Merge pull request jfrog#1761 from jfrog/pdn-node-release-1.7.3

[pdn-node] 1.7.3 release
ohaviv · May 16, 2023 · 89a5a49 · 89a5a49
2 parents 69da6ea + 6a3e4a1
commit 89a5a49
Show file tree

Hide file tree

Showing 7 changed files with 202 additions and 24 deletions.
diff --git a/stable/pdn-node/CHANGELOG.md b/stable/pdn-node/CHANGELOG.md
@@ -1,12 +1,20 @@
 # JFrog PDN Node Chart Changelog
 All changes to this chart will be documented in this file
 
-## [101.6.2] - Mar 06, 2023
+## [101.7.3] - May 09, 2023
+* Added checksum annotation to pod to auto-restart upon change to system.yaml
+
+## [101.7.2] - May 07, 2023
+* Upgraded common chart dependency up to 0.0.6
+* Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1829`
+* Fixed network policy template issue
+* Added ingress object
+
+## [101.6.4] - Mar 06, 2023
 * Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1793`
 * Removed unused global values
-* Added `podManagementPolicy` default value
-* Added self grpc/http address variable
-* Disabled PDN Bouncer server
+* Added `logLevel` option to systemYaml.pdnServer
+* Added Bitnami nginx sub chart
 * Unify system.yaml
 
 ## [101.5.5] - Jan 20, 2023

diff --git a/stable/pdn-node/Chart.lock b/stable/pdn-node/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: jfrog-common
   repository: https://charts.jfrog.io/
-  version: 0.0.5
+  version: 0.0.6
 - name: nginx
   repository: https://charts.jfrog.io/
   version: 13.2.13
-digest: sha256:17f094c80e9db4be374377fca372e52cd84fa4d45d6c2474eed48e9a9a051bbe
-generated: "2022-12-26T15:55:30.412494+02:00"
+digest: sha256:e66497241d7d5eaefd6561077d1e18aaa82644184ab29d5a817a273ff04a97f0
+generated: "2023-05-06T22:58:05.261752+03:00"
diff --git a/stable/pdn-node/Chart.yaml b/stable/pdn-node/Chart.yaml
@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: 1.6.2
+appVersion: 1.7.3
 dependencies:
 - name: jfrog-common
   repository: https://charts.jfrog.io/
-  version: 0.0.5
+  version: 0.0.6
 - condition: nginx.enabled
   name: nginx
   repository: https://charts.jfrog.io/
@@ -24,4 +24,4 @@ name: pdn-node
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 101.6.2
+version: 101.7.3
diff --git a/stable/pdn-node/templates/ingress.yaml b/stable/pdn-node/templates/ingress.yaml
@@ -0,0 +1,59 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
+  annotations:
+    {{- if .Values.ingress.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingress.hostname }}
+    - host: {{ .Values.ingress.hostname }}
+      http:
+        paths:
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http-server" "context" $)  | nindent 14 }}
+    {{- end }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http-server" "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
+  tls:
+    {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }}
+    - hosts:
+        - {{ .Values.ingress.hostname | quote }}
+      secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/stable/pdn-node/templates/networkpolicy.yaml b/stable/pdn-node/templates/networkpolicy.yaml
@@ -12,7 +12,12 @@ spec:
   podSelector:
     matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
   ingress:
-      {{- if not .Values.networkPolicy.allowExternal }}
+    {{- if not .Values.networkPolicy.allowExternal }}
+    - ports:
+        - port: 8088
+          protocol: TCP
+        - port: 8089
+          protocol: TCP
       from:
         - podSelector:
             matchLabels:

diff --git a/stable/pdn-node/templates/statefulset.yaml b/stable/pdn-node/templates/statefulset.yaml
@@ -24,6 +24,7 @@ spec:
         {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
         {{- end }}
       annotations:
+        systemYaml/checksum: {{ include (print $.Template.BasePath "/system-yaml.yaml") . | sha256sum }}
         {{- if .Values.commonAnnotations }}
         {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }}
         {{- end }}

diff --git a/stable/pdn-node/values.yaml b/stable/pdn-node/values.yaml
@@ -22,10 +22,10 @@ global:
   ## If undefined (the default) or set to null, no storageClassName spec is set,
   ## choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack)
   storageClass: ""
-# PDN Join key value generated in the Artifactory node and used for establishing a connection
-# between the PDNs to the PDN Server. You can copy the key from JFrog UI under
-# Admin -> User Management -> Settings -> PDN Access Token -> Join Key
-# IMPORTANT: You MUST NOT use the example pdnJoinKey for a production deployment!
+## PDN Join key value generated in the Artifactory node and used for establishing a connection
+## between the PDNs to the PDN Server. You can copy the key from JFrog UI under
+## Admin -> User Management -> Settings -> PDN Access Token -> Join Key
+## IMPORTANT: You MUST NOT use the example pdnJoinKey for a production deployment!
 pdnJoinKey: "aa34bd4dc7902a65f14900fc47ec6b5a"
 ## Alternatively, you can use a pre-existing secret with a key
 ## called join-key by specifying pdnJoinKeySecretName
@@ -60,9 +60,9 @@ selfGrpcAddress: "$(POD_LOCAL_IP):8088"
 ## Note: selfHttpAddress value will be injected as environment variable
 ## so it will take precedence over .Values.systemYaml.pdnNode.selfHttpAddress
 ## Example:
-## selfHttpAddress: "abcdefg-1234567.us-east-1.elb.amazonaws.com:443"
-## selfHttpAddress: "nginx-ingress.pdn-node.svc.cluster.local:8089"
-selfHttpAddress: '{{ include "pdn-node.fullname" . }}:8089'
+## selfHttpAddress: "https://abcdefg-1234567.us-east-1.elb.amazonaws.com:443"
+## selfHttpAddress: "http://nginx-ingress.pdn-node.svc.cluster.local:8089"
+selfHttpAddress: 'http://{{ include "pdn-node.fullname" . }}:8089'
 ## PDN Node system configuration file
 ## Ref: https://www.jfrog.com/confluence/display/JFROG/Advanced+Private+Distribution+Network+%28PDN%29+Configurations
 systemYaml: |
@@ -351,6 +351,110 @@ service:
   ## annotations:
   ##   external-dns.alpha.kubernetes.io/internal-hostname: pdnnode.example.com
   annotationsHeadless: {}
+## @section pdn-node ingress parameters
+## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
+##
+ingress:
+  ## @param ingress.enabled Enable ingress record generation for pdn-node
+  ##
+  enabled: false
+  ## @param ingress.pathType Ingress path type
+  ##
+  pathType: ImplementationSpecific
+  ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
+  ##
+  apiVersion: ""
+  ## @param ingress.hostname Default host for the ingress record
+  ##
+  hostname: pdnnode.local
+  ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
+  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+  ##
+  ingressClassName: ""
+  ## @param ingress.path Default path for the ingress record
+  ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
+  ##
+  path: /
+  ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate auto-generation, place here your cert-manager annotations.
+  ## Use this parameter to set the required annotations for cert-manager, see
+  ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+  ## e.g:
+  ## annotations:
+  ##   kubernetes.io/ingress.class: nginx
+  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+  ##
+  annotations:
+  ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
+  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+  ## You can:
+  ##   - Use the `ingress.secrets` parameter to create this TLS secret
+  ##   - Rely on cert-manager to create it by setting the corresponding annotations
+  ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
+  ##
+  tls: false
+  ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+  ##
+  selfSigned: false
+  ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+  ## e.g:
+  ## extraHosts:
+  ##   - name: pdnnode.local
+  ##     path: /
+  ##
+  extraHosts: []
+  ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
+  ## e.g:
+  ## extraPaths:
+  ## - path: /*
+  ##   backend:
+  ##     serviceName: ssl-redirect
+  ##     servicePort: use-annotation
+  ##
+  extraPaths: []
+  ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  ## e.g:
+  ## extraTls:
+  ## - hosts:
+  ##     - pdnnode.local
+  ##   secretName: pdnnode.local-tls
+  ##
+  extraTls: []
+  ## @param ingress.secrets Custom TLS certificates as secrets
+  ## NOTE: 'key' and 'certificate' are expected in PEM format
+  ## NOTE: 'name' should line up with a 'secretName' set further up
+  ## If it is not set, and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+  ## If it is not set, and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+  ## It is also possible to create and manage the certificates outside this helm chart
+  ## Please see README.md for more information
+  ## e.g:
+  ## secrets:
+  ##   - name: pdnnode.local-tls
+  ##     key: |-
+  ##       -----BEGIN RSA PRIVATE KEY-----
+  ##       ...
+  ##       -----END RSA PRIVATE KEY-----
+  ##     certificate: |-
+  ##       -----BEGIN CERTIFICATE-----
+  ##       ...
+  ##       -----END CERTIFICATE-----
+  ##
+  secrets: []
+  ## @param ingress.extraRules Additional rules to be covered with this ingress record
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+  ## e.g:
+  ## extraRules:
+  ## - host: example.local
+  ##     http:
+  ##       path: /
+  ##       backend:
+  ##         service:
+  ##           name: example-svc
+  ##           port:
+  ##             name: http
+  ##
+  extraRules: []
 ## Network Policy configuration
 ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
 networkPolicy:
@@ -362,16 +466,17 @@ networkPolicy:
   ## When set to true, integration will accept connections from any source
   ## (with the correct destination port).
   allowExternal: true
-  ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed.
-  ## e.g:
+  ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set.
+  ## Note: All rules are OR-ed.
+  ## Example:
   ## additionalRules:
   ##  - matchLabels:
-  ##    - role: frontend
+  ##    - app.kubernetes.io/name: pdn-node
   ##  - matchExpressions:
-  ##    - key: role
+  ##    - key: app.kubernetes.io/name
   ##      operator: In
   ##      values:
-  ##        - frontend
+  ##        - pdn-node
   additionalRules: []
 ## @section Init Container Parameters
 ## Init Container parameters
@@ -393,7 +498,7 @@ initContainers:
   image:
     registry: releases-docker.jfrog.io
     repository: ubi9/ubi-minimal
-    tag: 9.1.0.1793
+    tag: 9.1.0.1829
     ## Specify an image PullPolicy
     ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
     ## Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images