diff --git a/stable/mission-control/Chart.yaml b/stable/mission-control/Chart.yaml index b5a329cd4..294d81a1a 100644 --- a/stable/mission-control/Chart.yaml +++ b/stable/mission-control/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: mission-control description: A Helm chart for JFrog Mission Control -version: 0.4.5 -appVersion: 3.1.2 +version: 0.4.6 +appVersion: 3.2.0 home: https://jfrog.com/mission-control/ icon: https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png keywords: diff --git a/stable/mission-control/templates/insight-executor-deployment.yaml b/stable/mission-control/templates/insight-executor-deployment.yaml index b911b0308..9f3e9526e 100644 --- a/stable/mission-control/templates/insight-executor-deployment.yaml +++ b/stable/mission-control/templates/insight-executor-deployment.yaml @@ -27,17 +27,59 @@ spec: imagePullSecrets: - name: {{ .Values.imagePullSecrets }} {{- end }} + securityContext: + fsGroup: {{ .Values.uid }} + initContainers: + - name: "prepare-storage" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + mkdir -p {{ .Values.insightExecutor.persistence.mountPath }} ; + chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.insightExecutor.persistence.mountPath }} + volumeMounts: + - name: insight-executor-data + mountPath: {{ .Values.insightExecutor.persistence.mountPath | quote }} + - name: "wait-for-db" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + until nc -z -w 2 {{ .Release.Name }}-mongodb 27017 && echo mongodb ok; + do sleep 2; + done; + sleep 10 containers: - name: {{ .Values.insightExecutor.name }} image: {{ .Values.insightExecutor.image }}:{{ default .Chart.AppVersion .Values.insightExecutor.version }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - - name: CORE_URL + - name: JFIS_URL value: 'http://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpPort }}' - - name: JFI_HOME - value: '/var/cloudbox' - - name: JFI_HOME_EXECUTOR - value: '/var/cloudbox/executor' + - name: JFEX_LOGS + value: '{{ .Values.insightExecutor.home }}/{{ .Values.insightExecutor.name }}/logs' + - name: JFEX_APP_NAME + value: '{{ .Values.insightExecutor.name }}' + - name: MONGO_URL + value: '{{ .Release.Name }}-mongodb:27017' + - name: MONGODB_USERNAME + value: '{{ .Values.mongodb.db.insightUser }}' + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: insightPassword + - name: MONGODB_ADMIN_USERNAME + value: '{{ .Values.mongodb.db.adminUser }}' + - name: MONGODB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: adminPassword + - name: JFMC_EXECUTOR_MONGO_DB + value: '{{ .Values.mongodb.db.insightExecutorDb }}' - name: JFMC_EXTRA_JAVA_OPTS value: " {{- if .Values.insightExecutor.javaOpts.other }} @@ -59,13 +101,13 @@ spec: livenessProbe: httpGet: path: /executorservice/api - port: 8080 + port: {{ .Values.insightExecutor.internalPort }} initialDelaySeconds: 180 periodSeconds: 10 readinessProbe: httpGet: path: /executorservice/api - port: 8080 + port: {{ .Values.insightExecutor.internalPort }} initialDelaySeconds: 180 periodSeconds: 10 resources: diff --git a/stable/mission-control/templates/insight-scheduler-deployment.yaml b/stable/mission-control/templates/insight-scheduler-deployment.yaml index 8754c812f..2e3f8434c 100644 --- a/stable/mission-control/templates/insight-scheduler-deployment.yaml +++ b/stable/mission-control/templates/insight-scheduler-deployment.yaml @@ -28,8 +28,21 @@ spec: imagePullSecrets: - name: {{ .Values.imagePullSecrets }} {{- end }} + securityContext: + fsGroup: {{ .Values.uid }} initContainers: - - name: init-data + - name: "prepare-storage" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + mkdir -p {{ .Values.insightScheduler.persistence.mountPath }} ; + chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.insightScheduler.persistence.mountPath }} + volumeMounts: + - name: insight-scheduler-data + mountPath: {{ .Values.insightScheduler.persistence.mountPath | quote }} + - name: "wait-for-db" image: "{{ .Values.initContainerImage }}" command: - 'sh' @@ -44,12 +57,10 @@ spec: image: {{ .Values.insightScheduler.image }}:{{ default .Chart.AppVersion .Values.insightScheduler.version }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - - name: CORE_URL + - name: JFIS_URL value: 'http://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpPort }}' - - name: JFI_HOME - value: '/var/cloudbox' - - name: JFI_HOME_SCHEDULER - value: '/var/cloudbox/scheduler' + - name: JFMC_URL + value: 'http://{{ template "mission-control.fullname" . }}:{{ .Values.missionControl.internalPort }}' - name: MONGO_URL value: '{{ .Release.Name }}-mongodb:27017' - name: MONGODB_USERNAME @@ -79,20 +90,27 @@ spec: {{- if .Values.insightScheduler.javaOpts.xmx }} -Xmx{{ .Values.insightScheduler.javaOpts.xmx }} {{- end}} - " + " + - name: JFSC_LOGS + value: '{{ .Values.insightScheduler.home }}/{{ .Values.insightScheduler.name }}/logs' + - name: JFSC_APP_NAME + value: '{{ .Values.insightScheduler.name }}' + volumeMounts: + - name: insight-scheduler-data + mountPath: {{ .Values.insightScheduler.persistence.mountPath | quote }} ports: - containerPort: {{ .Values.insightScheduler.internalPort }} protocol: TCP livenessProbe: httpGet: - path: /schedulerservice/api/status - port: 8080 + path: /api/status + port: {{ .Values.insightScheduler.internalPort }} initialDelaySeconds: 120 periodSeconds: 10 readinessProbe: httpGet: - path: /schedulerservice/api/status - port: 8080 + path: /api/status + port: {{ .Values.insightScheduler.internalPort }} initialDelaySeconds: 120 periodSeconds: 10 resources: @@ -108,4 +126,12 @@ spec: {{- with .Values.insightScheduler.tolerations }} tolerations: {{ toYaml . | indent 8 }} - {{- end }} \ No newline at end of file + {{- end }} + volumes: + - name: insight-scheduler-data + {{- if .Values.insightScheduler.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.insightScheduler.persistence.existingClaim }}{{ .Values.insightScheduler.persistence.existingClaim }}{{ else }}{{ template "insight-scheduler.fullname" . }}{{ end }} + {{- else }} + emptyDir: {} + {{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/insight-scheduler-pvc.yaml b/stable/mission-control/templates/insight-scheduler-pvc.yaml new file mode 100644 index 000000000..cb010d862 --- /dev/null +++ b/stable/mission-control/templates/insight-scheduler-pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.insightScheduler.persistence.enabled (not .Values.insightScheduler.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "insight-scheduler.fullname" . }} + labels: + app: {{ template "mission-control.name" . }} + chart: {{ template "mission-control.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.insightScheduler.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.insightScheduler.persistence.size }} +{{- if .Values.insightScheduler.persistence.storageClass }} +{{- if (eq "-" .Values.insightScheduler.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.insightScheduler.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/stable/mission-control/templates/insight-server-deployment.yaml b/stable/mission-control/templates/insight-server-deployment.yaml index 5993299d9..a024ba246 100644 --- a/stable/mission-control/templates/insight-server-deployment.yaml +++ b/stable/mission-control/templates/insight-server-deployment.yaml @@ -27,8 +27,21 @@ spec: imagePullSecrets: - name: {{ .Values.imagePullSecrets }} {{- end }} + securityContext: + fsGroup: {{ .Values.uid }} initContainers: - - name: init-data + - name: "prepare-storage" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + mkdir -p {{ .Values.insightServer.persistence.mountPath }} {{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security ; + chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.insightServer.persistence.mountPath }} + volumeMounts: + - name: insight-server-data + mountPath: {{ .Values.insightServer.persistence.mountPath | quote }} + - name: "wait-for-db" image: "{{ .Values.initContainerImage }}" command: - 'sh' @@ -38,24 +51,30 @@ spec: nc -z -w 2 {{ .Release.Name }}-elasticsearch 9200 && echo elasticsearch ok; do sleep 2; done; - sleep 10 containers: - name: {{ .Values.insightServer.name }} image: {{ .Values.insightServer.image }}:{{ default .Chart.AppVersion .Values.insightServer.version }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - - name: CORE_URL + - name: JFIS_URL value: 'http://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpPort }}' - - name: EXECUTOR_URL - value: 'http://{{ template "insight-executor.fullname" . }}:{{ .Values.insightExecutor.internalPort }}/executorservice' - - name: SCHEDULER_URL - value: 'http://{{ template "insight-scheduler.fullname" . }}:{{ .Values.insightScheduler.internalPort }}/schedulerservice' + - name: JFEX_URL + value: 'http://{{ template "insight-executor.fullname" . }}:{{ .Values.insightExecutor.internalPort }}' + - name: JFSC_URL + value: 'http://{{ template "insight-scheduler.fullname" . }}:{{ .Values.insightScheduler.internalPort }}' + - name: JFIS_LOGS + value: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/logs" + - name: JFIS_APP_NAME + value: "{{ .Values.insightServer.name }}" - name: MONGO_URL value: '{{ .Release.Name }}-mongodb:27017' - name: MONGODB_USERNAME value: '{{ .Values.mongodb.db.insightUser }}' - name: MONGODB_PASSWORD - value: '{{ .Values.mongodb.db.insightPassword }}' + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: insightPassword - name: MONGODB_ADMIN_USERNAME value: '{{ .Values.mongodb.db.adminUser }}' - name: MONGODB_ADMIN_PASSWORD @@ -67,6 +86,14 @@ spec: value: 'http://{{ template "mission-control.fullname" . }}:{{ .Values.missionControl.internalPort }}' - name: ELASTIC_SEARCH_URL value: 'http://{{ .Release.Name }}-elasticsearch:9200' + - name: ELASTIC_SEARCH_WRITE_URL + value: 'http://{{ .Release.Name }}-elasticsearch:9200' + - name: ELASTIC_SEARCH_READ_URL + value: 'http://{{ .Release.Name }}-elasticsearch:9200' + - name: ELASTIC_LB_WRITE_URL + value: '' + - name: ELASTIC_LB_READ_URL + value: '' - name: ELASTIC_CLUSTER_NAME value: '{{ .Values.elasticsearch.env.clusterName }}' - name: ELASTIC_SEARCH_USERNAME @@ -76,18 +103,12 @@ spec: secretKeyRef: name: {{ .Release.Name }}-elasticsearch key: esPassword - - name: ELASTIC_COMMUNICATION_NODE_URL - value: '{{ .Release.Name }}-elasticsearch:9300' - - name: JFI_HOME - value: '/var/cloudbox' - - name: JFI_HOME_CORE - value: '/var/cloudbox/core' - name: JFMC_MISSION_CONTROL_CERT - value: "/var/cloudbox/core/_MASTER_/data/contexts/security/jfmc.crt" + value: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security/jfmc.crt" - name: JFMC_INSIGHT_SERVER_CERT - value: "/var/cloudbox/core/_MASTER_/data/contexts/security/insight.crt" + value: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security/insight.crt" - name: JFMC_INSIGHT_SERVER_KEY - value: "/var/cloudbox/core/_MASTER_/data/contexts/security/insight.key" + value: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security/insight.key" - name: JFMC_INSIGHT_SERVER_PORT value: "{{ .Values.insightServer.internalHttpPort }}" - name: JFMC_INSIGHT_SERVER_SSL_PORT @@ -98,26 +119,28 @@ spec: - containerPort: {{ .Values.insightServer.internalHttpsPort }} protocol: TCP volumeMounts: + - name: insight-server-data + mountPath: {{ .Values.insightServer.persistence.mountPath | quote }} - name: mission-control-certs - mountPath: /var/cloudbox/core/_MASTER_/data/contexts/security/insight.key + mountPath: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security/insight.key" subPath: insight.key - name: mission-control-certs - mountPath: /var/cloudbox/core/_MASTER_/data/contexts/security/insight.crt + mountPath: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security/insight.crt" subPath: insight.crt - name: mission-control-certs - mountPath: /var/cloudbox/core/_MASTER_/data/contexts/security/jfmc.crt + mountPath: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security/jfmc.crt" subPath: jfmc.crt livenessProbe: httpGet: path: /api/status - port: 8082 - initialDelaySeconds: 300 + port: {{ .Values.insightServer.internalHttpPort }} + initialDelaySeconds: 600 periodSeconds: 10 readinessProbe: httpGet: path: /api/status - port: 8082 - initialDelaySeconds: 300 + port: {{ .Values.insightServer.internalHttpPort }} + initialDelaySeconds: 600 periodSeconds: 10 resources: {{ toYaml .Values.insightServer.resources | indent 10 }} @@ -141,3 +164,10 @@ spec: {{- else }} secretName: {{ template "mission-control.fullname" . }}-certs {{- end }} + - name: insight-server-data + {{- if .Values.insightServer.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.insightServer.persistence.existingClaim }}{{ .Values.insightServer.persistence.existingClaim }}{{ else }}{{ template "insight-server.fullname" . }}{{ end }} + {{- else }} + emptyDir: {} + {{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/insight-server-pvc.yaml b/stable/mission-control/templates/insight-server-pvc.yaml new file mode 100644 index 000000000..5ca35d663 --- /dev/null +++ b/stable/mission-control/templates/insight-server-pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.insightServer.persistence.enabled (not .Values.insightServer.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "insight-server.fullname" . }} + labels: + app: {{ template "mission-control.name" . }} + chart: {{ template "mission-control.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.insightServer.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.insightServer.persistence.size }} +{{- if .Values.insightServer.persistence.storageClass }} +{{- if (eq "-" .Values.insightServer.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.insightServer.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/stable/mission-control/templates/mission-control-deployment.yaml b/stable/mission-control/templates/mission-control-deployment.yaml index 473df4a49..fdb63a80f 100644 --- a/stable/mission-control/templates/mission-control-deployment.yaml +++ b/stable/mission-control/templates/mission-control-deployment.yaml @@ -27,8 +27,21 @@ spec: imagePullSecrets: - name: {{ .Values.imagePullSecrets }} {{- end }} + securityContext: + fsGroup: {{ .Values.uid }} initContainers: - - name: init-data + - name: "prepare-storage" + image: "{{ .Values.initContainerImage }}" + command: + - 'sh' + - '-c' + - > + mkdir -p {{ .Values.missionControl.persistence.mountPath }}; + chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.missionControl.persistence.mountPath }} + volumeMounts: + - name: mission-control-data + mountPath: {{ .Values.missionControl.persistence.mountPath | quote }} + - name: "wait-for-db" image: "{{ .Values.initContainerImage }}" command: - 'sh' @@ -76,7 +89,7 @@ spec: value: '20' - name: MC_URL value: "{{ .Values.missionControl.missionControlUrl }}" - - name: JAVA_OPTIONS + - name: JFMC_EXTRA_JAVA_OPTS value: " {{- if .Values.missionControl.javaOpts.other }} {{ .Values.missionControl.javaOpts.other }} @@ -88,6 +101,30 @@ spec: -Xmx{{ .Values.missionControl.javaOpts.xmx }} {{- end }} " + - name: JFMC_SERVER_HOME + value: "{{ .Values.missionControl.home }}" + - name: JFMC_LOGS_ROOT + value: "{{ .Values.missionControl.home }}/logs" + - name: JFMC_LOGS + value: "{{ .Values.missionControl.home }}/logs/{{ .Values.missionControl.appName }}" + - name: JFMC_APP_NAME + value: "{{ .Values.missionControl.appName }}" + - name: JFSC_URL + value: 'http://{{ template "insight-scheduler.fullname" . }}:{{ .Values.insightScheduler.internalPort }}' + - name: JFMC_REPOSITORY + value: "{{ .Values.missionControl.repository }}" + - name: JFMC_PACKAGE + value: "{{ .Values.missionControl.package }}" + - name: JFMC_DIST + value: "{{ .Values.missionControl.dist }}" + - name: JFMC_OS_VERSION + value: "{{ .Values.missionControl.osVersion }}" + - name: JFMC_OS_TYPE + value: "{{ .Values.missionControl.osType }}" + - name: JFMC_OS_DIST + value: "{{ .Values.missionControl.osDist }}" + - name: JFMC_CREATE_DATE + value: "{{ .Values.podRestartTime }}" ports: - containerPort: {{ .Values.missionControl.internalPort }} protocol: TCP @@ -116,13 +153,13 @@ spec: livenessProbe: httpGet: path: /api/v3/ping - port: 8080 + port: {{ .Values.missionControl.internalPort }} periodSeconds: 10 initialDelaySeconds: 240 readinessProbe: httpGet: path: /api/v3/ping - port: 8080 + port: {{ .Values.missionControl.internalPort }} periodSeconds: 10 initialDelaySeconds: 240 {{- with .Values.missionControl.nodeSelector }} diff --git a/stable/mission-control/values.yaml b/stable/mission-control/values.yaml index bef58e49d..a6b527080 100644 --- a/stable/mission-control/values.yaml +++ b/stable/mission-control/values.yaml @@ -7,6 +7,9 @@ initContainerImage: "alpine:3.6" imagePullPolicy: IfNotPresent +uid: 1050 +uname: jfmc + imagePullSecrets: ## Role Based Access Control @@ -74,6 +77,7 @@ mongodb: insightUser: jfrog_insight insightPassword: insightSchedulerDb: insight_scheduler + insightExecutorDb: insight_executor livenessProbe: initialDelaySeconds: 40 readinessProbe: @@ -129,11 +133,20 @@ jfmcTruststore: missionControl: replicaCount: 1 name: mission-control + appName: jfmc-server + home: /var/opt/jfrog/mission-control image: docker.bintray.io/jfrog/mission-control ## Note that by default we use appVersion to get image tag - # version: 3.1.2 + # version: 3.2.0 missionControlUrl: podRestartTime: + repository: jfrog-mission-control + package: mc-docker-installer + dist: helm + osVersion: "NA" + osType: "NA" + osDist: "NA" + persistence: enabled: true ## A manually managed Persistent Volume and Claim @@ -181,9 +194,29 @@ missionControl: insightServer: replicaCount: 1 name: insight-server + home: /opt/jfrog image: docker.bintray.io/jfrog/insight-server ## Note that by default we use appVersion to get image tag - # version: 3.1.2 + # version: 3.2.0 + persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + mountPath: "/opt/jfrog/insight-server/logs" + accessMode: ReadWriteOnce + size: 100Gi + ## Mission Control data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + service: name: insight-server type: ClusterIP @@ -207,9 +240,29 @@ insightServer: insightScheduler: replicaCount: 1 name: insight-scheduler + home: /opt/jfrog image: docker.bintray.io/jfrog/insight-scheduler ## Note that by default we use appVersion to get image tag - # version: 3.1.2 + # version: 3.2.0 + persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + mountPath: "/opt/jfrog/insight-scheduler/logs" + accessMode: ReadWriteOnce + size: 100Gi + ## Mission Control data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + service: type: ClusterIP externalPort: 8080 @@ -237,9 +290,10 @@ insightScheduler: insightExecutor: replicaCount: 1 name: insight-executor + home: /opt/jfrog image: docker.bintray.io/jfrog/insight-executor ## Note that by default we use appVersion to get image tag - # version: 3.1.2 + # version: 3.2.0 persistence: enabled: true ## A manually managed Persistent Volume and Claim @@ -247,7 +301,7 @@ insightExecutor: ## If defined, PVC must be created manually before volume will be bound # existingClaim: - mountPath: "/var/cloudbox" + mountPath: "/opt/jfrog/insight-executor/logs" accessMode: ReadWriteOnce size: 100Gi ## Mission Control data Persistent Volume Storage Class