Merge pull request jfrog#294 from jfrog/artifactory-license

Artifactory license

stable/artifactory-ha/CHANGELOG.md

@@ -1,6 +1,9 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.12.13] - Aprl 07, 2019
+* Add support for providing the Artifactory license as a parameter
+
 ## [0.12.12] - Apr 10, 2019
 * Updated Artifactory version to 6.9.1
 

stable/artifactory-ha/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory-ha
 home: https://www.jfrog.com/artifactory/
-version: 0.12.12
+version: 0.12.13
 appVersion: 6.9.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.

stable/artifactory-ha/README.md

@@ -262,6 +262,28 @@ helm install --name artifactory-ha --set artifactory.license.secret=artifactory-
 **NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
 Updating the license should be done via Artifactory UI or REST API.
 
+##### Create the secret as part of the helm release
+values.yaml
+```yaml
+artifactory:
+  license:
+    licenseKey: |-
+      <LICENSE_KEY1>
+      
+      
+      <LICENSE_KEY2>
+      
+      
+      <LICENSE_KEY3>
+```
+
+```bash
+helm install --name artifactory-ha -f values.yaml jfrog/artifactory-ha
+```
+**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
+Updating the license should be done via Artifactory UI or REST API.
+If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file
+
 ### Configure NetworkPolicy
 
 NetworkPolicy specifies what ingress and egress is allowed in this namespace. It is encouraged to be more specific whenever possible to increase security of the system.
@@ -547,6 +569,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.accessAdmin.dataKey`                | Artifactory access-admin secret data key |                            |
 | `artifactory.preStartCommand`                    | Command to run before entrypoint starts |                             |
 | `artifactory.postStartCommand`                   | Command to run after container starts   |                             |
+| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used.  |           |
 | `artifactory.license.secret` | Artifactory license secret name              |                                            |
 | `artifactory.license.dataKey`| Artifactory license secret data key          |                                            |
 | `artifactory.service.name`   | Artifactory service name to be set in Nginx configuration | `artifactory`                 |

stable/artifactory-ha/templates/artifactory-license-secret.yaml

@@ -0,0 +1,14 @@
+{{- with .Values.artifactory.license.licenseKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "artifactory-ha.fullname" $ }}-license
+  labels:
+    app: {{ template "artifactory-ha.name" $ }}
+    chart: {{ template "artifactory-ha.chart" $ }}
+    heritage: {{ $.Release.Service }}
+    release: {{ $.Release.Name }}
+type: Opaque
+data:
+  artifactory.lic: {{ . | b64enc | quote }}
+{{- end }}

stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml

@@ -280,10 +280,14 @@ spec:
         - name: bootstrap-config
           mountPath: "/bootstrap/"
       {{- end }}
-      {{- if .Values.artifactory.license.secret }}
+      {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
         - name: artifactory-license
           mountPath: "/artifactory_extra_conf/artifactory.cluster.license"
+          {{- if .Values.artifactory.license.secret }}
           subPath: {{ .Values.artifactory.license.dataKey }}
+          {{- else if .Values.artifactory.license.licenseKey }}
+          subPath: artifactory.lic
+          {{- end }}
       {{- end }}
         - name: access-bootstrap-creds
           mountPath: "/tmp/access/bootstrap.creds"
@@ -425,10 +429,14 @@ spec:
         configMap:
           name: {{ template "artifactory-ha.fullname" . }}-catalina-logger
       {{- end }}
-      {{- if .Values.artifactory.license.secret }}
+      {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
       - name: artifactory-license
         secret:
+          {{- if .Values.artifactory.license.secret }}
           secretName: {{ .Values.artifactory.license.secret }}
+          {{- else if .Values.artifactory.license.licenseKey }}
+          secretName: {{ template "artifactory-ha.fullname" . }}-license
+          {{- end }}
       {{- end }}
       - name: access-bootstrap-creds
         secret:

stable/artifactory-ha/values.yaml

@@ -151,6 +151,10 @@ artifactory:
   #    - source: /artifactory_extra_conf/binarystore.xml
   #     # relative to ARTIFACTORY_HOME/
   #      target: etc/
+  #     # absolute path
+  #    - source: /artifactory_extra_conf/artifactory.lic
+  #     # relative to ARTIFACTORY_HOME/
+  #      target: etc/
 
   # Sidecar containers for tailing Artifactory logs
   loggers: []
@@ -230,13 +234,16 @@ artifactory:
     secret:
     dataKey:
 
-  ## Artifactory license secret.
-  ## If artifactory.license.secret is passed, it will be mounted as
-  ## ARTIFACTORY_HOME/etc/artifactory.cluster.license and loaded at run time.
-  ## The dataKey should be the name of the secret data key created.
+  ## Artifactory license.
   license:
+    ## licenseKey is the license key in plain text. Use either this or the license.secret setting
+    licenseKey:
+    ## If artifactory.license.secret is passed, it will be mounted as
+    ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time.
     secret:
+    ## The dataKey should be the name of the secret data key created.
     dataKey:
+
   ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter
   configMapName:
 

stable/artifactory/CHANGELOG.md

@@ -1,6 +1,9 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [7.13.11] - Aprl 07, 2019
+* Add support for providing the Artifactory license as a parameter
+
 ## [7.13.10] - Apr 10, 2019
 * Updated Artifactory version to 6.9.1
 

stable/artifactory/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory
 home: https://www.jfrog.com/artifactory/
-version: 7.13.10
+version: 7.13.11
 appVersion: 6.9.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.

stable/artifactory/README.md

@@ -184,6 +184,7 @@ This will completely delete your Artifactory Pro deployment.
 **IMPORTANT:** This will also delete your data volumes. You will lose all data!
 
 ### Kubernetes Secret for Artifactory License
+##### Use an existing secret
 You can deploy the Artifactory license as a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/).
 Prepare a text file with the license written in it and create a Kubernetes secret from it.
 ```bash
@@ -195,6 +196,24 @@ helm install --name artifactory --set artifactory.license.secret=artifactory-lic
 ```
 **NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
 Updating the license should be done via Artifactory UI or REST API.
+If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file
+
+##### Create the secret as part of the helm release
+values.yaml
+```yaml
+artifactory:
+  license:
+    licenseKey: |-
+      <LICENSE_KEY>
+```
+
+```bash
+helm install --name artifactory-ha -f values.yaml jfrog/artifactory-ha
+```
+**NOTE:** This method is relevant for initial deployment only! Once Artifactory is deployed, you should not keep passing these parameters as the license is already persisted into Artifactory's storage (they will be ignored).
+Updating the license should be done via Artifactory UI or REST API.
+If you want to keep managing the artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file
+
 
 ### Configure NetworkPolicy
 
@@ -255,6 +274,10 @@ kubectl apply -f bootstrap-config.yaml
 ```bash
 helm install --name artifactory --set artifactory.license.secret=artifactory-license,artifactory.license.dataKey=art.lic,artifactory.configMapName=my-release-bootstrap-config jfrog/artifactory
 ```
+OR
+```bash
+helm install --name artifactory --set artifactory.license.licenseKey=<LICENSE_KEY>,artifactory.configMapName=my-release-bootstrap-config jfrog/artifactory
+```
 
 ### Use custom nginx.conf with Nginx
 
@@ -434,6 +457,9 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.customSidecarContainers`| Custom sidecar containers      |                                                  |
 | `artifactory.customVolumes`       | Custom volumes                    |                                                  |
 | `artifactory.userPluginSecrets`   | Array of secret names for Artifactory user plugins |                                 |
+| `artifactory.license.licenseKey` | Artifactory license key. Providing the license key as a parameter will cause a secret containing the license key to be created as part of the release. Use either this setting or the license.secret and license.dataKey. If you use both, the latter will be used.  |           |
+| `artifactory.license.secret` | Artifactory license secret name              |                                            |
+| `artifactory.license.dataKey`| Artifactory license secret data key          |                                            |
 | `artifactory.service.name`| Artifactory service name to be set in Nginx configuration | `artifactory`                    |
 | `artifactory.service.type`| Artifactory service type | `ClusterIP`                                                       |
 | `artifactory.externalPort` | Artifactory service external port | `8081`                                                  |

stable/artifactory/templates/artifactory-license-secret.yaml

@@ -0,0 +1,14 @@
+{{- with .Values.artifactory.license.licenseKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "artifactory.fullname" $ }}-license
+  labels:
+    app: {{ template "artifactory.name" $ }}
+    chart: {{ template "artifactory.chart" $ }}
+    heritage: {{ $.Release.Service }}
+    release: {{ $.Release.Name }}
+type: Opaque
+data:
+  artifactory.lic: {{ . | b64enc | quote }}
+{{- end }}

stable/artifactory/templates/artifactory-statefulset.yaml

@@ -235,10 +235,14 @@ spec:
           mountPath: "/artifactory_extra_conf/binarystore.xml"
           subPath: binarystore.xml
       {{- end }}
-      {{- if .Values.artifactory.license.secret }}
+      {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
         - name: artifactory-license
           mountPath: "/artifactory_extra_conf/artifactory.lic"
+          {{- if .Values.artifactory.license.secret }}
           subPath: {{ .Values.artifactory.license.dataKey }}
+          {{- else if .Values.artifactory.license.licenseKey }}
+          subPath: artifactory.lic
+          {{- end }}
       {{- end }}
         - name: access-bootstrap-creds
           mountPath: "/tmp/access/bootstrap.creds"
@@ -363,10 +367,14 @@ spec:
         configMap:
           name: {{ template "artifactory.fullname" . }}-catalina-logger
       {{- end }}
-      {{- if .Values.artifactory.license.secret }}
+      {{- if or .Values.artifactory.license.secret .Values.artifactory.license.licenseKey }}
       - name: artifactory-license
         secret:
+          {{- if .Values.artifactory.license.secret }}
           secretName: {{ .Values.artifactory.license.secret }}
+          {{- else if .Values.artifactory.license.licenseKey }}
+          secretName: {{ template "artifactory.fullname" . }}-license
+          {{- end }}
       {{- end }}
       - name: access-bootstrap-creds
         secret:

stable/artifactory/values.yaml

@@ -99,11 +99,15 @@ artifactory:
     pullPolicy: IfNotPresent
 
   # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup
-    copyOnEveryStartup:
-  #     # absolute path
-  #    - source: /artifactory_extra_conf/binarystore.xml
-  #     # relative to ARTIFACTORY_HOME/
-  #      target: etc/
+  copyOnEveryStartup:
+#     # absolute path
+#    - source: /artifactory_extra_conf/binarystore.xml
+#     # relative to ARTIFACTORY_HOME/
+#      target: etc/
+#     # absolute path
+#    - source: /artifactory_extra_conf/artifactory.lic
+#     # relative to ARTIFACTORY_HOME/
+#      target: etc/
 
   # Sidecar containers for tailing Artifactory logs
   loggers: []
@@ -170,13 +174,16 @@ artifactory:
   #      name: custom-script
 
 
-  ## Artifactory license secret.
-  ## If artifactory.license.secret is passed, it will be mounted as
-  ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time.
-  ## The dataKey should be the name of the secret data key created.
+  ## Artifactory license.
   license:
+    ## licenseKey is the license key in plain text. Use either this or the license.secret setting
+    licenseKey:
+    ## If artifactory.license.secret is passed, it will be mounted as
+    ## ARTIFACTORY_HOME/etc/artifactory.lic and loaded at run time.
     secret:
+    ## The dataKey should be the name of the secret data key created.
     dataKey:
+
   ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter
   configMapName: