From c1ba357078ae638e05e51d486555995852b28155 Mon Sep 17 00:00:00 2001 From: Alex Domoradov Date: Mon, 15 May 2023 22:04:31 +0300 Subject: [PATCH] [pdn-server] 1.7.3 release --- stable/pdn-server/CHANGELOG.md | 11 +- stable/pdn-server/Chart.lock | 6 +- stable/pdn-server/Chart.yaml | 6 +- stable/pdn-server/templates/deployment.yaml | 7 +- stable/pdn-server/templates/hpa.yaml | 2 +- stable/pdn-server/templates/ingress.yaml | 21 ++- .../pdn-server/templates/networkpolicy.yaml | 55 +++---- stable/pdn-server/values.yaml | 141 ++++++++++++------ 8 files changed, 158 insertions(+), 91 deletions(-) diff --git a/stable/pdn-server/CHANGELOG.md b/stable/pdn-server/CHANGELOG.md index 0cd5bfc0c..ca62468cc 100644 --- a/stable/pdn-server/CHANGELOG.md +++ b/stable/pdn-server/CHANGELOG.md @@ -1,7 +1,16 @@ # JFrog PDN Server Chart Changelog All changes to this chart will be documented in this file. -## [101.6.2] - Mar 06, 2023 +## [101.7.3] - May 09, 2023 +* Added checksum annotation to pod to auto-restart upon change to system.yaml +* Fixed HPA template issue + +## [101.7.2] - May 07, 2023 +* Upgraded common chart dependency up to 0.0.6 +* Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1829` +* Fixed network policy template issue + +## [101.6.4] - Mar 06, 2023 * Updated initContainerImage `ubi9/ubi-minimal:9.1.0.1793` * Removed unused global values * Added `logLevel` option to systemYaml.pdnServer diff --git a/stable/pdn-server/Chart.lock b/stable/pdn-server/Chart.lock index d70d40b1f..c0bc5a6dd 100644 --- a/stable/pdn-server/Chart.lock +++ b/stable/pdn-server/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: jfrog-common repository: https://charts.jfrog.io/ - version: 0.0.5 + version: 0.0.6 - name: nginx repository: https://charts.jfrog.io/ version: 13.2.13 -digest: sha256:17f094c80e9db4be374377fca372e52cd84fa4d45d6c2474eed48e9a9a051bbe -generated: "2023-02-09T18:19:29.166636+02:00" +digest: sha256:e66497241d7d5eaefd6561077d1e18aaa82644184ab29d5a817a273ff04a97f0 +generated: "2023-05-06T22:58:29.56475+03:00" diff --git a/stable/pdn-server/Chart.yaml b/stable/pdn-server/Chart.yaml index 736ef383d..aaaaaef91 100644 --- a/stable/pdn-server/Chart.yaml +++ b/stable/pdn-server/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 1.6.2 +appVersion: 1.7.3 dependencies: - name: jfrog-common repository: https://charts.jfrog.io/ - version: 0.0.5 + version: 0.0.6 - condition: nginx.enabled name: nginx repository: https://charts.jfrog.io/ @@ -24,4 +24,4 @@ name: pdn-server sources: - https://github.com/jfrog/charts type: application -version: 101.6.2 +version: 101.7.3 diff --git a/stable/pdn-server/templates/deployment.yaml b/stable/pdn-server/templates/deployment.yaml index 0baa61a3e..bd906a68d 100644 --- a/stable/pdn-server/templates/deployment.yaml +++ b/stable/pdn-server/templates/deployment.yaml @@ -11,7 +11,9 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} template: @@ -21,6 +23,7 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} {{- end }} annotations: + systemYaml/checksum: {{ include (print $.Template.BasePath "/system-yaml.yaml") . | sha256sum }} {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} {{- end }} @@ -173,9 +176,7 @@ spec: command: - '/bin/bash' - '-c' - - |- - exec /opt/jfrog/pdnserver/app/pdnserver/bin/pdnserver.sh; - exec /opt/jfrog/router/app/bin/entrypoint-router.sh + - exec /opt/jfrog/pdnserver/app/pdnserver/bin/pdnserver.sh env: - name: JF_SHARED_NODE_ID valueFrom: diff --git a/stable/pdn-server/templates/hpa.yaml b/stable/pdn-server/templates/hpa.yaml index a0f1afed6..7db267cd7 100644 --- a/stable/pdn-server/templates/hpa.yaml +++ b/stable/pdn-server/templates/hpa.yaml @@ -15,7 +15,7 @@ metadata: spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet + kind: Deployment name: {{ include "pdn-server.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} diff --git a/stable/pdn-server/templates/ingress.yaml b/stable/pdn-server/templates/ingress.yaml index ee5c58b5a..f358fdd2d 100644 --- a/stable/pdn-server/templates/ingress.yaml +++ b/stable/pdn-server/templates/ingress.yaml @@ -2,26 +2,25 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "pdn-server.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} + {{- end }} spec: {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} ingressClassName: {{ .Values.ingress.ingressClassName | quote }} {{- end }} rules: {{- if .Values.ingress.hostname }} - - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.hostname "context" $ ) }} + - host: {{ .Values.ingress.hostname }} http: paths: {{- if .Values.ingress.extraPaths }} @@ -31,17 +30,17 @@ spec: {{- if eq "true" (include "common.ingress.supportsPathType" .) }} pathType: {{ .Values.ingress.pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.service.managerPortName "context" $) | nindent 14 }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "secure-grpc" "context" $) | nindent 14 }} {{- end }} {{- range .Values.ingress.extraHosts }} - - host: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }} + - host: {{ .name | quote }} http: paths: - path: {{ default "/" .path }} {{- if eq "true" (include "common.ingress.supportsPathType" $) }} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" .Values.service.managerPortName "context" $) | nindent 14 }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "secure-grpc" "context" $) | nindent 14 }} {{- end }} {{- if .Values.ingress.extraRules }} {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} diff --git a/stable/pdn-server/templates/networkpolicy.yaml b/stable/pdn-server/templates/networkpolicy.yaml index 5383cf26c..d0cd376bb 100644 --- a/stable/pdn-server/templates/networkpolicy.yaml +++ b/stable/pdn-server/templates/networkpolicy.yaml @@ -1,33 +1,34 @@ -{{- range .Values.networkPolicy }} -apiVersion: networking.k8s.io/v1 +{{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 metadata: - name: {{ template "pdn-server.fullname" $ }} - labels: - app: {{ template "pdn-server.name" $ }} - chart: {{ template "pdn-server.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} + name: {{ include "pdn-server.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: -{{- if .podSelector }} podSelector: -{{ .podSelector | toYaml | trimSuffix "\n" | indent 4 -}} -{{ else }} - podSelector: {} -{{- end }} - policyTypes: - {{- if .ingress }} - - Ingress - {{- end }} - {{- if .egress }} - - Egress - {{- end }} -{{- if .ingress }} + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} ingress: -{{ .ingress | toYaml | trimSuffix "\n" | indent 2 -}} -{{- end }} -{{- if .egress }} - egress: -{{ .egress | toYaml | trimSuffix "\n" | indent 2 -}} + {{- if not .Values.networkPolicy.allowExternal }} + - ports: + - port: 8082 + protocol: TCP + - port: 8093 + protocol: TCP + - port: 8095 + protocol: TCP + from: + - podSelector: + matchLabels: + {{ template "pdn-server.fullname" . }}-client: "true" + - podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 14 }} + {{- if .Values.networkPolicy.additionalRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }} + {{- end }} + {{- end }} {{- end }} -{{- end -}} diff --git a/stable/pdn-server/values.yaml b/stable/pdn-server/values.yaml index 839e9569a..b8873ac1f 100644 --- a/stable/pdn-server/values.yaml +++ b/stable/pdn-server/values.yaml @@ -90,7 +90,7 @@ jfrogUrl: "" systemYaml: | router: serviceRegistry: - insecure: false + insecure: {{ .Values.router.serviceRegistry.insecure }} pdnServer: logLevel: info metrics: @@ -213,52 +213,86 @@ service: ## annotations: ## external-dns.alpha.kubernetes.io/internal-hostname: pdnserver.example.com annotationsHeadless: {} -## Configure the ingress resource that allows you to access the -## event installation. Set up the URL -## Ref: https://kubernetes.io/docs/user-guide/ingress/ +## @section pdn-server ingress parameters +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## ingress: - ## @param ingress.enabled Enable ingress resource for Management console + ## @param ingress.enabled Enable ingress record generation for pdn-server + ## enabled: false - ## @param ingress.path Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. - path: / ## @param ingress.pathType Ingress path type + ## pathType: ImplementationSpecific - ## @param ingress.hostname Default host for the ingress resource + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## hostname: pdnserver.local - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate auto-generation, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see - ## Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name - annotations: {} - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## + ## ** Note that backend-protocol annotation is required to support GRPC traffic. If you are using a non-nginx ingress controller, this annotation + ## ** must be changed accordingly. For examples and more information see: https://kubernetes.github.io/ingress-nginx/examples/grpc/ + ## + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: pdnserver.local ## path: / + ## extraHosts: [] - ## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template - ## Useful when looking for additional customization, such as using different backend - extraRules: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## e.g: ## extraTls: - ## - hosts: - ## - pdnserver.local - ## secretName: pdnserver.local-tls + ## - hosts: + ## - pdnserver.local + ## secretName: pdnserver.local-tls + ## extraTls: [] ## @param ingress.secrets Custom TLS certificates as secrets ## NOTE: 'key' and 'certificate' are expected in PEM format ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart + ## If it is not set, and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set, and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside this helm chart ## Please see README.md for more information ## e.g: ## secrets: @@ -271,11 +305,22 @@ ingress: ## -----BEGIN CERTIFICATE----- ## ... ## -----END CERTIFICATE----- + ## secrets: [] - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## Ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ingressClassName: "" + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] ## Specify common probes parameters probes: timeoutSeconds: 5 @@ -435,6 +480,8 @@ router: repository: jfrog/router tag: 7.56.0 pullPolicy: IfNotPresent + serviceRegistry: + insecure: false tlsEnabled: false ## router container resource requests and limits ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ @@ -570,17 +617,27 @@ persistence: annotations: {} ## Network Policy configuration ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -networkPolicy: [] -## Allows all ingress and egress -## - name: pdn-server -## podSelector: -## matchLabels: -## app: pdn-server -## egress: -## - {} -## ingress: -## - {} - +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports PDN is listening on. + ## When set to true, integration will accept connections from any source + ## (with the correct destination port). + allowExternal: true + ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set. + ## Note: All rules are OR-ed. + ## Example: + ## additionalRules: + ## - matchLabels: + ## - app.kubernetes.io/name: pdn-server + ## - matchExpressions: + ## - key: app.kubernetes.io/name + ## operator: In + ## values: + ## - pdn-server + additionalRules: [] ## @section Init Container Parameters ## Init Container parameters initContainers: @@ -601,7 +658,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.1.0.1793 + tag: 9.1.0.1829 ## Specify a image PullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images