[xray] 3.102.3 release

jfrog · Aug 22, 2024 · 6685a0d · 6685a0d
1 parent 7e1c395
commit 6685a0d
Show file tree

Hide file tree

Showing 12 changed files with 455 additions and 16 deletions.
diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md
@@ -1,7 +1,11 @@
 # JFrog Xray Chart Changelog
 All changes to this chart will be documented in this file.
 
-## [103.101.5] - June 18, 2024
+## [103.102.3] - July 17, 2024
+* Added support of specifying resources constraints for RabbitMQ's pre-upgrade-hook job
+* Fixed formatting error associated to the `volumeMounts` for the `panoramic` microservice [GH-1895](https://github.com/jfrog/charts/issues/1895)
+
+## [103.99.0] - June 18, 2024
 * Fixed #adding colon in image registry breaks deployment with meta label error. [GH-1892](https://github.com/jfrog/charts/pull/1892)
 
 ## [103.97.0] - May 27, 2024

diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 3.101.5
+appVersion: 3.102.3
 dependencies:
 - condition: postgresql.enabled
   name: postgresql
@@ -24,4 +24,4 @@ name: xray
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 103.101.5
+version: 103.102.3
diff --git a/stable/xray/README.md b/stable/xray/README.md
@@ -52,7 +52,7 @@ helm upgrade --install xray --set xray.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_K
 To apply the chart with recommended sizing configurations :
 For small configurations :
 ```bash
-helm upgrade --install xray jfrog/xray -f sizing/xray-small.yaml --namespace xray --create-namespace
+helm upgrade --install xray jfrog/xray -f sizing/xray-sizing-small.yaml --namespace xray --create-namespace
 ```
 
 ## Uninstalling Xray

diff --git a/stable/xray/ci/default-values.yaml b/stable/xray/ci/default-values.yaml
@@ -67,6 +67,17 @@ sbom:
       cpu: "3"
 
 panoramic:
+  enabled: false
+  resources:
+    requests:
+      memory: "300Mi"
+      cpu: "50m"
+    limits:
+      memory: "4Gi"
+      cpu: "3"
+
+
+policyenforcer:
   enabled: false
   resources:
     requests:

diff --git a/stable/xray/files/system.yaml b/stable/xray/files/system.yaml
@@ -67,6 +67,10 @@ server:
     migrate_msgs_from_other_rabbitmq: {{ toYaml .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq | nindent 6 }}
   {{- end }}
 {{- end }}
+{{- if .Values.policyenforcer.enabled }}
+policyenforcer:
+  enabled: true
+{{- end }}
 {{- if (include "xray.imagePullSecretsStrList" .) }}
 executionService:
   pullSecret:

diff --git a/stable/xray/templates/_helpers.tpl b/stable/xray/templates/_helpers.tpl
@@ -27,6 +27,13 @@ The xray-panoramic name
 {{- default .Chart.Name .Values.panoramic.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+The xray-policyenforcer name
+*/}}
+{{- define "xray-policyenforcer.name" -}}
+{{- default .Chart.Name .Values.panoramic.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 The xray-indexer name
 */}}

diff --git a/stable/xray/templates/migration-hook.yaml b/stable/xray/templates/migration-hook.yaml
@@ -102,6 +102,10 @@ spec:
         - name: pre-upgrade-container
           image: "{{ include "xray.getRegistryByService" (list . "migrationHook") }}/{{ .Values.rabbitmq.migration.image.repository }}:{{ .Values.rabbitmq.migration.image.tag }}"
           imagePullPolicy: IfNotPresent
+          {{- if .Values.rabbitmq.resources }}
+          resources:
+            {{- toYaml .Values.rabbitmq.resources | nindent 12 }}
+          {{- end }}
           {{- if .Values.rabbitmq.containerSecurityContext.enabled }}
           securityContext: {{- omit .Values.rabbitmq.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}

diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml
@@ -27,10 +27,10 @@ spec:
 {{- if not .Values.autoscalingIpa.enabled }}
   replicas: {{ .Values.replicaCount }}
 {{- end }}
+{{- with .Values.deployment.strategy }}
   strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
+{{ toYaml . | indent 4 }}
+{{- end }}
   selector:
     matchLabels:
       app: {{ template "xray.name" . }}
@@ -889,8 +889,8 @@ spec:
           - containerPort: {{ .Values.panoramic.internalPort }}
             name: http-panoramic
         volumeMounts:
-          - name: data-volume
-            mountPath: "{{ .Values.xray.persistence.mountPath }}"
+        - name: data-volume
+          mountPath: "{{ .Values.xray.persistence.mountPath }}"
 {{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }}
 {{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }}
 {{- end }}
@@ -907,6 +907,176 @@ spec:
         livenessProbe:
 {{ tpl .Values.panoramic.livenessProbe.config . | indent 10 }}
 {{- end }}
+{{- end }}
+{{- if .Values.policyenforcer.enabled }}
+      - name: {{ .Values.policyenforcer.name }}
+        image: {{ include "xray.getImageInfoByValue" (list . "policyenforcer") }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        {{- if .Values.containerSecurityContext.enabled }}
+        securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }}
+        {{- end }}
+        command:
+          - '/bin/bash'
+          - '-c'
+          - >
+          {{- with .Values.common.preStartCommand }}
+            echo "Running custom common preStartCommand command";
+            {{ tpl . $ }};
+          {{- end }}
+          {{- with .Values.policyenforcer.preStartCommand }}
+            echo "Running custom policyenforcer preStartCommand command";
+            {{ tpl . $ }};
+          {{- end }}
+            exec /opt/jfrog/xray/app/bin/wrapper.sh;
+        {{- with .Values.policyenforcer.lifecycle }}
+        lifecycle:
+{{ toYaml . | indent 10 }}
+        {{- end }}
+        env:
+        - name: JF_SKIPENTLICCHECKFORCLOUD
+          value: "true"
+    {{ include "xray.envVariables" . | indent 8 }}
+    {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }}
+    {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }}
+        - name: JF_SHARED_RABBITMQ_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }}
+              key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }}
+        - name: JF_SHARED_RABBITMQ_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ tpl .Values.rabbitmq.external.secrets.password.name . }}
+              key: {{ tpl .Values.rabbitmq.external.secrets.password.key . }}
+        - name: JF_SHARED_RABBITMQ_URL
+          valueFrom:
+            secretKeyRef:
+              name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }}
+              key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }}
+    {{- end }}
+    {{- if or .Values.database.secrets.user .Values.database.user }}
+        - name: JF_SHARED_DATABASE_USERNAME
+          valueFrom:
+            secretKeyRef:
+      {{- if .Values.database.secrets.user }}
+              name: {{ tpl .Values.database.secrets.user.name . }}
+              key: {{ tpl .Values.database.secrets.user.key . }}
+      {{- else if .Values.database.user }}
+            {{- if not .Values.xray.unifiedSecretInstallation }}
+              name: {{ template "xray.fullname" . }}-database-creds
+            {{- else }}
+              name: "{{ template "xray.name" . }}-unified-secret"
+            {{- end }}
+              key: db-user
+      {{- end }}
+    {{- end }}
+    {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }}
+        - name: JF_SHARED_DATABASE_ACTUALUSERNAME
+          valueFrom:
+            secretKeyRef:
+      {{- if .Values.database.secrets.actualUsername }}
+              name: {{ tpl .Values.database.secrets.actualUsername.name . }}
+              key: {{ tpl .Values.database.secrets.actualUsername.key . }}
+      {{- else if .Values.database.actualUsername }}
+            {{- if not .Values.xray.unifiedSecretInstallation }}
+              name: {{ template "xray.fullname" . }}-database-creds
+            {{- else }}
+              name: "{{ template "xray.name" . }}-unified-secret"
+            {{- end }}
+              key: db-actualUsername
+      {{- end }}
+    {{- end }}
+    {{ if or .Values.database.secrets.password .Values.database.password .Values.postgresql.enabled }}
+        - name: JF_SHARED_DATABASE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+      {{- if .Values.database.secrets.password }}
+              name: {{ tpl .Values.database.secrets.password.name . }}
+              key: {{ tpl .Values.database.secrets.password.key . }}
+      {{- else if .Values.database.password }}
+            {{- if not .Values.xray.unifiedSecretInstallation }}
+              name: {{ template "xray.fullname" . }}-database-creds
+            {{- else }}
+              name: "{{ template "xray.name" . }}-unified-secret"
+            {{- end }}
+              key: db-password
+      {{- else if .Values.postgresql.enabled }}
+              name: {{ .Release.Name }}-postgresql
+              key: postgresql-password
+      {{- end }}
+    {{- end }}
+    {{- if or .Values.database.secrets.url .Values.database.url }}
+        - name: JF_SHARED_DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+      {{- if .Values.database.secrets.url }}
+              name: {{ tpl .Values.database.secrets.url.name . }}
+              key: {{ tpl .Values.database.secrets.url.key . }}
+      {{- else if .Values.database.url }}
+            {{- if not .Values.xray.unifiedSecretInstallation }}
+              name: {{ template "xray.fullname" . }}-database-creds
+            {{- else }}
+              name: "{{ template "xray.name" . }}-unified-secret"
+            {{- end }}
+              key: db-url
+      {{- end }}
+    {{- end }}
+    {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }}
+        - name: JF_SHARED_RABBITMQ_USERNAME
+          value: {{ include "rabbitmq.user" .}}
+        - name: JF_SHARED_RABBITMQ_URL
+          value: {{ include "rabbitmq.url" .}}
+        - name: JF_SHARED_RABBITMQ_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "rabbitmq.passwordSecretName" .}}
+              key: rabbitmq-password
+    {{- end }}
+        - name: XRAY_HA_NODE_ID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: XRAY_K8S_ENV
+          value: "true"
+        - name: EXECUTION_JOB_AES_KEY
+          valueFrom:
+            secretKeyRef:
+            {{- if not .Values.xray.unifiedSecretInstallation }}
+              name: {{ template "xray.executionServiceAesKeySecretName" . }}
+            {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }}
+              name: {{ template "xray.executionServiceAesKeySecretName" . }}
+            {{- else }}
+              name: "{{ template "xray.name" . }}-unified-secret"
+            {{- end }}
+              key: execution-service-aes-key
+      {{- if .Values.common.extraEnvVars }}
+      {{- tpl .Values.common.extraEnvVars . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.policyenforcer.extraEnvVars }}
+      {{- tpl .Values.policyenforcer.extraEnvVars . | nindent 8 }}
+      {{- end }}
+        ports:
+        - containerPort: {{ .Values.policyenforcer.internalPort }}
+          name: http-polenf
+        volumeMounts:
+        - name: data-volume
+          mountPath: "{{ .Values.xray.persistence.mountPath }}"
+{{- if or .Values.common.customVolumeMounts .Values.global.customVolumeMounts }}
+{{ tpl (include "xray.customVolumeMounts" .) . | indent 8 }}
+{{- end }}
+{{- with .Values.policyenforcer.customVolumeMounts }}
+{{ tpl . $ | indent 8 }}
+{{- end }}
+        resources:
+{{ toYaml .Values.policyenforcer.resources | indent 10 }}
+{{- if .Values.policyenforcer.startupProbe.enabled }}
+        startupProbe:
+{{ tpl .Values.policyenforcer.startupProbe.config . | indent 10 }}
+{{- end }}
+{{- if .Values.policyenforcer.livenessProbe.enabled }}
+        livenessProbe:
+{{ tpl .Values.policyenforcer.livenessProbe.config . | indent 10 }}
+{{- end }}
 {{- end }}
       - name: {{ .Values.indexer.name }}
         image: {{ include "xray.getImageInfoByValue" (list . "indexer") }}

diff --git a/stable/xray/templates/xray-ipa-svc.yaml b/stable/xray/templates/xray-ipa-svc.yaml
@@ -47,6 +47,12 @@ spec:
     port: {{ .Values.panoramic.externalPort }}
     protocol: TCP
     targetPort: {{ .Values.panoramic.internalPort }}
+{{- end }}
+{{- if .Values.policyenforcer.enabled }}
+  - name: http-polenf
+    port: {{ .Values.policyenforcer.externalPort }}
+    protocol: TCP
+    targetPort: {{ .Values.policyenforcer.internalPort }}
 {{- end }}
   selector:
     app: {{ template "xray.name" . }}

diff --git a/stable/xray/templates/xray-server-deployment.yaml b/stable/xray/templates/xray-server-deployment.yaml
@@ -27,10 +27,10 @@ spec:
 {{- if not .Values.autoscalingServer.enabled }}
   replicas: {{ .Values.replicaCountServer }}
 {{- end }}
+{{- with .Values.deployment.strategy }}
   strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
+{{ toYaml . | indent 4 }}
+{{- end }}
   selector:
     matchLabels:
       app: {{ template "xray.name" . }}