diff --git a/stable/artifactory-cpp-ce/CHANGELOG.md b/stable/artifactory-cpp-ce/CHANGELOG.md
index b206449c3..970ec5477 100644
--- a/stable/artifactory-cpp-ce/CHANGELOG.md
+++ b/stable/artifactory-cpp-ce/CHANGELOG.md
@@ -1,7 +1,7 @@
# JFrog Artifactory CE for C++ Chart Changelog
All changes to this chart will be documented in this file
-## [107.59.11] - Aug 25, 2022
+## [107.63.5] - Aug 25, 2022
* Included event service as mandatory and remove the flag from values.yaml
## [107.41.0] - Jul 22, 2022
diff --git a/stable/artifactory-cpp-ce/Chart.yaml b/stable/artifactory-cpp-ce/Chart.yaml
index 78d583e51..59fa27b58 100644
--- a/stable/artifactory-cpp-ce/Chart.yaml
+++ b/stable/artifactory-cpp-ce/Chart.yaml
@@ -1,9 +1,9 @@
apiVersion: v2
-appVersion: 7.59.11
+appVersion: 7.63.5
dependencies:
- name: artifactory
repository: file://charts/artifactory
- version: 107.59.11
+ version: 107.63.5
description: JFrog Artifactory CE for C++
home: https://www.jfrog.com/artifactory/
icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-cpp-ce/logo/conan.png
@@ -21,4 +21,4 @@ name: artifactory-cpp-ce
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.59.11
+version: 107.63.5
diff --git a/stable/artifactory-cpp-ce/values.yaml b/stable/artifactory-cpp-ce/values.yaml
index cf773c53b..a82348c21 100644
--- a/stable/artifactory-cpp-ce/values.yaml
+++ b/stable/artifactory-cpp-ce/values.yaml
@@ -67,4 +67,4 @@ postgresql:
enabled: true
router:
image:
- tag: 7.67.0
+ tag: 7.71.0
diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md
index d90ed1827..c50d1d2d8 100644
--- a/stable/artifactory-ha/CHANGELOG.md
+++ b/stable/artifactory-ha/CHANGELOG.md
@@ -1,7 +1,24 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
-## [107.59.11] - May 31, 2023
+## [107.63.5] - July 14, 2023
+* Added support for Openshift by adding the securityContext in container level.
+* **IMPORTANT**
+* Nginx deployment is disabled on openshift.
+* Disable securityContext in contaier and pod level to deploy postgres on openshift.
+* Fixed support for fsGroup in non openshift environemnt and runAsGroup in openshift environment.
+
+## [107.62.0] - Jun 5, 2023
+* Added support for 'port' and 'useHttp' parameters for s3-storage-v3 binary provider [GH-1767](https://github.com/jfrog/charts/issues/1767)
+
+## [107.61.0] - May 31, 2023
+* Added new binary provider `google-storage-v2-direct`
+
+## [107.60.0] - May 31, 2023
+* Enabled `splitServicesToContainers` to true by default
+* Updated the recommended values for small, medium and large installations to support the 'splitServicesToContainers'
+
+## [107.59.0] - May 31, 2023
* Fixed reference of `terminationGracePeriodSeconds`
* **Breaking change**
* Updated the defaults of replicaCount (Values.artifactory.primary.replicaCount and Values.artifactory.node.replicaCount) to support Cloud-Native High Availability. Refer [Cloud-Native High Availability](https://jfrog.com/help/r/jfrog-installation-setup-documentation/cloud-native-high-availability)
diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml
index 90d68be59..046d437d4 100644
--- a/stable/artifactory-ha/Chart.yaml
+++ b/stable/artifactory-ha/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v2
-appVersion: 7.59.11
+appVersion: 7.63.5
dependencies:
- condition: postgresql.enabled
name: postgresql
@@ -21,4 +21,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.59.11
+version: 107.63.5
diff --git a/stable/artifactory-ha/ci/large-values.yaml b/stable/artifactory-ha/ci/large-values.yaml
new file mode 100644
index 000000000..8c1bacd34
--- /dev/null
+++ b/stable/artifactory-ha/ci/large-values.yaml
@@ -0,0 +1,93 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
+databaseUpgradeReady: true
+
+# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
+postgresql:
+ postgresqlPassword: password
+ persistence:
+ enabled: false
+artifactory:
+ masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+ persistence:
+ enabled: false
+ database:
+ maxOpenConnections: 150
+ tomcat:
+ connector:
+ maxThreads: 300
+ primary:
+ replicaCount: 4
+ resources:
+ requests:
+ memory: "6Gi"
+ cpu: "2"
+ limits:
+ memory: "10Gi"
+ cpu: "8"
+ javaOpts:
+ xms: "8g"
+ xmx: "10g"
+access:
+ database:
+ maxOpenConnections: 150
+ tomcat:
+ connector:
+ maxThreads: 100
+router:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+frontend:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+metadata:
+ database:
+ maxOpenConnections: 150
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+event:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+jfconnect:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+integration:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+observability:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
diff --git a/stable/artifactory-ha/ci/medium-values.yaml b/stable/artifactory-ha/ci/medium-values.yaml
new file mode 100644
index 000000000..3f04f68df
--- /dev/null
+++ b/stable/artifactory-ha/ci/medium-values.yaml
@@ -0,0 +1,93 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
+databaseUpgradeReady: true
+
+# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
+postgresql:
+ postgresqlPassword: password
+ persistence:
+ enabled: false
+artifactory:
+ masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+ persistence:
+ enabled: false
+ database:
+ maxOpenConnections: 100
+ tomcat:
+ connector:
+ maxThreads: 200
+ primary:
+ replicaCount: 3
+ resources:
+ requests:
+ memory: "4Gi"
+ cpu: "2"
+ limits:
+ memory: "8Gi"
+ cpu: "6"
+ javaOpts:
+ xms: "6g"
+ xmx: "8g"
+access:
+ database:
+ maxOpenConnections: 100
+ tomcat:
+ connector:
+ maxThreads: 50
+router:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+frontend:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+metadata:
+ database:
+ maxOpenConnections: 100
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+event:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+jfconnect:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+integration:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+observability:
+ resources:
+ requests:
+ memory: "200Mi"
+ cpu: "200m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
diff --git a/stable/artifactory-ha/ci/small-values.yaml b/stable/artifactory-ha/ci/small-values.yaml
new file mode 100644
index 000000000..72cd9a59a
--- /dev/null
+++ b/stable/artifactory-ha/ci/small-values.yaml
@@ -0,0 +1,93 @@
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
+databaseUpgradeReady: true
+
+# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release
+postgresql:
+ postgresqlPassword: password
+ persistence:
+ enabled: false
+artifactory:
+ masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+ persistence:
+ enabled: false
+ database:
+ maxOpenConnections: 80
+ tomcat:
+ connector:
+ maxThreads: 200
+ primary:
+ replicaCount: 2
+ resources:
+ requests:
+ memory: "4Gi"
+ cpu: "2"
+ limits:
+ memory: "6Gi"
+ cpu: "4"
+ javaOpts:
+ xms: "4g"
+ xmx: "6g"
+access:
+ database:
+ maxOpenConnections: 80
+ tomcat:
+ connector:
+ maxThreads: 50
+router:
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+frontend:
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+metadata:
+ database:
+ maxOpenConnections: 80
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+event:
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+jfconnect:
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+integration:
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
+observability:
+ resources:
+ requests:
+ memory: "100Mi"
+ cpu: "100m"
+ limits:
+ memory: "1Gi"
+ cpu: "1"
diff --git a/stable/artifactory-ha/files/binarystore.xml b/stable/artifactory-ha/files/binarystore.xml
index 488b65d40..abb30be3e 100644
--- a/stable/artifactory-ha/files/binarystore.xml
+++ b/stable/artifactory-ha/files/binarystore.xml
@@ -112,9 +112,10 @@
{{- end }}
{{- end }}
-{{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }}
+{{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") (eq .Values.artifactory.persistence.type "google-storage-v2-direct") }}
+ {{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }}
@@ -132,6 +133,13 @@
+ {{- else if eq .Values.artifactory.persistence.type "google-storage-v2-direct" }}
+
+
+
+
+
+ {{- end }}
@@ -139,15 +147,19 @@
{{ .Values.artifactory.persistence.cacheProviderDir }}
+ {{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }}
local
+
30
10000
remote
+ {{- end }}
+
{{- if .Values.artifactory.persistence.googleStorage.useInstanceCredentials }}
@@ -240,6 +252,12 @@
{{ .bucketName }}
{{ .path }}
{{ .endpoint }}
+ {{- with .port }}
+ {{ . }}
+ {{- end }}
+ {{- with .useHttp }}
+ {{ . }}
+ {{- end }}
{{- with .maxConnections }}
{{ . }}
{{- end }}
diff --git a/stable/artifactory-ha/templates/NOTES.txt b/stable/artifactory-ha/templates/NOTES.txt
index 277364908..d78841a21 100644
--- a/stable/artifactory-ha/templates/NOTES.txt
+++ b/stable/artifactory-ha/templates/NOTES.txt
@@ -56,8 +56,13 @@ echo ${DB_PASSWORD}
SETUP:
1. Get the Artifactory IP and URL
+{{printf "\n" }}
+ {{- if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" -}}
+
+ NOTE: You are installing Artifactory in Openshift Environment.
+ Nginx service is not available with this installation. If required, you can set the value for ingress in values.yaml.
- {{- if contains "NodePort" .Values.nginx.service.type }}
+ {{- else if contains "NodePort" .Values.nginx.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "artifactory-ha.nginx.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT/
diff --git a/stable/artifactory-ha/templates/_helpers.tpl b/stable/artifactory-ha/templates/_helpers.tpl
index 96dc48df3..f974a6a1d 100644
--- a/stable/artifactory-ha/templates/_helpers.tpl
+++ b/stable/artifactory-ha/templates/_helpers.tpl
@@ -495,4 +495,15 @@ nodeSelector:
{{- else if .Values.nginx.nodeSelector }}
{{ toYaml .Values.nginx.nodeSelector | indent 2 }}
{{- end -}}
+{{- end -}}
+
+{{/*
+Resolve fsGroup and runAsGroup on cluster based
+*/}}
+{{- define "artifactory.isOpenshiftCompatible" -}}
+{{- if (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
+{{- printf "%s" "true" -}}
+{{- else -}}
+{{- printf "%s" "false" -}}
+{{- end -}}
{{- end -}}
\ No newline at end of file
diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
index 294722e62..54372b248 100644
--- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
@@ -69,8 +69,13 @@ spec:
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
securityContext:
+ runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
+ {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }}
+ runAsGroup: {{ .Values.artifactory.gid }}
+ {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }}
fsGroup: {{ .Values.artifactory.gid }}
+ {{- end }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
@@ -93,12 +98,9 @@ spec:
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- 'bash'
- '-c'
@@ -130,12 +132,9 @@ spec:
- name: "wait-for-primary"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- 'bash'
- '-c'
@@ -156,12 +155,9 @@ spec:
{{- end }}
- name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}'
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -230,12 +226,9 @@ spec:
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}"
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -253,12 +246,9 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}"
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -298,12 +288,9 @@ spec:
- name: 'migration-artifactory-ha'
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -441,12 +428,9 @@ spec:
- name: {{ .Values.router.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -489,12 +473,9 @@ spec:
- name: {{ .Values.frontend.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -532,12 +513,9 @@ spec:
- name: {{ .Values.metadata.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -624,12 +602,9 @@ spec:
- name: {{ .Values.event.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -665,12 +640,9 @@ spec:
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -698,12 +670,9 @@ spec:
- name: {{ .Values.jfconnect.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -739,12 +708,9 @@ spec:
- name: {{ .Values.integration.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -780,12 +746,9 @@ spec:
- name: {{ .Values.observability.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -821,12 +784,9 @@ spec:
- name: {{ .Values.artifactory.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -1055,12 +1015,9 @@ spec:
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
command:
- 'sh'
- '-c'
@@ -1096,12 +1053,9 @@ spec:
- name: {{ .Values.filebeat.name }}
image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}"
imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | indent 10 }}
+ {{- end }}
args:
- "-e"
- "-E"
diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
index eb3eb9faa..a9d178b94 100644
--- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
@@ -87,8 +87,13 @@ spec:
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
securityContext:
+ runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
+ {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }}
+ runAsGroup: {{ .Values.artifactory.gid }}
+ {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }}
fsGroup: {{ .Values.artifactory.gid }}
+ {{- end }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
@@ -111,12 +116,9 @@ spec:
- name: "create-artifactory-data-dir"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -133,12 +135,9 @@ spec:
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -153,12 +152,9 @@ spec:
- name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -187,12 +183,9 @@ spec:
{{- end }}
- name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}'
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -320,12 +313,9 @@ spec:
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}"
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -343,12 +333,9 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}"
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -367,6 +354,9 @@ spec:
{{- if or .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- /bin/bash
- -c
@@ -388,12 +378,9 @@ spec:
- name: 'migration-artifactory-ha'
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.artifactory.primary.resources | indent 10 }}
command:
@@ -531,12 +518,9 @@ spec:
- name: {{ .Values.router.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -579,12 +563,9 @@ spec:
- name: {{ .Values.frontend.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -622,12 +603,9 @@ spec:
- name: {{ .Values.metadata.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -714,12 +692,9 @@ spec:
- name: {{ .Values.event.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -755,12 +730,9 @@ spec:
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -788,12 +760,9 @@ spec:
- name: {{ .Values.jfconnect.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -829,12 +798,9 @@ spec:
- name: {{ .Values.integration.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -870,12 +836,9 @@ spec:
- name: {{ .Values.observability.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -911,12 +874,9 @@ spec:
- name: {{ .Values.artifactory.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -1165,12 +1125,9 @@ spec:
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- 'sh'
- '-c'
@@ -1188,12 +1145,9 @@ spec:
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list $ "logger") }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- 'sh'
- '-c'
@@ -1212,12 +1166,9 @@ spec:
- name: {{ .Values.filebeat.name }}
image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}"
imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
args:
- "-e"
- "-E"
@@ -1473,4 +1424,4 @@ spec:
resources:
requests:
storage: {{ .Values.artifactory.customPersistentPodVolumeClaim.size }}
- {{- end }}
+ {{- end }}
\ No newline at end of file
diff --git a/stable/artifactory-ha/templates/nginx-artifactory-conf.yaml b/stable/artifactory-ha/templates/nginx-artifactory-conf.yaml
index eb1f0e698..fa7689b06 100644
--- a/stable/artifactory-ha/templates/nginx-artifactory-conf.yaml
+++ b/stable/artifactory-ha/templates/nginx-artifactory-conf.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
@@ -11,4 +12,5 @@ metadata:
data:
artifactory.conf: |
{{ tpl .Values.nginx.artifactoryConf . | indent 4 }}
+{{- end }}
{{- end }}
\ No newline at end of file
diff --git a/stable/artifactory-ha/templates/nginx-certificate-secret.yaml b/stable/artifactory-ha/templates/nginx-certificate-secret.yaml
index 29c77ad5a..4bf31bceb 100644
--- a/stable/artifactory-ha/templates/nginx-certificate-secret.yaml
+++ b/stable/artifactory-ha/templates/nginx-certificate-secret.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled .Values.nginx.https.enabled }}
apiVersion: v1
kind: Secret
@@ -12,3 +13,4 @@ metadata:
data:
{{ ( include "artifactory-ha.gen-certs" . ) | indent 2 }}
{{- end }}
+{{- end }}
diff --git a/stable/artifactory-ha/templates/nginx-conf.yaml b/stable/artifactory-ha/templates/nginx-conf.yaml
index 5f424d52a..8df96815a 100644
--- a/stable/artifactory-ha/templates/nginx-conf.yaml
+++ b/stable/artifactory-ha/templates/nginx-conf.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
@@ -12,3 +13,4 @@ data:
nginx.conf: |
{{ tpl .Values.nginx.mainConf . | indent 4 }}
{{- end }}
+{{- end }}
diff --git a/stable/artifactory-ha/templates/nginx-deployment.yaml b/stable/artifactory-ha/templates/nginx-deployment.yaml
index 306ff5550..e8d45acd3 100644
--- a/stable/artifactory-ha/templates/nginx-deployment.yaml
+++ b/stable/artifactory-ha/templates/nginx-deployment.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if .Values.nginx.enabled -}}
{{- $serviceName := include "artifactory-ha.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
@@ -42,6 +43,9 @@ spec:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
+ securityContext:
+ runAsUser: {{ .Values.nginx.uid }}
+ runAsGroup: {{ .Values.nginx.gid }}
serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }}
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
@@ -61,6 +65,9 @@ spec:
- name: "setup"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/sh'
- '-c'
@@ -70,14 +77,11 @@ spec:
volumeMounts:
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
name: nginx-volume
- securityContext:
- runAsUser: {{ .Values.nginx.uid }}
- fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: {{ include "artifactory-ha.getImageInfoByValue" (list . "nginx") }}
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
- {{- with .Values.nginx.securityContext }}
+ {{- with .Values.nginx.securityContext }}
securityContext:
{{ toYaml . | indent 10 }}
{{- end }}
@@ -209,3 +213,4 @@ spec:
{{- end }}
{{- end }}
{{- end }}
+{{- end }}
diff --git a/stable/artifactory-ha/templates/nginx-pdb.yaml b/stable/artifactory-ha/templates/nginx-pdb.yaml
index 0aed99368..9c88d319c 100644
--- a/stable/artifactory-ha/templates/nginx-pdb.yaml
+++ b/stable/artifactory-ha/templates/nginx-pdb.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if .Values.nginx.enabled -}}
{{- if semverCompare "
{{- end }}
-{{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") (eq .Values.artifactory.persistence.type "cluster-google-storage-v2") }}
+{{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") (eq .Values.artifactory.persistence.type "cluster-google-storage-v2") (eq .Values.artifactory.persistence.type "google-storage-v2-direct") }}
{{- if or (eq .Values.artifactory.persistence.type "google-storage") (eq .Values.artifactory.persistence.type "google-storage-v2") }}
@@ -90,6 +90,12 @@
+ {{- else if eq .Values.artifactory.persistence.type "google-storage-v2-direct" }}
+
+
+
+
+
{{- end }}
@@ -206,6 +212,12 @@
{{ .bucketName }}
{{ .path }}
{{ .endpoint }}
+ {{- with .port }}
+ {{ . }}
+ {{- end }}
+ {{- with .useHttp }}
+ {{ . }}
+ {{- end }}
{{- with .maxConnections }}
{{ . }}
{{- end }}
diff --git a/stable/artifactory/templates/NOTES.txt b/stable/artifactory/templates/NOTES.txt
index 127c1a51d..888067f18 100644
--- a/stable/artifactory/templates/NOTES.txt
+++ b/stable/artifactory/templates/NOTES.txt
@@ -45,8 +45,13 @@ Congratulations. You have just deployed JFrog Artifactory!
{{- end }}
1. Get the Artifactory URL by running these commands:
+{{printf "\n" }}
+ {{- if .Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints" -}}
+
+ NOTE: You are installing Artifactory in Openshift Environment.
+ Nginx service is not available with this installation. If required, you can set the value for ingress in values.yaml.
- {{- if .Values.ingress.enabled }}
+ {{- else if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
diff --git a/stable/artifactory/templates/_helpers.tpl b/stable/artifactory/templates/_helpers.tpl
index fced68533..9f4ec768a 100644
--- a/stable/artifactory/templates/_helpers.tpl
+++ b/stable/artifactory/templates/_helpers.tpl
@@ -476,3 +476,14 @@ if the volume exists in customVolume then an extra volume with the same name wil
{{- printf "%s" "false" -}}
{{- end -}}
{{- end -}}
+
+{{/*
+Resolve fsGroup and runAsGroup on cluster based
+*/}}
+{{- define "artifactory.isOpenshiftCompatible" -}}
+{{- if (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
+{{- printf "%s" "true" -}}
+{{- else -}}
+{{- printf "%s" "false" -}}
+{{- end -}}
+{{- end -}}
diff --git a/stable/artifactory/templates/artifactory-hpa.yaml b/stable/artifactory/templates/artifactory-hpa.yaml
index ede1cf601..01f8a9fb7 100644
--- a/stable/artifactory/templates/artifactory-hpa.yaml
+++ b/stable/artifactory/templates/artifactory-hpa.yaml
@@ -1,5 +1,9 @@
{{- if .Values.autoscaling.enabled }}
+ {{- if semverCompare ">=v1.23.0-0" .Capabilities.KubeVersion.Version }}
+apiVersion: autoscaling/v2
+ {{- else }}
apiVersion: autoscaling/v2beta2
+ {{- end }}
kind: HorizontalPodAutoscaler
metadata:
labels:
diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml
index 81f2ce61f..8f14ea634 100644
--- a/stable/artifactory/templates/artifactory-statefulset.yaml
+++ b/stable/artifactory/templates/artifactory-statefulset.yaml
@@ -89,8 +89,13 @@ spec:
{{- end }}
{{- if .Values.artifactory.setSecurityContext }}
securityContext:
+ runAsNonRoot: true
runAsUser: {{ .Values.artifactory.uid }}
+ {{ if eq (include "artifactory.isOpenshiftCompatible" .) "true" }}
+ runAsGroup: {{ .Values.artifactory.gid }}
+ {{ else if eq (include "artifactory.isOpenshiftCompatible" .) "false" }}
fsGroup: {{ .Values.artifactory.gid }}
+ {{- end }}
{{- if .Values.artifactory.fsGroupChangePolicy }}
fsGroupChangePolicy: {{ .Values.artifactory.fsGroupChangePolicy }}
{{- end }}
@@ -112,12 +117,9 @@ spec:
- name: "delete-db-properties"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -133,12 +135,9 @@ spec:
- name: "access-bootstrap-creds"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -166,12 +165,9 @@ spec:
{{- end }}
- name: 'copy-system-configurations'
image: '{{ .Values.initContainerImage }}'
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -299,12 +295,9 @@ spec:
{{- if or .Values.artifactory.customCertificates.enabled .Values.global.customCertificates.enabled }}
- name: copy-custom-certificates
image: "{{ .Values.initContainerImage }}"
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -322,12 +315,9 @@ spec:
{{- if .Values.artifactory.circleOfTrustCertificatesSecret }}
- name: copy-circle-of-trust-certificates
image: "{{ .Values.initContainerImage }}"
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -346,12 +336,9 @@ spec:
{{- if .Values.postgresql.enabled }}
- name: "wait-for-db"
image: "{{ .Values.initContainerImage }}"
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
@@ -373,12 +360,9 @@ spec:
- name: 'migration-artifactory'
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
{{- if .Values.artifactory.resources }}
resources:
{{ toYaml .Values.artifactory.resources | indent 10 }}
@@ -506,12 +490,9 @@ spec:
- name: {{ .Values.router.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "router") }}
imagePullPolicy: {{ .Values.router.image.imagePullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -554,12 +535,9 @@ spec:
- name: {{ .Values.frontend.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -599,12 +577,9 @@ spec:
- name: {{ .Values.metadata.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -691,12 +666,9 @@ spec:
- name: {{ .Values.event.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -732,12 +704,9 @@ spec:
- name: {{ .Values.artifactory.replicator.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -765,12 +734,9 @@ spec:
- name: {{ .Values.jfconnect.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -806,12 +772,9 @@ spec:
- name: {{ .Values.integration.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -847,12 +810,9 @@ spec:
- name: {{ .Values.observability.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/bash'
- '-c'
@@ -888,12 +848,9 @@ spec:
- name: {{ .Values.artifactory.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "artifactory") }}
imagePullPolicy: {{ .Values.artifactory.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
{{- if .Values.artifactory.resources }}
resources:
{{ toYaml .Values.artifactory.resources | indent 10 }}
@@ -1128,12 +1085,9 @@ spec:
{{- range .Values.artifactory.loggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- 'sh'
- '-c'
@@ -1151,12 +1105,9 @@ spec:
{{- range .Values.artifactory.catalinaLoggers }}
- name: {{ . | replace "_" "-" | replace "." "-" }}
image: {{ include "artifactory.getImageInfoByValue" (list $ "logger") }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- 'sh'
- '-c'
@@ -1175,12 +1126,9 @@ spec:
- name: {{ .Values.filebeat.name }}
image: "{{ .Values.filebeat.image.repository }}:{{ .Values.filebeat.image.version }}"
imagePullPolicy: {{ .Values.filebeat.image.pullPolicy }}
- securityContext:
- runAsNonRoot: true
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - NET_RAW
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
args:
- "-e"
- "-E"
diff --git a/stable/artifactory/templates/nginx-artifactory-conf.yaml b/stable/artifactory/templates/nginx-artifactory-conf.yaml
index bd2ebea96..a08d2cdad 100644
--- a/stable/artifactory/templates/nginx-artifactory-conf.yaml
+++ b/stable/artifactory/templates/nginx-artifactory-conf.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if and (not .Values.nginx.customArtifactoryConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
@@ -11,4 +12,5 @@ metadata:
data:
artifactory.conf: |
{{ tpl .Values.nginx.artifactoryConf . | indent 4 }}
+{{- end }}
{{- end }}
\ No newline at end of file
diff --git a/stable/artifactory/templates/nginx-certificate-secret.yaml b/stable/artifactory/templates/nginx-certificate-secret.yaml
index f13d40174..1f402f70f 100644
--- a/stable/artifactory/templates/nginx-certificate-secret.yaml
+++ b/stable/artifactory/templates/nginx-certificate-secret.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if and (not .Values.nginx.tlsSecretName) .Values.nginx.enabled .Values.nginx.https.enabled }}
apiVersion: v1
kind: Secret
@@ -12,3 +13,4 @@ metadata:
data:
{{ ( include "artifactory.gen-certs" . ) | indent 2 }}
{{- end }}
+{{- end }}
diff --git a/stable/artifactory/templates/nginx-conf.yaml b/stable/artifactory/templates/nginx-conf.yaml
index 851eae247..a06b72cc1 100644
--- a/stable/artifactory/templates/nginx-conf.yaml
+++ b/stable/artifactory/templates/nginx-conf.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if and (not .Values.nginx.customConfigMap) .Values.nginx.enabled }}
apiVersion: v1
kind: ConfigMap
@@ -12,3 +13,4 @@ data:
nginx.conf: |
{{ tpl .Values.nginx.mainConf . | indent 4 }}
{{- end }}
+{{- end }}
diff --git a/stable/artifactory/templates/nginx-deployment.yaml b/stable/artifactory/templates/nginx-deployment.yaml
index d30857659..42b4cce60 100644
--- a/stable/artifactory/templates/nginx-deployment.yaml
+++ b/stable/artifactory/templates/nginx-deployment.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if .Values.nginx.enabled -}}
{{- $serviceName := include "artifactory.fullname" . -}}
{{- $servicePort := .Values.artifactory.externalPort -}}
@@ -45,6 +46,9 @@ spec:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
+ securityContext:
+ runAsUser: {{ .Values.nginx.uid }}
+ runAsGroup: {{ .Values.nginx.gid }}
serviceAccountName: {{ template "artifactory.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }}
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
@@ -64,6 +68,9 @@ spec:
- name: "setup"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
+ {{- end }}
command:
- '/bin/sh'
- '-c'
@@ -73,9 +80,6 @@ spec:
volumeMounts:
- mountPath: {{ .Values.nginx.persistence.mountPath | quote }}
name: nginx-volume
- securityContext:
- runAsUser: {{ .Values.nginx.uid }}
- fsGroup: {{ .Values.nginx.gid }}
containers:
- name: {{ .Values.nginx.name }}
image: {{ include "artifactory.getImageInfoByValue" (list . "nginx") }}
@@ -211,3 +215,4 @@ spec:
{{- end }}
{{- end }}
{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/stable/artifactory/templates/nginx-pdb.yaml b/stable/artifactory/templates/nginx-pdb.yaml
index dff0c23a3..b0bcf8e58 100644
--- a/stable/artifactory/templates/nginx-pdb.yaml
+++ b/stable/artifactory/templates/nginx-pdb.yaml
@@ -1,3 +1,4 @@
+{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1/SecurityContextConstraints") -}}
{{- if .Values.nginx.enabled -}}
{{- if semverCompare "
+ {{- with .Values.common.preStartCommand }}
+ echo "Running custom common preStartCommand command";
+ {{ tpl . $ }};
+ {{- end }}
+ {{- with .Values.sbom.preStartCommand }}
+ echo "Running custom Sbom preStartCommand command";
+ {{ tpl . $ }};
+ {{- end }}
+ exec /opt/jfrog/xray/app/bin/wrapper.sh;
+ {{- with .Values.sbom.lifecycle }}
+ lifecycle:
+{{ toYaml . | indent 10 }}
+ {{- end }}
+ env:
+ {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }}
+ - name: JF_SHARED_RABBITMQ_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }}
+ key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }}
+ - name: JF_SHARED_RABBITMQ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }}
+ key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }}
+ - name: JF_SHARED_RABBITMQ_URL
+ valueFrom:
+ secretKeyRef:
+ name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }}
+ key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }}
+ {{- end }}
+ {{- if or .Values.database.secrets.user .Values.database.user }}
+ - name: JF_SHARED_DATABASE_USERNAME
+ valueFrom:
+ secretKeyRef:
+ {{- if .Values.database.secrets.user }}
+ name: {{ tpl .Values.database.secrets.user.name . }}
+ key: {{ tpl .Values.database.secrets.user.key . }}
+ {{- else if .Values.database.user }}
+ {{- if not .Values.xray.unifiedSecretInstallation }}
+ name: {{ template "xray.fullname" . }}-database-creds
+ {{- else }}
+ name: "{{ template "xray.name" . }}-unified-secret"
+ {{- end }}
+ key: db-user
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }}
+ - name: JF_SHARED_DATABASE_ACTUALUSERNAME
+ valueFrom:
+ secretKeyRef:
+ {{- if .Values.database.secrets.actualUsername }}
+ name: {{ tpl .Values.database.secrets.actualUsername.name . }}
+ key: {{ tpl .Values.database.secrets.actualUsername.key . }}
+ {{- else if .Values.database.actualUsername }}
+ {{- if not .Values.xray.unifiedSecretInstallation }}
+ name: {{ template "xray.fullname" . }}-database-creds
+ {{- else }}
+ name: "{{ template "xray.name" . }}-unified-secret"
+ {{- end }}
+ key: db-actualUsername
+ {{- end }}
+ {{- end }}
+ {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }}
+ - name: JF_SHARED_DATABASE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ {{- if .Values.database.secrets.password }}
+ name: {{ tpl .Values.database.secrets.password.name . }}
+ key: {{ tpl .Values.database.secrets.password.key . }}
+ {{- else if .Values.database.password }}
+ {{- if not .Values.xray.unifiedSecretInstallation }}
+ name: {{ template "xray.fullname" . }}-database-creds
+ {{- else }}
+ name: "{{ template "xray.name" . }}-unified-secret"
+ {{- end }}
+ key: db-password
+ {{- else if .Values.postgresql.enabled }}
+ name: {{ .Release.Name }}-postgresql
+ key: postgresql-password
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.database.secrets.url .Values.database.url }}
+ - name: JF_SHARED_DATABASE_URL
+ valueFrom:
+ secretKeyRef:
+ {{- if .Values.database.secrets.url }}
+ name: {{ tpl .Values.database.secrets.url.name . }}
+ key: {{ tpl .Values.database.secrets.url.key . }}
+ {{- else if .Values.database.url }}
+ {{- if not .Values.xray.unifiedSecretInstallation }}
+ name: {{ template "xray.fullname" . }}-database-creds
+ {{- else }}
+ name: "{{ template "xray.name" . }}-unified-secret"
+ {{- end }}
+ key: db-url
+ {{- end }}
+ {{- end }}
+ {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }}
+ - name: JF_SHARED_RABBITMQ_USERNAME
+ value: {{ include "rabbitmq.user" .}}
+ - name: JF_SHARED_RABBITMQ_URL
+ value: {{ include "rabbitmq.url" .}}
+ - name: JF_SHARED_RABBITMQ_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "rabbitmq.passwordSecretName" .}}
+ key: rabbitmq-password
+ {{- end }}
+ - name: XRAY_HA_NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: XRAY_K8S_ENV
+ value: "true"
+ - name: EXECUTION_JOB_AES_KEY
+ valueFrom:
+ secretKeyRef:
+ {{- if not .Values.xray.unifiedSecretInstallation }}
+ name: {{ template "xray.executionServiceAesKeySecretName" . }}
+ {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }}
+ name: {{ template "xray.executionServiceAesKeySecretName" . }}
+ {{- else }}
+ name: "{{ template "xray.name" . }}-unified-secret"
+ {{- end }}
+ key: execution-service-aes-key
+ {{- if .Values.common.extraEnvVars }}
+ {{- tpl .Values.common.extraEnvVars . | nindent 8 }}
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.sbom.internalPort }}
+ name: http-sbom
+ volumeMounts:
+ - name: data-volume
+ mountPath: "{{ .Values.xray.persistence.mountPath }}"
+{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }}
+{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }}
+{{- end }}
+{{- with .Values.sbom.customVolumeMounts }}
+{{ tpl . $ | indent 8 }}
+{{- end }}
+ resources:
+{{ toYaml .Values.sbom.resources | indent 10 }}
+{{- if .Values.sbom.startupProbe.enabled }}
+ startupProbe:
+{{ tpl .Values.sbom.startupProbe.config . | indent 10 }}
+{{- end }}
+{{- if .Values.sbom.livenessProbe.enabled }}
+ livenessProbe:
+{{ tpl .Values.sbom.livenessProbe.config . | indent 10 }}
+{{- end }}
{{- end }}
- name: {{ .Values.indexer.name }}
image: {{ include "xray.getImageInfoByValue" (list . "indexer") }}
diff --git a/stable/xray/values-large.yaml b/stable/xray/values-large.yaml
index 4142d8558..41081ae08 100644
--- a/stable/xray/values-large.yaml
+++ b/stable/xray/values-large.yaml
@@ -47,6 +47,15 @@ analysis:
memory: "10Gi"
cpu: "10"
+sbom:
+ resources:
+ requests:
+ memory: "300Mi"
+ cpu: "50m"
+ limits:
+ memory: "10Gi"
+ cpu: "10"
+
persist:
resources:
requests:
diff --git a/stable/xray/values-medium.yaml b/stable/xray/values-medium.yaml
index 1de39c59b..1894caa84 100644
--- a/stable/xray/values-medium.yaml
+++ b/stable/xray/values-medium.yaml
@@ -47,6 +47,15 @@ analysis:
memory: "8Gi"
cpu: "6"
+sbom:
+ resources:
+ requests:
+ memory: "300Mi"
+ cpu: "50m"
+ limits:
+ memory: "8Gi"
+ cpu: "6"
+
persist:
resources:
requests:
diff --git a/stable/xray/values-small.yaml b/stable/xray/values-small.yaml
index c876700dd..ec021db5b 100644
--- a/stable/xray/values-small.yaml
+++ b/stable/xray/values-small.yaml
@@ -47,6 +47,15 @@ analysis:
memory: "4Gi"
cpu: "3"
+sbom:
+ resources:
+ requests:
+ memory: "300Mi"
+ cpu: "50m"
+ limits:
+ memory: "4Gi"
+ cpu: "3"
+
persist:
resources:
requests:
diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml
index ad6b415be..0f5173d0e 100644
--- a/stable/xray/values.yaml
+++ b/stable/xray/values.yaml
@@ -771,6 +771,65 @@ analysis:
# limits:
# memory: "2Gi"
# cpu: "1"
+sbom:
+ enabled: false
+ name: xray-sbom
+ ## Note that by default we use appVersion to get image tag/version
+ image:
+ registry: releases-docker.jfrog.io
+ repository: jfrog/xray-sbom
+ internalPort: 7006
+ externalPort: 7006
+ annotations: {}
+ # Add lifecycle hooks for the indexer pod
+ lifecycle: {}
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
+ # preStop:
+ # exec:
+ # command: ["/bin/sh", "-c", "echo Hello from the preStart handler > /usr/share/message"]
+
+ ## Add custom volumesMounts
+ customVolumeMounts: ""
+ # - name: custom-script
+ # mountPath: /scripts/script.sh
+ # subPath: script.sh
+
+ livenessProbe:
+ enabled: true
+ config: |
+ exec:
+ command:
+ - sh
+ - -c
+ - curl -s -k --fail --max-time {{ .Values.probes.timeoutSeconds }} http://localhost:{{ .Values.sbom.internalPort }}/api/v1/system/liveness
+ initialDelaySeconds: {{ if semverCompare "