-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #50 from pjoshi751/main
Cluster role bindings removed as it interferes with module installation on multiple namespaces
- Loading branch information
Showing
19 changed files
with
776 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
charts/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
apiVersion: v2 | ||
name: artifactory | ||
description: A Helm chart for MOSIP Artifactory | ||
type: application | ||
version: 12.0.2 | ||
appVersion: "" | ||
dependencies: | ||
- name: common | ||
repository: https://charts.bitnami.com/bitnami | ||
tags: | ||
- bitnami-common | ||
version: 1.x.x | ||
home: https://mosip.io | ||
keywords: | ||
- artifactory | ||
- antivirus | ||
- anti-virus | ||
maintainers: | ||
- email: [email protected] | ||
name: MOSIP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
# Artifactory | ||
|
||
Helm chart for installing Artifactory | ||
|
||
## TL;DR | ||
|
||
```console | ||
$ helm repo add mosip https://mosip.github.io | ||
$ helm install my-release mosip/artifactory | ||
``` | ||
|
||
## Introduction | ||
|
||
%%INTRODUCTION%% (check existing examples) | ||
|
||
## Prerequisites | ||
|
||
- Kubernetes 1.12+ | ||
- Helm 3.1.0 | ||
- PV provisioner support in the underlying infrastructure | ||
- ReadWriteMany volumes for deployment scaling | ||
|
||
## Installing the Chart | ||
|
||
To install the chart with the release name `my-release`: | ||
|
||
```console | ||
helm install my-release mosip/artifactory | ||
``` | ||
|
||
The command deploys artifactory on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. | ||
|
||
> **Tip**: List all releases using `helm list` | ||
## Uninstalling the Chart | ||
|
||
To uninstall/delete the `my-release` deployment: | ||
|
||
```console | ||
helm delete my-release | ||
``` | ||
|
||
The command removes all the Kubernetes components associated with the chart and deletes the release. | ||
|
||
## Parameters | ||
|
||
See https://github.com/bitnami-labs/readmenator to create the table | ||
|
||
The above parameters map to the env variables defined in [bitnami/artifactory](http://github.com/bitnami/bitnami-docker-artifactory). For more information please refer to the [bitnami/artifactory](http://github.com/bitnami/bitnami-docker-artifactory) image documentation. | ||
|
||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, | ||
|
||
```console | ||
helm install my-release \ | ||
--set artifactoryUsername=admin \ | ||
--set artifactoryPassword=password \ | ||
--set mariadb.auth.rootPassword=secretpassword \ | ||
bitnami/artifactory | ||
``` | ||
|
||
The above command sets the artifactory administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. | ||
|
||
> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. | ||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, | ||
|
||
```console | ||
helm install my-release -f values.yaml bitnami/artifactory | ||
``` | ||
|
||
> **Tip**: You can use the default [values.yaml](values.yaml) | ||
## Configuration and installation details | ||
|
||
### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) | ||
|
||
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. | ||
|
||
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. | ||
|
||
### External database support | ||
|
||
%%IF NEEDED%% | ||
|
||
You may want to have artifactory connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: | ||
|
||
```console | ||
mariadb.enabled=false | ||
externalDatabase.host=myexternalhost | ||
externalDatabase.user=myuser | ||
externalDatabase.password=mypassword | ||
externalDatabase.database=mydatabase | ||
externalDatabase.port=3306 | ||
``` | ||
|
||
### TLS secrets | ||
|
||
The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/artifactory/administration/enable-tls/). | ||
|
||
### %%OTHER_SECTIONS%% | ||
|
||
## Persistence | ||
|
||
The [Bitnami artifactory](https://github.com/bitnami/bitnami-docker-artifactory) image stores the artifactory data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. [Learn more about persistence in the chart documentation](https://docs.bitnami.com/kubernetes/apps/artifactory/configuration/chart-persistence/). | ||
|
||
### Additional environment variables | ||
|
||
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. | ||
|
||
```yaml | ||
artifactory: | ||
extraEnvVars: | ||
- name: LOG_LEVEL | ||
value: error | ||
``` | ||
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. | ||
|
||
### Sidecars | ||
|
||
If additional containers are needed in the same pod as artifactory (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/apps/artifactory/administration/configure-use-sidecars/). | ||
|
||
### Pod affinity | ||
|
||
This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). | ||
|
||
As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. | ||
|
||
## Troubleshooting | ||
|
||
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
{{/* | ||
Return the proper image name | ||
*/}} | ||
{{- define "artifactory.image" -}} | ||
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the proper image name (for the init container volume-permissions image) | ||
*/}} | ||
{{- define "artifactory.volumePermissions.image" -}} | ||
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the proper Docker Image Registry Secret Names | ||
*/}} | ||
{{- define "artifactory.imagePullSecrets" -}} | ||
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create the name of the service account to use | ||
*/}} | ||
{{- define "artifactory.serviceAccountName" -}} | ||
{{- if .Values.serviceAccount.create -}} | ||
{{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} | ||
{{- else -}} | ||
{{ default "default" .Values.serviceAccount.name }} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Compile all warnings into a single message. | ||
*/}} | ||
{{- define "artifactory.validateValues" -}} | ||
{{- $messages := list -}} | ||
{{- $messages := append $messages (include "artifactory.validateValues.foo" .) -}} | ||
{{- $messages := append $messages (include "artifactory.validateValues.bar" .) -}} | ||
{{- $messages := without $messages "" -}} | ||
{{- $message := join "\n" $messages -}} | ||
|
||
{{- if $message -}} | ||
{{- printf "\nVALUES VALIDATION:\n%s" $message -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Baseurl for artifactory service | ||
*/}} | ||
{{- define "artifactory.baseUrl" -}} | ||
{{ printf "http://%s.%s:%s" (include "common.names.fullname" .) .Release.Namespace (.Values.service.port | toString) }} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
labels: {{- include "common.labels.standard" . | nindent 4 }} | ||
app.kubernetes.io/component: artifactory | ||
{{- if .Values.commonLabels }} | ||
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} | ||
{{- end }} | ||
name: {{ printf "%s-share" (include "common.names.fullname" .) }} | ||
{{- if .Values.commonAnnotations }} | ||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} | ||
{{- end }} | ||
data: | ||
artifactory_url_env: {{ include "artifactory.baseUrl" . }} | ||
iam_adapter_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.iamAdapter }} | ||
iam_adapter_regproc_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.iamAdapterRegproc }} | ||
iam_adapter_regproc_ext_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.iamAdapterRegprocExt }} | ||
zip_file_path: {{ .Values.artifacts.hsmClientZip }} | ||
cache_provider_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.cacheProvider }} | ||
runtime_dep_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.runtimeDep}} | ||
regproc_jars_env: {{ .Values.artifacts.regprocJars}} | ||
runtime_dep_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.runtimeDepUrl }} | ||
preregistration_i18n_bundle_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.preregistrationBundleUrl }} | ||
virusscanner_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.virusscannerUrl }} | ||
auth_wrapper_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.authwrapperUrl }} | ||
esignet_wrapper_url_env: {{ printf "%s%s" (include "artifactory.baseUrl" .) .Values.artifacts.esignetauthwrapperUrl }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} | ||
kind: Deployment | ||
metadata: | ||
labels: {{- include "common.labels.standard" . | nindent 4 }} | ||
app.kubernetes.io/component: artifactory | ||
{{- if .Values.commonLabels }} | ||
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} | ||
{{- end }} | ||
name: {{ template "common.names.fullname" . }} | ||
{{- if .Values.commonAnnotations }} | ||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} | ||
{{- end }} | ||
spec: | ||
replicas: {{ .Values.replicaCount }} | ||
{{- if .Values.updateStrategy }} | ||
strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} | ||
{{- end }} | ||
selector: | ||
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} | ||
app.kubernetes.io/component: artifactory | ||
template: | ||
metadata: | ||
{{- if .Values.podAnnotations }} | ||
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} | ||
{{- end }} | ||
labels: {{- include "common.labels.standard" . | nindent 8 }} | ||
app.kubernetes.io/component: artifactory | ||
{{- if .Values.podLabels }} | ||
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} | ||
{{- end }} | ||
spec: | ||
serviceAccountName: {{ template "artifactory.serviceAccountName" . }} | ||
{{- include "artifactory.imagePullSecrets" . | nindent 6 }} | ||
{{- if .Values.hostAliases }} | ||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} | ||
{{- end }} | ||
{{- if .Values.affinity }} | ||
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} | ||
{{- else }} | ||
affinity: | ||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} | ||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} | ||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} | ||
{{- end }} | ||
{{- if .Values.nodeSelector }} | ||
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} | ||
{{- end }} | ||
{{- if .Values.tolerations }} | ||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} | ||
{{- end }} | ||
{{- if .Values.priorityClassName }} | ||
priorityClassName: {{ .Values.priorityClassName | quote }} | ||
{{- end }} | ||
{{- if .Values.podSecurityContext.enabled }} | ||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} | ||
{{- end }} | ||
initContainers: | ||
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} | ||
- name: volume-permissions | ||
image: {{ include "artifactory.volumePermissions.image" . }} | ||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} | ||
command: | ||
- %%commands%% | ||
securityContext: | ||
runAsUser: 0 | ||
{{- if .Values.volumePermissions.resources }} | ||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} | ||
{{- end }} | ||
volumeMounts: | ||
- name: foo | ||
mountPath: bar | ||
{{- end }} | ||
{{- if .Values.initContainers }} | ||
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} | ||
{{- end }} | ||
containers: | ||
- name: artifactory | ||
image: {{ template "artifactory.image" . }} | ||
imagePullPolicy: {{ .Values.image.pullPolicy }} | ||
{{- if .Values.lifecycleHooks }} | ||
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.containerSecurityContext.enabled }} | ||
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.command }} | ||
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.args }} | ||
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.resources }} | ||
resources: {{- toYaml .Values.resources | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.startupProbe.enabled }} | ||
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} | ||
{{- else if .Values.customStartupProbe }} | ||
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.livenessProbe.enabled }} | ||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} | ||
{{- else if .Values.customLivenessProbe }} | ||
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.readinessProbe.enabled }} | ||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} | ||
{{- else if .Values.customReadinessProbe }} | ||
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} | ||
{{- end }} | ||
{{- if .Values.sidecars }} | ||
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
{{- range .Values.extraDeploy }} | ||
--- | ||
{{ include "common.tplvalues.render" (dict "value" . "context" $) }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
labels: {{- include "common.labels.standard" . | nindent 4 }} | ||
app.kubernetes.io/component: artifactory | ||
{{- if .Values.commonLabels }} | ||
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} | ||
{{- end }} | ||
name: {{ template "artifactory.serviceAccountName" . }} | ||
{{- if .Values.commonAnnotations }} | ||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} | ||
{{- end }} | ||
namespace: {{ .Release.Namespace }} |
Oops, something went wrong.