From 86d3630dd3c0c3473f2585f34affedf65283ef81 Mon Sep 17 00:00:00 2001 From: Nikolas Philips Date: Fri, 1 Sep 2023 11:55:13 +0200 Subject: [PATCH] Adjust --- .../alertmanager/HOWTOENCRYPT.md | 4 +- .../alertmanager/alertmanager-cr.yaml | 36 +- .../alertmanager/alertmanager-crb.yaml | 22 +- .../alertmanager-kube-rbac-proxy.yaml | 36 +- .../alertmanager-proxy-secret.yaml | 20 +- .../alertmanager/alertmanager-route.yaml | 34 +- .../alertmanager/alertmanager-sa.yaml | 24 +- .../alertmanager-sealed-secret.yaml | 32 +- .../alertmanager-servicemonitor.yaml | 36 +- .../alertmanager/alertmanager-svc.yaml | 40 +- .../alertmanager/alertmanager.yaml | 238 +- .../grafana/argocd-dashboard.yaml | 7536 +++--- .../grafana/grafana-datasource.yaml | 40 +- .../.monitoring-stack/grafana/grafana.yaml | 76 +- .../prometheus/prometheus-crb.yaml | 24 +- .../prometheus-htpasswd-secret.yaml | 18 +- .../prometheus/prometheus-route.yaml | 32 +- .../prometheus/prometheus-sa.yaml | 24 +- .../prometheus/prometheus-servicemonitor.yaml | 36 +- .../prometheus/prometheus-svc.yaml | 42 +- .../prometheus/prometheus.yaml | 296 +- .../test/failing-prometheusrule.yaml | 38 +- .../thanos-querier/thanos-querier-deploy.yaml | 416 +- .../thanos-querier/thanos-querier-sa.yaml | 24 +- .../thanos-querier/thanos-querier-svc.yaml | 48 +- .../thanos-ruler/thanos-htpasswd-secret.yaml | 14 +- .../thanos-ruler-alertmanagers-config.yaml | 34 +- .../thanos-ruler-query-config.yaml | 32 +- .../thanos-ruler/thanos-ruler-route.yaml | 34 +- .../thanos-ruler/thanos-ruler-sa.yaml | 14 +- .../thanos-ruler/thanos-ruler-svc.yaml | 38 +- .../thanos-ruler/thanos-ruler.yaml | 150 +- .disabled/.noobaa/cephobjectstoreuser-cr.yaml | 12 +- .disabled/.noobaa/cluster_role.yaml | 134 +- .disabled/.noobaa/cluster_role_binding.yaml | 24 +- .../.noobaa/noobaa.io_backingstores_crd.yaml | 722 +- .../.noobaa/noobaa.io_bucketclasses_crd.yaml | 472 +- .../noobaa.io_namespacestores_crd.yaml | 564 +- .disabled/.noobaa/noobaa.io_noobaas_crd.yaml | 2352 +- .../noobaa.io_v1alpha1_backingstore_cr.yaml | 10 +- .../noobaa.io_v1alpha1_bucketclass_cr.yaml | 10 +- .../noobaa.io_v1alpha1_namespacestore_cr.yaml | 10 +- .../.noobaa/noobaa.io_v1alpha1_noobaa_cr.yaml | 38 +- .disabled/.noobaa/operator.yaml | 64 +- .disabled/.noobaa/role.yaml | 266 +- .disabled/.noobaa/role_binding.yaml | 22 +- .disabled/.noobaa/service_account.yaml | 12 +- .../appdeployment_editor_role.yaml | 48 +- .../appdeployment_viewer_role.yaml | 40 +- .../apps.baloise.dev_appdeployments.yaml | 88 +- .../auth_proxy_client_clusterrole.yaml | 18 +- .disabled/app-operator/auth_proxy_role.yaml | 34 +- .../app-operator/auth_proxy_role_binding.yaml | 24 +- .../app-operator/auth_proxy_service.yaml | 30 +- .disabled/app-operator/deployment.yaml | 94 +- .../app-operator/leader_election_role.yaml | 74 +- .../leader_election_role_binding.yaml | 24 +- .disabled/app-operator/role.yaml | 148 +- .disabled/app-operator/role_binding.yaml | 24 +- .disabled/app-operator/service_account.yaml | 10 +- .disabled/argo-events/kustomization.yaml | 62 +- .disabled/argo-workflows/README.md | 8 +- .../argo-workflows/base/argo-default-crb.yaml | 22 +- .../base/argo-server-dnsendpoint.yaml | 16 +- .../base/argo-server-route.yaml | 28 +- .disabled/argo-workflows/kustomization.yaml | 28 +- .../overlays/argo-binding-crb.yaml | 16 +- .../overlays/argo-server-binding-crb.yaml | 16 +- .../overlays/argo-server-deploy.yaml | 56 +- .disabled/artifactory-jcr/Chart.yaml | 50 +- .disabled/artifactory-jcr/README.md | 250 +- .../charts/artifactory/.helmignore | 42 +- .../charts/artifactory/CHANGELOG.md | 2286 +- .../charts/artifactory/Chart.lock | 12 +- .../charts/artifactory/Chart.yaml | 46 +- .../charts/artifactory/LICENSE | 402 +- .../charts/artifactory/README.md | 104 +- .../artifactory/charts/postgresql/.helmignore | 42 +- .../artifactory/charts/postgresql/Chart.lock | 12 +- .../artifactory/charts/postgresql/Chart.yaml | 58 +- .../artifactory/charts/postgresql/README.md | 1540 +- .../postgresql/charts/common/.helmignore | 44 +- .../postgresql/charts/common/Chart.yaml | 46 +- .../charts/postgresql/charts/common/README.md | 644 +- .../charts/common/templates/_affinities.tpl | 188 +- .../charts/common/templates/_capabilities.tpl | 190 +- .../charts/common/templates/_errors.tpl | 46 +- .../charts/common/templates/_images.tpl | 94 +- .../charts/common/templates/_ingress.tpl | 84 +- .../charts/common/templates/_labels.tpl | 36 +- .../charts/common/templates/_names.tpl | 64 +- .../charts/common/templates/_secrets.tpl | 258 +- .../charts/common/templates/_storage.tpl | 46 +- .../charts/common/templates/_tplvalues.tpl | 26 +- .../charts/common/templates/_utils.tpl | 124 +- .../charts/common/templates/_warnings.tpl | 28 +- .../templates/validations/_cassandra.tpl | 144 +- .../common/templates/validations/_mariadb.tpl | 206 +- .../common/templates/validations/_mongodb.tpl | 216 +- .../templates/validations/_postgresql.tpl | 262 +- .../common/templates/validations/_redis.tpl | 144 +- .../templates/validations/_validations.tpl | 92 +- .../postgresql/charts/common/values.yaml | 6 +- .../postgresql/ci/commonAnnotations.yaml | 6 +- .../charts/postgresql/ci/default-values.yaml | 2 +- .../ci/shmvolume-disabled-values.yaml | 4 +- .../charts/postgresql/files/README.md | 2 +- .../charts/postgresql/files/conf.d/README.md | 8 +- .../docker-entrypoint-initdb.d/README.md | 4 +- .../charts/postgresql/templates/NOTES.txt | 118 +- .../charts/postgresql/templates/_helpers.tpl | 674 +- .../postgresql/templates/configmap.yaml | 62 +- .../templates/extended-config-configmap.yaml | 52 +- .../postgresql/templates/extra-list.yaml | 8 +- .../templates/initialization-configmap.yaml | 50 +- .../templates/metrics-configmap.yaml | 28 +- .../postgresql/templates/metrics-svc.yaml | 52 +- .../postgresql/templates/networkpolicy.yaml | 78 +- .../templates/podsecuritypolicy.yaml | 76 +- .../postgresql/templates/prometheusrule.yaml | 46 +- .../charts/postgresql/templates/role.yaml | 40 +- .../postgresql/templates/rolebinding.yaml | 40 +- .../charts/postgresql/templates/secrets.yaml | 48 +- .../postgresql/templates/serviceaccount.yaml | 24 +- .../postgresql/templates/servicemonitor.yaml | 66 +- .../templates/statefulset-readreplicas.yaml | 822 +- .../postgresql/templates/statefulset.yaml | 1218 +- .../postgresql/templates/svc-headless.yaml | 56 +- .../charts/postgresql/templates/svc-read.yaml | 86 +- .../charts/postgresql/templates/svc.yaml | 82 +- .../charts/postgresql/values.schema.json | 206 +- .../artifactory/charts/postgresql/values.yaml | 1648 +- .../artifactory/ci/access-tls-values.yaml | 48 +- .../charts/artifactory/ci/default-values.yaml | 42 +- .../artifactory/ci/derby-test-values.yaml | 36 +- .../charts/artifactory/ci/global-values.yaml | 518 +- .../ci/migration-disabled-values.yaml | 42 +- .../ci/rtsplit-values-access-tls-values.yaml | 226 +- .../charts/artifactory/ci/rtsplit-values.yaml | 216 +- .../charts/artifactory/ci/test-values.yaml | 170 +- .../charts/artifactory/files/migrate.sh | 8684 +++---- .../artifactory/files/migrationHelmInfo.yaml | 62 +- .../artifactory/files/migrationStatus.sh | 86 +- .../charts/artifactory/templates/NOTES.txt | 184 +- .../charts/artifactory/templates/_helpers.tpl | 946 +- .../templates/additional-resources.yaml | 6 +- .../templates/admin-bootstrap-creds.yaml | 30 +- .../templates/artifactory-access-config.yaml | 30 +- .../artifactory-binarystore-secret.yaml | 28 +- .../templates/artifactory-configmaps.yaml | 24 +- .../templates/artifactory-custom-secrets.yaml | 38 +- .../artifactory-database-secrets.yaml | 48 +- .../artifactory-gcp-credentials-secret.yaml | 30 +- .../templates/artifactory-hpa.yaml | 50 +- .../templates/artifactory-installer-info.yaml | 24 +- .../templates/artifactory-license-secret.yaml | 30 +- .../artifactory-migration-scripts.yaml | 34 +- .../templates/artifactory-networkpolicy.yaml | 66 +- .../templates/artifactory-nfs-pvc.yaml | 202 +- .../templates/artifactory-pdb.yaml | 48 +- .../templates/artifactory-priority-class.yaml | 18 +- .../templates/artifactory-role.yaml | 28 +- .../templates/artifactory-rolebinding.yaml | 38 +- .../templates/artifactory-secrets.yaml | 54 +- .../templates/artifactory-service.yaml | 104 +- .../templates/artifactory-serviceaccount.yaml | 34 +- .../templates/artifactory-statefulset.yaml | 2738 +-- .../templates/artifactory-system-yaml.yaml | 30 +- .../templates/artifactory-unified-secret.yaml | 176 +- .../templates/filebeat-configmap.yaml | 30 +- .../charts/artifactory/templates/ingress.yaml | 496 +- .../templates/logger-configmap.yaml | 126 +- .../templates/nginx-artifactory-conf.yaml | 26 +- .../templates/nginx-certificate-secret.yaml | 28 +- .../artifactory/templates/nginx-conf.yaml | 28 +- .../templates/nginx-deployment.yaml | 416 +- .../artifactory/templates/nginx-pdb.yaml | 46 +- .../artifactory/templates/nginx-pvc.yaml | 52 +- .../artifactory/templates/nginx-service.yaml | 162 +- .../charts/artifactory/values-large.yaml | 22 +- .../charts/artifactory/values-medium.yaml | 22 +- .../charts/artifactory/values-small.yaml | 22 +- .../charts/artifactory/values.yaml | 4164 ++-- .disabled/artifactory-jcr/templates/NOTES.txt | 2 +- .../templates/dnsendpoint.yaml | 16 +- .../artifactory-jcr/templates/route.yaml | 42 +- .disabled/artifactory-jcr/values.yaml | 186 +- .disabled/artifactory-oss/Chart.yaml | 44 +- .disabled/artifactory-oss/README.md | 248 +- .../charts/artifactory/.helmignore | 42 +- .../charts/artifactory/CHANGELOG.md | 2286 +- .../charts/artifactory/Chart.lock | 12 +- .../charts/artifactory/Chart.yaml | 46 +- .../charts/artifactory/LICENSE | 402 +- .../charts/artifactory/README.md | 104 +- .../artifactory/charts/postgresql/.helmignore | 42 +- .../artifactory/charts/postgresql/Chart.lock | 12 +- .../artifactory/charts/postgresql/Chart.yaml | 58 +- .../artifactory/charts/postgresql/README.md | 1540 +- .../postgresql/charts/common/.helmignore | 44 +- .../postgresql/charts/common/Chart.yaml | 46 +- .../charts/postgresql/charts/common/README.md | 644 +- .../charts/common/templates/_affinities.tpl | 188 +- .../charts/common/templates/_capabilities.tpl | 190 +- .../charts/common/templates/_errors.tpl | 46 +- .../charts/common/templates/_images.tpl | 94 +- .../charts/common/templates/_ingress.tpl | 84 +- .../charts/common/templates/_labels.tpl | 36 +- .../charts/common/templates/_names.tpl | 64 +- .../charts/common/templates/_secrets.tpl | 258 +- .../charts/common/templates/_storage.tpl | 46 +- .../charts/common/templates/_tplvalues.tpl | 26 +- .../charts/common/templates/_utils.tpl | 124 +- .../charts/common/templates/_warnings.tpl | 28 +- .../templates/validations/_cassandra.tpl | 144 +- .../common/templates/validations/_mariadb.tpl | 206 +- .../common/templates/validations/_mongodb.tpl | 216 +- .../templates/validations/_postgresql.tpl | 262 +- .../common/templates/validations/_redis.tpl | 144 +- .../templates/validations/_validations.tpl | 92 +- .../postgresql/charts/common/values.yaml | 6 +- .../postgresql/ci/commonAnnotations.yaml | 6 +- .../charts/postgresql/ci/default-values.yaml | 2 +- .../ci/shmvolume-disabled-values.yaml | 4 +- .../charts/postgresql/files/README.md | 2 +- .../charts/postgresql/files/conf.d/README.md | 8 +- .../docker-entrypoint-initdb.d/README.md | 4 +- .../charts/postgresql/templates/NOTES.txt | 118 +- .../charts/postgresql/templates/_helpers.tpl | 674 +- .../postgresql/templates/configmap.yaml | 62 +- .../templates/extended-config-configmap.yaml | 52 +- .../postgresql/templates/extra-list.yaml | 8 +- .../templates/initialization-configmap.yaml | 50 +- .../templates/metrics-configmap.yaml | 28 +- .../postgresql/templates/metrics-svc.yaml | 52 +- .../postgresql/templates/networkpolicy.yaml | 78 +- .../templates/podsecuritypolicy.yaml | 76 +- .../postgresql/templates/prometheusrule.yaml | 46 +- .../charts/postgresql/templates/role.yaml | 40 +- .../postgresql/templates/rolebinding.yaml | 40 +- .../charts/postgresql/templates/secrets.yaml | 48 +- .../postgresql/templates/serviceaccount.yaml | 24 +- .../postgresql/templates/servicemonitor.yaml | 66 +- .../templates/statefulset-readreplicas.yaml | 822 +- .../postgresql/templates/statefulset.yaml | 1218 +- .../postgresql/templates/svc-headless.yaml | 56 +- .../charts/postgresql/templates/svc-read.yaml | 86 +- .../charts/postgresql/templates/svc.yaml | 82 +- .../charts/postgresql/values.schema.json | 206 +- .../artifactory/charts/postgresql/values.yaml | 1648 +- .../artifactory/ci/access-tls-values.yaml | 48 +- .../charts/artifactory/ci/default-values.yaml | 42 +- .../artifactory/ci/derby-test-values.yaml | 36 +- .../charts/artifactory/ci/global-values.yaml | 518 +- .../ci/migration-disabled-values.yaml | 42 +- .../ci/rtsplit-values-access-tls-values.yaml | 226 +- .../charts/artifactory/ci/rtsplit-values.yaml | 216 +- .../charts/artifactory/ci/test-values.yaml | 170 +- .../charts/artifactory/files/migrate.sh | 8684 +++---- .../artifactory/files/migrationHelmInfo.yaml | 62 +- .../artifactory/files/migrationStatus.sh | 86 +- .../charts/artifactory/templates/NOTES.txt | 184 +- .../charts/artifactory/templates/_helpers.tpl | 946 +- .../templates/additional-resources.yaml | 6 +- .../templates/admin-bootstrap-creds.yaml | 30 +- .../templates/artifactory-access-config.yaml | 30 +- .../artifactory-binarystore-secret.yaml | 28 +- .../templates/artifactory-configmaps.yaml | 24 +- .../templates/artifactory-custom-secrets.yaml | 38 +- .../artifactory-database-secrets.yaml | 48 +- .../artifactory-gcp-credentials-secret.yaml | 30 +- .../templates/artifactory-hpa.yaml | 50 +- .../templates/artifactory-installer-info.yaml | 24 +- .../templates/artifactory-license-secret.yaml | 30 +- .../artifactory-migration-scripts.yaml | 34 +- .../templates/artifactory-networkpolicy.yaml | 66 +- .../templates/artifactory-nfs-pvc.yaml | 202 +- .../templates/artifactory-pdb.yaml | 48 +- .../templates/artifactory-priority-class.yaml | 18 +- .../templates/artifactory-role.yaml | 28 +- .../templates/artifactory-rolebinding.yaml | 38 +- .../templates/artifactory-secrets.yaml | 54 +- .../templates/artifactory-service.yaml | 104 +- .../templates/artifactory-serviceaccount.yaml | 34 +- .../templates/artifactory-statefulset.yaml | 2738 +-- .../templates/artifactory-system-yaml.yaml | 30 +- .../templates/artifactory-unified-secret.yaml | 176 +- .../templates/filebeat-configmap.yaml | 30 +- .../charts/artifactory/templates/ingress.yaml | 496 +- .../templates/logger-configmap.yaml | 126 +- .../templates/nginx-artifactory-conf.yaml | 26 +- .../templates/nginx-certificate-secret.yaml | 28 +- .../artifactory/templates/nginx-conf.yaml | 28 +- .../templates/nginx-deployment.yaml | 416 +- .../artifactory/templates/nginx-pdb.yaml | 46 +- .../artifactory/templates/nginx-pvc.yaml | 52 +- .../artifactory/templates/nginx-service.yaml | 162 +- .../charts/artifactory/values-large.yaml | 22 +- .../charts/artifactory/values-medium.yaml | 22 +- .../charts/artifactory/values-small.yaml | 22 +- .../charts/artifactory/values.yaml | 4164 ++-- .disabled/artifactory-oss/templates/NOTES.txt | 2 +- .../templates/dnsendpoint.yaml | 16 +- .../artifactory-oss/templates/route.yaml | 42 +- .disabled/artifactory-oss/values.yaml | 186 +- .disabled/artifactory/CHANGELOG.md | 348 +- .disabled/artifactory/Chart.lock | 12 +- .disabled/artifactory/Chart.yaml | 44 +- .disabled/artifactory/LICENSE | 402 +- .disabled/artifactory/README.md | 248 +- .../charts/artifactory/.helmignore | 42 +- .../charts/artifactory/CHANGELOG.md | 2464 +- .../artifactory/charts/artifactory/Chart.lock | 12 +- .../artifactory/charts/artifactory/Chart.yaml | 48 +- .../artifactory/charts/artifactory/LICENSE | 402 +- .../artifactory/charts/artifactory/README.md | 104 +- .../artifactory/charts/postgresql/.helmignore | 42 +- .../artifactory/charts/postgresql/Chart.lock | 12 +- .../artifactory/charts/postgresql/Chart.yaml | 58 +- .../artifactory/charts/postgresql/README.md | 1540 +- .../postgresql/charts/common/.helmignore | 44 +- .../postgresql/charts/common/Chart.yaml | 46 +- .../charts/postgresql/charts/common/README.md | 644 +- .../charts/common/templates/_affinities.tpl | 188 +- .../charts/common/templates/_capabilities.tpl | 190 +- .../charts/common/templates/_errors.tpl | 46 +- .../charts/common/templates/_images.tpl | 94 +- .../charts/common/templates/_ingress.tpl | 84 +- .../charts/common/templates/_labels.tpl | 36 +- .../charts/common/templates/_names.tpl | 64 +- .../charts/common/templates/_secrets.tpl | 258 +- .../charts/common/templates/_storage.tpl | 46 +- .../charts/common/templates/_tplvalues.tpl | 26 +- .../charts/common/templates/_utils.tpl | 124 +- .../charts/common/templates/_warnings.tpl | 28 +- .../templates/validations/_cassandra.tpl | 144 +- .../common/templates/validations/_mariadb.tpl | 206 +- .../common/templates/validations/_mongodb.tpl | 216 +- .../templates/validations/_postgresql.tpl | 262 +- .../common/templates/validations/_redis.tpl | 144 +- .../templates/validations/_validations.tpl | 92 +- .../postgresql/charts/common/values.yaml | 6 +- .../postgresql/ci/commonAnnotations.yaml | 6 +- .../charts/postgresql/ci/default-values.yaml | 2 +- .../ci/shmvolume-disabled-values.yaml | 4 +- .../charts/postgresql/files/README.md | 2 +- .../charts/postgresql/files/conf.d/README.md | 8 +- .../docker-entrypoint-initdb.d/README.md | 4 +- .../charts/postgresql/templates/NOTES.txt | 118 +- .../charts/postgresql/templates/_helpers.tpl | 674 +- .../postgresql/templates/configmap.yaml | 62 +- .../templates/extended-config-configmap.yaml | 52 +- .../postgresql/templates/extra-list.yaml | 8 +- .../templates/initialization-configmap.yaml | 50 +- .../templates/metrics-configmap.yaml | 28 +- .../postgresql/templates/metrics-svc.yaml | 52 +- .../postgresql/templates/networkpolicy.yaml | 78 +- .../templates/podsecuritypolicy.yaml | 76 +- .../postgresql/templates/prometheusrule.yaml | 46 +- .../charts/postgresql/templates/role.yaml | 40 +- .../postgresql/templates/rolebinding.yaml | 40 +- .../charts/postgresql/templates/secrets.yaml | 48 +- .../postgresql/templates/serviceaccount.yaml | 24 +- .../postgresql/templates/servicemonitor.yaml | 66 +- .../templates/statefulset-readreplicas.yaml | 822 +- .../postgresql/templates/statefulset.yaml | 1218 +- .../postgresql/templates/svc-headless.yaml | 56 +- .../charts/postgresql/templates/svc-read.yaml | 86 +- .../charts/postgresql/templates/svc.yaml | 82 +- .../charts/postgresql/values.schema.json | 206 +- .../artifactory/charts/postgresql/values.yaml | 1648 +- .../artifactory/ci/access-tls-values.yaml | 48 +- .../charts/artifactory/ci/default-values.yaml | 42 +- .../artifactory/ci/derby-test-values.yaml | 36 +- .../charts/artifactory/ci/global-values.yaml | 494 +- .../charts/artifactory/ci/large-values.yaml | 180 +- .../charts/artifactory/ci/medium-values.yaml | 180 +- .../ci/migration-disabled-values.yaml | 42 +- .../ci/nginx-autoreload-values.yaml | 84 +- .../ci/rtsplit-values-access-tls-values.yaml | 226 +- .../charts/artifactory/ci/rtsplit-values.yaml | 368 +- .../charts/artifactory/ci/small-values.yaml | 180 +- .../charts/artifactory/ci/test-values.yaml | 182 +- .../charts/artifactory/files/binarystore.xml | 654 +- .../charts/artifactory/files/migrate.sh | 8684 +++---- .../artifactory/files/migrationHelmInfo.yaml | 62 +- .../artifactory/files/migrationStatus.sh | 86 +- .../charts/artifactory/templates/NOTES.txt | 194 +- .../charts/artifactory/templates/_helpers.tpl | 978 +- .../templates/additional-resources.yaml | 6 +- .../templates/admin-bootstrap-creds.yaml | 30 +- .../templates/artifactory-access-config.yaml | 30 +- .../artifactory-binarystore-secret.yaml | 36 +- .../templates/artifactory-configmaps.yaml | 24 +- .../templates/artifactory-custom-secrets.yaml | 38 +- .../artifactory-database-secrets.yaml | 48 +- .../artifactory-gcp-credentials-secret.yaml | 30 +- .../templates/artifactory-hpa.yaml | 58 +- .../templates/artifactory-installer-info.yaml | 24 +- .../templates/artifactory-license-secret.yaml | 30 +- .../artifactory-migration-scripts.yaml | 34 +- .../templates/artifactory-networkpolicy.yaml | 66 +- .../templates/artifactory-nfs-pvc.yaml | 202 +- .../templates/artifactory-pdb.yaml | 48 +- .../templates/artifactory-priority-class.yaml | 18 +- .../templates/artifactory-role.yaml | 28 +- .../templates/artifactory-rolebinding.yaml | 38 +- .../templates/artifactory-secrets.yaml | 54 +- .../templates/artifactory-service.yaml | 104 +- .../templates/artifactory-serviceaccount.yaml | 34 +- .../templates/artifactory-statefulset.yaml | 2790 +-- .../templates/artifactory-system-yaml.yaml | 30 +- .../templates/artifactory-unified-secret.yaml | 184 +- .../templates/filebeat-configmap.yaml | 30 +- .../charts/artifactory/templates/ingress.yaml | 496 +- .../templates/logger-configmap.yaml | 126 +- .../templates/nginx-artifactory-conf.yaml | 30 +- .../templates/nginx-certificate-secret.yaml | 32 +- .../artifactory/templates/nginx-conf.yaml | 32 +- .../templates/nginx-deployment.yaml | 434 +- .../artifactory/templates/nginx-pdb.yaml | 50 +- .../artifactory/templates/nginx-pvc.yaml | 56 +- .../templates/nginx-scripts-conf.yaml | 104 +- .../artifactory/templates/nginx-service.yaml | 166 +- .../charts/artifactory/values-large.yaml | 160 +- .../charts/artifactory/values-medium.yaml | 160 +- .../charts/artifactory/values-small.yaml | 160 +- .../charts/artifactory/values.yaml | 3774 +-- .disabled/artifactory/ci/default-values.yaml | 14 +- .disabled/artifactory/templates/NOTES.txt | 2 +- .disabled/artifactory/values.yaml | 180 +- .disabled/awx/base/awx.yaml | 38 +- .disabled/awx/kustomization.yaml | 16 +- .disabled/awx/overlays/delete-ns.yaml | 8 +- .disabled/bank-vault-operator/.helmignore | 42 +- .disabled/bank-vault-operator/Chart.yaml | 38 +- .disabled/bank-vault-operator/README.md | 234 +- .disabled/bank-vault-operator/crds/crd.yaml | 17930 +++++++-------- .../templates/_helpers.tpl | 154 +- .../templates/deployment.yaml | 186 +- .../bank-vault-operator/templates/psp.yaml | 136 +- .../bank-vault-operator/templates/role.yaml | 262 +- .../templates/rolebinding.yaml | 92 +- .../bank-vault-operator/templates/sa.yaml | 30 +- .../templates/service.yaml | 58 +- .disabled/bank-vault-operator/values.yaml | 172 +- .../bank-vault-secrets-webhook/.helmignore | 42 +- .../bank-vault-secrets-webhook/Chart.yaml | 22 +- .../bank-vault-secrets-webhook/README.md | 356 +- .../templates/_helpers.tpl | 132 +- .../templates/apiservice-webhook.yaml | 510 +- .../templates/prometheus-monitorservice.yaml | 118 +- .../templates/warnings.tpl | 24 +- .../templates/webhook-cert-manager.yaml | 164 +- .../templates/webhook-deployment.yaml | 214 +- .../templates/webhook-ingress.yaml | 52 +- .../templates/webhook-pdb.yaml | 48 +- .../templates/webhook-psp.yaml | 130 +- .../templates/webhook-rbac.yaml | 168 +- .../templates/webhook-service.yaml | 50 +- .../bank-vault-secrets-webhook/values.yaml | 330 +- .disabled/bitbucket/Chart.yaml | 20 +- .disabled/bitbucket/values.yaml | 70 +- .disabled/camel-k-operator/kustomization.yaml | 56 +- .disabled/cert-manager/kustomization.yaml | 26 +- .../overlays/delete-ns-cert-manager.yaml | 8 +- .disabled/devops-stack-old1/.helmignore | 52 +- .disabled/devops-stack-old1/CHANGELOG.md | 4682 ++-- .disabled/devops-stack-old1/Chart.yaml | 76 +- .disabled/devops-stack-old1/README.md | 2080 +- .disabled/devops-stack-old1/VALUES_SUMMARY.md | 792 +- .../devops-stack-old1/templates/NOTES.txt | 102 +- .../devops-stack-old1/templates/_helpers.tpl | 794 +- .../templates/bank-vault/bv-crb.yaml | 26 +- .../templates/bank-vault/bv-dnsendpoint.yaml | 16 +- .../templates/bank-vault/bv-pvc.yaml | 18 +- .../templates/bank-vault/bv-rb.yaml | 20 +- .../templates/bank-vault/bv-role.yaml | 20 +- .../templates/bank-vault/bv-route.yaml | 30 +- .../templates/bank-vault/bv-sa.yaml | 6 +- .../templates/bank-vault/bv-vault.yaml | 162 +- .../templates/buildah/sa.yaml | 6 +- .../templates/buildah/scc.yaml | 70 +- .../templates/config-init-scripts.yaml | 36 +- .../devops-stack-old1/templates/config.yaml | 172 +- .../templates/custom/ci-dnsendpoint.yaml | 16 +- .../templates/deprecation.yaml | 230 +- .../devops-stack-old1/templates/home-pvc.yaml | 74 +- .../templates/jcasc-config.yaml | 90 +- .../templates/jenkins-agent-svc.yaml | 86 +- .../jenkins-aws-security-group-policies.yaml | 32 +- .../templates/jenkins-backup-cronjob.yaml | 336 +- .../templates/jenkins-backup-rbac.yaml | 128 +- .../jenkins-controller-alerting-rules.yaml | 52 +- .../jenkins-controller-backendconfig.yaml | 48 +- .../templates/jenkins-controller-ingress.yaml | 154 +- .../jenkins-controller-networkpolicy.yaml | 152 +- .../templates/jenkins-controller-pdb.yaml | 68 +- .../templates/jenkins-controller-route.yaml | 68 +- .../jenkins-controller-secondary-ingress.yaml | 112 +- .../jenkins-controller-servicemonitor.yaml | 80 +- .../jenkins-controller-statefulset.yaml | 856 +- .../templates/jenkins-controller-svc.yaml | 104 +- .../templates/kubevirt/crb.yaml | 52 +- .../devops-stack-old1/templates/rbac.yaml | 298 +- .../templates/secret-additional.yaml | 42 +- .../templates/secret-claims.yaml | 56 +- .../templates/secret-https-jks.yaml | 40 +- .../devops-stack-old1/templates/secret.yaml | 40 +- .../templates/service-account-agent.yaml | 46 +- .../templates/service-account.yaml | 46 +- .../templates/tests/jenkins-test.yaml | 98 +- .../templates/tests/test-config.yaml | 28 +- .disabled/devops-stack-old1/values.yaml | 2074 +- .disabled/devops-stack/.helmignore | 52 +- .disabled/devops-stack/CHANGELOG.md | 4806 ++-- .disabled/devops-stack/Chart.yaml | 76 +- .disabled/devops-stack/README.md | 2080 +- .disabled/devops-stack/VALUES_SUMMARY.md | 798 +- .disabled/devops-stack/plugins-list.groovy | 8 +- .../templates.bak/bank-vault/bv-crb.yaml | 26 +- .../bank-vault/bv-dnsendpoint.yaml | 16 +- .../templates.bak/bank-vault/bv-pvc.yaml | 18 +- .../templates.bak/bank-vault/bv-rb.yaml | 20 +- .../templates.bak/bank-vault/bv-role.yaml | 20 +- .../templates.bak/bank-vault/bv-route.yaml | 30 +- .../templates.bak/bank-vault/bv-sa.yaml | 6 +- .../templates.bak/bank-vault/bv-vault.yaml | 162 +- .../templates.bak/kubevirt/crb.yaml | 52 +- .disabled/devops-stack/templates/NOTES.txt | 102 +- .disabled/devops-stack/templates/_helpers.tpl | 882 +- .../templates/config-init-scripts.yaml | 36 +- .disabled/devops-stack/templates/config.yaml | 172 +- .../templates/custom/agent-scc.yaml | 78 +- .../custom/akeyless-vault-secret.yaml | 32 +- .../templates/custom/buildah-sa.yaml | 6 +- .../templates/custom/buildah-scc.yaml | 78 +- .../templates/custom/ci-dnsendpoint.yaml | 16 +- .../devops-stack/templates/deprecation.yaml | 230 +- .../devops-stack/templates/home-pvc.yaml | 74 +- .../devops-stack/templates/jcasc-config.yaml | 90 +- .../templates/jenkins-agent-svc.yaml | 86 +- .../jenkins-aws-security-group-policies.yaml | 32 +- .../templates/jenkins-backup-cronjob.yaml | 336 +- .../templates/jenkins-backup-rbac.yaml | 128 +- .../jenkins-controller-alerting-rules.yaml | 52 +- .../jenkins-controller-backendconfig.yaml | 48 +- .../templates/jenkins-controller-ingress.yaml | 154 +- .../jenkins-controller-networkpolicy.yaml | 152 +- .../templates/jenkins-controller-pdb.yaml | 68 +- .../jenkins-controller-podmonitor.yaml | 60 +- .../templates/jenkins-controller-route.yaml | 68 +- .../jenkins-controller-secondary-ingress.yaml | 112 +- .../jenkins-controller-servicemonitor.yaml | 80 +- .../jenkins-controller-statefulset.yaml | 864 +- .../templates/jenkins-controller-svc.yaml | 112 +- .disabled/devops-stack/templates/rbac.yaml | 298 +- .../templates/secret-additional.yaml | 42 +- .../devops-stack/templates/secret-claims.yaml | 56 +- .../templates/secret-https-jks.yaml | 40 +- .disabled/devops-stack/templates/secret.yaml | 40 +- .../templates/service-account-agent.yaml | 46 +- .../templates/service-account.yaml | 46 +- .../templates/tests/jenkins-test.yaml | 98 +- .../templates/tests/test-config.yaml | 28 +- .disabled/devops-stack/values.yaml | 2374 +- .disabled/devspaces/devspaces.yaml | 146 +- .disabled/devspaces/dnsendpoint.yaml | 16 +- .disabled/devspaces/incubator-che.yaml.bak | 184 +- .disabled/grafana-operator/grafana-cr.yaml | 200 +- .disabled/grafana-operator/grafana-crb.yaml | 24 +- .disabled/grafana-operator/grafana-crd.yaml | 274 +- .../grafanadashboard-crd.yaml | 72 +- .../grafanadatasource-crd.yaml | 70 +- .../grafana-operator/operator-deployment.yaml | 80 +- .../grafana-operator/service_account.yaml | 8 +- .disabled/grafana/grafana.yaml | 44 +- .disabled/harbor/.helmignore | 42 +- .disabled/harbor/Chart.yaml | 74 +- .disabled/harbor/README.md | 2378 +- .disabled/harbor/cert/tls.crt | 64 +- .disabled/harbor/cert/tls.key | 102 +- .../harbor/charts/postgresql/.helmignore | 42 +- .disabled/harbor/charts/postgresql/Chart.lock | 12 +- .disabled/harbor/charts/postgresql/Chart.yaml | 58 +- .disabled/harbor/charts/postgresql/README.md | 1634 +- .../postgresql/charts/common/.helmignore | 44 +- .../postgresql/charts/common/Chart.yaml | 46 +- .../charts/postgresql/charts/common/README.md | 656 +- .../charts/common/templates/_affinities.tpl | 204 +- .../charts/common/templates/_capabilities.tpl | 256 +- .../charts/common/templates/_errors.tpl | 46 +- .../charts/common/templates/_images.tpl | 150 +- .../charts/common/templates/_ingress.tpl | 110 +- .../charts/common/templates/_labels.tpl | 36 +- .../charts/common/templates/_names.tpl | 104 +- .../charts/common/templates/_secrets.tpl | 258 +- .../charts/common/templates/_storage.tpl | 46 +- .../charts/common/templates/_tplvalues.tpl | 26 +- .../charts/common/templates/_utils.tpl | 124 +- .../charts/common/templates/_warnings.tpl | 28 +- .../templates/validations/_cassandra.tpl | 144 +- .../common/templates/validations/_mariadb.tpl | 206 +- .../common/templates/validations/_mongodb.tpl | 216 +- .../templates/validations/_postgresql.tpl | 258 +- .../common/templates/validations/_redis.tpl | 152 +- .../templates/validations/_validations.tpl | 92 +- .../postgresql/charts/common/values.yaml | 10 +- .../postgresql/ci/commonAnnotations.yaml | 6 +- .../charts/postgresql/ci/default-values.yaml | 2 +- .../ci/shmvolume-disabled-values.yaml | 4 +- .../harbor/charts/postgresql/files/README.md | 2 +- .../charts/postgresql/files/conf.d/README.md | 8 +- .../docker-entrypoint-initdb.d/README.md | 4 +- .../charts/postgresql/templates/NOTES.txt | 178 +- .../charts/postgresql/templates/_helpers.tpl | 722 +- .../postgresql/templates/configmap.yaml | 68 +- .../templates/extended-config-configmap.yaml | 58 +- .../postgresql/templates/extra-list.yaml | 8 +- .../templates/initialization-configmap.yaml | 52 +- .../templates/metrics-configmap.yaml | 34 +- .../postgresql/templates/metrics-svc.yaml | 58 +- .../postgresql/templates/networkpolicy.yaml | 84 +- .../templates/podsecuritypolicy.yaml | 84 +- .../postgresql/templates/prometheusrule.yaml | 52 +- .../charts/postgresql/templates/role.yaml | 48 +- .../postgresql/templates/rolebinding.yaml | 46 +- .../charts/postgresql/templates/secrets.yaml | 54 +- .../postgresql/templates/serviceaccount.yaml | 30 +- .../postgresql/templates/servicemonitor.yaml | 84 +- .../templates/statefulset-readreplicas.yaml | 872 +- .../postgresql/templates/statefulset.yaml | 1284 +- .../postgresql/templates/svc-headless.yaml | 62 +- .../postgresql/templates/svc-read-set.yaml | 84 +- .../charts/postgresql/templates/svc-read.yaml | 94 +- .../charts/postgresql/templates/svc.yaml | 90 +- .../postgresql/templates/tls-secrets.yaml | 50 +- .../charts/postgresql/values.schema.json | 206 +- .../harbor/charts/postgresql/values.yaml | 2002 +- .disabled/harbor/conf/clair.yaml | 32 +- .disabled/harbor/conf/notary-server.json | 64 +- .disabled/harbor/conf/notary-signer.json | 40 +- .disabled/harbor/templates/NOTES.txt | 154 +- .disabled/harbor/templates/_helpers.tpl | 1752 +- .../chartmuseum/chartmuseum-cm-envvars.yaml | 266 +- .../chartmuseum/chartmuseum-dpl.yaml | 440 +- .../chartmuseum/chartmuseum-pvc.yaml | 58 +- .../chartmuseum/chartmuseum-secret.yaml | 64 +- .../chartmuseum/chartmuseum-svc.yaml | 42 +- .../harbor/templates/clair/clair-dpl.yaml | 534 +- .../harbor/templates/clair/clair-secret.yaml | 36 +- .../harbor/templates/clair/clair-svc.yaml | 48 +- .../templates/core/core-cm-envvars.yaml | 102 +- .disabled/harbor/templates/core/core-cm.yaml | 40 +- .disabled/harbor/templates/core/core-dpl.yaml | 514 +- .../templates/core/core-secret-envvars.yaml | 62 +- .../harbor/templates/core/core-secret.yaml | 68 +- .disabled/harbor/templates/core/core-svc.yaml | 44 +- .disabled/harbor/templates/extra-list.yaml | 8 +- .../harbor/templates/ingress/dnsendpoint.yaml | 16 +- .../harbor/templates/ingress/ingress.yaml | 324 +- .disabled/harbor/templates/ingress/route.yaml | 40 +- .../harbor/templates/ingress/secret.yaml | 76 +- .../internal/internal-crt-secret.yaml | 278 +- .../jobservice/jobservice-cm-envvars.yaml | 48 +- .../templates/jobservice/jobservice-cm.yaml | 102 +- .../templates/jobservice/jobservice-dpl.yaml | 440 +- .../templates/jobservice/jobservice-pvc.yaml | 54 +- .../jobservice/jobservice-secret-envvars.yaml | 30 +- .../jobservice/jobservice-secrets.yaml | 30 +- .../templates/jobservice/jobservice-svc.yaml | 38 +- .../templates/nginx/configmap-http.yaml | 328 +- .../templates/nginx/configmap-https.yaml | 468 +- .../harbor/templates/nginx/deployment.yaml | 344 +- .disabled/harbor/templates/nginx/secret.yaml | 58 +- .disabled/harbor/templates/nginx/service.yaml | 120 +- .../notary/notary-secret-envvars.yaml | 36 +- .../templates/notary/notary-secret.yaml | 52 +- .../templates/notary/notary-server.yaml | 336 +- .../templates/notary/notary-signer.yaml | 330 +- .../harbor/templates/notary/notary-svc.yaml | 84 +- .../harbor/templates/portal/portal-cm.yaml | 116 +- .../harbor/templates/portal/portal-dpl.yaml | 308 +- .../harbor/templates/portal/portal-svc.yaml | 36 +- .../templates/registry/registry-cm.yaml | 408 +- .../templates/registry/registry-dpl.yaml | 784 +- .../templates/registry/registry-pvc.yaml | 54 +- .../templates/registry/registry-secret.yaml | 76 +- .../templates/registry/registry-svc.yaml | 38 +- .../templates/trivy/trivy-cm-envvars.yaml | 66 +- .../templates/trivy/trivy-secret-envvars.yaml | 40 +- .../harbor/templates/trivy/trivy-sts.yaml | 404 +- .../harbor/templates/trivy/trivy-svc.yaml | 44 +- .disabled/harbor/values-production.yaml | 5480 ++--- .disabled/harbor/values.yaml | 6088 ++--- .../infra-minio-operator/delete-minio-ns.yaml | 8 +- .../infra-minio-operator/kustomization.yaml | 112 +- .disabled/iptables-config/config-ds.yaml | 162 +- .disabled/iptables-config/sa.yaml | 10 +- .disabled/jfrog-platform/Chart.yaml | 12 +- .disabled/jfrog-platform/templates/route.yaml | 28 +- .disabled/jfrog-platform/values.yaml | 666 +- .../keycloak-operator/kustomization.yaml | 20 +- .../overlays/delete-ns-keycloak-operator.yaml | 10 +- .disabled/kong-system/base/gateway.yaml | 20 +- .disabled/kong-system/base/gatewayclass.yaml | 12 +- .disabled/kong-system/kustomization.yaml | 30 +- .../controller-manager-deployment.yaml | 20 +- .../overlays/namespace-removal.yaml | 8 +- .../centos8-stream-dv.yaml | 36 +- .../os-images-view-r.yaml | 72 +- .../os-images-view-rb.yaml | 30 +- .disabled/kubevirt-data-volumes/update.sh | 8 +- .../minio-operator/base/console-route.yaml | 26 +- .disabled/minio-operator/kustomization.yaml | 22 +- .../overlays/console-deploy.yaml | 24 +- .../overlays/delete-minio-ns.yaml | 10 +- .../overlays/minio-operator-deploy.yaml | 24 +- .disabled/minio/minio-config.yaml | 20 +- .disabled/minio/minio-route.yaml | 28 +- .disabled/minio/minio-tenant.yaml | 66 +- .disabled/moon-test/Chart.yaml | 10 +- .disabled/moon-test/README.md | 96 +- .disabled/moon-test/templates/NOTES.txt | 16 +- .disabled/moon-test/templates/_helpers.tpl | 64 +- .disabled/moon-test/templates/configmap.yml | 42 +- .disabled/moon-test/templates/deployment.yml | 196 +- .disabled/moon-test/templates/ingress.yml | 32 +- .../moon-test/templates/resourcequota.yml | 22 +- .disabled/moon-test/templates/role.yml | 28 +- .disabled/moon-test/templates/rolebinding.yml | 30 +- .disabled/moon-test/templates/sa.yaml | 8 +- .disabled/moon-test/templates/secret.yml | 34 +- .disabled/moon-test/templates/service.yml | 114 +- .disabled/moon-test/values.yaml | 1582 +- .disabled/nexus/.helmignore | 48 +- .disabled/nexus/Chart.yaml | 80 +- .disabled/nexus/LICENSE | 26 +- .disabled/nexus/README.md | 472 +- .disabled/nexus/templates/NOTES.txt | 54 +- .disabled/nexus/templates/_helpers.tpl | 126 +- .../nexus/templates/configmap-properties.yaml | 32 +- .disabled/nexus/templates/configmap.yaml | 28 +- .disabled/nexus/templates/deployment.yaml | 340 +- .disabled/nexus/templates/ingress.yaml | 170 +- .disabled/nexus/templates/proxy-route.yaml | 46 +- .disabled/nexus/templates/pv.yaml | 52 +- .disabled/nexus/templates/pvc.yaml | 60 +- .disabled/nexus/templates/route.yaml | 54 +- .disabled/nexus/templates/secret.yaml | 30 +- .disabled/nexus/templates/service.yaml | 132 +- .disabled/nexus/templates/serviceaccount.yaml | 30 +- .../nexus/templates/test/test-check-logs.yaml | 50 +- .../nexus/templates/test/test-connection.yaml | 30 +- .disabled/nexus/values.yaml | 362 +- .disabled/noobaa/cluster_role.yaml | 134 +- .disabled/noobaa/cluster_role_binding.yaml | 24 +- .disabled/noobaa/noobaa-cr.yaml | 46 +- .../noobaa/noobaa.io_backingstores_crd.yaml | 676 +- .../noobaa/noobaa.io_bucketclasses_crd.yaml | 328 +- .disabled/noobaa/noobaa.io_noobaas_crd.yaml | 2218 +- ...bjectbucket.io_objectbucketclaims_crd.yaml | 38 +- .../objectbucket.io_objectbuckets_crd.yaml | 38 +- .disabled/noobaa/operator.yaml | 74 +- .disabled/noobaa/role.yaml | 226 +- .disabled/noobaa/role_binding.yaml | 22 +- .disabled/noobaa/service_account.yaml | 12 +- .../service-mesh-control-plane.yaml | 142 +- .../service-mesh-member-roll.yaml | 28 +- .../.istio-system/snippets/networkpolicy.yaml | 24 +- .disabled/old/argo/README.md | 24 +- .disabled/old/argo/argo-ui-route.yaml | 30 +- .disabled/old/argo/argo.yaml | 768 +- .disabled/old/che/cluster_role.yaml | 100 +- .disabled/old/che/cluster_role_binding.yaml | 42 +- .disabled/old/che/operator.yaml | 134 +- .disabled/old/che/org_v1_che_cr.yaml | 92 +- .disabled/old/che/org_v1_che_crd.yaml | 1018 +- .disabled/old/che/role.yaml | 164 +- .disabled/old/che/role_binding.yaml | 42 +- .disabled/old/che/service_account.yaml | 28 +- .../hcloud-csi/hcloud-csi-sealed-secret.yaml | 32 +- .disabled/old/hcloud-csi/hcloud-csi.yaml | 570 +- .../old/istio-operator/maistra-operator.yaml | 780 +- .../old/jaeger-operator/clusterrole.yaml | 318 +- .../jaeger-operator/clusterrolebinding.yaml | 26 +- .../jaegertracing_v1_jaeger_crd.yaml | 26 +- .disabled/old/jaeger-operator/operator.yaml | 66 +- .../old/jaeger-operator/service_account.yaml | 10 +- .../old/keycloak-operator/cluster_role.yaml | 262 +- .../cluster_role_binding.yaml | 24 +- .../keycloak.org_keycloakbackups_crd.yaml | 298 +- .../keycloak.org_keycloakclients_crd.yaml | 506 +- .../keycloak.org_keycloakrealms_crd.yaml | 856 +- .../keycloak.org_keycloaks_crd.yaml | 268 +- .../keycloak.org_keycloakusers_crd.yaml | 352 +- .disabled/old/keycloak-operator/operator.yaml | 62 +- .../keycloak-operator/service_account.yaml | 8 +- .disabled/old/keycloak/demo-admin-user.yaml | 34 +- .disabled/old/keycloak/demo-client.yaml | 32 +- .disabled/old/keycloak/demo-user.yaml | 34 +- .disabled/old/keycloak/keycloak.yaml | 26 +- .disabled/old/keycloak/realm.yaml | 28 +- .disabled/old/keycloak/route.yaml | 34 +- .../old/kiali-operator/kiali-operator.yaml | 812 +- .../cluster-network-addons00.crd.yaml | 68 +- .../kubevirt-hyperconverged/cluster_role.yaml | 2306 +- .../cluster_role_binding.yaml | 244 +- .../containerized-data-importer00.crd.yaml | 178 +- .../old/kubevirt-hyperconverged/hco.cr.yaml | 12 +- .../kubevirt-hyperconverged/hco00.crd.yaml | 74 +- .../kubevirt-hyperconverged/hco01.crd.yaml | 36 +- .../kubevirt00.crd.yaml | 62 +- .../node-maintenance00.crd.yaml | 144 +- .../old/kubevirt-hyperconverged/operator.yaml | 658 +- .../scheduling-scale-performance00.crd.yaml | 34 +- .../scheduling-scale-performance01.crd.yaml | 34 +- .../scheduling-scale-performance02.crd.yaml | 34 +- .../scheduling-scale-performance03.crd.yaml | 34 +- .../service_account.yaml | 96 +- .disabled/old/minio/.helmignore | 2 +- .disabled/old/minio/Chart.yaml | 38 +- .disabled/old/minio/README.md | 498 +- .disabled/old/minio/templates/NOTES.txt | 142 +- .disabled/old/minio/templates/_helpers.tpl | 372 +- .../templates/deployment-standalone.yaml | 312 +- .disabled/old/minio/templates/ingress.yaml | 66 +- .../templates/minio-keys-sealed-secret.yaml | 28 +- .../old/minio/templates/networkpolicy.yaml | 52 +- .../old/minio/templates/pvc-standalone.yaml | 52 +- .disabled/old/minio/templates/secrets.yaml | 30 +- .disabled/old/minio/templates/service.yaml | 54 +- .../old/minio/templates/statefulset.yaml | 376 +- .../old/minio/templates/svc-headless.yaml | 42 +- .../old/minio/templates/tls-secrets.yaml | 34 +- .disabled/old/minio/values.yaml | 752 +- .../old/strimzi-kafka-operator/.helmignore | 42 +- .../old/strimzi-kafka-operator/Chart.yaml | 42 +- .disabled/old/strimzi-kafka-operator/OWNERS | 14 +- .../old/strimzi-kafka-operator/README.md | 296 +- ...rviceAccount-strimzi-cluster-operator.yaml | 20 +- ...terRole-strimzi-cluster-operator-role.yaml | 578 +- ...-RoleBinding-strimzi-cluster-operator.yaml | 62 +- ...terRole-strimzi-cluster-operator-role.yaml | 78 +- ...rRoleBinding-strimzi-cluster-operator.yaml | 38 +- .../030-ClusterRole-strimzi-kafka-broker.yaml | 36 +- ...ster-operator-kafka-broker-delegation.yaml | 40 +- ...1-ClusterRole-strimzi-entity-operator.yaml | 112 +- ...r-operator-entity-operator-delegation.yaml | 54 +- ...32-ClusterRole-strimzi-topic-operator.yaml | 60 +- ...er-operator-topic-operator-delegation.yaml | 54 +- .../templates/040-Crd-kafka.yaml | 7604 +++---- .../templates/041-Crd-kafkaconnect.yaml | 1844 +- .../templates/042-Crd-kafkaconnects2i.yaml | 1866 +- .../templates/043-Crd-kafkatopic.yaml | 168 +- .../templates/044-Crd-kafkauser.yaml | 308 +- .../templates/045-Crd-kafkamirrormaker.yaml | 1920 +- .../templates/046-Crd-kafkabridge.yaml | 1240 +- .../templates/047-Crd-kafkaconnector.yaml | 138 +- .../templates/048-Crd-kafkamirrormaker2.yaml | 1972 +- ...0-Deployment-strimzi-cluster-operator.yaml | 210 +- .../templates/NOTES.txt | 10 +- .../templates/_helpers.tpl | 98 +- .../templates/_kafka_image_map.tpl | 70 +- .../old/strimzi-kafka-operator/values.yaml | 236 +- .disabled/openshift-acme/kustomization.yaml | 16 +- .disabled/pixie/base/scc.yaml | 40 +- .disabled/pixie/kustomization.yaml | 16 +- .disabled/pixie/overlays/delete-ns-pixie.yaml | 8 +- .disabled/pixie/overlays/postgresql.yaml | 12 +- .disabled/pixie/yml.yml | 18896 ++++++++-------- .disabled/portworx/operator.yaml | 96 +- .disabled/portworx/sa.yaml | 10 +- .disabled/portworx/scc-clusterrole.yaml | 38 +- .../portworx/scc-clusterrolebinding.yaml | 34 +- .disabled/portworx/storagecluster.yaml | 82 +- .../postgresql-operator/base/ui-route.yaml | 26 +- .../postgresql-operator/kustomization.yaml | 22 +- .../overlays/delete-ui-ingress.yaml | 8 +- .../overlays/postgres-operator.yaml | 24 +- .../overlays/postgresql-operator-cm.yaml | 12 +- .../overlays/postgresql-pod-cr.yaml | 92 +- .../contour-gateway-provisioner.yaml | 17520 +++++++------- .disabled/projectcontour/contour.yaml | 10432 ++++----- .disabled/prometheus-operator/crb.yaml | 34 +- .../prometheus-operator/operator-svc.yaml | 36 +- .disabled/prometheus-operator/operator.yaml | 186 +- ...ometheus-monitoring-stack-clusterrole.yaml | 84 +- .../prometheus-operator-cr.yaml | 204 +- .../prometheus-operator.yaml | 18 +- .disabled/rook-ceph/base/20_ceph-cluster.yaml | 496 +- .../rook-ceph/base/30_ceph-block-pool.yaml | 18 +- .../rook-ceph/base/35_ceph-filesystem.yaml | 34 +- .../rook-ceph/base/40_ceph-storage-class.yaml | 70 +- .../base/45_cephfs-storage-class.yaml | 68 +- .../base/50_ceph-volumesnapshotclass.yaml | 26 +- .../base/55_cephfs-volumesnapshotclass.yaml | 26 +- .disabled/rook-ceph/kustomization.yaml | 36 +- .../overlays/delete-ns-rook-ceph.yaml | 8 +- .../rook-ceph/overlays/delete-psp-rook.yaml | 10 +- .../rook-ceph/overlays/fix-rook-scc.yaml | 16 +- .disabled/sonarqube/.helmignore | 46 +- .disabled/sonarqube/CHANGELOG.md | 72 +- .disabled/sonarqube/Chart.yaml | 38 +- .disabled/sonarqube/OWNERS | 12 +- .disabled/sonarqube/README.md | 492 +- .disabled/sonarqube/requirements.yaml | 10 +- .disabled/sonarqube/templates/NOTES.txt | 38 +- .disabled/sonarqube/templates/_helpers.tpl | 122 +- .../templates/change-admin-password-hook.yml | 72 +- .disabled/sonarqube/templates/config.yaml | 50 +- .disabled/sonarqube/templates/deployment.yaml | 736 +- .disabled/sonarqube/templates/ingress.yaml | 82 +- .../sonarqube/templates/init-sysctl.yaml | 74 +- .../sonarqube/templates/install-plugins.yaml | 64 +- .../sonarqube/templates/postgres-config.yaml | 36 +- .disabled/sonarqube/templates/pvc.yaml | 60 +- .disabled/sonarqube/templates/route.yaml | 30 +- .disabled/sonarqube/templates/secret.yaml | 28 +- .disabled/sonarqube/templates/service.yaml | 78 +- .../sonarqube/templates/serviceaccount.yaml | 30 +- .../sonarqube/templates/sonarqube-scc.yaml | 124 +- .../templates/tests/sonarqube-test.yaml | 94 +- .../templates/tests/test-config.yaml | 32 +- .disabled/sonarqube/values.yaml | 680 +- .disabled/tekton-chatopshandler/README.md | 68 +- .../github-token-sealedsecret.yaml | 28 +- ...-chatops-event-listener-eventlistener.yaml | 22 +- .../tekton-chatops-gitopscli-task-task.yaml | 226 +- ...greeting-event-listener-eventlistener.yaml | 22 +- ...on-chatops-greeting-pipeline-pipeline.yaml | 52 +- .../tekton-chatops-greeting-route-route.yaml | 30 +- .../tekton-chatops-greeting-task-task.yaml | 82 +- ...eeting-trigger-binding-triggerbinding.yaml | 32 +- ...ting-trigger-template-triggertemplate.yaml | 62 +- .../tekton-chatops-pipeline-pipeline.yaml | 52 +- .../tekton-chatops-role-role.yaml | 86 +- .../tekton-chatops-rolebinding-rb.yaml | 22 +- .../tekton-chatops-route-route.yaml | 30 +- .../tekton-chatops-sa-sa.yaml | 8 +- ...hatops-trigger-binding-triggerbinding.yaml | 32 +- ...tops-trigger-template-triggertemplate.yaml | 62 +- ...syncapps-event-listener-eventlistener.yaml | 22 +- .../tekton-syncapps-pipeline-pipeline.yaml | 34 +- .../tekton-syncapps-route-route.yaml | 30 +- .../tekton-syncapps-task-task.yaml | 56 +- ...ncapps-trigger-binding-triggerbinding.yaml | 20 +- ...apps-trigger-template-triggertemplate.yaml | 52 +- .../openshift-tekton-dashboard-release.yaml | 1020 +- .../tekton-dashboard-route.yaml | 26 +- .../tekton-pipelines/pipelines/release.yaml | 3872 ++-- .../tekton-pipelines/triggers/release.yaml | 2398 +- .disabled/vault/vault-auth-delegator-crb.yaml | 26 +- .disabled/vault/vault-dnsendpoint.yaml | 16 +- .disabled/vault/vault-pvc.yaml | 18 +- .disabled/vault/vault-rb.yaml | 20 +- .disabled/vault/vault-role.yaml | 20 +- .disabled/vault/vault-route.yaml | 30 +- .disabled/vault/vault-sa.yaml | 6 +- .disabled/vault/vault.yaml | 132 +- .disabled/velero/.helmignore | 42 +- .disabled/velero/Chart.yaml | 42 +- .disabled/velero/OWNERS | 24 +- .disabled/velero/README.md | 290 +- .disabled/velero/templates/NOTES.txt | 26 +- .disabled/velero/templates/_helpers.tpl | 224 +- .../templates/backupstoragelocation.yaml | 54 +- .../velero/templates/clusterrolebinding.yaml | 40 +- .disabled/velero/templates/configmaps.yaml | 34 +- .disabled/velero/templates/crds/backups.yaml | 784 +- .../crds/backupstoragelocations.yaml | 234 +- .../velero/templates/crds/cleanup-crds.yaml | 78 +- .../templates/crds/deletebackuprequests.yaml | 138 +- .../templates/crds/downloadrequests.yaml | 180 +- .../templates/crds/podvolumebackups.yaml | 316 +- .../templates/crds/podvolumerestores.yaml | 282 +- .../templates/crds/resticrepositories.yaml | 170 +- .disabled/velero/templates/crds/restores.yaml | 370 +- .../velero/templates/crds/schedules.yaml | 742 +- .../templates/crds/serverstatusrequests.yaml | 162 +- .../crds/volumesnapshotlocations.yaml | 140 +- .disabled/velero/templates/deployment.yaml | 334 +- .../velero/templates/objectbucketclaim.yaml | 14 +- .../velero/templates/restic-daemonset.yaml | 280 +- .disabled/velero/templates/role.yaml | 40 +- .disabled/velero/templates/rolebinding.yaml | 40 +- .../velero/templates/s3-sealed-secret.yaml | 34 +- .disabled/velero/templates/schedule.yaml | 36 +- .disabled/velero/templates/secret.yaml | 38 +- .disabled/velero/templates/service.yaml | 42 +- .../templates/serviceaccount-server.yaml | 28 +- .../velero/templates/servicemonitor.yaml | 44 +- .../templates/volumesnapshotlocation.yaml | 34 +- .disabled/velero/values.yaml | 502 +- .disabled/vmc-operator/kustomization.yaml | 14 +- .../vmc-operator/overlays/delete-ns.yaml | 8 +- .disabled/wso2-apim/Chart.yaml | 40 +- .disabled/wso2-apim/README.md | 696 +- .disabled/wso2-apim/auth.json | 20 +- .disabled/wso2-apim/requirements.yaml | 46 +- .disabled/wso2-apim/templates/NOTES.txt | 114 +- .disabled/wso2-apim/templates/_helpers.tpl | 164 +- ...so2am-pattern-3-am-control-plane-conf.yaml | 538 +- ...pattern-3-am-control-plane-deployment.yaml | 314 +- ...am-pattern-3-am-control-plane-service.yaml | 76 +- ...so2am-pattern-3-am-control-plane-conf.yaml | 540 +- ...pattern-3-am-control-plane-deployment.yaml | 314 +- ...am-pattern-3-am-control-plane-service.yaml | 76 +- ...rn-3-am-control-plane-conf-entrypoint.yaml | 178 +- ...am-pattern-3-am-control-plane-ingress.yaml | 82 +- ...am-pattern-3-am-control-plane-service.yaml | 62 +- ...tern-3-am-control-plane-volume-claims.yaml | 148 +- .../wso2am-pattern-3-am-gateway-conf.yaml | 286 +- ...so2am-pattern-3-am-gateway-deployment.yaml | 230 +- .../wso2am-pattern-3-am-gateway-ingress.yaml | 82 +- .../wso2am-pattern-3-am-gateway-service.yaml | 86 +- .../wso2am-pattern-3-am-websub-ingress.yaml | 82 +- .../wso2am-pattern-3-mi-deployment.yaml | 218 +- ...so2am-pattern-3-mi-management-ingress.yaml | 82 +- .../mi/wso2am-pattern-3-mi-service.yaml | 100 +- .disabled/wso2-apim/templates/route/cp.yaml | 30 +- .disabled/wso2-apim/templates/route/gwi.yaml | 30 +- .disabled/wso2-apim/templates/route/mi.yaml | 30 +- .../wso2-apim/templates/route/websub.yaml | 30 +- .../wso2am-pattern-3-mi-secrets.yaml | 60 +- .../templates/wso2am-pattern-3-secrets.yaml | 60 +- .../wso2am-pattern-3-service-account.yaml | 38 +- .disabled/wso2-apim/values.yaml | 570 +- .gitignore | 6 +- .jenkins-pipelines/chatops.groovy | 132 +- .jenkins-pipelines/sync-apps.groovy | 60 +- README.md | 54 +- akeyless-vault/akeyless-secret.yaml.example | 18 +- akeyless-vault/cluster-secret-store.yaml | 44 +- .../external-secret-example.yaml.example | 28 +- argocd/README.md | 58 +- argocd/base/HOWTOENCRYPT.md | 4 +- argocd/base/argocd-dex-external-secret.yaml | 28 +- argocd/base/argocd-ui-route.yaml | 28 +- argocd/base/bootstrap-application.yaml | 38 +- argocd/base/default-appprojects.yaml | 24 +- argocd/base/dnsendpoint.yaml | 16 +- argocd/base/servicemonitors.yaml | 66 +- argocd/kustomization.yaml | 50 +- .../argocd-application-controller.yaml | 20 +- argocd/overlays/argocd-cm.yaml | 86 +- argocd/overlays/argocd-dex-server-sa.yaml | 12 +- argocd/overlays/argocd-dex-server.yaml | 24 +- argocd/overlays/argocd-notifications-cm.yaml | 36 +- argocd/overlays/argocd-rbac-cm.yaml | 18 +- argocd/overlays/argocd-redis-ha-haproxy.yaml | 24 +- argocd/overlays/argocd-redis.yaml | 24 +- .../overlays/argocd-repo-server-deploy.yaml | 28 +- argocd/overlays/argocd-server-deploy.yaml | 36 +- argocd/overlays/catalog-install.yaml | 1128 +- argocd/overlays/networkpolicies.yaml | 94 +- .../cloudflare-api-key-external-secret.yaml | 28 +- ...flare-lets-encrypt-prod-clusterissuer.yaml | 32 +- .../cluster-apiserver.yaml | 26 +- .../default-ingress-tls-certificate.yaml | 46 +- .../default-ingresscontroller.yaml | 20 +- .../master-apiserver-tls-certificate.yaml | 26 +- external-dns/base/cf-api-key.yaml | 28 +- external-dns/kustomization.yaml | 24 +- external-dns/overlays/clusterrole.yaml | 52 +- external-dns/overlays/deployment.yaml | 60 +- external-secrets/.helmignore | 52 +- external-secrets/Chart.yaml | 30 +- external-secrets/README.md | 344 +- external-secrets/templates/NOTES.txt | 24 +- external-secrets/templates/_helpers.tpl | 220 +- .../templates/cert-controller-deployment.yaml | 214 +- .../cert-controller-poddisruptionbudget.yaml | 36 +- .../templates/cert-controller-rbac.yaml | 138 +- .../templates/cert-controller-service.yaml | 62 +- .../cert-controller-serviceaccount.yaml | 32 +- .../cert-controller-servicemonitor.yaml | 76 +- .../templates/crds/acraccesstoken.yaml | 284 +- .../templates/crds/clusterexternalsecret.yaml | 910 +- .../templates/crds/clustersecretstore.yaml | 4924 ++-- .../templates/crds/ecrauthorizationtoken.yaml | 258 +- .../templates/crds/externalsecret.yaml | 1238 +- external-secrets/templates/crds/fake.yaml | 118 +- .../templates/crds/gcraccesstoken.yaml | 218 +- external-secrets/templates/crds/password.yaml | 158 +- .../templates/crds/pushsecret.yaml | 430 +- .../templates/crds/secretstore.yaml | 4924 ++-- external-secrets/templates/deployment.yaml | 240 +- .../templates/poddisruptionbudget.yaml | 36 +- external-secrets/templates/rbac.yaml | 492 +- external-secrets/templates/service.yaml | 64 +- .../templates/serviceaccount.yaml | 32 +- .../templates/servicemonitor.yaml | 78 +- .../templates/validatingwebhook.yaml | 128 +- .../templates/webhook-deployment.yaml | 234 +- .../webhook-poddisruptionbudget.yaml | 38 +- .../templates/webhook-secret.yaml | 28 +- .../templates/webhook-service.yaml | 82 +- .../templates/webhook-serviceaccount.yaml | 32 +- .../templates/webhook-servicemonitor.yaml | 76 +- external-secrets/values.yaml | 792 +- kubernetes-oom-event-generator/cr.yaml | 42 +- kubernetes-oom-event-generator/crb.yaml | 24 +- .../deployment.yaml | 44 +- kubernetes-oom-event-generator/sa.yaml | 6 +- .../storage-cluster.yaml.example | 448 +- reloader/kustomization.yaml | 16 +- reloader/overlays/deployment.yaml | 18 +- sealed-secrets/README.md | 98 +- sealed-secrets/kubeseal.crt | 54 +- sealed-secrets/kustomization.yaml | 18 +- .../sealed-secrets-controller-deploy.yaml | 26 +- 1112 files changed, 173232 insertions(+), 173232 deletions(-) rename {openshift-cert-manager => cert-manager}/cloudflare-api-key-external-secret.yaml (95%) rename {openshift-cert-manager => cert-manager}/cloudflare-lets-encrypt-prod-clusterissuer.yaml (96%) rename {openshift-cert-manager => cert-manager}/cluster-apiserver.yaml (95%) rename {openshift-cert-manager => cert-manager}/default-ingress-tls-certificate.yaml (96%) rename {openshift-cert-manager => cert-manager}/default-ingresscontroller.yaml (96%) rename {openshift-cert-manager => cert-manager}/master-apiserver-tls-certificate.yaml (96%) diff --git a/.disabled/.monitoring-stack/alertmanager/HOWTOENCRYPT.md b/.disabled/.monitoring-stack/alertmanager/HOWTOENCRYPT.md index 92a1eb4f..9ef73e26 100644 --- a/.disabled/.monitoring-stack/alertmanager/HOWTOENCRYPT.md +++ b/.disabled/.monitoring-stack/alertmanager/HOWTOENCRYPT.md @@ -1,3 +1,3 @@ -``` -kubeseal --cert ~/kubeseal/kubeseal.crt --namespace=monitoring-stack -oyaml < alertmanager-secret.yaml.ignore > alertmanager-sealed-secret.yaml +``` +kubeseal --cert ~/kubeseal/kubeseal.crt --namespace=monitoring-stack -oyaml < alertmanager-secret.yaml.ignore > alertmanager-sealed-secret.yaml ``` \ No newline at end of file diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-cr.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-cr.yaml index 2ac54571..92e2356f 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-cr.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-cr.yaml @@ -1,18 +1,18 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: alertmanager -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alertmanager +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-crb.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-crb.yaml index dfa9de65..9cc4e709 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-crb.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-crb.yaml @@ -1,12 +1,12 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: alertmanager-wheel -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: alertmanager -subjects: -- kind: ServiceAccount - name: alertmanager-wheel +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alertmanager-wheel +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alertmanager +subjects: +- kind: ServiceAccount + name: alertmanager-wheel namespace: monitoring-stack \ No newline at end of file diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-kube-rbac-proxy.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-kube-rbac-proxy.yaml index 83c5f387..e1696047 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-kube-rbac-proxy.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-kube-rbac-proxy.yaml @@ -1,18 +1,18 @@ -apiVersion: v1 -stringData: - config.yaml: | - "authorization": - "resourceAttributes": - "apiGroup": "monitoring.coreos.com" - "namespace": "{{ .Value }}" - "resource": "prometheusrules" - "rewrites": - "byQueryParameter": - "name": "namespace" -kind: Secret -metadata: - labels: - k8s-app: alertmanager-wheel - name: alertmanager-kube-rbac-proxy -type: Opaque - +apiVersion: v1 +stringData: + config.yaml: | + "authorization": + "resourceAttributes": + "apiGroup": "monitoring.coreos.com" + "namespace": "{{ .Value }}" + "resource": "prometheusrules" + "rewrites": + "byQueryParameter": + "name": "namespace" +kind: Secret +metadata: + labels: + k8s-app: alertmanager-wheel + name: alertmanager-kube-rbac-proxy +type: Opaque + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-proxy-secret.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-proxy-secret.yaml index 924fe28f..d3844f9a 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-proxy-secret.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-proxy-secret.yaml @@ -1,10 +1,10 @@ -apiVersion: v1 -data: - session_secret: SWZzZGNJS0Vhc0RLb2plZsO2Yy9hZmV3bzhlODkyM2EveGpzYWlmd2V1ZjRwd2hjaHBhd3ZhZ2hhRkg9PQ== -kind: Secret -metadata: - labels: - k8s-app: alertmanager-wheel - name: alertmanager-wheel-proxy -type: Opaque - +apiVersion: v1 +data: + session_secret: SWZzZGNJS0Vhc0RLb2plZsO2Yy9hZmV3bzhlODkyM2EveGpzYWlmd2V1ZjRwd2hjaHBhd3ZhZ2hhRkg9PQ== +kind: Secret +metadata: + labels: + k8s-app: alertmanager-wheel + name: alertmanager-wheel-proxy +type: Opaque + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-route.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-route.yaml index 05a32eb3..f9aafab0 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-route.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-route.yaml @@ -1,17 +1,17 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: alertmanager-wheel -spec: - host: alertmanager-wheel-monitoring-stack.apps.okd.baloise.dev - port: - targetPort: web - tls: - insecureEdgeTerminationPolicy: Redirect - termination: reencrypt - to: - kind: Service - name: alertmanager-wheel - weight: 100 - wildcardPolicy: None - +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: alertmanager-wheel +spec: + host: alertmanager-wheel-monitoring-stack.apps.okd.baloise.dev + port: + targetPort: web + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: alertmanager-wheel + weight: 100 + wildcardPolicy: None + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-sa.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-sa.yaml index 09212502..eb803870 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-sa.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-sa.yaml @@ -1,12 +1,12 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: alertmanager-wheel - app.kubernetes.io/version: v0.38.1 - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.alertmanager-wheel: >- - {"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alertmanager-wheel"}} - name: alertmanager-wheel - +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: alertmanager-wheel + app.kubernetes.io/version: v0.38.1 + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.alertmanager-wheel: >- + {"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"alertmanager-wheel"}} + name: alertmanager-wheel + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-sealed-secret.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-sealed-secret.yaml index 895bbd60..44bf2e84 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-sealed-secret.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-sealed-secret.yaml @@ -1,16 +1,16 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: alertmanager-wheel - namespace: monitoring-stack -spec: - encryptedData: - alertmanager.yaml: AgAT1QlZ6nOmqOyFQeO3RFcZl/YqsRK57RH7zbms1r7kqX7UabHFdNJyiltcZyyMfBrgwWhWxDrK3N5jWSplwTaGkwy8u9l5QgU7KrGxGsRbQkmbuHg/D2WsfhKT+qCXofDGOjSBOwBL++VJf0TYZv1UTMVV3cOlt7wkIyXczpkjDrw9xXnKNEBIOpU/lqH/eJ341IhfTzxVzysVNe+AP+pJUTN2EscsEZiTSYbHQLNvWGPjSMMq7jRh5upY03hA6xL5hV7A+7YF4gh4w1ob71wBxNjv3VVBj+FFzGbTttTHS2DCkwp+Tkki4ZaNTwHucmRHztEhBbT8nzJTFcuMowkEz6d6mBUgMj32UnYI6RtS/3AO1obMnPhht22NwuIBqGo3351N6K/vc/Oc/OtTMfPGLXkegTpW2ozMhfcOT/+6djFpb0ZFrh+bkPb6tBbfJUhgpVAvmEsT1zAmjiktPla2pP/ZEwYyxFepaL9HP7NYRoR5DV8E9fmqH7F8qbxYICN8ZkLj4iG4hdyARRRxACjYmYQF2n0I9Da3bMXUDJXTLoNvE2CZ3tj3lZ321mpAT7zivhpLOw+NhDKH8L4ldpZlMlOB6iuOmuvVBnBD27od2SL8P9Y9LxJahNBmnUVch6KrIBpoEfyZmTHmb/y6kkfnEPehLhYx10eooUSLZurXcm4rvmEXZQYl5pCoANQ09/WWzlWD9lrqCDBG6R73HNy2/cmc1ZqluvLVa4MRU5EENzmntZDyPGMUM9plQ4Fz9c4KNvB960Ug57+VJ1h070ygGDv8iBswQ+dlUz7t06DDAgb3q+fOZkQrrS9uiWWw3XexHTALr0xuXDrAeTuPjtPfSODg8kNwHhsZIclRDAfJuthLiHY6lXmZosH/SPRGulsJb/k58TGKafqilQ6KDm8nGrulk4r1EbrtnOYAXJrXmN/EdzhraClP0L+6YuSxLDivGxg96umXuIIEXMsqXylvBCLEAx1z1qpTtuwuBiO+HjE+DHAatk87P5F34kPip1dCUiiKcHwm7NaOS/J+LyxrdrES6knM6TtuOtG3W8HCwVTZuX+WamZLsDJvozuMV4eGIEqqYfhcIG64hI3TR1rPTfH65+3qWcr/1TpDMuV/jDl5lQVVjpkha5J0Q/t6D64llC4CvcXDSgPMrs83xzVkx950vCsKTPTS1jdX2esOlndM8OKKmErOEuZkSl7YcS+QmLNQIm77U1hQVg43Oq5sY+fJzcjTOq4n+wx33tVc5auVrG2BU/T+03+0qAjy6r2sWFWPVf6hGcGrYTwOFWXUoAx5uLTg2F0drRM+k7dPIENofbzOgIzdoqTZMjiY3Mi8nV+F+8Ctkz+l50mgDIzCQMceLWbHDUx63mcc8eRzZVHB2T3RXSVk8Hsu+WJ1kZBLEaLh5XzU+JnS89xaKgu1nvUZImnpYfsi/2xl5YYcpwgVQJVk2mpo1HT5yTbRW2YcSl4vr5e4e5DUDySTv74VxsvZmlOg/3Vsc3azwLOtZQjkRzo3gAJoNoF7ruPzlsW1FAVDzE/xuPtYRKd54KxqjCjUrR8oZJUNN8ANolwpRZlzn24+X9kiYp18VP79HCSkOZSIkji0qEZfAoOmjyh5i8RaSs20d5UI7k8sQ/NIyNEW5k+BvSRYe3OpvjR9Dp8zkueA6NjvTbl2ANsQGSSDZ/JDmGX3aRPkkGXXTERKlXEmor6QKjTcM4HsIUOsNPXEuZ+eyg8OmsrPX/XYW2BNZ3mrAOmsCZKQoy32iOBF/Kvid8JIEHVzQzqOQAbBApUxLmm37f5zkaaOni7RX/WzI56cdzeYfLyPVCeZWonLJro94U0imScADCA0woJ00O6cMD9iyNXRXA5WkX6g46AScYlld77G8Cg/6NvDC76xXC0MbE0ySD1AVQA= - template: - metadata: - creationTimestamp: null - name: alertmanager-wheel - namespace: monitoring-stack - type: Opaque - +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: alertmanager-wheel + namespace: monitoring-stack +spec: + encryptedData: + alertmanager.yaml: AgAT1QlZ6nOmqOyFQeO3RFcZl/YqsRK57RH7zbms1r7kqX7UabHFdNJyiltcZyyMfBrgwWhWxDrK3N5jWSplwTaGkwy8u9l5QgU7KrGxGsRbQkmbuHg/D2WsfhKT+qCXofDGOjSBOwBL++VJf0TYZv1UTMVV3cOlt7wkIyXczpkjDrw9xXnKNEBIOpU/lqH/eJ341IhfTzxVzysVNe+AP+pJUTN2EscsEZiTSYbHQLNvWGPjSMMq7jRh5upY03hA6xL5hV7A+7YF4gh4w1ob71wBxNjv3VVBj+FFzGbTttTHS2DCkwp+Tkki4ZaNTwHucmRHztEhBbT8nzJTFcuMowkEz6d6mBUgMj32UnYI6RtS/3AO1obMnPhht22NwuIBqGo3351N6K/vc/Oc/OtTMfPGLXkegTpW2ozMhfcOT/+6djFpb0ZFrh+bkPb6tBbfJUhgpVAvmEsT1zAmjiktPla2pP/ZEwYyxFepaL9HP7NYRoR5DV8E9fmqH7F8qbxYICN8ZkLj4iG4hdyARRRxACjYmYQF2n0I9Da3bMXUDJXTLoNvE2CZ3tj3lZ321mpAT7zivhpLOw+NhDKH8L4ldpZlMlOB6iuOmuvVBnBD27od2SL8P9Y9LxJahNBmnUVch6KrIBpoEfyZmTHmb/y6kkfnEPehLhYx10eooUSLZurXcm4rvmEXZQYl5pCoANQ09/WWzlWD9lrqCDBG6R73HNy2/cmc1ZqluvLVa4MRU5EENzmntZDyPGMUM9plQ4Fz9c4KNvB960Ug57+VJ1h070ygGDv8iBswQ+dlUz7t06DDAgb3q+fOZkQrrS9uiWWw3XexHTALr0xuXDrAeTuPjtPfSODg8kNwHhsZIclRDAfJuthLiHY6lXmZosH/SPRGulsJb/k58TGKafqilQ6KDm8nGrulk4r1EbrtnOYAXJrXmN/EdzhraClP0L+6YuSxLDivGxg96umXuIIEXMsqXylvBCLEAx1z1qpTtuwuBiO+HjE+DHAatk87P5F34kPip1dCUiiKcHwm7NaOS/J+LyxrdrES6knM6TtuOtG3W8HCwVTZuX+WamZLsDJvozuMV4eGIEqqYfhcIG64hI3TR1rPTfH65+3qWcr/1TpDMuV/jDl5lQVVjpkha5J0Q/t6D64llC4CvcXDSgPMrs83xzVkx950vCsKTPTS1jdX2esOlndM8OKKmErOEuZkSl7YcS+QmLNQIm77U1hQVg43Oq5sY+fJzcjTOq4n+wx33tVc5auVrG2BU/T+03+0qAjy6r2sWFWPVf6hGcGrYTwOFWXUoAx5uLTg2F0drRM+k7dPIENofbzOgIzdoqTZMjiY3Mi8nV+F+8Ctkz+l50mgDIzCQMceLWbHDUx63mcc8eRzZVHB2T3RXSVk8Hsu+WJ1kZBLEaLh5XzU+JnS89xaKgu1nvUZImnpYfsi/2xl5YYcpwgVQJVk2mpo1HT5yTbRW2YcSl4vr5e4e5DUDySTv74VxsvZmlOg/3Vsc3azwLOtZQjkRzo3gAJoNoF7ruPzlsW1FAVDzE/xuPtYRKd54KxqjCjUrR8oZJUNN8ANolwpRZlzn24+X9kiYp18VP79HCSkOZSIkji0qEZfAoOmjyh5i8RaSs20d5UI7k8sQ/NIyNEW5k+BvSRYe3OpvjR9Dp8zkueA6NjvTbl2ANsQGSSDZ/JDmGX3aRPkkGXXTERKlXEmor6QKjTcM4HsIUOsNPXEuZ+eyg8OmsrPX/XYW2BNZ3mrAOmsCZKQoy32iOBF/Kvid8JIEHVzQzqOQAbBApUxLmm37f5zkaaOni7RX/WzI56cdzeYfLyPVCeZWonLJro94U0imScADCA0woJ00O6cMD9iyNXRXA5WkX6g46AScYlld77G8Cg/6NvDC76xXC0MbE0ySD1AVQA= + template: + metadata: + creationTimestamp: null + name: alertmanager-wheel + namespace: monitoring-stack + type: Opaque + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-servicemonitor.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-servicemonitor.yaml index 6f6e8a8d..a770d449 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-servicemonitor.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-servicemonitor.yaml @@ -1,18 +1,18 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-app: alertmanager - name: alertmanager -spec: - endpoints: - - interval: 30s - port: web - scheme: https - tlsConfig: - insecureSkipVerify: true - serverName: alertmanager-wheel.monitoring-stack.svc - selector: - matchLabels: - alertmanager: wheel - +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + k8s-app: alertmanager + name: alertmanager +spec: + endpoints: + - interval: 30s + port: web + scheme: https + tlsConfig: + insecureSkipVerify: true + serverName: alertmanager-wheel.monitoring-stack.svc + selector: + matchLabels: + alertmanager: wheel + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager-svc.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager-svc.yaml index 15655480..b55d64dc 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager-svc.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager-svc.yaml @@ -1,20 +1,20 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: alertmanager-wheel-tls - labels: - alertmanager: wheel - name: alertmanager-wheel -spec: - ports: - - name: web - port: 9094 - targetPort: web - - name: tenancy - port: 9092 - targetPort: tenancy - selector: - alertmanager: wheel - app: alertmanager - +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: alertmanager-wheel-tls + labels: + alertmanager: wheel + name: alertmanager-wheel +spec: + ports: + - name: web + port: 9094 + targetPort: web + - name: tenancy + port: 9092 + targetPort: tenancy + selector: + alertmanager: wheel + app: alertmanager + diff --git a/.disabled/.monitoring-stack/alertmanager/alertmanager.yaml b/.disabled/.monitoring-stack/alertmanager/alertmanager.yaml index 055058d0..7871e90f 100644 --- a/.disabled/.monitoring-stack/alertmanager/alertmanager.yaml +++ b/.disabled/.monitoring-stack/alertmanager/alertmanager.yaml @@ -1,119 +1,119 @@ -apiVersion: monitoring.coreos.com/v1 -kind: Alertmanager -metadata: - labels: - alertmanager: wheel - name: wheel -spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: alertmanager - operator: In - values: - - wheel - namespaces: - - monitoring-stack - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - -provider=openshift - - -https-address=:9095 - - -http-address= - - -email-domain=* - - -upstream=http://localhost:9093 - - '-openshift-sar={"resource": "namespaces", "verb": "get"}' - - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' - - -tls-cert=/etc/tls/private/tls.crt - - -tls-key=/etc/tls/private/tls.key - - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - - -cookie-secret-file=/etc/proxy/secrets/session_secret - - -openshift-service-account=alertmanager-wheel - - -openshift-ca=/etc/pki/tls/cert.pem - - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - -skip-auth-regex=^/metrics - env: - - name: HTTP_PROXY - - name: HTTPS_PROXY - - name: NO_PROXY - image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 - name: alertmanager-proxy - ports: - - containerPort: 9095 - name: web - resources: - requests: - cpu: 1m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: secret-alertmanager-wheel-tls - - mountPath: /etc/proxy/secrets - name: secret-alertmanager-wheel-proxy - - args: - - --secure-listen-address=0.0.0.0:9092 - - --upstream=http://127.0.0.1:9096 - - --config-file=/etc/kube-rbac-proxy/config.yaml - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --logtostderr=true - - --v=10 - image: quay.io/openshift/okd-content@sha256:1aa5bb03d0485ec2db2c7871a1eeaef83e9eabf7e9f1bc2c841cf1a759817c99 - name: kube-rbac-proxy - ports: - - containerPort: 9092 - name: tenancy - resources: - requests: - cpu: 1m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/kube-rbac-proxy - name: secret-alertmanager-kube-rbac-proxy - - mountPath: /etc/tls/private - name: secret-alertmanager-wheel-tls - - name: config-reloader - resources: - requests: - cpu: 1m - externalUrl: https://alertmanager-wheel-monitoring-stack.apps.okd.baloise.dev/ - image: quay.io/openshift/okd-content@sha256:40e5d5c8e6d597473f62486babd659bd7d90b56f5591eac14114d6f18ee91454 - listenLocal: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - replicas: 1 - resources: - requests: - cpu: 4m - secrets: - - alertmanager-wheel-tls - - alertmanager-wheel-proxy - - alertmanager-kube-rbac-proxy - serviceAccountName: alertmanager-wheel - storage: - volumeClaimTemplate: - metadata: - name: alertmanager - spec: - resources: - requests: - storage: 30Gi - storageClassName: ceph-block - version: v0.20.0 - volumes: - - configMap: - items: - - key: ca-bundle.crt - path: tls-ca-bundle.pem - name: alertmanager-trusted-ca-bundle-dhdn0615554p8 - optional: true - name: alertmanager-trusted-ca-bundle - +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + labels: + alertmanager: wheel + name: wheel +spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: alertmanager + operator: In + values: + - wheel + namespaces: + - monitoring-stack + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - -provider=openshift + - -https-address=:9095 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:9093 + - '-openshift-sar={"resource": "namespaces", "verb": "get"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-service-account=alertmanager-wheel + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - -skip-auth-regex=^/metrics + env: + - name: HTTP_PROXY + - name: HTTPS_PROXY + - name: NO_PROXY + image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 + name: alertmanager-proxy + ports: + - containerPort: 9095 + name: web + resources: + requests: + cpu: 1m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: secret-alertmanager-wheel-tls + - mountPath: /etc/proxy/secrets + name: secret-alertmanager-wheel-proxy + - args: + - --secure-listen-address=0.0.0.0:9092 + - --upstream=http://127.0.0.1:9096 + - --config-file=/etc/kube-rbac-proxy/config.yaml + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - --logtostderr=true + - --v=10 + image: quay.io/openshift/okd-content@sha256:1aa5bb03d0485ec2db2c7871a1eeaef83e9eabf7e9f1bc2c841cf1a759817c99 + name: kube-rbac-proxy + ports: + - containerPort: 9092 + name: tenancy + resources: + requests: + cpu: 1m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/kube-rbac-proxy + name: secret-alertmanager-kube-rbac-proxy + - mountPath: /etc/tls/private + name: secret-alertmanager-wheel-tls + - name: config-reloader + resources: + requests: + cpu: 1m + externalUrl: https://alertmanager-wheel-monitoring-stack.apps.okd.baloise.dev/ + image: quay.io/openshift/okd-content@sha256:40e5d5c8e6d597473f62486babd659bd7d90b56f5591eac14114d6f18ee91454 + listenLocal: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + replicas: 1 + resources: + requests: + cpu: 4m + secrets: + - alertmanager-wheel-tls + - alertmanager-wheel-proxy + - alertmanager-kube-rbac-proxy + serviceAccountName: alertmanager-wheel + storage: + volumeClaimTemplate: + metadata: + name: alertmanager + spec: + resources: + requests: + storage: 30Gi + storageClassName: ceph-block + version: v0.20.0 + volumes: + - configMap: + items: + - key: ca-bundle.crt + path: tls-ca-bundle.pem + name: alertmanager-trusted-ca-bundle-dhdn0615554p8 + optional: true + name: alertmanager-trusted-ca-bundle + diff --git a/.disabled/.monitoring-stack/grafana/argocd-dashboard.yaml b/.disabled/.monitoring-stack/grafana/argocd-dashboard.yaml index 4e3677f3..4cdd2d8e 100644 --- a/.disabled/.monitoring-stack/grafana/argocd-dashboard.yaml +++ b/.disabled/.monitoring-stack/grafana/argocd-dashboard.yaml @@ -1,3769 +1,3769 @@ -apiVersion: integreatly.org/v1alpha1 -kind: GrafanaDashboard -metadata: - name: argocd-dashboard - labels: - app: grafana -spec: - name: argocd-dashboard.json - json: > - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "links": [], - "panels": [ - { - "collapsed": false, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 68, - "panels": [], - "title": "Overview", - "type": "row" - }, - { - "content": "![argoimage](https://avatars1.githubusercontent.com/u/30269780?s=110&v=4)", - "datasource": "$datasource", - "gridPos": { - "h": 4, - "w": 2, - "x": 0, - "y": 1 - }, - "id": 26, - "links": [], - "mode": "markdown", - "options": {}, - "title": "", - "transparent": true, - "type": "text" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "dtdurations", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 2, - "y": 1 - }, - "id": 32, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "time() - max(process_start_time_seconds{job=\"argocd-server-metrics\",namespace=~\"$namespace\"})", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "title": "Uptime", - "type": "singlestat", - "valueFontSize": "70%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 5, - "y": 1 - }, - "id": 94, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "count(count by (server) (argocd_cluster_info{namespace=~\"$namespace\"}))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Clusters", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorPostfix": false, - "colorPrefix": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 8, - "y": 1 - }, - "id": 75, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "repeat": null, - "repeatDirection": "h", - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\"})", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Applications", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 11, - "y": 1 - }, - "id": 107, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "options": {}, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "count(count by (repo) (argocd_app_info{namespace=~\"$namespace\"}))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Repositories", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "datasource": "$datasource", - "gridPos": { - "h": 4, - "w": 3, - "x": 14, - "y": 1 - }, - "id": 100, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "0", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "connected", - "thresholds": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ], - "unit": "none" - }, - "override": {}, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true - }, - "pluginVersion": "6.5.2", - "repeatDirection": "h", - "targets": [ - { - "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",operation!=\"\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Operations", - "type": "gauge" - }, - { - "aliasColors": {}, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 4, - "w": 7, - "x": 17, - "y": 1 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\"}) by (namespace)", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Applications", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 5 - }, - "id": 77, - "panels": [], - "title": "Application Status", - "type": "row" - }, - { - "aliasColors": { - "Degraded": "semi-dark-red", - "Healthy": "green", - "Missing": "semi-dark-purple", - "Progressing": "semi-dark-blue", - "Suspended": "semi-dark-orange", - "Unknown": "rgb(255, 255, 255)" - }, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 6 - }, - "hiddenSeries": false, - "id": 105, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\",health_status!=\"\"}) by (health_status)", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{health_status}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Health Status", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 2, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "Degraded": "semi-dark-red", - "Healthy": "green", - "Missing": "semi-dark-purple", - "OutOfSync": "semi-dark-yellow", - "Progressing": "semi-dark-blue", - "Suspended": "semi-dark-orange", - "Synced": "semi-dark-green", - "Unknown": "rgb(255, 255, 255)" - }, - "bars": false, - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 12, - "x": 12, - "y": 6 - }, - "hiddenSeries": false, - "id": 106, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\",health_status!=\"\"}) by (sync_status)", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{sync_status}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sync Status", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 2, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 104, - "panels": [], - "title": "Sync Stats", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 13 - }, - "hiddenSeries": false, - "id": 56, - "interval": "", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "total", - "sortDesc": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 1, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(round(increase(argocd_app_sync_total{namespace=~\"$namespace\",dest_server=~\"$cluster\"}[$interval]))) by ($grouping)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{$grouping}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sync Activity", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "decimals": -12, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 5, - "w": 24, - "x": 0, - "y": 19 - }, - "hiddenSeries": false, - "id": 73, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "total", - "sortDesc": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(round(increase(argocd_app_sync_total{namespace=~\"$namespace\",phase=~\"Error|Failed\",dest_server=~\"$cluster\"}[$interval]))) by ($grouping, phase)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{phase}}: {{$grouping}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Sync Failures", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "none", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": false, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 24 - }, - "id": 64, - "panels": [], - "title": "Controller Stats", - "type": "row" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 25 - }, - "hiddenSeries": false, - "id": 58, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sort": "total", - "sortDesc": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(argocd_app_reconcile_count{namespace=~\"$namespace\",dest_server=~\"$cluster\"}[$interval])) by ($grouping)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{$grouping}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Reconciliation Activity", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "cards": { - "cardPadding": null, - "cardRound": null - }, - "color": { - "cardColor": "#b4ff00", - "colorScale": "sqrt", - "colorScheme": "interpolateSpectral", - "exponent": 0.5, - "min": null, - "mode": "spectrum" - }, - "dataFormat": "tsbuckets", - "datasource": "$datasource", - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 31 - }, - "heatmap": {}, - "hideZeroBuckets": false, - "highlightCards": true, - "id": 60, - "legend": { - "show": true - }, - "links": [], - "options": {}, - "reverseYBuckets": false, - "targets": [ - { - "expr": "sum(increase(argocd_app_reconcile_bucket{namespace=~\"$namespace\"}[$interval])) by (le)", - "format": "heatmap", - "instant": false, - "intervalFactor": 10, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Reconciliation Performance", - "tooltip": { - "show": true, - "showHistogram": true - }, - "tooltipDecimals": 0, - "type": "heatmap", - "xAxis": { - "show": true - }, - "xBucketNumber": null, - "xBucketSize": null, - "yAxis": { - "decimals": null, - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true, - "splitFactor": null - }, - "yBucketBound": "auto", - "yBucketNumber": null, - "yBucketSize": null - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 38 - }, - "hiddenSeries": false, - "id": 80, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(argocd_app_k8s_request_total{namespace=~\"$namespace\",server=~\"$cluster\"}[$interval])) by (verb, resource_kind)", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{verb}} {{resource_kind}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "K8s API Activity", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 44 - }, - "hiddenSeries": false, - "id": 96, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(workqueue_depth{namespace=~\"$namespace\",name=~\"app_.*\"}) by (name)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Workqueue Depth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": null, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 44 - }, - "hiddenSeries": false, - "id": 98, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideZero": false, - "max": true, - "min": false, - "show": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(argocd_kubectl_exec_pending{namespace=~\"$namespace\"}) by (command)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{command}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pending kubectl run", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "decimals": 0, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "collapsed": true, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 51 - }, - "id": 102, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 26 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-metrics\",namespace=~\"$namespace\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 33 - }, - "hiddenSeries": false, - "id": 108, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "irate(process_cpu_seconds_total{job=\"argocd-metrics\",namespace=~\"$namespace\"}[1m])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 62, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": false, - "hideZero": false, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"argocd-metrics\",namespace=~\"$namespace\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Controller Telemetry", - "type": "row" - }, - { - "collapsed": true, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 52 - }, - "id": 88, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 27 - }, - "hiddenSeries": false, - "id": 90, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(argocd_cluster_api_resource_objects{namespace=~\"$namespace\",server=~\"$cluster\"}) by (server)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{server}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Resource Objects Count", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 24, - "x": 0, - "y": 34 - }, - "hiddenSeries": false, - "id": 92, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": " sum(argocd_cluster_api_resources{namespace=~\"$namespace\",server=~\"$cluster\"}) by (server)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{server}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "API Resources Count", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 40 - }, - "hiddenSeries": false, - "id": 86, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(argocd_cluster_events_total{namespace=~\"$namespace\",server=~\"$cluster\"}[$interval])) by (server)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{server}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cluster Events Count", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Cluster Stats", - "type": "row" - }, - { - "collapsed": true, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 53 - }, - "id": 66, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 89 - }, - "id": 61, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-server-metrics\",namespace=~\"$namespace\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Used", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 97 - }, - "id": 36, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"argocd-server-metrics\",namespace=~\"$namespace\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 106 - }, - "id": 38, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_gc_duration_seconds{job=\"argocd-server-metrics\", quantile=\"1\", namespace=~\"$namespace\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "GC Time Quantiles", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "content": "#### gRPC Services:", - "gridPos": { - "h": 2, - "w": 24, - "x": 0, - "y": 115 - }, - "id": 54, - "links": [], - "mode": "markdown", - "title": "", - "transparent": true, - "type": "text" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": null, - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 117 - }, - "id": 40, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sort": "total", - "sortDesc": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"application.ApplicationService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ApplicationService Requests", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 117 - }, - "id": 42, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"cluster.ClusterService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ClusterService Requests", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 126 - }, - "id": 44, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"project.ProjectService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "ProjectService Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 126 - }, - "id": 46, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"repository.RepositoryService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "yaxis": "left" - } - ], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "RepositoryService Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 135 - }, - "id": 48, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"session.SessionService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SessionService Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 135 - }, - "id": 49, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"version.VersionService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "VersionService Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 144 - }, - "id": 50, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"account.AccountService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "AccountService Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 144 - }, - "id": 99, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "show": true, - "total": true, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null as zero", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"settings.SettingsService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{grpc_code}},{{grpc_method}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "SettingsService Requests", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Server Stats", - "type": "row" - }, - { - "collapsed": true, - "datasource": "$datasource", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 54 - }, - "id": 70, - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 69 - }, - "hiddenSeries": false, - "id": 82, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(argocd_git_request_total{request_type=\"ls-remote\", namespace=~\"$namespace\"}[10m])) by (namespace)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Git Requests (ls-remote)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 69 - }, - "hiddenSeries": false, - "id": 84, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(argocd_git_request_total{request_type=\"fetch\", namespace=~\"$namespace\"}[10m])) by (namespace)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{namespace}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Git Requests (checkout)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 77 - }, - "hiddenSeries": false, - "id": 71, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-repo-server\",namespace=~\"$namespace\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Used", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 85 - }, - "hiddenSeries": false, - "id": 72, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"argocd-repo-server\",namespace=~\"$namespace\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "Repo Server Stats", - "type": "row" - } - ], - "refresh": false, - "schemaVersion": 21, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "label_values(kube_pod_info, namespace)", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "namespace", - "options": [], - "query": "label_values(kube_pod_info, namespace)", - "refresh": 1, - "regex": ".*argocd.*", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "auto": true, - "auto_count": 30, - "auto_min": "1m", - "current": { - "selected": false, - "text": "auto", - "value": "$__auto_interval_interval" - }, - "hide": 0, - "label": null, - "name": "interval", - "options": [ - { - "selected": true, - "text": "auto", - "value": "$__auto_interval_interval" - }, - { - "selected": false, - "text": "1m", - "value": "1m" - }, - { - "selected": false, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "10m", - "value": "10m" - }, - { - "selected": false, - "text": "30m", - "value": "30m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - }, - { - "selected": false, - "text": "2h", - "value": "2h" - }, - { - "selected": false, - "text": "4h", - "value": "4h" - }, - { - "selected": false, - "text": "8h", - "value": "8h" - } - ], - "query": "1m,5m,10m,30m,1h,2h,4h,8h", - "refresh": 2, - "skipUrlSync": false, - "type": "interval" - }, - { - "allValue": "", - "current": { - "selected": true, - "text": "namespace", - "value": "namespace" - }, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "grouping", - "options": [ - { - "selected": true, - "text": "namespace", - "value": "namespace" - }, - { - "selected": false, - "text": "name", - "value": "name" - }, - { - "selected": false, - "text": "project", - "value": "project" - } - ], - "query": "namespace,name,project", - "skipUrlSync": false, - "type": "custom" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "label_values(argocd_cluster_info, server)", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "cluster", - "options": [], - "query": "label_values(argocd_cluster_info, server)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "health_status", - "options": [ - { - "selected": true, - "text": "All", - "value": "$__all" - }, - { - "selected": false, - "text": "Healthy", - "value": "Healthy" - }, - { - "selected": false, - "text": "Progressing", - "value": "Progressing" - }, - { - "selected": false, - "text": "Suspended", - "value": "Suspended" - }, - { - "selected": false, - "text": "Missing", - "value": "Missing" - }, - { - "selected": false, - "text": "Degraded", - "value": "Degraded" - }, - { - "selected": false, - "text": "Unknown", - "value": "Unknown" - } - ], - "query": "Healthy,Progressing,Suspended,Missing,Degraded,Unknown", - "skipUrlSync": false, - "type": "custom" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "sync_status", - "options": [ - { - "selected": true, - "text": "All", - "value": "$__all" - }, - { - "selected": false, - "text": "Synced", - "value": "Synced" - }, - { - "selected": false, - "text": "OutOfSync", - "value": "OutOfSync" - }, - { - "selected": false, - "text": "Unknown", - "value": "Unknown" - } - ], - "query": "Synced,OutOfSync,Unknown", - "skipUrlSync": false, - "type": "custom" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "", - "title": "ArgoCD", - "version": 2 +apiVersion: integreatly.org/v1alpha1 +kind: GrafanaDashboard +metadata: + name: argocd-dashboard + labels: + app: grafana +spec: + name: argocd-dashboard.json + json: > + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 68, + "panels": [], + "title": "Overview", + "type": "row" + }, + { + "content": "![argoimage](https://avatars1.githubusercontent.com/u/30269780?s=110&v=4)", + "datasource": "$datasource", + "gridPos": { + "h": 4, + "w": 2, + "x": 0, + "y": 1 + }, + "id": 26, + "links": [], + "mode": "markdown", + "options": {}, + "title": "", + "transparent": true, + "type": "text" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "dtdurations", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 2, + "y": 1 + }, + "id": 32, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "time() - max(process_start_time_seconds{job=\"argocd-server-metrics\",namespace=~\"$namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "title": "Uptime", + "type": "singlestat", + "valueFontSize": "70%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 5, + "y": 1 + }, + "id": 94, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "count(count by (server) (argocd_cluster_info{namespace=~\"$namespace\"}))", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Clusters", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorPostfix": false, + "colorPrefix": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 8, + "y": 1 + }, + "id": 75, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "repeat": null, + "repeatDirection": "h", + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\"})", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Applications", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 11, + "y": 1 + }, + "id": 107, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "options": {}, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "count(count by (repo) (argocd_app_info{namespace=~\"$namespace\"}))", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Repositories", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "datasource": "$datasource", + "gridPos": { + "h": 4, + "w": 3, + "x": 14, + "y": 1 + }, + "id": 100, + "links": [], + "options": { + "fieldOptions": { + "calcs": [ + "lastNotNull" + ], + "defaults": { + "mappings": [ + { + "id": 0, + "op": "=", + "text": "0", + "type": 1, + "value": "null" + } + ], + "max": 100, + "min": 0, + "nullValueMode": "connected", + "thresholds": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ], + "unit": "none" + }, + "override": {}, + "overrides": [], + "values": false + }, + "orientation": "horizontal", + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "6.5.2", + "repeatDirection": "h", + "targets": [ + { + "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",operation!=\"\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Operations", + "type": "gauge" + }, + { + "aliasColors": {}, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 4, + "w": 7, + "x": 17, + "y": 1 + }, + "hiddenSeries": false, + "id": 28, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\"}) by (namespace)", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Applications", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 5 + }, + "id": 77, + "panels": [], + "title": "Application Status", + "type": "row" + }, + { + "aliasColors": { + "Degraded": "semi-dark-red", + "Healthy": "green", + "Missing": "semi-dark-purple", + "Progressing": "semi-dark-blue", + "Suspended": "semi-dark-orange", + "Unknown": "rgb(255, 255, 255)" + }, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 12, + "x": 0, + "y": 6 + }, + "hiddenSeries": false, + "id": 105, + "interval": "", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\",health_status!=\"\"}) by (health_status)", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{health_status}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Health Status", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 2, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "Degraded": "semi-dark-red", + "Healthy": "green", + "Missing": "semi-dark-purple", + "OutOfSync": "semi-dark-yellow", + "Progressing": "semi-dark-blue", + "Suspended": "semi-dark-orange", + "Synced": "semi-dark-green", + "Unknown": "rgb(255, 255, 255)" + }, + "bars": false, + "cacheTimeout": null, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 6 + }, + "hiddenSeries": false, + "id": 106, + "interval": "", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(argocd_app_info{namespace=~\"$namespace\",dest_server=~\"$cluster\",health_status=~\"$health_status\",sync_status=~\"$sync_status\",health_status!=\"\"}) by (sync_status)", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{sync_status}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Sync Status", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 2, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 104, + "panels": [], + "title": "Sync Stats", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 13 + }, + "hiddenSeries": false, + "id": 56, + "interval": "", + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "total", + "sortDesc": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 1, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(round(increase(argocd_app_sync_total{namespace=~\"$namespace\",dest_server=~\"$cluster\"}[$interval]))) by ($grouping)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{$grouping}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Sync Activity", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "decimals": -12, + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 5, + "w": 24, + "x": 0, + "y": 19 + }, + "hiddenSeries": false, + "id": 73, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "total", + "sortDesc": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(round(increase(argocd_app_sync_total{namespace=~\"$namespace\",phase=~\"Error|Failed\",dest_server=~\"$cluster\"}[$interval]))) by ($grouping, phase)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{phase}}: {{$grouping}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Sync Failures", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "none", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 64, + "panels": [], + "title": "Controller Stats", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 25 + }, + "hiddenSeries": false, + "id": 58, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "total", + "sortDesc": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(argocd_app_reconcile_count{namespace=~\"$namespace\",dest_server=~\"$cluster\"}[$interval])) by ($grouping)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{$grouping}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Reconciliation Activity", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "cards": { + "cardPadding": null, + "cardRound": null + }, + "color": { + "cardColor": "#b4ff00", + "colorScale": "sqrt", + "colorScheme": "interpolateSpectral", + "exponent": 0.5, + "min": null, + "mode": "spectrum" + }, + "dataFormat": "tsbuckets", + "datasource": "$datasource", + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 31 + }, + "heatmap": {}, + "hideZeroBuckets": false, + "highlightCards": true, + "id": 60, + "legend": { + "show": true + }, + "links": [], + "options": {}, + "reverseYBuckets": false, + "targets": [ + { + "expr": "sum(increase(argocd_app_reconcile_bucket{namespace=~\"$namespace\"}[$interval])) by (le)", + "format": "heatmap", + "instant": false, + "intervalFactor": 10, + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Reconciliation Performance", + "tooltip": { + "show": true, + "showHistogram": true + }, + "tooltipDecimals": 0, + "type": "heatmap", + "xAxis": { + "show": true + }, + "xBucketNumber": null, + "xBucketSize": null, + "yAxis": { + "decimals": null, + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true, + "splitFactor": null + }, + "yBucketBound": "auto", + "yBucketNumber": null, + "yBucketSize": null + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 38 + }, + "hiddenSeries": false, + "id": 80, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(argocd_app_k8s_request_total{namespace=~\"$namespace\",server=~\"$cluster\"}[$interval])) by (verb, resource_kind)", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{verb}} {{resource_kind}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "K8s API Activity", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 44 + }, + "hiddenSeries": false, + "id": 96, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{namespace=~\"$namespace\",name=~\"app_.*\"}) by (name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{name}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Workqueue Depth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 44 + }, + "hiddenSeries": false, + "id": 98, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideZero": false, + "max": true, + "min": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(argocd_kubectl_exec_pending{namespace=~\"$namespace\"}) by (command)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{command}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Pending kubectl run", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "decimals": 0, + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": true, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 51 + }, + "id": 102, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 26 + }, + "hiddenSeries": false, + "id": 34, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-metrics\",namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 33 + }, + "hiddenSeries": false, + "id": 108, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "irate(process_cpu_seconds_total{job=\"argocd-metrics\",namespace=~\"$namespace\"}[1m])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 40 + }, + "hiddenSeries": false, + "id": 62, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": false, + "hideZero": false, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"argocd-metrics\",namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "title": "Controller Telemetry", + "type": "row" + }, + { + "collapsed": true, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 52 + }, + "id": 88, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 27 + }, + "hiddenSeries": false, + "id": 90, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(argocd_cluster_api_resource_objects{namespace=~\"$namespace\",server=~\"$cluster\"}) by (server)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{server}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Resource Objects Count", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 34 + }, + "hiddenSeries": false, + "id": 92, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " sum(argocd_cluster_api_resources{namespace=~\"$namespace\",server=~\"$cluster\"}) by (server)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{server}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Resources Count", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 40 + }, + "hiddenSeries": false, + "id": 86, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(argocd_cluster_events_total{namespace=~\"$namespace\",server=~\"$cluster\"}[$interval])) by (server)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{server}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cluster Events Count", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "title": "Cluster Stats", + "type": "row" + }, + { + "collapsed": true, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 53 + }, + "id": 66, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 89 + }, + "id": 61, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-server-metrics\",namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{pod}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Used", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 97 + }, + "id": 36, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"argocd-server-metrics\",namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{pod}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 106 + }, + "id": 38, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_gc_duration_seconds{job=\"argocd-server-metrics\", quantile=\"1\", namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GC Time Quantiles", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "content": "#### gRPC Services:", + "gridPos": { + "h": 2, + "w": 24, + "x": 0, + "y": 115 + }, + "id": 54, + "links": [], + "mode": "markdown", + "title": "", + "transparent": true, + "type": "text" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": null, + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 117 + }, + "id": 40, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sort": "total", + "sortDesc": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"application.ApplicationService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "ApplicationService Requests", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 117 + }, + "id": 42, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"cluster.ClusterService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "ClusterService Requests", + "tooltip": { + "shared": false, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 126 + }, + "id": 44, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"project.ProjectService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "ProjectService Requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 126 + }, + "id": 46, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"repository.RepositoryService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "yaxis": "left" + } + ], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RepositoryService Requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 135 + }, + "id": 48, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"session.SessionService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "SessionService Requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 135 + }, + "id": 49, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"version.VersionService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "VersionService Requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 144 + }, + "id": 50, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"account.AccountService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "AccountService Requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 144 + }, + "id": 99, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "show": true, + "total": true, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(grpc_server_handled_total{job=\"argocd-server-metrics\",grpc_service=\"settings.SettingsService\",namespace=~\"$namespace\"}[$interval])) by (grpc_code, grpc_method)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{grpc_code}},{{grpc_method}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "SettingsService Requests", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "title": "Server Stats", + "type": "row" + }, + { + "collapsed": true, + "datasource": "$datasource", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 54 + }, + "id": 70, + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 69 + }, + "hiddenSeries": false, + "id": 82, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(argocd_git_request_total{request_type=\"ls-remote\", namespace=~\"$namespace\"}[10m])) by (namespace)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Git Requests (ls-remote)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 69 + }, + "hiddenSeries": false, + "id": 84, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(argocd_git_request_total{request_type=\"fetch\", namespace=~\"$namespace\"}[10m])) by (namespace)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Git Requests (checkout)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 77 + }, + "hiddenSeries": false, + "id": 71, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "connected", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-repo-server\",namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{pod}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Used", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 85 + }, + "hiddenSeries": false, + "id": 72, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"argocd-repo-server\",namespace=~\"$namespace\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{pod}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "title": "Repo Server Stats", + "type": "row" + } + ], + "refresh": false, + "schemaVersion": 21, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "label_values(kube_pod_info, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(kube_pod_info, namespace)", + "refresh": 1, + "regex": ".*argocd.*", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "auto": true, + "auto_count": 30, + "auto_min": "1m", + "current": { + "selected": false, + "text": "auto", + "value": "$__auto_interval_interval" + }, + "hide": 0, + "label": null, + "name": "interval", + "options": [ + { + "selected": true, + "text": "auto", + "value": "$__auto_interval_interval" + }, + { + "selected": false, + "text": "1m", + "value": "1m" + }, + { + "selected": false, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "10m", + "value": "10m" + }, + { + "selected": false, + "text": "30m", + "value": "30m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + }, + { + "selected": false, + "text": "2h", + "value": "2h" + }, + { + "selected": false, + "text": "4h", + "value": "4h" + }, + { + "selected": false, + "text": "8h", + "value": "8h" + } + ], + "query": "1m,5m,10m,30m,1h,2h,4h,8h", + "refresh": 2, + "skipUrlSync": false, + "type": "interval" + }, + { + "allValue": "", + "current": { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "grouping", + "options": [ + { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + { + "selected": false, + "text": "name", + "value": "name" + }, + { + "selected": false, + "text": "project", + "value": "project" + } + ], + "query": "namespace,name,project", + "skipUrlSync": false, + "type": "custom" + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "label_values(argocd_cluster_info, server)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(argocd_cluster_info, server)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "health_status", + "options": [ + { + "selected": true, + "text": "All", + "value": "$__all" + }, + { + "selected": false, + "text": "Healthy", + "value": "Healthy" + }, + { + "selected": false, + "text": "Progressing", + "value": "Progressing" + }, + { + "selected": false, + "text": "Suspended", + "value": "Suspended" + }, + { + "selected": false, + "text": "Missing", + "value": "Missing" + }, + { + "selected": false, + "text": "Degraded", + "value": "Degraded" + }, + { + "selected": false, + "text": "Unknown", + "value": "Unknown" + } + ], + "query": "Healthy,Progressing,Suspended,Missing,Degraded,Unknown", + "skipUrlSync": false, + "type": "custom" + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "sync_status", + "options": [ + { + "selected": true, + "text": "All", + "value": "$__all" + }, + { + "selected": false, + "text": "Synced", + "value": "Synced" + }, + { + "selected": false, + "text": "OutOfSync", + "value": "OutOfSync" + }, + { + "selected": false, + "text": "Unknown", + "value": "Unknown" + } + ], + "query": "Synced,OutOfSync,Unknown", + "skipUrlSync": false, + "type": "custom" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "ArgoCD", + "version": 2 } \ No newline at end of file diff --git a/.disabled/.monitoring-stack/grafana/grafana-datasource.yaml b/.disabled/.monitoring-stack/grafana/grafana-datasource.yaml index 632d8c4d..069252e6 100644 --- a/.disabled/.monitoring-stack/grafana/grafana-datasource.yaml +++ b/.disabled/.monitoring-stack/grafana/grafana-datasource.yaml @@ -1,21 +1,21 @@ -apiVersion: integreatly.org/v1alpha1 -kind: GrafanaDataSource -metadata: - name: grafanadatasource -spec: - name: datasources.yaml - datasources: - - name: Prometheus - type: prometheus - access: proxy - url: https://prometheus-wheel.monitoring-stack.svc:9093 - basicAuth: true - basicAuthUser: internal - basicAuthPassword: "e9K3fEGs4XuTeDKhrzc5X59NbWaZG5ku" - isDefault: true - version: 1 - orgId: 1 - editable: false - jsonData: - tlsSkipVerify: true +apiVersion: integreatly.org/v1alpha1 +kind: GrafanaDataSource +metadata: + name: grafanadatasource +spec: + name: datasources.yaml + datasources: + - name: Prometheus + type: prometheus + access: proxy + url: https://prometheus-wheel.monitoring-stack.svc:9093 + basicAuth: true + basicAuthUser: internal + basicAuthPassword: "e9K3fEGs4XuTeDKhrzc5X59NbWaZG5ku" + isDefault: true + version: 1 + orgId: 1 + editable: false + jsonData: + tlsSkipVerify: true # timeInterval: "5s" \ No newline at end of file diff --git a/.disabled/.monitoring-stack/grafana/grafana.yaml b/.disabled/.monitoring-stack/grafana/grafana.yaml index abc455c9..d36794cf 100644 --- a/.disabled/.monitoring-stack/grafana/grafana.yaml +++ b/.disabled/.monitoring-stack/grafana/grafana.yaml @@ -1,38 +1,38 @@ -apiVersion: integreatly.org/v1alpha1 -kind: Grafana -metadata: - name: grafana-wheel -spec: - ingress: - enabled: True - hostname: grafana-wheel-monitoring-stack.apps.okd.baloise.dev - config: - log: - mode: "console" - level: "warn" - security: - admin_user: "root" - auth: - disable_login_form: False - disable_signout_menu: True - auth.anonymous: - enabled: True - dashboardLabelSelector: - - matchExpressions: - - { key: app, operator: In, values: [grafana] } - # initResources: - # # Optionally specify initResources - # limits: - # cpu: 1000m - # memory: 512Mi - # requests: - # cpu: 250m - # memory: 128Mi -# resources: -# # Optionally specify container resources -# limits: -# cpu: 2000m -# memory: 8000Mi -# requests: -# cpu: 100m -# memory: 200Mi +apiVersion: integreatly.org/v1alpha1 +kind: Grafana +metadata: + name: grafana-wheel +spec: + ingress: + enabled: True + hostname: grafana-wheel-monitoring-stack.apps.okd.baloise.dev + config: + log: + mode: "console" + level: "warn" + security: + admin_user: "root" + auth: + disable_login_form: False + disable_signout_menu: True + auth.anonymous: + enabled: True + dashboardLabelSelector: + - matchExpressions: + - { key: app, operator: In, values: [grafana] } + # initResources: + # # Optionally specify initResources + # limits: + # cpu: 1000m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 128Mi +# resources: +# # Optionally specify container resources +# limits: +# cpu: 2000m +# memory: 8000Mi +# requests: +# cpu: 100m +# memory: 200Mi diff --git a/.disabled/.monitoring-stack/prometheus/prometheus-crb.yaml b/.disabled/.monitoring-stack/prometheus/prometheus-crb.yaml index ebe268a9..61cd1f2c 100644 --- a/.disabled/.monitoring-stack/prometheus/prometheus-crb.yaml +++ b/.disabled/.monitoring-stack/prometheus/prometheus-crb.yaml @@ -1,12 +1,12 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: monitoring-stack-prometheus -subjects: - - kind: ServiceAccount - name: prometheus-wheel - namespace: monitoring-stack -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-monitoring-stack +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: monitoring-stack-prometheus +subjects: + - kind: ServiceAccount + name: prometheus-wheel + namespace: monitoring-stack +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-monitoring-stack diff --git a/.disabled/.monitoring-stack/prometheus/prometheus-htpasswd-secret.yaml b/.disabled/.monitoring-stack/prometheus/prometheus-htpasswd-secret.yaml index 7bfd1e91..f2a442db 100644 --- a/.disabled/.monitoring-stack/prometheus/prometheus-htpasswd-secret.yaml +++ b/.disabled/.monitoring-stack/prometheus/prometheus-htpasswd-secret.yaml @@ -1,9 +1,9 @@ -kind: Secret -apiVersion: v1 -metadata: - name: prometheus-wheel-htpasswd - labels: - k8s-app: prometheus-wheel -data: - auth: aW50ZXJuYWw6e1NIQX01eW1GSmgzcmFZRjQ4c1hiaWhid2NYSGo0eWs9 -type: Opaque +kind: Secret +apiVersion: v1 +metadata: + name: prometheus-wheel-htpasswd + labels: + k8s-app: prometheus-wheel +data: + auth: aW50ZXJuYWw6e1NIQX01eW1GSmgzcmFZRjQ4c1hiaWhid2NYSGo0eWs9 +type: Opaque diff --git a/.disabled/.monitoring-stack/prometheus/prometheus-route.yaml b/.disabled/.monitoring-stack/prometheus/prometheus-route.yaml index f61c398b..56423929 100644 --- a/.disabled/.monitoring-stack/prometheus/prometheus-route.yaml +++ b/.disabled/.monitoring-stack/prometheus/prometheus-route.yaml @@ -1,16 +1,16 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: prometheus-wheel -spec: - host: prometheus-wheel.apps.okd.baloise.dev - port: - targetPort: web - tls: - insecureEdgeTerminationPolicy: Redirect - termination: reencrypt - to: - kind: Service - name: prometheus-wheel - weight: 100 - wildcardPolicy: None +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: prometheus-wheel +spec: + host: prometheus-wheel.apps.okd.baloise.dev + port: + targetPort: web + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: prometheus-wheel + weight: 100 + wildcardPolicy: None diff --git a/.disabled/.monitoring-stack/prometheus/prometheus-sa.yaml b/.disabled/.monitoring-stack/prometheus/prometheus-sa.yaml index 21f15cc6..f6ff7208 100644 --- a/.disabled/.monitoring-stack/prometheus/prometheus-sa.yaml +++ b/.disabled/.monitoring-stack/prometheus/prometheus-sa.yaml @@ -1,12 +1,12 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: prometheus-wheel - app.kubernetes.io/version: v0.38.1 - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.prometheus-wheel: >- - {"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus-wheel"}} - name: prometheus-wheel - +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: prometheus-wheel + app.kubernetes.io/version: v0.38.1 + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.prometheus-wheel: >- + {"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"prometheus-wheel"}} + name: prometheus-wheel + diff --git a/.disabled/.monitoring-stack/prometheus/prometheus-servicemonitor.yaml b/.disabled/.monitoring-stack/prometheus/prometheus-servicemonitor.yaml index 781f8553..f3117d8a 100644 --- a/.disabled/.monitoring-stack/prometheus/prometheus-servicemonitor.yaml +++ b/.disabled/.monitoring-stack/prometheus/prometheus-servicemonitor.yaml @@ -1,18 +1,18 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - k8s-app: prometheus - name: prometheus -spec: - endpoints: - - interval: 30s - port: web - scheme: https - tlsConfig: - serverName: prometheus-wheel.monitoring-stack.svc - insecureSkipVerify: true - selector: - matchLabels: - prometheus: wheel - +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + k8s-app: prometheus + name: prometheus +spec: + endpoints: + - interval: 30s + port: web + scheme: https + tlsConfig: + serverName: prometheus-wheel.monitoring-stack.svc + insecureSkipVerify: true + selector: + matchLabels: + prometheus: wheel + diff --git a/.disabled/.monitoring-stack/prometheus/prometheus-svc.yaml b/.disabled/.monitoring-stack/prometheus/prometheus-svc.yaml index 58a3aa39..8b63fba8 100644 --- a/.disabled/.monitoring-stack/prometheus/prometheus-svc.yaml +++ b/.disabled/.monitoring-stack/prometheus/prometheus-svc.yaml @@ -1,21 +1,21 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: prometheus-wheel-tls - labels: - prometheus: prometheus-wheel - name: prometheus-wheel -spec: - ports: - - name: metrics - port: 9091 - targetPort: metrics - - name: web - port: 9093 - targetPort: web - selector: - app: prometheus - prometheus: wheel - sessionAffinity: ClientIP - +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: prometheus-wheel-tls + labels: + prometheus: prometheus-wheel + name: prometheus-wheel +spec: + ports: + - name: metrics + port: 9091 + targetPort: metrics + - name: web + port: 9093 + targetPort: web + selector: + app: prometheus + prometheus: wheel + sessionAffinity: ClientIP + diff --git a/.disabled/.monitoring-stack/prometheus/prometheus.yaml b/.disabled/.monitoring-stack/prometheus/prometheus.yaml index af0ad61d..ceb8b641 100644 --- a/.disabled/.monitoring-stack/prometheus/prometheus.yaml +++ b/.disabled/.monitoring-stack/prometheus/prometheus.yaml @@ -1,148 +1,148 @@ -apiVersion: monitoring.coreos.com/v1 -kind: Prometheus -metadata: - labels: - prometheus: wheel - name: wheel -spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: prometheus - operator: In - values: - - wheel - namespaces: - - monitoring-stack - topologyKey: kubernetes.io/hostname - weight: 100 - alerting: - alertmanagers: - - apiVersion: v2 - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - # Needs to match Service name - name: alertmanager-wheel - namespace: monitoring-stack - port: web - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - serverName: alertmanager-wheel.monitoring-stack.svc - arbitraryFSAccessThroughSMs: - deny: true - containers: - - args: - - -provider=openshift - - -https-address=:9093 - - -http-address= - - -email-domain=* - - -upstream=http://localhost:9090 - - -htpasswd-file=/etc/proxy/htpasswd/auth - - -openshift-service-account=prometheus-wheel - - '-openshift-sar={"resource": "namespaces", "verb": "get"}' - - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' - - -tls-cert=/etc/tls/private/tls.crt - - -tls-key=/etc/tls/private/tls.key - - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - #- -cookie-secret-file=/etc/proxy/secrets/session_secret - - --cookie-secret=SECRET - - -openshift-ca=/etc/pki/tls/cert.pem - - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - -skip-auth-regex=^/metrics - env: - - name: HTTP_PROXY - - name: HTTPS_PROXY - - name: NO_PROXY - image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 - name: prometheus-proxy - ports: - - containerPort: 9093 - name: web - resources: - requests: - cpu: 1m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: secret-prometheus-wheel-tls -# - mountPath: /etc/proxy/secrets -# name: secret-prometheus-k8s-proxy - - mountPath: /etc/proxy/htpasswd - name: secret-prometheus-wheel-htpasswd - - args: - - --secure-listen-address=0.0.0.0:9091 - - --upstream=http://127.0.0.1:9090 - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - image: quay.io/openshift/okd-content@sha256:1aa5bb03d0485ec2db2c7871a1eeaef83e9eabf7e9f1bc2c841cf1a759817c99 - name: kube-rbac-proxy - ports: - - containerPort: 9091 - name: metrics - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: secret-prometheus-wheel-tls - - args: - - sidecar - - --prometheus.url=http://localhost:9090/ - - --tsdb.path=/prometheus - - --grpc-address=[$(POD_IP)]:10901 - - --http-address=127.0.0.1:10902 - - --grpc-server-tls-cert=/etc/tls/grpc/tls.crt - - --grpc-server-tls-key=/etc/tls/grpc/tls.key - - --grpc-server-tls-client-ca=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - name: thanos-sidecar - resources: - requests: - cpu: 10m - memory: 20Mi - volumeMounts: - - mountPath: /etc/tls/grpc - name: secret-prometheus-wheel-tls - enforcedNamespaceLabel: namespace - ignoreNamespaceSelectors: true - image: quay.io/openshift/okd-content@sha256:279ce4bca3111edeb43485cfe9af9ddf1d5c449aba7f23d9c4f7bba3f7f723ee - listenLocal: true - nodeSelector: - kubernetes.io/os: linux - overrideHonorLabels: true - overrideHonorTimestamps: true - priorityClassName: system-cluster-critical - replicas: 1 - resources: - requests: - cpu: 100m - memory: 1Gi - retention: 15d - # https://github.com/prometheus-operator/prometheus-operator/issues/2547#issuecomment-481494167 - ruleNamespaceSelector: - matchLabels: - client: cluster-infra - ruleSelector: {} - serviceMonitorNamespaceSelector: - matchLabels: - client: cluster-infra - serviceMonitorSelector: {} - secrets: - - prometheus-wheel-tls - - prometheus-wheel-htpasswd - serviceAccountName: prometheus-wheel - thanos: - baseImage: quay.io/openshift/origin-thanos - image: quay.io/openshift/okd-content@sha256:048ef6d2ea93c4a890c270b9b8623df624b7199c6ede15c7de78e0213caf9f00 - resources: - requests: - cpu: 50m - memory: 100Mi - version: latest - version: v2.15.2 +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + labels: + prometheus: wheel + name: wheel +spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: prometheus + operator: In + values: + - wheel + namespaces: + - monitoring-stack + topologyKey: kubernetes.io/hostname + weight: 100 + alerting: + alertmanagers: + - apiVersion: v2 + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # Needs to match Service name + name: alertmanager-wheel + namespace: monitoring-stack + port: web + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + serverName: alertmanager-wheel.monitoring-stack.svc + arbitraryFSAccessThroughSMs: + deny: true + containers: + - args: + - -provider=openshift + - -https-address=:9093 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:9090 + - -htpasswd-file=/etc/proxy/htpasswd/auth + - -openshift-service-account=prometheus-wheel + - '-openshift-sar={"resource": "namespaces", "verb": "get"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + #- -cookie-secret-file=/etc/proxy/secrets/session_secret + - --cookie-secret=SECRET + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - -skip-auth-regex=^/metrics + env: + - name: HTTP_PROXY + - name: HTTPS_PROXY + - name: NO_PROXY + image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 + name: prometheus-proxy + ports: + - containerPort: 9093 + name: web + resources: + requests: + cpu: 1m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: secret-prometheus-wheel-tls +# - mountPath: /etc/proxy/secrets +# name: secret-prometheus-k8s-proxy + - mountPath: /etc/proxy/htpasswd + name: secret-prometheus-wheel-htpasswd + - args: + - --secure-listen-address=0.0.0.0:9091 + - --upstream=http://127.0.0.1:9090 + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + image: quay.io/openshift/okd-content@sha256:1aa5bb03d0485ec2db2c7871a1eeaef83e9eabf7e9f1bc2c841cf1a759817c99 + name: kube-rbac-proxy + ports: + - containerPort: 9091 + name: metrics + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: secret-prometheus-wheel-tls + - args: + - sidecar + - --prometheus.url=http://localhost:9090/ + - --tsdb.path=/prometheus + - --grpc-address=[$(POD_IP)]:10901 + - --http-address=127.0.0.1:10902 + - --grpc-server-tls-cert=/etc/tls/grpc/tls.crt + - --grpc-server-tls-key=/etc/tls/grpc/tls.key + - --grpc-server-tls-client-ca=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + name: thanos-sidecar + resources: + requests: + cpu: 10m + memory: 20Mi + volumeMounts: + - mountPath: /etc/tls/grpc + name: secret-prometheus-wheel-tls + enforcedNamespaceLabel: namespace + ignoreNamespaceSelectors: true + image: quay.io/openshift/okd-content@sha256:279ce4bca3111edeb43485cfe9af9ddf1d5c449aba7f23d9c4f7bba3f7f723ee + listenLocal: true + nodeSelector: + kubernetes.io/os: linux + overrideHonorLabels: true + overrideHonorTimestamps: true + priorityClassName: system-cluster-critical + replicas: 1 + resources: + requests: + cpu: 100m + memory: 1Gi + retention: 15d + # https://github.com/prometheus-operator/prometheus-operator/issues/2547#issuecomment-481494167 + ruleNamespaceSelector: + matchLabels: + client: cluster-infra + ruleSelector: {} + serviceMonitorNamespaceSelector: + matchLabels: + client: cluster-infra + serviceMonitorSelector: {} + secrets: + - prometheus-wheel-tls + - prometheus-wheel-htpasswd + serviceAccountName: prometheus-wheel + thanos: + baseImage: quay.io/openshift/origin-thanos + image: quay.io/openshift/okd-content@sha256:048ef6d2ea93c4a890c270b9b8623df624b7199c6ede15c7de78e0213caf9f00 + resources: + requests: + cpu: 50m + memory: 100Mi + version: latest + version: v2.15.2 diff --git a/.disabled/.monitoring-stack/test/failing-prometheusrule.yaml b/.disabled/.monitoring-stack/test/failing-prometheusrule.yaml index 854a847c..b3914491 100644 --- a/.disabled/.monitoring-stack/test/failing-prometheusrule.yaml +++ b/.disabled/.monitoring-stack/test/failing-prometheusrule.yaml @@ -1,19 +1,19 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - labels: - prometheus: wheel - role: alert-rules - name: prometheus-example-rules -spec: - groups: - - name: Example Alert - rules: - - alert: example alert - expr: up > 0 - for: 5s - labels: - severity: critical - annotations: - title: Example alert is firing - description: Faild to equal 1 with 0 +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + prometheus: wheel + role: alert-rules + name: prometheus-example-rules +spec: + groups: + - name: Example Alert + rules: + - alert: example alert + expr: up > 0 + for: 5s + labels: + severity: critical + annotations: + title: Example alert is firing + description: Faild to equal 1 with 0 diff --git a/.disabled/.monitoring-stack/thanos-querier/thanos-querier-deploy.yaml b/.disabled/.monitoring-stack/thanos-querier/thanos-querier-deploy.yaml index be767752..fb9e5734 100644 --- a/.disabled/.monitoring-stack/thanos-querier/thanos-querier-deploy.yaml +++ b/.disabled/.monitoring-stack/thanos-querier/thanos-querier-deploy.yaml @@ -1,208 +1,208 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: query-layer - app.kubernetes.io/instance: thanos-querier - app.kubernetes.io/name: thanos-query - app.kubernetes.io/version: 0.11.0 - name: thanos-querier -spec: - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: query-layer - app.kubernetes.io/instance: thanos-querier - app.kubernetes.io/name: thanos-query - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: query-layer - app.kubernetes.io/instance: thanos-querier - app.kubernetes.io/name: thanos-query - app.kubernetes.io/version: 0.11.0 - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - thanos-query - namespaces: - - openshift-monitoring - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - query - - --grpc-address=127.0.0.1:10901 - - --http-address=127.0.0.1:9090 - - --query.replica-label=prometheus_replica - - --query.replica-label=thanos_ruler_replica - - --store=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local - - --grpc-client-tls-secure - - --grpc-client-tls-cert=/etc/tls/grpc/client.crt - - --grpc-client-tls-key=/etc/tls/grpc/client.key - - --grpc-client-tls-ca=/etc/tls/grpc/ca.crt - - --grpc-client-server-name=prometheus-grpc - - --store=dnssrv+_grpc._tcp.prometheus-operated.openshift-user-workload-monitoring.svc.cluster.local - - --store=dnssrv+_grpc._tcp.thanos-ruler-operated.openshift-user-workload-monitoring.svc.cluster.local - image: quay.io/openshift/okd-content@sha256:048ef6d2ea93c4a890c270b9b8623df624b7199c6ede15c7de78e0213caf9f00 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - sh - - -c - - if [ -x "$(command -v curl)" ]; then curl http://localhost:9090/-/healthy; - elif [ -x "$(command -v wget)" ]; then wget --quiet --tries=1 --spider - http://localhost:9090/-/healthy; else exit 1; fi - failureThreshold: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: thanos-query - ports: - - containerPort: 9090 - name: http - protocol: TCP - readinessProbe: - exec: - command: - - sh - - -c - - if [ -x "$(command -v curl)" ]; then curl http://localhost:9090/-/healthy; - elif [ -x "$(command -v wget)" ]; then wget --quiet --tries=1 --spider - http://localhost:9090/-/healthy; else exit 1; fi - failureThreshold: 3 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 5m - memory: 12Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/grpc - name: secret-grpc-tls - - args: - - -provider=openshift - - -https-address=:9091 - - -http-address= - - -email-domain=* - - -upstream=http://localhost:9090 - - -htpasswd-file=/etc/proxy/htpasswd/auth - - -openshift-service-account=thanos-querier - - '-openshift-sar={"resource": "namespaces", "verb": "get"}' - - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' - - -tls-cert=/etc/tls/private/tls.crt - - -tls-key=/etc/tls/private/tls.key - - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - - -cookie-secret-file=/etc/proxy/secrets/session_secret - - -openshift-ca=/etc/pki/tls/cert.pem - - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - -skip-auth-regex=^/metrics - env: - - name: HTTP_PROXY - - name: HTTPS_PROXY - - name: NO_PROXY - image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 - imagePullPolicy: IfNotPresent - name: oauth-proxy - ports: - - containerPort: 9091 - name: web - protocol: TCP - resources: - requests: - cpu: 1m - memory: 20Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: secret-thanos-querier-tls - - mountPath: /etc/proxy/secrets - name: secret-thanos-querier-oauth-cookie - - mountPath: /etc/proxy/htpasswd - name: secret-thanos-querier-oauth-htpasswd - - mountPath: /etc/pki/ca-trust/extracted/pem/ - name: thanos-querier-trusted-ca-bundle - readOnly: true - - args: - - --secure-listen-address=0.0.0.0:9092 - - --upstream=http://127.0.0.1:9095 - - --config-file=/etc/kube-rbac-proxy/config.yaml - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --logtostderr=true - image: quay.io/openshift/okd-content@sha256:1aa5bb03d0485ec2db2c7871a1eeaef83e9eabf7e9f1bc2c841cf1a759817c99 - imagePullPolicy: IfNotPresent - name: kube-rbac-proxy - ports: - - containerPort: 9092 - name: tenancy - protocol: TCP - resources: - requests: - cpu: 1m - memory: 20Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: secret-thanos-querier-tls - - mountPath: /etc/kube-rbac-proxy - name: secret-thanos-querier-kube-rbac-proxy - dnsPolicy: ClusterFirst - priorityClassName: system-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - serviceAccount: thanos-querier - serviceAccountName: thanos-querier - terminationGracePeriodSeconds: 120 - volumes: - - name: secret-thanos-querier-tls - secret: - defaultMode: 420 - secretName: thanos-querier-tls - - name: secret-thanos-querier-oauth-cookie - secret: - defaultMode: 420 - secretName: thanos-querier-oauth-cookie - - name: secret-thanos-querier-oauth-htpasswd - secret: - defaultMode: 420 - secretName: thanos-querier-oauth-htpasswd - - name: secret-thanos-querier-kube-rbac-proxy - secret: - defaultMode: 420 - secretName: thanos-querier-kube-rbac-proxy - - name: secret-grpc-tls - secret: - defaultMode: 420 - secretName: thanos-querier-grpc-tls-7152bsq0c23h1 - - configMap: - defaultMode: 420 - items: - - key: ca-bundle.crt - path: tls-ca-bundle.pem - name: thanos-querier-trusted-ca-bundle-dhdn0615554p8 - optional: true - name: thanos-querier-trusted-ca-bundle - +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: thanos-querier + app.kubernetes.io/name: thanos-query + app.kubernetes.io/version: 0.11.0 + name: thanos-querier +spec: + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: thanos-querier + app.kubernetes.io/name: thanos-query + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: thanos-querier + app.kubernetes.io/name: thanos-query + app.kubernetes.io/version: 0.11.0 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - thanos-query + namespaces: + - openshift-monitoring + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - query + - --grpc-address=127.0.0.1:10901 + - --http-address=127.0.0.1:9090 + - --query.replica-label=prometheus_replica + - --query.replica-label=thanos_ruler_replica + - --store=dnssrv+_grpc._tcp.prometheus-operated.openshift-monitoring.svc.cluster.local + - --grpc-client-tls-secure + - --grpc-client-tls-cert=/etc/tls/grpc/client.crt + - --grpc-client-tls-key=/etc/tls/grpc/client.key + - --grpc-client-tls-ca=/etc/tls/grpc/ca.crt + - --grpc-client-server-name=prometheus-grpc + - --store=dnssrv+_grpc._tcp.prometheus-operated.openshift-user-workload-monitoring.svc.cluster.local + - --store=dnssrv+_grpc._tcp.thanos-ruler-operated.openshift-user-workload-monitoring.svc.cluster.local + image: quay.io/openshift/okd-content@sha256:048ef6d2ea93c4a890c270b9b8623df624b7199c6ede15c7de78e0213caf9f00 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - sh + - -c + - if [ -x "$(command -v curl)" ]; then curl http://localhost:9090/-/healthy; + elif [ -x "$(command -v wget)" ]; then wget --quiet --tries=1 --spider + http://localhost:9090/-/healthy; else exit 1; fi + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: thanos-query + ports: + - containerPort: 9090 + name: http + protocol: TCP + readinessProbe: + exec: + command: + - sh + - -c + - if [ -x "$(command -v curl)" ]; then curl http://localhost:9090/-/healthy; + elif [ -x "$(command -v wget)" ]; then wget --quiet --tries=1 --spider + http://localhost:9090/-/healthy; else exit 1; fi + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 5m + memory: 12Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/grpc + name: secret-grpc-tls + - args: + - -provider=openshift + - -https-address=:9091 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:9090 + - -htpasswd-file=/etc/proxy/htpasswd/auth + - -openshift-service-account=thanos-querier + - '-openshift-sar={"resource": "namespaces", "verb": "get"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - -skip-auth-regex=^/metrics + env: + - name: HTTP_PROXY + - name: HTTPS_PROXY + - name: NO_PROXY + image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 + imagePullPolicy: IfNotPresent + name: oauth-proxy + ports: + - containerPort: 9091 + name: web + protocol: TCP + resources: + requests: + cpu: 1m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: secret-thanos-querier-tls + - mountPath: /etc/proxy/secrets + name: secret-thanos-querier-oauth-cookie + - mountPath: /etc/proxy/htpasswd + name: secret-thanos-querier-oauth-htpasswd + - mountPath: /etc/pki/ca-trust/extracted/pem/ + name: thanos-querier-trusted-ca-bundle + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:9092 + - --upstream=http://127.0.0.1:9095 + - --config-file=/etc/kube-rbac-proxy/config.yaml + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - --logtostderr=true + image: quay.io/openshift/okd-content@sha256:1aa5bb03d0485ec2db2c7871a1eeaef83e9eabf7e9f1bc2c841cf1a759817c99 + imagePullPolicy: IfNotPresent + name: kube-rbac-proxy + ports: + - containerPort: 9092 + name: tenancy + protocol: TCP + resources: + requests: + cpu: 1m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: secret-thanos-querier-tls + - mountPath: /etc/kube-rbac-proxy + name: secret-thanos-querier-kube-rbac-proxy + dnsPolicy: ClusterFirst + priorityClassName: system-cluster-critical + restartPolicy: Always + schedulerName: default-scheduler + serviceAccount: thanos-querier + serviceAccountName: thanos-querier + terminationGracePeriodSeconds: 120 + volumes: + - name: secret-thanos-querier-tls + secret: + defaultMode: 420 + secretName: thanos-querier-tls + - name: secret-thanos-querier-oauth-cookie + secret: + defaultMode: 420 + secretName: thanos-querier-oauth-cookie + - name: secret-thanos-querier-oauth-htpasswd + secret: + defaultMode: 420 + secretName: thanos-querier-oauth-htpasswd + - name: secret-thanos-querier-kube-rbac-proxy + secret: + defaultMode: 420 + secretName: thanos-querier-kube-rbac-proxy + - name: secret-grpc-tls + secret: + defaultMode: 420 + secretName: thanos-querier-grpc-tls-7152bsq0c23h1 + - configMap: + defaultMode: 420 + items: + - key: ca-bundle.crt + path: tls-ca-bundle.pem + name: thanos-querier-trusted-ca-bundle-dhdn0615554p8 + optional: true + name: thanos-querier-trusted-ca-bundle + diff --git a/.disabled/.monitoring-stack/thanos-querier/thanos-querier-sa.yaml b/.disabled/.monitoring-stack/thanos-querier/thanos-querier-sa.yaml index ca5f03f2..a005e27f 100644 --- a/.disabled/.monitoring-stack/thanos-querier/thanos-querier-sa.yaml +++ b/.disabled/.monitoring-stack/thanos-querier/thanos-querier-sa.yaml @@ -1,12 +1,12 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.thanos-querier: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"thanos-querier"}}' - labels: - app.kubernetes.io/component: query-layer - app.kubernetes.io/instance: thanos-querier - app.kubernetes.io/name: thanos-query - app.kubernetes.io/version: 0.11.0 - name: thanos-querier - +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.thanos-querier: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"thanos-querier"}}' + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: thanos-querier + app.kubernetes.io/name: thanos-query + app.kubernetes.io/version: 0.11.0 + name: thanos-querier + diff --git a/.disabled/.monitoring-stack/thanos-querier/thanos-querier-svc.yaml b/.disabled/.monitoring-stack/thanos-querier/thanos-querier-svc.yaml index 088fe41c..2f7ddc7c 100644 --- a/.disabled/.monitoring-stack/thanos-querier/thanos-querier-svc.yaml +++ b/.disabled/.monitoring-stack/thanos-querier/thanos-querier-svc.yaml @@ -1,24 +1,24 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: thanos-querier-tls - labels: - app.kubernetes.io/component: query-layer - app.kubernetes.io/instance: thanos-querier - app.kubernetes.io/name: thanos-query - app.kubernetes.io/version: 0.11.0 - name: thanos-querier -spec: - ports: - - name: web - port: 9091 - targetPort: web - - name: tenancy - port: 9092 - targetPort: tenancy - selector: - app.kubernetes.io/component: query-layer - app.kubernetes.io/instance: thanos-querier - app.kubernetes.io/name: thanos-query - +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: thanos-querier-tls + labels: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: thanos-querier + app.kubernetes.io/name: thanos-query + app.kubernetes.io/version: 0.11.0 + name: thanos-querier +spec: + ports: + - name: web + port: 9091 + targetPort: web + - name: tenancy + port: 9092 + targetPort: tenancy + selector: + app.kubernetes.io/component: query-layer + app.kubernetes.io/instance: thanos-querier + app.kubernetes.io/name: thanos-query + diff --git a/.disabled/.monitoring-stack/thanos-ruler/thanos-htpasswd-secret.yaml b/.disabled/.monitoring-stack/thanos-ruler/thanos-htpasswd-secret.yaml index db0143c6..64a99f4e 100644 --- a/.disabled/.monitoring-stack/thanos-ruler/thanos-htpasswd-secret.yaml +++ b/.disabled/.monitoring-stack/thanos-ruler/thanos-htpasswd-secret.yaml @@ -1,7 +1,7 @@ -kind: Secret -apiVersion: v1 -metadata: - name: thanos-ruler-oauth-htpasswd -data: - auth: aW50ZXJuYWw6emFMMUdnS2xrUlpiRQ== -type: Opaque +kind: Secret +apiVersion: v1 +metadata: + name: thanos-ruler-oauth-htpasswd +data: + auth: aW50ZXJuYWw6emFMMUdnS2xrUlpiRQ== +type: Opaque diff --git a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-alertmanagers-config.yaml b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-alertmanagers-config.yaml index e826fb0b..9156d4df 100644 --- a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-alertmanagers-config.yaml +++ b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-alertmanagers-config.yaml @@ -1,17 +1,17 @@ -apiVersion: v1 -stringData: - alertmanagers.yaml: | - "alertmanagers": - - "http_config": - "bearer_token_file": "/var/run/secrets/kubernetes.io/serviceaccount/token" - "tls_config": - "ca_file": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - "server_name": "wheel-alertmanager.monitoring-stack.svc" - "scheme": "https" - "static_configs": - - "dnssrv+_web._tcp.alertmanager-operated.monitoring-stack.svc" -kind: Secret -metadata: - name: thanos-ruler-alertmanagers-config -type: Opaque - +apiVersion: v1 +stringData: + alertmanagers.yaml: | + "alertmanagers": + - "http_config": + "bearer_token_file": "/var/run/secrets/kubernetes.io/serviceaccount/token" + "tls_config": + "ca_file": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + "server_name": "wheel-alertmanager.monitoring-stack.svc" + "scheme": "https" + "static_configs": + - "dnssrv+_web._tcp.alertmanager-operated.monitoring-stack.svc" +kind: Secret +metadata: + name: thanos-ruler-alertmanagers-config +type: Opaque + diff --git a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-query-config.yaml b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-query-config.yaml index 04d5cc23..1de8ebc5 100644 --- a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-query-config.yaml +++ b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-query-config.yaml @@ -1,16 +1,16 @@ -apiVersion: v1 -stringData: - query.yaml: | - - "http_config": - "bearer_token_file": "/var/run/secrets/kubernetes.io/serviceaccount/token" - "tls_config": - "ca_file": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - "server_name": "thanos-querier.monitoring-stack.svc" - "scheme": "https" - "static_configs": - - "thanos-querier.monitoring-stack.svc:9091" -kind: Secret -metadata: - name: thanos-ruler-query-config -type: Opaque - +apiVersion: v1 +stringData: + query.yaml: | + - "http_config": + "bearer_token_file": "/var/run/secrets/kubernetes.io/serviceaccount/token" + "tls_config": + "ca_file": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + "server_name": "thanos-querier.monitoring-stack.svc" + "scheme": "https" + "static_configs": + - "thanos-querier.monitoring-stack.svc:9091" +kind: Secret +metadata: + name: thanos-ruler-query-config +type: Opaque + diff --git a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-route.yaml b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-route.yaml index ac8e74e9..fa4bae27 100644 --- a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-route.yaml +++ b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-route.yaml @@ -1,17 +1,17 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: thanos-ruler -spec: - host: thanos-ruler-monitoring-stack.apps.okd.baloise.dev - port: - targetPort: web - tls: - insecureEdgeTerminationPolicy: Redirect - termination: reencrypt - to: - kind: Service - name: thanos-ruler - weight: 100 - wildcardPolicy: None - +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: thanos-ruler +spec: + host: thanos-ruler-monitoring-stack.apps.okd.baloise.dev + port: + targetPort: web + tls: + insecureEdgeTerminationPolicy: Redirect + termination: reencrypt + to: + kind: Service + name: thanos-ruler + weight: 100 + wildcardPolicy: None + diff --git a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-sa.yaml b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-sa.yaml index d39f4fca..9744e07a 100644 --- a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-sa.yaml +++ b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-sa.yaml @@ -1,7 +1,7 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.thanos-ruler: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"thanos-ruler"}}' - name: thanos-ruler - +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.thanos-ruler: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"thanos-ruler"}}' + name: thanos-ruler + diff --git a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-svc.yaml b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-svc.yaml index 2cccc6fc..65dd0f8a 100644 --- a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-svc.yaml +++ b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler-svc.yaml @@ -1,19 +1,19 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: thanos-ruler-tls - name: thanos-ruler -spec: - ports: - - name: web - port: 9091 - targetPort: web - - name: grpc - port: 10901 - targetPort: grpc - selector: - app: thanos-ruler - thanos-ruler: wheel - sessionAffinity: ClientIP - +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.openshift.io/serving-cert-secret-name: thanos-ruler-tls + name: thanos-ruler +spec: + ports: + - name: web + port: 9091 + targetPort: web + - name: grpc + port: 10901 + targetPort: grpc + selector: + app: thanos-ruler + thanos-ruler: wheel + sessionAffinity: ClientIP + diff --git a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler.yaml b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler.yaml index e048ab7d..d5b1206d 100644 --- a/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler.yaml +++ b/.disabled/.monitoring-stack/thanos-ruler/thanos-ruler.yaml @@ -1,75 +1,75 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ThanosRuler -metadata: - labels: - thanosRulerName: wheel - name: wheel -spec: - alertQueryUrl: https://thanos-querier-monitoring-stack.apps.okd.baloise.dev - alertmanagersConfig: - key: alertmanagers.yaml - name: thanos-ruler-alertmanagers-config - containers: - - name: thanos-ruler - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: secret-thanos-ruler-tls - - args: - - -provider=openshift - - -https-address=:9091 - - -http-address= - - -email-domain=* - - -upstream=http://localhost:10902 - - '-openshift-sar={"resource": "namespaces", "verb": "get"}' - - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' - - -tls-cert=/etc/tls/private/tls.crt - - -tls-key=/etc/tls/private/tls.key - - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token -# - -cookie-secret-file=/etc/proxy/secrets/session_secret - - -cookie-secret=SECRET - - -openshift-service-account=thanos-ruler - - -openshift-ca=/etc/pki/tls/cert.pem - - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - -skip-auth-regex=^/metrics - env: - - name: HTTP_PROXY - - name: HTTPS_PROXY - - name: NO_PROXY - image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 - name: thanos-ruler-proxy - ports: - - containerPort: 9091 - name: web - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: secret-thanos-ruler-tls -# - mountPath: /etc/proxy/secrets -# name: secret-thanos-ruler-oauth-cookie -# readOnly: true - enforcedNamespaceLabel: namespace - grpcServerTlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - certFile: /etc/tls/private/tls.crt - keyFile: /etc/tls/private/tls.key - image: quay.io/openshift/okd-content@sha256:048ef6d2ea93c4a890c270b9b8623df624b7199c6ede15c7de78e0213caf9f00 - queryConfig: - key: query.yaml - name: thanos-ruler-query-config - replicas: 1 - serviceAccountName: thanos-ruler - volumes: - - name: secret-thanos-ruler-tls - secret: - secretName: thanos-ruler-tls -# - name: secret-thanos-ruler-oauth-cookie -# secret: -# secretName: thanos-ruler-oauth-cookie - - name: secret-thanos-ruler-oauth-htpasswd - secret: - secretName: thanos-ruler-oauth-htpasswd +apiVersion: monitoring.coreos.com/v1 +kind: ThanosRuler +metadata: + labels: + thanosRulerName: wheel + name: wheel +spec: + alertQueryUrl: https://thanos-querier-monitoring-stack.apps.okd.baloise.dev + alertmanagersConfig: + key: alertmanagers.yaml + name: thanos-ruler-alertmanagers-config + containers: + - name: thanos-ruler + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: secret-thanos-ruler-tls + - args: + - -provider=openshift + - -https-address=:9091 + - -http-address= + - -email-domain=* + - -upstream=http://localhost:10902 + - '-openshift-sar={"resource": "namespaces", "verb": "get"}' + - '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}' + - -tls-cert=/etc/tls/private/tls.crt + - -tls-key=/etc/tls/private/tls.key + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token +# - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -cookie-secret=SECRET + - -openshift-service-account=thanos-ruler + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - -skip-auth-regex=^/metrics + env: + - name: HTTP_PROXY + - name: HTTPS_PROXY + - name: NO_PROXY + image: quay.io/openshift/okd-content@sha256:644bcaca0a108801e83f4c3585c267e069bd6d7975c4234cd6498d96693211b0 + name: thanos-ruler-proxy + ports: + - containerPort: 9091 + name: web + resources: + requests: + cpu: 10m + memory: 20Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: secret-thanos-ruler-tls +# - mountPath: /etc/proxy/secrets +# name: secret-thanos-ruler-oauth-cookie +# readOnly: true + enforcedNamespaceLabel: namespace + grpcServerTlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + certFile: /etc/tls/private/tls.crt + keyFile: /etc/tls/private/tls.key + image: quay.io/openshift/okd-content@sha256:048ef6d2ea93c4a890c270b9b8623df624b7199c6ede15c7de78e0213caf9f00 + queryConfig: + key: query.yaml + name: thanos-ruler-query-config + replicas: 1 + serviceAccountName: thanos-ruler + volumes: + - name: secret-thanos-ruler-tls + secret: + secretName: thanos-ruler-tls +# - name: secret-thanos-ruler-oauth-cookie +# secret: +# secretName: thanos-ruler-oauth-cookie + - name: secret-thanos-ruler-oauth-htpasswd + secret: + secretName: thanos-ruler-oauth-htpasswd diff --git a/.disabled/.noobaa/cephobjectstoreuser-cr.yaml b/.disabled/.noobaa/cephobjectstoreuser-cr.yaml index 3f665404..c26618ae 100644 --- a/.disabled/.noobaa/cephobjectstoreuser-cr.yaml +++ b/.disabled/.noobaa/cephobjectstoreuser-cr.yaml @@ -1,6 +1,6 @@ -apiVersion: ceph.rook.io/v1 -kind: CephObjectStoreUser -metadata: - name: noobaa-ceph-objectstore-user -spec: - displayName: noobaa-ceph-objectstore-user +apiVersion: ceph.rook.io/v1 +kind: CephObjectStoreUser +metadata: + name: noobaa-ceph-objectstore-user +spec: + displayName: noobaa-ceph-objectstore-user diff --git a/.disabled/.noobaa/cluster_role.yaml b/.disabled/.noobaa/cluster_role.yaml index b0f86569..340621fc 100644 --- a/.disabled/.noobaa/cluster_role.yaml +++ b/.disabled/.noobaa/cluster_role.yaml @@ -1,67 +1,67 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: noobaa.noobaa.io -rules: - - apiGroups: - - noobaa.io - resources: - - "*" - - noobaas - - backingstores - - bucketclasses - - noobaas/finalizers - - backingstores/finalizers - - bucketclasses/finalizers - verbs: - - "*" - - apiGroups: - - objectbucket.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - configmaps - - secrets - - persistentvolumes - verbs: - - "*" - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: # from system:auth-delegator - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: # from system:auth-delegator - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: noobaa.noobaa.io +rules: + - apiGroups: + - noobaa.io + resources: + - "*" + - noobaas + - backingstores + - bucketclasses + - noobaas/finalizers + - backingstores/finalizers + - bucketclasses/finalizers + verbs: + - "*" + - apiGroups: + - objectbucket.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "" + resources: + - configmaps + - secrets + - persistentvolumes + verbs: + - "*" + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: # from system:auth-delegator + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: # from system:auth-delegator + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/.disabled/.noobaa/cluster_role_binding.yaml b/.disabled/.noobaa/cluster_role_binding.yaml index 056bff32..69fd8a56 100644 --- a/.disabled/.noobaa/cluster_role_binding.yaml +++ b/.disabled/.noobaa/cluster_role_binding.yaml @@ -1,12 +1,12 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: noobaa.noobaa.io -subjects: - - kind: ServiceAccount - name: noobaa - namespace: noobaa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: noobaa.noobaa.io +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: noobaa.noobaa.io +subjects: + - kind: ServiceAccount + name: noobaa + namespace: noobaa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: noobaa.noobaa.io diff --git a/.disabled/.noobaa/noobaa.io_backingstores_crd.yaml b/.disabled/.noobaa/noobaa.io_backingstores_crd.yaml index 9fbaa2b6..ac8c0082 100644 --- a/.disabled/.noobaa/noobaa.io_backingstores_crd.yaml +++ b/.disabled/.noobaa/noobaa.io_backingstores_crd.yaml @@ -1,361 +1,361 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: backingstores.noobaa.io -spec: - group: noobaa.io - names: - kind: BackingStore - listKind: BackingStoreList - plural: backingstores - singular: backingstore - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Type - jsonPath: .spec.type - name: Type - type: string - - description: Phase - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BackingStore is the Schema for the backingstores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of the desired behavior of the noobaa BackingStore. - properties: - awsS3: - description: AWSS3Spec specifies a backing store of type aws-s3 - properties: - region: - description: Region is the AWS region - type: string - secret: - description: Secret refers to a secret that provides the credentials - The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - sslDisabled: - description: SSLDisabled allows to disable SSL and use plain http - type: boolean - targetBucket: - description: TargetBucket is the name of the target S3 bucket - type: string - required: - - secret - - targetBucket - type: object - azureBlob: - description: AzureBlob specifies a backing store of type azure-blob - properties: - secret: - description: Secret refers to a secret that provides the credentials - The secret should define AccountName and AccountKey as provided - by Azure Blob. - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - targetBlobContainer: - description: TargetBlobContainer is the name of the target Azure - Blob container - type: string - required: - - secret - - targetBlobContainer - type: object - googleCloudStorage: - description: GoogleCloudStorage specifies a backing store of type - google-cloud-storage - properties: - secret: - description: Secret refers to a secret that provides the credentials - The secret should define GoogleServiceAccountPrivateKeyJson - containing the entire json string as provided by Google. - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - targetBucket: - description: TargetBucket is the name of the target S3 bucket - type: string - required: - - secret - - targetBucket - type: object - ibmCos: - description: IBMCos specifies a backing store of type ibm-cos - properties: - endpoint: - description: 'Endpoint is the IBM COS compatible endpoint: http(s)://host:port' - type: string - secret: - description: Secret refers to a secret that provides the credentials - The secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - signatureVersion: - description: SignatureVersion specifies the client signature version - to use when signing requests. - type: string - targetBucket: - description: TargetBucket is the name of the target IBM COS bucket - type: string - required: - - endpoint - - secret - - targetBucket - type: object - pvPool: - description: PVPool specifies a backing store of type pv-pool - properties: - numVolumes: - description: NumVolumes is the number of volumes to allocate - type: integer - resources: - description: VolumeResources represents the minimum resources - each volume should have. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - secret: - description: Secret refers to a secret that provides the agent - configuration The secret should define AGENT_CONFIG containing - agent_configuration from noobaa-core. - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - storageClass: - description: StorageClass is the name of the storage class to - use for the PV's - type: string - required: - - numVolumes - type: object - s3Compatible: - description: S3Compatible specifies a backing store of type s3-compatible - properties: - endpoint: - description: 'Endpoint is the S3 compatible endpoint: http(s)://host:port' - type: string - secret: - description: Secret refers to a secret that provides the credentials - The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - signatureVersion: - description: SignatureVersion specifies the client signature version - to use when signing requests. - type: string - targetBucket: - description: TargetBucket is the name of the target S3 bucket - type: string - required: - - endpoint - - secret - - targetBucket - type: object - type: - description: Type is an enum of supported types - type: string - required: - - type - type: object - status: - description: Most recently observed status of the noobaa BackingStore. - properties: - conditions: - description: Conditions is a list of conditions related to operator - reconciliation - items: - description: Condition represents the state of the operator's reconciliation - functionality. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: ConditionType is the state of the operator's reconciliation - functionality. - type: string - required: - - status - - type - type: object - type: array - mode: - description: Mode specifies the updating mode of a BackingStore - properties: - modeCode: - description: ModeCode specifies the updated mode of backingstore - type: string - timeStamp: - description: TimeStamp specifies the update time of backingstore - new mode - type: string - type: object - phase: - description: Phase is a simple, high-level summary of where the backing - store is in its lifecycle - type: string - relatedObjects: - description: RelatedObjects is a list of objects related to this operator. - items: - description: 'ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. - Invalid usage help. It is impossible to add specific help for - individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual - struct is irrelevant. 5. We cannot easily change it. Because - this type is embedded in many locations, updates to this type will - affect numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: backingstores.noobaa.io +spec: + group: noobaa.io + names: + kind: BackingStore + listKind: BackingStoreList + plural: backingstores + singular: backingstore + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Type + jsonPath: .spec.type + name: Type + type: string + - description: Phase + jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BackingStore is the Schema for the backingstores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of the noobaa BackingStore. + properties: + awsS3: + description: AWSS3Spec specifies a backing store of type aws-s3 + properties: + region: + description: Region is the AWS region + type: string + secret: + description: Secret refers to a secret that provides the credentials + The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + sslDisabled: + description: SSLDisabled allows to disable SSL and use plain http + type: boolean + targetBucket: + description: TargetBucket is the name of the target S3 bucket + type: string + required: + - secret + - targetBucket + type: object + azureBlob: + description: AzureBlob specifies a backing store of type azure-blob + properties: + secret: + description: Secret refers to a secret that provides the credentials + The secret should define AccountName and AccountKey as provided + by Azure Blob. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + targetBlobContainer: + description: TargetBlobContainer is the name of the target Azure + Blob container + type: string + required: + - secret + - targetBlobContainer + type: object + googleCloudStorage: + description: GoogleCloudStorage specifies a backing store of type + google-cloud-storage + properties: + secret: + description: Secret refers to a secret that provides the credentials + The secret should define GoogleServiceAccountPrivateKeyJson + containing the entire json string as provided by Google. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + targetBucket: + description: TargetBucket is the name of the target S3 bucket + type: string + required: + - secret + - targetBucket + type: object + ibmCos: + description: IBMCos specifies a backing store of type ibm-cos + properties: + endpoint: + description: 'Endpoint is the IBM COS compatible endpoint: http(s)://host:port' + type: string + secret: + description: Secret refers to a secret that provides the credentials + The secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + signatureVersion: + description: SignatureVersion specifies the client signature version + to use when signing requests. + type: string + targetBucket: + description: TargetBucket is the name of the target IBM COS bucket + type: string + required: + - endpoint + - secret + - targetBucket + type: object + pvPool: + description: PVPool specifies a backing store of type pv-pool + properties: + numVolumes: + description: NumVolumes is the number of volumes to allocate + type: integer + resources: + description: VolumeResources represents the minimum resources + each volume should have. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + secret: + description: Secret refers to a secret that provides the agent + configuration The secret should define AGENT_CONFIG containing + agent_configuration from noobaa-core. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + storageClass: + description: StorageClass is the name of the storage class to + use for the PV's + type: string + required: + - numVolumes + type: object + s3Compatible: + description: S3Compatible specifies a backing store of type s3-compatible + properties: + endpoint: + description: 'Endpoint is the S3 compatible endpoint: http(s)://host:port' + type: string + secret: + description: Secret refers to a secret that provides the credentials + The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + signatureVersion: + description: SignatureVersion specifies the client signature version + to use when signing requests. + type: string + targetBucket: + description: TargetBucket is the name of the target S3 bucket + type: string + required: + - endpoint + - secret + - targetBucket + type: object + type: + description: Type is an enum of supported types + type: string + required: + - type + type: object + status: + description: Most recently observed status of the noobaa BackingStore. + properties: + conditions: + description: Conditions is a list of conditions related to operator + reconciliation + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + mode: + description: Mode specifies the updating mode of a BackingStore + properties: + modeCode: + description: ModeCode specifies the updated mode of backingstore + type: string + timeStamp: + description: TimeStamp specifies the update time of backingstore + new mode + type: string + type: object + phase: + description: Phase is a simple, high-level summary of where the backing + store is in its lifecycle + type: string + relatedObjects: + description: RelatedObjects is a list of objects related to this operator. + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular restrictions + like, "must refer only to types A and B" or "UID not honored" + or "name must be restricted". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type will + affect numerous schemas. Don''t make new APIs embed an underspecified + API type they do not control. Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/.disabled/.noobaa/noobaa.io_bucketclasses_crd.yaml b/.disabled/.noobaa/noobaa.io_bucketclasses_crd.yaml index ebd67908..7630e67e 100644 --- a/.disabled/.noobaa/noobaa.io_bucketclasses_crd.yaml +++ b/.disabled/.noobaa/noobaa.io_bucketclasses_crd.yaml @@ -1,236 +1,236 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bucketclasses.noobaa.io -spec: - group: noobaa.io - names: - kind: BucketClass - listKind: BucketClassList - plural: bucketclasses - singular: bucketclass - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Placement - jsonPath: .spec.placementPolicy - name: Placement - type: string - - description: NamespacePolicy - jsonPath: .spec.namespacePolicy - name: NamespacePolicy - type: string - - description: Phase - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: BucketClass is the Schema for the bucketclasses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of the desired behavior of the noobaa BucketClass. - properties: - namespacePolicy: - description: NamespacePolicy specifies the namespace policy for the - bucket class - properties: - cache: - description: Cache is a namespace policy configuration of type - Cache - properties: - caching: - description: Caching is the cache specification for the ns - policy - properties: - prefix: - description: Prefix is prefix of the future cached data - type: string - ttl: - description: TTL specifies the cache ttl - type: integer - type: object - hubResource: - description: HubResource is the read and write resource name - to use - type: string - type: object - multi: - description: Multi is a namespace policy configuration of type - Multi - properties: - readResources: - description: ReadResources is an ordered list of read resources - names to use - items: - type: string - type: array - writeResource: - description: WriteResource is the write resource name to use - type: string - type: object - single: - description: Single is a namespace policy configuration of type - Single - properties: - resource: - description: Resource is the read and write resource name - to use - type: string - type: object - type: - description: Type is the namespace policy type - type: string - type: object - placementPolicy: - description: PlacementPolicy specifies the placement policy for the - bucket class - properties: - tiers: - description: Tiers is an ordered list of tiers to use. The model - is a waterfall - push to first tier by default, and when no - more space spill "cold" storage to next tier. - items: - description: Tier specifies a storage tier - properties: - backingStores: - description: BackingStores is an unordered list of backing - store names. The meaning of the list depends on the placement. - items: - type: string - type: array - placement: - description: Placement specifies the type of placement for - the tier If empty it should have a single backing store. - enum: - - Spread - - Mirror - type: string - type: object - type: array - type: object - type: object - status: - description: Most recently observed status of the noobaa BackingStore. - properties: - conditions: - description: Conditions is a list of conditions related to operator - reconciliation - items: - description: Condition represents the state of the operator's reconciliation - functionality. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: ConditionType is the state of the operator's reconciliation - functionality. - type: string - required: - - status - - type - type: object - type: array - mode: - description: Mode is a simple, high-level summary of where the System - is in its lifecycle - type: string - phase: - description: Phase is a simple, high-level summary of where the System - is in its lifecycle - type: string - relatedObjects: - description: RelatedObjects is a list of objects related to this operator. - items: - description: 'ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. - Invalid usage help. It is impossible to add specific help for - individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual - struct is irrelevant. 5. We cannot easily change it. Because - this type is embedded in many locations, updates to this type will - affect numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bucketclasses.noobaa.io +spec: + group: noobaa.io + names: + kind: BucketClass + listKind: BucketClassList + plural: bucketclasses + singular: bucketclass + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Placement + jsonPath: .spec.placementPolicy + name: Placement + type: string + - description: NamespacePolicy + jsonPath: .spec.namespacePolicy + name: NamespacePolicy + type: string + - description: Phase + jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BucketClass is the Schema for the bucketclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of the noobaa BucketClass. + properties: + namespacePolicy: + description: NamespacePolicy specifies the namespace policy for the + bucket class + properties: + cache: + description: Cache is a namespace policy configuration of type + Cache + properties: + caching: + description: Caching is the cache specification for the ns + policy + properties: + prefix: + description: Prefix is prefix of the future cached data + type: string + ttl: + description: TTL specifies the cache ttl + type: integer + type: object + hubResource: + description: HubResource is the read and write resource name + to use + type: string + type: object + multi: + description: Multi is a namespace policy configuration of type + Multi + properties: + readResources: + description: ReadResources is an ordered list of read resources + names to use + items: + type: string + type: array + writeResource: + description: WriteResource is the write resource name to use + type: string + type: object + single: + description: Single is a namespace policy configuration of type + Single + properties: + resource: + description: Resource is the read and write resource name + to use + type: string + type: object + type: + description: Type is the namespace policy type + type: string + type: object + placementPolicy: + description: PlacementPolicy specifies the placement policy for the + bucket class + properties: + tiers: + description: Tiers is an ordered list of tiers to use. The model + is a waterfall - push to first tier by default, and when no + more space spill "cold" storage to next tier. + items: + description: Tier specifies a storage tier + properties: + backingStores: + description: BackingStores is an unordered list of backing + store names. The meaning of the list depends on the placement. + items: + type: string + type: array + placement: + description: Placement specifies the type of placement for + the tier If empty it should have a single backing store. + enum: + - Spread + - Mirror + type: string + type: object + type: array + type: object + type: object + status: + description: Most recently observed status of the noobaa BackingStore. + properties: + conditions: + description: Conditions is a list of conditions related to operator + reconciliation + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + mode: + description: Mode is a simple, high-level summary of where the System + is in its lifecycle + type: string + phase: + description: Phase is a simple, high-level summary of where the System + is in its lifecycle + type: string + relatedObjects: + description: RelatedObjects is a list of objects related to this operator. + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular restrictions + like, "must refer only to types A and B" or "UID not honored" + or "name must be restricted". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type will + affect numerous schemas. Don''t make new APIs embed an underspecified + API type they do not control. Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/.disabled/.noobaa/noobaa.io_namespacestores_crd.yaml b/.disabled/.noobaa/noobaa.io_namespacestores_crd.yaml index 9499168f..fdd6ea21 100644 --- a/.disabled/.noobaa/noobaa.io_namespacestores_crd.yaml +++ b/.disabled/.noobaa/noobaa.io_namespacestores_crd.yaml @@ -1,282 +1,282 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: namespacestores.noobaa.io -spec: - group: noobaa.io - names: - kind: NamespaceStore - listKind: NamespaceStoreList - plural: namespacestores - singular: namespacestore - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Type - jsonPath: .spec.type - name: Type - type: string - - description: Phase - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: NamespaceStore is the Schema for the namespacestores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of the desired behavior of the noobaa NamespaceStore. - properties: - awsS3: - description: AWSS3Spec specifies a namespace store of type aws-s3 - properties: - region: - description: Region is the AWS region - type: string - secret: - description: Secret refers to a secret that provides the credentials - The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - sslDisabled: - description: SSLDisabled allows to disable SSL and use plain http - type: boolean - targetBucket: - description: TargetBucket is the name of the target S3 bucket - type: string - required: - - secret - - targetBucket - type: object - azureBlob: - description: AzureBlob specifies a namespace store of type azure-blob - properties: - secret: - description: Secret refers to a secret that provides the credentials - The secret should define AccountName and AccountKey as provided - by Azure Blob. - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - targetBlobContainer: - description: TargetBlobContainer is the name of the target Azure - Blob container - type: string - required: - - secret - - targetBlobContainer - type: object - ibmCos: - description: IBMCos specifies a namespace store of type ibm-cos - properties: - endpoint: - description: 'Endpoint is the IBM COS compatible endpoint: http(s)://host:port' - type: string - secret: - description: Secret refers to a secret that provides the credentials - The secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - signatureVersion: - description: SignatureVersion specifies the client signature version - to use when signing requests. - type: string - targetBucket: - description: TargetBucket is the name of the target IBM COS bucket - type: string - required: - - endpoint - - secret - - targetBucket - type: object - s3Compatible: - description: S3Compatible specifies a namespace store of type s3-compatible - properties: - endpoint: - description: 'Endpoint is the S3 compatible endpoint: http(s)://host:port' - type: string - secret: - description: Secret refers to a secret that provides the credentials - The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - signatureVersion: - description: SignatureVersion specifies the client signature version - to use when signing requests. - type: string - targetBucket: - description: TargetBucket is the name of the target S3 bucket - type: string - required: - - endpoint - - secret - - targetBucket - type: object - type: - description: Type is an enum of supported types - type: string - required: - - type - type: object - status: - description: Most recently observed status of the noobaa NamespaceStore. - properties: - conditions: - description: Conditions is a list of conditions related to operator - reconciliation - items: - description: Condition represents the state of the operator's reconciliation - functionality. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: ConditionType is the state of the operator's reconciliation - functionality. - type: string - required: - - status - - type - type: object - type: array - mode: - description: Mode specifies the updating mode of a NamespaceStore - properties: - modeCode: - description: ModeCode specifies the updated mode of namespacestore - type: string - timeStamp: - description: TimeStamp specifies the update time of namespacestore - new mode - type: string - type: object - phase: - description: Phase is a simple, high-level summary of where the namespace - store is in its lifecycle - type: string - relatedObjects: - description: RelatedObjects is a list of objects related to this operator. - items: - description: 'ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. - Invalid usage help. It is impossible to add specific help for - individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual - struct is irrelevant. 5. We cannot easily change it. Because - this type is embedded in many locations, updates to this type will - affect numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: namespacestores.noobaa.io +spec: + group: noobaa.io + names: + kind: NamespaceStore + listKind: NamespaceStoreList + plural: namespacestores + singular: namespacestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Type + jsonPath: .spec.type + name: Type + type: string + - description: Phase + jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NamespaceStore is the Schema for the namespacestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of the noobaa NamespaceStore. + properties: + awsS3: + description: AWSS3Spec specifies a namespace store of type aws-s3 + properties: + region: + description: Region is the AWS region + type: string + secret: + description: Secret refers to a secret that provides the credentials + The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + sslDisabled: + description: SSLDisabled allows to disable SSL and use plain http + type: boolean + targetBucket: + description: TargetBucket is the name of the target S3 bucket + type: string + required: + - secret + - targetBucket + type: object + azureBlob: + description: AzureBlob specifies a namespace store of type azure-blob + properties: + secret: + description: Secret refers to a secret that provides the credentials + The secret should define AccountName and AccountKey as provided + by Azure Blob. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + targetBlobContainer: + description: TargetBlobContainer is the name of the target Azure + Blob container + type: string + required: + - secret + - targetBlobContainer + type: object + ibmCos: + description: IBMCos specifies a namespace store of type ibm-cos + properties: + endpoint: + description: 'Endpoint is the IBM COS compatible endpoint: http(s)://host:port' + type: string + secret: + description: Secret refers to a secret that provides the credentials + The secret should define IBM_COS_ACCESS_KEY_ID and IBM_COS_SECRET_ACCESS_KEY + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + signatureVersion: + description: SignatureVersion specifies the client signature version + to use when signing requests. + type: string + targetBucket: + description: TargetBucket is the name of the target IBM COS bucket + type: string + required: + - endpoint + - secret + - targetBucket + type: object + s3Compatible: + description: S3Compatible specifies a namespace store of type s3-compatible + properties: + endpoint: + description: 'Endpoint is the S3 compatible endpoint: http(s)://host:port' + type: string + secret: + description: Secret refers to a secret that provides the credentials + The secret should define AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + signatureVersion: + description: SignatureVersion specifies the client signature version + to use when signing requests. + type: string + targetBucket: + description: TargetBucket is the name of the target S3 bucket + type: string + required: + - endpoint + - secret + - targetBucket + type: object + type: + description: Type is an enum of supported types + type: string + required: + - type + type: object + status: + description: Most recently observed status of the noobaa NamespaceStore. + properties: + conditions: + description: Conditions is a list of conditions related to operator + reconciliation + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + mode: + description: Mode specifies the updating mode of a NamespaceStore + properties: + modeCode: + description: ModeCode specifies the updated mode of namespacestore + type: string + timeStamp: + description: TimeStamp specifies the update time of namespacestore + new mode + type: string + type: object + phase: + description: Phase is a simple, high-level summary of where the namespace + store is in its lifecycle + type: string + relatedObjects: + description: RelatedObjects is a list of objects related to this operator. + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular restrictions + like, "must refer only to types A and B" or "UID not honored" + or "name must be restricted". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type will + affect numerous schemas. Don''t make new APIs embed an underspecified + API type they do not control. Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/.disabled/.noobaa/noobaa.io_noobaas_crd.yaml b/.disabled/.noobaa/noobaa.io_noobaas_crd.yaml index 7e06d0c8..3e675021 100644 --- a/.disabled/.noobaa/noobaa.io_noobaas_crd.yaml +++ b/.disabled/.noobaa/noobaa.io_noobaas_crd.yaml @@ -1,1176 +1,1176 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: noobaas.noobaa.io -spec: - group: noobaa.io - names: - kind: NooBaa - listKind: NooBaaList - plural: noobaas - shortNames: - - nb - singular: noobaa - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Management Endpoints - jsonPath: .status.services.serviceMgmt.nodePorts - name: Mgmt-Endpoints - type: string - - description: S3 Endpoints - jsonPath: .status.services.serviceS3.nodePorts - name: S3-Endpoints - type: string - - description: Actual Image - jsonPath: .status.actualImage - name: Image - type: string - - description: Phase - jsonPath: .status.phase - name: Phase - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: NooBaa is the Schema for the NooBaas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of the desired behavior of the noobaa system. - properties: - affinity: - description: Affinity (optional) passed through to noobaa's pods - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - cleanupPolicy: - description: CleanupPolicy (optional) Indicates user's policy for - deletion - properties: - confirmation: - description: CleanupConfirmationProperty is a string that specifies - cleanup confirmation - type: string - type: object - coreResources: - description: CoreResources (optional) overrides the default resource - requirements for the server container - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - dbImage: - description: DBImage (optional) overrides the default image for the - db container - type: string - dbResources: - description: DBResources (optional) overrides the default resource - requirements for the db container - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - dbStorageClass: - description: DBStorageClass (optional) overrides the default cluster - StorageClass for the database volume. For the time being this field - is immutable and can only be set on system creation. This affects - where the system stores its database which contains system config, - buckets, objects meta-data and mapping file parts to storage locations. - type: string - dbType: - description: DBType (optional) overrides the default type image for - the db container - enum: - - mongodb - - postgres - type: string - dbVolumeResources: - description: 'DBVolumeResources (optional) overrides the default PVC - resource requirements for the database volume. For the time being - this field is immutable and can only be set on system creation. - This is because volume size updates are only supported for increasing - the size, and only if the storage class specifies `allowVolumeExpansion: - true`,' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - endpoints: - description: Endpoints (optional) sets configuration info for the - noobaa endpoint deployment. - properties: - additionalVirtualHosts: - description: 'AdditionalVirtualHosts (optional) provide a list - of additional hostnames (on top of the builtin names defined - by the cluster: service name, elb name, route name) to be used - as virtual hosts by the the endpoints in the endpoint deployment' - items: - type: string - type: array - maxCount: - description: MaxCount, the number of endpoint instances (pods) - to be used as the upper bound when autoscaling - format: int32 - type: integer - minCount: - description: MinCount, the number of endpoint instances (pods) - to be used as the lower bound when autoscaling - format: int32 - type: integer - resources: - description: Resources (optional) overrides the default resource - requirements for every endpoint pod - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - type: object - image: - description: Image (optional) overrides the default image for the - server container - type: string - imagePullSecret: - description: ImagePullSecret (optional) sets a pull secret for the - system image - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - joinSecret: - description: JoinSecret (optional) instructs the operator to join - another cluster and point to a secret that holds the join information - properties: - name: - description: Name is unique within a namespace to reference a - secret resource. - type: string - namespace: - description: Namespace defines the space within which the secret - name must be unique. - type: string - type: object - pvPoolDefaultStorageClass: - description: PVPoolDefaultStorageClass (optional) overrides the default - cluster StorageClass for the pv-pool volumes. This affects where - the system stores data chunks (encrypted). Updates to this field - will only affect new pv-pools, but updates to existing pools are - not supported by the operator. - type: string - region: - description: Region (optional) provide a region for the location info - of the endpoints in the endpoint deployment - type: string - security: - description: Security represents security settings - properties: - kms: - description: KeyManagementServiceSpec represent various details - of the KMS server - properties: - connectionDetails: - additionalProperties: - type: string - type: object - tokenSecretName: - type: string - type: object - type: object - tolerations: - description: Tolerations (optional) passed through to noobaa's pods - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - status: - description: Most recently observed status of the noobaa system. - properties: - accounts: - description: Accounts reports accounts info for the admin account - properties: - admin: - description: UserStatus is the status info of a user secret - properties: - secretRef: - description: SecretReference represents a Secret Reference. - It has enough information to retrieve secret in any namespace - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which - the secret name must be unique. - type: string - type: object - required: - - secretRef - type: object - required: - - admin - type: object - actualImage: - description: ActualImage is set to report which image the operator - is using - type: string - conditions: - description: Conditions is a list of conditions related to operator - reconciliation - items: - description: Condition represents the state of the operator's reconciliation - functionality. - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - description: ConditionType is the state of the operator's reconciliation - functionality. - type: string - required: - - status - - type - type: object - type: array - endpoints: - description: Endpoints reports the actual number of endpoints in the - endpoint deployment and the virtual hosts list used recognized by - the endpoints - properties: - readyCount: - format: int32 - type: integer - virtualHosts: - items: - type: string - type: array - required: - - readyCount - - virtualHosts - type: object - observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this noobaa system. It corresponds to the CR generation, which - is updated on mutation by the API Server. - format: int64 - type: integer - phase: - description: Phase is a simple, high-level summary of where the System - is in its lifecycle - type: string - readme: - description: Readme is a user readable string with explanations on - the system - type: string - relatedObjects: - description: RelatedObjects is a list of objects related to this operator. - items: - description: 'ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. - Invalid usage help. It is impossible to add specific help for - individual usage. In most embedded usages, there are particular restrictions - like, "must refer only to types A and B" or "UID not honored" - or "name must be restricted". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual - struct is irrelevant. 5. We cannot easily change it. Because - this type is embedded in many locations, updates to this type will - affect numerous schemas. Don''t make new APIs embed an underspecified - API type they do not control. Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - .' - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - type: array - services: - description: Services reports addresses for the services - properties: - serviceMgmt: - description: ServiceStatus is the status info and network addresses - of a service - properties: - externalDNS: - description: ExternalDNS are external public addresses for - the service - items: - type: string - type: array - externalIP: - description: ExternalIP are external public addresses for - the service LoadBalancerPorts such as AWS ELB provide public - address and load balancing for the service IngressPorts - are manually created public addresses for the service https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - https://kubernetes.io/docs/concepts/services-networking/ingress/ - items: - type: string - type: array - internalDNS: - description: InternalDNS are internal addresses of the service - inside the cluster - items: - type: string - type: array - internalIP: - description: InternalIP are internal addresses of the service - inside the cluster https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - items: - type: string - type: array - nodePorts: - description: NodePorts are the most basic network available. - NodePorts use the networks available on the hosts of kubernetes - nodes. This generally works from within a pod, and from - the internal network of the nodes, but may fail from public - network. https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - items: - type: string - type: array - podPorts: - description: 'PodPorts are the second most basic network address. - Every pod has an IP in the cluster and the pods network - is a mesh so the operator running inside a pod in the cluster - can use this address. Note: pod IPs are not guaranteed to - persist over restarts, so should be rediscovered. Note2: - when running the operator outside of the cluster, pod IP - is not accessible.' - items: - type: string - type: array - type: object - serviceS3: - description: ServiceStatus is the status info and network addresses - of a service - properties: - externalDNS: - description: ExternalDNS are external public addresses for - the service - items: - type: string - type: array - externalIP: - description: ExternalIP are external public addresses for - the service LoadBalancerPorts such as AWS ELB provide public - address and load balancing for the service IngressPorts - are manually created public addresses for the service https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - https://kubernetes.io/docs/concepts/services-networking/ingress/ - items: - type: string - type: array - internalDNS: - description: InternalDNS are internal addresses of the service - inside the cluster - items: - type: string - type: array - internalIP: - description: InternalIP are internal addresses of the service - inside the cluster https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - items: - type: string - type: array - nodePorts: - description: NodePorts are the most basic network available. - NodePorts use the networks available on the hosts of kubernetes - nodes. This generally works from within a pod, and from - the internal network of the nodes, but may fail from public - network. https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - items: - type: string - type: array - podPorts: - description: 'PodPorts are the second most basic network address. - Every pod has an IP in the cluster and the pods network - is a mesh so the operator running inside a pod in the cluster - can use this address. Note: pod IPs are not guaranteed to - persist over restarts, so should be rediscovered. Note2: - when running the operator outside of the cluster, pod IP - is not accessible.' - items: - type: string - type: array - type: object - required: - - serviceMgmt - - serviceS3 - type: object - upgradePhase: - description: Upgrade reports the status of the ongoing upgrade process - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: noobaas.noobaa.io +spec: + group: noobaa.io + names: + kind: NooBaa + listKind: NooBaaList + plural: noobaas + shortNames: + - nb + singular: noobaa + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Management Endpoints + jsonPath: .status.services.serviceMgmt.nodePorts + name: Mgmt-Endpoints + type: string + - description: S3 Endpoints + jsonPath: .status.services.serviceS3.nodePorts + name: S3-Endpoints + type: string + - description: Actual Image + jsonPath: .status.actualImage + name: Image + type: string + - description: Phase + jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NooBaa is the Schema for the NooBaas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of the noobaa system. + properties: + affinity: + description: Affinity (optional) passed through to noobaa's pods + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + cleanupPolicy: + description: CleanupPolicy (optional) Indicates user's policy for + deletion + properties: + confirmation: + description: CleanupConfirmationProperty is a string that specifies + cleanup confirmation + type: string + type: object + coreResources: + description: CoreResources (optional) overrides the default resource + requirements for the server container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + dbImage: + description: DBImage (optional) overrides the default image for the + db container + type: string + dbResources: + description: DBResources (optional) overrides the default resource + requirements for the db container + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + dbStorageClass: + description: DBStorageClass (optional) overrides the default cluster + StorageClass for the database volume. For the time being this field + is immutable and can only be set on system creation. This affects + where the system stores its database which contains system config, + buckets, objects meta-data and mapping file parts to storage locations. + type: string + dbType: + description: DBType (optional) overrides the default type image for + the db container + enum: + - mongodb + - postgres + type: string + dbVolumeResources: + description: 'DBVolumeResources (optional) overrides the default PVC + resource requirements for the database volume. For the time being + this field is immutable and can only be set on system creation. + This is because volume size updates are only supported for increasing + the size, and only if the storage class specifies `allowVolumeExpansion: + true`,' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + endpoints: + description: Endpoints (optional) sets configuration info for the + noobaa endpoint deployment. + properties: + additionalVirtualHosts: + description: 'AdditionalVirtualHosts (optional) provide a list + of additional hostnames (on top of the builtin names defined + by the cluster: service name, elb name, route name) to be used + as virtual hosts by the the endpoints in the endpoint deployment' + items: + type: string + type: array + maxCount: + description: MaxCount, the number of endpoint instances (pods) + to be used as the upper bound when autoscaling + format: int32 + type: integer + minCount: + description: MinCount, the number of endpoint instances (pods) + to be used as the lower bound when autoscaling + format: int32 + type: integer + resources: + description: Resources (optional) overrides the default resource + requirements for every endpoint pod + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + type: object + image: + description: Image (optional) overrides the default image for the + server container + type: string + imagePullSecret: + description: ImagePullSecret (optional) sets a pull secret for the + system image + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + joinSecret: + description: JoinSecret (optional) instructs the operator to join + another cluster and point to a secret that holds the join information + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + pvPoolDefaultStorageClass: + description: PVPoolDefaultStorageClass (optional) overrides the default + cluster StorageClass for the pv-pool volumes. This affects where + the system stores data chunks (encrypted). Updates to this field + will only affect new pv-pools, but updates to existing pools are + not supported by the operator. + type: string + region: + description: Region (optional) provide a region for the location info + of the endpoints in the endpoint deployment + type: string + security: + description: Security represents security settings + properties: + kms: + description: KeyManagementServiceSpec represent various details + of the KMS server + properties: + connectionDetails: + additionalProperties: + type: string + type: object + tokenSecretName: + type: string + type: object + type: object + tolerations: + description: Tolerations (optional) passed through to noobaa's pods + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: Most recently observed status of the noobaa system. + properties: + accounts: + description: Accounts reports accounts info for the admin account + properties: + admin: + description: UserStatus is the status info of a user secret + properties: + secretRef: + description: SecretReference represents a Secret Reference. + It has enough information to retrieve secret in any namespace + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + required: + - secretRef + type: object + required: + - admin + type: object + actualImage: + description: ActualImage is set to report which image the operator + is using + type: string + conditions: + description: Conditions is a list of conditions related to operator + reconciliation + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + endpoints: + description: Endpoints reports the actual number of endpoints in the + endpoint deployment and the virtual hosts list used recognized by + the endpoints + properties: + readyCount: + format: int32 + type: integer + virtualHosts: + items: + type: string + type: array + required: + - readyCount + - virtualHosts + type: object + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this noobaa system. It corresponds to the CR generation, which + is updated on mutation by the API Server. + format: int64 + type: integer + phase: + description: Phase is a simple, high-level summary of where the System + is in its lifecycle + type: string + readme: + description: Readme is a user readable string with explanations on + the system + type: string + relatedObjects: + description: RelatedObjects is a list of objects related to this operator. + items: + description: 'ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. + Invalid usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are particular restrictions + like, "must refer only to types A and B" or "UID not honored" + or "name must be restricted". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type will + affect numerous schemas. Don''t make new APIs embed an underspecified + API type they do not control. Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + services: + description: Services reports addresses for the services + properties: + serviceMgmt: + description: ServiceStatus is the status info and network addresses + of a service + properties: + externalDNS: + description: ExternalDNS are external public addresses for + the service + items: + type: string + type: array + externalIP: + description: ExternalIP are external public addresses for + the service LoadBalancerPorts such as AWS ELB provide public + address and load balancing for the service IngressPorts + are manually created public addresses for the service https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + https://kubernetes.io/docs/concepts/services-networking/ingress/ + items: + type: string + type: array + internalDNS: + description: InternalDNS are internal addresses of the service + inside the cluster + items: + type: string + type: array + internalIP: + description: InternalIP are internal addresses of the service + inside the cluster https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + items: + type: string + type: array + nodePorts: + description: NodePorts are the most basic network available. + NodePorts use the networks available on the hosts of kubernetes + nodes. This generally works from within a pod, and from + the internal network of the nodes, but may fail from public + network. https://kubernetes.io/docs/concepts/services-networking/service/#nodeport + items: + type: string + type: array + podPorts: + description: 'PodPorts are the second most basic network address. + Every pod has an IP in the cluster and the pods network + is a mesh so the operator running inside a pod in the cluster + can use this address. Note: pod IPs are not guaranteed to + persist over restarts, so should be rediscovered. Note2: + when running the operator outside of the cluster, pod IP + is not accessible.' + items: + type: string + type: array + type: object + serviceS3: + description: ServiceStatus is the status info and network addresses + of a service + properties: + externalDNS: + description: ExternalDNS are external public addresses for + the service + items: + type: string + type: array + externalIP: + description: ExternalIP are external public addresses for + the service LoadBalancerPorts such as AWS ELB provide public + address and load balancing for the service IngressPorts + are manually created public addresses for the service https://kubernetes.io/docs/concepts/services-networking/service/#external-ips + https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + https://kubernetes.io/docs/concepts/services-networking/ingress/ + items: + type: string + type: array + internalDNS: + description: InternalDNS are internal addresses of the service + inside the cluster + items: + type: string + type: array + internalIP: + description: InternalIP are internal addresses of the service + inside the cluster https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + items: + type: string + type: array + nodePorts: + description: NodePorts are the most basic network available. + NodePorts use the networks available on the hosts of kubernetes + nodes. This generally works from within a pod, and from + the internal network of the nodes, but may fail from public + network. https://kubernetes.io/docs/concepts/services-networking/service/#nodeport + items: + type: string + type: array + podPorts: + description: 'PodPorts are the second most basic network address. + Every pod has an IP in the cluster and the pods network + is a mesh so the operator running inside a pod in the cluster + can use this address. Note: pod IPs are not guaranteed to + persist over restarts, so should be rediscovered. Note2: + when running the operator outside of the cluster, pod IP + is not accessible.' + items: + type: string + type: array + type: object + required: + - serviceMgmt + - serviceS3 + type: object + upgradePhase: + description: Upgrade reports the status of the ongoing upgrade process + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/.disabled/.noobaa/noobaa.io_v1alpha1_backingstore_cr.yaml b/.disabled/.noobaa/noobaa.io_v1alpha1_backingstore_cr.yaml index 702093ca..fff3fbc9 100644 --- a/.disabled/.noobaa/noobaa.io_v1alpha1_backingstore_cr.yaml +++ b/.disabled/.noobaa/noobaa.io_v1alpha1_backingstore_cr.yaml @@ -1,5 +1,5 @@ -apiVersion: noobaa.io/v1alpha1 -kind: BackingStore -metadata: - name: default -spec: +apiVersion: noobaa.io/v1alpha1 +kind: BackingStore +metadata: + name: default +spec: diff --git a/.disabled/.noobaa/noobaa.io_v1alpha1_bucketclass_cr.yaml b/.disabled/.noobaa/noobaa.io_v1alpha1_bucketclass_cr.yaml index 550404af..c5d6914e 100644 --- a/.disabled/.noobaa/noobaa.io_v1alpha1_bucketclass_cr.yaml +++ b/.disabled/.noobaa/noobaa.io_v1alpha1_bucketclass_cr.yaml @@ -1,5 +1,5 @@ -apiVersion: noobaa.io/v1alpha1 -kind: BucketClass -metadata: - name: default -spec: +apiVersion: noobaa.io/v1alpha1 +kind: BucketClass +metadata: + name: default +spec: diff --git a/.disabled/.noobaa/noobaa.io_v1alpha1_namespacestore_cr.yaml b/.disabled/.noobaa/noobaa.io_v1alpha1_namespacestore_cr.yaml index 626fe6f2..0c2d7d37 100644 --- a/.disabled/.noobaa/noobaa.io_v1alpha1_namespacestore_cr.yaml +++ b/.disabled/.noobaa/noobaa.io_v1alpha1_namespacestore_cr.yaml @@ -1,5 +1,5 @@ -piVersion: noobaa.io/v1alpha1 -kind: NamespaceStore -metadata: - name: default -spec: +piVersion: noobaa.io/v1alpha1 +kind: NamespaceStore +metadata: + name: default +spec: diff --git a/.disabled/.noobaa/noobaa.io_v1alpha1_noobaa_cr.yaml b/.disabled/.noobaa/noobaa.io_v1alpha1_noobaa_cr.yaml index f04a59fd..6ffb6680 100644 --- a/.disabled/.noobaa/noobaa.io_v1alpha1_noobaa_cr.yaml +++ b/.disabled/.noobaa/noobaa.io_v1alpha1_noobaa_cr.yaml @@ -1,19 +1,19 @@ -apiVersion: noobaa.io/v1alpha1 -kind: NooBaa -metadata: - name: noobaa -spec: - dbStorageClass: ceph-block - pvPoolDefaultStorageClass: cephfs - dbResources: {} - coreResources: - requests: - cpu: 100m - memory: 512Mi - endpoints: - minCount: 1 - maxCount: 3 - resources: - requests: - memory: 256Mi - cpu: 25m +apiVersion: noobaa.io/v1alpha1 +kind: NooBaa +metadata: + name: noobaa +spec: + dbStorageClass: ceph-block + pvPoolDefaultStorageClass: cephfs + dbResources: {} + coreResources: + requests: + cpu: 100m + memory: 512Mi + endpoints: + minCount: 1 + maxCount: 3 + resources: + requests: + memory: 256Mi + cpu: 25m diff --git a/.disabled/.noobaa/operator.yaml b/.disabled/.noobaa/operator.yaml index 4215e8be..9b221bf6 100644 --- a/.disabled/.noobaa/operator.yaml +++ b/.disabled/.noobaa/operator.yaml @@ -1,32 +1,32 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: noobaa-operator -spec: - replicas: 1 - selector: - matchLabels: - noobaa-operator: deployment - template: - metadata: - labels: - app: noobaa - noobaa-operator: deployment - spec: - serviceAccountName: noobaa - containers: - - name: noobaa-operator - image: docker.io/noobaa/noobaa-operator:5.7.0 - resources: - limits: - cpu: "250m" - memory: "512Mi" - env: - - name: OPERATOR_NAME - value: noobaa-operator - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: WATCH_NAMESPACE - value: "" +apiVersion: apps/v1 +kind: Deployment +metadata: + name: noobaa-operator +spec: + replicas: 1 + selector: + matchLabels: + noobaa-operator: deployment + template: + metadata: + labels: + app: noobaa + noobaa-operator: deployment + spec: + serviceAccountName: noobaa + containers: + - name: noobaa-operator + image: docker.io/noobaa/noobaa-operator:5.7.0 + resources: + limits: + cpu: "250m" + memory: "512Mi" + env: + - name: OPERATOR_NAME + value: noobaa-operator + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + value: "" diff --git a/.disabled/.noobaa/role.yaml b/.disabled/.noobaa/role.yaml index a3d3ba41..57ce7749 100644 --- a/.disabled/.noobaa/role.yaml +++ b/.disabled/.noobaa/role.yaml @@ -1,133 +1,133 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: noobaa -rules: -- apiGroups: - - noobaa.io - resources: - - '*' - - noobaas - - backingstores - - bucketclasses - - noobaas/finalizers - - backingstores/finalizers - - bucketclasses/finalizers - verbs: - - '*' -- apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - serviceaccounts - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - - prometheusrules - verbs: - - get - - create - - update - - list - - watch -- apiGroups: - - "" - resources: - - services/finalizers - verbs: - - update -- apiGroups: - - apps - resourceNames: - - noobaa-operator - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - cloudcredential.openshift.io - resources: - - credentialsrequests - verbs: - - get - - create - - update - - list - - watch -- apiGroups: - - ceph.rook.io - resources: - - cephobjectstores - verbs: - - get - - list - - watch -- apiGroups: - - ceph.rook.io - resources: - - cephobjectstoreusers - verbs: - - get - - create - - update - - list - - watch -- apiGroups: - - ceph.rook.io - resources: - - cephclusters - verbs: - - get - - list - - watch -- apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - get - - create - - update - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - create - - update - - patch - - list - - watch -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - create - - update - - patch - - list - - watch - - delete +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: noobaa +rules: +- apiGroups: + - noobaa.io + resources: + - '*' + - noobaas + - backingstores + - bucketclasses + - noobaas/finalizers + - backingstores/finalizers + - bucketclasses/finalizers + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - create + - update + - list + - watch +- apiGroups: + - "" + resources: + - services/finalizers + verbs: + - update +- apiGroups: + - apps + resourceNames: + - noobaa-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - cloudcredential.openshift.io + resources: + - credentialsrequests + verbs: + - get + - create + - update + - list + - watch +- apiGroups: + - ceph.rook.io + resources: + - cephobjectstores + verbs: + - get + - list + - watch +- apiGroups: + - ceph.rook.io + resources: + - cephobjectstoreusers + verbs: + - get + - create + - update + - list + - watch +- apiGroups: + - ceph.rook.io + resources: + - cephclusters + verbs: + - get + - list + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - create + - update + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - create + - update + - patch + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - create + - update + - patch + - list + - watch + - delete diff --git a/.disabled/.noobaa/role_binding.yaml b/.disabled/.noobaa/role_binding.yaml index e17b6160..f239aad5 100644 --- a/.disabled/.noobaa/role_binding.yaml +++ b/.disabled/.noobaa/role_binding.yaml @@ -1,11 +1,11 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: noobaa -subjects: - - kind: ServiceAccount - name: noobaa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: noobaa +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: noobaa +subjects: + - kind: ServiceAccount + name: noobaa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: noobaa diff --git a/.disabled/.noobaa/service_account.yaml b/.disabled/.noobaa/service_account.yaml index 9c849aa7..a9bab841 100644 --- a/.disabled/.noobaa/service_account.yaml +++ b/.disabled/.noobaa/service_account.yaml @@ -1,6 +1,6 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: noobaa - annotations: - serviceaccounts.openshift.io/oauth-redirectreference.noobaa-mgmt: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"noobaa-mgmt"}}' +apiVersion: v1 +kind: ServiceAccount +metadata: + name: noobaa + annotations: + serviceaccounts.openshift.io/oauth-redirectreference.noobaa-mgmt: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"noobaa-mgmt"}}' diff --git a/.disabled/app-operator/appdeployment_editor_role.yaml b/.disabled/app-operator/appdeployment_editor_role.yaml index 62159328..dd4884b6 100644 --- a/.disabled/app-operator/appdeployment_editor_role.yaml +++ b/.disabled/app-operator/appdeployment_editor_role.yaml @@ -1,24 +1,24 @@ -# permissions for end users to edit appdeployments. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: appdeployment-editor-role -rules: -- apiGroups: - - apps.baloise.dev - resources: - - appdeployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps.baloise.dev - resources: - - appdeployments/status - verbs: - - get +# permissions for end users to edit appdeployments. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appdeployment-editor-role +rules: +- apiGroups: + - apps.baloise.dev + resources: + - appdeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.baloise.dev + resources: + - appdeployments/status + verbs: + - get diff --git a/.disabled/app-operator/appdeployment_viewer_role.yaml b/.disabled/app-operator/appdeployment_viewer_role.yaml index 2ce734a1..fddf026d 100644 --- a/.disabled/app-operator/appdeployment_viewer_role.yaml +++ b/.disabled/app-operator/appdeployment_viewer_role.yaml @@ -1,20 +1,20 @@ -# permissions for end users to view appdeployments. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: appdeployment-viewer-role -rules: -- apiGroups: - - apps.baloise.dev - resources: - - appdeployments - verbs: - - get - - list - - watch -- apiGroups: - - apps.baloise.dev - resources: - - appdeployments/status - verbs: - - get +# permissions for end users to view appdeployments. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: appdeployment-viewer-role +rules: +- apiGroups: + - apps.baloise.dev + resources: + - appdeployments + verbs: + - get + - list + - watch +- apiGroups: + - apps.baloise.dev + resources: + - appdeployments/status + verbs: + - get diff --git a/.disabled/app-operator/apps.baloise.dev_appdeployments.yaml b/.disabled/app-operator/apps.baloise.dev_appdeployments.yaml index f40e1c04..1c7127ae 100644 --- a/.disabled/app-operator/apps.baloise.dev_appdeployments.yaml +++ b/.disabled/app-operator/apps.baloise.dev_appdeployments.yaml @@ -1,44 +1,44 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: appdeployments.apps.baloise.dev -spec: - group: apps.baloise.dev - names: - kind: AppDeployment - listKind: AppDeploymentList - plural: appdeployments - singular: appdeployment - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AppDeployment is the Schema for the appdeployments API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of AppDeployment - type: object - x-kubernetes-preserve-unknown-fields: true - status: - description: Status defines the observed state of AppDeployment - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: true - subresources: - status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: appdeployments.apps.baloise.dev +spec: + group: apps.baloise.dev + names: + kind: AppDeployment + listKind: AppDeploymentList + plural: appdeployments + singular: appdeployment + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AppDeployment is the Schema for the appdeployments API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of AppDeployment + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of AppDeployment + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/.disabled/app-operator/auth_proxy_client_clusterrole.yaml b/.disabled/app-operator/auth_proxy_client_clusterrole.yaml index 51a75db4..6982cbed 100644 --- a/.disabled/app-operator/auth_proxy_client_clusterrole.yaml +++ b/.disabled/app-operator/auth_proxy_client_clusterrole.yaml @@ -1,9 +1,9 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/.disabled/app-operator/auth_proxy_role.yaml b/.disabled/app-operator/auth_proxy_role.yaml index 80e1857c..83fb0eac 100644 --- a/.disabled/app-operator/auth_proxy_role.yaml +++ b/.disabled/app-operator/auth_proxy_role.yaml @@ -1,17 +1,17 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/.disabled/app-operator/auth_proxy_role_binding.yaml b/.disabled/app-operator/auth_proxy_role_binding.yaml index 52f0f9d0..c955cbb8 100644 --- a/.disabled/app-operator/auth_proxy_role_binding.yaml +++ b/.disabled/app-operator/auth_proxy_role_binding.yaml @@ -1,12 +1,12 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: app-operator +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: app-operator diff --git a/.disabled/app-operator/auth_proxy_service.yaml b/.disabled/app-operator/auth_proxy_service.yaml index ca47777d..bfd96abe 100644 --- a/.disabled/app-operator/auth_proxy_service.yaml +++ b/.disabled/app-operator/auth_proxy_service.yaml @@ -1,15 +1,15 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: app-operator -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: app-operator +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/.disabled/app-operator/deployment.yaml b/.disabled/app-operator/deployment.yaml index e6133cc3..900799f7 100644 --- a/.disabled/app-operator/deployment.yaml +++ b/.disabled/app-operator/deployment.yaml @@ -1,47 +1,47 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - securityContext: - runAsNonRoot: true - containers: - - args: - - --leader-elect - - --leader-election-id=app-operator - image: niiku/app-operator:v0.1.0 - name: manager - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: '1' - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + securityContext: + runAsNonRoot: true + containers: + - args: + - --leader-elect + - --leader-election-id=app-operator + image: niiku/app-operator:v0.1.0 + name: manager + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: '1' + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/.disabled/app-operator/leader_election_role.yaml b/.disabled/app-operator/leader_election_role.yaml index 4190ec80..48215ed4 100644 --- a/.disabled/app-operator/leader_election_role.yaml +++ b/.disabled/app-operator/leader_election_role.yaml @@ -1,37 +1,37 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/.disabled/app-operator/leader_election_role_binding.yaml b/.disabled/app-operator/leader_election_role_binding.yaml index 67644e53..8c4d1f82 100644 --- a/.disabled/app-operator/leader_election_role_binding.yaml +++ b/.disabled/app-operator/leader_election_role_binding.yaml @@ -1,12 +1,12 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: app-operator +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: app-operator diff --git a/.disabled/app-operator/role.yaml b/.disabled/app-operator/role.yaml index 5abe3e8a..b97594f1 100644 --- a/.disabled/app-operator/role.yaml +++ b/.disabled/app-operator/role.yaml @@ -1,74 +1,74 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: manager-role -rules: -## -## Base operator rules -## -# We need to get namespaces so the operator can read namespaces to ensure they exist -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -# We need to manage Helm release secrets -- apiGroups: - - "" - resources: - - secrets - verbs: - - "*" -# We need to create events on CRs about things happening during reconciliation -- apiGroups: - - "" - resources: - - events - verbs: - - create - -## -## Rules for apps.baloise.dev/v1alpha1, Kind: AppDeployment -## -- apiGroups: - - apps.baloise.dev - resources: - - appdeployments - - appdeployments/status - - appdeployments/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- verbs: - - "*" - apiGroups: - - "" - resources: - - "serviceaccounts" - - "services" -- verbs: - - "*" - apiGroups: - - "apps" - resources: - - "deployments" -- apiGroups: - - "route.openshift.io" - resources: - - "routes" - verbs: - - "*" -- verbs: - - "*" - apiGroups: - - route.openshift.io - resources: - - routes/custom-host - -#+kubebuilder:scaffold:rules +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +## +## Base operator rules +## +# We need to get namespaces so the operator can read namespaces to ensure they exist +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +# We need to manage Helm release secrets +- apiGroups: + - "" + resources: + - secrets + verbs: + - "*" +# We need to create events on CRs about things happening during reconciliation +- apiGroups: + - "" + resources: + - events + verbs: + - create + +## +## Rules for apps.baloise.dev/v1alpha1, Kind: AppDeployment +## +- apiGroups: + - apps.baloise.dev + resources: + - appdeployments + - appdeployments/status + - appdeployments/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- verbs: + - "*" + apiGroups: + - "" + resources: + - "serviceaccounts" + - "services" +- verbs: + - "*" + apiGroups: + - "apps" + resources: + - "deployments" +- apiGroups: + - "route.openshift.io" + resources: + - "routes" + verbs: + - "*" +- verbs: + - "*" + apiGroups: + - route.openshift.io + resources: + - routes/custom-host + +#+kubebuilder:scaffold:rules diff --git a/.disabled/app-operator/role_binding.yaml b/.disabled/app-operator/role_binding.yaml index a8a2631b..03878e39 100644 --- a/.disabled/app-operator/role_binding.yaml +++ b/.disabled/app-operator/role_binding.yaml @@ -1,12 +1,12 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: app-operator +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: app-operator diff --git a/.disabled/app-operator/service_account.yaml b/.disabled/app-operator/service_account.yaml index 54c48c0d..adb2674d 100644 --- a/.disabled/app-operator/service_account.yaml +++ b/.disabled/app-operator/service_account.yaml @@ -1,5 +1,5 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - namespace: app-operator +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: app-operator diff --git a/.disabled/argo-events/kustomization.yaml b/.disabled/argo-events/kustomization.yaml index b5f87920..9e234910 100644 --- a/.disabled/argo-events/kustomization.yaml +++ b/.disabled/argo-events/kustomization.yaml @@ -1,31 +1,31 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -patches: - - target: - kind: Deployment - name: eventbus-controller - patch: |- - - op: remove - path: /spec/template/spec/securityContext - - target: - kind: Deployment - name: eventsource-controller - patch: |- - - op: remove - path: /spec/template/spec/securityContext - - target: - kind: Deployment - name: sensor-controller - patch: |- - - op: remove - path: /spec/template/spec/securityContext - - target: - kind: Deployment - name: controller-manager - patch: |- - - op: remove - path: /spec/template/spec/securityContext -bases: - - github.com/argoproj/argo-events/manifests/cluster-install?ref=v1.7.3 -resources: [] +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +patches: + - target: + kind: Deployment + name: eventbus-controller + patch: |- + - op: remove + path: /spec/template/spec/securityContext + - target: + kind: Deployment + name: eventsource-controller + patch: |- + - op: remove + path: /spec/template/spec/securityContext + - target: + kind: Deployment + name: sensor-controller + patch: |- + - op: remove + path: /spec/template/spec/securityContext + - target: + kind: Deployment + name: controller-manager + patch: |- + - op: remove + path: /spec/template/spec/securityContext +bases: + - github.com/argoproj/argo-events/manifests/cluster-install?ref=v1.7.3 +resources: [] diff --git a/.disabled/argo-workflows/README.md b/.disabled/argo-workflows/README.md index 8440671d..a9c7d2ce 100644 --- a/.disabled/argo-workflows/README.md +++ b/.disabled/argo-workflows/README.md @@ -1,5 +1,5 @@ -# Argo Workflow Setup - -Provides central argo-workflow-controller to be used by argo-workflows, argo-workflow-templates. - +# Argo Workflow Setup + +Provides central argo-workflow-controller to be used by argo-workflows, argo-workflow-templates. + See some examples made and documented by [https://github.com/Baloise-CodeCamp-2022/flux-de-travail](https://github.com/Baloise-CodeCamp-2022/flux-de-travail) \ No newline at end of file diff --git a/.disabled/argo-workflows/base/argo-default-crb.yaml b/.disabled/argo-workflows/base/argo-default-crb.yaml index 6618ce9c..f36e842f 100644 --- a/.disabled/argo-workflows/base/argo-default-crb.yaml +++ b/.disabled/argo-workflows/base/argo-default-crb.yaml @@ -1,12 +1,12 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-binding-default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argo-cluster-role -subjects: - - kind: ServiceAccount - name: default +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-binding-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-cluster-role +subjects: + - kind: ServiceAccount + name: default namespace: argo-workflows \ No newline at end of file diff --git a/.disabled/argo-workflows/base/argo-server-dnsendpoint.yaml b/.disabled/argo-workflows/base/argo-server-dnsendpoint.yaml index 70d0b2f0..38daa72b 100644 --- a/.disabled/argo-workflows/base/argo-server-dnsendpoint.yaml +++ b/.disabled/argo-workflows/base/argo-server-dnsendpoint.yaml @@ -1,9 +1,9 @@ -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: workflows -spec: - endpoints: - - dnsName: workflows.baloise.dev - recordType: A +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: workflows +spec: + endpoints: + - dnsName: workflows.baloise.dev + recordType: A targets: [""] \ No newline at end of file diff --git a/.disabled/argo-workflows/base/argo-server-route.yaml b/.disabled/argo-workflows/base/argo-server-route.yaml index 8bbbcabe..8536883b 100644 --- a/.disabled/argo-workflows/base/argo-server-route.yaml +++ b/.disabled/argo-workflows/base/argo-server-route.yaml @@ -1,15 +1,15 @@ -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: workflows -spec: - host: workflows.baloise.dev - port: - targetPort: web - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - to: - kind: Service - name: argo-server +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: workflows +spec: + host: workflows.baloise.dev + port: + targetPort: web + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: argo-server weight: 100 \ No newline at end of file diff --git a/.disabled/argo-workflows/kustomization.yaml b/.disabled/argo-workflows/kustomization.yaml index 57d90489..1df907dd 100644 --- a/.disabled/argo-workflows/kustomization.yaml +++ b/.disabled/argo-workflows/kustomization.yaml @@ -1,14 +1,14 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: argo-workflows - -resources: - - base/argo-server-route.yaml - - base/argo-server-dnsendpoint.yaml - - base/argo-default-crb.yaml - - https://github.com/argoproj/argo-workflows/releases/download/v3.4.2/install.yaml - -patchesStrategicMerge: - - overlays/argo-server-deploy.yaml - - overlays/argo-binding-crb.yaml - - overlays/argo-server-binding-crb.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: argo-workflows + +resources: + - base/argo-server-route.yaml + - base/argo-server-dnsendpoint.yaml + - base/argo-default-crb.yaml + - https://github.com/argoproj/argo-workflows/releases/download/v3.4.2/install.yaml + +patchesStrategicMerge: + - overlays/argo-server-deploy.yaml + - overlays/argo-binding-crb.yaml + - overlays/argo-server-binding-crb.yaml diff --git a/.disabled/argo-workflows/overlays/argo-binding-crb.yaml b/.disabled/argo-workflows/overlays/argo-binding-crb.yaml index ca57e326..ee977087 100644 --- a/.disabled/argo-workflows/overlays/argo-binding-crb.yaml +++ b/.disabled/argo-workflows/overlays/argo-binding-crb.yaml @@ -1,8 +1,8 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-binding -subjects: - - kind: ServiceAccount - name: argo - namespace: argo-workflows +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-binding +subjects: + - kind: ServiceAccount + name: argo + namespace: argo-workflows diff --git a/.disabled/argo-workflows/overlays/argo-server-binding-crb.yaml b/.disabled/argo-workflows/overlays/argo-server-binding-crb.yaml index 85ac8409..009a97e3 100644 --- a/.disabled/argo-workflows/overlays/argo-server-binding-crb.yaml +++ b/.disabled/argo-workflows/overlays/argo-server-binding-crb.yaml @@ -1,8 +1,8 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-server-binding -subjects: - - kind: ServiceAccount - name: argo-server - namespace: argo-workflows +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-server-binding +subjects: + - kind: ServiceAccount + name: argo-server + namespace: argo-workflows diff --git a/.disabled/argo-workflows/overlays/argo-server-deploy.yaml b/.disabled/argo-workflows/overlays/argo-server-deploy.yaml index 3059be47..cd2722be 100644 --- a/.disabled/argo-workflows/overlays/argo-server-deploy.yaml +++ b/.disabled/argo-workflows/overlays/argo-server-deploy.yaml @@ -1,28 +1,28 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argo-server - namespace: argo -spec: - selector: - matchLabels: - app: argo-server - template: - metadata: - labels: - app: argo-server - spec: - containers: - - args: - - server - - --secure=false - - --auth-mode - - client - name: argo-server - readinessProbe: - httpGet: - path: / - port: 2746 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 20 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server + namespace: argo +spec: + selector: + matchLabels: + app: argo-server + template: + metadata: + labels: + app: argo-server + spec: + containers: + - args: + - server + - --secure=false + - --auth-mode + - client + name: argo-server + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 20 diff --git a/.disabled/artifactory-jcr/Chart.yaml b/.disabled/artifactory-jcr/Chart.yaml index 5d5d2e62..f2978377 100644 --- a/.disabled/artifactory-jcr/Chart.yaml +++ b/.disabled/artifactory-jcr/Chart.yaml @@ -1,25 +1,25 @@ -apiVersion: v2 -appVersion: 7.41.4 -dependencies: -- name: artifactory - repository: file://charts/artifactory - version: 107.41.4 -description: JFrog Container Registry -home: https://jfrog.com/container-registry/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png -keywords: -- artifactory -- jfrog -- container -- registry -- devops -- jfrog-container-registry -kubeVersion: '>= 1.14.0-0' -maintainers: -- email: helm@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory-jcr -sources: -- https://github.com/jfrog/charts -type: application -version: 107.41.4 +apiVersion: v2 +appVersion: 7.41.4 +dependencies: +- name: artifactory + repository: file://charts/artifactory + version: 107.41.4 +description: JFrog Container Registry +home: https://jfrog.com/container-registry/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-jcr/logo/jcr-logo.png +keywords: +- artifactory +- jfrog +- container +- registry +- devops +- jfrog-container-registry +kubeVersion: '>= 1.14.0-0' +maintainers: +- email: helm@jfrog.com + name: Chart Maintainers at JFrog +name: artifactory-jcr +sources: +- https://github.com/jfrog/charts +type: application +version: 107.41.4 diff --git a/.disabled/artifactory-jcr/README.md b/.disabled/artifactory-jcr/README.md index 7df9d934..ff3c64ed 100644 --- a/.disabled/artifactory-jcr/README.md +++ b/.disabled/artifactory-jcr/README.md @@ -1,125 +1,125 @@ -# JFrog Container Registry Helm Chart - -JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support. - -**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** - -## Prerequisites Details - -* Kubernetes 1.14+ - -## Chart Details -This chart will do the following: - -* Deploy JFrog Container Registry -* Deploy an optional Nginx server -* Deploy an optional PostgreSQL Database -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add JFrog Helm repository - -Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io) to your helm client. - -```bash -helm repo add jfrog https://charts.jfrog.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `jfrog-container-registry`: -```bash -helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-jcr jfrog/artifactory-jcr -``` - -### Accessing JFrog Container Registry -**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available. - -### Updating JFrog Container Registry -Once you have a new chart version, you can upgrade your deployment with -```bash -helm upgrade jfrog-container-registry jfrog/artifactory-jcr -``` - -### Special Upgrade Notes -#### Artifactory upgrade from 6.x to 7.x (App Version) -Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. -It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. -```yaml -artifactory: - artifactory: - # Migration support from 6.x to 7.x - migration: - enabled: true - timeoutSeconds: 3600 -``` -* Note: If you are upgrading from 1.x to 3.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. -```bash -kubectl delete statefulsets -postgresql -``` -* For more details about artifactory chart upgrades refer [here](https://github.com/jfrog/charts/blob/master/stable/artifactory/UPGRADE_NOTES.md) - -### Deleting JFrog Container Registry - -```bash -helm delete jfrog-container-registry --namespace artifactory-jcr -``` - -This will delete your JFrog Container Registry deployment.
-**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with -```bash -kubectl delete pvc ... -kubectl delete pv ... -``` - -## Database -The JFrog Container Registry chart comes with PostgreSQL deployed by default.
-For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). - -### Ingress and TLS -To get Helm to create an ingress object with a hostname, add these two lines to your Helm command: -```bash -helm upgrade --install jfrog-container-registry \ - --set artifactory.nginx.enabled=false \ - --set artifactory.ingress.enabled=true \ - --set artifactory.ingress.hosts[0]="artifactory.company.com" \ - --set artifactory.artifactory.service.type=NodePort \ - --namespace artifactory-jcr jfrog/artifactory-jcr -``` - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: - -```bash -kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key -``` - -Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: - -```yaml -artifactory: - artifactory: - ingress: - ## If true, Artifactory Ingress will be created - ## - enabled: true - - ## Artifactory Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - jfrog-container-registry.domain.com - annotations: - kubernetes.io/tls-acme: "true" - ## Artifactory Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: artifactory-tls - hosts: - - jfrog-container-registry.domain.com -``` - -## Useful links -https://www.jfrog.com -https://www.jfrog.com/confluence/ +# JFrog Container Registry Helm Chart + +JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support. + +**Heads up: Our Helm Chart docs are moving to our main documentation site. For Artifactory installers, see [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).** + +## Prerequisites Details + +* Kubernetes 1.14+ + +## Chart Details +This chart will do the following: + +* Deploy JFrog Container Registry +* Deploy an optional Nginx server +* Deploy an optional PostgreSQL Database +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + +## Installing the Chart + +### Add JFrog Helm repository + +Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io) to your helm client. + +```bash +helm repo add jfrog https://charts.jfrog.io +helm repo update +``` + +### Install Chart +To install the chart with the release name `jfrog-container-registry`: +```bash +helm upgrade --install jfrog-container-registry --set artifactory.postgresql.postgresqlPassword= --namespace artifactory-jcr jfrog/artifactory-jcr +``` + +### Accessing JFrog Container Registry +**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available. + +### Updating JFrog Container Registry +Once you have a new chart version, you can upgrade your deployment with +```bash +helm upgrade jfrog-container-registry jfrog/artifactory-jcr +``` + +### Special Upgrade Notes +#### Artifactory upgrade from 6.x to 7.x (App Version) +Arifactory 6.x to 7.x upgrade requires a one time migration process. This is done automatically on pod startup if needed. +It's possible to configure the migration timeout with the following configuration in extreme cases. The provided default should be more than enough for completion of the migration. +```yaml +artifactory: + artifactory: + # Migration support from 6.x to 7.x + migration: + enabled: true + timeoutSeconds: 3600 +``` +* Note: If you are upgrading from 1.x to 3.x and above chart versions, please delete the existing statefulset of postgresql before upgrading the chart due to breaking changes in postgresql subchart. +```bash +kubectl delete statefulsets -postgresql +``` +* For more details about artifactory chart upgrades refer [here](https://github.com/jfrog/charts/blob/master/stable/artifactory/UPGRADE_NOTES.md) + +### Deleting JFrog Container Registry + +```bash +helm delete jfrog-container-registry --namespace artifactory-jcr +``` + +This will delete your JFrog Container Registry deployment.
+**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with +```bash +kubectl delete pvc ... +kubectl delete pv ... +``` + +## Database +The JFrog Container Registry chart comes with PostgreSQL deployed by default.
+For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory). + +### Ingress and TLS +To get Helm to create an ingress object with a hostname, add these two lines to your Helm command: +```bash +helm upgrade --install jfrog-container-registry \ + --set artifactory.nginx.enabled=false \ + --set artifactory.ingress.enabled=true \ + --set artifactory.ingress.hosts[0]="artifactory.company.com" \ + --set artifactory.artifactory.service.type=NodePort \ + --namespace artifactory-jcr jfrog/artifactory-jcr +``` + +To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace: + +```bash +kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key +``` + +Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file: + +```yaml +artifactory: + artifactory: + ingress: + ## If true, Artifactory Ingress will be created + ## + enabled: true + + ## Artifactory Ingress hostnames + ## Must be provided if Ingress is enabled + ## + hosts: + - jfrog-container-registry.domain.com + annotations: + kubernetes.io/tls-acme: "true" + ## Artifactory Ingress TLS configuration + ## Secrets must be manually created in the namespace + ## + tls: + - secretName: artifactory-tls + hosts: + - jfrog-container-registry.domain.com +``` + +## Useful links +https://www.jfrog.com +https://www.jfrog.com/confluence/ diff --git a/.disabled/artifactory-jcr/charts/artifactory/.helmignore b/.disabled/artifactory-jcr/charts/artifactory/.helmignore index c7eb1e27..d0288fb4 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/.helmignore +++ b/.disabled/artifactory-jcr/charts/artifactory/.helmignore @@ -1,22 +1,22 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj OWNERS \ No newline at end of file diff --git a/.disabled/artifactory-jcr/charts/artifactory/CHANGELOG.md b/.disabled/artifactory-jcr/charts/artifactory/CHANGELOG.md index f23544e3..813813fe 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/.disabled/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,1143 +1,1143 @@ -# JFrog Artifactory Chart Changelog -All changes to this chart will be documented in this file. - -## [107.41.4] - June 27, 2022 -* Added support for nginx.terminationGracePeriodSeconds [GH-1645](https://github.com/jfrog/charts/issues/1645) -* Use an alternate command for `find` to copy custom certificates -* Added support for circle of trust using `circleOfTrustCertificatesSecret` secret name [GH-1623](https://github.com/jfrog/charts/pull/1623) - -## [107.40.0] - June 13, 2022 -* Added support for PodDisruptionBudget [GH-1618](https://github.com/jfrog/charts/issues/1618) -* From artifactory 7.38.x, joinKey can be retrived from Admin > User Management > Settings in UI -* Allow templating for pod annotations [GH-1634](https://github.com/jfrog/charts/pull/1634) -* Fixed `customPersistentPodVolumeClaim` name to `customPersistentVolumeClaim` - -## [107.39.0] - May 31, 2022 -* Fix default `artifactory.async.corePoolSize` [GH-1612](https://github.com/jfrog/charts/issues/1612) -* Added support of nginx annotations -* Reduce startupProbe `initialDelaySeconds` -* Align all liveness and readiness probes failureThreshold to `5` seconds -* Added new flag `unifiedSecretInstallation` to enables single unified secret holding all the artifactory secrets -* Updated router version to `7.38.0` -* Add support for NFS config with directories `haBackupDir` and `haDataDir` -* Fixed - disable jfconnect on oss/jcr/cpp flavours [GH-1630](https://github.com/jfrog/charts/issues/1630) - -## [107.38.0] - May 04, 2022 -* Added support for `global.nodeSelector` to artifactory and nginx pods -* Updated router version to `7.36.1` -* Added support for custom global probes timeout -* Updated frontend container command -* Added topologySpreadConstraints to artifactory and nginx, and add lifecycle hooks to nginx [GH-1596](https://github.com/jfrog/charts/pull/1596) -* Added support of extraEnvironmentVariables for all infra services containers -* Enabled the consumption (jfconnect) flag by default -* Fix jfconnect disabling on non-splitcontainers - -## [107.37.0] - Mar 08, 2022 -* Added support for customPorts in nginx deployment -* Bugfix - Wrong proxy_pass configurations for /artifactory/ in the default artifactory.conf -* Added signedUrlExpirySeconds option to artifactory.persistence.type aws-S3-V3 -* Updated router version to `7.35.0` -* Added useInstanceCredentials,enableSignedUrlRedirect option to google-storage-v2 -* Changed dependency charts repo to `charts.jfrog.io` - -## [107.36.0] - Mar 03, 2022 -* Remove pdn tracker which starts replicator service -* Added silent option for curl probes -* Added readiness health check for the artifactory container for k8s version < 1.20 -* Fix property file migration issue to system.yaml 6.x to 7.x - -## [107.35.0] - Feb 08, 2022 -* Updated router version to `7.32.1` - -## [107.33.0] - Jan 11, 2022 -* Add more user friendly support for anti-affinity -* Pod anti-affinity is now enabled by default (soft rule) -* Readme fixes -* Added support for setting `fsGroupChangePolicy` -* Added nginx customInitContainers, customVolumes, customSidecarContainers [GH-1565](https://github.com/jfrog/charts/pull/1565) -* Updated router version to `7.30.0` - -## [107.32.0] - Dec 22, 2021 -* Updated logger image to `jfrog/ubi-minimal:8.5-204` -* Added default `8091` as `artifactory.tomcat.maintenanceConnector.port` for probes check -* Refactored probes to replace httpGet probes with basic exec + curl -* Refactored `database-creds` secret to create only when database values are passed -* Added new endpoints for probes `/artifactory/api/v1/system/liveness` and `/artifactory/api/v1/system/readiness` -* Enabled `newProbes:true` by default to use these endpoints -* Fix filebeat sidecar spool file permissions -* Updated filebeat sidecar container to `7.16.2` - -## [107.31.0] - Dec 17, 2021 -* Added support for HorizontalPodAutoscaler apiVersion `autoscaling/v2beta2` -* Remove integration service feature flag to make it mandatory service -* Update postgresql tag version to `13.4.0-debian-10-r39` -* Fixed `artifactory.resources` indentation in `migration-artifactory` init container [GH-1562](https://github.com/jfrog/charts/issues/1562) -* Refactored `router.requiredServiceTypes` to support platform chart - -## [107.30.0] - Nov 30, 2021 -* Fixed incorrect permission for filebeat.yaml -* Updated healthcheck (liveness/readiness) api for integration service -* Disable readiness health check for the artifactory container when running in the container split mode -* Ability to start replicator on enabling pdn tracker - -## [107.29.0] - Nov 26, 2021 -* Added integration service container in artifactory -* Add support for Ingress Class Name in Ingress Spec [GH-1516](https://github.com/jfrog/charts/pull/1516) -* Fixed chart values to use curl instead of wget [GH-1529](https://github.com/jfrog/charts/issues/1529) -* Updated nginx config to allow websockets when pipelines is enabled -* Moved router.topology.local.requireqservicetypes from system.yaml to router as environment variable -* Added jfconnect in system.yaml -* Updated artifactory container’s health probes to use artifactory api on rt-split -* Updated initContainerImage to `jfrog/ubi-minimal:8.5-204` -* Updated router version to `7.28.2` -* Set Jfconnect enabled to `false` in the artifactory container when running in the container split mode - -## [107.28.0] - Nov 11, 2021 -* Added default values cpu and memeory in initContainers -* Updated router version to `7.26.0` -* Updated (`rbac.create` and `serviceAccount.create` to false by default) for least privileges -* Fixed incorrect data type for `Values.router.serviceRegistry.insecure` in default values.yaml [GH-1514](https://github.com/jfrog/charts/pull/1514/files) -* **IMPORTANT** -* Changed init-container images from `alpine` to `ubi8/ubi-minimal` -* Added support for AWS License Manager using `.Values.aws.licenseConfigSecretName` - -## [107.27.0] - Oct 6, 2021 -* **Breaking change** -* Aligned probe structure (moved probes variables under config block) -* Added support for new probes(set to false by default) -* Bugfix - Invalid format for `multiPartLimit,multipartElementSize,maxCacheSize` in binarystore.xml [GH-1466](https://github.com/jfrog/charts/issues/1466) -* Added missioncontrol container in artifactory -* Dropped NET_RAW capability for the containers -* Added resources to migration-artifactory init container -* Added resources to all rt split containers -* Updated router version to `7.25.1` -* Added support for Ingress networking.k8s.io/v1/Ingress for k8s >=1.22 [GH-1487](https://github.com/jfrog/charts/pull/1487) -* Added min kubeVersion ">= 1.14.0-0" in chart.yaml -* Update alpine tag version to `3.14.2` -* Update busybox tag version to `1.33.1` -* Artifactory chart support for cluster license - -## [107.26.0] - Aug 23, 2021 -* Added Observability container (only when `splitServicesToContainers` is enabled) -* Support for high availability (when replicaCount > 1) -* Added min kubeVersion ">= 1.12.0-0" in chart.yaml - -## [107.25.0] - Aug 13, 2021 -* Updated readme of chart to point to wiki. Refer [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory) -* Added startupProbe and livenessProbe for RT-split containers -* Updated router version to 7.24.1 -* Added security hardening fixes -* Enabled startup probes for k8s >= 1.20.x -* Changed network policy to allow all ingress and egress traffic -* Added Observability changes -* Added support for global.versions.router (only when `splitServicesToContainers` is enabled) - -## [107.24.0] - July 27, 2021 -* Support global and product specific tags at the same time -* Added support for artifactory containers split - -## [107.23.0] - July 8, 2021 -* Bug fix - logger sideCar picks up Wrong File in helm -* Allow filebeat metrics configuration in values.yaml - -## [107.22.0] - July 6, 2021 -* Update alpine tag version to `3.14.0` -* Added `nodePort` support to artifactory-service and nginx-service templates -* Removed redundant `terminationGracePeriodSeconds` in statefulset -* Increased `startupProbe.failureThreshold` time - -## [107.21.3] - July 2, 2021 -* Added ability to change sendreasonphrase value in server.xml via system yaml - -## [107.19.3] - May 20, 2021 -* Fix broken support for startupProbe for k8s < 1.18.x -* Added support for `nameOverride` and `fullnameOverride` in values.yaml - -## [107.18.6] - April 29, 2021 -* Bumping chart version to align with app version -* Add `securityContext` option on nginx container - -## [12.0.0] - April 22, 2021 -* **Breaking change:** -* Increased default postgresql persistence size to `200Gi` -* Update postgresql tag version to `13.2.0-debian-10-r55` -* Update postgresql chart version to `10.3.18` in chart.yaml - [10.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1000) -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true -* **IMPORTANT** -* This chart is only helm v3 compatible. -* Fixed filebeat-configmap naming -* Explicitly set ServiceAccount `automountServiceAccountToken` to 'true' -* Update alpine tag version to `3.13.5` - -## [11.13.2] - April 15, 2021 -* Updated Artifactory version to 7.17.9 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.9) - -## [11.13.1] - April 6, 2021 -* Updated Artifactory version to 7.17.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.6) -* Update alpine tag version to `3.13.4` - -## [11.13.0] - April 5, 2021 -* **IMPORTANT** -* Added `charts.jfrog.io` as default JFrog Helm repository -* Updated Artifactory version to 7.17.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.5) - -## [11.12.2] - Mar 31, 2021 -* Updated Artifactory version to 7.17.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.4) - -## [11.12.1] - Mar 30, 2021 -* Updated Artifactory version to 7.17.3 -* Add `timeoutSeconds` to all exec probes - Please refer [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) - -## [11.12.0] - Mar 24, 2021 -* Updated Artifactory version to 7.17.2 -* Optimized startupProbe time - -## [11.11.0] - Mar 18, 2021 -* Add support to startupProbe - -## [11.10.0] - Mar 15, 2021 -* Updated Artifactory version to 7.16.3 - -## [11.9.5] - Mar 09, 2021 -* Added HSTS header to nginx conf - -## [11.9.4] - Mar 9, 2021 -* Removed bintray URL references in the chart - -## [11.9.3] - Mar 04, 2021 -* Updated Artifactory version to 7.15.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.4) - -## [11.9.2] - Mar 04, 2021 -* Fixed creation of nginx-certificate-secret when Nginx is disabled - -## [11.9.1] - Feb 19, 2021 -* Update busybox tag version to `1.32.1` - -## [11.9.0] - Feb 18, 2021 -* Updated Artifactory version to 7.15.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.3) -* Add option to specify update strategy for Artifactory statefulset - -## [11.8.1] - Feb 11, 2021 -* Exposed "multiPartLimit" and "multipartElementSize" for the Azure Blob Storage Binary Provider - -## [11.8.0] - Feb 08, 2021 -* Updated Artifactory version to 7.12.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.8) -* Support for custom certificates using secrets -* **Important:** Switched docker images download from `docker.bintray.io` to `releases-docker.jfrog.io` -* Update alpine tag version to `3.13.1` - -## [11.7.8] - Jan 25, 2021 -* Add support for hostAliases - -## [11.7.7] - Jan 11, 2021 -* Fix failures when using creds file for configurating google storage - -## [11.7.6] - Jan 11, 2021 -* Updated Artifactory version to 7.12.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.6) - -## [11.7.5] - Jan 07, 2021 -* Added support for optional tracker dedicated ingress `.Values.artifactory.replicator.trackerIngress.enabled` (defaults to false) - -## [11.7.4] - Jan 04, 2021 -* Fixed gid support for statefulset - -## [11.7.3] - Dec 31, 2020 -* Added gid support for statefulset -* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset - -## [11.7.2] - Dec 29, 2020 -* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) -* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml) -* Updated Artifactory version to 7.12.5 - -## [11.7.1] - Dec 21, 2020 -* Updated Artifactory version to 7.12.3 - -## [11.7.0] - Dec 18, 2020 -* Updated Artifactory version to 7.12.2 -* Added `.Values.artifactory.openMetrics.enabled` - -## [11.6.1] - Dec 11, 2020 -* Added configurable `.Values.global.versions.artifactory` in values.yaml - -## [11.6.0] - Dec 10, 2020 -* Update postgresql tag version to `12.5.0-debian-10-r25` -* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` -* Updated chart maintainers email - -## [11.5.5] - Dec 4, 2020 -* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` - -## [11.5.4] - Dec 1, 2020 -* Improve error message returned when attempting helm upgrade command - -## [11.5.3] - Nov 30, 2020 -* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) - -## [11.5.2] - Nov 23, 2020 -* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) -* Updated port namings on services and pods to allow for istio protocol discovery -* Change semverCompare checks to support hosted Kubernetes -* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics -* Prevent the PostHook command to be executed if the user did not specify a command in the values file -* Fix issue with tls file generation when nginx.https.enabled is false - -## [11.5.1] - Nov 19, 2020 -* Updated Artifactory version to 7.11.2 -* Bugfix - access.config.import.xml override Access Federation configurations - -## [11.5.0] - Nov 17, 2020 -* Updated Artifactory version to 7.11.1 -* Update alpine tag version to `3.12.1` - -## [11.4.6] - Nov 10, 2020 -* Pass system.yaml via external secret for advanced usecases -* Added support for custom ingress -* Bugfix - stateful set not picking up changes to database secrets - -## [11.4.5] - Nov 9, 2020 -* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) - -## [11.4.4] - Nov 2, 2020 -* Add enablePathStyleAccess property for aws-s3-v3 binary provider template - -## [11.4.3] - Nov 2, 2020 -* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) - -## [11.4.2] - Oct 22, 2020 -* Chown bug fix where Linux capability cannot chown all files causing log line warnings -* Fix Frontend timeout linting issue - -## [11.4.1] - Oct 20, 2020 -* Add flag to disable prepare-custom-persistent-volume init container - -## [11.4.0] - Oct 19, 2020 -* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) - -## [11.3.2] - Oct 15, 2020 -* Add support to specify priorityClassName for nginx deployment - -## [11.3.1] - Oct 9, 2020 -* Add support for customInitContainersBegin - -## [11.3.0] - Oct 7, 2020 -* Updated Artifactory version to 7.9.1 -* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml - -## [11.2.0] - Oct 5, 2020 -* Expose Prometheus metrics via a ServiceMonitor -* Parse log files for metric data with Fluentd - -## [11.1.0] - Sep 30, 2020 -* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) -* Added support for resources in init container - -## [11.0.11] - Sep 25, 2020 -* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements - -## [11.0.10] - Sep 28, 2020 -* Setting chart coordinates in migitation yaml - -## [11.0.9] - Sep 25, 2020 -* Update filebeat version to `7.9.2` - -## [11.0.8] - Sep 24, 2020 -* Fixed broken issue - when setting `waitForDatabase: false` container startup still waits for DB - -## [11.0.7] - Sep 22, 2020 -* Readme updates - -## [11.0.6] - Sep 22, 2020 -* Fix lint issue in migitation yaml - -## [11.0.5] - Sep 22, 2020 -* Fix broken migitation yaml - -## [11.0.4] - Sep 21, 2020 -* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) - -## [11.0.3] - Sep 17, 2020 -* Added configurable session(UI) timeout in frontend microservice - -## [11.0.2] - Sep 17, 2020 -* Added proper required text to be shown while postgres upgrades - -## [11.0.1] - Sep 14, 2020 -* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) - -## [11.0.0] - Sep 2, 2020 -* **Breaking change:** Changed `imagePullSecrets`values from string to list. -* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images -* Added support for global values -* Updated maintainers in chart.yaml -* Update postgresql tag version to `12.3.0-debian-10-r71` -* Update postgresql chart version to `9.3.4` in requirements.yaml - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true - -## [10.1.0] - Aug 13, 2020 -* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) - -## [10.0.15] - Aug 10, 2020 -* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. - -## [10.0.14] - Jul 31, 2020 -* Update the README section on Nginx SSL termination to reflect the actual YAML structure. - -## [10.0.13] - Jul 30, 2020 -* Added condition to disable the migration scripts. - -## [10.0.12] - Jul 28, 2020 -* Document Artifactory node affinity. - -## [10.0.11] - Jul 28, 2020 -* Added maxConnections for persistent storage type aws-s3-v3. - -## [10.0.10] - Jul 28, 2020 -* Bugfix / support for userPluginSecrets with Artifactory 7 - -## [10.0.9] - Jul 27, 2020 -* Add tpl to external database secrets -* Modified `scheme` to `artifactory.scheme` - -## [10.0.8] - Jul 23, 2020 -* Added condition to disable the migration init container. - -## [10.0.7] - Jul 21, 2020 -* Updated Artifactory Chart to add node and primary labels to pods and service objects. - -## [10.0.6] - Jul 20, 2020 -* Support custom CA and certificates - -## [10.0.5] - Jul 13, 2020 -* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 -* Fixed Mysql database jar path in `preStartCommand` in README - -## [10.0.4] - Jul 10, 2020 -* Move some postgresql values to where they should be according to the subchart - -## [10.0.3] - Jul 8, 2020 -* Set Artifactory access client connections to the same value as the access threads - -## [10.0.2] - Jul 6, 2020 -* Updated Artifactory version to 7.6.2 -* **IMPORTANT** -* Added ChartCenter Helm repository in README - -## [10.0.1] - Jul 01, 2020 -* Add dedicated ingress object for Replicator service when enabled - -## [10.0.0] - Jun 30, 2020 -* Update postgresql tag version to `10.13.0-debian-10-r38` -* Update alpine tag version to `3.12` -* Update busybox tag version to `1.31.1` -* **IMPORTANT** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true - -## [9.6.0] - Jun 29, 2020 -* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 -* Add tpl for external database secrets - -## [9.5.5] - Jun 25, 2020 -* Stop loading the Nginx stream module because it is now a core module - -## [9.5.4] - Jun 25, 2020 -* Notes.txt update - add --namespace parameter - -## [9.5.3] - Jun 11, 2020 -* Support list of custom secrets - -## [9.5.2] - Jun 12, 2020 -* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 - -## [9.5.1] - Jun 8, 2020 -* Readme update - configuring Artifactory with oracledb - -## [9.5.0] - Jun 1, 2020 -* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 -* Fixes bootstrap configMap permission issue -* Update postgresql tag version to `9.6.18-debian-10-r7` - -## [9.4.9] - May 27, 2020 -* Added Tomcat maxThreads & acceptCount - -## [9.4.8] - May 25, 2020 -* Fixed postgresql README `image` Parameters - -## [9.4.7] - May 24, 2020 -* Fixed typo in README regarding migration timeout - -## [9.4.6] - May 19, 2020 -* Added metadata maxOpenConnections - -## [9.4.5] - May 07, 2020 -* Fix `installerInfo` string format - -## [9.4.4] - Apr 27, 2020 -* Updated Artifactory version to 7.4.3 - -## [9.4.3] - Apr 26, 2020 -* Change order of the customInitContainers to run before the "migration-artifactory" initContainer. - -## [9.4.2] - Apr 24, 2020 -* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic -* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml - -## [9.4.1] - Apr 16, 2020 -* Custom volumes in migration init container. - -## [9.4.0] - Apr 14, 2020 -* Updated Artifactory version to 7.4.1 - -## [9.3.1] - April 13, 2020 -* Update README with helm v3 commands - -## [9.3.0] - April 10, 2020 -* Use dependency charts from `https://charts.bitnami.com/bitnami` -* Bump postgresql chart version to `8.7.3` in requirements.yaml -* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml - -## [9.2.9] - Apr 8, 2020 -* Added recommended ingress annotation to avoid 413 errors - -## [9.2.8] - Apr 8, 2020 -* Moved migration scripts under `files` directory -* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` - -## [9.2.7] - Apr 6, 2020 -* Fix cache size (should be 5gb instead of 50gb since volume claim is only 20gb). - -## [9.2.6] - Apr 1, 2020 -* Support masterKey and joinKey as secrets - -## [9.2.5] - Apr 1, 2020 -* Fix readme use to `-hex 32` instead of `-hex 16` - -## [9.2.4] - Mar 31, 2020 -* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java - -## [9.2.3] - Mar 29, 2020 -* Add Nginx log options: stderr as logfile and log level - -## [9.2.2] - Mar 30, 2020 -* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart - -## [9.2.1] - Mar 29, 2020 -* Fix loggers sidecars configurations to support new file system layout and new log names - -## [9.2.0] - Mar 29, 2020 -* Fix broken admin user bootstrap configuration -* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` - -## [9.1.5] - Mar 26, 2020 -* Fix volumeClaimTemplate issue - -## [9.1.4] - Mar 25, 2020 -* Fix volume name used by filebeat container - -## [9.1.3] - Mar 24, 2020 -* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) - -## [9.1.2] - Mar 22, 2020 -* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. - -## [9.1.1] - Mar 23, 2020 -* Moved installer info to values.yaml so it is fully customizable - -## [9.1.0] - Mar 23, 2020 -* Updated Artifactory version to 7.3.2 - -## [9.0.29] - Mar 20, 2020 -* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) - -## [9.0.28] - Mar 18, 2020 -* Increased Nginx proxy_buffers size - -## [9.0.27] - Mar 17, 2020 -* Changed all single quotes to double quotes in values files -* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. - -## [9.0.26] - Mar 17, 2020 -* Fix rendering of Service Account annotations - -## [9.0.25] - Mar 16, 2020 -* Update Artifactory readme with extra ingress annotations needed for Artifactory to be set as SSO provider - -## [9.0.24] - Mar 16, 2020 -* Add Unsupported message from 6.18 to 7.2.x (migration) - -## [9.0.23] - Mar 12, 2020 -* Fix README.md rendering issue - -## [9.0.22] - Mar 11, 2020 -* Upgrade Docs update - -## [9.0.21] - Mar 11, 2020 -* Unified charts public release - -## [9.0.20] - Mar 6, 2020 -* Fix path to `/artifactory_bootstrap` -* Add support for controlling the name of the ingress and allow to set more than one cname - -## [9.0.19] - Mar 4, 2020 -* Add support for disabling `consoleLog` in `system.yaml` file - -## [9.0.18] - Feb 28, 2020 -* Add support to process `valueFrom` for extraEnvironmentVariables - -## [9.0.17] - Feb 26, 2020 -* Fix join key secret naming - -## [9.0.16] - Feb 26, 2020 -* Store join key to secret - -## [9.0.15] - Feb 26, 2020 -* Updated Artifactory version to 7.2.1 - -## [9.0.10] - Feb 07, 2020 -* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade - -## [9.0.0] - Feb 07, 2020 -* Updated Artifactory version to 7.0.0 - -## [8.4.8] - Feb 13, 2020 -* Add support for SSH authentication to Artifactory - -## [8.4.7] - Feb 11, 2020 -* Change Artifactory service port name to be hard-coded to `http` instead of using `{{ .Release.Name }}` - -## [8.4.6] - Feb 9, 2020 -* Add support for `tpl` in the `postStartCommand` - -## [8.4.5] - Feb 4, 2020 -* Support customisable Nginx kind - -## [8.4.4] - Feb 2, 2020 -* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations - -## [8.4.3] - Jan 30, 2020 -* Add the option to configure resources for the logger containers - -## [8.4.2] - Jan 26, 2020 -* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive - -## [8.4.1] - Jan 19, 2020 -* Fix replicator port config in nginx replicator configmap - -## [8.4.0] - Jan 19, 2020 -* Updated Artifactory version to 6.17.0 - -## [8.3.6] - Jan 16, 2020 -* Added example for external nginx-ingress - -## [8.3.5] - Dec 30, 2019 -* Fix for nginx probes failing when launched with http disabled - -## [8.3.4] - Dec 24, 2019 -* Better support for custom `artifactory.internalPort` - -## [8.3.3] - Dec 23, 2019 -* Mark empty map values with `{}` - -## [8.3.2] - Dec 16, 2019 -* Fix for toggling nginx service ports - -## [8.3.1] - Dec 12, 2019 -* Add support for toggling nginx service ports - -## [8.3.0] - Dec 1, 2019 -* Updated Artifactory version to 6.16.0 - -## [8.2.6] - Nov 28, 2019 -* Add support for using existing PriorityClass - -## [8.2.5] - Nov 27, 2019 -* Add support for PriorityClass - -## [8.2.4] - Nov 21, 2019 -* Add an option to use a file system cache-fs with the file-system binarystore template - -## [8.2.3] - Nov 20, 2019 -* Update Artifactory Readme - -## [8.2.2] - Nov 20, 2019 -* Update Artfactory logo - -## [8.2.1] - Nov 18, 2019 -* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) - -## [8.2.0] - Nov 18, 2019 -* Updated Artifactory version to 6.15.0 - -## [8.1.11] - Nov 17, 2019 -* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup - -## [8.1.10] - Nov 17, 2019 -* Fix creation of double slash in nginx artifactory configuration - -## [8.1.9] - Nov 14, 2019 -* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error - -## [8.1.8] - Nov 12, 2019 -* Updated Artifactory version to 6.14.1 - -## [8.1.7] - Nov 9, 2019 -* Additional documentation for masterKey - -## [8.1.6] - Nov 10, 2019 -* Update PostgreSQL chart version to 7.0.1 -* Use formal PostgreSQL configuration format - -## [8.1.5] - Nov 8, 2019 -* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` - -## [8.1.4] - Nov 6, 2019 -* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is - -## [8.1.3] - Nov 6, 2019 -* Add nodeselector support for Postgresql - -## [8.1.2] - Nov 5, 2019 -* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles - -## [8.1.1] - Nov 4, 2019 -* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files - -## [8.1.0] - Nov 3, 2019 -* Updated Artifactory version to 6.14.0 - -## [8.0.1] - Nov 3, 2019 -* Make sure the artifactory pod exits when one of the pre-start stages fail - -## [8.0.0] - Oct 27, 2019 -**IMPORTANT - BREAKING CHANGES!**
-**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** -* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! -* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! -* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! -* Note the following **PostgreSQL** Helm chart changes - * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used - * **PostgreSQL** is deployed as a StatefulSet - * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations - -## [7.18.3] - Oct 24, 2019 -* Change the preStartCommand to support templating - -## [7.18.2] - Oct 21, 2019 -* Add support for setting `artifactory.labels` -* Add support for setting `nginx.labels` - -## [7.18.1] - Oct 10, 2019 -* Updated Artifactory version to 6.13.1 - -## [7.18.0] - Oct 7, 2019 -* Updated Artifactory version to 6.13.0 - -## [7.17.5] - Sep 24, 2019 -* Option to skip wait-for-db init container with '--set waitForDatabase=false' - -## [7.17.4] - Sep 11, 2019 -* Updated Artifactory version to 6.12.2 - -## [7.17.3] - Sep 9, 2019 -* Updated Artifactory version to 6.12.1 - -## [7.17.2] - Aug 22, 2019 -* Fix the nginx server_name directive used with ingress.hosts - -## [7.17.1] - Aug 21, 2019 -* Enable the Artifactory container's liveness and readiness probes - -## [7.17.0] - Aug 21, 2019 -* Updated Artifactory version to 6.12.0 - -## [7.16.11] - Aug 14, 2019 -* Updated Artifactory version to 6.11.6 - -## [7.16.10] - Aug 11, 2019 -* Fix Ingress routing and add an example - -## [7.16.9] - Aug 5, 2019 -* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) -* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist - -## [7.16.8] - Aug 4, 2019 -* Improve binarystore config - 1. Convert to a secret - 2. Move config to values.yaml - 3. Support an external secret - -## [7.16.7] - Jul 29, 2019 -* Don't create the nginx configmaps when nginx.enabled is false - -## [7.16.6] - Jul 24, 2019 -* Simplify nginx setup and shorten initial wait for probes - -## [7.16.5] - Jul 22, 2019 -* Change Ingress API to be compatible with recent kubernetes versions - -## [7.16.4] - Jul 22, 2019 -* Updated Artifactory version to 6.11.3 - -## [7.16.3] - Jul 11, 2019 -* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration - -## [7.16.2] - Jul 3, 2019 -* Fix values key in reverse proxy example - -## [7.16.1] - Jul 1, 2019 -* Updated Artifactory version to 6.11.1 - -## [7.16.0] - Jun 27, 2019 -* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified - -## [7.15.8] - Jun 27, 2019 -* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation - -## [7.15.6] - Jun 24, 2019 -* Update chart maintainers - -## [7.15.5] - Jun 24, 2019 -* Change Nginx to point to the artifactory externalPort - -## [7.15.4] - Jun 23, 2019 -* Add the option to provide an IP for the access-admin endpoints - -## [7.15.3] - Jun 23, 2019 -* Add values files for small, medium and large installations - -## [7.15.2] - Jun 20, 2019 -* Add missing terminationGracePeriodSeconds to values.yaml - -## [7.15.1] - Jun 19, 2019 -* Updated Artifactory version to 6.10.4 - -## [7.15.0] - Jun 17, 2019 -* Use configmaps for nginx configuration and remove nginx postStart command - -## [7.14.8] - Jun 18, 2019 -* Add the option to provide additional ingress rules - -## [7.14.7] - Jun 14, 2019 -* Updated readme with improved external database setup example - -## [7.14.6] - Jun 11, 2019 -* Updated Artifactory version to 6.10.3 -* Updated installer-info template - -## [7.14.5] - Jun 6, 2019 -* Updated Google Cloud Storage API URL and https settings - -## [7.14.4] - Jun 5, 2019 -* Delete the db.properties file on Artifactory startup - -## [7.14.3] - Jun 3, 2019 -* Updated Artifactory version to 6.10.2 - -## [7.14.2] - May 21, 2019 -* Updated Artifactory version to 6.10.1 - -## [7.14.1] - May 19, 2019 -* Fix missing logger image tag - -## [7.14.0] - May 7, 2019 -* Updated Artifactory version to 6.10.0 - -## [7.13.21] - May 5, 2019 -* Add support for setting `artifactory.async.corePoolSize` - -## [7.13.20] - May 2, 2019 -* Remove unused property `artifactory.releasebundle.feature.enabled` - -## [7.13.19] - May 1, 2019 -* Fix indentation issue with the replicator system property - -## [7.13.18] - Apr 30, 2019 -* Add support for JMX monitoring - -## [7.13.17] - Apr 25, 2019 -* Added support for `cacheProviderDir` - -## [7.13.16] - Apr 18, 2019 -* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx - -## [7.13.15] - Apr 16, 2019 -* Updated documentation for Reverse Proxy Configuration - -## [7.13.14] - Apr 15, 2019 -* Added support for `customVolumeMounts` - -## [7.13.13] - Aprl 12, 2019 -* Added support for `bucketExists` flag for googleStorage - -## [7.13.12] - Apr 11, 2019 -* Replace `curl` examples with `wget` due to the new base image - -## [7.13.11] - Aprl 07, 2019 -* Add support for providing the Artifactory license as a parameter - -## [7.13.10] - Apr 10, 2019 -* Updated Artifactory version to 6.9.1 - -## [7.13.9] - Aprl 04, 2019 -* Add support for templated extraEnvironmentVariables - -## [7.13.8] - Aprl 07, 2019 -* Change network policy API group - -## [7.13.7] - Aprl 04, 2019 -* Bugfix for userPluginSecrets - -## [7.13.6] - Apr 4, 2019 -* Add information about upgrading Artifactory with auto-generated postgres password - -## [7.13.5] - Aprl 03, 2019 -* Added installer info - -## [7.13.4] - Aprl 03, 2019 -* Allow secret names for user plugins to contain template language - -## [7.13.3] - Apr 02, 2019 -* Allow NetworkPolicy configurations (defaults to allow all) - -## [7.13.2] - Aprl 01, 2019 -* Add support for user plugin secret - -## [7.13.1] - Mar 27, 2019 -* Add the option to copy a list of files to ARTIFACTORY_HOME on startup - -## [7.13.0] - Mar 26, 2019 -* Updated Artifactory version to 6.9.0 - -## [7.12.18] - Mar 25, 2019 -* Add CI tests for persistence, ingress support and nginx - -## [7.12.17] - Mar 22, 2019 -* Add the option to change the default access-admin password - -## [7.12.16] - Mar 22, 2019 -* Added support for `.Probe.path` to customise the paths used for health probes - -## [7.12.15] - Mar 21, 2019 -* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers -* Added support for `artifactory.customVolumes` to create custom volumes - -## [7.12.14] - Mar 21, 2019 -* Make ingress path configurable - -## [7.12.13] - Mar 19, 2019 -* Move the copy of bootstrap config from postStart to preStart - -## [7.12.12] - Mar 19, 2019 -* Fix existingClaim example - -## [7.12.11] - Mar 18, 2019 -* Add information about nginx persistence - -## [7.12.10] - Mar 15, 2019 -* Wait for nginx configuration file before using it - -## [7.12.9] - Mar 15, 2019 -* Revert securityContext changes since they were causing issues - -## [7.12.8] - Mar 15, 2019 -* Fix issue #247 (init container failing to run) - -## [7.12.7] - Mar 14, 2019 -* Updated Artifactory version to 6.8.7 -* Add support for Artifactory-CE for C++ - -## [7.12.6] - Mar 13, 2019 -* Move securityContext to container level - -## [7.12.5] - Mar 11, 2019 -* Updated Artifactory version to 6.8.6 - -## [7.12.4] - Mar 8, 2019 -* Fix existingClaim option - -## [7.12.3] - Mar 5, 2019 -* Updated Artifactory version to 6.8.4 - -## [7.12.2] - Mar 4, 2019 -* Add support for catalina logs sidecars - -## [7.12.1] - Feb 27, 2019 -* Updated Artifactory version to 6.8.3 - -## [7.12.0] - Feb 25, 2019 -* Add nginx support for tail sidecars - -## [7.11.1] - Feb 20, 2019 -* Added support for enterprise storage - -## [7.10.2] - Feb 19, 2019 -* Updated Artifactory version to 6.8.2 - -## [7.10.1] - Feb 17, 2019 -* Updated Artifactory version to 6.8.1 -* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage - -## [7.10.0] - Feb 15, 2019 -* Updated Artifactory version to 6.8.0 - -## [7.9.6] - Feb 13, 2019 -* Updated Artifactory version to 6.7.3 - -## [7.9.5] - Feb 12, 2019 -* Add support for tail sidecars to view logs from k8s api - -## [7.9.4] - Feb 6, 2019 -* Fix support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.3] - Feb 5, 2019 -* Add instructions on how to deploy Artifactory with embedded Derby database - -## [7.9.2] - Feb 5, 2019 -* Add support for customizing statefulset `terminationGracePeriodSeconds` - -## [7.9.1] - Feb 3, 2019 -* Updated Artifactory version to 6.7.2 - -## [7.9.0] - Jan 23, 2019 -* Updated Artifactory version to 6.7.0 - -## [7.8.9] - Jan 22, 2019 -* Added support for `artifactory.customInitContainers` to create custom init containers - -## [7.8.8] - Jan 17, 2019 -* Added support of values ingress.labels - -## [7.8.7] - Jan 16, 2019 -* Mount replicator.yaml (config) directly to /replicator_extra_conf - -## [7.8.6] - Jan 13, 2019 -* Fix documentation about nginx group id - -## [7.8.5] - Jan 13, 2019 -* Updated Artifactory version to 6.6.5 - -## [7.8.4] - Jan 8, 2019 -* Make artifactory.replicator.publicUrl required when the replicator is enabled - -## [7.8.3] - Jan 1, 2019 -* Updated Artifactory version to 6.6.3 -* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory - -## [7.8.2] - Dec 28, 2018 -* Fix location `replicator.yaml` is copied to - -## [7.8.1] - Dec 27, 2018 -* Updated Artifactory version to 6.6.1 - -## [7.8.0] - Dec 20, 2018 -* Updated Artifactory version to 6.6.0 - -## [7.7.13] - Dec 17, 2018 -* Updated Artifactory version to 6.5.13 - -## [7.7.12] - Dec 12, 2018 -* Fix documentation about Artifactory license setup using secret - -## [7.7.11] - Dec 10, 2018 -* Fix issue when using existing claim - -## [7.7.10] - Dec 5, 2018 -* Remove Distribution certificates creation. - -## [7.7.9] - Nov 30, 2018 -* Updated Artifactory version to 6.5.9 - -## [7.7.8] - Nov 29, 2018 -* Updated postgresql version to 9.6.11 - -## [7.7.7] - Nov 27, 2018 -* Updated Artifactory version to 6.5.8 - -## [7.7.6] - Nov 19, 2018 -* Added support for configMap to use custom Reverse Proxy Configuration with Nginx - -## [7.7.5] - Nov 14, 2018 -* Fix location of `nodeSelector`, `affinity` and `tolerations` - -## [7.7.4] - Nov 14, 2018 -* Updated Artifactory version to 6.5.3 - -## [7.7.3] - Nov 12, 2018 -* Support artifactory.preStartCommand for running command before entrypoint starts - -## [7.7.2] - Nov 7, 2018 -* Support database.url parameter (DB_URL) - -## [7.7.1] - Oct 29, 2018 -* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) - -## [7.7.0] - Oct 28, 2018 -* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options - -## [7.6.8] - Oct 23, 2018 -* Fix providing external secret for database credentials - -## [7.6.7] - Oct 23, 2018 -* Allow user to configure externalTrafficPolicy for Loadbalancer - -## [7.6.6] - Oct 22, 2018 -* Updated ingress annotation support (with examples) to support docker registry v2 - -## [7.6.5] - Oct 21, 2018 -* Updated Artifactory version to 6.5.2 - -## [7.6.4] - Oct 19, 2018 -* Allow providing pre-existing secret containing master key -* Allow arbitrary annotations on primary and member node pods -* Enforce size limits when using local storage with `emptyDir` -* Allow providing pre-existing secrets containing external database credentials - -## [7.6.3] - Oct 18, 2018 -* Updated Artifactory version to 6.5.1 - -## [7.6.2] - Oct 17, 2018 -* Add Apache 2.0 license - -## [7.6.1] - Oct 11, 2018 -* Supports master-key in the secrets and stateful-set -* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) - -## [7.6.0] - Oct 11, 2018 -* Updated Artifactory version to 6.5.0 - -## [7.5.4] - Oct 9, 2018 -* Quote ingress hosts to support wildcard names - -## [7.5.3] - Oct 4, 2018 -* Add PostgreSQL resources template - -## [7.5.2] - Oct 2, 2018 -* Add `helm repo add jfrog https://charts.jfrog.io` to README - -## [7.5.1] - Oct 2, 2018 -* Set Artifactory to 6.4.1 - -## [7.5.0] - Sep 27, 2018 -* Set Artifactory to 6.4.0 - -## [7.4.3] - Sep 26, 2018 -* Add ci/test-values.yaml - -## [7.4.2] - Sep 2, 2018 -* Updated Artifactory version to 6.3.2 -* Removed unused PVC - -## [7.4.0] - Aug 22, 2018 -* Added support to run as non root -* Updated Artifactory version to 6.2.0 - -## [7.3.0] - Aug 22, 2018 -* Enabled RBAC Support -* Added support for PostStartCommand (To download Database JDBC connector) -* Increased postgresql max_connections -* Added support for `nginx.conf` ConfigMap -* Updated Artifactory version to 6.1.0 +# JFrog Artifactory Chart Changelog +All changes to this chart will be documented in this file. + +## [107.41.4] - June 27, 2022 +* Added support for nginx.terminationGracePeriodSeconds [GH-1645](https://github.com/jfrog/charts/issues/1645) +* Use an alternate command for `find` to copy custom certificates +* Added support for circle of trust using `circleOfTrustCertificatesSecret` secret name [GH-1623](https://github.com/jfrog/charts/pull/1623) + +## [107.40.0] - June 13, 2022 +* Added support for PodDisruptionBudget [GH-1618](https://github.com/jfrog/charts/issues/1618) +* From artifactory 7.38.x, joinKey can be retrived from Admin > User Management > Settings in UI +* Allow templating for pod annotations [GH-1634](https://github.com/jfrog/charts/pull/1634) +* Fixed `customPersistentPodVolumeClaim` name to `customPersistentVolumeClaim` + +## [107.39.0] - May 31, 2022 +* Fix default `artifactory.async.corePoolSize` [GH-1612](https://github.com/jfrog/charts/issues/1612) +* Added support of nginx annotations +* Reduce startupProbe `initialDelaySeconds` +* Align all liveness and readiness probes failureThreshold to `5` seconds +* Added new flag `unifiedSecretInstallation` to enables single unified secret holding all the artifactory secrets +* Updated router version to `7.38.0` +* Add support for NFS config with directories `haBackupDir` and `haDataDir` +* Fixed - disable jfconnect on oss/jcr/cpp flavours [GH-1630](https://github.com/jfrog/charts/issues/1630) + +## [107.38.0] - May 04, 2022 +* Added support for `global.nodeSelector` to artifactory and nginx pods +* Updated router version to `7.36.1` +* Added support for custom global probes timeout +* Updated frontend container command +* Added topologySpreadConstraints to artifactory and nginx, and add lifecycle hooks to nginx [GH-1596](https://github.com/jfrog/charts/pull/1596) +* Added support of extraEnvironmentVariables for all infra services containers +* Enabled the consumption (jfconnect) flag by default +* Fix jfconnect disabling on non-splitcontainers + +## [107.37.0] - Mar 08, 2022 +* Added support for customPorts in nginx deployment +* Bugfix - Wrong proxy_pass configurations for /artifactory/ in the default artifactory.conf +* Added signedUrlExpirySeconds option to artifactory.persistence.type aws-S3-V3 +* Updated router version to `7.35.0` +* Added useInstanceCredentials,enableSignedUrlRedirect option to google-storage-v2 +* Changed dependency charts repo to `charts.jfrog.io` + +## [107.36.0] - Mar 03, 2022 +* Remove pdn tracker which starts replicator service +* Added silent option for curl probes +* Added readiness health check for the artifactory container for k8s version < 1.20 +* Fix property file migration issue to system.yaml 6.x to 7.x + +## [107.35.0] - Feb 08, 2022 +* Updated router version to `7.32.1` + +## [107.33.0] - Jan 11, 2022 +* Add more user friendly support for anti-affinity +* Pod anti-affinity is now enabled by default (soft rule) +* Readme fixes +* Added support for setting `fsGroupChangePolicy` +* Added nginx customInitContainers, customVolumes, customSidecarContainers [GH-1565](https://github.com/jfrog/charts/pull/1565) +* Updated router version to `7.30.0` + +## [107.32.0] - Dec 22, 2021 +* Updated logger image to `jfrog/ubi-minimal:8.5-204` +* Added default `8091` as `artifactory.tomcat.maintenanceConnector.port` for probes check +* Refactored probes to replace httpGet probes with basic exec + curl +* Refactored `database-creds` secret to create only when database values are passed +* Added new endpoints for probes `/artifactory/api/v1/system/liveness` and `/artifactory/api/v1/system/readiness` +* Enabled `newProbes:true` by default to use these endpoints +* Fix filebeat sidecar spool file permissions +* Updated filebeat sidecar container to `7.16.2` + +## [107.31.0] - Dec 17, 2021 +* Added support for HorizontalPodAutoscaler apiVersion `autoscaling/v2beta2` +* Remove integration service feature flag to make it mandatory service +* Update postgresql tag version to `13.4.0-debian-10-r39` +* Fixed `artifactory.resources` indentation in `migration-artifactory` init container [GH-1562](https://github.com/jfrog/charts/issues/1562) +* Refactored `router.requiredServiceTypes` to support platform chart + +## [107.30.0] - Nov 30, 2021 +* Fixed incorrect permission for filebeat.yaml +* Updated healthcheck (liveness/readiness) api for integration service +* Disable readiness health check for the artifactory container when running in the container split mode +* Ability to start replicator on enabling pdn tracker + +## [107.29.0] - Nov 26, 2021 +* Added integration service container in artifactory +* Add support for Ingress Class Name in Ingress Spec [GH-1516](https://github.com/jfrog/charts/pull/1516) +* Fixed chart values to use curl instead of wget [GH-1529](https://github.com/jfrog/charts/issues/1529) +* Updated nginx config to allow websockets when pipelines is enabled +* Moved router.topology.local.requireqservicetypes from system.yaml to router as environment variable +* Added jfconnect in system.yaml +* Updated artifactory container’s health probes to use artifactory api on rt-split +* Updated initContainerImage to `jfrog/ubi-minimal:8.5-204` +* Updated router version to `7.28.2` +* Set Jfconnect enabled to `false` in the artifactory container when running in the container split mode + +## [107.28.0] - Nov 11, 2021 +* Added default values cpu and memeory in initContainers +* Updated router version to `7.26.0` +* Updated (`rbac.create` and `serviceAccount.create` to false by default) for least privileges +* Fixed incorrect data type for `Values.router.serviceRegistry.insecure` in default values.yaml [GH-1514](https://github.com/jfrog/charts/pull/1514/files) +* **IMPORTANT** +* Changed init-container images from `alpine` to `ubi8/ubi-minimal` +* Added support for AWS License Manager using `.Values.aws.licenseConfigSecretName` + +## [107.27.0] - Oct 6, 2021 +* **Breaking change** +* Aligned probe structure (moved probes variables under config block) +* Added support for new probes(set to false by default) +* Bugfix - Invalid format for `multiPartLimit,multipartElementSize,maxCacheSize` in binarystore.xml [GH-1466](https://github.com/jfrog/charts/issues/1466) +* Added missioncontrol container in artifactory +* Dropped NET_RAW capability for the containers +* Added resources to migration-artifactory init container +* Added resources to all rt split containers +* Updated router version to `7.25.1` +* Added support for Ingress networking.k8s.io/v1/Ingress for k8s >=1.22 [GH-1487](https://github.com/jfrog/charts/pull/1487) +* Added min kubeVersion ">= 1.14.0-0" in chart.yaml +* Update alpine tag version to `3.14.2` +* Update busybox tag version to `1.33.1` +* Artifactory chart support for cluster license + +## [107.26.0] - Aug 23, 2021 +* Added Observability container (only when `splitServicesToContainers` is enabled) +* Support for high availability (when replicaCount > 1) +* Added min kubeVersion ">= 1.12.0-0" in chart.yaml + +## [107.25.0] - Aug 13, 2021 +* Updated readme of chart to point to wiki. Refer [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory) +* Added startupProbe and livenessProbe for RT-split containers +* Updated router version to 7.24.1 +* Added security hardening fixes +* Enabled startup probes for k8s >= 1.20.x +* Changed network policy to allow all ingress and egress traffic +* Added Observability changes +* Added support for global.versions.router (only when `splitServicesToContainers` is enabled) + +## [107.24.0] - July 27, 2021 +* Support global and product specific tags at the same time +* Added support for artifactory containers split + +## [107.23.0] - July 8, 2021 +* Bug fix - logger sideCar picks up Wrong File in helm +* Allow filebeat metrics configuration in values.yaml + +## [107.22.0] - July 6, 2021 +* Update alpine tag version to `3.14.0` +* Added `nodePort` support to artifactory-service and nginx-service templates +* Removed redundant `terminationGracePeriodSeconds` in statefulset +* Increased `startupProbe.failureThreshold` time + +## [107.21.3] - July 2, 2021 +* Added ability to change sendreasonphrase value in server.xml via system yaml + +## [107.19.3] - May 20, 2021 +* Fix broken support for startupProbe for k8s < 1.18.x +* Added support for `nameOverride` and `fullnameOverride` in values.yaml + +## [107.18.6] - April 29, 2021 +* Bumping chart version to align with app version +* Add `securityContext` option on nginx container + +## [12.0.0] - April 22, 2021 +* **Breaking change:** +* Increased default postgresql persistence size to `200Gi` +* Update postgresql tag version to `13.2.0-debian-10-r55` +* Update postgresql chart version to `10.3.18` in chart.yaml - [10.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1000) +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x/12.x's postgresql.image.tag, previous postgresql.persistence.size and databaseUpgradeReady=true +* **IMPORTANT** +* This chart is only helm v3 compatible. +* Fixed filebeat-configmap naming +* Explicitly set ServiceAccount `automountServiceAccountToken` to 'true' +* Update alpine tag version to `3.13.5` + +## [11.13.2] - April 15, 2021 +* Updated Artifactory version to 7.17.9 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.9) + +## [11.13.1] - April 6, 2021 +* Updated Artifactory version to 7.17.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.6) +* Update alpine tag version to `3.13.4` + +## [11.13.0] - April 5, 2021 +* **IMPORTANT** +* Added `charts.jfrog.io` as default JFrog Helm repository +* Updated Artifactory version to 7.17.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.5) + +## [11.12.2] - Mar 31, 2021 +* Updated Artifactory version to 7.17.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.17.4) + +## [11.12.1] - Mar 30, 2021 +* Updated Artifactory version to 7.17.3 +* Add `timeoutSeconds` to all exec probes - Please refer [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) + +## [11.12.0] - Mar 24, 2021 +* Updated Artifactory version to 7.17.2 +* Optimized startupProbe time + +## [11.11.0] - Mar 18, 2021 +* Add support to startupProbe + +## [11.10.0] - Mar 15, 2021 +* Updated Artifactory version to 7.16.3 + +## [11.9.5] - Mar 09, 2021 +* Added HSTS header to nginx conf + +## [11.9.4] - Mar 9, 2021 +* Removed bintray URL references in the chart + +## [11.9.3] - Mar 04, 2021 +* Updated Artifactory version to 7.15.4 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.4) + +## [11.9.2] - Mar 04, 2021 +* Fixed creation of nginx-certificate-secret when Nginx is disabled + +## [11.9.1] - Feb 19, 2021 +* Update busybox tag version to `1.32.1` + +## [11.9.0] - Feb 18, 2021 +* Updated Artifactory version to 7.15.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.15.3) +* Add option to specify update strategy for Artifactory statefulset + +## [11.8.1] - Feb 11, 2021 +* Exposed "multiPartLimit" and "multipartElementSize" for the Azure Blob Storage Binary Provider + +## [11.8.0] - Feb 08, 2021 +* Updated Artifactory version to 7.12.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.8) +* Support for custom certificates using secrets +* **Important:** Switched docker images download from `docker.bintray.io` to `releases-docker.jfrog.io` +* Update alpine tag version to `3.13.1` + +## [11.7.8] - Jan 25, 2021 +* Add support for hostAliases + +## [11.7.7] - Jan 11, 2021 +* Fix failures when using creds file for configurating google storage + +## [11.7.6] - Jan 11, 2021 +* Updated Artifactory version to 7.12.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.12.6) + +## [11.7.5] - Jan 07, 2021 +* Added support for optional tracker dedicated ingress `.Values.artifactory.replicator.trackerIngress.enabled` (defaults to false) + +## [11.7.4] - Jan 04, 2021 +* Fixed gid support for statefulset + +## [11.7.3] - Dec 31, 2020 +* Added gid support for statefulset +* Add setSecurityContext flag to allow securityContext block to be removed from artifactory statefulset + +## [11.7.2] - Dec 29, 2020 +* **Important:** Removed `.Values.metrics` and `.Values.fluentd` (Fluentd and Prometheus integrations) +* Add support for creating additional kubernetes resources - [refer here](https://github.com/jfrog/log-analytics-prometheus/blob/master/artifactory-values.yaml) +* Updated Artifactory version to 7.12.5 + +## [11.7.1] - Dec 21, 2020 +* Updated Artifactory version to 7.12.3 + +## [11.7.0] - Dec 18, 2020 +* Updated Artifactory version to 7.12.2 +* Added `.Values.artifactory.openMetrics.enabled` + +## [11.6.1] - Dec 11, 2020 +* Added configurable `.Values.global.versions.artifactory` in values.yaml + +## [11.6.0] - Dec 10, 2020 +* Update postgresql tag version to `12.5.0-debian-10-r25` +* Fixed `artifactory.persistence.googleStorage.endpoint` from `storage.googleapis.com` to `commondatastorage.googleapis.com` +* Updated chart maintainers email + +## [11.5.5] - Dec 4, 2020 +* **Important:** Renamed `.Values.systemYaml` to `.Values.systemYamlOverride` + +## [11.5.4] - Dec 1, 2020 +* Improve error message returned when attempting helm upgrade command + +## [11.5.3] - Nov 30, 2020 +* Updated Artifactory version to 7.11.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) + +## [11.5.2] - Nov 23, 2020 +* Updated Artifactory version to 7.11.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.11) +* Updated port namings on services and pods to allow for istio protocol discovery +* Change semverCompare checks to support hosted Kubernetes +* Add flag to disable creation of ServiceMonitor when enabling prometheus metrics +* Prevent the PostHook command to be executed if the user did not specify a command in the values file +* Fix issue with tls file generation when nginx.https.enabled is false + +## [11.5.1] - Nov 19, 2020 +* Updated Artifactory version to 7.11.2 +* Bugfix - access.config.import.xml override Access Federation configurations + +## [11.5.0] - Nov 17, 2020 +* Updated Artifactory version to 7.11.1 +* Update alpine tag version to `3.12.1` + +## [11.4.6] - Nov 10, 2020 +* Pass system.yaml via external secret for advanced usecases +* Added support for custom ingress +* Bugfix - stateful set not picking up changes to database secrets + +## [11.4.5] - Nov 9, 2020 +* Updated Artifactory version to 7.10.6 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.6) + +## [11.4.4] - Nov 2, 2020 +* Add enablePathStyleAccess property for aws-s3-v3 binary provider template + +## [11.4.3] - Nov 2, 2020 +* Updated Artifactory version to 7.10.5 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.5) + +## [11.4.2] - Oct 22, 2020 +* Chown bug fix where Linux capability cannot chown all files causing log line warnings +* Fix Frontend timeout linting issue + +## [11.4.1] - Oct 20, 2020 +* Add flag to disable prepare-custom-persistent-volume init container + +## [11.4.0] - Oct 19, 2020 +* Updated Artifactory version to 7.10.2 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.10.2) + +## [11.3.2] - Oct 15, 2020 +* Add support to specify priorityClassName for nginx deployment + +## [11.3.1] - Oct 9, 2020 +* Add support for customInitContainersBegin + +## [11.3.0] - Oct 7, 2020 +* Updated Artifactory version to 7.9.1 +* **Breaking change:** Fix `storageClass` to correct `storageClassName` in values.yaml + +## [11.2.0] - Oct 5, 2020 +* Expose Prometheus metrics via a ServiceMonitor +* Parse log files for metric data with Fluentd + +## [11.1.0] - Sep 30, 2020 +* Updated Artifactory version to 7.9.0 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.9) +* Added support for resources in init container + +## [11.0.11] - Sep 25, 2020 +* Update to use linux capability CAP_CHOWN instead of root base init container to avoid any use of root containers to pass Redhat security requirements + +## [11.0.10] - Sep 28, 2020 +* Setting chart coordinates in migitation yaml + +## [11.0.9] - Sep 25, 2020 +* Update filebeat version to `7.9.2` + +## [11.0.8] - Sep 24, 2020 +* Fixed broken issue - when setting `waitForDatabase: false` container startup still waits for DB + +## [11.0.7] - Sep 22, 2020 +* Readme updates + +## [11.0.6] - Sep 22, 2020 +* Fix lint issue in migitation yaml + +## [11.0.5] - Sep 22, 2020 +* Fix broken migitation yaml + +## [11.0.4] - Sep 21, 2020 +* Added mitigation yaml for Artifactory - [More info](https://github.com/jfrog/chartcenter/blob/master/docs/securitymitigationspec.md) + +## [11.0.3] - Sep 17, 2020 +* Added configurable session(UI) timeout in frontend microservice + +## [11.0.2] - Sep 17, 2020 +* Added proper required text to be shown while postgres upgrades + +## [11.0.1] - Sep 14, 2020 +* Updated Artifactory version to 7.7.8 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7.8) + +## [11.0.0] - Sep 2, 2020 +* **Breaking change:** Changed `imagePullSecrets`values from string to list. +* **Breaking change:** Added `image.registry` and changed `image.version` to `image.tag` for docker images +* Added support for global values +* Updated maintainers in chart.yaml +* Update postgresql tag version to `12.3.0-debian-10-r71` +* Update postgresql chart version to `9.3.4` in requirements.yaml - [9.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass previous 9.x/10.x's postgresql.image.tag and databaseUpgradeReady=true + +## [10.1.0] - Aug 13, 2020 +* Updated Artifactory version to 7.7.3 - [Release Notes](https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.7) + +## [10.0.15] - Aug 10, 2020 +* Added enableSignedUrlRedirect for persistent storage type aws-s3-v3. + +## [10.0.14] - Jul 31, 2020 +* Update the README section on Nginx SSL termination to reflect the actual YAML structure. + +## [10.0.13] - Jul 30, 2020 +* Added condition to disable the migration scripts. + +## [10.0.12] - Jul 28, 2020 +* Document Artifactory node affinity. + +## [10.0.11] - Jul 28, 2020 +* Added maxConnections for persistent storage type aws-s3-v3. + +## [10.0.10] - Jul 28, 2020 +* Bugfix / support for userPluginSecrets with Artifactory 7 + +## [10.0.9] - Jul 27, 2020 +* Add tpl to external database secrets +* Modified `scheme` to `artifactory.scheme` + +## [10.0.8] - Jul 23, 2020 +* Added condition to disable the migration init container. + +## [10.0.7] - Jul 21, 2020 +* Updated Artifactory Chart to add node and primary labels to pods and service objects. + +## [10.0.6] - Jul 20, 2020 +* Support custom CA and certificates + +## [10.0.5] - Jul 13, 2020 +* Updated Artifactory version to 7.6.3 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.3 +* Fixed Mysql database jar path in `preStartCommand` in README + +## [10.0.4] - Jul 10, 2020 +* Move some postgresql values to where they should be according to the subchart + +## [10.0.3] - Jul 8, 2020 +* Set Artifactory access client connections to the same value as the access threads + +## [10.0.2] - Jul 6, 2020 +* Updated Artifactory version to 7.6.2 +* **IMPORTANT** +* Added ChartCenter Helm repository in README + +## [10.0.1] - Jul 01, 2020 +* Add dedicated ingress object for Replicator service when enabled + +## [10.0.0] - Jun 30, 2020 +* Update postgresql tag version to `10.13.0-debian-10-r38` +* Update alpine tag version to `3.12` +* Update busybox tag version to `1.31.1` +* **IMPORTANT** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), you need to pass postgresql.image.tag=9.6.18-debian-10-r7 and databaseUpgradeReady=true + +## [9.6.0] - Jun 29, 2020 +* Updated Artifactory version to 7.6.1 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.6.1 +* Add tpl for external database secrets + +## [9.5.5] - Jun 25, 2020 +* Stop loading the Nginx stream module because it is now a core module + +## [9.5.4] - Jun 25, 2020 +* Notes.txt update - add --namespace parameter + +## [9.5.3] - Jun 11, 2020 +* Support list of custom secrets + +## [9.5.2] - Jun 12, 2020 +* Updated Artifactory version to 7.5.7 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5.7 + +## [9.5.1] - Jun 8, 2020 +* Readme update - configuring Artifactory with oracledb + +## [9.5.0] - Jun 1, 2020 +* Updated Artifactory version to 7.5.5 - https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes#ArtifactoryReleaseNotes-Artifactory7.5 +* Fixes bootstrap configMap permission issue +* Update postgresql tag version to `9.6.18-debian-10-r7` + +## [9.4.9] - May 27, 2020 +* Added Tomcat maxThreads & acceptCount + +## [9.4.8] - May 25, 2020 +* Fixed postgresql README `image` Parameters + +## [9.4.7] - May 24, 2020 +* Fixed typo in README regarding migration timeout + +## [9.4.6] - May 19, 2020 +* Added metadata maxOpenConnections + +## [9.4.5] - May 07, 2020 +* Fix `installerInfo` string format + +## [9.4.4] - Apr 27, 2020 +* Updated Artifactory version to 7.4.3 + +## [9.4.3] - Apr 26, 2020 +* Change order of the customInitContainers to run before the "migration-artifactory" initContainer. + +## [9.4.2] - Apr 24, 2020 +* Fix `artifactory.persistence.awsS3V3.useInstanceCredentials` incorrect conditional logic +* Bump postgresql tag version to `9.6.17-debian-10-r72` in values.yaml + +## [9.4.1] - Apr 16, 2020 +* Custom volumes in migration init container. + +## [9.4.0] - Apr 14, 2020 +* Updated Artifactory version to 7.4.1 + +## [9.3.1] - April 13, 2020 +* Update README with helm v3 commands + +## [9.3.0] - April 10, 2020 +* Use dependency charts from `https://charts.bitnami.com/bitnami` +* Bump postgresql chart version to `8.7.3` in requirements.yaml +* Bump postgresql tag version to `9.6.17-debian-10-r21` in values.yaml + +## [9.2.9] - Apr 8, 2020 +* Added recommended ingress annotation to avoid 413 errors + +## [9.2.8] - Apr 8, 2020 +* Moved migration scripts under `files` directory +* Support preStartCommand in migration Init container as `artifactory.migration.preStartCommand` + +## [9.2.7] - Apr 6, 2020 +* Fix cache size (should be 5gb instead of 50gb since volume claim is only 20gb). + +## [9.2.6] - Apr 1, 2020 +* Support masterKey and joinKey as secrets + +## [9.2.5] - Apr 1, 2020 +* Fix readme use to `-hex 32` instead of `-hex 16` + +## [9.2.4] - Mar 31, 2020 +* Change the way the artifactory `command:` is set so it will properly pass a SIGTERM to java + +## [9.2.3] - Mar 29, 2020 +* Add Nginx log options: stderr as logfile and log level + +## [9.2.2] - Mar 30, 2020 +* Use the same defaulting mechanism used for the artifactory version used elsewhere in the chart + +## [9.2.1] - Mar 29, 2020 +* Fix loggers sidecars configurations to support new file system layout and new log names + +## [9.2.0] - Mar 29, 2020 +* Fix broken admin user bootstrap configuration +* **Breaking change:** renamed `artifactory.accessAdmin` to `artifactory.admin` + +## [9.1.5] - Mar 26, 2020 +* Fix volumeClaimTemplate issue + +## [9.1.4] - Mar 25, 2020 +* Fix volume name used by filebeat container + +## [9.1.3] - Mar 24, 2020 +* Use `postgresqlExtendedConf` for setting custom PostgreSQL configuration (instead of `postgresqlConfiguration`) + +## [9.1.2] - Mar 22, 2020 +* Support for SSL offload in Nginx service(LoadBalancer) layer. Introduced `nginx.service.ssloffload` field with boolean type. + +## [9.1.1] - Mar 23, 2020 +* Moved installer info to values.yaml so it is fully customizable + +## [9.1.0] - Mar 23, 2020 +* Updated Artifactory version to 7.3.2 + +## [9.0.29] - Mar 20, 2020 +* Add support for masterKey trim during 6.x to 7.x migration if 6.x masterKey is 32 hex (64 characters) + +## [9.0.28] - Mar 18, 2020 +* Increased Nginx proxy_buffers size + +## [9.0.27] - Mar 17, 2020 +* Changed all single quotes to double quotes in values files +* useInstanceCredentials variable was declared in S3 settings but not used in chart. Now it is being used. + +## [9.0.26] - Mar 17, 2020 +* Fix rendering of Service Account annotations + +## [9.0.25] - Mar 16, 2020 +* Update Artifactory readme with extra ingress annotations needed for Artifactory to be set as SSO provider + +## [9.0.24] - Mar 16, 2020 +* Add Unsupported message from 6.18 to 7.2.x (migration) + +## [9.0.23] - Mar 12, 2020 +* Fix README.md rendering issue + +## [9.0.22] - Mar 11, 2020 +* Upgrade Docs update + +## [9.0.21] - Mar 11, 2020 +* Unified charts public release + +## [9.0.20] - Mar 6, 2020 +* Fix path to `/artifactory_bootstrap` +* Add support for controlling the name of the ingress and allow to set more than one cname + +## [9.0.19] - Mar 4, 2020 +* Add support for disabling `consoleLog` in `system.yaml` file + +## [9.0.18] - Feb 28, 2020 +* Add support to process `valueFrom` for extraEnvironmentVariables + +## [9.0.17] - Feb 26, 2020 +* Fix join key secret naming + +## [9.0.16] - Feb 26, 2020 +* Store join key to secret + +## [9.0.15] - Feb 26, 2020 +* Updated Artifactory version to 7.2.1 + +## [9.0.10] - Feb 07, 2020 +* Remove protection flag `databaseUpgradeReady` which was added to check internal postgres upgrade + +## [9.0.0] - Feb 07, 2020 +* Updated Artifactory version to 7.0.0 + +## [8.4.8] - Feb 13, 2020 +* Add support for SSH authentication to Artifactory + +## [8.4.7] - Feb 11, 2020 +* Change Artifactory service port name to be hard-coded to `http` instead of using `{{ .Release.Name }}` + +## [8.4.6] - Feb 9, 2020 +* Add support for `tpl` in the `postStartCommand` + +## [8.4.5] - Feb 4, 2020 +* Support customisable Nginx kind + +## [8.4.4] - Feb 2, 2020 +* Add a comment stating that it is recommended to use an external PostgreSQL with a static password for production installations + +## [8.4.3] - Jan 30, 2020 +* Add the option to configure resources for the logger containers + +## [8.4.2] - Jan 26, 2020 +* Improve `database.user` and `database.password` logic in order to support more use cases and make the configuration less repetitive + +## [8.4.1] - Jan 19, 2020 +* Fix replicator port config in nginx replicator configmap + +## [8.4.0] - Jan 19, 2020 +* Updated Artifactory version to 6.17.0 + +## [8.3.6] - Jan 16, 2020 +* Added example for external nginx-ingress + +## [8.3.5] - Dec 30, 2019 +* Fix for nginx probes failing when launched with http disabled + +## [8.3.4] - Dec 24, 2019 +* Better support for custom `artifactory.internalPort` + +## [8.3.3] - Dec 23, 2019 +* Mark empty map values with `{}` + +## [8.3.2] - Dec 16, 2019 +* Fix for toggling nginx service ports + +## [8.3.1] - Dec 12, 2019 +* Add support for toggling nginx service ports + +## [8.3.0] - Dec 1, 2019 +* Updated Artifactory version to 6.16.0 + +## [8.2.6] - Nov 28, 2019 +* Add support for using existing PriorityClass + +## [8.2.5] - Nov 27, 2019 +* Add support for PriorityClass + +## [8.2.4] - Nov 21, 2019 +* Add an option to use a file system cache-fs with the file-system binarystore template + +## [8.2.3] - Nov 20, 2019 +* Update Artifactory Readme + +## [8.2.2] - Nov 20, 2019 +* Update Artfactory logo + +## [8.2.1] - Nov 18, 2019 +* Add the option to provide service account annotations (in order to support stuff like https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html) + +## [8.2.0] - Nov 18, 2019 +* Updated Artifactory version to 6.15.0 + +## [8.1.11] - Nov 17, 2019 +* Do not provide a default master key. Allow it to be auto generated by Artifactory on first startup + +## [8.1.10] - Nov 17, 2019 +* Fix creation of double slash in nginx artifactory configuration + +## [8.1.9] - Nov 14, 2019 +* Set explicit `postgresql.postgresqlPassword=""` to avoid helm v3 error + +## [8.1.8] - Nov 12, 2019 +* Updated Artifactory version to 6.14.1 + +## [8.1.7] - Nov 9, 2019 +* Additional documentation for masterKey + +## [8.1.6] - Nov 10, 2019 +* Update PostgreSQL chart version to 7.0.1 +* Use formal PostgreSQL configuration format + +## [8.1.5] - Nov 8, 2019 +* Add support `artifactory.service.loadBalancerSourceRanges` for whitelisting when setting `artifactory.service.type=LoadBalancer` + +## [8.1.4] - Nov 6, 2019 +* Add support for any type of environment variable by using `extraEnvironmentVariables` as-is + +## [8.1.3] - Nov 6, 2019 +* Add nodeselector support for Postgresql + +## [8.1.2] - Nov 5, 2019 +* Add support for the aws-s3-v3 filestore, which adds support for pod IAM roles + +## [8.1.1] - Nov 4, 2019 +* When using `copyOnEveryStartup`, make sure that the target base directories are created before copying the files + +## [8.1.0] - Nov 3, 2019 +* Updated Artifactory version to 6.14.0 + +## [8.0.1] - Nov 3, 2019 +* Make sure the artifactory pod exits when one of the pre-start stages fail + +## [8.0.0] - Oct 27, 2019 +**IMPORTANT - BREAKING CHANGES!**
+**DOWNTIME MIGHT BE REQUIRED FOR AN UPGRADE!** +* If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! +* If this is an upgrade and you are using the default PostgreSQL (`postgresql.enabled=true`), must use the upgrade instructions in [UPGRADE_NOTES.md](UPGRADE_NOTES.md)! +* PostgreSQL sub chart was upgraded to version `6.5.x`. This version is **not backward compatible** with the old version (`0.9.5`)! +* Note the following **PostgreSQL** Helm chart changes + * The chart configuration has changed! See [values.yaml](values.yaml) for the new keys used + * **PostgreSQL** is deployed as a StatefulSet + * See [PostgreSQL helm chart](https://hub.helm.sh/charts/stable/postgresql) for all available configurations + +## [7.18.3] - Oct 24, 2019 +* Change the preStartCommand to support templating + +## [7.18.2] - Oct 21, 2019 +* Add support for setting `artifactory.labels` +* Add support for setting `nginx.labels` + +## [7.18.1] - Oct 10, 2019 +* Updated Artifactory version to 6.13.1 + +## [7.18.0] - Oct 7, 2019 +* Updated Artifactory version to 6.13.0 + +## [7.17.5] - Sep 24, 2019 +* Option to skip wait-for-db init container with '--set waitForDatabase=false' + +## [7.17.4] - Sep 11, 2019 +* Updated Artifactory version to 6.12.2 + +## [7.17.3] - Sep 9, 2019 +* Updated Artifactory version to 6.12.1 + +## [7.17.2] - Aug 22, 2019 +* Fix the nginx server_name directive used with ingress.hosts + +## [7.17.1] - Aug 21, 2019 +* Enable the Artifactory container's liveness and readiness probes + +## [7.17.0] - Aug 21, 2019 +* Updated Artifactory version to 6.12.0 + +## [7.16.11] - Aug 14, 2019 +* Updated Artifactory version to 6.11.6 + +## [7.16.10] - Aug 11, 2019 +* Fix Ingress routing and add an example + +## [7.16.9] - Aug 5, 2019 +* Do not mount `access/etc/bootstrap.creds` unless user specifies a custom password or secret (Access already generates a random password if not provided one) +* If custom `bootstrap.creds` is provided (using keys or custom secret), prepare it with an init container so the temp file does not persist + +## [7.16.8] - Aug 4, 2019 +* Improve binarystore config + 1. Convert to a secret + 2. Move config to values.yaml + 3. Support an external secret + +## [7.16.7] - Jul 29, 2019 +* Don't create the nginx configmaps when nginx.enabled is false + +## [7.16.6] - Jul 24, 2019 +* Simplify nginx setup and shorten initial wait for probes + +## [7.16.5] - Jul 22, 2019 +* Change Ingress API to be compatible with recent kubernetes versions + +## [7.16.4] - Jul 22, 2019 +* Updated Artifactory version to 6.11.3 + +## [7.16.3] - Jul 11, 2019 +* Add ingress.hosts to the Nginx server_name directive when ingress is enabled to help with Docker repository sub domain configuration + +## [7.16.2] - Jul 3, 2019 +* Fix values key in reverse proxy example + +## [7.16.1] - Jul 1, 2019 +* Updated Artifactory version to 6.11.1 + +## [7.16.0] - Jun 27, 2019 +* Update Artifactory version to 6.11 and add restart to Artifactory when bootstrap.creds file has been modified + +## [7.15.8] - Jun 27, 2019 +* Add the option for changing nginx config using values.yaml and remove outdated reverse proxy documentation + +## [7.15.6] - Jun 24, 2019 +* Update chart maintainers + +## [7.15.5] - Jun 24, 2019 +* Change Nginx to point to the artifactory externalPort + +## [7.15.4] - Jun 23, 2019 +* Add the option to provide an IP for the access-admin endpoints + +## [7.15.3] - Jun 23, 2019 +* Add values files for small, medium and large installations + +## [7.15.2] - Jun 20, 2019 +* Add missing terminationGracePeriodSeconds to values.yaml + +## [7.15.1] - Jun 19, 2019 +* Updated Artifactory version to 6.10.4 + +## [7.15.0] - Jun 17, 2019 +* Use configmaps for nginx configuration and remove nginx postStart command + +## [7.14.8] - Jun 18, 2019 +* Add the option to provide additional ingress rules + +## [7.14.7] - Jun 14, 2019 +* Updated readme with improved external database setup example + +## [7.14.6] - Jun 11, 2019 +* Updated Artifactory version to 6.10.3 +* Updated installer-info template + +## [7.14.5] - Jun 6, 2019 +* Updated Google Cloud Storage API URL and https settings + +## [7.14.4] - Jun 5, 2019 +* Delete the db.properties file on Artifactory startup + +## [7.14.3] - Jun 3, 2019 +* Updated Artifactory version to 6.10.2 + +## [7.14.2] - May 21, 2019 +* Updated Artifactory version to 6.10.1 + +## [7.14.1] - May 19, 2019 +* Fix missing logger image tag + +## [7.14.0] - May 7, 2019 +* Updated Artifactory version to 6.10.0 + +## [7.13.21] - May 5, 2019 +* Add support for setting `artifactory.async.corePoolSize` + +## [7.13.20] - May 2, 2019 +* Remove unused property `artifactory.releasebundle.feature.enabled` + +## [7.13.19] - May 1, 2019 +* Fix indentation issue with the replicator system property + +## [7.13.18] - Apr 30, 2019 +* Add support for JMX monitoring + +## [7.13.17] - Apr 25, 2019 +* Added support for `cacheProviderDir` + +## [7.13.16] - Apr 18, 2019 +* Changing API StatefulSet version to `v1` and permission fix for custom `artifactory.conf` for Nginx + +## [7.13.15] - Apr 16, 2019 +* Updated documentation for Reverse Proxy Configuration + +## [7.13.14] - Apr 15, 2019 +* Added support for `customVolumeMounts` + +## [7.13.13] - Aprl 12, 2019 +* Added support for `bucketExists` flag for googleStorage + +## [7.13.12] - Apr 11, 2019 +* Replace `curl` examples with `wget` due to the new base image + +## [7.13.11] - Aprl 07, 2019 +* Add support for providing the Artifactory license as a parameter + +## [7.13.10] - Apr 10, 2019 +* Updated Artifactory version to 6.9.1 + +## [7.13.9] - Aprl 04, 2019 +* Add support for templated extraEnvironmentVariables + +## [7.13.8] - Aprl 07, 2019 +* Change network policy API group + +## [7.13.7] - Aprl 04, 2019 +* Bugfix for userPluginSecrets + +## [7.13.6] - Apr 4, 2019 +* Add information about upgrading Artifactory with auto-generated postgres password + +## [7.13.5] - Aprl 03, 2019 +* Added installer info + +## [7.13.4] - Aprl 03, 2019 +* Allow secret names for user plugins to contain template language + +## [7.13.3] - Apr 02, 2019 +* Allow NetworkPolicy configurations (defaults to allow all) + +## [7.13.2] - Aprl 01, 2019 +* Add support for user plugin secret + +## [7.13.1] - Mar 27, 2019 +* Add the option to copy a list of files to ARTIFACTORY_HOME on startup + +## [7.13.0] - Mar 26, 2019 +* Updated Artifactory version to 6.9.0 + +## [7.12.18] - Mar 25, 2019 +* Add CI tests for persistence, ingress support and nginx + +## [7.12.17] - Mar 22, 2019 +* Add the option to change the default access-admin password + +## [7.12.16] - Mar 22, 2019 +* Added support for `.Probe.path` to customise the paths used for health probes + +## [7.12.15] - Mar 21, 2019 +* Added support for `artifactory.customSidecarContainers` to create custom sidecar containers +* Added support for `artifactory.customVolumes` to create custom volumes + +## [7.12.14] - Mar 21, 2019 +* Make ingress path configurable + +## [7.12.13] - Mar 19, 2019 +* Move the copy of bootstrap config from postStart to preStart + +## [7.12.12] - Mar 19, 2019 +* Fix existingClaim example + +## [7.12.11] - Mar 18, 2019 +* Add information about nginx persistence + +## [7.12.10] - Mar 15, 2019 +* Wait for nginx configuration file before using it + +## [7.12.9] - Mar 15, 2019 +* Revert securityContext changes since they were causing issues + +## [7.12.8] - Mar 15, 2019 +* Fix issue #247 (init container failing to run) + +## [7.12.7] - Mar 14, 2019 +* Updated Artifactory version to 6.8.7 +* Add support for Artifactory-CE for C++ + +## [7.12.6] - Mar 13, 2019 +* Move securityContext to container level + +## [7.12.5] - Mar 11, 2019 +* Updated Artifactory version to 6.8.6 + +## [7.12.4] - Mar 8, 2019 +* Fix existingClaim option + +## [7.12.3] - Mar 5, 2019 +* Updated Artifactory version to 6.8.4 + +## [7.12.2] - Mar 4, 2019 +* Add support for catalina logs sidecars + +## [7.12.1] - Feb 27, 2019 +* Updated Artifactory version to 6.8.3 + +## [7.12.0] - Feb 25, 2019 +* Add nginx support for tail sidecars + +## [7.11.1] - Feb 20, 2019 +* Added support for enterprise storage + +## [7.10.2] - Feb 19, 2019 +* Updated Artifactory version to 6.8.2 + +## [7.10.1] - Feb 17, 2019 +* Updated Artifactory version to 6.8.1 +* Add example of `SERVER_XML_EXTRA_CONNECTOR` usage + +## [7.10.0] - Feb 15, 2019 +* Updated Artifactory version to 6.8.0 + +## [7.9.6] - Feb 13, 2019 +* Updated Artifactory version to 6.7.3 + +## [7.9.5] - Feb 12, 2019 +* Add support for tail sidecars to view logs from k8s api + +## [7.9.4] - Feb 6, 2019 +* Fix support for customizing statefulset `terminationGracePeriodSeconds` + +## [7.9.3] - Feb 5, 2019 +* Add instructions on how to deploy Artifactory with embedded Derby database + +## [7.9.2] - Feb 5, 2019 +* Add support for customizing statefulset `terminationGracePeriodSeconds` + +## [7.9.1] - Feb 3, 2019 +* Updated Artifactory version to 6.7.2 + +## [7.9.0] - Jan 23, 2019 +* Updated Artifactory version to 6.7.0 + +## [7.8.9] - Jan 22, 2019 +* Added support for `artifactory.customInitContainers` to create custom init containers + +## [7.8.8] - Jan 17, 2019 +* Added support of values ingress.labels + +## [7.8.7] - Jan 16, 2019 +* Mount replicator.yaml (config) directly to /replicator_extra_conf + +## [7.8.6] - Jan 13, 2019 +* Fix documentation about nginx group id + +## [7.8.5] - Jan 13, 2019 +* Updated Artifactory version to 6.6.5 + +## [7.8.4] - Jan 8, 2019 +* Make artifactory.replicator.publicUrl required when the replicator is enabled + +## [7.8.3] - Jan 1, 2019 +* Updated Artifactory version to 6.6.3 +* Add support for `artifactory.extraEnvironmentVariables` to pass more environment variables to Artifactory + +## [7.8.2] - Dec 28, 2018 +* Fix location `replicator.yaml` is copied to + +## [7.8.1] - Dec 27, 2018 +* Updated Artifactory version to 6.6.1 + +## [7.8.0] - Dec 20, 2018 +* Updated Artifactory version to 6.6.0 + +## [7.7.13] - Dec 17, 2018 +* Updated Artifactory version to 6.5.13 + +## [7.7.12] - Dec 12, 2018 +* Fix documentation about Artifactory license setup using secret + +## [7.7.11] - Dec 10, 2018 +* Fix issue when using existing claim + +## [7.7.10] - Dec 5, 2018 +* Remove Distribution certificates creation. + +## [7.7.9] - Nov 30, 2018 +* Updated Artifactory version to 6.5.9 + +## [7.7.8] - Nov 29, 2018 +* Updated postgresql version to 9.6.11 + +## [7.7.7] - Nov 27, 2018 +* Updated Artifactory version to 6.5.8 + +## [7.7.6] - Nov 19, 2018 +* Added support for configMap to use custom Reverse Proxy Configuration with Nginx + +## [7.7.5] - Nov 14, 2018 +* Fix location of `nodeSelector`, `affinity` and `tolerations` + +## [7.7.4] - Nov 14, 2018 +* Updated Artifactory version to 6.5.3 + +## [7.7.3] - Nov 12, 2018 +* Support artifactory.preStartCommand for running command before entrypoint starts + +## [7.7.2] - Nov 7, 2018 +* Support database.url parameter (DB_URL) + +## [7.7.1] - Oct 29, 2018 +* Change probes port to 8040 (so they will not be blocked when all tomcat threads on 8081 are exhausted) + +## [7.7.0] - Oct 28, 2018 +* Update postgresql chart to version 0.9.5 to be able and use `postgresConfig` options + +## [7.6.8] - Oct 23, 2018 +* Fix providing external secret for database credentials + +## [7.6.7] - Oct 23, 2018 +* Allow user to configure externalTrafficPolicy for Loadbalancer + +## [7.6.6] - Oct 22, 2018 +* Updated ingress annotation support (with examples) to support docker registry v2 + +## [7.6.5] - Oct 21, 2018 +* Updated Artifactory version to 6.5.2 + +## [7.6.4] - Oct 19, 2018 +* Allow providing pre-existing secret containing master key +* Allow arbitrary annotations on primary and member node pods +* Enforce size limits when using local storage with `emptyDir` +* Allow providing pre-existing secrets containing external database credentials + +## [7.6.3] - Oct 18, 2018 +* Updated Artifactory version to 6.5.1 + +## [7.6.2] - Oct 17, 2018 +* Add Apache 2.0 license + +## [7.6.1] - Oct 11, 2018 +* Supports master-key in the secrets and stateful-set +* Allows ingress default `backend` to be enabled or disabled (defaults to enabled) + +## [7.6.0] - Oct 11, 2018 +* Updated Artifactory version to 6.5.0 + +## [7.5.4] - Oct 9, 2018 +* Quote ingress hosts to support wildcard names + +## [7.5.3] - Oct 4, 2018 +* Add PostgreSQL resources template + +## [7.5.2] - Oct 2, 2018 +* Add `helm repo add jfrog https://charts.jfrog.io` to README + +## [7.5.1] - Oct 2, 2018 +* Set Artifactory to 6.4.1 + +## [7.5.0] - Sep 27, 2018 +* Set Artifactory to 6.4.0 + +## [7.4.3] - Sep 26, 2018 +* Add ci/test-values.yaml + +## [7.4.2] - Sep 2, 2018 +* Updated Artifactory version to 6.3.2 +* Removed unused PVC + +## [7.4.0] - Aug 22, 2018 +* Added support to run as non root +* Updated Artifactory version to 6.2.0 + +## [7.3.0] - Aug 22, 2018 +* Enabled RBAC Support +* Added support for PostStartCommand (To download Database JDBC connector) +* Increased postgresql max_connections +* Added support for `nginx.conf` ConfigMap +* Updated Artifactory version to 6.1.0 diff --git a/.disabled/artifactory-jcr/charts/artifactory/Chart.lock b/.disabled/artifactory-jcr/charts/artifactory/Chart.lock index 8064c323..540a463f 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/Chart.lock +++ b/.disabled/artifactory-jcr/charts/artifactory/Chart.lock @@ -1,6 +1,6 @@ -dependencies: -- name: postgresql - repository: https://charts.jfrog.io/ - version: 10.3.18 -digest: sha256:404ce007353baaf92a6c5f24b249d5b336c232e5fd2c29f8a0e4d0095a09fd53 -generated: "2022-03-08T08:53:16.293311+05:30" +dependencies: +- name: postgresql + repository: https://charts.jfrog.io/ + version: 10.3.18 +digest: sha256:404ce007353baaf92a6c5f24b249d5b336c232e5fd2c29f8a0e4d0095a09fd53 +generated: "2022-03-08T08:53:16.293311+05:30" diff --git a/.disabled/artifactory-jcr/charts/artifactory/Chart.yaml b/.disabled/artifactory-jcr/charts/artifactory/Chart.yaml index 8ed11f91..16839694 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,23 +1,23 @@ -apiVersion: v2 -appVersion: 7.41.4 -dependencies: -- condition: postgresql.enabled - name: postgresql - repository: https://charts.jfrog.io/ - version: 10.3.18 -description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. -home: https://www.jfrog.com/artifactory/ -icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png -keywords: -- artifactory -- jfrog -- devops -kubeVersion: '>= 1.14.0-0' -maintainers: -- email: installers@jfrog.com - name: Chart Maintainers at JFrog -name: artifactory -sources: -- https://github.com/jfrog/charts -type: application -version: 107.41.4 +apiVersion: v2 +appVersion: 7.41.4 +dependencies: +- condition: postgresql.enabled + name: postgresql + repository: https://charts.jfrog.io/ + version: 10.3.18 +description: Universal Repository Manager supporting all major packaging formats, build tools and CI servers. +home: https://www.jfrog.com/artifactory/ +icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory/logo/artifactory-logo.png +keywords: +- artifactory +- jfrog +- devops +kubeVersion: '>= 1.14.0-0' +maintainers: +- email: installers@jfrog.com + name: Chart Maintainers at JFrog +name: artifactory +sources: +- https://github.com/jfrog/charts +type: application +version: 107.41.4 diff --git a/.disabled/artifactory-jcr/charts/artifactory/LICENSE b/.disabled/artifactory-jcr/charts/artifactory/LICENSE index 8dada3ed..c0ee8129 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/LICENSE +++ b/.disabled/artifactory-jcr/charts/artifactory/LICENSE @@ -1,201 +1,201 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/.disabled/artifactory-jcr/charts/artifactory/README.md b/.disabled/artifactory-jcr/charts/artifactory/README.md index b77f6843..f6e989c7 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/README.md +++ b/.disabled/artifactory-jcr/charts/artifactory/README.md @@ -1,52 +1,52 @@ -# JFrog Artifactory Helm Chart - -**IMPORTANT!** Our Helm Chart docs have moved to our main documentation site. Below you will find the basic instructions for installing, uninstalling, and deleting Artifactory. For all other information, refer to [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory#InstallingArtifactory-HelmInstallation). - -## Prerequisites -* Kubernetes 1.14+ -* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) - -## Chart Details -This chart will do the following: - -* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set) -* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. -* Deploy an optional Nginx server -* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - -## Installing the Chart - -### Add JFrog Helm repository - -Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io) to your helm client - -```bash -helm repo add jfrog https://charts.jfrog.io -helm repo update -``` - -### Install Chart -To install the chart with the release name `artifactory`: -```bash -helm upgrade --install artifactory --namespace artifactory jfrog/artifactory -``` - -## Uninstalling Artifactory - -Uninstall is supported only on Helm v3 and on. - -Uninstall Artifactory using the following command. - -```bash -helm uninstall artifactory && sleep 90 && kubectl delete pvc -l app=artifactory -``` - -## Deleting Artifactory - -**IMPORTANT:** Deleting Artifactory will also delete your data volumes and you will lose all of your data. You must back up all this information before deletion. You do not need to uninstall Artifactory before deleting it. - -To delete Artifactory use the following command. - -```bash -helm delete artifactory --namespace artifactory -``` +# JFrog Artifactory Helm Chart + +**IMPORTANT!** Our Helm Chart docs have moved to our main documentation site. Below you will find the basic instructions for installing, uninstalling, and deleting Artifactory. For all other information, refer to [Installing Artifactory](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory#InstallingArtifactory-HelmInstallation). + +## Prerequisites +* Kubernetes 1.14+ +* Artifactory Pro trial license [get one from here](https://www.jfrog.com/artifactory/free-trial/) + +## Chart Details +This chart will do the following: + +* Deploy Artifactory-Pro/Artifactory-Edge (or OSS/CE if custom image is set) +* Deploy a PostgreSQL database using the stable/postgresql chart (can be changed) **NOTE:** For production grade installations it is recommended to use an external PostgreSQL. +* Deploy an optional Nginx server +* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) + +## Installing the Chart + +### Add JFrog Helm repository + +Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io) to your helm client + +```bash +helm repo add jfrog https://charts.jfrog.io +helm repo update +``` + +### Install Chart +To install the chart with the release name `artifactory`: +```bash +helm upgrade --install artifactory --namespace artifactory jfrog/artifactory +``` + +## Uninstalling Artifactory + +Uninstall is supported only on Helm v3 and on. + +Uninstall Artifactory using the following command. + +```bash +helm uninstall artifactory && sleep 90 && kubectl delete pvc -l app=artifactory +``` + +## Deleting Artifactory + +**IMPORTANT:** Deleting Artifactory will also delete your data volumes and you will lose all of your data. You must back up all this information before deletion. You do not need to uninstall Artifactory before deleting it. + +To delete Artifactory use the following command. + +```bash +helm delete artifactory --namespace artifactory +``` diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/.helmignore b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/.helmignore index f0c13194..daebc7da 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/.helmignore +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/.helmignore @@ -1,21 +1,21 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.lock b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.lock index 3687f52d..d17ac56b 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.lock +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.lock @@ -1,6 +1,6 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.4.2 -digest: sha256:dce0349883107e3ff103f4f17d3af4ad1ea3c7993551b1c28865867d3e53d37c -generated: "2021-03-30T09:13:28.360322819Z" +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.4.2 +digest: sha256:dce0349883107e3ff103f4f17d3af4ad1ea3c7993551b1c28865867d3e53d37c +generated: "2021-03-30T09:13:28.360322819Z" diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.yaml index 4b197b20..41caacc8 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/Chart.yaml @@ -1,29 +1,29 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 11.11.0 -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.x.x -description: Chart for PostgreSQL, an object-relational database management system - (ORDBMS) with an emphasis on extensibility and on standards-compliance. -home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql -icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png -keywords: -- postgresql -- postgres -- database -- sql -- replication -- cluster -maintainers: -- email: containers@bitnami.com - name: Bitnami -- email: cedric@desaintmartin.fr - name: desaintmartin -name: postgresql -sources: -- https://github.com/bitnami/bitnami-docker-postgresql -- https://www.postgresql.org/ -version: 10.3.18 +annotations: + category: Database +apiVersion: v2 +appVersion: 11.11.0 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.x.x +description: Chart for PostgreSQL, an object-relational database management system + (ORDBMS) with an emphasis on extensibility and on standards-compliance. +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +- https://www.postgresql.org/ +version: 10.3.18 diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/README.md b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/README.md index 63d3605b..83b7a395 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/README.md +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/README.md @@ -1,770 +1,770 @@ -# PostgreSQL - -[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. - -For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/postgresql -``` - -## Introduction - -This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Installing the Chart -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/postgresql -``` - -The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. - -To delete the PVC's associated with `my-release`: - -```console -$ kubectl delete pvc -l release=my-release -``` - -> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. - -## Parameters - -The following tables lists the configurable parameters of the PostgreSQL chart and their default values. - -| Parameter | Description | Default | -|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | -| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | -| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | -| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | -| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | -| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override common.names.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `"10"` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | -| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | -| `ldap.server` | IP address or name of the LDAP server. | `nil` | -| `ldap.port` | Port number on the LDAP server to connect to | `nil` | -| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | -| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | -| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | -| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | -| `ldap.search_attr` | Attribute to match against the user name in the search | `nil` | -| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | -| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | -| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | -| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | -| `replication.enabled` | Enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.readReplicas` | Number of read replicas replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.readReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be used to authenticate on LDAP. The value is evaluated as a template. | `nil` | -| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | -| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | -| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | -| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | -| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | -| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | -| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | -| `postgresqlMaxConnections` | Maximum total connections | `nil` | -| `postgresqlPostgresConnectionLimit` | Maximum total connections for the postgres user | `nil` | -| `postgresqlDbUserConnectionLimit` | Maximum total connections for the non-admin user | `nil` | -| `postgresqlTcpKeepalivesInterval` | TCP keepalives interval | `nil` | -| `postgresqlTcpKeepalivesIdle` | TCP keepalives idle | `nil` | -| `postgresqlTcpKeepalivesCount` | TCP keepalives count | `nil` | -| `postgresqlStatementTimeout` | Statement timeout | `nil` | -| `postgresqlPghbaRemoveFilters` | Comma-separated list of patterns to remove from the pg_hba.conf file | `nil` | -| `customStartupProbe` | Override default startup probe | `nil` | -| `customLivenessProbe` | Override default liveness probe | `nil` | -| `customReadinessProbe` | Override default readiness probe | `nil` | -| `audit.logHostname` | Add client hostnames to the log file | `false` | -| `audit.logConnections` | Add client log-in operations to the log file | `false` | -| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | -| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `nil` | -| `audit.clientMinMessages` | Message log level to share with the user | `nil` | -| `audit.logLinePrefix` | Template string for the log line prefix | `nil` | -| `audit.logTimezone` | Timezone for the log timestamps | `nil` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | -| `initdbScripts` | Dictionary of initdb scripts | `nil` | -| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | -| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | -| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for primary and read replica(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | -| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | -| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` (evaluated as a template) | -| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` (evaluated as a template) | -| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` (evaluated as a template) | -| `primary.anotations` | Map of annotations to add to the statefulset (postgresql primary) | `{}` | -| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` | -| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` | -| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` | -| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `nil` | -| `primary.extraInitContainers` | Additional init containers to add to the pods (postgresql primary) | `[]` | -| `primary.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql primary) | `[]` | -| `primary.extraVolumes` | Additional volumes to add to the pods (postgresql primary) | `[]` | -| `primary.sidecars` | Add additional containers to the pod | `[]` | -| `primary.service.type` | Allows using a different service type for primary | `nil` | -| `primary.service.nodePort` | Allows using a different nodePort for primary | `nil` | -| `primary.service.clusterIP` | Allows using a different clusterIP for primary | `nil` | -| `primaryAsStandBy.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not. | `false` | -| `primaryAsStandBy.primaryHost` | The Host of replication primary in the other cluster. | `nil` | -| `primaryAsStandBy.primaryPort ` | The Port of replication primary in the other cluster. | `nil` | -| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` | -| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` (evaluated as a template) | -| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` (evaluated as a template) | -| `readReplicas.anotations` | Map of annotations to add to the statefulsets (postgresql readReplicas) | `{}` | -| `readReplicas.resources` | CPU/Memory resource requests/limits override for readReplicass. Will fallback to `values.resources` if not defined. | `{}` | -| `readReplicas.labels` | Map of labels to add to the statefulsets (postgresql readReplicas) | `{}` | -| `readReplicas.podAnnotations` | Map of annotations to add to the pods (postgresql readReplicas) | `{}` | -| `readReplicas.podLabels` | Map of labels to add to the pods (postgresql readReplicas) | `{}` | -| `readReplicas.priorityClassName` | Priority Class to use for each pod (postgresql readReplicas) | `nil` | -| `readReplicas.extraInitContainers` | Additional init containers to add to the pods (postgresql readReplicas) | `[]` | -| `readReplicas.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql readReplicas) | `[]` | -| `readReplicas.extraVolumes` | Additional volumes to add to the pods (postgresql readReplicas) | `[]` | -| `readReplicas.sidecars` | Add additional containers to the pod | `[]` | -| `readReplicas.service.type` | Allows using a different service type for readReplicas | `nil` | -| `readReplicas.service.nodePort` | Allows using a different nodePort for readReplicas | `nil` | -| `readReplicas.service.clusterIP` | Allows using a different clusterIP for readReplicas | `nil` | -| `readReplicas.persistence.enabled` | Whether to enable readReplicas replicas persistence | `true` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the pod | `1001` | -| `containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` | -| `containerSecurityContext.enabled` | Enable container security context | `true` | -| `containerSecurityContext.runAsUser` | User ID for the container | `1001` | -| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | -| `serviceAccount.name` | Name of existing service account | `nil` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `startupProbe.periodSeconds` | How often to perform the probe | 15 | -| `startupProbe.timeoutSeconds` | When the probe times | 5 | -| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | -| `startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `tls.enabled` | Enable TLS traffic support | `false` | -| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | -| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. | `nil` | -| `tls.crlFilename` | File containing a Certificate Revocation List | `nil` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | -| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | -| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | -| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | -| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `metrics.customMetrics` | Additional custom metrics | `nil` | -| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | -| `metrics.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` | -| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | -| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | -| `psp.create` | Create Pod Security Policy | `false` | -| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `nil` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ - bitnami/postgresql -``` - -The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/postgresql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Customizing primary and read replica services in a replicated configuration - -At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the primary.service or readReplicas.service objects will take precedence over the top level service object. - -### Change PostgreSQL version - -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. - -### postgresql.conf / pg_hba.conf files as configMap - -This helm chart also supports to customize the whole configuration file. - -Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. - -Alternatively, you can add additional PostgreSQL configuration parameters using the `postgresqlExtendedConf` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. Alternatively, to replace the entire default configuration use `postgresqlConfiguration`. - -In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. - -### Allow settings to be loaded from files other than the default `postgresql.conf` - -If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. -Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. - -### Initialize a fresh instance - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. - -Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. - -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. - -For example: - -* First, create the secret with the cetificates files: - - ```console - kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt - ``` - -* Then, use the following parameters: - - ```console - volumePermissions.enabled=true - tls.enabled=true - tls.certificatesSecret="certificates-tls-secret" - tls.certFilename="cert.crt" - tls.certKeyFilename="cert.key" - ``` - - > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. - -### Sidecars - -If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -# For the PostgreSQL primary -primary: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -# For the PostgreSQL replicas -readReplicas: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). - -The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. - -### Use of global variables - -In more complex scenarios, we may have the following tree of dependencies - -``` - +--------------+ - | | - +------------+ Chart 1 +-----------+ - | | | | - | --------+------+ | - | | | - | | | - | | | - | | | - v v v -+-------+------+ +--------+------+ +--------+------+ -| | | | | | -| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | -| | | | | | -+--------------+ +---------------+ +---------------+ -``` - -The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: - -``` -postgresql.postgresqlPassword=testtest -subchart1.postgresql.postgresqlPassword=testtest -subchart2.postgresql.postgresqlPassword=testtest -postgresql.postgresqlDatabase=db1 -subchart1.postgresql.postgresqlDatabase=db1 -subchart2.postgresql.postgresqlDatabase=db1 -``` - -If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: - -``` -global.postgresql.postgresqlPassword=testtest -global.postgresql.postgresqlDatabase=db1 -``` - -This way, the credentials will be available in all of the subcharts. - -## Persistence - -The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. - -## NetworkPolicy - -To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 5432. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. -This label will be displayed in the output of a successful install. - -## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image - -- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. -- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. -- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,containerSecurityContext.enabled=false,shmVolume.chmod.enabled=false - -### Deploy chart using Docker Official PostgreSQL Image - -From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. -Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. - -``` -image.repository=postgres -image.tag=10.6 -postgresqlDataDir=/data/pgdata -persistence.mountPath=/data/ -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` paremeter(s). Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release bitnami/postgresql \ - --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ - --set replication.password=[REPLICATION_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. - -### To 10.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -#### Breaking changes - -- The term `master` has been replaced with `primary` and `slave` with `readReplicas` throughout the chart. Role names have changed from `master` and `slave` to `primary` and `read`. - -To upgrade to `10.0.0`, it should be done reusing the PVCs used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `postgresql`): - -> NOTE: Please, create a backup of your database before running any of those actions. - -Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: - -```console -$ export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -$ export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") -``` - -Delete the PostgreSQL statefulset. Notice the option `--cascade=false`: - -```console -$ kubectl delete statefulsets.apps postgresql-postgresql --cascade=false -``` - -Now the upgrade works: - -```console -$ helm upgrade postgresql bitnami/postgresql --set postgresqlPassword=$POSTGRESQL_PASSWORD --set persistence.existingClaim=$POSTGRESQL_PVC -``` - -You will have to delete the existing PostgreSQL pod and the new statefulset is going to create a new one - -```console -$ kubectl delete pod postgresql-postgresql-0 -``` - -Finally, you should see the lines below in PostgreSQL container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") -... -postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... -... -``` - -### To 9.0.0 - -In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. - -As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: - -- Deploy an old version (8.X.X) - -```console -$ helm install postgresql bitnami/postgresql --version 8.10.14 -``` - -- Old version is up and running - -```console -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 76s -``` - -- The upgrade to the latest one (9.X.X) is going to fail - -```console -$ helm upgrade postgresql bitnami/postgresql -Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden -``` - -- Delete the statefulset - -```console -$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql -statefulset.apps "postgresql-postgresql" deleted -``` - -- Now the upgrade works - -```console -$ helm upgrade postgresql bitnami/postgresql -$ helm ls -NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION -postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 -``` - -- We can kill the existing pod and the new statefulset is going to create a new one: - -```console -$ kubectl delete pod postgresql-postgresql-0 -pod "postgresql-postgresql-0" deleted - -$ kubectl get pods -NAME READY STATUS RESTARTS AGE -postgresql-postgresql-0 1/1 Running 0 19s -``` - -Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command - -### To 8.0.0 - -Prefixes the port names with their protocols to comply with Istio conventions. - -If you depend on the port names in your setup, make sure to update them to reflect this change. - -### To 7.1.0 - -Adds support for LDAP configuration. - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version bump signifies this change. - -### To 6.5.7 - -In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: - -- protobuf -- protobuf-c -- json-c -- geos -- proj - -### To 5.0.0 - -In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). - -For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: - -```console -Welcome to the Bitnami postgresql container -Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql -Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues -Send us your feedback at containers@bitnami.com - -INFO ==> ** Starting PostgreSQL setup ** -NFO ==> Validating settings in POSTGRESQL_* env vars.. -INFO ==> Initializing PostgreSQL database... -INFO ==> postgresql.conf file not detected. Generating it... -INFO ==> pg_hba.conf file not detected. Generating it... -INFO ==> Deploying PostgreSQL with persisted data... -INFO ==> Configuring replication parameters -INFO ==> Loading custom scripts... -INFO ==> Enabling remote connections -INFO ==> Stopping PostgreSQL... -INFO ==> ** PostgreSQL setup finished! ** - -INFO ==> ** Starting PostgreSQL ** - [1] FATAL: database files are incompatible with server - [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. -``` - -In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. - -### To 4.0.0 - -This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. - -IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error - -``` -The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development -``` - -### To 3.0.0 - -This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. -It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. - -#### Breaking changes - -- `affinty` has been renamed to `master.affinity` and `slave.affinity`. -- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. -- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. - -### To 2.0.0 - -In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: - -- Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running - -```console -$ kubectl get svc -``` - -- Install (not upgrade) the new version - -```console -$ helm repo update -$ helm install my-release bitnami/postgresql -``` - -- Connect to the new pod (you can obtain the name by running `kubectl get pods`): - -```console -$ kubectl exec -it NAME bash -``` - -- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: - -```console -$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql -``` - -After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). -This operation could take some time depending on the database size. - -- Once you have the backup file, you can restore it with a command like the one below: - -```console -$ psql -U postgres DATABASE_NAME < /tmp/backup.sql -``` - -In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). - -If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. - -```console -$ psql -U postgres -postgres=# drop database DATABASE_NAME; -postgres=# create database DATABASE_NAME; -postgres=# create user USER_NAME; -postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; -postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; -postgres=# alter database DATABASE_NAME owner to USER_NAME; -``` +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```console +$ kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `"10"` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match against the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.readReplicas` | Number of read replicas replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.readReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be used to authenticate on LDAP. The value is evaluated as a template. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | +| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | +| `postgresqlMaxConnections` | Maximum total connections | `nil` | +| `postgresqlPostgresConnectionLimit` | Maximum total connections for the postgres user | `nil` | +| `postgresqlDbUserConnectionLimit` | Maximum total connections for the non-admin user | `nil` | +| `postgresqlTcpKeepalivesInterval` | TCP keepalives interval | `nil` | +| `postgresqlTcpKeepalivesIdle` | TCP keepalives idle | `nil` | +| `postgresqlTcpKeepalivesCount` | TCP keepalives count | `nil` | +| `postgresqlStatementTimeout` | Statement timeout | `nil` | +| `postgresqlPghbaRemoveFilters` | Comma-separated list of patterns to remove from the pg_hba.conf file | `nil` | +| `customStartupProbe` | Override default startup probe | `nil` | +| `customLivenessProbe` | Override default liveness probe | `nil` | +| `customReadinessProbe` | Override default readiness probe | `nil` | +| `audit.logHostname` | Add client hostnames to the log file | `false` | +| `audit.logConnections` | Add client log-in operations to the log file | `false` | +| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | +| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `nil` | +| `audit.clientMinMessages` | Message log level to share with the user | `nil` | +| `audit.logLinePrefix` | Template string for the log line prefix | `nil` | +| `audit.logTimezone` | Timezone for the log timestamps | `nil` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for primary and read replica(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | +| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` (evaluated as a template) | +| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` (evaluated as a template) | +| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` (evaluated as a template) | +| `primary.anotations` | Map of annotations to add to the statefulset (postgresql primary) | `{}` | +| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` | +| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` | +| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` | +| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `nil` | +| `primary.extraInitContainers` | Additional init containers to add to the pods (postgresql primary) | `[]` | +| `primary.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql primary) | `[]` | +| `primary.extraVolumes` | Additional volumes to add to the pods (postgresql primary) | `[]` | +| `primary.sidecars` | Add additional containers to the pod | `[]` | +| `primary.service.type` | Allows using a different service type for primary | `nil` | +| `primary.service.nodePort` | Allows using a different nodePort for primary | `nil` | +| `primary.service.clusterIP` | Allows using a different clusterIP for primary | `nil` | +| `primaryAsStandBy.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not. | `false` | +| `primaryAsStandBy.primaryHost` | The Host of replication primary in the other cluster. | `nil` | +| `primaryAsStandBy.primaryPort ` | The Port of replication primary in the other cluster. | `nil` | +| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` | +| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` (evaluated as a template) | +| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` (evaluated as a template) | +| `readReplicas.anotations` | Map of annotations to add to the statefulsets (postgresql readReplicas) | `{}` | +| `readReplicas.resources` | CPU/Memory resource requests/limits override for readReplicass. Will fallback to `values.resources` if not defined. | `{}` | +| `readReplicas.labels` | Map of labels to add to the statefulsets (postgresql readReplicas) | `{}` | +| `readReplicas.podAnnotations` | Map of annotations to add to the pods (postgresql readReplicas) | `{}` | +| `readReplicas.podLabels` | Map of labels to add to the pods (postgresql readReplicas) | `{}` | +| `readReplicas.priorityClassName` | Priority Class to use for each pod (postgresql readReplicas) | `nil` | +| `readReplicas.extraInitContainers` | Additional init containers to add to the pods (postgresql readReplicas) | `[]` | +| `readReplicas.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql readReplicas) | `[]` | +| `readReplicas.extraVolumes` | Additional volumes to add to the pods (postgresql readReplicas) | `[]` | +| `readReplicas.sidecars` | Add additional containers to the pod | `[]` | +| `readReplicas.service.type` | Allows using a different service type for readReplicas | `nil` | +| `readReplicas.service.nodePort` | Allows using a different nodePort for readReplicas | `nil` | +| `readReplicas.service.clusterIP` | Allows using a different clusterIP for readReplicas | `nil` | +| `readReplicas.persistence.enabled` | Whether to enable readReplicas replicas persistence | `true` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the pod | `1001` | +| `containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` | +| `containerSecurityContext.enabled` | Enable container security context | `true` | +| `containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAccount.name` | Name of existing service account | `nil` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `startupProbe.periodSeconds` | How often to perform the probe | 15 | +| `startupProbe.timeoutSeconds` | When the probe times | 5 | +| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. | `nil` | +| `tls.crlFilename` | File containing a Certificate Revocation List | `nil` | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | +| `metrics.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | +| `psp.create` | Create Pod Security Policy | `false` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customizing primary and read replica services in a replicated configuration + +At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the primary.service or readReplicas.service objects will take precedence over the top level service object. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can add additional PostgreSQL configuration parameters using the `postgresqlExtendedConf` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. Alternatively, to replace the entire default configuration use `postgresqlConfiguration`. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +* First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +* Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL primary +primary: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +readReplicas: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,containerSecurityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +image.repository=postgres +image.tag=10.6 +postgresqlDataDir=/data/pgdata +persistence.mountPath=/data/ +``` + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` paremeter(s). Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release bitnami/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the *requirements.yaml* to the *Chart.yaml* +- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +#### Breaking changes + +- The term `master` has been replaced with `primary` and `slave` with `readReplicas` throughout the chart. Role names have changed from `master` and `slave` to `primary` and `read`. + +To upgrade to `10.0.0`, it should be done reusing the PVCs used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `postgresql`): + +> NOTE: Please, create a backup of your database before running any of those actions. + +Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +$ export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +$ export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") +``` + +Delete the PostgreSQL statefulset. Notice the option `--cascade=false`: + +```console +$ kubectl delete statefulsets.apps postgresql-postgresql --cascade=false +``` + +Now the upgrade works: + +```console +$ helm upgrade postgresql bitnami/postgresql --set postgresqlPassword=$POSTGRESQL_PASSWORD --set persistence.existingClaim=$POSTGRESQL_PVC +``` + +You will have to delete the existing PostgreSQL pod and the new statefulset is going to create a new one + +```console +$ kubectl delete pod postgresql-postgresql-0 +``` + +Finally, you should see the lines below in PostgreSQL container logs: + +```console +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` + +### To 9.0.0 + +In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. + +As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: + +- Deploy an old version (8.X.X) + +```console +$ helm install postgresql bitnami/postgresql --version 8.10.14 +``` + +- Old version is up and running + +```console +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 76s +``` + +- The upgrade to the latest one (9.X.X) is going to fail + +```console +$ helm upgrade postgresql bitnami/postgresql +Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden +``` + +- Delete the statefulset + +```console +$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql +statefulset.apps "postgresql-postgresql" deleted +``` + +- Now the upgrade works + +```console +$ helm upgrade postgresql bitnami/postgresql +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 +``` + +- We can kill the existing pod and the new statefulset is going to create a new one: + +```console +$ kubectl delete pod postgresql-postgresql-0 +pod "postgresql-postgresql-0" deleted + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 19s +``` + +Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command + +### To 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +### To 7.1.0 + +Adds support for LDAP configuration. + +### To 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +### To 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + +- protobuf +- protobuf-c +- json-c +- geos +- proj + +### To 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```console +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` + +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### To 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### To 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### To 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + +- Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + +```console +$ kubectl get svc +``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release bitnami/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/.helmignore b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/.helmignore index 50af0317..05d5aabd 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/.helmignore +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/.helmignore @@ -1,22 +1,22 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/Chart.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/Chart.yaml index bcc3808d..513529de 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/Chart.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/Chart.yaml @@ -1,23 +1,23 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.4.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -- http://www.bitnami.com/ -type: library -version: 1.4.2 +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.4.2 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.4.2 diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/README.md b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/README.md index 7287cbb5..97c2d333 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/README.md +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/README.md @@ -1,322 +1,322 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|--------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Inpput | -|-------------------------|------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for RedisTM are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets. - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|--------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for RedisTM are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_affinities.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_affinities.tpl index 493a6dc7..312c4d68 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_affinities.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_affinities.tpl @@ -1,94 +1,94 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl index 4dde56a3..89362f36 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_capabilities.tpl @@ -1,95 +1,95 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl index a79cc2e3..3c5a5cb6 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_errors.tpl @@ -1,23 +1,23 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl index 60f04fd6..fba63a49 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_images.tpl @@ -1,47 +1,47 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_ingress.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_ingress.tpl index 622ef50e..61d72900 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_ingress.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_ingress.tpl @@ -1,42 +1,42 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if typeIs "int" .servicePort }} - number: {{ .servicePort }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if typeIs "int" .servicePort }} + number: {{ .servicePort }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl index 252066c7..82349a1b 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_labels.tpl @@ -1,18 +1,18 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl index adf2a74f..2a3a3f3f 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_names.tpl @@ -1,32 +1,32 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl index 60b84a70..129550c9 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_secrets.tpl @@ -1,129 +1,129 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- if index $secret.data .key }} - {{- $password = index $secret.data .key }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl index 60e2a844..b20089f5 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_storage.tpl @@ -1,23 +1,23 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl index 2db16685..cbfa805b 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_tplvalues.tpl @@ -1,13 +1,13 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl index ea083a24..a742861f 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_utils.tpl @@ -1,62 +1,62 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl index ae10fa41..b17fba25 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/_warnings.tpl @@ -1,14 +1,14 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_cassandra.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_cassandra.tpl index 8679ddff..91f75141 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_cassandra.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_cassandra.tpl @@ -1,72 +1,72 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mariadb.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mariadb.tpl index bb5ed725..94bf50fb 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mariadb.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mariadb.tpl @@ -1,103 +1,103 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mongodb.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mongodb.tpl index 7d5ecbcc..fa107d0c 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mongodb.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_mongodb.tpl @@ -1,108 +1,108 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB(R) required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB(R) required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_postgresql.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_postgresql.tpl index 992bcd39..0e9e0534 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_postgresql.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_postgresql.tpl @@ -1,131 +1,131 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_redis.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_redis.tpl index 3e2a47c0..475fe692 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_redis.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_redis.tpl @@ -1,72 +1,72 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis(TM) required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $existingSecret := include "common.redis.values.existingSecret" . -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} - {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} - {{- if eq $usePassword "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Redis Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.redis.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.redis.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis(TM) required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $existingSecret := include "common.redis.values.existingSecret" . -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} + {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} + {{- if eq $usePassword "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Redis Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.redis.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.redis.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_validations.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_validations.tpl index 9a814cf4..55572e19 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_validations.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/templates/validations/_validations.tpl @@ -1,46 +1,46 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/values.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/values.yaml index 9ecdc93f..208bfe16 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/charts/common/values.yaml @@ -1,3 +1,3 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -exampleValue: common-chart +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml index 97e18a4c..8b8e1c47 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/commonAnnotations.yaml @@ -1,3 +1,3 @@ -commonAnnotations: - helm.sh/hook: "\"pre-install, pre-upgrade\"" - helm.sh/hook-weight: "-1" +commonAnnotations: + helm.sh/hook: "\"pre-install, pre-upgrade\"" + helm.sh/hook-weight: "-1" diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/default-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/default-values.yaml index fc2ba605..c951ea48 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/default-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/default-values.yaml @@ -1 +1 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml index 347d3b40..2c66803c 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -1,2 +1,2 @@ -shmVolume: - enabled: false +shmVolume: + enabled: false diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/README.md b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/README.md index 1813a2fe..7368e0e3 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/README.md +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/README.md @@ -1 +1 @@ -Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/conf.d/README.md b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/conf.d/README.md index 184c1875..5f67f8ff 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/conf.d/README.md +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/conf.d/README.md @@ -1,4 +1,4 @@ -If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. -These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. - -More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md index cba38091..366a498d 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -1,3 +1,3 @@ -You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. - +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/NOTES.txt b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/NOTES.txt index 4e98958c..4ddd7509 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/NOTES.txt +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/NOTES.txt @@ -1,59 +1,59 @@ -** Please be patient while the chart is being deployed ** - -PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection -{{- if .Values.replication.enabled }} - {{ template "common.names.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection -{{- end }} - -{{- if not (eq (include "postgresql.username" .) "postgres") }} - -To get the password for "postgres" run: - - export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) -{{- end }} - -To get the password for "{{ template "postgresql.username" . }}" run: - - export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) - -To connect to your database run the following command: - - kubectl run {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ template "common.names.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "common.names.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. -{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & - {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} - -{{- end }} - -{{- include "postgresql.validateValues" . -}} - -{{- include "common.warnings.rollingTag" .Values.image -}} - -{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "common.names.fullname" .) "context" $) -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "common.names.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if not (eq (include "postgresql.username" .) "postgres") }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "common.names.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "common.names.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- include "common.warnings.rollingTag" .Values.image -}} + +{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "common.names.fullname" .) "context" $) -}} + +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/_helpers.tpl b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/_helpers.tpl index 1f98efe7..8a0e9c79 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/_helpers.tpl +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/_helpers.tpl @@ -1,337 +1,337 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "postgresql.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "postgresql.primary.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} -{{- if .Values.replication.enabled -}} -{{- printf "%s-%s" $fullname "primary" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper PostgreSQL image name -*/}} -{{- define "postgresql.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper PostgreSQL metrics image name -*/}} -{{- define "postgresql.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "postgresql.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "postgresql.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Return PostgreSQL postgres user password -*/}} -{{- define "postgresql.postgres.password" -}} -{{- if .Values.global.postgresql.postgresqlPostgresPassword }} - {{- .Values.global.postgresql.postgresqlPostgresPassword -}} -{{- else if .Values.postgresqlPostgresPassword -}} - {{- .Values.postgresqlPostgresPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL password -*/}} -{{- define "postgresql.password" -}} -{{- if .Values.global.postgresql.postgresqlPassword }} - {{- .Values.global.postgresql.postgresqlPassword -}} -{{- else if .Values.postgresqlPassword -}} - {{- .Values.postgresqlPassword -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication password -*/}} -{{- define "postgresql.replication.password" -}} -{{- if .Values.global.postgresql.replicationPassword }} - {{- .Values.global.postgresql.replicationPassword -}} -{{- else if .Values.replication.password -}} - {{- .Values.replication.password -}} -{{- else -}} - {{- randAlphaNum 10 -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL username -*/}} -{{- define "postgresql.username" -}} -{{- if .Values.global.postgresql.postgresqlUsername }} - {{- .Values.global.postgresql.postgresqlUsername -}} -{{- else -}} - {{- .Values.postgresqlUsername -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL replication username -*/}} -{{- define "postgresql.replication.username" -}} -{{- if .Values.global.postgresql.replicationUser }} - {{- .Values.global.postgresql.replicationUser -}} -{{- else -}} - {{- .Values.replication.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL port -*/}} -{{- define "postgresql.port" -}} -{{- if .Values.global.postgresql.servicePort }} - {{- .Values.global.postgresql.servicePort -}} -{{- else -}} - {{- .Values.service.port -}} -{{- end -}} -{{- end -}} - -{{/* -Return PostgreSQL created database -*/}} -{{- define "postgresql.database" -}} -{{- if .Values.global.postgresql.postgresqlDatabase }} - {{- .Values.global.postgresql.postgresqlDatabase -}} -{{- else if .Values.postgresqlDatabase -}} - {{- .Values.postgresqlDatabase -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "postgresql.secretName" -}} -{{- if .Values.global.postgresql.existingSecret }} - {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} -{{- else if .Values.existingSecret -}} - {{- printf "%s" (tpl .Values.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if we should use an existingSecret. -*/}} -{{- define "postgresql.useExistingSecret" -}} -{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "postgresql.createSecret" -}} -{{- if not (include "postgresql.useExistingSecret" .) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the configuration ConfigMap name. -*/}} -{{- define "postgresql.configurationCM" -}} -{{- if .Values.configurationConfigMap -}} -{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} -{{- else -}} -{{- printf "%s-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the extended configuration ConfigMap name. -*/}} -{{- define "postgresql.extendedConfigurationCM" -}} -{{- if .Values.extendedConfConfigMap -}} -{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} -{{- else -}} -{{- printf "%s-extended-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap should be mounted with PostgreSQL configuration -*/}} -{{- define "postgresql.mountConfigurationCM" -}} -{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "postgresql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} -{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} -{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "postgresql.initdbScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the metrics ConfigMap name. -*/}} -{{- define "postgresql.metricsCM" -}} -{{- printf "%s-metrics" (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Get the readiness probe command -*/}} -{{- define "postgresql.readinessProbeCommand" -}} -- | -{{- if (include "postgresql.database" .) }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- else }} - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} -{{- end }} -{{- if contains "bitnami/" .Values.image.repository }} - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "postgresql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} -{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap -*/}} -{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} -{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} -postgresql: ldap.url, ldap.server - You cannot set both `ldap.url` and `ldap.server` at the same time. - Please provide a unique way to configure LDAP. - More info at https://www.postgresql.org/docs/current/auth-ldap.html -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql - If PSP is enabled RBAC should be enabled too -*/}} -{{- define "postgresql.validateValues.psp" -}} -{{- if and .Values.psp.create (not .Values.rbac.create) }} -postgresql: psp.create, rbac.create - RBAC should be enabled if PSP is enabled in order for PSP to work. - More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podsecuritypolicy. -*/}} -{{- define "podsecuritypolicy.apiVersion" -}} -{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "postgresql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} - -{{/* -Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions -*/}} -{{- define "postgresql.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} -postgresql: tls.enabled, volumePermissions.enabled - When TLS is enabled you must enable volumePermissions as well to ensure certificates files have - the right permissions. -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "postgresql.tlsCert" -}} -{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "postgresql.tlsCertKey" -}} -{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "postgresql.tlsCACert" -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} -{{- end -}} - -{{/* -Return the path to the CRL file. -*/}} -{{- define "postgresql.tlsCRL" -}} -{{- if .Values.tls.crlFilename -}} -{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} -{{- end -}} -{{- end -}} +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.primary.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "primary" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if we should use an existingSecret. +*/}} +{{- define "postgresql.useExistingSecret" -}} +{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (include "postgresql.useExistingSecret" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "common.names.fullname" .) -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "podsecuritypolicy.apiVersion" -}} +{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions +*/}} +{{- define "postgresql.validateValues.tls" -}} +{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} +postgresql: tls.enabled, volumePermissions.enabled + When TLS is enabled you must enable volumePermissions as well to ensure certificates files have + the right permissions. +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/configmap.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/configmap.yaml index 3a5ea18a..3370381f 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/configmap.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/configmap.yaml @@ -1,31 +1,31 @@ -{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -data: -{{- if (.Files.Glob "files/postgresql.conf") }} -{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} -{{- else if .Values.postgresqlConfiguration }} - postgresql.conf: | -{{- range $key, $value := default dict .Values.postgresqlConfiguration }} - {{- if kindIs "string" $value }} - {{ $key | snakecase }} = '{{ $value }}' - {{- else }} - {{ $key | snakecase }} = {{ $value }} - {{- end }} -{{- end }} -{{- end }} -{{- if (.Files.Glob "files/pg_hba.conf") }} -{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} -{{- else if .Values.pgHbaConfiguration }} - pg_hba.conf: | -{{ .Values.pgHbaConfiguration | indent 4 }} -{{- end }} -{{ end }} +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{- if kindIs "string" $value }} + {{ $key | snakecase }} = '{{ $value }}' + {{- else }} + {{ $key | snakecase }} = {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml index b0dad253..04043faf 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extended-config-configmap.yaml @@ -1,26 +1,26 @@ -{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-extended-configuration - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -data: -{{- with .Files.Glob "files/conf.d/*.conf" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{ with .Values.postgresqlExtendedConf }} - override.conf: | -{{- range $key, $value := . }} - {{- if kindIs "string" $value }} - {{ $key | snakecase }} = '{{ $value }}' - {{- else }} - {{ $key | snakecase }} = {{ $value }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-extended-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{- if kindIs "string" $value }} + {{ $key | snakecase }} = '{{ $value }}' + {{- else }} + {{ $key | snakecase }} = {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extra-list.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extra-list.yaml index 9ac65f9e..47169534 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extra-list.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/extra-list.yaml @@ -1,4 +1,4 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml index 7796c67a..17398c5e 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/initialization-configmap.yaml @@ -1,25 +1,25 @@ -{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-init-scripts - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} -data: -{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} -{{ .AsConfig | indent 2 }} -{{- end }} -{{- with .Values.initdbScripts }} -{{ toYaml . | indent 2 }} -{{- end }} -{{- end }} +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-init-scripts + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml index fa539582..f933e703 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-configmap.yaml @@ -1,14 +1,14 @@ -{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "postgresql.metricsCM" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -data: - custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} -{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml index af8b67e2..c8da0562 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/metrics-svc.yaml @@ -1,26 +1,26 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-metrics - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- toYaml .Values.metrics.service.annotations | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - name: http-metrics - port: 9187 - targetPort: http-metrics - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: primary -{{- end }} +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-metrics + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- toYaml .Values.metrics.service.annotations | nindent 4 }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: primary +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml index 4f2740ea..cf1aa427 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/networkpolicy.yaml @@ -1,39 +1,39 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "postgresql.port" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: read - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9187 - {{- end }} -{{- end }} +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 14 }} + role: read + {{- end }} + {{- if .Values.metrics.enabled }} + # Allow prometheus scrapes + - ports: + - port: 9187 + {{- end }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml index 0c49694f..f18716ed 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/podsecuritypolicy.yaml @@ -1,38 +1,38 @@ -{{- if .Values.psp.create }} -apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - privileged: false - volumes: - - 'configMap' - - 'secret' - - 'persistentVolumeClaim' - - 'emptyDir' - - 'projected' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} +{{- if .Values.psp.create }} +apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml index d0f408c7..ecba66e5 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/prometheusrule.yaml @@ -1,23 +1,23 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} -{{- with .Values.metrics.prometheusRule.namespace }} - namespace: {{ . }} -{{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- with .Values.metrics.prometheusRule.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: -{{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "postgresql.name" $ }} - rules: {{ tpl (toYaml .) $ | nindent 8 }} -{{- end }} -{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/role.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/role.yaml index 017a5716..680681de 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/role.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/role.yaml @@ -1,20 +1,20 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -rules: - {{- if .Values.psp.create }} - - apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - verbs: ["use"] - resourceNames: - - {{ template "common.names.fullname" . }} - {{- end }} -{{- end }} +{{- if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +rules: + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ template "common.names.fullname" . }} + {{- end }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/rolebinding.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/rolebinding.yaml index 189775a1..fc2cdf90 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/rolebinding.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/rolebinding.yaml @@ -1,20 +1,20 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ template "common.names.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} - namespace: {{ .Release.Namespace }} -{{- end }} +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ template "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/secrets.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/secrets.yaml index d492cd59..3bfed8b1 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/secrets.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/secrets.yaml @@ -1,24 +1,24 @@ -{{- if (include "postgresql.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - {{- if not (eq (include "postgresql.username" .) "postgres") }} - postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} - {{- end }} - postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} - {{- if .Values.replication.enabled }} - postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} - {{- end }} - {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} - postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} - {{- end }} -{{- end -}} +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + {{- if not (eq (include "postgresql.username" .) "postgres") }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml index 03f0f50e..4b0abaa3 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/serviceaccount.yaml @@ -1,12 +1,12 @@ -{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "common.labels.standard" . | nindent 4 }} - name: {{ template "common.names.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -{{- end }} +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "common.labels.standard" . | nindent 4 }} + name: {{ template "common.names.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml index 587ce85b..68dcb658 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/servicemonitor.yaml @@ -1,33 +1,33 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset-readreplicas.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset-readreplicas.yaml index b038299b..d5c38e5e 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset-readreplicas.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset-readreplicas.yaml @@ -1,411 +1,411 @@ -{{- if .Values.replication.enabled }} -{{- $readReplicasResources := coalesce .Values.readReplicas.resources .Values.resources -}} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: "{{ template "common.names.fullname" . }}-read" - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: read -{{- with .Values.readReplicas.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.readReplicas.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - serviceName: {{ template "common.names.fullname" . }}-headless - replicas: {{ .Values.replication.readReplicas }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: read - template: - metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: read - role: read -{{- with .Values.readReplicas.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.readReplicas.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.readReplicas.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.readReplicas.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.readReplicas.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name}} - {{- end }} - {{- if or .Values.readReplicas.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - {{ if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.readReplicas.extraInitContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.readReplicas.priorityClassName }} - priorityClassName: {{ .Values.readReplicas.priorityClassName }} - {{- end }} - containers: - - name: {{ template "common.names.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if $readReplicasResources }} - resources: {{- toYaml $readReplicasResources | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - - name: POSTGRES_REPLICATION_MODE - value: "slave" - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - - name: POSTGRES_MASTER_HOST - value: {{ template "common.names.fullname" . }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ include "postgresql.port" . | quote }} - {{- if not (eq (include "postgresql.username" .) "postgres") }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - - name: POSTGRESQL_LOG_HOSTNAME - value: {{ .Values.audit.logHostname | quote }} - - name: POSTGRESQL_LOG_CONNECTIONS - value: {{ .Values.audit.logConnections | quote }} - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: {{ .Values.audit.logDisconnections | quote }} - {{- if .Values.audit.logLinePrefix }} - - name: POSTGRESQL_LOG_LINE_PREFIX - value: {{ .Values.audit.logLinePrefix | quote }} - {{- end }} - {{- if .Values.audit.logTimezone }} - - name: POSTGRESQL_LOG_TIMEZONE - value: {{ .Values.audit.logTimezone | quote }} - {{- end }} - {{- if .Values.audit.pgAuditLog }} - - name: POSTGRESQL_PGAUDIT_LOG - value: {{ .Values.audit.pgAuditLog | quote }} - {{- end }} - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: {{ .Values.audit.pgAuditLogCatalog | quote }} - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: {{ .Values.audit.clientMinMessages | quote }} - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} - {{- if .Values.postgresqlMaxConnections }} - - name: POSTGRESQL_MAX_CONNECTIONS - value: {{ .Values.postgresqlMaxConnections | quote }} - {{- end }} - {{- if .Values.postgresqlPostgresConnectionLimit }} - - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT - value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlDbUserConnectionLimit }} - - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT - value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesInterval }} - - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL - value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesIdle }} - - name: POSTGRESQL_TCP_KEEPALIVES_IDLE - value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} - {{- end }} - {{- if .Values.postgresqlStatementTimeout }} - - name: POSTGRESQL_STATEMENT_TIMEOUT - value: {{ .Values.postgresqlStatementTimeout | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesCount }} - - name: POSTGRESQL_TCP_KEEPALIVES_COUNT - value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} - {{- end }} - {{- if .Values.postgresqlPghbaRemoveFilters }} - - name: POSTGRESQL_PGHBA_REMOVE_FILTERS - value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.readReplicas.extraVolumeMounts }} - {{- toYaml .Values.readReplicas.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.readReplicas.sidecars }} -{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }} -{{- end }} - volumes: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} - {{- if or (not .Values.persistence.enabled) (not .Values.readReplicas.persistence.enabled) }} - - name: data - emptyDir: {} - {{- end }} - {{- if .Values.readReplicas.extraVolumes }} - {{- toYaml .Values.readReplicas.extraVolumes | nindent 8 }} - {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} -{{- if and .Values.persistence.enabled .Values.readReplicas.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end -}} -{{- end }} -{{- end }} +{{- if .Values.replication.enabled }} +{{- $readReplicasResources := coalesce .Values.readReplicas.resources .Values.resources -}} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "common.names.fullname" . }}-read" + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read +{{- with .Values.readReplicas.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.readReplicas.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + serviceName: {{ template "common.names.fullname" . }}-headless + replicas: {{ .Values.replication.readReplicas }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: read + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: read + role: read +{{- with .Values.readReplicas.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.readReplicas.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.readReplicas.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.readReplicas.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.readReplicas.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraInitContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.priorityClassName }} + priorityClassName: {{ .Values.readReplicas.priorityClassName }} + {{- end }} + containers: + - name: {{ template "common.names.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if $readReplicasResources }} + resources: {{- toYaml $readReplicasResources | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "common.names.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if not (eq (include "postgresql.username" .) "postgres") }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.postgresqlMaxConnections }} + - name: POSTGRESQL_MAX_CONNECTIONS + value: {{ .Values.postgresqlMaxConnections | quote }} + {{- end }} + {{- if .Values.postgresqlPostgresConnectionLimit }} + - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT + value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlDbUserConnectionLimit }} + - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT + value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesInterval }} + - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL + value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesIdle }} + - name: POSTGRESQL_TCP_KEEPALIVES_IDLE + value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} + {{- end }} + {{- if .Values.postgresqlStatementTimeout }} + - name: POSTGRESQL_STATEMENT_TIMEOUT + value: {{ .Values.postgresqlStatementTimeout | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesCount }} + - name: POSTGRESQL_TCP_KEEPALIVES_COUNT + value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} + {{- end }} + {{- if .Values.postgresqlPghbaRemoveFilters }} + - name: POSTGRESQL_PGHBA_REMOVE_FILTERS + value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.readReplicas.extraVolumeMounts }} + {{- toYaml .Values.readReplicas.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.readReplicas.sidecars }} +{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if or (not .Values.persistence.enabled) (not .Values.readReplicas.persistence.enabled) }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.readReplicas.extraVolumes }} + {{- toYaml .Values.readReplicas.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if and .Values.persistence.enabled .Values.readReplicas.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end -}} +{{- end }} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset.yaml index f8163fd9..1d17f6ff 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/statefulset.yaml @@ -1,609 +1,609 @@ -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "postgresql.primary.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- with .Values.primary.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.primary.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - serviceName: {{ template "common.names.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - role: primary - template: - metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - role: primary - app.kubernetes.io/component: primary - {{- with .Values.primary.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.primary.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} -{{- include "postgresql.imagePullSecrets" . | indent 6 }} - {{- if .Values.primary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.primary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} - {{- end }} - {{- if or .Values.primary.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} - initContainers: - {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} - - name: init-chmod-data - image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - command: - - /bin/sh - - -cx - - | - {{- if .Values.persistence.enabled }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - {{- end }} - mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} - find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - xargs chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- end }} - {{- end }} - {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} - chmod -R 777 /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - cp /tmp/certs/* /opt/bitnami/postgresql/certs/ - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ - {{- else }} - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ - {{- end }} - chmod 600 {{ template "postgresql.tlsCertKey" . }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - mountPath: /tmp/certs - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - {{- end }} - {{- end }} - {{- if .Values.primary.extraInitContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraInitContainers "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.primary.priorityClassName }} - priorityClassName: {{ .Values.primary.priorityClassName }} - {{- end }} - containers: - - name: {{ template "common.names.fullname" . }} - image: {{ template "postgresql.image" . }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: POSTGRESQL_PORT_NUMBER - value: "{{ template "postgresql.port" . }}" - - name: POSTGRESQL_VOLUME_DIR - value: "{{ .Values.persistence.mountPath }}" - {{- if .Values.postgresqlInitdbArgs }} - - name: POSTGRES_INITDB_ARGS - value: {{ .Values.postgresqlInitdbArgs | quote }} - {{- end }} - {{- if .Values.postgresqlInitdbWalDir }} - - name: POSTGRES_INITDB_WALDIR - value: {{ .Values.postgresqlInitdbWalDir | quote }} - {{- end }} - {{- if .Values.initdbUser }} - - name: POSTGRESQL_INITSCRIPTS_USERNAME - value: {{ .Values.initdbUser }} - {{- end }} - {{- if .Values.initdbPassword }} - - name: POSTGRESQL_INITSCRIPTS_PASSWORD - value: {{ .Values.initdbPassword }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: PGDATA - value: {{ .Values.postgresqlDataDir | quote }} - {{- end }} - {{- if .Values.primaryAsStandBy.enabled }} - - name: POSTGRES_MASTER_HOST - value: {{ .Values.primaryAsStandBy.primaryHost }} - - name: POSTGRES_MASTER_PORT_NUMBER - value: {{ .Values.primaryAsStandBy.primaryPort | quote }} - {{- end }} - {{- if or .Values.replication.enabled .Values.primaryAsStandBy.enabled }} - - name: POSTGRES_REPLICATION_MODE - {{- if .Values.primaryAsStandBy.enabled }} - value: "slave" - {{- else }} - value: "master" - {{- end }} - - name: POSTGRES_REPLICATION_USER - value: {{ include "postgresql.replication.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_REPLICATION_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} - - name: POSTGRES_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-replication-password - {{- end }} - {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas | quote }} - {{- end }} - - name: POSTGRES_CLUSTER_APP_NAME - value: {{ .Values.replication.applicationName }} - {{- end }} - {{- if not (eq (include "postgresql.username" .) "postgres") }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" - {{- else }} - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-postgres-password - {{- end }} - {{- end }} - - name: POSTGRES_USER - value: {{ include "postgresql.username" . | quote }} - {{- if .Values.usePasswordFile }} - - name: POSTGRES_PASSWORD_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - {{- if (include "postgresql.database" .) }} - - name: POSTGRES_DB - value: {{ (include "postgresql.database" .) | quote }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - - name: POSTGRESQL_ENABLE_LDAP - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: POSTGRESQL_LDAP_SERVER - value: {{ .Values.ldap.server }} - - name: POSTGRESQL_LDAP_PORT - value: {{ .Values.ldap.port | quote }} - - name: POSTGRESQL_LDAP_SCHEME - value: {{ .Values.ldap.scheme }} - {{- if .Values.ldap.tls }} - - name: POSTGRESQL_LDAP_TLS - value: "1" - {{- end }} - - name: POSTGRESQL_LDAP_PREFIX - value: {{ .Values.ldap.prefix | quote }} - - name: POSTGRESQL_LDAP_SUFFIX - value: {{ .Values.ldap.suffix | quote }} - - name: POSTGRESQL_LDAP_BASE_DN - value: {{ .Values.ldap.baseDN }} - - name: POSTGRESQL_LDAP_BIND_DN - value: {{ .Values.ldap.bindDN }} - {{- if (not (empty .Values.ldap.bind_password)) }} - - name: POSTGRESQL_LDAP_BIND_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-ldap-password - {{- end}} - - name: POSTGRESQL_LDAP_SEARCH_ATTR - value: {{ .Values.ldap.search_attr }} - - name: POSTGRESQL_LDAP_SEARCH_FILTER - value: {{ .Values.ldap.search_filter }} - - name: POSTGRESQL_LDAP_URL - value: {{ .Values.ldap.url }} - {{- end}} - - name: POSTGRESQL_ENABLE_TLS - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS - value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} - - name: POSTGRESQL_TLS_CERT_FILE - value: {{ template "postgresql.tlsCert" . }} - - name: POSTGRESQL_TLS_KEY_FILE - value: {{ template "postgresql.tlsCertKey" . }} - {{- if .Values.tls.certCAFilename }} - - name: POSTGRESQL_TLS_CA_FILE - value: {{ template "postgresql.tlsCACert" . }} - {{- end }} - {{- if .Values.tls.crlFilename }} - - name: POSTGRESQL_TLS_CRL_FILE - value: {{ template "postgresql.tlsCRL" . }} - {{- end }} - {{- end }} - - name: POSTGRESQL_LOG_HOSTNAME - value: {{ .Values.audit.logHostname | quote }} - - name: POSTGRESQL_LOG_CONNECTIONS - value: {{ .Values.audit.logConnections | quote }} - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: {{ .Values.audit.logDisconnections | quote }} - {{- if .Values.audit.logLinePrefix }} - - name: POSTGRESQL_LOG_LINE_PREFIX - value: {{ .Values.audit.logLinePrefix | quote }} - {{- end }} - {{- if .Values.audit.logTimezone }} - - name: POSTGRESQL_LOG_TIMEZONE - value: {{ .Values.audit.logTimezone | quote }} - {{- end }} - {{- if .Values.audit.pgAuditLog }} - - name: POSTGRESQL_PGAUDIT_LOG - value: {{ .Values.audit.pgAuditLog | quote }} - {{- end }} - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: {{ .Values.audit.pgAuditLogCatalog | quote }} - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: {{ .Values.audit.clientMinMessages | quote }} - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} - {{- if .Values.postgresqlMaxConnections }} - - name: POSTGRESQL_MAX_CONNECTIONS - value: {{ .Values.postgresqlMaxConnections | quote }} - {{- end }} - {{- if .Values.postgresqlPostgresConnectionLimit }} - - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT - value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlDbUserConnectionLimit }} - - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT - value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesInterval }} - - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL - value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesIdle }} - - name: POSTGRESQL_TCP_KEEPALIVES_IDLE - value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} - {{- end }} - {{- if .Values.postgresqlStatementTimeout }} - - name: POSTGRESQL_STATEMENT_TIMEOUT - value: {{ .Values.postgresqlStatementTimeout | quote }} - {{- end }} - {{- if .Values.postgresqlTcpKeepalivesCount }} - - name: POSTGRESQL_TCP_KEEPALIVES_COUNT - value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} - {{- end }} - {{- if .Values.postgresqlPghbaRemoveFilters }} - - name: POSTGRESQL_PGHBA_REMOVE_FILTERS - value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} - {{- end }} - {{- if .Values.extraEnvVarsCM }} - envFrom: - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . }} - {{- end }} - ports: - - name: tcp-postgresql - containerPort: {{ template "postgresql.port" . }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/sh - - -c - {{- if (include "postgresql.database" .) }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- else }} - - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} - {{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/sh - - -c - - -e - {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/ - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - mountPath: /bitnami/postgresql/conf/conf.d/ - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - mountPath: /dev/shm - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - - name: postgresql-config - mountPath: /bitnami/postgresql/conf - {{- end }} - {{- if .Values.primary.extraVolumeMounts }} - {{- toYaml .Values.primary.extraVolumeMounts | nindent 12 }} - {{- end }} -{{- if .Values.primary.sidecars }} -{{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "postgresql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.securityContext.enabled }} - securityContext: {{- omit .Values.metrics.securityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} - {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} - {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} - - name: DATA_SOURCE_NAME - value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} - {{- else }} - - name: DATA_SOURCE_URI - value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: DATA_SOURCE_PASS_FILE - value: "/opt/bitnami/postgresql/secrets/postgresql-password" - {{- else }} - - name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - name: {{ template "postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: DATA_SOURCE_USER - value: {{ template "postgresql.username" . }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http-metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.usePasswordFile }} - - name: postgresql-password - mountPath: /opt/bitnami/postgresql/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: postgresql-certificates - mountPath: /opt/bitnami/postgresql/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.customMetrics }} - - name: custom-metrics - mountPath: /conf - readOnly: true - args: ["--extend.query-path", "/conf/custom-metrics.yaml"] - {{- end }} - ports: - - name: http-metrics - containerPort: 9187 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} - volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - - name: postgresql-config - configMap: - name: {{ template "postgresql.configurationCM" . }} - {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - - name: postgresql-extended-config - configMap: - name: {{ template "postgresql.extendedConfigurationCM" . }} - {{- end }} - {{- if .Values.usePasswordFile }} - - name: postgresql-password - secret: - secretName: {{ template "postgresql.secretName" . }} - {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "postgresql.initdbScriptsCM" . }} - {{- end }} - {{- if .Values.initdbScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ template "postgresql.initdbScriptsSecret" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: raw-certificates - secret: - secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} - - name: postgresql-certificates - emptyDir: {} - {{- end }} - {{- if .Values.primary.extraVolumes }} - {{- toYaml .Values.primary.extraVolumes | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} - - name: custom-metrics - configMap: - name: {{ template "postgresql.metricsCM" . }} - {{- end }} - {{- if .Values.shmVolume.enabled }} - - name: dshm - emptyDir: - medium: Memory - sizeLimit: 1Gi - {{- end }} -{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: -{{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} -{{- end }} -{{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.persistence.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end -}} -{{- end }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.primary.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- with .Values.primary.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.primary.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + serviceName: {{ template "common.names.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: primary + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: primary + app.kubernetes.io/component: primary + {{- with .Values.primary.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.primary.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.primary.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.primary.extraInitContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName }} + {{- end }} + containers: + - name: {{ template "common.names.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.initdbPassword }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.primaryAsStandBy.enabled }} + - name: POSTGRES_MASTER_HOST + value: {{ .Values.primaryAsStandBy.primaryHost }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ .Values.primaryAsStandBy.primaryPort | quote }} + {{- end }} + {{- if or .Values.replication.enabled .Values.primaryAsStandBy.enabled }} + - name: POSTGRES_REPLICATION_MODE + {{- if .Values.primaryAsStandBy.enabled }} + value: "slave" + {{- else }} + value: "master" + {{- end }} + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if not (eq (include "postgresql.username" .) "postgres") }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end }} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote }} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.postgresqlMaxConnections }} + - name: POSTGRESQL_MAX_CONNECTIONS + value: {{ .Values.postgresqlMaxConnections | quote }} + {{- end }} + {{- if .Values.postgresqlPostgresConnectionLimit }} + - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT + value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlDbUserConnectionLimit }} + - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT + value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesInterval }} + - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL + value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesIdle }} + - name: POSTGRESQL_TCP_KEEPALIVES_IDLE + value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} + {{- end }} + {{- if .Values.postgresqlStatementTimeout }} + - name: POSTGRESQL_STATEMENT_TIMEOUT + value: {{ .Values.postgresqlStatementTimeout | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesCount }} + - name: POSTGRESQL_TCP_KEEPALIVES_COUNT + value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} + {{- end }} + {{- if .Values.postgresqlPghbaRemoveFilters }} + - name: POSTGRESQL_PGHBA_REMOVE_FILTERS + value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- toYaml .Values.primary.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.primary.sidecars }} +{{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: {{- omit .Values.metrics.securityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} + {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} + - name: DATA_SOURCE_NAME + value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- toYaml .Values.primary.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end -}} +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-headless.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-headless.yaml index 6f5f3b9e..a5b51261 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-headless.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-headless.yaml @@ -1,28 +1,28 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-headless - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - # Use this annotation in addition to the actual publishNotReadyAddresses - # field below because the annotation will stop being respected soon but the - # field is broken in some versions of Kubernetes: - # https://github.com/kubernetes/kubernetes/issues/58662 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - namespace: {{ .Release.Namespace }} -spec: - type: ClusterIP - clusterIP: None - # We want all pods in the StatefulSet to have their addresses published for - # the sake of the other Postgresql pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-headless + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-read.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-read.yaml index 56195ea1..4ce5f79b 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-read.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc-read.yaml @@ -1,43 +1,43 @@ -{{- if .Values.replication.enabled }} -{{- $serviceAnnotations := coalesce .Values.readReplicas.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.readReplicas.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.readReplicas.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.readReplicas.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.readReplicas.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.readReplicas.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-read - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: read -{{- end }} +{{- if .Values.replication.enabled }} +{{- $serviceAnnotations := coalesce .Values.readReplicas.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.readReplicas.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.readReplicas.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.readReplicas.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.readReplicas.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.readReplicas.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-read + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: read +{{- end }} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc.yaml index a29431b6..527843fc 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/templates/svc.yaml @@ -1,41 +1,41 @@ -{{- $serviceAnnotations := coalesce .Values.primary.service.annotations .Values.service.annotations -}} -{{- $serviceType := coalesce .Values.primary.service.type .Values.service.type -}} -{{- $serviceLoadBalancerIP := coalesce .Values.primary.service.loadBalancerIP .Values.service.loadBalancerIP -}} -{{- $serviceLoadBalancerSourceRanges := coalesce .Values.primary.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} -{{- $serviceClusterIP := coalesce .Values.primary.service.clusterIP .Values.service.clusterIP -}} -{{- $serviceNodePort := coalesce .Values.primary.service.nodePort .Values.service.nodePort -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $serviceAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ $serviceType }} - {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} - loadBalancerIP: {{ $serviceLoadBalancerIP }} - {{- end }} - {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} - {{- end }} - {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} - clusterIP: {{ $serviceClusterIP }} - {{- end }} - ports: - - name: tcp-postgresql - port: {{ template "postgresql.port" . }} - targetPort: tcp-postgresql - {{- if $serviceNodePort }} - nodePort: {{ $serviceNodePort }} - {{- end }} - selector: - {{- include "common.labels.matchLabels" . | nindent 4 }} - role: primary +{{- $serviceAnnotations := coalesce .Values.primary.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.primary.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.primary.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.primary.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.primary.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.primary.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: primary diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.schema.json b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.schema.json index 66a2a9dd..8867f1ba 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.schema.json +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.schema.json @@ -1,103 +1,103 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "postgresqlUsername": { - "type": "string", - "title": "Admin user", - "form": true - }, - "postgresqlPassword": { - "type": "string", - "title": "Password", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "replication": { - "type": "object", - "form": true, - "title": "Replication Details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Replication", - "form": true - }, - "readReplicas": { - "type": "integer", - "title": "read Replicas", - "form": true, - "hidden": { - "value": false, - "path": "replication/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "readReplicas": { + "type": "integer", + "title": "read Replicas", + "form": true, + "hidden": { + "value": false, + "path": "replication/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.yaml b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.yaml index 82ce0923..2e7385e4 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/charts/postgresql/values.yaml @@ -1,824 +1,824 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -global: - postgresql: {} -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Bitnami PostgreSQL image version -## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ -## -image: - registry: docker.io - repository: bitnami/postgresql - tag: 11.11.0-debian-10-r71 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false - -## String to partially override common.names.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override common.names.fullname template -## -# fullnameOverride: - -## -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Init container Security Context - ## Note: the chown of the data folder is done to securityContext.runAsUser - ## and not the below volumePermissions.securityContext.runAsUser - ## When runAsUser is set to special value "auto", init container will try to chwon the - ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). - ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false - ## - securityContext: - runAsUser: 0 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - -## Container Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - -## Pod Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - enabled: false - ## Name of an already existing service account. Setting this value disables the automatic service account creation. - # name: - -## Pod Security Policy -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -psp: - create: false - -## Creates role for ServiceAccount -## Required for PSP -## -rbac: - create: false - -replication: - enabled: false - user: repl_user - password: repl_password - readReplicas: 1 - ## Set synchronous commit mode: on, off, remote_apply, remote_write and local - ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL - synchronousCommit: 'off' - ## From the number of `readReplicas` defined above, set the number of those that will have synchronous replication - ## NOTE: It cannot be > readReplicas - numSynchronousReplicas: 0 - ## Replication Cluster application name. Useful for defining multiple replication policies - ## - applicationName: my_application - -## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) -# postgresqlPostgresPassword: - -## PostgreSQL user (has superuser privileges if username is `postgres`) -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -postgresqlUsername: postgres - -## PostgreSQL password -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run -## -# postgresqlPassword: - -## PostgreSQL password using existing secret -## existingSecret: secret -## - -## Mount PostgreSQL secret as a file instead of passing environment variable -# usePasswordFile: false - -## Create a database -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run -## -# postgresqlDatabase: - -## PostgreSQL data dir -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -postgresqlDataDir: /bitnami/postgresql/data - -## An array to add extra environment variables -## For example: -## extraEnv: -## - name: FOO -## value: "bar" -## -# extraEnv: -extraEnv: [] - -## Name of a ConfigMap containing extra env vars -## -# extraEnvVarsCM: - -## Specify extra initdb args -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbArgs: - -## Specify a custom location for the PostgreSQL transaction log -## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md -## -# postgresqlInitdbWalDir: - -## PostgreSQL configuration -## Specify runtime configuration parameters as a dict, using camelCase, e.g. -## {"sharedBuffers": "500MB"} -## Alternatively, you can put your postgresql.conf under the files/ directory -## ref: https://www.postgresql.org/docs/current/static/runtime-config.html -## -# postgresqlConfiguration: - -## PostgreSQL extended configuration -## As above, but _appended_ to the main configuration -## Alternatively, you can put your *.conf under the files/conf.d/ directory -## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf -## -# postgresqlExtendedConf: - -## Configure current cluster's primary server to be the standby server in other cluster. -## This will allow cross cluster replication and provide cross cluster high availability. -## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. -## -primaryAsStandBy: - enabled: false - # primaryHost: - # primaryPort: - -## PostgreSQL client authentication configuration -## Specify content for pg_hba.conf -## Default: do not create pg_hba.conf -## Alternatively, you can put your pg_hba.conf under the files/ directory -# pgHbaConfiguration: |- -# local all all trust -# host all all localhost trust -# host mydatabase mysuser 192.168.0.0/24 md5 - -## ConfigMap with PostgreSQL configuration -## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration -# configurationConfigMap: - -## ConfigMap with PostgreSQL extended configuration -# extendedConfConfigMap: - -## initdb scripts -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## -# initdbScripts: -# my_init_script.sh: | -# #!/bin/sh -# echo "Do something." - -## ConfigMap with scripts to be run at first boot -## NOTE: This will override initdbScripts -# initdbScriptsConfigMap: - -## Secret with scripts to be run at first boot (in case it contains sensitive information) -## NOTE: This can work along initdbScripts or initdbScriptsConfigMap -# initdbScriptsSecret: - -## Specify the PostgreSQL username and password to execute the initdb scripts -# initdbUser: -# initdbPassword: - -## Audit settings -## https://github.com/bitnami/bitnami-docker-postgresql#auditing -## -audit: - ## Log client hostnames - ## - logHostname: false - ## Log connections to the server - ## - logConnections: false - ## Log disconnections - ## - logDisconnections: false - ## Operation to audit using pgAudit (default if not set) - ## - pgAuditLog: "" - ## Log catalog using pgAudit - ## - pgAuditLogCatalog: "off" - ## Log level for clients - ## - clientMinMessages: error - ## Template for log line prefix (default if not set) - ## - logLinePrefix: "" - ## Log timezone - ## - logTimezone: "" - -## Shared preload libraries -## -postgresqlSharedPreloadLibraries: "pgaudit" - -## Maximum total connections -## -postgresqlMaxConnections: - -## Maximum connections for the postgres user -## -postgresqlPostgresConnectionLimit: - -## Maximum connections for the created user -## -postgresqlDbUserConnectionLimit: - -## TCP keepalives interval -## -postgresqlTcpKeepalivesInterval: - -## TCP keepalives idle -## -postgresqlTcpKeepalivesIdle: - -## TCP keepalives count -## -postgresqlTcpKeepalivesCount: - -## Statement timeout -## -postgresqlStatementTimeout: - -## Remove pg_hba.conf lines with the following comma-separated patterns -## (cannot be used with custom pg_hba.conf) -## -postgresqlPghbaRemoveFilters: - -## Optional duration in seconds the pod needs to terminate gracefully. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -# terminationGracePeriodSeconds: 30 - -## LDAP configuration -## -ldap: - enabled: false - url: '' - server: '' - port: '' - prefix: '' - suffix: '' - baseDN: '' - bindDN: '' - bind_password: - search_attr: '' - search_filter: '' - scheme: '' - tls: {} - -## PostgreSQL service configuration -## -service: - ## PosgresSQL service type - ## - type: ClusterIP - # clusterIP: None - port: 5432 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - # loadBalancerIP: - ## Load Balancer sources. Evaluated as a template. - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - -## Start primary and read(s) pod(s) without limitations on shm memory. -## By default docker and containerd (and possibly other container runtimes) -## limit `/dev/shm` to `64M` (see e.g. the -## [docker issue](https://github.com/docker-library/postgres/issues/416) and the -## [containerd issue](https://github.com/containerd/containerd/issues/3654), -## which could be not enough if PostgreSQL uses parallel workers heavily. -## -shmVolume: - ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove - ## this limitation. - ## - enabled: true - ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. - ## This option is ignored if `volumePermissions.enabled` is `false` - ## - chmod: - enabled: true - -## PostgreSQL data Persistent Volume Storage Class -## If defined, storageClassName: -## If set to "-", storageClassName: "", which disables dynamic provisioning -## If undefined (the default) or set to null, no storageClassName spec is -## set, choosing the default provisioner. (gp2 on AWS, standard on -## GKE, AWS & OpenStack) -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## PostgreSQL images. - ## - mountPath: /bitnami/postgresql - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: '' - - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - ## selector can be used to match an existing PersistentVolume - ## selector: - ## matchLabels: - ## app: my-app - selector: {} - -## updateStrategy for PostgreSQL StatefulSet and its reads StatefulSets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: - type: RollingUpdate - -## -## PostgreSQL Primary parameters -## -primary: - ## PostgreSQL Primary pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - - ## PostgreSQL Primary pod anti-affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - - ## PostgreSQL Primary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - - ## Affinity for PostgreSQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - - ## Node labels for PostgreSQL primary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Tolerations for PostgreSQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - ## - extraInitContainers: [] - - ## Additional PostgreSQL primary Volume mounts - ## - extraVolumeMounts: [] - ## Additional PostgreSQL primary Volumes - ## - extraVolumes: [] - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - - ## Override the service configuration for primary - ## - service: {} - # type: - # nodePort: - # clusterIP: - -## -## PostgreSQL read only replica parameters -## -readReplicas: - ## PostgreSQL read only pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - - ## PostgreSQL read only pod anti-affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - - ## PostgreSQL read only node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - - ## Affinity for PostgreSQL read only pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: readReplicas.podAffinityPreset, readReplicas.podAntiAffinityPreset, and readReplicas.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - - ## Node labels for PostgreSQL read only pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Tolerations for PostgreSQL read only pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - labels: {} - annotations: {} - podLabels: {} - podAnnotations: {} - priorityClassName: '' - - ## Extra init containers - ## Example - ## - ## extraInitContainers: - ## - name: do-something - ## image: busybox - ## command: ['do', 'something'] - ## - extraInitContainers: [] - - ## Additional PostgreSQL read replicas Volume mounts - ## - extraVolumeMounts: [] - - ## Additional PostgreSQL read replicas Volumes - ## - extraVolumes: [] - - ## Add sidecars to the pod - ## - ## For example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - - ## Override the service configuration for read - ## - service: {} - # type: - # nodePort: - # clusterIP: - - ## Whether to enable PostgreSQL read replicas data Persistent - ## - persistence: - enabled: true - - # Override the resource configuration for read replicas - resources: {} - # requests: - # memory: 256Mi - # cpu: 250m - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 256Mi - cpu: 250m - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -networkPolicy: - ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the port PostgreSQL is listening - ## on. When true, PostgreSQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - - ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} - -## Configure extra options for startup, liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## -startupProbe: - enabled: false - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 5 - failureThreshold: 10 - successThreshold: 1 - -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## Custom Startup probe -## -customStartupProbe: {} - -## Custom Liveness probe -## -customLivenessProbe: {} - -## Custom Rediness probe -## -customReadinessProbe: {} - -## -## TLS configuration -## -tls: - # Enable TLS traffic - enabled: false - # - # Whether to use the server's TLS cipher preferences rather than the client's. - preferServerCiphers: true - # - # Name of the Secret that contains the certificates - certificatesSecret: '' - # - # Certificate filename - certFilename: '' - # - # Certificate Key filename - certKeyFilename: '' - # - # CA Certificate filename - # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate - # ref: https://www.postgresql.org/docs/9.6/auth-methods.html - certCAFilename: - # - # File containing a Certificate Revocation List - crlFilename: - -## Configure metrics exporter -## -metrics: - enabled: false - # resources: {} - service: - type: ClusterIP - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9187' - loadBalancerIP: - serviceMonitor: - enabled: false - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## These are just examples rules, please adapt them to your needs. - ## Make sure to constraint the rules to the current postgresql service. - ## rules: - ## - alert: HugeReplicationLag - ## expr: pg_replication_lag{service="{{ template "common.names.fullname" . }}-metrics"} / 3600 > 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: replication for {{ template "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). - ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). - ## - rules: [] - - image: - registry: docker.io - repository: bitnami/postgres-exporter - tag: 0.9.0-debian-10-r43 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## Define additional custom metrics - ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file - # customMetrics: - # pg_database: - # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" - # metrics: - # - name: - # usage: "LABEL" - # description: "Name of the database" - # - size_bytes: - # usage: "GAUGE" - # description: "Size of the database in bytes" - # - ## An array to add extra env vars to configure postgres-exporter - ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables - ## For example: - # extraEnvVars: - # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS - # value: "true" - extraEnvVars: {} - - ## Pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - runAsUser: 1001 - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - ## Configure extra options for liveness and readiness probes - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.11.0-debian-10-r71 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and/or NAMI debugging in the image + ## + debug: false + +## String to partially override common.names.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.names.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + +## Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +## +rbac: + create: false + +replication: + enabled: false + user: repl_user + password: repl_password + readReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'off' + ## From the number of `readReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > readReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + ## + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret +## + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## Configure current cluster's primary server to be the standby server in other cluster. +## This will allow cross cluster replication and provide cross cluster high availability. +## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. +## +primaryAsStandBy: + enabled: false + # primaryHost: + # primaryPort: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Audit settings +## https://github.com/bitnami/bitnami-docker-postgresql#auditing +## +audit: + ## Log client hostnames + ## + logHostname: false + ## Log connections to the server + ## + logConnections: false + ## Log disconnections + ## + logDisconnections: false + ## Operation to audit using pgAudit (default if not set) + ## + pgAuditLog: "" + ## Log catalog using pgAudit + ## + pgAuditLogCatalog: "off" + ## Log level for clients + ## + clientMinMessages: error + ## Template for log line prefix (default if not set) + ## + logLinePrefix: "" + ## Log timezone + ## + logTimezone: "" + +## Shared preload libraries +## +postgresqlSharedPreloadLibraries: "pgaudit" + +## Maximum total connections +## +postgresqlMaxConnections: + +## Maximum connections for the postgres user +## +postgresqlPostgresConnectionLimit: + +## Maximum connections for the created user +## +postgresqlDbUserConnectionLimit: + +## TCP keepalives interval +## +postgresqlTcpKeepalivesInterval: + +## TCP keepalives idle +## +postgresqlTcpKeepalivesIdle: + +## TCP keepalives count +## +postgresqlTcpKeepalivesCount: + +## Statement timeout +## +postgresqlStatementTimeout: + +## Remove pg_hba.conf lines with the following comma-separated patterns +## (cannot be used with custom pg_hba.conf) +## +postgresqlPghbaRemoveFilters: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: {} + +## PostgreSQL service configuration +## +service: + ## PosgresSQL service type + ## + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start primary and read(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ignored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + selector: {} + +## updateStrategy for PostgreSQL StatefulSet and its reads StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Primary parameters +## +primary: + ## PostgreSQL Primary pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## PostgreSQL Primary pod anti-affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## PostgreSQL Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + extraInitContainers: [] + + ## Additional PostgreSQL primary Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL primary Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + + ## Override the service configuration for primary + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL read only replica parameters +## +readReplicas: + ## PostgreSQL read only pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## PostgreSQL read only pod anti-affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## PostgreSQL read only node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: readReplicas.podAffinityPreset, readReplicas.podAntiAffinityPreset, and readReplicas.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + extraInitContainers: [] + + ## Additional PostgreSQL read replicas Volume mounts + ## + extraVolumeMounts: [] + + ## Additional PostgreSQL read replicas Volumes + ## + extraVolumes: [] + + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + + ## Override the service configuration for read + ## + service: {} + # type: + # nodePort: + # clusterIP: + + ## Whether to enable PostgreSQL read replicas data Persistent + ## + persistence: + enabled: true + + # Override the resource configuration for read replicas + resources: {} + # requests: + # memory: 256Mi + # cpu: 250m + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + ## + explicitNamespacesSelector: {} + +## Configure extra options for startup, liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## +startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 10 + successThreshold: 1 + +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Custom Startup probe +## +customStartupProbe: {} + +## Custom Liveness probe +## +customLivenessProbe: {} + +## Custom Rediness probe +## +customReadinessProbe: {} + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "common.names.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + ## + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.9.0-debian-10-r43 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + # + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Array with extra yaml to deploy with the chart. Evaluated as a template +## +extraDeploy: [] diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/access-tls-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/access-tls-values.yaml index 1a8c4698..4b337144 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/access-tls-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/access-tls-values.yaml @@ -1,24 +1,24 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password - persistence: - enabled: false -artifactory: - persistence: - enabled: false - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password + persistence: + enabled: false +artifactory: + persistence: + enabled: false + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" +access: + accessConfig: + security: + tls: true + resetAccessCAKeys: true diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/default-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/default-values.yaml index fc346939..f5626164 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/default-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/default-values.yaml @@ -1,21 +1,21 @@ -# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. -databaseUpgradeReady: true - -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password - persistence: - enabled: false -artifactory: - persistence: - enabled: false - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. +databaseUpgradeReady: true + +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password + persistence: + enabled: false +artifactory: + persistence: + enabled: false + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/derby-test-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/derby-test-values.yaml index e6fe8d0e..777be3be 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/derby-test-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/derby-test-values.yaml @@ -1,18 +1,18 @@ -databaseUpgradeReady: true - -postgresql: - enabled: false -artifactory: - fsGroupChangePolicy: "OnRootMismatch" - persistence: - enabled: false - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" +databaseUpgradeReady: true + +postgresql: + enabled: false +artifactory: + fsGroupChangePolicy: "OnRootMismatch" + persistence: + enabled: false + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/global-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/global-values.yaml index 458bdf99..407fcffb 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/global-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/global-values.yaml @@ -1,259 +1,259 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password - persistence: - enabled: false -artifactory: - persistence: - enabled: false - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - customInitContainersBegin: | - - name: "custom-init-begin-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - echo "running in local" - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: artifactory-volume - customInitContainers: | - - name: "custom-init-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - echo "running in local" - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: artifactory-volume - # Add custom volumes - customVolumes: | - - name: custom-script-local - emptyDir: - sizeLimit: 100Mi - # Add custom volumesMounts - customVolumeMounts: | - - name: custom-script-local - mountPath: "/scriptslocal" - # Add custom sidecar containers - customSidecarContainers: | - - name: "sidecar-list-local" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW - command: ["sh","-c","echo 'Sidecar is running in local' >> /scriptslocal/sidecarlocal.txt; cat /scriptslocal/sidecarlocal.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scriptslocal" - name: custom-script-local - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" - -global: - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - customInitContainersBegin: | - - name: "custom-init-begin-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - echo "running in global" - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: artifactory-volume - customInitContainers: | - - name: "custom-init-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - echo "running in global" - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: artifactory-volume - # Add custom volumes - customVolumes: | - - name: custom-script-global - emptyDir: - sizeLimit: 100Mi - # Add custom volumesMounts - customVolumeMounts: | - - name: custom-script-global - mountPath: "/scripts" - # Add custom sidecar containers - customSidecarContainers: | - - name: "sidecar-list-global" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW - command: ["sh","-c","echo 'Sidecar is running in global' >> /scripts/sidecarglobal.txt; cat /scripts/sidecarglobal.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scripts" - name: custom-script-global - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" - -nginx: - customInitContainers: | - - name: "custom-init-begin-nginx" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - command: - - 'sh' - - '-c' - - echo "running in nginx" - volumeMounts: - - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" - name: custom-script-local - customSidecarContainers: | - - name: "sidecar-list-nginx" - image: "{{ .Values.initContainerImage }}" - imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW - command: ["sh","-c","echo 'Sidecar is running in local' >> /scriptslocal/sidecarlocal.txt; cat /scriptslocal/sidecarlocal.txt; while true; do sleep 30; done"] - volumeMounts: - - mountPath: "/scriptslocal" - name: custom-script-local - resources: - requests: - memory: "32Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" - # Add custom volumes - customVolumes: | - - name: custom-script-local - emptyDir: - sizeLimit: 100Mi - - artifactoryConf: | - {{- if .Values.nginx.https.enabled }} - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - {{- end }} - {{- if .Values.pipelines.enabled }} - http { - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - {{- end }} - ## server configuration - server { - listen 8088; - {{- if .Values.nginx.internalPortHttps }} - listen {{ .Values.nginx.internalPortHttps }} ssl; - {{- else -}} - {{- if .Values.nginx.https.enabled }} - listen {{ .Values.nginx.https.internalPort }} ssl; - {{- end }} - {{- end }} - {{- if .Values.nginx.internalPortHttp }} - listen {{ .Values.nginx.internalPortHttp }}; - {{- else -}} - {{- if .Values.nginx.http.enabled }} - listen {{ .Values.nginx.http.internalPort }}; - {{- end }} - {{- end }} - server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/artifactory/?$ / redirect; - if ( $repo != "" ) { - rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; - } - chunked_transfer_encoding on; - client_max_body_size 0; - - location / { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; - {{- if .Values.nginx.service.ssloffload}} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; - {{- else }} - proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - {{- end }} - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header Strict-Transport-Security always; - {{- if .Values.pipelines.enabled }} - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - {{- end }} - - location /artifactory/ { - if ( $request_uri ~ ^/artifactory/(.*)$ ) { - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; - } - proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; - } - } - } - - ## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports. - customPorts: - - containerPort: 8088 - name: http2 - service: - ## A list of custom ports to expose through the Ingress controller service. Follows the conventional Kubernetes yaml syntax for service ports. - customPorts: - - port: 8088 - targetPort: 8088 - protocol: TCP - name: http2 +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password + persistence: + enabled: false +artifactory: + persistence: + enabled: false + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + customInitContainersBegin: | + - name: "custom-init-begin-local" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - echo "running in local" + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: artifactory-volume + customInitContainers: | + - name: "custom-init-local" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - echo "running in local" + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: artifactory-volume + # Add custom volumes + customVolumes: | + - name: custom-script-local + emptyDir: + sizeLimit: 100Mi + # Add custom volumesMounts + customVolumeMounts: | + - name: custom-script-local + mountPath: "/scriptslocal" + # Add custom sidecar containers + customSidecarContainers: | + - name: "sidecar-list-local" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + command: ["sh","-c","echo 'Sidecar is running in local' >> /scriptslocal/sidecarlocal.txt; cat /scriptslocal/sidecarlocal.txt; while true; do sleep 30; done"] + volumeMounts: + - mountPath: "/scriptslocal" + name: custom-script-local + resources: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +global: + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + customInitContainersBegin: | + - name: "custom-init-begin-global" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - echo "running in global" + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: artifactory-volume + customInitContainers: | + - name: "custom-init-global" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - echo "running in global" + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: artifactory-volume + # Add custom volumes + customVolumes: | + - name: custom-script-global + emptyDir: + sizeLimit: 100Mi + # Add custom volumesMounts + customVolumeMounts: | + - name: custom-script-global + mountPath: "/scripts" + # Add custom sidecar containers + customSidecarContainers: | + - name: "sidecar-list-global" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + command: ["sh","-c","echo 'Sidecar is running in global' >> /scripts/sidecarglobal.txt; cat /scripts/sidecarglobal.txt; while true; do sleep 30; done"] + volumeMounts: + - mountPath: "/scripts" + name: custom-script-global + resources: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +nginx: + customInitContainers: | + - name: "custom-init-begin-nginx" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + command: + - 'sh' + - '-c' + - echo "running in nginx" + volumeMounts: + - mountPath: "{{ .Values.artifactory.persistence.mountPath }}" + name: custom-script-local + customSidecarContainers: | + - name: "sidecar-list-nginx" + image: "{{ .Values.initContainerImage }}" + imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - NET_RAW + command: ["sh","-c","echo 'Sidecar is running in local' >> /scriptslocal/sidecarlocal.txt; cat /scriptslocal/sidecarlocal.txt; while true; do sleep 30; done"] + volumeMounts: + - mountPath: "/scriptslocal" + name: custom-script-local + resources: + requests: + memory: "32Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + # Add custom volumes + customVolumes: | + - name: custom-script-local + emptyDir: + sizeLimit: 100Mi + + artifactoryConf: | + {{- if .Values.nginx.https.enabled }} + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; + ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + {{- end }} + {{- if .Values.pipelines.enabled }} + http { + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + {{- end }} + ## server configuration + server { + listen 8088; + {{- if .Values.nginx.internalPortHttps }} + listen {{ .Values.nginx.internalPortHttps }} ssl; + {{- else -}} + {{- if .Values.nginx.https.enabled }} + listen {{ .Values.nginx.https.internalPort }} ssl; + {{- end }} + {{- end }} + {{- if .Values.nginx.internalPortHttp }} + listen {{ .Values.nginx.internalPortHttp }}; + {{- else -}} + {{- if .Values.nginx.http.enabled }} + listen {{ .Values.nginx.http.internalPort }}; + {{- end }} + {{- end }} + server_name ~(?.+)\.{{ include "artifactory.fullname" . }} {{ include "artifactory.fullname" . }} + {{- range .Values.ingress.hosts -}} + {{- if contains "." . -}} + {{ "" | indent 0 }} ~(?.+)\.{{ . }} + {{- end -}} + {{- end -}}; + + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/artifactory/?$ / redirect; + if ( $repo != "" ) { + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; + } + chunked_transfer_encoding on; + client_max_body_size 0; + + location / { + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; + {{- if .Values.nginx.service.ssloffload}} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; + {{- else }} + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + {{- end }} + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + add_header Strict-Transport-Security always; + {{- if .Values.pipelines.enabled }} + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + {{- end }} + + location /artifactory/ { + if ( $request_uri ~ ^/artifactory/(.*)$ ) { + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; + } + proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; + } + } + } + + ## A list of custom ports to expose on the NGINX pod. Follows the conventional Kubernetes yaml syntax for container ports. + customPorts: + - containerPort: 8088 + name: http2 + service: + ## A list of custom ports to expose through the Ingress controller service. Follows the conventional Kubernetes yaml syntax for service ports. + customPorts: + - port: 8088 + targetPort: 8088 + protocol: TCP + name: http2 diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/migration-disabled-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/migration-disabled-values.yaml index 092756fb..57b23e6a 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/migration-disabled-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/migration-disabled-values.yaml @@ -1,21 +1,21 @@ -databaseUpgradeReady: true -# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release -postgresql: - postgresqlPassword: password - persistence: - enabled: false -artifactory: - migration: - enabled: false - persistence: - enabled: false - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" +databaseUpgradeReady: true +# To Fix ct tool --reuse-values - PASSWORDS ERROR: you must provide your current passwords when upgrade the release +postgresql: + postgresqlPassword: password + persistence: + enabled: false +artifactory: + migration: + enabled: false + persistence: + enabled: false + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml index 52861f86..d33f29c1 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values-access-tls-values.yaml @@ -1,113 +1,113 @@ -databaseUpgradeReady: true -artifactory: - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - persistence: - enabled: false - replicator: - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - -access: - accessConfig: - security: - tls: true - resetAccessCAKeys: true - -postgresql: - postgresqlPassword: password - postgresqlExtendedConf: - maxConnections: 102 - persistence: - enabled: false - -rbac: - create: true -serviceAccount: - create: true - automountServiceAccountToken: true - -ingress: - enabled: true - className: "testclass" - hosts: - - demonow.xyz -nginx: - enabled: false -jfconnect: - enabled: true - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -mc: - enabled: true -splitServicesToContainers: true - -router: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" +databaseUpgradeReady: true +artifactory: + joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + persistence: + enabled: false + replicator: + enabled: true + ingress: + name: + hosts: [] + className: "testclass1" + trackerIngress: + enabled: true + className: "testclass2" + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + +access: + accessConfig: + security: + tls: true + resetAccessCAKeys: true + +postgresql: + postgresqlPassword: password + postgresqlExtendedConf: + maxConnections: 102 + persistence: + enabled: false + +rbac: + create: true +serviceAccount: + create: true + automountServiceAccountToken: true + +ingress: + enabled: true + className: "testclass" + hosts: + - demonow.xyz +nginx: + enabled: false +jfconnect: + enabled: true + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +mc: + enabled: true +splitServicesToContainers: true + +router: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +frontend: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +metadata: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +event: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +integration: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +observability: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml index 48677ed8..fa20cf63 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/rtsplit-values.yaml @@ -1,108 +1,108 @@ -databaseUpgradeReady: true -artifactory: - replicaCount: 3 - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - persistence: - enabled: false - replicator: - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - -postgresql: - postgresqlPassword: password - postgresqlExtendedConf: - maxConnections: 100 - persistence: - enabled: false - -rbac: - create: true -serviceAccount: - create: true - automountServiceAccountToken: true - -ingress: - enabled: true - className: "testclass" - hosts: - - demonow.xyz -nginx: - enabled: false -jfconnect: - enabled: true - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -mc: - enabled: true -splitServicesToContainers: true - -router: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -frontend: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -metadata: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -event: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -integration: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" -observability: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "1" +databaseUpgradeReady: true +artifactory: + replicaCount: 3 + joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + persistence: + enabled: false + replicator: + enabled: true + ingress: + name: + hosts: [] + className: "testclass1" + trackerIngress: + enabled: true + className: "testclass2" + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + +postgresql: + postgresqlPassword: password + postgresqlExtendedConf: + maxConnections: 100 + persistence: + enabled: false + +rbac: + create: true +serviceAccount: + create: true + automountServiceAccountToken: true + +ingress: + enabled: true + className: "testclass" + hosts: + - demonow.xyz +nginx: + enabled: false +jfconnect: + enabled: true + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +mc: + enabled: true +splitServicesToContainers: true + +router: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +frontend: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +metadata: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +event: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +integration: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" +observability: + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "1Gi" + cpu: "1" diff --git a/.disabled/artifactory-jcr/charts/artifactory/ci/test-values.yaml b/.disabled/artifactory-jcr/charts/artifactory/ci/test-values.yaml index bb336789..3bc52568 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/ci/test-values.yaml +++ b/.disabled/artifactory-jcr/charts/artifactory/ci/test-values.yaml @@ -1,85 +1,85 @@ -databaseUpgradeReady: true -artifactory: - replicaCount: 3 - joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE - masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF - persistence: - enabled: false - replicator: - name: replicator - enabled: true - ingress: - name: - hosts: [] - className: "testclass1" - trackerIngress: - enabled: true - className: "testclass2" - resources: - requests: - memory: "4Gi" - cpu: "2" - limits: - memory: "6Gi" - cpu: "4" - javaOpts: - xms: "4g" - xmx: "4g" - -postgresql: - postgresqlPassword: password - postgresqlExtendedConf: - maxConnections: 100 - persistence: - enabled: false - -rbac: - create: true -serviceAccount: - create: true - automountServiceAccountToken: true - -ingress: - enabled: true - className: "testclass" - hosts: - - demonow.xyz -nginx: - enabled: false - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 3 - targetCPUUtilizationPercentage: 70 - -## filebeat sidecar -filebeat: - enabled: true - filebeatYml: | - logging.level: info - path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat - name: artifactory-filebeat - queue.spool: - file: - permissions: 0760 - filebeat.inputs: - - type: log - enabled: true - close_eof: ${CLOSE:false} - paths: - - {{ .Values.artifactory.persistence.mountPath }}/log/*.log - fields: - service: "jfrt" - log_type: "artifactory" - output.file: - path: "/tmp/filebeat" - filename: filebeat - readinessProbe: - exec: - command: - - sh - - -c - - | - #!/usr/bin/env bash -e - curl --fail 127.0.0.1:5066 +databaseUpgradeReady: true +artifactory: + replicaCount: 3 + joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE + masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + persistence: + enabled: false + replicator: + name: replicator + enabled: true + ingress: + name: + hosts: [] + className: "testclass1" + trackerIngress: + enabled: true + className: "testclass2" + resources: + requests: + memory: "4Gi" + cpu: "2" + limits: + memory: "6Gi" + cpu: "4" + javaOpts: + xms: "4g" + xmx: "4g" + +postgresql: + postgresqlPassword: password + postgresqlExtendedConf: + maxConnections: 100 + persistence: + enabled: false + +rbac: + create: true +serviceAccount: + create: true + automountServiceAccountToken: true + +ingress: + enabled: true + className: "testclass" + hosts: + - demonow.xyz +nginx: + enabled: false + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 70 + +## filebeat sidecar +filebeat: + enabled: true + filebeatYml: | + logging.level: info + path.data: {{ .Values.artifactory.persistence.mountPath }}/log/filebeat + name: artifactory-filebeat + queue.spool: + file: + permissions: 0760 + filebeat.inputs: + - type: log + enabled: true + close_eof: ${CLOSE:false} + paths: + - {{ .Values.artifactory.persistence.mountPath }}/log/*.log + fields: + service: "jfrt" + log_type: "artifactory" + output.file: + path: "/tmp/filebeat" + filename: filebeat + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/usr/bin/env bash -e + curl --fail 127.0.0.1:5066 diff --git a/.disabled/artifactory-jcr/charts/artifactory/files/migrate.sh b/.disabled/artifactory-jcr/charts/artifactory/files/migrate.sh index 8997fd5d..886f1e49 100644 --- a/.disabled/artifactory-jcr/charts/artifactory/files/migrate.sh +++ b/.disabled/artifactory-jcr/charts/artifactory/files/migrate.sh @@ -1,4343 +1,4343 @@ -#!/bin/bash - -# Flags -FLAG_Y="y" -FLAG_N="n" -FLAGS_Y_N="$FLAG_Y $FLAG_N" -FLAG_NOT_APPLICABLE="_NA_" - -CURRENT_VERSION=$1 - -WRAPPER_SCRIPT_TYPE_RPMDEB="RPMDEB" -WRAPPER_SCRIPT_TYPE_DOCKER_COMPOSE="DOCKERCOMPOSE" - -SENSITIVE_KEY_VALUE="__sensitive_key_hidden___" - -# Shared system keys -SYS_KEY_SHARED_JFROGURL="shared.jfrogUrl" -SYS_KEY_SHARED_SECURITY_JOINKEY="shared.security.joinKey" -SYS_KEY_SHARED_SECURITY_MASTERKEY="shared.security.masterKey" - -SYS_KEY_SHARED_NODE_ID="shared.node.id" -SYS_KEY_SHARED_JAVAHOME="shared.javaHome" - -SYS_KEY_SHARED_DATABASE_TYPE="shared.database.type" -SYS_KEY_SHARED_DATABASE_TYPE_VALUE_POSTGRES="postgresql" -SYS_KEY_SHARED_DATABASE_DRIVER="shared.database.driver" -SYS_KEY_SHARED_DATABASE_URL="shared.database.url" -SYS_KEY_SHARED_DATABASE_USERNAME="shared.database.username" -SYS_KEY_SHARED_DATABASE_PASSWORD="shared.database.password" - -SYS_KEY_SHARED_ELASTICSEARCH_URL="shared.elasticsearch.url" -SYS_KEY_SHARED_ELASTICSEARCH_USERNAME="shared.elasticsearch.username" -SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD="shared.elasticsearch.password" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP="shared.elasticsearch.clusterSetup" -SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE="shared.elasticsearch.unicastFile" -SYS_KEY_SHARED_ELASTICSEARCH_CLUSTERSETUP_VALUE="YES" - -# Define this in product specific script. Should contain the path to unitcast file -# File used by insight server to write cluster active nodes info. This will be read by elasticsearch -#SYS_KEY_SHARED_ELASTICSEARCH_UNICASTFILE_VALUE="" - -SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME="shared.rabbitMq.active.node.name" -SYS_KEY_RABBITMQ_ACTIVE_NODE_IP="shared.rabbitMq.active.node.ip" - -# Filenames -FILE_NAME_SYSTEM_YAML="system.yaml" -FILE_NAME_JOIN_KEY="join.key" -FILE_NAME_MASTER_KEY="master.key" -FILE_NAME_INSTALLER_YAML="installer.yaml" - -# Global constants used in business logic -NODE_TYPE_STANDALONE="standalone" -NODE_TYPE_CLUSTER_NODE="node" -NODE_TYPE_DATABASE="database" - -# External(isable) databases -DATABASE_POSTGRES="POSTGRES" -DATABASE_ELASTICSEARCH="ELASTICSEARCH" -DATABASE_RABBITMQ="RABBITMQ" - -POSTGRES_LABEL="PostgreSQL" -ELASTICSEARCH_LABEL="Elasticsearch" -RABBITMQ_LABEL="Rabbitmq" - -ARTIFACTORY_LABEL="Artifactory" -JFMC_LABEL="Mission Control" -DISTRIBUTION_LABEL="Distribution" -XRAY_LABEL="Xray" - -POSTGRES_CONTAINER="postgres" -ELASTICSEARCH_CONTAINER="elasticsearch" -RABBITMQ_CONTAINER="rabbitmq" -REDIS_CONTAINER="redis" - -#Adding a small timeout before a read ensures it is positioned correctly in the screen -read_timeout=0.5 - -# Options related to data directory location -PROMPT_DATA_DIR_LOCATION="Installation Directory" -KEY_DATA_DIR_LOCATION="installer.data_dir" - -SYS_KEY_SHARED_NODE_HAENABLED="shared.node.haEnabled" -PROMPT_ADD_TO_CLUSTER="Are you adding an additional node to an existing product cluster?" -KEY_ADD_TO_CLUSTER="installer.ha" -VALID_VALUES_ADD_TO_CLUSTER="$FLAGS_Y_N" - -MESSAGE_POSTGRES_INSTALL="The installer can install a $POSTGRES_LABEL database, or you can connect to an existing compatible $POSTGRES_LABEL database\n(compatible databases: https://www.jfrog.com/confluence/display/JFROG/System+Requirements#SystemRequirements-RequirementsMatrix)" -PROMPT_POSTGRES_INSTALL="Do you want to install $POSTGRES_LABEL?" -KEY_POSTGRES_INSTALL="installer.install_postgresql" -VALID_VALUES_POSTGRES_INSTALL="$FLAGS_Y_N" - -# Postgres connection details -RPM_DEB_POSTGRES_HOME_DEFAULT="/var/opt/jfrog/postgres" -RPM_DEB_MESSAGE_STANDALONE_POSTGRES_DATA="$POSTGRES_LABEL home will have data and its configuration" -RPM_DEB_PROMPT_STANDALONE_POSTGRES_DATA="Type desired $POSTGRES_LABEL home location" -RPM_DEB_KEY_STANDALONE_POSTGRES_DATA="installer.postgresql.home" - -MESSAGE_DATABASE_URL="Provide the database connection details" -PROMPT_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://:/artifactory" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://:/mission_control?sslmode=disable" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://:/distribution?sslmode=disable" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://:/xraydb?sslmode=disable" - ;; - esac - if [ -z "$databaseURlExample" ]; then - echo -n "$POSTGRES_LABEL URL" # For consistency with username and password - return - fi - echo -n "$POSTGRES_LABEL url. Example: [$databaseURlExample]" -} -REGEX_DATABASE_URL(){ - local databaseURlExample= - case "$PRODUCT_NAME" in - $ARTIFACTORY_LABEL) - databaseURlExample="jdbc:postgresql://.*/artifactory.*" - ;; - $JFMC_LABEL) - databaseURlExample="postgresql://.*/mission_control.*" - ;; - $DISTRIBUTION_LABEL) - databaseURlExample="jdbc:postgresql://.*/distribution.*" - ;; - $XRAY_LABEL) - databaseURlExample="postgres://.*/xraydb.*" - ;; - esac - echo -n "^$databaseURlExample\$" -} -ERROR_MESSAGE_DATABASE_URL="Invalid $POSTGRES_LABEL URL" -KEY_DATABASE_URL="$SYS_KEY_SHARED_DATABASE_URL" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_USERNAME="$POSTGRES_LABEL username" -KEY_DATABASE_USERNAME="$SYS_KEY_SHARED_DATABASE_USERNAME" -#NOTE: It is important to display the label. Since the message may be hidden if URL is known -PROMPT_DATABASE_PASSWORD="$POSTGRES_LABEL password" -KEY_DATABASE_PASSWORD="$SYS_KEY_SHARED_DATABASE_PASSWORD" -IS_SENSITIVE_DATABASE_PASSWORD="$FLAG_Y" - -MESSAGE_STANDALONE_ELASTICSEARCH_INSTALL="The installer can install a $ELASTICSEARCH_LABEL database or you can connect to an existing compatible $ELASTICSEARCH_LABEL database" -PROMPT_STANDALONE_ELASTICSEARCH_INSTALL="Do you want to install $ELASTICSEARCH_LABEL?" -KEY_STANDALONE_ELASTICSEARCH_INSTALL="installer.install_elasticsearch" -VALID_VALUES_STANDALONE_ELASTICSEARCH_INSTALL="$FLAGS_Y_N" - -# Elasticsearch connection details -MESSAGE_ELASTICSEARCH_DETAILS="Provide the $ELASTICSEARCH_LABEL connection details" -PROMPT_ELASTICSEARCH_URL="$ELASTICSEARCH_LABEL URL" -KEY_ELASTICSEARCH_URL="$SYS_KEY_SHARED_ELASTICSEARCH_URL" - -PROMPT_ELASTICSEARCH_USERNAME="$ELASTICSEARCH_LABEL username" -KEY_ELASTICSEARCH_USERNAME="$SYS_KEY_SHARED_ELASTICSEARCH_USERNAME" - -PROMPT_ELASTICSEARCH_PASSWORD="$ELASTICSEARCH_LABEL password" -KEY_ELASTICSEARCH_PASSWORD="$SYS_KEY_SHARED_ELASTICSEARCH_PASSWORD" -IS_SENSITIVE_ELASTICSEARCH_PASSWORD="$FLAG_Y" - -# Cluster related questions -MESSAGE_CLUSTER_MASTER_KEY="Provide the cluster's master key. It can be found in the data directory of the first node under /etc/security/master.key" -PROMPT_CLUSTER_MASTER_KEY="Master Key" -KEY_CLUSTER_MASTER_KEY="$SYS_KEY_SHARED_SECURITY_MASTERKEY" -IS_SENSITIVE_CLUSTER_MASTER_KEY="$FLAG_Y" - -MESSAGE_JOIN_KEY="The Join key is the secret key used to establish trust between services in the JFrog Platform.\n(You can copy the Join Key from Admin > User Management > Settings)" -PROMPT_JOIN_KEY="Join Key" -KEY_JOIN_KEY="$SYS_KEY_SHARED_SECURITY_JOINKEY" -IS_SENSITIVE_JOIN_KEY="$FLAG_Y" -REGEX_JOIN_KEY="^[a-zA-Z0-9]{16,}\$" -ERROR_MESSAGE_JOIN_KEY="Invalid Join Key" - -# Rabbitmq related cluster information -MESSAGE_RABBITMQ_ACTIVE_NODE_NAME="Provide an active ${RABBITMQ_LABEL} node name. Run the command [ hostname -s ] on any of the existing nodes in the product cluster to get this" -PROMPT_RABBITMQ_ACTIVE_NODE_NAME="${RABBITMQ_LABEL} active node name" -KEY_RABBITMQ_ACTIVE_NODE_NAME="$SYS_KEY_RABBITMQ_ACTIVE_NODE_NAME" - -# Rabbitmq related cluster information (necessary only for docker-compose) -PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" -KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" - -MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" -} -PROMPT_JFROGURL="JFrog URL" -KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" -REGEX_JFROGURL="^https?://.*:{0,}[0-9]{0,4}\$" -ERROR_MESSAGE_JFROGURL="Invalid JFrog URL" - - -# Set this to FLAG_Y on upgrade -IS_UPGRADE="${FLAG_N}" - -# This belongs in JFMC but is the ONLY one that needs it so keeping it here for now. Can be made into a method and overridden if necessary -MESSAGE_MULTIPLE_PG_SCHEME="Please setup $POSTGRES_LABEL with schema as described in https://www.jfrog.com/confluence/display/JFROG/Installing+Mission+Control" - -_getMethodOutputOrVariableValue() { - unset EFFECTIVE_MESSAGE - local keyToSearch=$1 - local effectiveMessage= - local result="0" - # logSilly "Searching for method: [$keyToSearch]" - LC_ALL=C type "$keyToSearch" > /dev/null 2>&1 || result="$?" - if [[ "$result" == "0" ]]; then - # logSilly "Found method for [$keyToSearch]" - EFFECTIVE_MESSAGE="$($keyToSearch)" - return - fi - eval EFFECTIVE_MESSAGE=\${$keyToSearch} - if [ ! -z "$EFFECTIVE_MESSAGE" ]; then - return - fi - # logSilly "Didn't find method or variable for [$keyToSearch]" -} - - -# REF https://misc.flogisoft.com/bash/tip_colors_and_formatting -cClear="\e[0m" -cBlue="\e[38;5;69m" -cRedDull="\e[1;31m" -cYellow="\e[1;33m" -cRedBright="\e[38;5;197m" -cBold="\e[1m" - - -_loggerGetModeRaw() { - local MODE="$1" - case $MODE in - INFO) - printf "" - ;; - DEBUG) - printf "%s" "[${MODE}] " - ;; - WARN) - printf "${cRedDull}%s%s${cClear}" "[" "${MODE}" "] " - ;; - ERROR) - printf "${cRedBright}%s%s${cClear}" "[" "${MODE}" "] " - ;; - esac -} - - -_loggerGetMode() { - local MODE="$1" - case $MODE in - INFO) - printf "${cBlue}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - DEBUG) - printf "%-7s" "[${MODE}]" - ;; - WARN) - printf "${cRedDull}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - ERROR) - printf "${cRedBright}%s%-5s%s${cClear}" "[" "${MODE}" "]" - ;; - esac -} - -# Capitalises the first letter of the message -_loggerGetMessage() { - local originalMessage="$*" - local firstChar=$(echo "${originalMessage:0:1}" | awk '{ print toupper($0) }') - local resetOfMessage="${originalMessage:1}" - echo "$firstChar$resetOfMessage" -} - -# The spec also says content should be left-trimmed but this is not necessary in our case. We don't reach the limit. -_loggerGetStackTrace() { - printf "%s%-30s%s" "[" "$1:$2" "]" -} - -_loggerGetThread() { - printf "%s" "[main]" -} - -_loggerGetServiceType() { - printf "%s%-5s%s" "[" "shell" "]" -} - -#Trace ID is not applicable to scripts -_loggerGetTraceID() { - printf "%s" "[]" -} - -logRaw() { - echo "" - printf "$1" - echo "" -} - -logBold(){ - echo "" - printf "${cBold}$1${cClear}" - echo "" -} - -# The date binary works differently based on whether it is GNU/BSD -is_date_supported=0 -date --version > /dev/null 2>&1 || is_date_supported=1 -IS_GNU=$(echo $is_date_supported) - -_loggerGetTimestamp() { - if [ "${IS_GNU}" == "0" ]; then - echo -n $(date -u +%FT%T.%3NZ) - else - echo -n $(date -u +%FT%T.000Z) - fi -} - -# https://www.shellscript.sh/tips/spinner/ -_spin() -{ - spinner="/|\\-/|\\-" - while : - do - for i in `seq 0 7` - do - echo -n "${spinner:$i:1}" - echo -en "\010" - sleep 1 - done - done -} - -showSpinner() { - # Start the Spinner: - _spin & - # Make a note of its Process ID (PID): - SPIN_PID=$! - # Kill the spinner on any signal, including our own exit. - trap "kill -9 $SPIN_PID" `seq 0 15` &> /dev/null || return 0 -} - -stopSpinner() { - local occurrences=$(ps -ef | grep -wc "${SPIN_PID}") - let "occurrences+=0" - # validate that it is present (2 since this search itself will show up in the results) - if [ $occurrences -gt 1 ]; then - kill -9 $SPIN_PID &>/dev/null || return 0 - wait $SPIN_ID &>/dev/null - fi -} - -_getEffectiveMessage(){ - local MESSAGE="$1" - local MODE=${2-"INFO"} - - if [ -z "$CONTEXT" ]; then - CONTEXT=$(caller) - fi - - _EFFECTIVE_MESSAGE= - if [ -z "$LOG_BEHAVIOR_ADD_META" ]; then - _EFFECTIVE_MESSAGE="$(_loggerGetModeRaw $MODE)$(_loggerGetMessage $MESSAGE)" - else - local SERVICE_TYPE="script" - local TRACE_ID="" - local THREAD="main" - - local CONTEXT_LINE=$(echo "$CONTEXT" | awk '{print $1}') - local CONTEXT_FILE=$(echo "$CONTEXT" | awk -F"/" '{print $NF}') - - _EFFECTIVE_MESSAGE="$(_loggerGetTimestamp) $(_loggerGetServiceType) $(_loggerGetMode $MODE) $(_loggerGetTraceID) $(_loggerGetStackTrace $CONTEXT_FILE $CONTEXT_LINE) $(_loggerGetThread) - $(_loggerGetMessage $MESSAGE)" - fi - CONTEXT= -} - -# Important - don't call any log method from this method. Will become an infinite loop. Use echo to debug -_logToFile() { - local MODE=${1-"INFO"} - local targetFile="$LOG_BEHAVIOR_ADD_REDIRECTION" - # IF the file isn't passed, abort - if [ -z "$targetFile" ]; then - return - fi - # IF this is not being run in verbose mode and mode is debug or lower, abort - if [ "${VERBOSE_MODE}" != "$FLAG_Y" ] && [ "${VERBOSE_MODE}" != "true" ] && [ "${VERBOSE_MODE}" != "debug" ]; then - if [ "$MODE" == "DEBUG" ] || [ "$MODE" == "SILLY" ]; then - return - fi - fi - - # Create the file if it doesn't exist - if [ ! -f "${targetFile}" ]; then - return - # touch $targetFile > /dev/null 2>&1 || true - fi - # # Make it readable - # chmod 640 $targetFile > /dev/null 2>&1 || true - - # Log contents - printf "%s\n" "$_EFFECTIVE_MESSAGE" >> "$targetFile" || true -} - -logger() { - if [ "$LOG_BEHAVIOR_ADD_NEW_LINE" == "$FLAG_Y" ]; then - echo "" - fi - _getEffectiveMessage "$@" - local MODE=${2-"INFO"} - printf "%s\n" "$_EFFECTIVE_MESSAGE" - _logToFile "$MODE" -} - -logDebug(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "$FLAG_Y" ] || [ "${VERBOSE_MODE}" == "true" ] || [ "${VERBOSE_MODE}" == "debug" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logSilly(){ - VERBOSE_MODE=${VERBOSE_MODE-"false"} - CONTEXT=$(caller) - if [ "${VERBOSE_MODE}" == "silly" ];then - logger "$1" "DEBUG" - else - logger "$1" "DEBUG" >&6 - fi - CONTEXT= -} - -logError() { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= -} - -errorExit () { - CONTEXT=$(caller) - logger "$1" "ERROR" - CONTEXT= - exit 1 -} - -warn () { - CONTEXT=$(caller) - logger "$1" "WARN" - CONTEXT= -} - -note () { - CONTEXT=$(caller) - logger "$1" "NOTE" - CONTEXT= -} - -bannerStart() { - title=$1 - echo - echo -e "\033[1m${title}\033[0m" - echo -} - -bannerSection() { - title=$1 - echo - echo -e "******************************** ${title} ********************************" - echo -} - -bannerSubSection() { - title=$1 - echo - echo -e "************** ${title} *******************" - echo -} - -bannerMessge() { - title=$1 - echo - echo -e "********************************" - echo -e "${title}" - echo -e "********************************" - echo -} - -setRed () { - local input="$1" - echo -e \\033[31m${input}\\033[0m -} -setGreen () { - local input="$1" - echo -e \\033[32m${input}\\033[0m -} -setYellow () { - local input="$1" - echo -e \\033[33m${input}\\033[0m -} - -logger_addLinebreak () { - echo -e "---\n" -} - -bannerImportant() { - title=$1 - local bold="\033[1m" - local noColour="\033[0m" - echo - echo -e "${bold}######################################## IMPORTANT ########################################${noColour}" - echo -e "${bold}${title}${noColour}" - echo -e "${bold}###########################################################################################${noColour}" - echo -} - -bannerEnd() { - #TODO pass a title and calculate length dynamically so that start and end look alike - echo - echo "*****************************************************************************" - echo -} - -banner() { - title=$1 - content=$2 - bannerStart "${title}" - echo -e "$content" -} - -# The logic below helps us redirect content we'd normally hide to the log file. - # - # We have several commands which clutter the console with output and so use - # `cmd > /dev/null` - this redirects the command's output to null. - # - # However, the information we just hid maybe useful for support. Using the code pattern - # `cmd >&6` (instead of `cmd> >/dev/null` ), the command's output is hidden from the console - # but redirected to the installation log file - # - -#Default value of 6 is just null -exec 6>>/dev/null -redirectLogsToFile() { - echo "" - # local file=$1 - - # [ ! -z "${file}" ] || return 0 - - # local logDir=$(dirname "$file") - - # if [ ! -f "${file}" ]; then - # [ -d "${logDir}" ] || mkdir -p ${logDir} || \ - # ( echo "WARNING : Could not create parent directory (${logDir}) to redirect console log : ${file}" ; return 0 ) - # fi - - # #6 now points to the log file - # exec 6>>${file} - # #reference https://unix.stackexchange.com/questions/145651/using-exec-and-tee-to-redirect-logs-to-stdout-and-a-log-file-in-the-same-time - # exec 2>&1 > >(tee -a "${file}") -} - -# Check if a give key contains any sensitive string as part of it -# Based on the result, the caller can decide its value can be displayed or not -# Sample usage : isKeySensitive "${key}" && displayValue="******" || displayValue=${value} -isKeySensitive(){ - local key=$1 - local sensitiveKeys="password|secret|key|token" - - if [ -z "${key}" ]; then - return 1 - else - local lowercaseKey=$(echo "${key}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - [[ "${lowercaseKey}" =~ ${sensitiveKeys} ]] && return 0 || return 1 - fi -} - -getPrintableValueOfKey(){ - local displayValue= - local key="$1" - if [ -z "$key" ]; then - # This is actually an incorrect usage of this method but any logging will cause unexpected content in the caller - echo -n "" - return - fi - - local value="$2" - isKeySensitive "${key}" && displayValue="$SENSITIVE_KEY_VALUE" || displayValue="${value}" - echo -n $displayValue -} - -_createConsoleLog(){ - if [ -z "${JF_PRODUCT_HOME}" ]; then - return - fi - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - mkdir -p "${JF_PRODUCT_HOME}/var/log" || true - if [ ! -f ${targetFile} ]; then - touch $targetFile > /dev/null 2>&1 || true - fi - chmod 640 $targetFile > /dev/null 2>&1 || true -} - -# Output from application's logs are piped to this method. It checks a configuration variable to determine if content should be logged to -# the common console.log file -redirectServiceLogsToFile() { - - local result="0" - # check if the function getSystemValue exists - LC_ALL=C type getSystemValue > /dev/null 2>&1 || result="$?" - if [[ "$result" != "0" ]]; then - warn "Couldn't find the systemYamlHelper. Skipping log redirection" - return 0 - fi - - getSystemValue "shared.consoleLog" "NOT_SET" - if [[ "${YAML_VALUE}" == "false" ]]; then - logger "Redirection is set to false. Skipping log redirection" - return 0; - fi - - if [ -z "${JF_PRODUCT_HOME}" ] || [ "${JF_PRODUCT_HOME}" == "" ]; then - warn "JF_PRODUCT_HOME is unavailable. Skipping log redirection" - return 0 - fi - - local targetFile="${JF_PRODUCT_HOME}/var/log/console.log" - - _createConsoleLog - - while read -r line; do - printf '%s\n' "${line}" >> $targetFile || return 0 # Don't want to log anything - might clutter the screen - done -} - -## Display environment variables starting with JF_ along with its value -## Value of sensitive keys will be displayed as "******" -## -## Sample Display : -## -## ======================== -## JF Environment variables -## ======================== -## -## JF_SHARED_NODE_ID : locahost -## JF_SHARED_JOINKEY : ****** -## -## -displayEnv() { - local JFEnv=$(printenv | grep ^JF_ 2>/dev/null) - local key= - local value= - - if [ -z "${JFEnv}" ]; then - return - fi - - cat << ENV_START_MESSAGE - -======================== -JF Environment variables -======================== -ENV_START_MESSAGE - - for entry in ${JFEnv}; do - key=$(echo "${entry}" | awk -F'=' '{print $1}') - value=$(echo "${entry}" | awk -F'=' '{print $2}') - - isKeySensitive "${key}" && value="******" || value=${value} - - printf "\n%-35s%s" "${key}" " : ${value}" - done - echo; -} - -_addLogRotateConfiguration() { - logDebug "Method ${FUNCNAME[0]}" - # mandatory inputs - local confFile="$1" - local logFile="$2" - - # Method available in _ioOperations.sh - LC_ALL=C type io_setYQPath > /dev/null 2>&1 || return 1 - - io_setYQPath - - # Method available in _systemYamlHelper.sh - LC_ALL=C type getSystemValue > /dev/null 2>&1 || return 1 - - local frequency="daily" - local archiveFolder="archived" - - local compressLogFiles= - getSystemValue "shared.logging.rotation.compress" "true" - if [[ "${YAML_VALUE}" == "true" ]]; then - compressLogFiles="compress" - fi - - getSystemValue "shared.logging.rotation.maxFiles" "10" - local noOfBackupFiles="${YAML_VALUE}" - - getSystemValue "shared.logging.rotation.maxSizeMb" "25" - local sizeOfFile="${YAML_VALUE}M" - - logDebug "Adding logrotate configuration for [$logFile] to [$confFile]" - - # Add configuration to file - local confContent=$(cat << LOGROTATECONF -$logFile { - $frequency - missingok - rotate $noOfBackupFiles - $compressLogFiles - notifempty - olddir $archiveFolder - dateext - extension .log - dateformat -%Y-%m-%d - size ${sizeOfFile} -} -LOGROTATECONF -) - echo "${confContent}" > ${confFile} || return 1 -} - -_operationIsBySameUser() { - local targetUser="$1" - local currentUserID=$(id -u) - local currentUserName=$(id -un) - - if [ $currentUserID == $targetUser ] || [ $currentUserName == $targetUser ]; then - echo -n "yes" - else - echo -n "no" - fi -} - -_addCronJobForLogrotate() { - logDebug "Method ${FUNCNAME[0]}" - - # Abort if logrotate is not available - [ "$(io_commandExists 'crontab')" != "yes" ] && warn "cron is not available" && return 1 - - # mandatory inputs - local productHome="$1" - local confFile="$2" - local cronJobOwner="$3" - - # We want to use our binary if possible. It may be more recent than the one in the OS - local logrotateBinary="$productHome/app/third-party/logrotate/logrotate" - - if [ ! -f "$logrotateBinary" ]; then - logrotateBinary="logrotate" - [ "$(io_commandExists 'logrotate')" != "yes" ] && warn "logrotate is not available" && return 1 - fi - local cmd="$logrotateBinary ${confFile} --state $productHome/var/etc/logrotate/logrotate-state" #--verbose - - id -u $cronJobOwner > /dev/null 2>&1 || { warn "User $cronJobOwner does not exist. Aborting logrotate configuration" && return 1; } - - # Remove the existing line - removeLogRotation "$productHome" "$cronJobOwner" || true - - # Run logrotate daily at 23:55 hours - local cronInterval="55 23 * * * $cmd" - - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - # If this is standalone mode, we cannot use -u - the user running this process may not have the necessary privileges - if [ "$standaloneMode" == "no" ]; then - (crontab -l -u $cronJobOwner 2>/dev/null; echo "$cronInterval") | crontab -u $cronJobOwner - - else - (crontab -l 2>/dev/null; echo "$cronInterval") | crontab - - fi -} - -## Configure logrotate for a product -## Failure conditions: -## If logrotation could not be setup for some reason -## Parameters: -## $1: The product name -## $2: The product home -## Depends on global: none -## Updates global: none -## Returns: NA - -configureLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - - # mandatory inputs - local productName="$1" - if [ -z $productName ]; then - warn "Incorrect usage. A product name is necessary for configuring log rotation" && return 1 - fi - - local productHome="$2" - if [ -z $productHome ]; then - warn "Incorrect usage. A product home folder is necessary for configuring log rotation" && return 1 - fi - - local logFile="${productHome}/var/log/console.log" - if [[ $(uname) == "Darwin" ]]; then - logger "Log rotation for [$logFile] has not been configured. Please setup manually" - return 0 - fi - - local userID="$3" - if [ -z $userID ]; then - warn "Incorrect usage. A userID is necessary for configuring log rotation" && return 1 - fi - - local groupID=${4:-$userID} - local logConfigOwner=${5:-$userID} - - logDebug "Configuring log rotation as user [$userID], group [$groupID], effective cron User [$logConfigOwner]" - - local errorMessage="Could not configure logrotate. Please configure log rotation of the file: [$logFile] manually" - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - # TODO move to recursive method - createDir "${productHome}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/log/archived" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - - # TODO move to recursive method - createDir "${productHome}/var/etc" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - createDir "${productHome}/var/etc/logrotate" "$logConfigOwner" || { warn "${errorMessage}" && return 1; } - - # conf file should be owned by the user running the script - createFile "${confFile}" "${logConfigOwner}" || { warn "Could not create configuration file [$confFile]" return 1; } - - _addLogRotateConfiguration "${confFile}" "${logFile}" "$userID" "$groupID" || { warn "${errorMessage}" && return 1; } - _addCronJobForLogrotate "${productHome}" "${confFile}" "${logConfigOwner}" || { warn "${errorMessage}" && return 1; } -} - -_pauseExecution() { - if [ "${VERBOSE_MODE}" == "debug" ]; then - - local breakPoint="$1" - if [ ! -z "$breakPoint" ]; then - printf "${cBlue}Breakpoint${cClear} [$breakPoint] " - echo "" - fi - printf "${cBlue}Press enter once you are ready to continue${cClear}" - read -s choice - echo "" - fi -} - -# removeLogRotation "$productHome" "$cronJobOwner" || true -removeLogRotation() { - logDebug "Method ${FUNCNAME[0]}" - if [[ $(uname) == "Darwin" ]]; then - logDebug "Not implemented for Darwin." - return 0 - fi - local productHome="$1" - local cronJobOwner="$2" - local standaloneMode=$(_operationIsBySameUser "$cronJobOwner") - - local confFile="${productHome}/var/etc/logrotate/logrotate.conf" - - if [ "$standaloneMode" == "no" ]; then - crontab -l -u $cronJobOwner 2>/dev/null | grep -v "$confFile" | crontab -u $cronJobOwner - - else - crontab -l 2>/dev/null | grep -v "$confFile" | crontab - - fi -} - -# NOTE: This method does not check the configuration to see if redirection is necessary. -# This is intentional. If we don't redirect, tomcat logs might get redirected to a folder/file -# that does not exist, causing the service itself to not start -setupTomcatRedirection() { - logDebug "Method ${FUNCNAME[0]}" - local consoleLog="${JF_PRODUCT_HOME}/var/log/console.log" - _createConsoleLog - export CATALINA_OUT="${consoleLog}" -} - -setupScriptLogsRedirection() { - logDebug "Method ${FUNCNAME[0]}" - if [ -z "${JF_PRODUCT_HOME}" ]; then - logDebug "No JF_PRODUCT_HOME. Returning" - return - fi - # Create the console.log file if it is not already present - # _createConsoleLog || true - # # Ensure any logs (logger/logError/warn) also get redirected to the console.log - # # Using installer.log as a temparory fix. Please change this to console.log once INST-291 is fixed - export LOG_BEHAVIOR_ADD_REDIRECTION="${JF_PRODUCT_HOME}/var/log/console.log" - export LOG_BEHAVIOR_ADD_META="$FLAG_Y" -} - -# Returns Y if this method is run inside a container -isRunningInsideAContainer() { - if [ -f "/.dockerenv" ]; then - echo -n "$FLAG_Y" - else - echo -n "$FLAG_N" - fi -} - -POSTGRES_USER=999 -NGINX_USER=104 -NGINX_GROUP=107 -ES_USER=1000 -REDIS_USER=999 -MONGO_USER=999 -RABBITMQ_USER=999 -LOG_FILE_PERMISSION=640 -PID_FILE_PERMISSION=644 - -# Copy file -copyFile(){ - local source=$1 - local target=$2 - local mode=${3:-overwrite} - local enableVerbose=${4:-"${FLAG_N}"} - local verboseFlag="" - - if [ ! -z "${enableVerbose}" ] && [ "${enableVerbose}" == "${FLAG_Y}" ]; then - verboseFlag="-v" - fi - - if [[ ! ( $source && $target ) ]]; then - warn "Source and target is mandatory to copy file" - return 1 - fi - - if [[ -f "${target}" ]]; then - [[ "$mode" = "overwrite" ]] && ( cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}") || true - else - cp ${verboseFlag} -f "$source" "$target" || errorExit "Unable to copy file, command : cp -f ${source} ${target}" - fi -} - -# Copy files recursively from given source directory to destination directory -# This method wil copy but will NOT overwrite -# Destination will be created if its not available -copyFilesNoOverwrite(){ - local src=$1 - local dest=$2 - local enableVerboseCopy="${3:-${FLAG_Y}}" - - if [[ -z "${src}" || -z "${dest}" ]]; then - return - fi - - if [ -d "${src}" ] && [ "$(ls -A ${src})" ]; then - local relativeFilePath="" - local targetFilePath="" - - for file in $(find ${src} -type f 2>/dev/null) ; do - # Derive relative path and attach it to destination - # Example : - # src=/extra_config - # dest=/var/opt/jfrog/artifactory/etc - # file=/extra_config/config.xml - # relativeFilePath=config.xml - # targetFilePath=/var/opt/jfrog/artifactory/etc/config.xml - relativeFilePath=${file/${src}/} - targetFilePath=${dest}${relativeFilePath} - - createDir "$(dirname "$targetFilePath")" - copyFile "${file}" "${targetFilePath}" "no_overwrite" "${enableVerboseCopy}" - done - fi -} - -# TODO : WINDOWS ? -# Check the max open files and open processes set on the system -checkULimits () { - local minMaxOpenFiles=${1:-32000} - local minMaxOpenProcesses=${2:-1024} - local setValue=${3:-true} - local warningMsgForFiles=${4} - local warningMsgForProcesses=${5} - - logger "Checking open files and processes limits" - - local currentMaxOpenFiles=$(ulimit -n) - logger "Current max open files is $currentMaxOpenFiles" - if [ ${currentMaxOpenFiles} != "unlimited" ] && [ "$currentMaxOpenFiles" -lt "$minMaxOpenFiles" ]; then - if [ "${setValue}" ]; then - ulimit -n "${minMaxOpenFiles}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForFiles}" ] || warn "${warningMsgForFiles}" - else - errorExit "Max number of open files $currentMaxOpenFiles, is too low. Cannot run the application!" - fi - fi - - local currentMaxOpenProcesses=$(ulimit -u) - logger "Current max open processes is $currentMaxOpenProcesses" - if [ "$currentMaxOpenProcesses" != "unlimited" ] && [ "$currentMaxOpenProcesses" -lt "$minMaxOpenProcesses" ]; then - if [ "${setValue}" ]; then - ulimit -u "${minMaxOpenProcesses}" >/dev/null 2>&1 || warn "Max number of open files $currentMaxOpenFiles is low!" - [ -z "${warningMsgForProcesses}" ] || warn "${warningMsgForProcesses}" - else - errorExit "Max number of open files $currentMaxOpenProcesses, is too low. Cannot run the application!" - fi - fi -} - -createDirs() { - local appDataDir=$1 - local serviceName=$2 - local folders="backup bootstrap data etc logs work" - - [ -z "${appDataDir}" ] && errorExit "An application directory is mandatory to create its data structure" || true - [ -z "${serviceName}" ] && errorExit "A service name is mandatory to create service data structure" || true - - for folder in ${folders} - do - folder=${appDataDir}/${folder}/${serviceName} - if [ ! -d "${folder}" ]; then - logger "Creating folder : ${folder}" - mkdir -p "${folder}" || errorExit "Failed to create ${folder}" - fi - done -} - - -testReadWritePermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local test_file=${dir_to_check}/test-permissions - - # Write file - if echo test > ${test_file} 1> /dev/null 2>&1; then - # Write succeeded. Testing read... - if cat ${test_file} > /dev/null; then - rm -f ${test_file} - else - error=true - fi - else - error=true - fi - - if [ ${error} == true ]; then - return 1 - else - return 0 - fi -} - -# Test directory has read/write permissions for current user -testDirectoryPermissions () { - local dir_to_check=$1 - local error=false - - [ -d ${dir_to_check} ] || errorExit "'${dir_to_check}' is not a directory" - - local u_id=$(id -u) - local id_str="id ${u_id}" - - logger "Testing directory ${dir_to_check} has read/write permissions for user ${id_str}" - - if ! testReadWritePermissions ${dir_to_check}; then - error=true - fi - - if [ "${error}" == true ]; then - local stat_data=$(stat -Lc "Directory: %n, permissions: %a, owner: %U, group: %G" ${dir_to_check}) - logger "###########################################################" - logger "${dir_to_check} DOES NOT have proper permissions for user ${id_str}" - logger "${stat_data}" - logger "Mounted directory must have read/write permissions for user ${id_str}" - logger "###########################################################" - errorExit "Directory ${dir_to_check} has bad permissions for user ${id_str}" - fi - logger "Permissions for ${dir_to_check} are good" -} - -# Utility method to create a directory path recursively with chown feature as -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: Root directory from where the path can be created -## $2: List of recursive child directories separated by space -## $3: user who should own the directory. Optional -## $4: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA -# -# Usage: -# createRecursiveDir "/opt/jfrog/product/var" "bootstrap tomcat lib" "user_name" "group_name" -createRecursiveDir(){ - local rootDir=$1 - local pathDirs=$2 - local user=$3 - local group=${4:-${user}} - local fullPath= - - [ ! -z "${rootDir}" ] || return 0 - - createDir "${rootDir}" "${user}" "${group}" - - [ ! -z "${pathDirs}" ] || return 0 - - fullPath=${rootDir} - - for dir in ${pathDirs}; do - fullPath=${fullPath}/${dir} - createDir "${fullPath}" "${user}" "${group}" - done -} - -# Utility method to create a directory -# Failure conditions: -## Exits if unable to create a directory -# Parameters: -## $1: directory to create -## $2: user who should own the directory. Optional -## $3: group who should own the directory. Optional -# Depends on global: none -# Updates global: none -# Returns: NA - -createDir(){ - local dirName="$1" - local printMessage=no - logSilly "Method ${FUNCNAME[0]} invoked with [$dirName]" - [ -z "${dirName}" ] && return - - logDebug "Attempting to create ${dirName}" - mkdir -p "${dirName}" || errorExit "Unable to create directory: [${dirName}]" - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - # Earlier, this line would have returned 1 if it failed. Now it just warns. - # This is intentional. Earlier, this line would NOT be reached if the folder already existed. - # Since it will always come to this line and the script may be running as a non-root user, this method will just warn if - # setting permissions fails (so as to not affect any existing flows) - io_setOwnershipNonRecursive "$dirName" "$userID" "$groupID" || warn "Could not set owner of [$dirName] to [$userID:$groupID]" - fi - # logging message to print created dir with user and group - local logMessage=${4:-$printMessage} - if [[ "${logMessage}" == "yes" ]]; then - logger "Successfully created directory [${dirName}]. Owner: [${userID}:${groupID}]" - fi -} - -removeSoftLinkAndCreateDir () { - local dirName="$1" - local userID="$2" - local groupID="$3" - local logMessage="$4" - removeSoftLink "${dirName}" - createDir "${dirName}" "${userID}" "${groupID}" "${logMessage}" -} - -# Utility method to remove a soft link -removeSoftLink () { - local dirName="$1" - if [[ -L "${dirName}" ]]; then - targetLink=$(readlink -f "${dirName}") - logger "Removing the symlink [${dirName}] pointing to [${targetLink}]" - rm -f "${dirName}" - fi -} - -# Check Directory exist in the path -checkDirExists () { - local directoryPath="$1" - - [[ -d "${directoryPath}" ]] && echo -n "true" || echo -n "false" -} - - -# Utility method to create a file -# Failure conditions: -# Parameters: -## $1: file to create -# Depends on global: none -# Updates global: none -# Returns: NA - -createFile(){ - local fileName="$1" - logSilly "Method ${FUNCNAME[0]} [$fileName]" - [ -f "${fileName}" ] && return 0 - touch "${fileName}" || return 1 - - local userID="$2" - local groupID=${3:-$userID} - - # If UID/GID is passed, chown the folder - if [ ! -z "$userID" ] && [ ! -z "$groupID" ]; then - io_setOwnership "$fileName" "$userID" "$groupID" || return 1 - fi -} - -# Check File exist in the filePath -# IMPORTANT- DON'T ADD LOGGING to this method -checkFileExists () { - local filePath="$1" - - [[ -f "${filePath}" ]] && echo -n "true" || echo -n "false" -} - -# Check for directories contains any (files or sub directories) -# IMPORTANT- DON'T ADD LOGGING to this method -checkDirContents () { - local directoryPath="$1" - if [[ "$(ls -1 "${directoryPath}" | wc -l)" -gt 0 ]]; then - echo -n "true" - else - echo -n "false" - fi -} - -# Check contents exist in directory -# IMPORTANT- DON'T ADD LOGGING to this method -checkContentExists () { - local source="$1" - - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - echo -n "false" - else - echo -n "true" - fi -} - -# Resolve the variable -# IMPORTANT- DON'T ADD LOGGING to this method -evalVariable () { - local output="$1" - local input="$2" - - eval "${output}"=\${"${input}"} - eval echo \${"${output}"} -} - -# Usage: if [ "$(io_commandExists 'curl')" == "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_commandExists() { - local commandToExecute="$1" - hash "${commandToExecute}" 2>/dev/null - local rt=$? - if [ "$rt" == 0 ]; then echo -n "yes"; else echo -n "no"; fi -} - -# Usage: if [ "$(io_curlExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_curlExists() { - io_commandExists "curl" -} - - -io_hasMatch() { - logSilly "Method ${FUNCNAME[0]}" - local result=0 - logDebug "Executing [echo \"$1\" | grep \"$2\" >/dev/null 2>&1]" - echo "$1" | grep "$2" >/dev/null 2>&1 || result=1 - return $result -} - -# Utility method to check if the string passed (usually a connection url) corresponds to this machine itself -# Failure conditions: None -# Parameters: -## $1: string to check against -# Depends on global: none -# Updates global: IS_LOCALHOST with value "yes/no" -# Returns: NA - -io_getIsLocalhost() { - logSilly "Method ${FUNCNAME[0]}" - IS_LOCALHOST="$FLAG_N" - local inputString="$1" - logDebug "Parsing [$inputString] to check if we are dealing with this machine itself" - - io_hasMatch "$inputString" "localhost" && { - logDebug "Found localhost. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for localhost" - - local hostIP=$(io_getPublicHostIP) - io_hasMatch "$inputString" "$hostIP" && { - logDebug "Found $hostIP. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostIP" - - local hostID=$(io_getPublicHostID) - io_hasMatch "$inputString" "$hostID" && { - logDebug "Found $hostID. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostID" - - local hostName=$(io_getPublicHostName) - io_hasMatch "$inputString" "$hostName" && { - logDebug "Found $hostName. Returning [$FLAG_Y]" - IS_LOCALHOST="$FLAG_Y" && return; - } || logDebug "Did not find match for $hostName" - -} - -# Usage: if [ "$(io_tarExists)" != "yes" ] -# IMPORTANT- DON'T ADD LOGGING to this method -io_tarExists() { - io_commandExists "tar" -} - -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostIP() { - local OS_TYPE=$(uname) - local publicHostIP= - if [ "${OS_TYPE}" == "Darwin" ]; then - ipStatus=$(ifconfig en0 | grep "status" | awk '{print$2}') - if [ "${ipStatus}" == "active" ]; then - publicHostIP=$(ifconfig en0 | grep inet | grep -v inet6 | awk '{print $2}') - else - errorExit "Host IP could not be resolved!" - fi - elif [ "${OS_TYPE}" == "Linux" ]; then - publicHostIP=$(hostname -i 2>/dev/null || echo "127.0.0.1") - fi - publicHostIP=$(echo "${publicHostIP}" | awk '{print $1}') - echo -n "${publicHostIP}" -} - -# Will return the short host name (up to the first dot) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostName() { - echo -n "$(hostname -s)" -} - -# Will return the full host name (use this as much as possible) -# IMPORTANT- DON'T ADD LOGGING to this method -io_getPublicHostID() { - echo -n "$(hostname)" -} - -# Utility method to backup a file -# Failure conditions: NA -# Parameters: filePath -# Depends on global: none, -# Updates global: none -# Returns: NA -io_backupFile() { - logSilly "Method ${FUNCNAME[0]}" - fileName="$1" - if [ ! -f "${filePath}" ]; then - logDebug "No file: [${filePath}] to backup" - return - fi - dateTime=$(date +"%Y-%m-%d-%H-%M-%S") - targetFileName="${fileName}.backup.${dateTime}" - yes | \cp -f "$fileName" "${targetFileName}" - logger "File [${fileName}] backedup as [${targetFileName}]" -} - -# Reference https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash/4025065#4025065 -is_number() { - case "$BASH_VERSION" in - 3.1.*) - PATTERN='\^\[0-9\]+\$' - ;; - *) - PATTERN='^[0-9]+$' - ;; - esac - - [[ "$1" =~ $PATTERN ]] -} - -io_compareVersions() { - if [[ $# != 2 ]] - then - echo "Usage: min_version current minimum" - return - fi - - A="${1%%.*}" - B="${2%%.*}" - - if [[ "$A" != "$1" && "$B" != "$2" && "$A" == "$B" ]] - then - io_compareVersions "${1#*.}" "${2#*.}" - else - if is_number "$A" && is_number "$B" - then - if [[ "$A" -eq "$B" ]]; then - echo "0" - elif [[ "$A" -gt "$B" ]]; then - echo "1" - elif [[ "$A" -lt "$B" ]]; then - echo "-1" - fi - fi - fi -} - -# Reference https://stackoverflow.com/questions/369758/how-to-trim-whitespace-from-a-bash-variable -# Strip all leading and trailing spaces -# IMPORTANT- DON'T ADD LOGGING to this method -io_trim() { - local var="$1" - # remove leading whitespace characters - var="${var#"${var%%[![:space:]]*}"}" - # remove trailing whitespace characters - var="${var%"${var##*[![:space:]]}"}" - echo -n "$var" -} - -# temporary function will be removing it ASAP -# search for string and replace text in file -replaceText_migration_hook () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s/${regexString}/${replaceText}/" "${file}" || warn "Failed to replace the text in ${file}" - fi -} - -# search for string and replace text in file -replaceText () { - local regexString="$1" - local replaceText="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - else - sed -i -e "s#${regexString}#${replaceText}#" "${file}" || warn "Failed to replace the text in ${file}" - logDebug "Replaced [$regexString] with [$replaceText] in [$file]" - fi -} - -# search for string and prepend text in file -prependText () { - local regexString="$1" - local text="$2" - local file="$3" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - else - sed -i -e '/'"${regexString}"'/i\'$'\n\\'"${text}"''$'\n' "${file}" || warn "Failed to prepend the text in ${file}" - fi -} - -# add text to beginning of the file -addText () { - local text="$1" - local file="$2" - - if [[ "$(checkFileExists "${file}")" != "true" ]]; then - return - fi - if [[ $(uname) == "Darwin" ]]; then - sed -i '' -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - else - sed -i -e '1s/^/'"${text}"'\'$'\n/' "${file}" || warn "Failed to add the text in ${file}" - fi -} - -io_replaceString () { - local value="$1" - local firstString="$2" - local secondString="$3" - local separator=${4:-"/"} - local updateValue= - if [[ $(uname) == "Darwin" ]]; then - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - else - updateValue=$(echo "${value}" | sed "s${separator}${firstString}${separator}${secondString}${separator}") - fi - echo -n "${updateValue}" -} - -_findYQ() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - local parentDir="$1" - if [ -z "$parentDir" ]; then - return - fi - logDebug "Executing command [find "${parentDir}" -name third-party -type d]" - local yq=$(find "${parentDir}" -name third-party -type d) - if [ -d "${yq}/yq" ]; then - export YQ_PATH="${yq}/yq" - fi -} - - -io_setYQPath() { - # logSilly "Method ${FUNCNAME[0]}" (Intentionally not logging. Does not add value) - if [ "$(io_commandExists 'yq')" == "yes" ]; then - return - fi - - if [ ! -z "${JF_PRODUCT_HOME}" ] && [ -d "${JF_PRODUCT_HOME}" ]; then - _findYQ "${JF_PRODUCT_HOME}" - fi - - if [ -z "${YQ_PATH}" ] && [ ! -z "${COMPOSE_HOME}" ] && [ -d "${COMPOSE_HOME}" ]; then - _findYQ "${COMPOSE_HOME}" - fi - # TODO We can remove this block after all the code is restructured. - if [ -z "${YQ_PATH}" ] && [ ! -z "${SCRIPT_HOME}" ] && [ -d "${SCRIPT_HOME}" ]; then - _findYQ "${SCRIPT_HOME}" - fi - -} - -io_getLinuxDistribution() { - LINUX_DISTRIBUTION= - - # Make sure running on Linux - [ $(uname -s) != "Linux" ] && return - - # Find out what Linux distribution we are on - - cat /etc/*-release | grep -i Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 6.x - cat /etc/issue.net | grep Red >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat || true - - # OS 7.x - cat /etc/*-release | grep -i centos >/dev/null 2>&1 && LINUX_DISTRIBUTION=CentOS && LINUX_DISTRIBUTION_VER="7" || true - - # OS 8.x - grep -q -i "release 8" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="8" || true - - # OS 7.x - grep -q -i "release 7" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="7" || true - - # OS 6.x - grep -q -i "release 6" /etc/redhat-release >/dev/null 2>&1 && LINUX_DISTRIBUTION_VER="6" || true - - cat /etc/*-release | grep -i Red | grep -i 'VERSION=7' >/dev/null 2>&1 && LINUX_DISTRIBUTION=RedHat && LINUX_DISTRIBUTION_VER="7" || true - - cat /etc/*-release | grep -i debian >/dev/null 2>&1 && LINUX_DISTRIBUTION=Debian || true - - cat /etc/*-release | grep -i ubuntu >/dev/null 2>&1 && LINUX_DISTRIBUTION=Ubuntu || true -} - -## Utility method to check ownership of folders/files -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If file is not owned by the user & group -## Parameters: - ## user - ## group - ## folder to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac -io_checkOwner () { - logSilly "Method ${FUNCNAME[0]}" - local osType=$(uname) - - if [ "${osType}" != "Linux" ]; then - logDebug "Unsupported OS. Skipping check" - return 0 - fi - - local file_to_check=$1 - local user_id_to_check=$2 - - - if [ -z "$user_id_to_check" ] || [ -z "$file_to_check" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group_id_to_check=${3:-$user_id_to_check} - local check_user_name=${4:-"no"} - - logDebug "Checking permissions on [$file_to_check] for user [$user_id_to_check] & group [$group_id_to_check]" - - local stat= - - if [ "${check_user_name}" == "yes" ]; then - stat=( $(stat -Lc "%U %G" ${file_to_check}) ) - else - stat=( $(stat -Lc "%u %g" ${file_to_check}) ) - fi - - local user_id=${stat[0]} - local group_id=${stat[1]} - - if [[ "${user_id}" != "${user_id_to_check}" ]] || [[ "${group_id}" != "${group_id_to_check}" ]] ; then - logDebug "Ownership mismatch. [${file_to_check}] is not owned by [${user_id_to_check}:${group_id_to_check}]" - return 1 - else - return 0 - fi -} - -## Utility method to change ownership of a file/folder - NON recursive -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnershipNonRecursive() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown ${user}:${group} ${targetFile}]" - chown ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to change ownership of a file. -## IMPORTANT -## If being called on a folder, should ONLY be called for fresh folders or may cause performance issues -## Failure conditions: - ## If invoked with incorrect inputs - FATAL - ## If chown operation fails - returns 1 -## Parameters: - ## user - ## group - ## file to chown -## Globals: none -## Returns: none -## NOTE: The method does NOTHING if the OS is Mac - -io_setOwnership() { - - local osType=$(uname) - if [ "${osType}" != "Linux" ]; then - return - fi - - local targetFile=$1 - local user=$2 - - if [ -z "$user" ] || [ -z "$targetFile" ]; then - errorExit "Invalid invocation of method. Missing mandatory inputs" - fi - - local group=${3:-$user} - logDebug "Method ${FUNCNAME[0]}. Executing [chown -R ${user}:${group} ${targetFile}]" - chown -R ${user}:${group} ${targetFile} || return 1 -} - -## Utility method to create third party folder structure necessary for Postgres -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## POSTGRESQL_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createPostgresDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${POSTGRESQL_DATA_ROOT}" ] && return 0 - - logDebug "Property [${POSTGRESQL_DATA_ROOT}] exists. Proceeding" - - createDir "${POSTGRESQL_DATA_ROOT}/data" - io_setOwnership "${POSTGRESQL_DATA_ROOT}" "${POSTGRES_USER}" "${POSTGRES_USER}" || errorExit "Setting ownership of [${POSTGRESQL_DATA_ROOT}] to [${POSTGRES_USER}:${POSTGRES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Nginx -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## NGINX_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createNginxDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${NGINX_DATA_ROOT}" ] && return 0 - - logDebug "Property [${NGINX_DATA_ROOT}] exists. Proceeding" - - createDir "${NGINX_DATA_ROOT}" - io_setOwnership "${NGINX_DATA_ROOT}" "${NGINX_USER}" "${NGINX_GROUP}" || errorExit "Setting ownership of [${NGINX_DATA_ROOT}] to [${NGINX_USER}:${NGINX_GROUP}] failed" -} - -## Utility method to create third party folder structure necessary for ElasticSearch -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## ELASTIC_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createElasticSearchDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${ELASTIC_DATA_ROOT}" ] && return 0 - - logDebug "Property [${ELASTIC_DATA_ROOT}] exists. Proceeding" - - createDir "${ELASTIC_DATA_ROOT}/data" - io_setOwnership "${ELASTIC_DATA_ROOT}" "${ES_USER}" "${ES_USER}" || errorExit "Setting ownership of [${ELASTIC_DATA_ROOT}] to [${ES_USER}:${ES_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Redis -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## REDIS_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRedisDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${REDIS_DATA_ROOT}" ] && return 0 - - logDebug "Property [${REDIS_DATA_ROOT}] exists. Proceeding" - - createDir "${REDIS_DATA_ROOT}" - io_setOwnership "${REDIS_DATA_ROOT}" "${REDIS_USER}" "${REDIS_USER}" || errorExit "Setting ownership of [${REDIS_DATA_ROOT}] to [${REDIS_USER}:${REDIS_USER}] failed" -} - -## Utility method to create third party folder structure necessary for Mongo -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## MONGODB_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createMongoDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${MONGODB_DATA_ROOT}" ] && return 0 - - logDebug "Property [${MONGODB_DATA_ROOT}] exists. Proceeding" - - createDir "${MONGODB_DATA_ROOT}/logs" - createDir "${MONGODB_DATA_ROOT}/configdb" - createDir "${MONGODB_DATA_ROOT}/db" - io_setOwnership "${MONGODB_DATA_ROOT}" "${MONGO_USER}" "${MONGO_USER}" || errorExit "Setting ownership of [${MONGODB_DATA_ROOT}] to [${MONGO_USER}:${MONGO_USER}] failed" -} - -## Utility method to create third party folder structure necessary for RabbitMQ -## Failure conditions: -## If creation of directory or assigning permissions fails -## Parameters: none -## Globals: -## RABBITMQ_DATA_ROOT -## Returns: none -## NOTE: The method does NOTHING if the folder already exists -io_createRabbitMQDir() { - logDebug "Method ${FUNCNAME[0]}" - [ -z "${RABBITMQ_DATA_ROOT}" ] && return 0 - - logDebug "Property [${RABBITMQ_DATA_ROOT}] exists. Proceeding" - - createDir "${RABBITMQ_DATA_ROOT}" - io_setOwnership "${RABBITMQ_DATA_ROOT}" "${RABBITMQ_USER}" "${RABBITMQ_USER}" || errorExit "Setting ownership of [${RABBITMQ_DATA_ROOT}] to [${RABBITMQ_USER}:${RABBITMQ_USER}] failed" -} - -# Add or replace a property in provided properties file -addOrReplaceProperty() { - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - local delimiter=${4:-"="} - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}\s*${delimiter}.*$" ${propertiesPath} > /dev/null 2>&1 - [ $? -ne 0 ] && echo -e "\n${propertyName}${delimiter}${propertyValue}" >> ${propertiesPath} - sed -i -e "s|^${propertyName}\s*${delimiter}.*$|${propertyName}${delimiter}${propertyValue}|g;" ${propertiesPath} -} - -# Set property only if its not set -io_setPropertyNoOverride(){ - local propertyName=$1 - local propertyValue=$2 - local propertiesPath=$3 - - # Return if any of the inputs are empty - [[ -z "$propertyName" || "$propertyName" == "" ]] && return - [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return - [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return - - grep "^${propertyName}:" ${propertiesPath} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -e "${propertyName}: ${propertyValue}" >> ${propertiesPath} || warn "Setting property ${propertyName}: ${propertyValue} in [ ${propertiesPath} ] failed" - else - logger "Skipping update of property : ${propertyName}" >&6 - fi -} - -# Add a line to a file if it doesn't already exist -addLine() { - local line_to_add=$1 - local target_file=$2 - logger "Trying to add line $1 to $2" >&6 2>&1 - cat "$target_file" | grep -F "$line_to_add" -wq >&6 2>&1 - if [ $? != 0 ]; then - logger "Line does not exist and will be added" >&6 2>&1 - echo $line_to_add >> $target_file || errorExit "Could not update $target_file" - fi -} - -# Utility method to check if a value (first parameter) exists in an array (2nd parameter) -# 1st parameter "value to find" -# 2nd parameter "The array to search in. Please pass a string with each value separated by space" -# Example: containsElement "y" "y Y n N" -containsElement () { - local searchElement=$1 - local searchArray=($2) - local found=1 - for elementInIndex in "${searchArray[@]}";do - if [[ $elementInIndex == $searchElement ]]; then - found=0 - fi - done - return $found -} - -# Utility method to get user's choice -# 1st parameter "what to ask the user" -# 2nd parameter "what choices to accept, separated by spaces" -# 3rd parameter "what is the default choice (to use if the user simply presses Enter)" -# Example 'getUserChoice "Are you feeling lucky? Punk!" "y n Y N" "y"' -getUserChoice(){ - configureLogOutput - read_timeout=${read_timeout:-0.5} - local choice="na" - local text_to_display=$1 - local choices=$2 - local default_choice=$3 - users_choice= - - until containsElement "$choice" "$choices"; do - echo "";echo ""; - sleep $read_timeout #This ensures correct placement of the question. - read -p "$text_to_display :" choice - : ${choice:=$default_choice} - done - users_choice=$choice - echo -e "\n$text_to_display: $users_choice" >&6 - sleep $read_timeout #This ensures correct logging -} - -setFilePermission () { - local permission=$1 - local file=$2 - chmod "${permission}" "${file}" || warn "Setting permission ${permission} to file [ ${file} ] failed" -} - - -#setting required paths -setAppDir (){ - SCRIPT_DIR=$(dirname $0) - SCRIPT_HOME="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" - APP_DIR="`cd "${SCRIPT_HOME}";pwd`" -} - -ZIP_TYPE="zip" -COMPOSE_TYPE="compose" -HELM_TYPE="helm" -RPM_TYPE="rpm" -DEB_TYPE="debian" - -sourceScript () { - local file="$1" - - [ ! -z "${file}" ] || errorExit "target file is not passed to source a file" - - if [ ! -f "${file}" ]; then - errorExit "${file} file is not found" - else - source "${file}" || errorExit "Unable to source ${file}, please check if the user ${USER} has permissions to perform this action" - fi -} -# Source required helpers -initHelpers () { - local systemYamlHelper="${APP_DIR}/systemYamlHelper.sh" - local thirdPartyDir=$(find ${APP_DIR}/.. -name third-party -type d) - export YQ_PATH="${thirdPartyDir}/yq" - LIBXML2_PATH="${thirdPartyDir}/libxml2/bin/xmllint" - export LD_LIBRARY_PATH="${thirdPartyDir}/libxml2/lib" - sourceScript "${systemYamlHelper}" -} -# Check migration info yaml file available in the path -checkMigrationInfoYaml () { - - if [[ -f "${APP_DIR}/migrationHelmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationHelmInfo.yaml" - INSTALLER="${HELM_TYPE}" - elif [[ -f "${APP_DIR}/migrationZipInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationZipInfo.yaml" - INSTALLER="${ZIP_TYPE}" - elif [[ -f "${APP_DIR}/migrationRpmInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationRpmInfo.yaml" - INSTALLER="${RPM_TYPE}" - elif [[ -f "${APP_DIR}/migrationDebInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationDebInfo.yaml" - INSTALLER="${DEB_TYPE}" - elif [[ -f "${APP_DIR}/migrationComposeInfo.yaml" ]]; then - MIGRATION_SYSTEM_YAML_INFO="${APP_DIR}/migrationComposeInfo.yaml" - INSTALLER="${COMPOSE_TYPE}" - else - errorExit "File migration Info yaml does not exist in [${APP_DIR}]" - fi -} - -retrieveYamlValue () { - local yamlPath="$1" - local value="$2" - local output="$3" - local message="$4" - - [[ -z "${yamlPath}" ]] && errorExit "yamlPath is mandatory to get value from ${MIGRATION_SYSTEM_YAML_INFO}" - - getYamlValue "${yamlPath}" "${MIGRATION_SYSTEM_YAML_INFO}" "false" - value="${YAML_VALUE}" - if [[ -z "${value}" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "Empty value for ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - elif [[ "${output}" == "Skip" ]]; then - return - else - errorExit "${message}" - fi - fi -} - -checkEnv () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - # check Environment JF_PRODUCT_HOME is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_PRODUCT_HOME")" - if [[ -z "${NEW_DATA_DIR}" ]]; then - errorExit "Environment variable JF_PRODUCT_HOME is not set, this is required to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - getCustomDataDir_hook - NEW_DATA_DIR="${OLD_DATA_DIR}" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - else - # check Environment JF_ROOT_DATA_DIR is set before migration - OLD_DATA_DIR="$(evalVariable "OLD_DATA_DIR" "JF_ROOT_DATA_DIR")" - # check Environment JF_ROOT_DATA_DIR is set before migration - NEW_DATA_DIR="$(evalVariable "NEW_DATA_DIR" "JF_ROOT_DATA_DIR")" - if [[ -z "${NEW_DATA_DIR}" ]] && [[ -z "${OLD_DATA_DIR}" ]]; then - errorExit "Could not find ${PROMPT_DATA_DIR_LOCATION} to perform Migration" - fi - # appending var directory to $JF_PRODUCT_HOME - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi - -} - -getDataDir () { - - if [[ "${INSTALLER}" == "${ZIP_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}"|| "${INSTALLER}" == "${HELM_TYPE}" ]]; then - checkEnv - else - getCustomDataDir_hook - NEW_DATA_DIR="`cd "${APP_DIR}"/../../;pwd`" - NEW_DATA_DIR="${NEW_DATA_DIR}/var" - fi -} - -# Retrieve Product name from MIGRATION_SYSTEM_YAML_INFO -getProduct () { - retrieveYamlValue "migration.product" "${YAML_VALUE}" "Fail" "Empty value under ${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - PRODUCT="${YAML_VALUE}" - PRODUCT=$(echo "${PRODUCT}" | tr '[:upper:]' '[:lower:]' 2>/dev/null) - if [[ "${PRODUCT}" != "artifactory" && "${PRODUCT}" != "distribution" && "${PRODUCT}" != "xray" ]]; then - errorExit "migration.product in [${MIGRATION_SYSTEM_YAML_INFO}] is not correct, please set based on product as ARTIFACTORY or DISTRIBUTION" - fi - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - JF_USER="${PRODUCT}" - fi -} -# Compare product version with minProductVersion and maxProductVersion -migrateCheckVersion () { - local productVersion="$1" - local minProductVersion="$2" - local maxProductVersion="$3" - local productVersion618="6.18.0" - local unSupportedProductVersions7=("7.2.0 7.2.1") - - if [[ "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${maxProductVersion}")" -eq 1 ]]; then - logger "Migration not necessary. ${PRODUCT} is already ${productVersion}" - exit 11 - elif [[ "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${minProductVersion}")" -eq 1 ]]; then - if [[ ("$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 0 || "$(io_compareVersions "${productVersion}" "${productVersion618}")" -eq 1) && " ${unSupportedProductVersions7[@]} " =~ " ${CURRENT_VERSION} " ]]; then - touch /tmp/error; - errorExit "Current ${PRODUCT} version (${productVersion}) does not support migration to ${CURRENT_VERSION}" - else - bannerStart "Detected ${PRODUCT} ${productVersion}, initiating migration" - fi - else - logger "Current ${PRODUCT} ${productVersion} version is not supported for migration" - exit 1 - fi -} - -getProductVersion () { - local minProductVersion="$1" - local maxProductVersion="$2" - local newfilePath="$3" - local oldfilePath="$4" - local propertyInDocker="$5" - local property="$6" - local productVersion= - local status= - - if [[ "$INSTALLER" == "${COMPOSE_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - elif [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${propertyInDocker}" "${newfilePath}")" - status="fail" - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - exit 0 - fi - elif [[ "$INSTALLER" == "${HELM_TYPE}" ]]; then - if [[ -f "${oldfilePath}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - else - productVersion="$(cat "${oldfilePath}")" - fi - status="success" - else - productVersion="${CURRENT_VERSION}" - [[ -z "${productVersion}" || "${productVersion}" == "" ]] && logger "${PRODUCT} CURRENT_VERSION is not set" && exit 0 - fi - else - if [[ -f "${newfilePath}" ]]; then - productVersion="$(readKey "${property}" "${newfilePath}")" - status="fail" - elif [[ -f "${oldfilePath}" ]]; then - productVersion="$(readKey "${property}" "${oldfilePath}")" - status="success" - else - if [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - logger "File [${newfilePath}] not found to get current version." - else - logger "File [${oldfilePath}] or [${newfilePath}] not found to get current version." - fi - exit 0 - fi - fi - if [[ -z "${productVersion}" || "${productVersion}" == "" ]]; then - [[ "${status}" == "success" ]] && logger "No version found in file [${oldfilePath}]." - [[ "${status}" == "fail" ]] && logger "No version found in file [${newfilePath}]." - exit 0 - fi - - migrateCheckVersion "${productVersion}" "${minProductVersion}" "${maxProductVersion}" -} - -readKey () { - local property="$1" - local file="$2" - local version= - - while IFS='=' read -r key value || [ -n "${key}" ]; - do - [[ ! "${key}" =~ \#.* && ! -z "${key}" && ! -z "${value}" ]] - key="$(io_trim "${key}")" - if [[ "${key}" == "${property}" ]]; then - version="${value}" && check=true && break - else - check=false - fi - done < "${file}" - if [[ "${check}" == "false" ]]; then - return - fi - echo "${version}" -} - -# create Log directory -createLogDir () { - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" - fi -} - -# Creating migration log file -creationMigrateLog () { - local LOG_FILE_NAME="migration.log" - createLogDir - local MIGRATION_LOG_FILE="${NEW_DATA_DIR}/log/${LOG_FILE_NAME}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - MIGRATION_LOG_FILE="${SCRIPT_HOME}/${LOG_FILE_NAME}" - fi - touch "${MIGRATION_LOG_FILE}" - setFilePermission "${LOG_FILE_PERMISSION}" "${MIGRATION_LOG_FILE}" - exec &> >(tee -a "${MIGRATION_LOG_FILE}") -} -# Set path where system.yaml should create -setSystemYamlPath () { - SYSTEM_YAML_PATH="${NEW_DATA_DIR}/etc/system.yaml" - if [[ "${INSTALLER}" != "${HELM_TYPE}" ]]; then - logger "system.yaml will be created in path [${SYSTEM_YAML_PATH}]" - fi -} -# Create directory -createDirectory () { - local directory="$1" - local output="$2" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${directory}" - mkdir -p "${directory}" && check=true || check=false - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi - setOwnershipBasedOnInstaller "${directory}" -} - -setOwnershipBasedOnInstaller () { - local directory="$1" - if [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - chown -R ${USER_TO_CHECK}:${GROUP_TO_CHECK} "${directory}" || warn "Setting ownership on $directory failed" - elif [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - io_setOwnership "${directory}" "${JF_USER}" "${JF_USER}" - fi -} - -getUserAndGroup () { - local file="$1" - read uid gid <<<$(stat -c '%U %G' ${file}) - USER_TO_CHECK="${uid}" - GROUP_TO_CHECK="${gid}" -} - -# set ownership -getUserAndGroupFromFile () { - case $PRODUCT in - artifactory) - getUserAndGroup "/etc/opt/jfrog/artifactory/artifactory.properties" - ;; - distribution) - getUserAndGroup "${OLD_DATA_DIR}/etc/versions.properties" - ;; - xray) - getUserAndGroup "${OLD_DATA_DIR}/security/master.key" - ;; - esac -} - -# creating required directories -createRequiredDirs () { - bannerSubSection "CREATING REQUIRED DIRECTORIES" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${JF_USER}" "${JF_USER}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${JF_USER}" "${JF_USER}" "yes" - io_setOwnership "${NEW_DATA_DIR}" "${JF_USER}" "${JF_USER}" - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data/postgres" "${POSTGRES_USER}" "${POSTGRES_USER}" "yes" - fi - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - getUserAndGroupFromFile - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/etc/security" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/data" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/log/archived" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/work" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - removeSoftLinkAndCreateDir "${NEW_DATA_DIR}/backup" "${USER_TO_CHECK}" "${GROUP_TO_CHECK}" "yes" - fi -} - -# Check entry in map is format -checkMapEntry () { - local entry="$1" - - [[ "${entry}" != *"="* ]] && echo -n "false" || echo -n "true" -} -# Check value Empty and warn -warnIfEmpty () { - local filePath="$1" - local yamlPath="$2" - local check= - - if [[ -z "${filePath}" ]]; then - warn "Empty value in yamlpath [${yamlPath} in [${MIGRATION_SYSTEM_YAML_INFO}]" - check=false - else - check=true - fi - echo "${check}" -} - -logCopyStatus () { - local status="$1" - local logMessage="$2" - local warnMessage="$3" - - [[ "${status}" == "success" ]] && logger "${logMessage}" - [[ "${status}" == "fail" ]] && warn "${warnMessage}" -} -# copy contents from source to destination -copyCmd () { - local source="$1" - local target="$2" - local mode="$3" - local status= - - case $mode in - unique) - cp -up "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - specific) - cp -pf "${source}" "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied file [${source}] to [${target}]" "Failed to copy file [${source}] to [${target}]" - ;; - patternFiles) - cp -pf "${source}"* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied files matching [${source}*] to [${target}]" "Failed to copy files matching [${source}*] to [${target}]" - ;; - full) - cp -prf "${source}"/* "${target}"/ && status="success" || status="fail" - logCopyStatus "${status}" "Successfully copied directory contents from [${source}] to [${target}]" "Failed to copy directory contents from [${source}] to [${target}]" - ;; - esac -} -# Check contents exist in source before copying -copyOnContentExist () { - local source="$1" - local target="$2" - local mode="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - copyCmd "${source}" "${target}" "${mode}" - else - logger "No contents to copy from [${source}]" - fi -} - -# move source to destination -moveCmd () { - local source="$1" - local target="$2" - local status= - - mv -f "${source}" "${target}" && status="success" || status="fail" - [[ "${status}" == "success" ]] && logger "Successfully moved directory [${source}] to [${target}]" - [[ "${status}" == "fail" ]] && warn "Failed to move directory [${source}] to [${target}]" -} - -# symlink target to source -symlinkCmd () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - local check=false - - if [[ "${symlinkSubDir}" == "subDir" ]]; then - ln -sf "${source}"/* "${target}" && check=true || check=false - else - ln -sf "${source}" "${target}" && check=true || check=false - fi - - [[ "${check}" == "true" ]] && logger "Successfully symlinked directory [${target}] to old [${source}]" - [[ "${check}" == "false" ]] && warn "Symlink operation failed" -} -# Check contents exist in source before symlinking -symlinkOnExist () { - local source="$1" - local target="$2" - local symlinkSubDir="$3" - - if [[ "$(checkContentExists "${source}")" == "true" ]]; then - if [[ "${symlinkSubDir}" == "subDir" ]]; then - symlinkCmd "${source}" "${target}" "subDir" - else - symlinkCmd "${source}" "${target}" - fi - else - logger "No contents to symlink from [${source}]" - fi -} - -prependDir () { - local absolutePath="$1" - local fullPath="$2" - local sourcePath= - - if [[ "${absolutePath}" = \/* ]]; then - sourcePath="${absolutePath}" - else - sourcePath="${fullPath}" - fi - echo "${sourcePath}" -} - -getFirstEntry (){ - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $1}' -} - -getSecondEntry () { - local entry="$1" - - [[ -z "${entry}" ]] && return - echo "${entry}" | awk -F"=" '{print $2}' -} -# To get absolutePath -pathResolver () { - local directoryPath="$1" - local dataDir= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Warning" - dataDir="${YAML_VALUE}" - cd "${dataDir}" - else - cd "${OLD_DATA_DIR}" - fi - absoluteDir="`cd "${directoryPath}";pwd`" - echo "${absoluteDir}" -} - -checkPathResolver () { - local value="$1" - - if [[ "${value}" == \/* ]]; then - value="${value}" - else - value="$(pathResolver "${value}")" - fi - echo "${value}" -} - -propertyMigrate () { - local entry="$1" - local filePath="$2" - local fileName="$3" - local check=false - - local yamlPath="$(getFirstEntry "${entry}")" - local property="$(getSecondEntry "${entry}")" - if [[ -z "${property}" ]]; then - warn "Property is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${property}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - local keyValues=$(cat "${NEW_DATA_DIR}/${filePath}/${fileName}" | grep "^[^#]" | grep "[*=*]") - for i in ${keyValues}; do - key=$(echo "${i}" | awk -F"=" '{print $1}') - value=$(echo "${i}" | cut -f 2- -d '=') - [ -z "${key}" ] && continue - [ -z "${value}" ] && continue - if [[ "${key}" == "${property}" ]]; then - if [[ "${PRODUCT}" == "artifactory" ]]; then - value="$(migrateResolveDerbyPath "${key}" "${value}")" - value="$(migrateResolveHaDirPath "${key}" "${value}")" - if [[ "${INSTALLER}" != "${DOCKER_TYPE}" ]]; then - value="$(updatePostgresUrlString_Hook "${yamlPath}" "${value}")" - fi - fi - if [[ "${key}" == "context.url" ]]; then - local ip=$(echo "${value}" | awk -F/ '{print $3}' | sed 's/:.*//') - setSystemValue "shared.node.ip" "${ip}" "${SYSTEM_YAML_PATH}" - logger "Setting [shared.node.ip] with [${ip}] in system.yaml" - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" && logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" && check=true && break || check=false - fi - done - [[ "${check}" == "false" ]] && logger "Property [${property}] not found in file [${fileName}]" -} - -setHaEnabled_hook () { - echo "" -} - -migratePropertiesFiles () { - local fileList= - local filePath= - local fileName= - local map= - - retrieveYamlValue "migration.propertyFiles.files" "fileList" "Skip" - fileList="${YAML_VALUE}" - if [[ -z "${fileList}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF PROPERTY FILES" - for file in ${fileList}; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.propertyFiles.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.propertyFiles.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - if [[ "$(checkFileExists "${NEW_DATA_DIR}/${filePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - # setting haEnabled with true only if ha-node.properties is present - setHaEnabled_hook "${filePath}" - retrieveYamlValue "migration.propertyFiles.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - propertyMigrate "${entry}" "${filePath}" "${fileName}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=property" - fi - done - else - logger "File [${fileName}] was not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} - -createTargetDir () { - local mountDir="$1" - local target="$2" - - logger "Target directory not found [${mountDir}/${target}], creating it" - createDirectoryRecursive "${mountDir}" "${target}" "Warning" -} - -createDirectoryRecursive () { - local mountDir="$1" - local target="$2" - local output="$3" - local check=false - local message="Could not create directory ${directory}, please check if the user ${USER} has permissions to perform this action" - removeSoftLink "${mountDir}/${target}" - local directory=$(echo "${target}" | tr '/' ' ' ) - local targetDir="${mountDir}" - for dir in ${directory}; - do - targetDir="${targetDir}/${dir}" - mkdir -p "${targetDir}" && check=true || check=false - setOwnershipBasedOnInstaller "${targetDir}" - done - if [[ "${check}" == "false" ]]; then - if [[ "${output}" == "Warning" ]]; then - warn "${message}" - else - errorExit "${message}" - fi - fi -} - -copyOperation () { - local source="$1" - local target="$2" - local mode="$3" - local check=false - local targetDataDir= - local targetLink= - local date= - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - #remove source if it is a symlink - if [[ -L "${source}" ]]; then - targetLink=$(readlink -f "${source}") - logger "Removing the symlink [${source}] pointing to [${targetLink}]" - rm -f "${source}" - source=${targetLink} - fi - if [[ "$(checkDirExists "${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path" - return - fi - if [[ "$(checkDirContents "${source}")" != "true" ]]; then - logger "No contents to copy from [${source}]" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyOnContentExist "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copySpecificFiles () { - local source="$1" - local target="$2" - local mode="$3" - - # prepend OLD_DATA_DIR only if source is relative path - source="$(prependDir "${source}" "${OLD_DATA_DIR}/${source}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkFileExists "${source}")" != "true" ]]; then - logger "Source file [${source}] does not exist in path" - return - fi - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${source}" "${targetDataDir}/${target}" "${mode}" -} - -copyPatternMatchingFiles () { - local source="$1" - local target="$2" - local mode="$3" - local sourcePath="${4}" - - # prepend OLD_DATA_DIR only if source is relative path - sourcePath="$(prependDir "${sourcePath}" "${OLD_DATA_DIR}/${sourcePath}")" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - copyLogMessage "${mode}" - if [[ "$(checkDirExists "${sourcePath}")" != "true" ]]; then - logger "Source [${sourcePath}] directory not found in path" - return - fi - if ls "${sourcePath}/${source}"* 1> /dev/null 2>&1; then - if [[ "$(checkDirExists "${targetDataDir}/${target}")" != "true" ]]; then - createTargetDir "${targetDataDir}" "${target}" - fi - copyCmd "${sourcePath}/${source}" "${targetDataDir}/${target}" "${mode}" - else - logger "Source file [${sourcePath}/${source}*] does not exist in path" - fi -} - -copyLogMessage () { - local mode="$1" - case $mode in - specific) - logger "Copy file [${source}] to target [${targetDataDir}/${target}]" - ;; - patternFiles) - logger "Copy files matching [${sourcePath}/${source}*] to target [${targetDataDir}/${target}]" - ;; - full) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - unique) - logger "Copy directory contents from source [${source}] to target [${targetDataDir}/${target}]" - ;; - esac -} - -copyBannerMessages () { - local mode="$1" - local textMode="$2" - case $mode in - specific) - bannerSection "COPY ${textMode} FILES" - ;; - patternFiles) - bannerSection "COPY MATCHING ${textMode}" - ;; - full) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - unique) - bannerSection "COPY ${textMode} DIRECTORIES CONTENTS" - ;; - esac -} - -invokeCopyFunctions () { - local mode="$1" - local source="$2" - local target="$3" - - case $mode in - specific) - copySpecificFiles "${source}" "${target}" "${mode}" - ;; - patternFiles) - retrieveYamlValue "migration.${copyFormat}.sourcePath" "map" "Warning" - local sourcePath="${YAML_VALUE}" - copyPatternMatchingFiles "${source}" "${target}" "${mode}" "${sourcePath}" - ;; - full) - copyOperation "${source}" "${target}" "${mode}" - ;; - unique) - copyOperation "${source}" "${target}" "${mode}" - ;; - esac -} -# Copies contents from source directory and target directory -copyDataDirectories () { - local copyFormat="$1" - local mode="$2" - local map= - local source= - local target= - local textMode= - local targetDataDir= - local copyFormatValue= - - retrieveYamlValue "migration.${copyFormat}" "${copyFormat}" "Skip" - copyFormatValue="${YAML_VALUE}" - if [[ -z "${copyFormatValue}" ]]; then - return - fi - textMode=$(echo "${mode}" | tr '[:lower:]' '[:upper:]' 2>/dev/null) - copyBannerMessages "${mode}" "${textMode}" - retrieveYamlValue "migration.${copyFormat}.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - targetDataDir="${NEW_DATA_DIR}" - else - targetDataDir="`cd "${NEW_DATA_DIR}"/../;pwd`" - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeCopyFunctions "${mode}" "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -invokeMoveFunctions () { - local source="$1" - local target="$2" - local sourceDataDir= - local targetBasename= - # prepend OLD_DATA_DIR only if source is relative path - sourceDataDir=$(prependDir "${source}" "${OLD_DATA_DIR}/${source}") - targetBasename=$(dirname "${target}") - logger "Moving directory source [${sourceDataDir}] to target [${NEW_DATA_DIR}/${target}]" - if [[ "$(checkDirExists "${sourceDataDir}")" != "true" ]]; then - logger "Directory [${sourceDataDir}] not found in path to move" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${targetBasename}")" != "true" ]]; then - createTargetDir "${NEW_DATA_DIR}" "${targetBasename}" - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/${target}" - else - moveCmd "${sourceDataDir}" "${NEW_DATA_DIR}/tempDir" - moveCmd "${NEW_DATA_DIR}/tempDir" "${NEW_DATA_DIR}/${target}" - fi -} - -# Move source directory and target directory -moveDirectories () { - local moveDataDirectories= - local map= - local source= - local target= - - retrieveYamlValue "migration.moveDirectories" "moveDirectories" "Skip" - moveDirectories="${YAML_VALUE}" - if [[ -z "${moveDirectories}" ]]; then - return - fi - bannerSection "MOVE DIRECTORIES" - retrieveYamlValue "migration.moveDirectories.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - invokeMoveFunctions "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -# Trim masterKey if its generated using hex 32 -trimMasterKey () { - local masterKeyDir=/opt/jfrog/artifactory/var/etc/security - local oldMasterKey=$(<${masterKeyDir}/master.key) - local oldMasterKey_Length=$(echo ${#oldMasterKey}) - local newMasterKey= - if [[ ${oldMasterKey_Length} -gt 32 ]]; then - bannerSection "TRIM MASTERKEY" - newMasterKey=$(echo ${oldMasterKey:0:32}) - cp ${masterKeyDir}/master.key ${masterKeyDir}/backup_master.key - logger "Original masterKey is backed up : ${masterKeyDir}/backup_master.key" - rm -rf ${masterKeyDir}/master.key - echo ${newMasterKey} > ${masterKeyDir}/master.key - logger "masterKey is trimmed : ${masterKeyDir}/master.key" - fi -} - -copyDirectories () { - - copyDataDirectories "copyFiles" "full" - copyDataDirectories "copyUniqueFiles" "unique" - copyDataDirectories "copySpecificFiles" "specific" - copyDataDirectories "copyPatternMatchingFiles" "patternFiles" -} - -symlinkDir () { - local source="$1" - local target="$2" - local targetDir= - local basename= - local targetParentDir= - - targetDir="$(dirname "${target}")" - if [[ "${targetDir}" == "${source}" ]]; then - # symlink the sub directories - createDirectory "${NEW_DATA_DIR}/${target}" "Warning" - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" "subDir" - basename="$(basename "${target}")" - cd "${NEW_DATA_DIR}/${target}" && rm -f "${basename}" - fi - else - targetParentDir="$(dirname "${NEW_DATA_DIR}/${target}")" - createDirectory "${targetParentDir}" "Warning" - if [[ "$(checkDirExists "${targetParentDir}")" == "true" ]]; then - symlinkOnExist "${OLD_DATA_DIR}/${source}" "${NEW_DATA_DIR}/${target}" - fi - fi -} - -symlinkOperation () { - local source="$1" - local target="$2" - local check=false - local targetLink= - local date= - - # Check if source is a link and do symlink - if [[ -L "${OLD_DATA_DIR}/${source}" ]]; then - targetLink=$(readlink -f "${OLD_DATA_DIR}/${source}") - symlinkOnExist "${targetLink}" "${NEW_DATA_DIR}/${target}" - else - # check if source is directory and do symlink - if [[ "$(checkDirExists "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "Source [${source}] directory not found in path to symlink" - return - fi - if [[ "$(checkDirContents "${OLD_DATA_DIR}/${source}")" != "true" ]]; then - logger "No contents found in [${OLD_DATA_DIR}/${source}] to symlink" - return - fi - if [[ "$(checkDirExists "${NEW_DATA_DIR}/${target}")" != "true" ]]; then - logger "Target directory [${NEW_DATA_DIR}/${target}] does not exist to create symlink, creating it" - symlinkDir "${source}" "${target}" - else - rm -rf "${NEW_DATA_DIR}/${target}" && check=true || check=false - [[ "${check}" == "false" ]] && warn "Failed to remove contents in [${NEW_DATA_DIR}/${target}/]" - symlinkDir "${source}" "${target}" - fi - fi -} -# Creates a symlink path - Source directory to which the symbolic link should point. -symlinkDirectories () { - local linkFiles= - local map= - local source= - local target= - - retrieveYamlValue "migration.linkFiles" "linkFiles" "Skip" - linkFiles="${YAML_VALUE}" - if [[ -z "${linkFiles}" ]]; then - return - fi - bannerSection "SYMLINK DIRECTORIES" - retrieveYamlValue "migration.linkFiles.map" "map" "Warning" - map="${YAML_VALUE}" - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - source="$(getSecondEntry "${entry}")" - target="$(getFirstEntry "${entry}")" - logger "Symlink directory [${NEW_DATA_DIR}/${target}] to old [${OLD_DATA_DIR}/${source}]" - [[ -z "${source}" ]] && warn "source value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${target}" ]] && warn "target value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - symlinkOperation "${source}" "${target}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e target=source" - fi - echo ""; - done -} - -updateConnectionString () { - local yamlPath="$1" - local value="$2" - local mongoPath="shared.mongo.url" - local rabbitmqPath="shared.rabbitMq.url" - local postgresPath="shared.database.url" - local redisPath="shared.redis.connectionString" - local mongoConnectionString="mongo.connectionString" - local sourceKey= - local hostIp=$(io_getPublicHostIP) - local hostKey= - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - # Replace @postgres:,@mongodb:,@rabbitmq:,@redis: to @{hostIp}: (Compose Installer) - hostKey="@${hostIp}:" - case $yamlPath in - ${postgresPath}) - sourceKey="@postgres:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoPath}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${rabbitmqPath}) - sourceKey="@rabbitmq:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${redisPath}) - sourceKey="@redis:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - ${mongoConnectionString}) - sourceKey="@mongodb:" - value=$(io_replaceString "${value}" "${sourceKey}" "${hostKey}") - ;; - esac - fi - echo -n "${value}" -} - -yamlMigrate () { - local entry="$1" - local sourceFile="$2" - local value= - local yamlPath= - local key= - yamlPath="$(getFirstEntry "${entry}")" - key="$(getSecondEntry "${entry}")" - if [[ -z "${key}" ]]; then - warn "key is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - getYamlValue "${key}" "${sourceFile}" "false" - value="${YAML_VALUE}" - if [[ ! -z "${value}" ]]; then - value=$(updateConnectionString "${yamlPath}" "${value}") - fi - if [[ "${PRODUCT}" == "artifactory" ]]; then - replicatorProfiling - fi - if [[ -z "${value}" ]]; then - logger "No value for [${key}] in [${sourceFile}]" - else - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the key [${key}] in system.yaml" - fi -} - -migrateYamlFile () { - local files= - local filePath= - local fileName= - local sourceFile= - local map= - retrieveYamlValue "migration.yaml.files" "files" "Skip" - files="${YAML_VALUE}" - if [[ -z "${files}" ]]; then - return - fi - bannerSection "MIGRATION OF YAML FILES" - for file in $files; - do - bannerSubSection "Processing Migration of $file" - retrieveYamlValue "migration.yaml.$file.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - retrieveYamlValue "migration.yaml.$file.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - [[ -z "${filePath}" && -z "${fileName}" ]] && continue - sourceFile="${NEW_DATA_DIR}/${filePath}/${fileName}" - if [[ "$(checkFileExists "${sourceFile}")" == "true" ]]; then - logger "File [${fileName}] found in path [${NEW_DATA_DIR}/${filePath}]" - retrieveYamlValue "migration.yaml.$file.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - yamlMigrate "${entry}" "${sourceFile}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done - else - logger "File [${fileName}] is not found in path [${NEW_DATA_DIR}/${filePath}] to migrate" - fi - done -} -# updates the key and value in system.yaml -updateYamlKeyValue () { - local entry="$1" - local value= - local yamlPath= - local key= - - yamlPath="$(getFirstEntry "${entry}")" - value="$(getSecondEntry "${entry}")" - if [[ -z "${value}" ]]; then - warn "value is empty in map [${entry}] in the file [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - if [[ -z "${yamlPath}" ]]; then - warn "yamlPath is empty for [${key}] in [${MIGRATION_SYSTEM_YAML_INFO}]" - return - fi - setSystemValue "${yamlPath}" "${value}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value [${value}] in system.yaml" -} - -updateSystemYamlFile () { - local updateYaml= - local map= - - retrieveYamlValue "migration.updateSystemYaml" "updateYaml" "Skip" - updateSystemYaml="${YAML_VALUE}" - if [[ -z "${updateSystemYaml}" ]]; then - return - fi - bannerSection "UPDATE SYSTEM YAML FILE WITH KEY AND VALUES" - retrieveYamlValue "migration.updateSystemYaml.map" "map" "Warning" - map="${YAML_VALUE}" - if [[ -z "${map}" ]]; then - return - fi - for entry in $map; - do - if [[ "$(checkMapEntry "${entry}")" == "true" ]]; then - updateYamlKeyValue "${entry}" - else - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e yamlPath=key" - fi - done -} - -backupFiles_hook () { - logSilly "Method ${FUNCNAME[0]}" -} - -backupDirectory () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyOnContentExist "${targetDir}" "${backupDirectory}/${dir}" "full" - fi -} - -removeOldDirectory () { - local backupDir="$1" - local entry="$2" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${entry}" "${OLD_DATA_DIR}/${entry}")" - local outputCheckDirExists="$(checkDirExists "${targetDir}")" - if [[ "${outputCheckDirExists}" != "true" ]]; then - logger "No [${targetDir}] directory found to delete" - echo ""; - return - fi - backupDirectory "${backupDir}" "${entry}" "${targetDir}" - rm -rf "${targetDir}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed directory [${targetDir}]" - [[ "${check}" == "false" ]] && warn "Failed to remove directory [${targetDir}]" - echo ""; -} - -cleanUpOldDataDirectories () { - local cleanUpOldDataDir= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldDataDir" "cleanUpOldDataDir" "Skip" - cleanUpOldDataDir="${YAML_VALUE}" - if [[ -z "${cleanUpOldDataDir}" ]]; then - return - fi - bannerSection "CLEAN UP OLD DATA DIRECTORIES" - retrieveYamlValue "migration.cleanUpOldDataDir.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old data configurations are backedup in [${backupDir}] directory ******" - backupFiles_hook "${backupDir}/${PRODUCT}" - for entry in $map; - do - removeOldDirectory "${backupDir}" "${entry}" - done -} - -backupFiles () { - local backupDir="$1" - local dir="$2" - local targetDir="$3" - local fileName="$4" - local effectiveUser= - local effectiveGroup= - - if [[ "${dir}" = \/* ]]; then - dir=$(echo "${dir/\//}") - fi - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" ]]; then - effectiveUser="${JF_USER}" - effectiveGroup="${JF_USER}" - elif [[ "${INSTALLER}" == "${DEB_TYPE}" || "${INSTALLER}" == "${RPM_TYPE}" ]]; then - effectiveUser="${USER_TO_CHECK}" - effectiveGroup="${GROUP_TO_CHECK}" - fi - - removeSoftLinkAndCreateDir "${backupDir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local backupDirectory="${backupDir}/${PRODUCT}" - removeSoftLinkAndCreateDir "${backupDirectory}" "${effectiveUser}" "${effectiveGroup}" "yes" - removeSoftLinkAndCreateDir "${backupDirectory}/${dir}" "${effectiveUser}" "${effectiveGroup}" "yes" - local outputCheckDirExists="$(checkDirExists "${backupDirectory}/${dir}")" - if [[ "${outputCheckDirExists}" == "true" ]]; then - copyCmd "${targetDir}/${fileName}" "${backupDirectory}/${dir}" "specific" - fi -} - -removeOldFiles () { - local backupDir="$1" - local directoryName="$2" - local fileName="$3" - local check=false - - # prepend OLD_DATA_DIR only if entry is relative path - local targetDir="$(prependDir "${directoryName}" "${OLD_DATA_DIR}/${directoryName}")" - local outputCheckFileExists="$(checkFileExists "${targetDir}/${fileName}")" - if [[ "${outputCheckFileExists}" != "true" ]]; then - logger "No [${targetDir}/${fileName}] file found to delete" - return - fi - backupFiles "${backupDir}" "${directoryName}" "${targetDir}" "${fileName}" - rm -f "${targetDir}/${fileName}" && check=true || check=false - [[ "${check}" == "true" ]] && logger "Successfully removed file [${targetDir}/${fileName}]" - [[ "${check}" == "false" ]] && warn "Failed to remove file [${targetDir}/${fileName}]" - echo ""; -} - -cleanUpOldFiles () { - local cleanUpFiles= - local map= - local entry= - - retrieveYamlValue "migration.cleanUpOldFiles" "cleanUpOldFiles" "Skip" - cleanUpOldFiles="${YAML_VALUE}" - if [[ -z "${cleanUpOldFiles}" ]]; then - return - fi - bannerSection "CLEAN UP OLD FILES" - retrieveYamlValue "migration.cleanUpOldFiles.map" "map" "Warning" - map="${YAML_VALUE}" - [[ -z "${map}" ]] && continue - date="$(date +%Y%m%d%H%M)" - backupDir="${NEW_DATA_DIR}/backup/backup-${date}" - bannerImportant "****** Old files are backedup in [${backupDir}] directory ******" - for entry in $map; - do - local outputCheckMapEntry="$(checkMapEntry "${entry}")" - if [[ "${outputCheckMapEntry}" != "true" ]]; then - warn "map entry [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}] is not in correct format, correct format i.e directoryName=fileName" - fi - local fileName="$(getSecondEntry "${entry}")" - local directoryName="$(getFirstEntry "${entry}")" - [[ -z "${fileName}" ]] && warn "File name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - [[ -z "${directoryName}" ]] && warn "Directory name value is empty for [${entry}] in [${MIGRATION_SYSTEM_YAML_INFO}]" && continue - removeOldFiles "${backupDir}" "${directoryName}" "${fileName}" - echo ""; - done -} - -startMigration () { - bannerSection "STARTING MIGRATION" -} - -endMigration () { - bannerSection "MIGRATION COMPLETED SUCCESSFULLY" -} - -initialize () { - setAppDir - _pauseExecution "setAppDir" - initHelpers - _pauseExecution "initHelpers" - checkMigrationInfoYaml - _pauseExecution "checkMigrationInfoYaml" - getProduct - _pauseExecution "getProduct" - getDataDir - _pauseExecution "getDataDir" -} - -main () { - case $PRODUCT in - artifactory) - migrateArtifactory - ;; - distribution) - migrateDistribution - ;; - xray) - migrationXray - ;; - esac - exit 0 -} - -# Ensures meta data is logged -LOG_BEHAVIOR_ADD_META="$FLAG_Y" - - -migrateResolveDerbyPath () { - local key="$1" - local value="$2" - - if [[ "${key}" == "url" && "${value}" == *"db.home"* ]]; then - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - derbyPath="/opt/jfrog/artifactory/var/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - else - derbyPath="${NEW_DATA_DIR}/data/artifactory/derby" - value=$(echo "${value}" | sed "s|{db.home}|$derbyPath|") - fi - fi - echo "${value}" -} - -migrateResolveHaDirPath () { - local key="$1" - local value="$2" - - if [[ "${INSTALLER}" == "${RPM_TYPE}" || "${INSTALLER}" == "${COMPOSE_TYPE}" || "${INSTALLER}" == "${HELM_TYPE}" || "${INSTALLER}" == "${DEB_TYPE}" ]]; then - if [[ "${key}" == "artifactory.ha.data.dir" || "${key}" == "artifactory.ha.backup.dir" ]]; then - value=$(checkPathResolver "${value}") - fi - fi - echo "${value}" -} -updatePostgresUrlString_Hook () { - local yamlPath="$1" - local value="$2" - local hostIp=$(io_getPublicHostIP) - local sourceKey="//postgresql:" - if [[ "${yamlPath}" == "shared.database.url" ]]; then - value=$(io_replaceString "${value}" "${sourceKey}" "//${hostIp}:" "#") - fi - echo "${value}" -} -# Check Artifactory product version -checkArtifactoryVersion () { - local minProductVersion="6.0.0" - local maxProductVersion="7.0.0" - local propertyInDocker="ARTIFACTORY_VERSION" - local property="artifactory.version" - - if [[ "${INSTALLER}" == "${COMPOSE_TYPE}" ]]; then - local newfilePath="${APP_DIR}/../.env" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${HELM_TYPE}" ]]; then - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - elif [[ "${INSTALLER}" == "${ZIP_TYPE}" ]]; then - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="${OLD_DATA_DIR}/etc/artifactory.properties" - else - local newfilePath="${NEW_DATA_DIR}/etc/artifactory/artifactory.properties" - local oldfilePath="/etc/opt/jfrog/artifactory/artifactory.properties" - fi - - getProductVersion "${minProductVersion}" "${maxProductVersion}" "${newfilePath}" "${oldfilePath}" "${propertyInDocker}" "${property}" -} - -getCustomDataDir_hook () { - retrieveYamlValue "migration.oldDataDir" "oldDataDir" "Fail" - OLD_DATA_DIR="${YAML_VALUE}" -} - -# Get protocol value of connector -getXmlConnectorProtocol () { - local i="$1" - local filePath="$2" - local fileName="$3" - local protocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@protocol' ${filePath}/${fileName} 2>/dev/null |awk -F"=" '{print $2}' | tr -d '"') - echo -e "${protocolValue}" -} - -# Get all attributes of connector -getXmlConnectorAttributes () { - local i="$1" - local filePath="$2" - local fileName="$3" - local connectorAttributes=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@*' ${filePath}/${fileName} 2>/dev/null) - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - echo "${connectorAttributes}" -} - -# Get port value of connector -getXmlConnectorPort () { - local i="$1" - local filePath="$2" - local fileName="$3" - local portValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@port' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${portValue}" -} - -# Get maxThreads value of connector -getXmlConnectorMaxThreads () { - local i="$1" - local filePath="$2" - local fileName="$3" - local maxThreadValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@maxThreads' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${maxThreadValue}" -} -# Get sendReasonPhrase value of connector -getXmlConnectorSendReasonPhrase () { - local i="$1" - local filePath="$2" - local fileName="$3" - local sendReasonPhraseValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sendReasonPhrase' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - echo -e "${sendReasonPhraseValue}" -} -# Get relaxedPathChars value of connector -getXmlConnectorRelaxedPathChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedPathCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedPathChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedPathCharsValue=$(io_trim "${relaxedPathCharsValue}") - echo -e "${relaxedPathCharsValue}" -} -# Get relaxedQueryChars value of connector -getXmlConnectorRelaxedQueryChars () { - local i="$1" - local filePath="$2" - local fileName="$3" - local relaxedQueryCharsValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@relaxedQueryChars' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - # strip leading and trailing spaces - relaxedQueryCharsValue=$(io_trim "${relaxedQueryCharsValue}") - echo -e "${relaxedQueryCharsValue}" -} - -# Updating system.yaml with Connector port -setConnectorPort () { - local yamlPath="$1" - local valuePort="$2" - local portYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${valuePort}" ]]; then - warn "port value is empty, could not migrate to system.yaml" - return - fi - ## Getting port yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" portYamlPath "Warning" - portYamlPath="${YAML_VALUE}" - if [[ -z "${portYamlPath}" ]]; then - return - fi - setSystemValue "${portYamlPath}" "${valuePort}" "${SYSTEM_YAML_PATH}" - logger "Setting [${portYamlPath}] with value [${valuePort}] in system.yaml" -} - -# Updating system.yaml with Connector maxThreads -setConnectorMaxThread () { - local yamlPath="$1" - local threadValue="$2" - local maxThreadYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${threadValue}" ]]; then - return - fi - ## Getting max Threads yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" maxThreadYamlPath "Warning" - maxThreadYamlPath="${YAML_VALUE}" - if [[ -z "${maxThreadYamlPath}" ]]; then - return - fi - setSystemValue "${maxThreadYamlPath}" "${threadValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${maxThreadYamlPath}] with value [${threadValue}] in system.yaml" -} - -# Updating system.yaml with Connector sendReasonPhrase -setConnectorSendReasonPhrase () { - local yamlPath="$1" - local sendReasonPhraseValue="$2" - local sendReasonPhraseYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${sendReasonPhraseValue}" ]]; then - return - fi - ## Getting sendReasonPhrase yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" sendReasonPhraseYamlPath "Warning" - sendReasonPhraseYamlPath="${YAML_VALUE}" - if [[ -z "${sendReasonPhraseYamlPath}" ]]; then - return - fi - setSystemValue "${sendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${sendReasonPhraseYamlPath}] with value [${sendReasonPhraseValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedPathChars -setConnectorRelaxedPathChars () { - local yamlPath="$1" - local relaxedPathCharsValue="$2" - local relaxedPathCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedPathCharsValue}" ]]; then - return - fi - ## Getting relaxedPathChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedPathCharsYamlPath "Warning" - relaxedPathCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedPathCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedPathCharsYamlPath}" "${relaxedPathCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedPathCharsYamlPath}] with value [${relaxedPathCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connector relaxedQueryChars -setConnectorRelaxedQueryChars () { - local yamlPath="$1" - local relaxedQueryCharsValue="$2" - local relaxedQueryCharsYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${relaxedQueryCharsValue}" ]]; then - return - fi - ## Getting relaxedQueryChars yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" relaxedQueryCharsYamlPath "Warning" - relaxedQueryCharsYamlPath="${YAML_VALUE}" - if [[ -z "${relaxedQueryCharsYamlPath}" ]]; then - return - fi - setSystemValue "${relaxedQueryCharsYamlPath}" "${relaxedQueryCharsValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${relaxedQueryCharsYamlPath}] with value [${relaxedQueryCharsValue}] in system.yaml" -} - -# Updating system.yaml with Connectors configurations -setConnectorExtraConfig () { - local yamlPath="$1" - local connectorAttributes="$2" - local extraConfigPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${connectorAttributes}" ]]; then - return - fi - ## Getting extraConfig yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConfig "Warning" - extraConfigPath="${YAML_VALUE}" - if [[ -z "${extraConfigPath}" ]]; then - return - fi - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setSystemValue "${extraConfigPath}" "${connectorAttributes}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConfigPath}] with connector attributes in system.yaml" -} - -# Updating system.yaml with extra Connectors -setExtraConnector () { - local yamlPath="$1" - local extraConnector="$2" - local extraConnectorYamlPath= - if [[ -z "${yamlPath}" ]]; then - return - fi - if [[ -z "${extraConnector}" ]]; then - return - fi - ## Getting extraConnecotr yaml path from migration info yaml - retrieveYamlValue "${yamlPath}" extraConnectorYamlPath "Warning" - extraConnectorYamlPath="${YAML_VALUE}" - if [[ -z "${extraConnectorYamlPath}" ]]; then - return - fi - getYamlValue "${extraConnectorYamlPath}" "${SYSTEM_YAML_PATH}" "false" - local connectorExtra="${YAML_VALUE}" - if [[ -z "${connectorExtra}" ]]; then - setSystemValue "${extraConnectorYamlPath}" "${extraConnector}" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - else - setSystemValue "${extraConnectorYamlPath}" "\"${connectorExtra} ${extraConnector}\"" "${SYSTEM_YAML_PATH}" - logger "Setting [${extraConnectorYamlPath}] with extra connectors in system.yaml" - fi -} - -# Migrate extra connectors to system.yaml -migrateExtraConnectors () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local excludeDefaultPort="$4" - local i="$5" - local extraConfig= - local extraConnector= - if [[ "${excludeDefaultPort}" == "yes" ]]; then - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" && "${portValue}" != "${DEFAULT_RT_PORT}" ]] || continue - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - done - else - extraConnector=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']' ${filePath}/${fileName} 2>/dev/null) - setExtraConnector "${EXTRA_CONFIG_YAMLPATH}" "${extraConnector}" - fi -} - -# Migrate connector configurations -migrateConnectorConfig () { - local i="$1" - local protocolType="$2" - local portValue="$3" - local connectorPortYamlPath="$4" - local connectorMaxThreadYamlPath="$5" - local connectorAttributesYamlPath="$6" - local filePath="$7" - local fileName="$8" - local connectorSendReasonPhraseYamlPath="$9" - local connectorRelaxedPathCharsYamlPath="${10}" - local connectorRelaxedQueryCharsYamlPath="${11}" - - # migrate port - setConnectorPort "${connectorPortYamlPath}" "${portValue}" - - # migrate maxThreads - local maxThreadValue=$(getXmlConnectorMaxThreads "$i" "${filePath}" "${fileName}") - setConnectorMaxThread "${connectorMaxThreadYamlPath}" "${maxThreadValue}" - - # migrate sendReasonPhrase - local sendReasonPhraseValue=$(getXmlConnectorSendReasonPhrase "$i" "${filePath}" "${fileName}") - setConnectorSendReasonPhrase "${connectorSendReasonPhraseYamlPath}" "${sendReasonPhraseValue}" - - # migrate relaxedPathChars - local relaxedPathCharsValue=$(getXmlConnectorRelaxedPathChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedPathChars "${connectorRelaxedPathCharsYamlPath}" "\"${relaxedPathCharsValue}\"" - # migrate relaxedQueryChars - local relaxedQueryCharsValue=$(getXmlConnectorRelaxedQueryChars "$i" "${filePath}" "${fileName}") - setConnectorRelaxedQueryChars "${connectorRelaxedQueryCharsYamlPath}" "\"${relaxedQueryCharsValue}\"" - - # migrate all attributes to extra config except port , maxThread , sendReasonPhrase ,relaxedPathChars and relaxedQueryChars - local connectorAttributes=$(getXmlConnectorAttributes "$i" "${filePath}" "${fileName}") - connectorAttributes=$(echo "${connectorAttributes}" | sed 's/port="'${portValue}'"//g' | sed 's/maxThreads="'${maxThreadValue}'"//g' | sed 's/sendReasonPhrase="'${sendReasonPhraseValue}'"//g' | sed 's/relaxedPathChars="\'${relaxedPathCharsValue}'\"//g' | sed 's/relaxedQueryChars="\'${relaxedQueryCharsValue}'\"//g') - # strip leading and trailing spaces - connectorAttributes=$(io_trim "${connectorAttributes}") - setConnectorExtraConfig "${connectorAttributesYamlPath}" "${connectorAttributes}" -} - -# Check for default port 8040 and 8081 in connectors and migrate -migrateConnectorPort () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - local connectorPortYamlPath="$5" - local connectorMaxThreadYamlPath="$6" - local connectorAttributesYamlPath="$7" - local connectorSendReasonPhraseYamlPath="$8" - local connectorRelaxedPathCharsYamlPath="$9" - local connectorRelaxedQueryCharsYamlPath="${10}" - local portYamlPath= - local maxThreadYamlPath= - local status= - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" == *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - RT_DEFAULTPORT_STATUS=success - else - AC_DEFAULTPORT_STATUS=success - fi - migrateConnectorConfig "${i}" "${protocolType}" "${portValue}" "${connectorPortYamlPath}" "${connectorMaxThreadYamlPath}" "${connectorAttributesYamlPath}" "${filePath}" "${fileName}" "${connectorSendReasonPhraseYamlPath}" "${connectorRelaxedPathCharsYamlPath}" "${connectorRelaxedQueryCharsYamlPath}" - done -} - -# migrate to extra, connector having default port and protocol is AJP -migrateDefaultPortIfAjp () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local defaultPort="$4" - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] && continue - [[ "${portValue}" != "${defaultPort}" ]] && continue - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - done - -} - -# Comparing max threads in connectors -compareMaxThreads () { - local firstConnectorMaxThread="$1" - local firstConnectorNode="$2" - local secondConnectorMaxThread="$3" - local secondConnectorNode="$4" - local filePath="$5" - local fileName="$6" - - # choose higher maxThreads connector as Artifactory. - if [[ "${firstConnectorMaxThread}" -gt ${secondConnectorMaxThread} || "${firstConnectorMaxThread}" -eq ${secondConnectorMaxThread} ]]; then - # maxThread is higher in firstConnector, - # Taking firstConnector as Artifactory and SecondConnector as Access - # maxThread is equal in both connector,considering firstConnector as Artifactory and SecondConnector as Access - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - else - # maxThread is higher in SecondConnector, - # Taking SecondConnector as Artifactory and firstConnector as Access - local rtPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -# Check max threads exist to compare -maxThreadsExistToCompare () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local firstConnectorMaxThread= - local secondConnectorMaxThread= - local firstConnectorNode= - local secondConnectorNode= - local status=success - local firstnode=fail - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ ${protocolType} == *AJP* ]]; then - # Migrate Connectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - fi - # store maxthreads value of each connector - if [[ ${firstnode} == "fail" ]]; then - firstConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - firstConnectorNode="${i}" - firstnode=success - else - secondConnectorMaxThread=$(getXmlConnectorMaxThreads "${i}" "${filePath}" "${fileName}") - secondConnectorNode="${i}" - fi - done - [[ -z "${firstConnectorMaxThread}" ]] && status=fail - [[ -z "${secondConnectorMaxThread}" ]] && status=fail - # maxThreads is set, now compare MaxThreads - if [[ "${status}" == "success" ]]; then - compareMaxThreads "${firstConnectorMaxThread}" "${firstConnectorNode}" "${secondConnectorMaxThread}" "${secondConnectorNode}" "${filePath}" "${fileName}" - else - # Assume first connector is RT, maxThreads is not set in both connectors - local rtPortValue=$(getXmlConnectorPort "${firstConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${firstConnectorNode}" "${protocolType}" "${rtPortValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - local acPortValue=$(getXmlConnectorPort "${secondConnectorNode}" "${filePath}" "${fileName}") - migrateConnectorConfig "${secondConnectorNode}" "${protocolType}" "${acPortValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi -} - -migrateExtraBasedOnNonAjpCount () { - local nonAjpCount="$1" - local filePath="$2" - local fileName="$3" - local connectorCount="$4" - local i="$5" - - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - if [[ "${protocolType}" == *AJP* ]]; then - if [[ "${nonAjpCount}" -eq 1 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "no" "${i}" - continue - else - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - continue - fi - fi -} - -# find RT and AC Connector -findRtAndAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local initialAjpCount=0 - local nonAjpCount=0 - - # get the count of non AJP - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${protocolType}" != *AJP* ]] || continue - nonAjpCount=$((initialAjpCount+1)) - initialAjpCount="${nonAjpCount}" - done - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access and artifactory connectors - # Mark port as 8040 for access - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - done - elif [[ "${nonAjpCount}" -eq 2 ]]; then - # compare maxThreads in both connectors - maxThreadsExistToCompare "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${nonAjpCount}" -gt 2 ]]; then - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # setting with default port in system.yaml - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# get the count of non AJP -getCountOfNonAjp () { - local port="$1" - local connectorCount="$2" - local filePath=$3 - local fileName=$4 - local initialNonAjpCount=0 - - for ((i = 1 ; i <= "${connectorCount}" ; i++)); - do - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - local protocolType=$(getXmlConnectorProtocol "$i" "${filePath}" "${fileName}") - [[ "${portValue}" != "${port}" ]] || continue - [[ "${protocolType}" != *AJP* ]] || continue - local nonAjpCount=$((initialNonAjpCount+1)) - initialNonAjpCount="${nonAjpCount}" - done - echo -e "${nonAjpCount}" -} - -# Find for access connector -findAcConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_RT_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as access connector and mark port as that of connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take RT properties into access with 8040 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_RT_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add RT connector details as access connector and mark port as 8040 - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - setConnectorPort "${AC_PORT_YAMLPATH}" "${DEFAULT_ACCESS_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -# Find for artifactory connector -findRtConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - - # get the count of non AJP - local nonAjpCount=$(getCountOfNonAjp "${DEFAULT_ACCESS_PORT}" "${connectorCount}" "${filePath}" "${fileName}") - if [[ "${nonAjpCount}" -eq 1 ]]; then - # Add the connector found as RT connector - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" != "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - fi - done - elif [[ "${nonAjpCount}" -gt 1 ]]; then - # Take access properties into artifactory with 8081 - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - migrateExtraBasedOnNonAjpCount "${nonAjpCount}" "${filePath}" "${fileName}" "${connectorCount}" "$i" - local portValue=$(getXmlConnectorPort "$i" "${filePath}" "${fileName}") - if [[ "${portValue}" == "${DEFAULT_ACCESS_PORT}" ]]; then - migrateConnectorConfig "$i" "${protocolType}" "${portValue}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${filePath}" "${fileName}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - fi - done - elif [[ "${nonAjpCount}" -eq 0 ]]; then - # Add access connector details as RT connector and mark as ${DEFAULT_RT_PORT} - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - setConnectorPort "${RT_PORT_YAMLPATH}" "${DEFAULT_RT_PORT}" - # migrateExtraConnectors - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - fi -} - -checkForTlsConnector () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - for ((i = 1 ; i <= "${connectorCount}" ; i++)) - do - local sslProtocolValue=$($LIBXML2_PATH --xpath '//Server/Service/Connector['$i']/@sslProtocol' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${sslProtocolValue}" == "TLS" ]]; then - bannerImportant "NOTE: Ignoring TLS connector during migration, modify the system yaml to enable TLS. Original server.xml is saved in path [${filePath}/${fileName}]" - TLS_CONNECTOR_EXISTS=${FLAG_Y} - continue - fi - done -} - -# set custom tomcat server Listeners to system.yaml -setListenerConnector () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - for ((i = 1 ; i <= "${listenerCount}" ; i++)) - do - local listenerConnector=$($LIBXML2_PATH --xpath '//Server/Listener['$i']' ${filePath}/${fileName} 2>/dev/null) - local listenerClassName=$($LIBXML2_PATH --xpath '//Server/Listener['$i']/@className' ${filePath}/${fileName} 2>/dev/null | awk -F"=" '{print $2}' | tr -d '"') - if [[ "${listenerClassName}" == *Apr* ]]; then - setExtraConnector "${EXTRA_LISTENER_CONFIG_YAMLPATH}" "${listenerConnector}" - fi - done -} -# add custom tomcat server Listeners -addTomcatServerListeners () { - local filePath="$1" - local fileName="$2" - local listenerCount="$3" - if [[ "${listenerCount}" == "0" ]]; then - logger "No listener connectors found in the [${filePath}/${fileName}],skipping migration of listener connectors" - else - setListenerConnector "${filePath}" "${fileName}" "${listenerCount}" - setSystemValue "${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}" "true" "${SYSTEM_YAML_PATH}" - logger "Setting [${RT_TOMCAT_HTTPSCONNECTOR_ENABLED}] with value [true] in system.yaml" - fi -} - -# server.xml migration operations -xmlMigrateOperation () { - local filePath="$1" - local fileName="$2" - local connectorCount="$3" - local listenerCount="$4" - RT_DEFAULTPORT_STATUS=fail - AC_DEFAULTPORT_STATUS=fail - TLS_CONNECTOR_EXISTS=${FLAG_N} - - # Check for connector with TLS , if found ignore migrating it - checkForTlsConnector "${filePath}" "${fileName}" "${connectorCount}" - if [[ "${TLS_CONNECTOR_EXISTS}" == "${FLAG_Y}" ]]; then - return - fi - addTomcatServerListeners "${filePath}" "${fileName}" "${listenerCount}" - # Migrate RT default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" "${RT_PORT_YAMLPATH}" "${RT_MAXTHREADS_YAMLPATH}" "${RT_EXTRACONFIG_YAMLPATH}" "${RT_SENDREASONPHRASE_YAMLPATH}" "${RT_RELAXEDPATHCHARS_YAMLPATH}" "${RT_RELAXEDQUERYCHARS_YAMLPATH}" - # Migrate to extra if RT default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_RT_PORT}" - # Migrate AC default port from connectors - migrateConnectorPort "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" "${AC_PORT_YAMLPATH}" "${AC_MAXTHREADS_YAMLPATH}" "${AC_EXTRACONFIG_YAMLPATH}" "${AC_SENDREASONPHRASE_YAMLPATH}" - # Migrate to extra if access default ports are AJP - migrateDefaultPortIfAjp "${filePath}" "${fileName}" "${connectorCount}" "${DEFAULT_ACCESS_PORT}" - - if [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # RT and AC default port found - logger "Artifactory 8081 and Access 8040 default port are found" - migrateExtraConnectors "${filePath}" "${fileName}" "${connectorCount}" "yes" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "success" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # Only AC default port found,find RT connector - logger "Found Access default 8040 port" - findRtConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "success" ]]; then - # Only RT default port found,find AC connector - logger "Found Artifactory default 8081 port" - findAcConnector "${filePath}" "${fileName}" "${connectorCount}" - elif [[ "${AC_DEFAULTPORT_STATUS}" == "fail" && "${RT_DEFAULTPORT_STATUS}" == "fail" ]]; then - # RT and AC default port not found, find connector - logger "Artifactory 8081 and Access 8040 default port are not found" - findRtAndAcConnector "${filePath}" "${fileName}" "${connectorCount}" - fi -} - -# get count of connectors -getXmlConnectorCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Service/Connector)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# get count of listener connectors -getTomcatServerListenersCount () { - local filePath="$1" - local fileName="$2" - local count=$($LIBXML2_PATH --xpath 'count(/Server/Listener)' ${filePath}/${fileName}) - echo -e "${count}" -} - -# Migrate server.xml configuration to system.yaml -migrateXmlFile () { - local xmlFiles= - local fileName= - local filePath= - local sourceFilePath= - DEFAULT_ACCESS_PORT="8040" - DEFAULT_RT_PORT="8081" - AC_PORT_YAMLPATH="migration.xmlFiles.serverXml.access.port" - AC_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.access.maxThreads" - AC_SENDREASONPHRASE_YAMLPATH="migration.xmlFiles.serverXml.access.sendReasonPhrase" - AC_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.access.extraConfig" - RT_PORT_YAMLPATH="migration.xmlFiles.serverXml.artifactory.port" - RT_MAXTHREADS_YAMLPATH="migration.xmlFiles.serverXml.artifactory.maxThreads" - RT_SENDREASONPHRASE_YAMLPATH='migration.xmlFiles.serverXml.artifactory.sendReasonPhrase' - RT_RELAXEDPATHCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedPathChars' - RT_RELAXEDQUERYCHARS_YAMLPATH='migration.xmlFiles.serverXml.artifactory.relaxedQueryChars' - RT_EXTRACONFIG_YAMLPATH="migration.xmlFiles.serverXml.artifactory.extraConfig" - ROUTER_PORT_YAMLPATH="migration.xmlFiles.serverXml.router.port" - EXTRA_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.config" - EXTRA_LISTENER_CONFIG_YAMLPATH="migration.xmlFiles.serverXml.extra.listener" - RT_TOMCAT_HTTPSCONNECTOR_ENABLED="artifactory.tomcat.httpsConnector.enabled" - - retrieveYamlValue "migration.xmlFiles" "xmlFiles" "Skip" - xmlFiles="${YAML_VALUE}" - if [[ -z "${xmlFiles}" ]]; then - return - fi - bannerSection "PROCESSING MIGRATION OF XML FILES" - retrieveYamlValue "migration.xmlFiles.serverXml.fileName" "fileName" "Warning" - fileName="${YAML_VALUE}" - if [[ -z "${fileName}" ]]; then - return - fi - bannerSubSection "Processing Migration of $fileName" - retrieveYamlValue "migration.xmlFiles.serverXml.filePath" "filePath" "Warning" - filePath="${YAML_VALUE}" - if [[ -z "${filePath}" ]]; then - return - fi - # prepend NEW_DATA_DIR only if filePath is relative path - sourceFilePath=$(prependDir "${filePath}" "${NEW_DATA_DIR}/${filePath}") - if [[ "$(checkFileExists "${sourceFilePath}/${fileName}")" == "true" ]]; then - logger "File [${fileName}] is found in path [${sourceFilePath}]" - local connectorCount=$(getXmlConnectorCount "${sourceFilePath}" "${fileName}") - if [[ "${connectorCount}" == "0" ]]; then - logger "No connectors found in the [${filePath}/${fileName}],skipping migration of xml configuration" - return - fi - local listenerCount=$(getTomcatServerListenersCount "${sourceFilePath}" "${fileName}") - xmlMigrateOperation "${sourceFilePath}" "${fileName}" "${connectorCount}" "${listenerCount}" - else - logger "File [${fileName}] is not found in path [${sourceFilePath}] to migrate" - fi -} - -compareArtifactoryUser () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - - if [[ "${oldPropertyValue}" != "${newPropertyValue}" ]]; then - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" - else - logger "No change in property [${property}] value in [${sourceFile}] to migrate" - fi -} - -migrateReplicator () { - local property="$1" - local oldPropertyValue="$2" - local yamlPath="$3" - - setSystemValue "${yamlPath}" "${oldPropertyValue}" "${SYSTEM_YAML_PATH}" - logger "Setting [${yamlPath}] with value of the property [${property}] in system.yaml" -} - -compareJavaOptions () { - local property="$1" - local oldPropertyValue="$2" - local newPropertyValue="$3" - local yamlPath="$4" - local sourceFile="$5" - local oldJavaOption= - local newJavaOption= - local extraJavaOption= - local check=false - local success=true - local status=true - - oldJavaOption=$(echo "${oldPropertyValue}" | awk 'BEGIN{FS=OFS="\""}{for(i=2;i