diff --git a/stable/xray/CHANGELOG.md b/stable/xray/CHANGELOG.md index 37a3599bd..169f0ec2f 100644 --- a/stable/xray/CHANGELOG.md +++ b/stable/xray/CHANGELOG.md @@ -1,8 +1,12 @@ # JFrog Xray Chart Changelog All changes to this chart will be documented in this file. -## [103.107.21] - November 27, 2024 -* Added support to read rabbitmq and database secrets from mounted secret files +## [103.111.9] - Jan 15, 2025 +* Fix an issue with a warning in the rabbitmq password check +* Updated rabbitmq multi-arch tag version to to `3.13.7-debian-12-r5` +* Updated bitnami kubectl multi-arch tag version to to `1.32.0` + +## [103.109.0] - Nov 27, 2024 * **Important changes** * Upgrade rabbitmq chart version to 14.6.6 * Added catalog as a dependency chart @@ -13,6 +17,14 @@ All changes to this chart will be documented in this file. * if you have customised any keys, make sure to validate it with the 15.5.20 chart * Delete the postgresql statefulset and postgresql secret before the upgrade. for more information, please refer the [xray upgrade docs](https://jfrog.com/help/r/jfrog-installation-setup-documentation/upgrading-xray) +## [103.108.0] - Nov 11, 2024 +* Introduced a validation check in the template to warn users against using the default RabbitMQ password. If a default password is found, the installation will be paused, prompting users to update their credentials before proceeding. +* Fix for panoramic env indentation [GH-1919](https://github.com/jfrog/charts/pull/1919) +* Added memory metric targetMemoryUtilizationPercentage to Xray Horizontal Pod Scaler + +## [103.107.0] - September 26, 2024 +* Added support to read rabbitmq and database secrets from mounted secret files + ## [103.105.0] - August 22, 2024 * Added support for `serviceAccount.annotations`to be passed to chart [GH-1841](https://github.com/jfrog/charts/pull/1841) * Updated rabbitmq multi-arch tag version to to `3.13.6-debian-12-r1` diff --git a/stable/xray/Chart.lock b/stable/xray/Chart.lock index 740413c1a..f0d17b970 100644 --- a/stable/xray/Chart.lock +++ b/stable/xray/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 14.6.6 - name: catalog repository: https://charts.jfrog.io/ - version: 101.7.3 -digest: sha256:64d23e13fb197b92e3c3dfe7497a933c87656b575182485b4d28ca8a0b5967ca -generated: "2024-12-02T15:25:33.588122+05:30" + version: 101.10.0 +digest: sha256:f5128e32fcfd3e3e9e163779bba2e576c24709ac38f7d58ce3217c114a4ca4c8 +generated: "2025-01-08T14:54:51.409033+05:30" diff --git a/stable/xray/Chart.yaml b/stable/xray/Chart.yaml index fa2349397..e41a0c216 100644 --- a/stable/xray/Chart.yaml +++ b/stable/xray/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.107.21 +appVersion: 3.111.9 dependencies: - condition: postgresql.enabled name: postgresql @@ -12,7 +12,7 @@ dependencies: - condition: catalog.enabled name: catalog repository: https://charts.jfrog.io/ - version: 101.7.3 + version: 101.10.0 description: Universal component scan for security and license inventory and impact analysis home: https://www.jfrog.com/xray/ @@ -28,4 +28,4 @@ name: xray sources: - https://github.com/jfrog/charts type: application -version: 103.107.21 +version: 103.111.9 diff --git a/stable/xray/ci/default-values.yaml b/stable/xray/ci/default-values.yaml index 4c597a8ff..b25aa81b5 100644 --- a/stable/xray/ci/default-values.yaml +++ b/stable/xray/ci/default-values.yaml @@ -19,7 +19,7 @@ postgresql: rabbitmq: auth: username: guest - password: password + password: rabbitmqpass persistence: enabled: false @@ -81,7 +81,6 @@ panoramic: policyenforcer: - enabled: false resources: requests: memory: "300Mi" diff --git a/stable/xray/files/system.yaml b/stable/xray/files/system.yaml index 76a4d89cb..b9ee79c6b 100644 --- a/stable/xray/files/system.yaml +++ b/stable/xray/files/system.yaml @@ -67,10 +67,6 @@ server: migrate_msgs_from_other_rabbitmq: {{ toYaml .Values.global.xray.rabbitmq.migrateMessagesFromOtherRabbitMq | nindent 6 }} {{- end }} {{- end }} -{{- if .Values.policyenforcer.enabled }} -policyenforcer: - enabled: true -{{- end }} {{- if (include "xray.imagePullSecretsStrList" .) }} executionService: pullSecret: diff --git a/stable/xray/sizing/xray-2xlarge.yaml b/stable/xray/sizing/xray-2xlarge.yaml index e2110e4c0..2ac5df1a7 100644 --- a/stable/xray/sizing/xray-2xlarge.yaml +++ b/stable/xray/sizing/xray-2xlarge.yaml @@ -76,7 +76,7 @@ observability: memory: 250Mi panoramic: - enabled: true + enabled: false resources: requests: cpu: "100m" diff --git a/stable/xray/sizing/xray-large.yaml b/stable/xray/sizing/xray-large.yaml index f4a3bd477..5a4ce63b0 100644 --- a/stable/xray/sizing/xray-large.yaml +++ b/stable/xray/sizing/xray-large.yaml @@ -76,7 +76,7 @@ observability: memory: 250Mi panoramic: - enabled: true + enabled: false resources: requests: cpu: "100m" diff --git a/stable/xray/sizing/xray-medium.yaml b/stable/xray/sizing/xray-medium.yaml index 7983f50e3..02a9492ba 100644 --- a/stable/xray/sizing/xray-medium.yaml +++ b/stable/xray/sizing/xray-medium.yaml @@ -76,7 +76,7 @@ observability: memory: 250Mi panoramic: - enabled: true + enabled: false resources: requests: cpu: "100m" diff --git a/stable/xray/sizing/xray-small.yaml b/stable/xray/sizing/xray-small.yaml index 1267250c4..e14f7411c 100644 --- a/stable/xray/sizing/xray-small.yaml +++ b/stable/xray/sizing/xray-small.yaml @@ -76,7 +76,7 @@ observability: memory: 250Mi panoramic: - enabled: true + enabled: false resources: requests: cpu: "100m" diff --git a/stable/xray/sizing/xray-xlarge.yaml b/stable/xray/sizing/xray-xlarge.yaml index ebc6511b4..68079268d 100644 --- a/stable/xray/sizing/xray-xlarge.yaml +++ b/stable/xray/sizing/xray-xlarge.yaml @@ -76,7 +76,7 @@ observability: memory: 250Mi panoramic: - enabled: true + enabled: false resources: requests: cpu: "100m" diff --git a/stable/xray/sizing/xray-xsmall.yaml b/stable/xray/sizing/xray-xsmall.yaml index 9b71886b6..7d9662076 100644 --- a/stable/xray/sizing/xray-xsmall.yaml +++ b/stable/xray/sizing/xray-xsmall.yaml @@ -76,7 +76,7 @@ observability: memory: 250Mi panoramic: - enabled: true + enabled: false resources: requests: cpu: "30m" diff --git a/stable/xray/templates/_helpers.tpl b/stable/xray/templates/_helpers.tpl index 1b2e7affb..df80bb7cf 100644 --- a/stable/xray/templates/_helpers.tpl +++ b/stable/xray/templates/_helpers.tpl @@ -449,7 +449,7 @@ Return the proper xray chart image names {{- $registryName := index $dot.Values $indexReference "image" "registry" -}} {{- $repositoryName := index $dot.Values $indexReference "image" "repository" -}} {{- $tag := default $dot.Chart.AppVersion (index $dot.Values $indexReference "image" "tag") | toString -}} -{{- if and $dot.Values.common.xrayVersion (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer") (eq $indexReference "panoramic")) }} +{{- if and $dot.Values.common.xrayVersion (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer") (eq $indexReference "policyenforcer") (eq $indexReference "panoramic")) }} {{- $tag = $dot.Values.common.xrayVersion | toString -}} {{- end -}} {{- if $dot.Values.global }} @@ -459,7 +459,7 @@ Return the proper xray chart image names {{- if and $dot.Values.global.versions.initContainers (eq $indexReference "initContainers") }} {{- $tag = $dot.Values.global.versions.initContainers | toString -}} {{- end -}} - {{- if and $dot.Values.global.versions.xray (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer") (eq $indexReference "panoramic")) }} + {{- if and $dot.Values.global.versions.xray (or (eq $indexReference "persist") (eq $indexReference "server") (eq $indexReference "analysis") (eq $indexReference "sbom") (eq $indexReference "indexer") (eq $indexReference "policyenforcer") (eq $indexReference "panoramic")) }} {{- $tag = $dot.Values.global.versions.xray | toString -}} {{- end -}} {{- if $dot.Values.global.imageRegistry }} @@ -526,7 +526,7 @@ for file in $(ls * | grep -v ":" | grep -v grep); do if [ -f "${file}" ]; then c Resolve xray requiredServiceTypes value */}} {{- define "xray.router.requiredServiceTypes" -}} -{{- $requiredTypes := "jfxr,jfxana,jfxidx,jfxpst,jfob" -}} +{{- $requiredTypes := "jfxr,jfxana,jfxidx,jfxpst,jfxpe,jfob" -}} {{- $requiredTypes -}} {{- end -}} @@ -534,7 +534,7 @@ Resolve xray requiredServiceTypes value Resolve xray ipa requiredServiceTypes value */}} {{- define "xray.router.ipa.requiredServiceTypes" -}} -{{- $requiredTypes := "jfxana,jfxidx,jfxpst,jfob" -}} +{{- $requiredTypes := "jfxana,jfxidx,jfxpst,jfxpe,jfob" -}} {{- $requiredTypes -}} {{- end -}} @@ -624,6 +624,9 @@ Resolve autoscalingQueues value for ipa queueName: {{ .name }} mode: QueueLength value: "{{ .value }}" +{{- if $.Values.global.xray.rabbitmq.haQuorum.enabled }} + vhostName: "{{ $.Values.global.xray.rabbitmq.haQuorum.vhost }}" +{{- end }} authenticationRef: name: keda-trigger-auth-rabbitmq-conn-xray {{- end }} @@ -643,6 +646,9 @@ Resolve autoscalingQueues value for server queueName: {{ .name }} mode: QueueLength value: "{{ .value }}" +{{- if $.Values.global.xray.rabbitmq.haQuorum.enabled }} + vhostName: "{{ $.Values.global.xray.rabbitmq.haQuorum.vhost }}" +{{- end }} authenticationRef: name: keda-trigger-auth-rabbitmq-conn-xray {{- end }} diff --git a/stable/xray/templates/keys-warnings.yaml b/stable/xray/templates/keys-warnings.yaml index a6ceccc56..67765120e 100644 --- a/stable/xray/templates/keys-warnings.yaml +++ b/stable/xray/templates/keys-warnings.yaml @@ -1,3 +1,7 @@ +{{- if and (not .Release.IsUpgrade) (eq .Values.rabbitmq.auth.password "password") .Values.rabbitmq.enabled }} +{{- fail "\n\n**************************************\nSTOP! INSTALLATION not allowed with the default RabbitMQ password!\nPlease change the RabbitMQ password from the default value before proceeding with the installation.\n**************************************\n" }} +{{- end }} + {{- if .Values.postgresql.enabled }} {{- if .Values.postgresql.postgresqlPassword }} {{- fail "\n\nThe key 'postgresql.postgresqlPassword' is not supported in the latest packaged version of Postgres in this chart.\nUse the new key 'postgresql.auth.postgresPassword' to proceed with installation.\n" }} diff --git a/stable/xray/templates/xray-hpa.yaml b/stable/xray/templates/xray-hpa.yaml index 3233546c7..196b42751 100644 --- a/stable/xray/templates/xray-hpa.yaml +++ b/stable/xray/templates/xray-hpa.yaml @@ -27,5 +27,11 @@ spec: target: type: Utilization averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} \ No newline at end of file diff --git a/stable/xray/templates/xray-ipa-deployment.yaml b/stable/xray/templates/xray-ipa-deployment.yaml index d77251bfb..3e8403dbe 100644 --- a/stable/xray/templates/xray-ipa-deployment.yaml +++ b/stable/xray/templates/xray-ipa-deployment.yaml @@ -763,93 +763,93 @@ spec: {{ toYaml . | indent 10 }} {{- end }} env: - - name: JF_SKIPENTLICCHECKFORCLOUD - value: "true" + - name: JF_SKIPENTLICCHECKFORCLOUD + value: "true" {{ include "xray.envVariables" . | indent 8 }} {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} - - name: JF_SHARED_RABBITMQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_URL - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} {{- end }} {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds + name: {{ template "xray.fullname" . }}-database-creds {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: db-user + key: db-user {{- end }} {{- end }} {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} - - name: JF_SHARED_DATABASE_ACTUALUSERNAME - valueFrom: - secretKeyRef: + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: {{- if .Values.database.secrets.actualUsername }} - name: {{ tpl .Values.database.secrets.actualUsername.name . }} - key: {{ tpl .Values.database.secrets.actualUsername.key . }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} {{- else if .Values.database.actualUsername }} {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds + name: {{ template "xray.fullname" . }}-database-creds {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: db-actualUsername + key: db-actualUsername {{- end }} {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} {{- else if .Values.database.url }} {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds + name: {{ template "xray.fullname" . }}-database-creds {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: db-url + key: db-url {{- end }} {{- end }} {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} - - name: JF_SHARED_RABBITMQ_USERNAME - value: {{ include "rabbitmq.user" .}} - - name: JF_SHARED_RABBITMQ_URL - value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} {{- end }} - - name: XRAY_HA_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: XRAY_K8S_ENV - value: "true" - - name: EXECUTION_JOB_AES_KEY - valueFrom: - secretKeyRef: + - name: XRAY_HA_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: XRAY_K8S_ENV + value: "true" + - name: EXECUTION_JOB_AES_KEY + valueFrom: + secretKeyRef: {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.executionServiceAesKeySecretName" . }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }} - name: {{ template "xray.executionServiceAesKeySecretName" . }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: execution-service-aes-key + key: execution-service-aes-key {{- if .Values.common.extraEnvVars }} {{- tpl .Values.common.extraEnvVars . | nindent 8 }} {{- end }} @@ -879,7 +879,6 @@ spec: {{ tpl .Values.panoramic.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} -{{- if .Values.policyenforcer.enabled }} - name: {{ .Values.policyenforcer.name }} image: {{ include "xray.getImageInfoByValue" (list . "policyenforcer") }} imagePullPolicy: {{ .Values.imagePullPolicy }} @@ -1018,7 +1017,6 @@ spec: {{- if .Values.policyenforcer.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.policyenforcer.livenessProbe.config . | indent 10 }} -{{- end }} {{- end }} - name: {{ .Values.indexer.name }} image: {{ include "xray.getImageInfoByValue" (list . "indexer") }} @@ -1325,31 +1323,33 @@ spec: {{- if or .Values.xray.nodeSelector .Values.global.nodeSelector }} {{ tpl (include "xray.nodeSelector" .) . | indent 6 }} {{- end }} - {{- if .Values.affinity }} - {{- with .Values.affinity }} + {{- if .Values.ipa.affinity }} + {{- with .Values.ipa.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} - {{- else if eq .Values.xray.podAntiAffinity.type "soft" }} + {{- else if eq .Values.ipa.podAntiAffinity.type "soft" }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: - topologyKey: {{ .Values.xray.podAntiAffinity.topologyKey }} + topologyKey: {{ .Values.ipa.podAntiAffinity.topologyKey }} labelSelector: matchLabels: app: {{ template "xray.name" . }} release: {{ .Release.Name }} - {{- else if eq .Values.xray.podAntiAffinity.type "hard" }} + servicename: ipa + {{- else if eq .Values.ipa.podAntiAffinity.type "hard" }} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.xray.podAntiAffinity.topologyKey }} + - topologyKey: {{ .Values.ipa.podAntiAffinity.topologyKey }} labelSelector: matchLabels: app: {{ template "xray.name" . }} release: {{ .Release.Name }} + servicename: ipa {{- end }} {{- with .Values.tolerations }} tolerations: diff --git a/stable/xray/templates/xray-ipa-svc.yaml b/stable/xray/templates/xray-ipa-svc.yaml index 529f2571e..dfd1ac8f0 100644 --- a/stable/xray/templates/xray-ipa-svc.yaml +++ b/stable/xray/templates/xray-ipa-svc.yaml @@ -48,12 +48,10 @@ spec: protocol: TCP targetPort: {{ .Values.panoramic.internalPort }} {{- end }} -{{- if .Values.policyenforcer.enabled }} - name: http-polenf port: {{ .Values.policyenforcer.externalPort }} protocol: TCP targetPort: {{ .Values.policyenforcer.internalPort }} -{{- end }} selector: app: {{ template "xray.name" . }} component: {{ .Values.xray.name }} diff --git a/stable/xray/templates/xray-keda-hpa-ipa.yaml b/stable/xray/templates/xray-keda-hpa-ipa.yaml index f9776b4b9..36a1128e3 100644 --- a/stable/xray/templates/xray-keda-hpa-ipa.yaml +++ b/stable/xray/templates/xray-keda-hpa-ipa.yaml @@ -9,6 +9,15 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "xray.fullname" . }}-ipa + {{- if or .Values.global.autoscaling.keda.annotations .Values.autoscalingIpa.keda.annotations }} + annotations: + {{- with .Values.global.autoscaling.keda.annotations }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.autoscalingIpa.keda.annotations }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- end }} spec: scaleTargetRef: kind: Deployment diff --git a/stable/xray/templates/xray-keda-hpa-server.yaml b/stable/xray/templates/xray-keda-hpa-server.yaml index 145e933c3..98f7856f6 100644 --- a/stable/xray/templates/xray-keda-hpa-server.yaml +++ b/stable/xray/templates/xray-keda-hpa-server.yaml @@ -9,6 +9,15 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "xray.fullname" . }}-server + {{- if or .Values.global.autoscaling.keda.annotations .Values.autoscalingServer.keda.annotations }} + annotations: + {{- with .Values.global.autoscaling.keda.annotations }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.autoscalingServer.keda.annotations }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- end }} spec: scaleTargetRef: kind: Deployment diff --git a/stable/xray/templates/xray-keda-hpa.yaml b/stable/xray/templates/xray-keda-hpa.yaml index 9827c89e4..ad830e4ff 100644 --- a/stable/xray/templates/xray-keda-hpa.yaml +++ b/stable/xray/templates/xray-keda-hpa.yaml @@ -9,6 +9,15 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "xray.fullname" . }} + {{- if or .Values.global.autoscaling.keda.annotations .Values.autoscaling.keda.annotations }} + annotations: + {{- with .Values.global.autoscaling.keda.annotations }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.autoscaling.keda.annotations }} +{{ toYaml . | indent 4 }} + {{- end }} + {{- end }} spec: scaleTargetRef: kind: StatefulSet diff --git a/stable/xray/templates/xray-statefulset.yaml b/stable/xray/templates/xray-statefulset.yaml index eb0efa5ce..b45b343e4 100644 --- a/stable/xray/templates/xray-statefulset.yaml +++ b/stable/xray/templates/xray-statefulset.yaml @@ -868,13 +868,9 @@ spec: - name: {{ .Values.panoramic.name }} image: {{ include "xray.getImageInfoByValue" (list . "panoramic") }} imagePullPolicy: {{ .Values.imagePullPolicy }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.common.xrayUserId }} - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} command: - '/bin/bash' - '-c' @@ -893,92 +889,97 @@ spec: {{ toYaml . | indent 10 }} {{- end }} env: + {{ include "xray.envVariables" . | indent 8 }} + {{ include "xray.rabbitmqTlsEnvVariables" . | indent 8 }} {{- if and .Values.rabbitmq.external.secrets (not .Values.common.rabbitmq.connectionConfigFromEnvironment) }} - - name: JF_SHARED_RABBITMQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} - - name: JF_SHARED_RABBITMQ_URL - valueFrom: - secretKeyRef: - name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} - key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} + - name: JF_SHARED_RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.username.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.username.key . }} + - name: JF_SHARED_RABBITMQ_URL + valueFrom: + secretKeyRef: + name: {{ tpl .Values.rabbitmq.external.secrets.url.name . }} + key: {{ tpl .Values.rabbitmq.external.secrets.url.key . }} {{- end }} {{- if or .Values.database.secrets.user .Values.database.user }} - - name: JF_SHARED_DATABASE_USERNAME - valueFrom: - secretKeyRef: + - name: JF_SHARED_DATABASE_USERNAME + valueFrom: + secretKeyRef: {{- if .Values.database.secrets.user }} - name: {{ tpl .Values.database.secrets.user.name . }} - key: {{ tpl .Values.database.secrets.user.key . }} + name: {{ tpl .Values.database.secrets.user.name . }} + key: {{ tpl .Values.database.secrets.user.key . }} {{- else if .Values.database.user }} {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds + name: {{ template "xray.fullname" . }}-database-creds {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: db-user + key: db-user {{- end }} {{- end }} {{- if or .Values.database.secrets.actualUsername .Values.database.actualUsername }} - - name: JF_SHARED_DATABASE_ACTUALUSERNAME - valueFrom: - secretKeyRef: + - name: JF_SHARED_DATABASE_ACTUALUSERNAME + valueFrom: + secretKeyRef: {{- if .Values.database.secrets.actualUsername }} - name: {{ tpl .Values.database.secrets.actualUsername.name . }} - key: {{ tpl .Values.database.secrets.actualUsername.key . }} + name: {{ tpl .Values.database.secrets.actualUsername.name . }} + key: {{ tpl .Values.database.secrets.actualUsername.key . }} {{- else if .Values.database.actualUsername }} {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds + name: {{ template "xray.fullname" . }}-database-creds {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: db-actualUsername + key: db-actualUsername {{- end }} {{- end }} {{- if or .Values.database.secrets.url .Values.database.url }} - - name: JF_SHARED_DATABASE_URL - valueFrom: - secretKeyRef: + - name: JF_SHARED_DATABASE_URL + valueFrom: + secretKeyRef: {{- if .Values.database.secrets.url }} - name: {{ tpl .Values.database.secrets.url.name . }} - key: {{ tpl .Values.database.secrets.url.key . }} + name: {{ tpl .Values.database.secrets.url.name . }} + key: {{ tpl .Values.database.secrets.url.key . }} {{- else if .Values.database.url }} {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.fullname" . }}-database-creds + name: {{ template "xray.fullname" . }}-database-creds {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: db-url + key: db-url {{- end }} {{- end }} {{- if .Values.common.rabbitmq.connectionConfigFromEnvironment }} - - name: JF_SHARED_RABBITMQ_USERNAME - value: {{ include "rabbitmq.user" .}} - - name: JF_SHARED_RABBITMQ_URL - value: {{ include "rabbitmq.url" .}} + - name: JF_SHARED_RABBITMQ_USERNAME + value: {{ include "rabbitmq.user" .}} + - name: JF_SHARED_RABBITMQ_URL + value: {{ include "rabbitmq.url" .}} {{- end }} - - name: XRAY_HA_NODE_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: XRAY_K8S_ENV - value: "true" - - name: EXECUTION_JOB_AES_KEY - valueFrom: - secretKeyRef: + - name: XRAY_HA_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: XRAY_K8S_ENV + value: "true" + - name: EXECUTION_JOB_AES_KEY + valueFrom: + secretKeyRef: {{- if not .Values.xray.unifiedSecretInstallation }} - name: {{ template "xray.executionServiceAesKeySecretName" . }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} {{- else if and .Values.xray.unifiedSecretInstallation (or .Values.xray.executionServiceAesKeySecretName .Values.global.executionServiceAesKeySecretName) }} - name: {{ template "xray.executionServiceAesKeySecretName" . }} + name: {{ template "xray.executionServiceAesKeySecretName" . }} {{- else }} - name: "{{ template "xray.name" . }}-unified-secret" + name: "{{ template "xray.name" . }}-unified-secret" {{- end }} - key: execution-service-aes-key + key: execution-service-aes-key {{- if .Values.common.extraEnvVars }} {{- tpl .Values.common.extraEnvVars . | nindent 8 }} {{- end }} + {{- if .Values.panoramic.extraEnvVars }} + {{- tpl .Values.panoramic.extraEnvVars . | nindent 8 }} + {{- end }} volumeMounts: - name: data-volume mountPath: "{{ .Values.xray.persistence.mountPath }}" @@ -999,17 +1000,12 @@ spec: {{ tpl .Values.panoramic.livenessProbe.config . | indent 10 }} {{- end }} {{- end }} -{{- if .Values.policyenforcer.enabled }} - name: {{ .Values.policyenforcer.name }} image: {{ include "xray.getImageInfoByValue" (list . "policyenforcer") }} imagePullPolicy: {{ .Values.imagePullPolicy }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.common.xrayUserId }} - allowPrivilegeEscalation: false - capabilities: - drop: - - NET_RAW + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- tpl (omit .Values.containerSecurityContext "enabled" | toYaml) . | nindent 10 }} + {{- end }} command: - '/bin/bash' - '-c' @@ -1129,7 +1125,6 @@ spec: {{- if .Values.policyenforcer.livenessProbe.enabled }} livenessProbe: {{ tpl .Values.policyenforcer.livenessProbe.config . | indent 10 }} -{{- end }} {{- end }} - name: {{ .Values.indexer.name }} image: {{ include "xray.getImageInfoByValue" (list . "indexer") }} diff --git a/stable/xray/values.yaml b/stable/xray/values.yaml index c3c7d0b06..0160bea0e 100644 --- a/stable/xray/values.yaml +++ b/stable/xray/values.yaml @@ -54,6 +54,10 @@ global: waitForPreviousPodsOnInitialStartup: true vhost: xray_haq + autoscaling: + keda: + annotations: {} + deployment: strategy: type: RollingUpdate @@ -75,7 +79,7 @@ initContainers: image: registry: releases-docker.jfrog.io repository: ubi9/ubi-minimal - tag: 9.5.1734497536 + tag: 9.5.1736404155 pullPolicy: IfNotPresent resources: requests: @@ -322,6 +326,7 @@ autoscaling: ## Ref: https://keda.sh/docs/2.10/deploy/ keda: enabled: false + annotations: {} scaleUp: stabilizationWindowSeconds: 90 policies: @@ -464,7 +469,7 @@ rabbitmq: image: registry: releases-docker.jfrog.io repository: bitnami/rabbitmq - tag: 3.13.6-debian-12-r1 + tag: 3.13.7-debian-12-r5 extraPlugins: "rabbitmq_management" auth: @@ -650,7 +655,7 @@ rabbitmq: image: registry: releases-docker.jfrog.io repository: bitnami/kubectl - tag: 1.24.12 + tag: 1.32.0 ## Service account for the pre-upgrade hook to perform rabbitmq migration serviceAccount: create: true @@ -1107,7 +1112,6 @@ panoramic: # cpu: "1" policyenforcer: - enabled: false name: xray-policyenforcer ## Note that by default we use appVersion to get image tag/version image: @@ -1472,7 +1476,7 @@ observability: image: registry: releases-docker.jfrog.io repository: jfrog/observability - tag: 1.31.5 + tag: 1.31.11 imagePullPolicy: IfNotPresent internalPort: 8036 resources: {} @@ -1640,6 +1644,7 @@ autoscalingServer: ## Ref: https://keda.sh/docs/2.10/deploy/ keda: enabled: false + annotations: {} scaleUp: stabilizationWindowSeconds: 90 policies: @@ -1654,9 +1659,7 @@ autoscalingServer: periodSeconds: 30 pollingInterval: 10 cooldownPeriod: 10 - queues: - - name: policyEnforcer - value: "100" + queues: [] ## Apply horizontal pod auto scaling on Xray ipa pods ## Only applicable when (splitXraytoSeparateDeployments.enabled) is set to true ## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ @@ -1671,6 +1674,7 @@ autoscalingIpa: ## Ref: https://keda.sh/docs/2.10/deploy/ keda: enabled: false + annotations: {} scaleUp: stabilizationWindowSeconds: 90 policies: @@ -1696,6 +1700,14 @@ autoscalingIpa: value: "100" - name: policyEnforcer value: "100" + +ipa: + affinity: {} + ## Only used if "affinity" is empty + podAntiAffinity: + ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity + type: "soft" + topologyKey: "kubernetes.io/hostname" ###################################################################################