From 5234afa864bcd9d5b4a5ab3660310ece9b10e729 Mon Sep 17 00:00:00 2001
From: John Peterson <johnp@jfrog.com>
Date: Mon, 13 Apr 2020 10:37:19 -0700
Subject: [PATCH] Openshift artifactory-ha helm chart changes for version 2.3.0
 of jfrog/artifactory-ha chart

---
 .../openshift-artifactory-ha/CHANGELOG.md      | 11 ++++++++++-
 Openshift4/openshift-artifactory-ha/Chart.yaml | 17 ++++++-----------
 .../openshift-artifactory-ha/helminstall.sh    | 14 +++-----------
 .../openshift-artifactory-ha/hostpathscc.yaml  | 18 ------------------
 .../openshift-artifactory-ha/requirements.yaml |  2 +-
 Openshift4/openshift-artifactory-ha/scc.yaml   | 18 ------------------
 .../openshift-artifactory-ha/values.yaml       | 16 ++++++++++------
 7 files changed, 30 insertions(+), 66 deletions(-)
 delete mode 100644 Openshift4/openshift-artifactory-ha/hostpathscc.yaml
 delete mode 100644 Openshift4/openshift-artifactory-ha/scc.yaml

diff --git a/Openshift4/openshift-artifactory-ha/CHANGELOG.md b/Openshift4/openshift-artifactory-ha/CHANGELOG.md
index 1315675..d3a13f7 100755
--- a/Openshift4/openshift-artifactory-ha/CHANGELOG.md
+++ b/Openshift4/openshift-artifactory-ha/CHANGELOG.md
@@ -1,5 +1,14 @@
 # JFrog  Openshift Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
-## [1.0.0] - March 09, 2020
+## [2.3.0] - April 13, 2020
+* Updating to latest jfrog/artifactory-ha helm chart version 2.3.0
+
+## [2.2.9] - April 11, 2020
+* Fixed issues with master key
+
+## [2.1.9] - March 17, 2020
+* Updated Artifactory version to 7.3.2
+
+## [2.0.35] - March 09, 2020
 * Updated Artifactory version to 7.2.1
diff --git a/Openshift4/openshift-artifactory-ha/Chart.yaml b/Openshift4/openshift-artifactory-ha/Chart.yaml
index 6bb6d23..a9c3cb5 100755
--- a/Openshift4/openshift-artifactory-ha/Chart.yaml
+++ b/Openshift4/openshift-artifactory-ha/Chart.yaml
@@ -1,7 +1,6 @@
 apiVersion: v1
 appVersion: 7.3.2
-description: Universal Repository Manager supporting all major packaging formats,
-  build tools and CI servers.
+description: Openshift JFrog Artifactory HA subcharting Artifactory HA to work in Openshift environment
 home: https://www.jfrog.com/artifactory/
 icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png
 keywords:
@@ -9,16 +8,12 @@ keywords:
 - jfrog
 - devops
 maintainers:
-- email: amithk@jfrog.com
-  name: amithins
-- email: daniele@jfrog.com
-  name: danielezer
-- email: eldada@jfrog.com
-  name: eldada
-- email: rimasm@jfrog.com
-  name: rimusz
+- email: vinaya@jfrog.com
+  name: Vinay Aggarwal
+- email: johnp@jfrog.com
+  name: John Peterson
 name: openshift-artifactory-ha
 sources:
 - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
 - https://github.com/jfrog/charts
-version: 2.2.9
+version: 2.3.0
diff --git a/Openshift4/openshift-artifactory-ha/helminstall.sh b/Openshift4/openshift-artifactory-ha/helminstall.sh
index d6767a7..062e677 100755
--- a/Openshift4/openshift-artifactory-ha/helminstall.sh
+++ b/Openshift4/openshift-artifactory-ha/helminstall.sh
@@ -4,22 +4,14 @@ if [[ -z "$1" ]]
 then 
   echo "Skipping creation of persistent volume examples. Ensure there is available PVs 200Gi per node for HA." 
 else
-  oc new-project jfrog-artifactory
-  oc create serviceaccount svcaccount -n jfrog-artifactory
-  oc adm policy add-scc-to-user privileged system:serviceaccount:jfrog-artifactory:svcaccount
-  oc adm policy add-scc-to-user anyuid system:serviceaccount:jfrog-artifactory:svcaccount
-  oc adm policy add-scc-to-group anyuid system:authenticated
-
-  # enables hostPath plugin for openshift system wide
-  oc create -f hostpathscc.yaml -n jfrog-artifactory
-  oc patch securitycontextconstraints.security.openshift.io/hostpath --type=merge --patch='{"allowHostDirVolumePlugin": true}'
-  oc adm policy add-scc-to-user hostpath system:serviceaccount:jfrog-artifactory:svcaccount
+  # patch the restricted scc to allow the pods to run as anyuid
+  oc patch scc restricted --patch '{"fsGroup":{"type":"RunAsAny"},"runAsUser":{"type":"RunAsAny"},"seLinuxContext":{"type":"RunAsAny"}}' --type=merge
 
   # create the license secret
   oc create secret generic artifactory-license --from-file=artifactory.cluster.license
 
   # create the tls secret
-  oc create secret tls tls-ingress --cert=jfrog.team.crt --key=jfrog.team.key
+  oc create secret tls tls-ingress --cert=tls.crt --key=tls.key
 fi  
 
 # install via helm
diff --git a/Openshift4/openshift-artifactory-ha/hostpathscc.yaml b/Openshift4/openshift-artifactory-ha/hostpathscc.yaml
deleted file mode 100644
index 13eef79..0000000
--- a/Openshift4/openshift-artifactory-ha/hostpathscc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-kind: SecurityContextConstraints
-apiVersion: v1
-metadata:
-  name: hostpath
-allowPrivilegedContainer: false
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: RunAsAny
-fsGroup:
-  type: RunAsAny
-supplementalGroups:
-  type: RunAsAny
-users:
-- artifactory
-groups:
-- artifactory
-- jfrog-artifactory
diff --git a/Openshift4/openshift-artifactory-ha/requirements.yaml b/Openshift4/openshift-artifactory-ha/requirements.yaml
index 43476d8..45e29e2 100644
--- a/Openshift4/openshift-artifactory-ha/requirements.yaml
+++ b/Openshift4/openshift-artifactory-ha/requirements.yaml
@@ -1,4 +1,4 @@
 dependencies:
   - name: artifactory-ha
-    version: 2.2.9
+    version: 2.3.0
     repository: https://charts.jfrog.io/
diff --git a/Openshift4/openshift-artifactory-ha/scc.yaml b/Openshift4/openshift-artifactory-ha/scc.yaml
deleted file mode 100644
index 13eef79..0000000
--- a/Openshift4/openshift-artifactory-ha/scc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-kind: SecurityContextConstraints
-apiVersion: v1
-metadata:
-  name: hostpath
-allowPrivilegedContainer: false
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: RunAsAny
-fsGroup:
-  type: RunAsAny
-supplementalGroups:
-  type: RunAsAny
-users:
-- artifactory
-groups:
-- artifactory
-- jfrog-artifactory
diff --git a/Openshift4/openshift-artifactory-ha/values.yaml b/Openshift4/openshift-artifactory-ha/values.yaml
index 180ae4b..d0185fe 100755
--- a/Openshift4/openshift-artifactory-ha/values.yaml
+++ b/Openshift4/openshift-artifactory-ha/values.yaml
@@ -1,6 +1,7 @@
-# Openshift artifactory ha
-# Requires one custom init container
-# to resolve the user id perm issue with redhat
+# Openshift Artifactory HA
+# This helm chart subcharts the latest jfrog/artifactory-ha chart
+# and applies various things like initContainers, nginx mainConf, etc
+# to enable the artifactory-ha helm chart to work in an openshift environment
 artifactory-ha:
   ###################################
   # EDIT TO YOUR DB CONFIGURATION
@@ -9,7 +10,7 @@ artifactory-ha:
     type: "OVERRIDE"
     driver: "OVERRIDE"
     url: "OVERRIDE"
-    user: "postgres"
+    user: "OVERRIDE"
     password: "OVERRIDE"
 
   ###################################
@@ -36,7 +37,8 @@ artifactory-ha:
             name: volume
     ## Change to use RH UBI images
     image:
-      repository: quay.io/jfrog/artifactory-rh-pro
+      repository: registry.connect.redhat.com/jfrog/artifactory-pro
+      version: 7.3.2
     node:
       waitForPrimaryStartup:
         enabled: false
@@ -45,7 +47,9 @@ artifactory-ha:
     enabled: false
   nginx:
     image:
-      repository: quay.io/jfrog/nginx-artifactory-rh-pro
+      repository: registry.redhat.io/rhel8/nginx-116
+      version: latest
+    tlsSecretName: "OVERRIDE"
     http:
       externalPort: 80
       internalPort: 8080