Skip to content

Commit

Permalink
Merge pull request #1502 from jfrog/jp-7.25.7
Browse files Browse the repository at this point in the history 
[jfrog-platform] 7.25.7 release
  • Loading branch information
@chukka
chukka authored Sep 16, 2021
2 parents 98de7f4 + 56e5d8d commit e6a0f97
Show file tree
Hide file tree
Showing 11 changed files with 143 additions and 31 deletions.
5 changes: 5 additions & 0 deletions stable/jfrog-platform/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
# JFrog Platform Chart Changelog
All changes to this chart will be documented in this file.

## [0.10.1] - Sep 16, 2021
* Update dependency artifactory/ha charts version to 107.25.7
* Update dependency mission-control chart version to 104.7.14
* Update dependency pipelines chart version to 101.17.9

## [0.10.0] - Sep 6, 2021
* Update dependency artifactory/ha charts version to 107.25.6
* Update dependency xray chart version to 103.32.2
Expand Down
12 changes: 6 additions & 6 deletions stable/jfrog-platform/Chart.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ dependencies:
version: 12.10.1
- name: artifactory
repository: https://charts.jfrog.io/
version: 107.25.6
version: 107.25.7
- name: artifactory-ha
repository: https://charts.jfrog.io/
version: 107.25.6
version: 107.25.7
- name: xray
repository: https://charts.jfrog.io/
version: 103.32.2
Expand All @@ -22,9 +22,9 @@ dependencies:
version: 102.9.2
- name: mission-control
repository: https://charts.jfrog.io/
version: 104.7.13
version: 104.7.14
- name: pipelines
repository: https://charts.jfrog.io/
version: 101.17.8
digest: sha256:bae517d18731bda5da4add3892500903f2e47a8fba43c7567615e71e45dc2df7
generated: "2021-09-07T18:33:25.404876+05:30"
version: 101.17.9
digest: sha256:b6d924fb95a4f20ec46957387404ad72c287c5bae33e665d1d5d80d0a086e527
generated: "2021-09-16T13:04:04.634825+05:30"
12 changes: 6 additions & 6 deletions stable/jfrog-platform/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 7.25.6
appVersion: 7.25.7
dependencies:
- name: postgresql
version: 10.3.18
Expand All @@ -14,11 +14,11 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled
- name: artifactory
version: 107.25.6
version: 107.25.7
repository: https://charts.jfrog.io/
condition: artifactory.enabled
- name: artifactory-ha
version: 107.25.6
version: 107.25.7
repository: https://charts.jfrog.io/
condition: artifactory-ha.enabled
- name: xray
Expand All @@ -30,11 +30,11 @@ dependencies:
repository: https://charts.jfrog.io/
condition: distribution.enabled
- name: mission-control
version: 104.7.13
version: 104.7.14
repository: https://charts.jfrog.io/
condition: mission-control.enabled
- name: pipelines
version: 101.17.8
version: 101.17.9
repository: https://charts.jfrog.io/
condition: pipelines.enabled
description: The Helm chart for JFrog Platform (Universal, hybrid, end-to-end DevOps automation)
Expand All @@ -52,5 +52,5 @@ name: jfrog-platform
sources:
- https://github.com/jfrog/charts
type: application
version: 0.10.0
version: 0.10.1
kubeVersion: ">= 1.14.0-0"
8 changes: 7 additions & 1 deletion stable/mission-control/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
# JFrog Mission-Control Chart Changelog
All changes to this chart will be documented in this file.

## [104.7.13] - Aug 25, 2021
## [104.7.14] - Sep 02, 2021
* Dropped NET_RAW capability for the containers
* Added support for new probes(set to false by default)
* Update elasticsearch version to `7.14.0`

## [104.7.12] - Aug 25, 2021
* Added security hardening fixes
* Update router version to `7.24.1`
* Update elasticsearch version to `7.13.4`
Expand All @@ -10,6 +15,7 @@ All changes to this chart will be documented in this file.
* Added support for serviceRegistry insecure flag in router
* Fixed duplicate resources Key violates YAML spec
* Added elasticsearch default java opts to `2g`
* Added support for new probes(set to false by default)

## [104.7.11] - July 22, 2021
* Added support for graceful shutdown of router container on SIGTERM
Expand Down
4 changes: 2 additions & 2 deletions stable/mission-control/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 4.7.13
appVersion: 4.7.14
dependencies:
- condition: postgresql.enabled
name: postgresql
Expand All @@ -18,4 +18,4 @@ name: mission-control
sources:
- https://github.com/jfrog/charts
type: application
version: 104.7.13
version: 104.7.14
6 changes: 6 additions & 0 deletions stable/mission-control/ci/global-section-values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ global:
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command: ["sh","-c","echo 'Sidecar is running in global' >> /scriptsglobal/sidecar.txt; cat /scriptsglobal/sidecar.txt; while true; do sleep 30; done"]
volumeMounts:
- mountPath: "/scriptsglobal"
Expand Down Expand Up @@ -104,6 +107,9 @@ common:
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command: ["sh","-c","echo 'Sidecar is running in local' >> /scriptslocal/sidecar.txt; cat /scriptslocal/sidecar.txt; while true; do sleep 30; done"]
volumeMounts:
- mountPath: "/scriptslocal"
Expand Down
44 changes: 44 additions & 0 deletions stable/mission-control/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,3 +248,47 @@ mkdir -p {{ .Values.missionControl.persistence.mountPath }}/etc/security/keys/tr
find /tmp/certs -type f -not -name "*.key" -exec cp -v {} {{ .Values.missionControl.persistence.mountPath }}/etc/security/keys/trusted \;;
find {{ .Values.missionControl.persistence.mountPath }}/etc/security/keys/trusted/ -type f -name "tls.crt" -exec mv -v {} {{ .Values.missionControl.persistence.mountPath }}/etc/security/keys/trusted/ca.crt \;;
{{- end -}}

{{/*
mission-control liveness probe
*/}}
{{- define "mission-control.livenessProbe" -}}
{{- if .Values.newProbes -}}
{{- printf "%s" "/api/v1/system/liveness" -}}
{{- else -}}
{{- printf "%s" "/api/v1/system/ping" -}}
{{- end -}}
{{- end -}}

{{/*
mission-control readiness probe
*/}}
{{- define "mission-control.readinessProbe" -}}
{{- if .Values.newProbes -}}
{{- printf "%s" "/api/v1/system/readiness" -}}
{{- else -}}
{{- printf "%s" "/api/v1/system/ping" -}}
{{- end -}}
{{- end -}}

{{/*
router liveness probe
*/}}
{{- define "mission-control.router.livenessProbe" -}}
{{- if .Values.newProbes -}}
{{- printf "%s" "/router/api/v1/system/liveness" -}}
{{- else -}}
{{- printf "%s" "/router/api/v1/system/health" -}}
{{- end -}}
{{- end -}}

{{/*
router readiness probe
*/}}
{{- define "mission-control.router.readinessProbe" -}}
{{- if .Values.newProbes -}}
{{- printf "%s" "/router/api/v1/system/readiness" -}}
{{- else -}}
{{- printf "%s" "/router/api/v1/system/health" -}}
{{- end -}}
{{- end -}}
39 changes: 39 additions & 0 deletions stable/mission-control/templates/mission-control-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.common.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- '/bin/sh'
- '-c'
Expand Down Expand Up @@ -150,6 +153,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.common.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
Expand All @@ -170,6 +176,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.common.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- 'sh'
- '-c'
Expand All @@ -193,6 +202,9 @@ spec:
image: "{{ .Values.dbSetup.postgresql.image.repository }}:{{ .Values.dbSetup.postgresql.image.tag }}"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
env:
- name: DB_PORT
value: '{{ .Values.postgresql.service.port }}'
Expand Down Expand Up @@ -262,6 +274,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.elasticsearch.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- '/bin/sh'
- '-c'
Expand Down Expand Up @@ -348,6 +363,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.common.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- '/bin/sh'
- '-c'
Expand Down Expand Up @@ -383,6 +401,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.common.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- '/bin/bash'
- '-c'
Expand Down Expand Up @@ -460,6 +481,9 @@ spec:
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
args:
- "-e"
- "-E"
Expand All @@ -486,6 +510,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.common.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
env:
{{- if or .Values.database.secrets.user .Values.database.user }}
- name: JF_SHARED_DATABASE_USERNAME
Expand Down Expand Up @@ -554,6 +581,9 @@ spec:
runAsNonRoot: true
runAsUser: {{ .Values.common.uid }}
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
env:
- name: JFMC_EXTRA_JAVA_OPTS
value: "
Expand Down Expand Up @@ -641,6 +671,9 @@ spec:
runAsUser: {{ $uid }}
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- tail
args:
Expand All @@ -662,6 +695,9 @@ spec:
runAsUser: {{ $uid }}
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- tail
args:
Expand All @@ -683,6 +719,9 @@ spec:
runAsUser: {{ $uid }}
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- tail
args:
Expand Down
Loading

0 comments on commit e6a0f97

Please sign in to comment.