Merge pull request #1672 from jfrog/pipelines-1.27.5

[pipelines] 1.27.5 release
jfrog · Oct 4, 2022 · ce1beba · ce1beba
2 parents bcc1de0 + 4bead0f
commit ce1beba
Show file tree

Hide file tree

Showing 6 changed files with 139 additions and 92 deletions.
diff --git a/stable/pipelines/CHANGELOG.md b/stable/pipelines/CHANGELOG.md
@@ -1,14 +1,22 @@
 # JFrog Pipelines Chart Changelog
 All changes to this chart to be documented in this file.
 
-## [101.26.0] - Aug 2, 2022
+## [101.27.5] - Sep 28, 2022
+* Added `observability` service in pipelines
+* Removed `newProbes.enabled`, default to new probes
+* Fixed bug for `unifiedSecretInstallation` support in observability
+* Fixed stringData secret keys value issue, moving data to stringData vault.sql and postgresql-connection keys
+
+## [101.26.0] - Aug 25, 2022
 * Added flag `pipelines.schedulerName` to set for the pods the value of schedulerName field [GH-1606](https://github.com/jfrog/charts/issues/1606)
 * Added config to reset log level
+* Change default go runtime images to 1.19
 
-## [101.25.0] - July 21, 2022
+## [101.25.0] - Aug 25, 2022
 * Additional fix for default path for api external url
 * Fixed custom CA init container behavior
 * Updated rabbitmq version to `3.9.21-debian-11-r0`
+* Added support to truncate (> 63 chars) for unifiedCustomSecretVolumeName
 
 ## [101.24.2] - June 22, 2022
 * Only set k8sImagePullSecret key if one is configured in values.yaml

diff --git a/stable/pipelines/Chart.yaml b/stable/pipelines/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.26.0
+appVersion: 1.27.5
 dependencies:
 - condition: postgresql.enabled
   name: postgresql
@@ -32,4 +32,4 @@ name: pipelines
 sources:
 - https://github.com/jfrog/charts
 type: application
-version: 101.26.0
+version: 101.27.5
diff --git a/stable/pipelines/templates/_helpers.tpl b/stable/pipelines/templates/_helpers.tpl
@@ -331,55 +331,11 @@ if [ -f /tmp/certs/tls.crt ]; then cp -v /tmp/certs/tls.crt {{ .Values.pipelines
 chown -R 1066:1066 {{ .Values.pipelines.mountPath }}
 {{- end -}}
 
-{{/*
-pipelines liveness probe
-*/}}
-{{- define "pipelines.livenessProbe" -}}
-{{- if .Values.newProbes -}}
-{{- printf "%s" "/v1/system/liveness" -}}
-{{- else -}}
-{{- printf "%s" "/" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-pipelines readiness probe
-*/}}
-{{- define "pipelines.readinessProbe" -}}
-{{- if .Values.newProbes -}}
-{{- printf "%s" "/v1/system/readiness" -}}
-{{- else -}}
-{{- printf "%s" "/" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-router liveness probe
-*/}}
-{{- define "pipelines.router.livenessProbe" -}}
-{{- if .Values.newProbes -}}
-{{- printf "%s" "/router/api/v1/system/liveness" -}}
-{{- else -}}
-{{- printf "%s" "/router/api/v1/system/health" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-router readiness probe
-*/}}
-{{- define "pipelines.router.readinessProbe" -}}
-{{- if .Values.newProbes -}}
-{{- printf "%s" "/router/api/v1/system/readiness" -}}
-{{- else -}}
-{{- printf "%s" "/router/api/v1/system/health" -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Resolve pipelines requiredServiceTypes value
 */}}
 {{- define "pipelines.router.requiredServiceTypes" -}}
-{{- $requiredTypes := "jfpip" -}}
+{{- $requiredTypes := "jfpip,jfob" -}}
 {{- $requiredTypes -}}
 {{- end -}}
 
@@ -399,7 +355,7 @@ nodeSelector:
 Resolve unifiedCustomSecretVolumeName value
 */}}
 {{- define "pipelines.unifiedCustomSecretVolumeName" -}}
-{{- printf "%s-%s" (include "pipelines.name" .) ("unified-secret-volume") -}}
+{{- printf "%s-%s" (include "pipelines.name" .) ("unified-secret-volume") | trunc 63 -}}
 {{- end -}}
 
 {{/*

diff --git a/stable/pipelines/templates/pipelines-statefulset.yaml b/stable/pipelines/templates/pipelines-statefulset.yaml
@@ -454,6 +454,47 @@ spec:
           {{- if .Values.pipelines.router.readinessProbe.enabled }}
           readinessProbe:
 {{ tpl .Values.pipelines.router.readinessProbe.config . | indent 12 }}
+        {{- end }}
+        - name: observability
+          image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "observability" ) }}
+          imagePullPolicy: {{ .Values.pipelines.observability.image.pullPolicy }}
+          securityContext:
+            runAsNonRoot: false
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - NET_RAW
+          env:
+            - name: JF_SHARED_SECURITY_MASTERKEY
+              valueFrom:
+                secretKeyRef:
+                {{- if not .Values.pipelines.unifiedSecretInstallation }}
+                  name: "{{ include "pipelines.masterKeySecretName" . }}"
+                {{- else }}
+                  name: "{{ template "pipelines.name" . }}-unified-secret"
+                {{- end }}
+                  key: master-key
+            - name: JF_SHARED_SECURITY_JOINKEY
+              valueFrom:
+                secretKeyRef:
+                {{- if not .Values.pipelines.unifiedSecretInstallation }}
+                  name: "{{ include "pipelines.joinKeySecretName" . }}"
+                {{- else }}
+                  name: "{{ template "pipelines.name" . }}-unified-secret"
+                {{- end }}
+                  key: join-key
+          resources:
+            {{ toYaml .Values.pipelines.observability.resources | indent 12 }}
+          {{- if .Values.pipelines.observability.startupProbe.enabled }}
+          volumeMounts:
+          - name: jfrog-pipelines-logs
+            mountPath: {{ .Values.pipelines.observability.logPath }}
+          startupProbe:
+{{ tpl .Values.pipelines.observability.startupProbe.config . | indent 12 }}
+        {{- end }}
+        {{- if .Values.pipelines.observability.livenessProbe.enabled }}
+          livenessProbe:
+{{ tpl .Values.pipelines.observability.livenessProbe.config . | indent 12 }}
         {{- end }}
         - name: api
           image: {{ include "pipelines.getImageInfoByValue" (list . "pipelines" "api" ) }}

diff --git a/stable/pipelines/templates/pipelines-unified-secret.yaml b/stable/pipelines/templates/pipelines-unified-secret.yaml
@@ -23,6 +23,32 @@ stringData:
 {{- end }}
 {{- end }}
 
+  vault.sql: |
+    CREATE TABLE IF NOT EXISTS vault_kv_store (
+      parent_path TEXT COLLATE "C" NOT NULL,
+      path        TEXT COLLATE "C",
+      key         TEXT COLLATE "C",
+      value       BYTEA,
+      CONSTRAINT pkey PRIMARY KEY (path, key)
+    );
+
+    CREATE INDEX parent_path_idx ON vault_kv_store (parent_path);
+
+    CREATE TABLE IF NOT EXISTS vault_ha_locks (
+      ha_key                                      TEXT COLLATE "C" NOT NULL,
+      ha_identity                                 TEXT COLLATE "C" NOT NULL,
+      ha_value                                    TEXT COLLATE "C",
+      valid_until                                 TIMESTAMP WITH TIME ZONE NOT NULL,
+      CONSTRAINT ha_key PRIMARY KEY (ha_key)
+    );
+
+  postgresql-connection: |
+    {{- if .Values.postgresql.enabled }}
+    {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }}
+    {{- else }}
+    {{ tpl .Values.global.postgresql.host . }} {{ .Values.global.postgresql.port }}
+    {{- end }}
+
 data:
   {{- if or .Values.pipelines.masterKey .Values.global.masterKey }}
   {{- if not (or .Values.pipelines.masterKeySecretName .Values.global.masterKeySecretName) }}