From a5fd7d50d27cc0139f3967034dd22a0ec9d9b234 Mon Sep 17 00:00:00 2001 From: Michael Kruggel <108417058+Michael-Kruggel@users.noreply.github.com> Date: Wed, 21 Aug 2024 10:05:11 -0700 Subject: [PATCH] fix: fixes changing artifactory admin password breaking things (#42) --- chart/templates/admin-secret.yaml | 6 +++++- chart/values.yaml | 2 ++ common/zarf.yaml | 34 ++++++++++++++++++++++++++++++- tasks.yaml | 34 ++++++++++++++++--------------- 4 files changed, 58 insertions(+), 18 deletions(-) diff --git a/chart/templates/admin-secret.yaml b/chart/templates/admin-secret.yaml index 70adb04..08701ac 100644 --- a/chart/templates/admin-secret.yaml +++ b/chart/templates/admin-secret.yaml @@ -7,7 +7,11 @@ type: Opaque {{- $previous := lookup "v1" "Secret" .Release.Namespace "artifactory-admin-credentials" }} {{- $randPass := (randAlphaNum 16) }} data: - {{- if $previous }} + {{- if .Values.admin.password }} + adminCreds: {{ (printf "%s@%s=%s" .Values.admin.username .Values.admin.ip .Values.admin.password) | b64enc }} + username: {{ .Values.admin.username | b64enc }} + password: {{ .Values.admin.password | b64enc }} + {{- else if $previous }} adminCreds: {{ $previous.data.adminCreds }} username: {{ $previous.data.username }} password: {{ $previous.data.password }} diff --git a/chart/values.yaml b/chart/values.yaml index e0399bf..af65663 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -11,6 +11,8 @@ serviceMonitor: admin: ip: "127.0.0.1" username: "admin" + # If left empty, the chart will automatically generate a password + password: "" postgres: # Set to false to use external postgres diff --git a/common/zarf.yaml b/common/zarf.yaml index fd12aff..86f265e 100644 --- a/common/zarf.yaml +++ b/common/zarf.yaml @@ -12,7 +12,7 @@ components: namespace: artifactory version: 0.1.0 localPath: ../chart - # renovate: datasource=helm + # renovate: datasource=helm - name: artifactory namespace: artifactory url: https://charts.jfrog.io @@ -21,3 +21,35 @@ components: releaseName: artifactory valuesFiles: - ../values/common.yaml + actions: + onDeploy: + after: + - cmd: kubectl get secret artifactory-admin-credentials -n artifactory -o=jsonpath='{.data.adminCreds}' | sha256sum | cut -d ' ' -f1 + # mute: true + setVariables: + - name: CURRENT_SUM + # sensitive: true + - cmd: kubectl get sts artifactory -n artifactory -o=jsonpath='{.metadata.annotations.checksum/secret}' || true + # mute: true + setVariables: + - name: ANNOTATION_SUM + # sensitive: true + - cmd: | + if [[ -n "$ZARF_VAR_ANNOTATION_SUM" ]]; then + if [[ "$ZARF_VAR_CURRENT_SUM" == "$ZARF_VAR_ANNOTATION_SUM" ]]; then + echo "Secret did not change" + else + kubectl rollout restart sts artifactory -n artifactory + kubectl wait -n artifactory statefulset/artifactory --for='jsonpath={status.availableReplicas}'=0 --timeout=500s + fi + fi + kubectl annotate --overwrite -n artifactory sts artifactory checksum/secret=${ZARF_VAR_CURRENT_SUM} + shell: + darwin: bash + linux: bash + - wait: + cluster: + kind: StatefulSet + name: artifactory + namespace: artifactory + condition: "{.status.readyReplicas}=1" diff --git a/tasks.yaml b/tasks.yaml index 29e9185..3513820 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -12,32 +12,32 @@ tasks: - name: default description: Create K3D Cluster with UDS-Core + Artifactory actions: - - task: create-test-bundle + - task: create-artifactory-test-bundle - task: setup:k3d-test-cluster - task: deploy:test-bundle - name: default-full description: Create K3D Cluster with UDS-Core + Artifactory actions: - - task: create-test-bundle + - task: create-artifactory-test-bundle - task: setup:k3d-full-cluster - task: deploy:test-bundle - - name: create-package + - name: create-artifactory-package description: Create UDS Artifactory Package, No dependencies included actions: - task: create:package with: options: "--skip-sbom" - - name: create-test-bundle - description: Create a local UDS Artifactory bundlewith dependencies + - name: create-artifactory-test-bundle + description: Create a local UDS Artifactory bundle with dependencies actions: - - task: create-package + - task: create-artifactory-package - task: dependencies:create - task: create:test-bundle - - name: create-latest-release-bundle + - name: create-artifactory-latest-release-bundle description: Create UDS Artifactory bundle with dependencies based on the latest release actions: - task: pull:latest-package-release @@ -46,15 +46,15 @@ tasks: - task: dependencies:create - task: create:test-bundle - - name: deploy-test-bundle - description: Deploy the Artifactory test bundle to local cluster + - name: setup-cluster + description: Setup a K3D cluster with UDS-Core-Slim actions: - - task: deploy:test-bundle + - task: setup:k3d-test-cluster - - name: local-all + - name: dev description: Create then deploy local artifactory bundle actions: - - task: create-test-bundle + - task: create-artifactory-test-bundle - task: deploy:test-bundle # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names @@ -62,17 +62,19 @@ tasks: - name: test-package description: Test the Artifactory package from the current branch actions: - - task: create-test-bundle + - task: create-artifactory-test-bundle - task: setup:k3d-test-cluster - task: deploy:test-bundle - - task: test:all + - task: test:health-check + - task: test:ingress - name: test-upgrade description: Test an upgrade from the latest released package to the current branch actions: - - task: create-latest-release-bundle + - task: create-artifactory-latest-release-bundle - task: setup:k3d-test-cluster - task: deploy:test-bundle - task: create-test-bundle - task: deploy:test-bundle - - task: test:all + - task: test:health-check + - task: test:ingress