artifactory.uid` value. + ## If you want to disable the securityContext for the Artifactory StatefulSet, set this tag to false + setSecurityContext: true + ## The following settings are to configure the frequency of the liveness and readiness probes livenessProbe: enabled: true @@ -813,7 +834,7 @@ artifactory: ## For artifactory.persistence.type google-storage googleStorage: - endpoint: storage.googleapis.com + endpoint: commondatastorage.googleapis.com httpsOnly: false # Set a unique bucket name bucketName: "artifactory-gcp" @@ -1235,7 +1256,7 @@ postgresql: image: registry: docker.bintray.io repository: bitnami/postgresql - tag: 12.3.0-debian-10-r71 + tag: 12.5.0-debian-10-r25 postgresqlUsername: artifactory postgresqlPassword: "" postgresqlDatabase: artifactory @@ -1349,372 +1370,7 @@ filebeat: logstash: hosts: ["{{ .Values.filebeat.logstashUrl }}"] -## Prometheus Exporter / Metrics -## -metrics: - enabled: false - - service: - port: 24231 - type: ClusterIP - - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - enabled: true - path: "/metrics" - labels: {} - - ## Interval at which metrics should be scraped - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - # interval: - - ## Timeout after which the scrape is ended - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - # scrapeTimeout: - -## Fluentd Sidecar Container -## -fluentd: - enabled: false - - image: - ## The Bitnami Fluentd image has the Prometheus plugin pre-installed. - ## - repository: docker.io/bitnami/fluentd - tag: 1.11.2 - - fluentdConf: | - ## Prometheus Input Plugin Configuration - - # input plugin that exports metrics - - @type prometheus - port {{ .Values.metrics.service.port }} - metrics_path {{ .Values.metrics.serviceMonitor.path }} - - - - @type monitor_agent - - - - @type forward - - - # input plugin that collects metrics from MonitorAgent - - @type prometheus_monitor - - host ${hostname} - - - - # input plugin that collects metrics for output plugin - - @type prometheus_output_monitor - - host ${hostname} - - - - # input plugin that collects metrics for in_tail plugin - - @type prometheus_tail_monitor - - host ${hostname} - - - - - @type tail - @id access_service_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/access-service.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/access-service.log.pos" - tag jfrog.rt.access.service - - @type none - - - - @type tail - @id artifactory_service_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/artifactory-service.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/artifactory-service.log.pos" - tag jfrog.rt.artifactory.service - - @type none - - - - @type tail - @id frontend_service_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/frontend-service.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/frontend-service.log.pos" - tag jfrog.rt.frontend.service - - @type none - - - - @type tail - @id metadata_service_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/metadata-service.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/metadata-service.log.pos" - tag jfrog.rt.metadata.service - - @type none - - - - @type tail - @id router_service_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/router-service.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/router-service.log.pos" - tag jfrog.rt.router.service - - @type none - - - # Strip out color codes then field extract the service fields - - @type record_transformer - enable_ruby true - - message ${record["message"].gsub(/\e\[([;\d]+)?m/, '')} - - - - @type parser - key_name message - - @type multiline - format_firstline /\d{4}-\d{1,2}-\d{1,2}/ - format1 /^(?[^ ]*) \[(?[^\]]*)\] \[(?[^\]]*)\] \[(?[^\]]*)\] \[(?.*)\] \[(?.*)\] -(?.*)$/ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - - - # End Service Fields Extraction - - @type tail - @id router_traefik_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/router-traefik.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/router-traefik.log.pos" - tag jfrog.rt.router.traefik - - @type multiline - format_firstline /\d{4}-\d{1,2}-\d{1,2}/ - format1 /^(?[^ ]*) \[(?[^\]]*)\] \[(?[^\]]*)\] \[(?[^\]]*)\] \[(?.*)\] \[(?.*)\] - (?.+)$/ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - - - - @type tail - @id access_request_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/access-request.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/access-request.log.pos" - tag jfrog.rt.access.request - - @type regexp - expression ^(?[^ ]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?.+)$ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - - - - @type tail - @id artifactory_request_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/artifactory-request.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/artifactory-request.log.pos" - tag jfrog.rt.artifactory.request - - @type regexp - expression ^(?[^ ]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?.+)$ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - types response_content_length:integer, request_content_length:integer, return_status_code:integer - - - - @type record_transformer - enable_ruby true - - repo ${!record["request_url"].strip().start_with?("/api") ? (record["request_url"].strip().split('/')[1]) : ("")} - artifact ${!record["request_url"].strip().start_with?("/api") ? (val = record["request_url"].strip().split('/'); val[val.length()-1]) : ("")} - dockerRepo ${record["request_url"].strip().include?("/api/docker") && !record["request_url"].include?("/api/docker/null") && !record["request_url"].include?("/api/docker/v2") ? (record["request_url"].strip().split('/')[3]) : ("")} - dockerImage ${record["request_url"].strip().include?("/api/docker") && !record["request_url"].include?("/api/docker/null") && !record["request_url"].include?("/api/docker/v2") ? (record["request_url"].strip().split('/')[5]) : ("")} - data_download ${record["response_content_length"] == -1 ? 0 : record["response_content_length"]} - data_upload ${record["request_content_length"] == -1 ? 0 : record["request_content_length"]} - - - - @type tail - @id frontend_request_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/frontend-request.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/frontend-request.log.pos" - tag jfrog.rt.frontend.request - - @type regexp - expression ^(?[^ ]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?.+)$ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - - - - @type tail - @id metadata_request_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/metadata-request.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/metadata-request.log.pos" - tag jfrog.rt.metadata.request - - @type regexp - expression ^(?[^ ]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?[^\|]*)\|(?.+)$ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - - - - @type tail - @id router_request_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/router-request.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/router-request.log.pos" - tag jfrog.rt.router.request - - @type json - time_key time - time_format %Y-%m-%dT%H:%M:%SZ - - - - @type tail - @id artifactory_access_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/artifactory-access.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/artifactory-access.log.pos" - tag jfrog.rt.artifactory.access - - @type regexp - expression /^(?[^ ]*) \[(?[^\]]*)\] \[(?[^\]]*)\] (?.*) for client : (?.+)/(?.+)$/ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - - - - @type tail - @id access_security_audit_tail - path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/access-security-audit.log" - pos_file "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/access-security-audit.log.pos" - tag jfrog.rt.access.audit - - @type regexp - expression /^(?[^ ]*)\|(?[^ ]*)\|(?[^ ]*)\|(?[^ ]*)\|(?[^ ]*)\|(?[^ ]*)\|(?[^ ]*)\|(?[^ ]*)\|(?.*)/ - time_key timestamp - time_format %Y-%m-%dT%H:%M:%S.%LZ - - - - # WHAT LOG IT WAS INTO THE JSON - - @type record_transformer - - log_source ${tag} - - - - - @type prometheus - - - name jfrog_rt_data_download - type gauge - desc artifactory data download - key data_download - - host ${hostname} - remote_address ${remote_address} - repo ${repo} - response_content_length ${response_content_length} - data_download ${data_download} - - - - - name jfrog_rt_data_upload - type gauge - desc artifactory data upload - key data_upload - - host ${hostname} - remote_address ${remote_address} - repo ${repo} - request_content_length ${request_content_length} - data_upload ${data_upload} - - - - - name jfrog_rt_req - type counter - desc artifactory requests - - host ${hostname} - request_url ${request_url} - return_status ${return_status} - repo ${repo} - artifact ${artifact} - dockerRepo ${dockerRepo} - dockerImage ${dockerImage} - remote_address ${remote_address} - - - - - - @type prometheus - - name jfrog_rt_log_level - type counter - desc artifactory log_levels - - host ${hostname} - log_level ${log_level} - - - - - - @type prometheus - - - name jfrog_rt_access - type counter - desc artifactory access - - host ${hostname} - username ${username} - action_response ${action_response} - ip ${ip} - - - - - - - @type prometheus - - - name jfrog_rt_access_audit - type counter - desc artifactory access audit - - host ${hostname} - user ${user} - event_type ${event_type} - event ${event} - - - - +## Allows to add additional kubernetes resources +## Use --- as a separator between multiple resources +## For an example, refer - https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml +additionalResources: | diff --git a/helm/requirements.lock b/helm/requirements.lock index 4cdfd3b..30dc889 100644 --- a/helm/requirements.lock +++ b/helm/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: artifactory repository: https://charts.jfrog.io/ - version: 11.5.4 -digest: sha256:90c74353267158f68a4967bc39f60a72bb591dea2459efcf58f73e5d3fb1b0e1 -generated: "2020-12-01T21:29:51.210319+05:30" + version: 11.7.4 +digest: sha256:a4c52f49f154be6434a9a37474eee556de8d97a487be9dec923124a64651aac8 +generated: "2021-01-04T14:56:47.550996+05:30" diff --git a/helm/requirements.yaml b/helm/requirements.yaml index 4f90bec..4ad868b 100644 --- a/helm/requirements.yaml +++ b/helm/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: artifactory - version: 11.5.4 - repository: https://charts.jfrog.io/ \ No newline at end of file + version: 11.7.4 + repository: https://charts.jfrog.io/ -- GitLab