Skip to content

Commit b08c220

Browse files
s-wojciechowskis-wojciechowski
authored
Merge pull request #175 from nrwl/release/1.1.0
nx-cloud release 1.1.0
2 parents 6bce552 + 50482ee commit b08c220

File tree

14 files changed

+266
-17
lines changed

14 files changed

+266
-17
lines changed

charts/nx-cloud/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: nx-cloud
33
description: Nx Cloud Helm Chart
44
type: application
5-
version: 1.0.1
5+
version: 1.1.0
66
maintainers:
77
- name: nx
88
url: "https://nx.app/"

charts/nx-cloud/MIGRATION.md

Lines changed: 142 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,4 +151,145 @@ charts and how their values were derived.
151151
| bitbucket.auth.enabled | BITBUCKET_APP_ID, BITBUCKET_APP_SECRET | frontend |
152152
| bitbucket.apiUrl | BITBUCKET_API_URL | frontend |
153153
| saml.enabled | SAML_ENTRY_POINT, SAML_CERT | frontend |
154-
| vcsHttpsProxy | VERSION_CONTROL_HTTPS_PROXY | frontend, nx-api |
154+
| vcsHttpsProxy | VERSION_CONTROL_HTTPS_PROXY | frontend, nx-api |
155+
156+
## Using self-signed certificates
157+
158+
To add self-signed certificates to a Java keystore, you can use a combination of the `initContainers`, `extraObjects` and `extraVolumes` values.
159+
160+
1. Add a ConfigMap with a script that copies Java keystore files to a volume.
161+
```yaml
162+
extraObjects:
163+
find-java-security:
164+
apiVersion: v1
165+
kind: ConfigMap
166+
metadata:
167+
name: nx-cloud-java-security-script
168+
data:
169+
find-java-security.sh: |
170+
#!/bin/sh
171+
# For Amazon Corretto, find the security directory dynamically
172+
if [ -n "$JAVA_HOME" ]; then
173+
# Use JAVA_HOME if available
174+
JAVA_PATH="$JAVA_HOME"
175+
else
176+
# Look for Corretto installations first
177+
for DIR in /usr/lib/jvm/java-*-amazon-corretto* /usr/lib/jvm/amazon-corretto-*; do
178+
if [ -d "$DIR" ]; then
179+
JAVA_PATH="$DIR"
180+
break
181+
fi
182+
done
183+
184+
# Fallback to any Java installation if Corretto not found
185+
if [ -z "$JAVA_PATH" ]; then
186+
for DIR in /usr/lib/jvm/* /usr/java/*; do
187+
if [ -d "$DIR" ]; then
188+
JAVA_PATH="$DIR"
189+
break
190+
fi
191+
done
192+
fi
193+
fi
194+
195+
# Check various possible security directory locations
196+
if [ -d "$JAVA_PATH/jre/lib/security" ]; then
197+
# Path found in some Corretto distributions, including Corretto 17
198+
cp -r "$JAVA_PATH/jre/lib/security" /cacerts
199+
elif [ -d "$JAVA_PATH/lib/security" ]; then
200+
# Alternative path in some Corretto and OpenJDK distributions
201+
cp -r "$JAVA_PATH/lib/security" /cacerts
202+
elif [ -d "$JAVA_PATH/conf/security" ]; then
203+
# Another alternative location in some JDK distributions
204+
cp -r "$JAVA_PATH/conf/security" /cacerts
205+
else
206+
echo "Could not find Java security directory in Corretto installation"
207+
# List all potential security directories for debugging
208+
find /usr -name "security" -type d 2>/dev/null | grep -i java
209+
exit 1
210+
fi
211+
echo "Successfully copied Java security files from $JAVA_PATH to /cacerts"
212+
```
213+
214+
2. Create a ConfigMap with the certificates through the `extraObjects` value or by providing it through another mechanism such as External Secret Operator.
215+
```yaml
216+
extraObjects:
217+
self-signed-certs:
218+
apiVersion: v1
219+
kind: ConfigMap
220+
metadata:
221+
name: self-signed-certs
222+
data:
223+
self-signed-cert.crt: |
224+
-----BEGIN CERTIFICATE-----
225+
...
226+
-----END CERTIFICATE-----
227+
228+
-----BEGIN CERTIFICATE-----
229+
...
230+
-----END CERTIFICATE-----
231+
```
232+
3. Add values required to copy and store the certificates
233+
```yaml
234+
aggregator:
235+
cronjob:
236+
initContainers:
237+
- command:
238+
- sh
239+
- /scripts/find-java-security.sh
240+
image: nxprivatecloud/nx-cloud-aggregator
241+
name: copy-cacerts
242+
volumeMounts:
243+
- mountPath: /cacerts
244+
name: cacerts
245+
- mountPath: /scripts
246+
name: java-security-script
247+
248+
volumes:
249+
- name: cacerts
250+
emptyDir: {}
251+
- name: self-signed-certs-volume
252+
configMap:
253+
name: self-signed-certs
254+
- name: java-security-script
255+
configMap:
256+
name: nx-cloud-java-security-script
257+
258+
volumeMounts:
259+
- mountPath: /usr/lib/jvm/java-21-amazon-corretto/jre/lib/security
260+
name: cacerts
261+
subPath: security
262+
- mountPath: /self-signed-certs
263+
name: self-signed-certs-volume
264+
265+
api:
266+
deployment:
267+
initContainers:
268+
- command:
269+
- sh
270+
- /scripts/find-java-security.sh
271+
image: nxprivatecloud/nx-cloud-nx-api
272+
name: copy-cacerts
273+
volumeMounts:
274+
- mountPath: /cacerts
275+
name: cacerts
276+
- mountPath: /scripts
277+
name: java-security-script
278+
279+
volumes:
280+
- name: cacerts
281+
emptyDir: {}
282+
- name: self-signed-certs-volume
283+
configMap:
284+
name: self-signed-certs
285+
- name: java-security-script
286+
configMap:
287+
name: nx-cloud-java-security-script
288+
289+
volumeMounts:
290+
- mountPath: /usr/lib/jvm/java-21-amazon-corretto/jre/lib/security
291+
name: cacerts
292+
subPath: security
293+
- mountPath: /self-signed-certs
294+
name: self-signed-certs-volume
295+
```

charts/nx-cloud/README.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,8 @@ Below is a summary table of configurable values from values.yaml.
3131
|-------------------------------------------------------------|--------|---------------------------------------------|---------------------------------------------------------------------------|
3232
| global.labels | object | {} | Common labels added to all resources. |
3333
| global.podLabels | object | {} | Pod labels applied to all Deployments/Pods. |
34-
| global.imageTag | string | "2025.06.3" | Default image tag used when per-service tag is empty. |
34+
| global.imageRegistry | string | "" | Global image registry override. |
35+
| global.imageTag | string | "2025.07.1" | Default image tag used when per-service tag is empty. |
3536
| global.imagePullPolicy | string | IfNotPresent | Global image pull policy. |
3637
| global.imagePullSecrets | list | [] | List of image pull secret names. |
3738
| global.verboseLogging | bool | false | Enable verbose logging globally. |
@@ -55,6 +56,7 @@ Below is a summary table of configurable values from values.yaml.
5556
| fileServer.logLevel | string | "INFO" | Log level for file server. |
5657
| fileServer.image.repository | string | "nxprivatecloud/nx-cloud-file-server" | File server image repository. |
5758
| fileServer.image.tag | string | "" | File server image tag (overrides global.imageTag when set). |
59+
| fileServer.image.digest | string | "" | File server image digest (overrides tag when set). |
5860
| fileServer.image.pullPolicy | string | IfNotPresent | Image pull policy for file server. |
5961
| fileServer.service.annotations | object | {} | Service annotations for file server. |
6062
| fileServer.service.labels | object | {} | Service labels for file server. |
@@ -81,6 +83,7 @@ Below is a summary table of configurable values from values.yaml.
8183
| fileServer.deployment.volumes | list | [] | Additional volumes. |
8284
| fileServer.deployment.volumeMounts | list | [] | Additional volume mounts. |
8385
| fileServer.deployment.extraContainers | list | [] | Extra sidecars for file server only. |
86+
| fileServer.deployment.initContainers | list | [] | Init containers for file server. |
8487
| fileServer.pvc.name | string | nx-cloud-file-server | PVC name for file server storage. |
8588
| fileServer.pvc.annotations | object | {} | PVC annotations. |
8689
| fileServer.pvc.labels | object | {} | PVC labels. |
@@ -96,6 +99,7 @@ Below is a summary table of configurable values from values.yaml.
9699
| aggregator.logLevel | string | "INFO" | Log level for aggregator. |
97100
| aggregator.image.repository | string | "nxprivatecloud/nx-cloud-aggregator" | Aggregator image repository. |
98101
| aggregator.image.tag | string | "" | Aggregator image tag (overrides global.imageTag when set). |
102+
| aggregator.image.digest | string | "" | Aggregator image digest (overrides tag when set). |
99103
| aggregator.image.pullPolicy | string | IfNotPresent | Image pull policy for aggregator. |
100104
| aggregator.cronjob.schedule | string | "*/10 * * * *" | Cron schedule for the aggregator job. |
101105
| aggregator.cronjob.annotations | object | {} | CronJob annotations. |
@@ -113,6 +117,7 @@ Below is a summary table of configurable values from values.yaml.
113117
| aggregator.cronjob.resources.requests.cpu | string | '500m' | Requested CPU. |
114118
| aggregator.cronjob.volumes | list | [] | Additional volumes for aggregator. |
115119
| aggregator.cronjob.volumeMounts | list | [] | Additional volume mounts for aggregator. |
120+
| aggregator.cronjob.initContainers | list | [] | Init containers for aggregator. |
116121
| aggregator.serviceAccount.create | bool | true | Whether to create a ServiceAccount for aggregator. |
117122
| aggregator.serviceAccount.name | string | nx-cloud-aggregator | ServiceAccount name for aggregator. |
118123
| aggregator.serviceAccount.annotations | object | {} | ServiceAccount annotations for aggregator. |
@@ -123,6 +128,7 @@ Below is a summary table of configurable values from values.yaml.
123128
| frontend.logLevel | string | "INFO" | Log level for frontend. |
124129
| frontend.image.repository | string | "nxprivatecloud/nx-cloud-frontend" | Frontend image repository. |
125130
| frontend.image.tag | string | "" | Frontend image tag (overrides global.imageTag when set). |
131+
| frontend.image.digest | string | "" | Frontend image digest (overrides tag when set). |
126132
| frontend.image.pullPolicy | string | "" | Image pull policy for frontend (defaults to global if empty). |
127133
| frontend.service.annotations | object | {} | Service annotations for frontend. |
128134
| frontend.service.labels | object | {} | Service labels for frontend. |
@@ -150,6 +156,7 @@ Below is a summary table of configurable values from values.yaml.
150156
| frontend.deployment.volumes | list | [] | Additional volumes. |
151157
| frontend.deployment.volumeMounts | list | [] | Additional volume mounts. |
152158
| frontend.deployment.extraContainers | list | [] | Extra sidecars for frontend only. |
159+
| frontend.deployment.initContainers | list | [] | Init containers for frontend. |
153160
| frontend.serviceAccount.create | bool | true | Whether to create a ServiceAccount for frontend. |
154161
| frontend.serviceAccount.name | string | nx-cloud-frontend | ServiceAccount name for frontend. |
155162
| frontend.serviceAccount.annotations | object | {} | ServiceAccount annotations for frontend. |
@@ -169,6 +176,7 @@ Below is a summary table of configurable values from values.yaml.
169176
| api.valkey.passwordSecret.key | string | "" | Secret key for Valkey password. |
170177
| api.image.repository | string | "nxprivatecloud/nx-cloud-nx-api" | API image repository. |
171178
| api.image.tag | string | "" | API image tag (overrides global.imageTag when set). |
179+
| api.image.digest | string | "" | API image digest (overrides tag when set). |
172180
| api.image.pullPolicy | string | "" | Image pull policy for API (defaults to global if empty). |
173181
| api.service.annotations | object | {} | Service annotations for API. |
174182
| api.service.labels | object | {} | Service labels for API. |
@@ -196,6 +204,7 @@ Below is a summary table of configurable values from values.yaml.
196204
| api.deployment.volumes | list | [] | Additional volumes. |
197205
| api.deployment.volumeMounts | list | [] | Additional volume mounts. |
198206
| api.deployment.extraContainers | list | [] | Extra sidecars for API only. |
207+
| api.deployment.initContainers | list | [] | Init containers for API. |
199208
| api.serviceAccount.create | bool | true | Whether to create a ServiceAccount for API. |
200209
| api.serviceAccount.name | string | nx-cloud-nx-api | ServiceAccount name for API. |
201210
| api.serviceAccount.annotations | object | {} | ServiceAccount annotations for API. |

0 commit comments

Comments
 (0)