Skip to content

Commit

Permalink
[xray] 3.36.2 release
Browse files Browse the repository at this point in the history
  • Loading branch information
chukka committed Nov 15, 2021
1 parent 71249e9 commit c8efb59
Show file tree
Hide file tree
Showing 8 changed files with 121 additions and 23 deletions.
13 changes: 11 additions & 2 deletions stable/xray/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,19 @@
# JFrog Xray Chart Changelog
All changes to this chart will be documented in this file.

## [103.35.0] - Oct 8, 2021
## [103.36.2] - Oct 14, 2021
* Added default values cpu and memeory in initContainers
* Updated router version to `7.26.0`
* Updated (`rbac.create` and `serviceAccount.create` to false by default) for least privileges
* Fixed incorrect data type for `Values.router.serviceRegistry.insecure` in default values.yaml [GH-1514](https://github.com/jfrog/charts/pull/1514/files)
* **IMPORTANT**
* Changed init-container images from `alpine` to `ubi8/ubi-minimal`
* Fixed incorrect data type for `Values.router.serviceRegistry.insecure` in default values.yaml [GH-1514](https://github.com/jfrog/charts/pull/1514/files)
* Added Observability service

## [103.34.0] - Sep 20, 2021
* Added min kubeVersion ">= 1.14.0-0" in chart.yaml
* Update alpine tag version to `3.14.2`
* Fixed incorrect data type for `Values.router.serviceRegistry.insecure` in default values.yaml [GH-1514](https://github.com/jfrog/charts/pull/1514/files)

## [103.32.3] - Sep 08, 2021
* Dropped NET_RAW capability for the containers
Expand Down
4 changes: 2 additions & 2 deletions stable/xray/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 3.35.0
appVersion: 3.36.2
dependencies:
- condition: postgresql.enabled
name: postgresql
Expand All @@ -23,4 +23,4 @@ name: xray
sources:
- https://github.com/jfrog/charts
type: application
version: 103.35.0
version: 103.36.2
2 changes: 1 addition & 1 deletion stable/xray/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

## Prerequisites Details

* Kubernetes 1.12+
* Kubernetes 1.14+

## Chart Details

Expand Down
5 changes: 5 additions & 0 deletions stable/xray/ci/test-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,8 @@ autoscaling:
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 70
rbac:
create: true
serviceAccount:
create: true
automountServiceAccountToken: true
Binary file modified stable/xray/logo/xray-logo.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions stable/xray/templates/xray-serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ metadata:
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
name: {{ template "xray.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}
46 changes: 40 additions & 6 deletions stable/xray/templates/xray-statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -166,12 +166,15 @@ spec:
resources:
{{ toYaml .Values.initContainers.resources | indent 10 }}
command:
- 'sh'
- '-c'
- >
until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; do
sleep 2;
done;
- /bin/bash
- -c
- |
echo "Waiting for postgresql to come up"
ready=false;
while ! $ready; do echo waiting;
timeout 2s bash -c "</dev/tcp/{{ .Release.Name }}-postgresql/{{ .Values.postgresql.service.port }}"; exit_status=$?;
if [[ $exit_status -eq 0 ]]; then ready=true; echo "database ok"; fi; sleep 1;
done
{{- end }}
{{- if or .Values.common.customInitContainers .Values.global.customInitContainers }}
{{ tpl (include "xray.customInitContainers" .) . | indent 6 }}
Expand Down Expand Up @@ -226,6 +229,37 @@ spec:
readinessProbe:
{{ tpl .Values.router.readinessProbe.config . | indent 10 }}
{{- end }}
- name: {{ .Values.observability.name }}
image: {{ include "xray.getImageInfoByValue" (list . "observability") }}
imagePullPolicy: {{ .Values.observability.image.imagePullPolicy }}
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- NET_RAW
command:
- '/bin/sh'
- '-c'
- >
{{- with .Values.common.preStartCommand }}
echo "Running custom common preStartCommand command";
{{ tpl . $ }};
{{- end }}
exec /opt/jfrog/observability/app/bin/entrypoint-observability.sh;
volumeMounts:
- name: data-volume
mountPath: "{{ .Values.observability.persistence.mountPath }}"
resources:
{{ toYaml .Values.observability.resources | indent 10 }}
{{- if .Values.observability.startupProbe.enabled }}
startupProbe:
{{ tpl .Values.observability.startupProbe.config . | indent 10 }}
{{- end }}
{{- if .Values.observability.livenessProbe.enabled }}
livenessProbe:
{{ tpl .Values.observability.livenessProbe.config . | indent 10 }}
{{- end }}
- name: {{ .Values.server.name }}
image: {{ include "xray.getImageInfoByValue" (list . "server") }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand Down
73 changes: 61 additions & 12 deletions stable/xray/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ global:

# customSidecarContainers: |

## certificates added to this secret will be copied to $JFROG_HOME/xray/var/etc/security/keys/trusted directory
customCertificates:
enabled: false
# certificateSecretName:
Expand All @@ -40,18 +41,18 @@ global:
##
# fullnameOverride:

initContainerImage: releases-docker.jfrog.io/alpine:3.14.2
initContainerImage: releases-docker.jfrog.io/ubi-minimal:8.4-210
imagePullPolicy: IfNotPresent

# Init containers
initContainers:
resources: {}
# requests:
# memory: "64Mi"
# cpu: "10m"
# limits:
# memory: "128Mi"
# cpu: "250m"
resources:
requests:
memory: "50Mi"
cpu: "10m"
limits:
memory: "1Gi"
cpu: "1"

# For supporting pulling from private registries
imagePullSecrets:
Expand All @@ -77,6 +78,7 @@ xray:
persistence:
mountPath: /var/opt/jfrog/xray

## certificates added to this secret will be copied to $JFROG_HOME/xray/var/etc/security/keys/trusted directory
customCertificates:
enabled: false
# certificateSecretName:
Expand Down Expand Up @@ -109,7 +111,7 @@ xray:
router:
topology:
local:
requiredServiceTypes: 'jfxr,jfxana,jfxidx,jfxpst'
requiredServiceTypes: 'jfxr,jfxana,jfxidx,jfxpst,jfob'
serviceRegistry:
insecure: {{ .Values.router.serviceRegistry.insecure }}
shared:
Expand Down Expand Up @@ -150,7 +152,7 @@ xray:
## Role Based Access
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
rbac:
create: true
create: false
role:
## Rules to create. It follows the role specification
rules:
Expand Down Expand Up @@ -213,10 +215,12 @@ autoscaling:
## Ref: https://kubernetes.io/docs/admin/service-accounts-admin/
##
serviceAccount:
create: true
create: false
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fullname template
name:
## Explicitly mounts the API credentials for the Service Account
automountServiceAccountToken: false

# PostgreSQL
## Configuration values for the postgresql dependency
Expand Down Expand Up @@ -774,7 +778,7 @@ router:
image:
registry: releases-docker.jfrog.io
repository: jfrog/router
tag: 7.25.1
tag: 7.26.0
imagePullPolicy: IfNotPresent
serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled
Expand Down Expand Up @@ -842,6 +846,51 @@ router:
# Add any of the loggers to a sidecar if you want to be able to see them with kubectl logs or a log collector in your k8s cluster
loggers: []

observability:
name: observability
image:
registry: releases-docker.jfrog.io
repository: jfrog/observability
tag: 1.1.3
imagePullPolicy: IfNotPresent
resources: {}
# requests:
# memory: "100Mi"
# cpu: "100m"
# limits:
# memory: "1Gi"
# cpu: "1"

livenessProbe:
enabled: true
config: |
exec:
command:
- sh
- -c
- curl --fail --max-time 1 http://localhost:8036/api/v1/system/liveness
initialDelaySeconds: {{ if semverCompare "<v1.20.0-0" .Capabilities.KubeVersion.Version }}90{{ else }}0{{ end }}
failureThreshold: 10
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
startupProbe:
enabled: true
config: |
exec:
command:
- sh
- -c
- curl --fail --max-time 1 http://localhost:8036/api/v1/system/readiness
initialDelaySeconds: 30
failureThreshold: 90
periodSeconds: 5
timeoutSeconds: 5
persistence:
mountPath: "/var/opt/jfrog/observability"

# Filebeat Sidecar container
## The provided filebeat configuration is for Xray logs. It assumes you have a logstash installed and configured properly.
filebeat:
Expand Down

0 comments on commit c8efb59

Please sign in to comment.