Release xray 3.11.2 (jfrog#1263)

oronka · Nov 16, 2020 · 8801e7b · 8801e7b
2 parents 645f00e + ad00edb
commit 8801e7b
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 5 deletions.
diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md
@@ -1,6 +1,13 @@
 # JFrog Xray Chart Changelog
 All changes to this chart will be documented in this file
 
+## [6.4.2] - Nov 16, 2020
+* Update Xray to version 3.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Xray+Release+Notes#XrayReleaseNotes-Xray3.11)
+
+## [6.4.1] - Nov 10, 2020
+* Pass system.yaml via external secret for advanced usecases
+* Bugfix - stateful set not picking up changes to database secrets
+
 ## [6.4.0] - Nov 9, 2020
 * Update Xray to version 3.11.1 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Xray+Release+Notes#XrayReleaseNotes-Xray3.11)
 * Fix values-small,medium,large yaml files

diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: xray
 home: https://www.jfrog.com/xray/
-version: 6.4.0
-appVersion: 3.11.1
+version: 6.4.2
+appVersion: 3.11.2
 description: Universal component scan for security and license inventory and impact
   analysis
 sources:

diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml
@@ -37,6 +37,7 @@ spec:
 {{ toYaml . | indent 8 }}
     {{- end }}
       annotations:
+        checksum/database-secrets: {{ include (print $.Template.BasePath "/xray-database-secrets.yaml") . | sha256sum }}
         checksum/systemyaml: {{ include (print $.Template.BasePath "/xray-system-yaml.yaml") . | sha256sum }}
         {{- with .Values.analysis.annotations }}
 {{ toYaml . | indent 8 }}
@@ -78,7 +79,11 @@ spec:
         - >
           echo "Copy system.yaml to {{ .Values.xray.persistence.mountPath }}/etc";
           mkdir -p {{ .Values.xray.persistence.mountPath }}/etc;
+          {{- if .Values.systemYaml.existingSecret }}
+          cp -fv /tmp/etc/{{ .Values.systemYaml.dataKey }} {{ .Values.xray.persistence.mountPath }}/etc/system.yaml;
+          {{- else }}
           cp -fv /tmp/etc/system.yaml {{ .Values.xray.persistence.mountPath }}/etc/system.yaml;
+          {{- end }}
           echo "Remove {{ .Values.xray.persistence.mountPath }}/lost+found folder if exists";
           rm -rfv {{ .Values.xray.persistence.mountPath }}/lost+found;
         {{- if or .Values.xray.joinKey .Values.xray.joinKeySecretName .Values.global.joinKey .Values.global.joinKeySecretName }}
@@ -109,9 +114,16 @@ spec:
         volumeMounts:
         - name: data-volume
           mountPath: {{ .Values.xray.persistence.mountPath | quote }}
+      {{- if or .Values.systemYaml.existingSecret .Values.xray.systemYaml }}
         - name: systemyaml
+          {{- if .Values.systemYaml.existingSecret }}
+          mountPath: "/tmp/etc/{{.Values.systemYaml.dataKey}}"
+          subPath: {{ .Values.systemYaml.dataKey }}
+          {{- else if .Values.xray.systemYaml }}
           mountPath: "/tmp/etc/system.yaml"
           subPath: system.yaml
+          {{- end }}
+      {{- end }}
       {{- if .Values.postgresql.enabled }}
       - name: "wait-for-db"
         image: "{{ .Values.initContainerImage }}"
@@ -581,9 +593,11 @@ spec:
 {{ toYaml . | indent 8 }}
     {{- end }}
       volumes:
+      {{- if or .Values.systemYaml.existingSecret .Values.xray.systemYaml }}
       - name: systemyaml
         secret:
-          secretName: {{ template "xray.fullname" . }}-system-yaml
+          secretName: {{ default (printf "%s-%s" (include "xray.fullname" .) "system-yaml") .Values.systemYaml.existingSecret }}
+      {{- end }}
       {{- if not .Values.common.persistence.enabled }}
       - name: data-volume
         emptyDir:

diff --git a/stable/xray/templates/xray-system-yaml.yaml b/stable/xray/templates/xray-system-yaml.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.systemYaml.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -11,3 +12,4 @@ type: Opaque
 stringData:
   system.yaml: |
 {{ tpl .Values.xray.systemYaml . | indent 4 }}
+{{- end }}
diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml
@@ -39,6 +39,18 @@ initContainers:
 imagePullSecrets:
   # - myRegistryKeySecretName
 
+## Xray systemYaml override
+## This is for advanced usecases where users wants to provide their own systemYaml for configuring xray
+## Refer - https://www.jfrog.com/confluence/display/JFROG/Xray+System+YAML
+## Note: This will override existing systemYaml in values.yaml
+## Alternatively, systemYaml can be overidden via customInitContainers using external sources like vaults, external repositories etc. Please refer customInitContainer section below for an example.
+## Note: Order of preference is 1) customInitContainers 2) systemYaml existingSecret 3) default systemYaml in values.yaml
+systemYaml:
+## You can use a pre-existing secret by specifying existingSecret
+  existingSecret:
+## The dataKey should be the name of the secret data key created.
+  dataKey:
+
 replicaCount: 1
 
 xray:
@@ -420,13 +432,13 @@ common:
 
   ## Add custom init containers execution after predefined init containers
   customInitContainers: |
-  #  - name: "custom-setup"
+  #  - name: "custom-systemyaml-setup"
   #    image: "{{ .Values.initContainerImage }}"
   #    imagePullPolicy: "{{ .Values.imagePullPolicy }}"
   #    command:
   #      - 'sh'
   #      - '-c'
-  #      - 'touch {{ .Values.xray.persistence.mountPath }}/example-custom-setup'
+  #      - 'wget -O {{ .Values.xray.persistence.mountPath }}/etc/system.yaml https://<repo-url>/systemyaml'
   #    volumeMounts:
   #      - mountPath: "{{ .Values.xray.persistence.mountPath }}"
   #        name: data-volume