Openshift artifactory-ha helm chart changes for version 2.3.0 of jfrog/artifactory-ha chart

2026-01-21 11:06:56 -06:00 · 2020-04-13 10:37:19 -07:00
parent c8aaea9d69
commit 5234afa864
7 changed files with 30 additions and 66 deletions
--- a/Openshift4/openshift-artifactory-ha/CHANGELOG.md
+++ b/Openshift4/openshift-artifactory-ha/CHANGELOG.md
@@ -1,5 +1,14 @@
 # JFrog  Openshift Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
-## [1.0.0] - March 09, 2020
+## [2.3.0] - April 13, 2020
 * Updating to latest jfrog/artifactory-ha helm chart version 2.3.0
 ## [2.2.9] - April 11, 2020
 * Fixed issues with master key
 ## [2.1.9] - March 17, 2020
 * Updated Artifactory version to 7.3.2
 ## [2.0.35] - March 09, 2020
 * Updated Artifactory version to 7.2.1
--- a/Openshift4/openshift-artifactory-ha/Chart.yaml
+++ b/Openshift4/openshift-artifactory-ha/Chart.yaml
@@ -1,7 +1,6 @@
 apiVersion: v1
 appVersion: 7.3.2
-description: Universal Repository Manager supporting all major packaging formats,
+description: Openshift JFrog Artifactory HA subcharting Artifactory HA to work in Openshift environment
  build tools and CI servers.
 home: https://www.jfrog.com/artifactory/
 icon: https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/logo/artifactory-logo.png
 keywords:
@@ -9,16 +8,12 @@ keywords:
 - jfrog
 - devops
 maintainers:
- email: amithk@jfrog.com
+- email: vinaya@jfrog.com
-  name: amithins
+  name: Vinay Aggarwal
- email: daniele@jfrog.com
+- email: johnp@jfrog.com
-  name: danielezer
+  name: John Peterson
 - email: eldada@jfrog.com
  name: eldada
 - email: rimasm@jfrog.com
  name: rimusz
 name: openshift-artifactory-ha
 sources:
 - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
 - https://github.com/jfrog/charts
-version: 2.2.9
+version: 2.3.0
--- a/Openshift4/openshift-artifactory-ha/helminstall.sh
+++ b/Openshift4/openshift-artifactory-ha/helminstall.sh
@@ -4,22 +4,14 @@ if [[ -z "$1" ]]
 then 
  echo "Skipping creation of persistent volume examples. Ensure there is available PVs 200Gi per node for HA." 
 else
-  oc new-project jfrog-artifactory
+  # patch the restricted scc to allow the pods to run as anyuid
-  oc create serviceaccount svcaccount -n jfrog-artifactory
+  oc patch scc restricted --patch '{"fsGroup":{"type":"RunAsAny"},"runAsUser":{"type":"RunAsAny"},"seLinuxContext":{"type":"RunAsAny"}}' --type=merge
  oc adm policy add-scc-to-user privileged system:serviceaccount:jfrog-artifactory:svcaccount
  oc adm policy add-scc-to-user anyuid system:serviceaccount:jfrog-artifactory:svcaccount
  oc adm policy add-scc-to-group anyuid system:authenticated
  # enables hostPath plugin for openshift system wide
  oc create -f hostpathscc.yaml -n jfrog-artifactory
  oc patch securitycontextconstraints.security.openshift.io/hostpath --type=merge --patch='{"allowHostDirVolumePlugin": true}'
  oc adm policy add-scc-to-user hostpath system:serviceaccount:jfrog-artifactory:svcaccount
  # create the license secret
  oc create secret generic artifactory-license --from-file=artifactory.cluster.license
  # create the tls secret
-  oc create secret tls tls-ingress --cert=jfrog.team.crt --key=jfrog.team.key
+  oc create secret tls tls-ingress --cert=tls.crt --key=tls.key
 fi  
 # install via helm
--- a/Openshift4/openshift-artifactory-ha/hostpathscc.yaml
+++ b/Openshift4/openshift-artifactory-ha/hostpathscc.yaml
@@ -1,18 +0,0 @@
 kind: SecurityContextConstraints
 apiVersion: v1
 metadata:
  name: hostpath
 allowPrivilegedContainer: false
 runAsUser:
  type: RunAsAny
 seLinuxContext:
  type: RunAsAny
 fsGroup:
  type: RunAsAny
 supplementalGroups:
  type: RunAsAny
 users:
 - artifactory
 groups:
 - artifactory
 - jfrog-artifactory
--- a/Openshift4/openshift-artifactory-ha/requirements.yaml
+++ b/Openshift4/openshift-artifactory-ha/requirements.yaml
@@ -1,4 +1,4 @@
 dependencies:
  - name: artifactory-ha
-    version: 2.2.9
+    version: 2.3.0
    repository: https://charts.jfrog.io/
--- a/Openshift4/openshift-artifactory-ha/scc.yaml
+++ b/Openshift4/openshift-artifactory-ha/scc.yaml
@@ -1,18 +0,0 @@
 kind: SecurityContextConstraints
 apiVersion: v1
 metadata:
  name: hostpath
 allowPrivilegedContainer: false
 runAsUser:
  type: RunAsAny
 seLinuxContext:
  type: RunAsAny
 fsGroup:
  type: RunAsAny
 supplementalGroups:
  type: RunAsAny
 users:
 - artifactory
 groups:
 - artifactory
 - jfrog-artifactory
--- a/Openshift4/openshift-artifactory-ha/values.yaml
+++ b/Openshift4/openshift-artifactory-ha/values.yaml
@@ -1,6 +1,7 @@
-# Openshift artifactory ha
+# Openshift Artifactory HA
-# Requires one custom init container
+# This helm chart subcharts the latest jfrog/artifactory-ha chart
-# to resolve the user id perm issue with redhat
+# and applies various things like initContainers, nginx mainConf, etc
 # to enable the artifactory-ha helm chart to work in an openshift environment
 artifactory-ha:
  ###################################
  # EDIT TO YOUR DB CONFIGURATION
@@ -9,7 +10,7 @@ artifactory-ha:
    type: "OVERRIDE"
    driver: "OVERRIDE"
    url: "OVERRIDE"
-    user: "postgres"
+    user: "OVERRIDE"
    password: "OVERRIDE"
  ###################################
@@ -36,7 +37,8 @@ artifactory-ha:
            name: volume
    ## Change to use RH UBI images
    image:
-      repository: quay.io/jfrog/artifactory-rh-pro
+      repository: registry.connect.redhat.com/jfrog/artifactory-pro
      version: 7.3.2
    node:
      waitForPrimaryStartup:
        enabled: false
@@ -45,7 +47,9 @@ artifactory-ha:
    enabled: false
  nginx:
    image:
-      repository: quay.io/jfrog/nginx-artifactory-rh-pro
+      repository: registry.redhat.io/rhel8/nginx-116
      version: latest
    tlsSecretName: "OVERRIDE"
    http:
      externalPort: 80
      internalPort: 8080