JFrog Platform on Openshift official support was added to the JFrog Helm Charts.
JFrog highly recommends using Helm Charts for deployments on Openshift clusters.
For more information, see Install Artifactory HA and Install Xray HA.
The JFrog Openshift Operators are maintained as alternative method of deploying JFrog products for OpenShift platforms.
| Folder | Purpose |
|---|---|
| helm | Contains the Openshift Helm charts used by the Operator |
| helm/openshift-artifactory-ha | Openshift Artifactory HA helm chart |
| helm/openshift-xray | Openshift Xray helm chart |
| helm/openshift-pipelines | Opneshift Pipelines helm chart |
| operator | Contains the Openshift certified operators code base |
| operator/artifactory-ha-operator | Artifactory Enterprise Operator |
| operator/xray-operator | Xray Enterprise Operator |
| operator/pipeline-operator | Pipelines Operator (Beta) |
You can find the Redhat certified Operators in the Operatorhub in your Openshift web console.
You will need to be an administrator of your Openshift cluster to install our operator.
The restricted security context constraint will prevent the helm or operator from deploying into Openshift on most namespaces.
To enable either the helm chart or operator to deploy into your Openshift cluster access to the anyuid security context constraint will need to be apply to the relevant service account in the associated namespace.
Below is an example of applying the anyuid scc to the service account openshiftartifactoryha-artifactory-ha in the namespace artifactory:
oc adm policy add-scc-to-user anyuid -z openshiftartifactoryha-artifactory-ha -n artifactory
Once the anyuid scc has been applied to the correct service accounts the helm charts or operators will deploy into your Openshift cluster.
The images uploaded to registry.redhat.connect.com that the helm charts and operators use have been modified from the standard docker images available at docker.bintray.io
These images have been customized to run in the Openshift user id and group id range of 1000720000/10000
If you need to use another custom user id and/or group id range you can change the uid and gid values in values.yaml of the relevant helm chart or operator yaml deployment.
Some environments do not allow root. In these scenarios users can remove the customInitContainersBegin from the example values.yaml below:
customInitContainersBegin: |
- name: "prepare-uid-persistent-volume"
image: "{{ .Values.initContainerImage }}"
imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
command:
- 'sh'
- '-c'
- >
chown -Rv {{ .Values.artifactory.uid }}:{{ .Values.artifactory.uid }} {{ .Values.artifactory.persistence.mountPath }}
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
name: volume
Once this has been removed there is no other root user permissions are required to deploy into Openshift.
The charts in the helm folder are used specifically to create the helm based operator for the certification process to enable it into the Openshift Operatorhub as a certified operator.
The values.yaml contained in those relevant charts have been modified to work in Redhat Openshift. The base chart however has not been changed only made a sub-chart.
Helm users can reference the values.yaml to modify their own deployments to work with Openshift.
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
Github issues are the preferred way to communicate with the team. The team is notified via Slack when a new issue is created.