updates to ha chart v2.0.31, using redhat nginx and redhat ubi artifactory. plan to disable embedded postgresql for certification

Openshift4/artifactory-ha-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_openshiftartifactoryha_cr.yaml

@@ -760,7 +760,8 @@ spec:
       internalPort: 443
     image:
       pullPolicy: IfNotPresent
-      repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro
+      #repository: image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro
+      repository: registry.redhat.io/rhel8/nginx-116
     labels: {}
     livenessProbe:
       enabled: true
@@ -819,7 +820,7 @@ spec:
         #tcp_nopush     on;
         keepalive_timeout  65;
         #gzip  on;
-        include /etc/nginx/conf.d/*.conf;
+        include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
       }
     name: nginx
     nodeSelector: {}

Openshift4/artifactory-ha-operator/deploy/olm-catalog/artifactory-ha-operator/1.0.0/artifactory-ha-operator.v1.0.0.clusterserviceversion.yaml

@@ -583,7 +583,7 @@ metadata:
       ]
     capabilities: Basic Install
   name: artifactory-ha-operator.v1.0.0
-  namespace: placeholder
+  namespace: jfrog-artifactory
 spec:
   apiservicedefinitions: {}
   customresourcedefinitions: {}
@@ -729,6 +729,17 @@ spec:
           - update
           - watch
         serviceAccountName: artifactory-ha-operator
+      clusterPermissions:
+      - rules:
+        - apiGroups:
+          - security.openshift.io
+          resources:
+          - securitycontextconstraints
+          resourceNames:
+          - anyuid
+          verbs:
+          - use
+        serviceAccountName: artifactory-ha-operator
     strategy: deployment
   installModes:
   - supported: true

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/Chart.yaml

@@ -21,4 +21,4 @@ name: openshift-artifactory-ha
 sources:
 - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
 - https://github.com/jfrog/charts
-version: 2.0.25
+version: 2.0.31

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/helminstall.sh

@@ -3,8 +3,7 @@
 if [[ -z "$1" ]]
 then 
   echo "Skipping creation of persistent volume examples. Ensure there is available PVs 200Gi per node for HA." 
-else 
-  oc create -f pv-examples/ 
+else
   oc new-project jfrog-artifactory
   oc create serviceaccount svcaccount -n jfrog-artifactory
   oc adm policy add-scc-to-user privileged system:serviceaccount:jfrog-artifactory:svcaccount
@@ -25,6 +24,5 @@ fi
 
 # install via helm
 helm install artifactory-ha . \
-               --set nginx.tlsSecretName=tls-ingress \
-               --set artifactory-ha.artifactory.node.replicaCount=1 \
+               --set artifactory-ha.nginx.tlsSecretName=tls-ingress \
                --set artifactory-ha.artifactory.license.secret=artifactory-license,artifactory-ha.artifactory.license.dataKey=artifactory.cluster.license

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0001-large.yaml

@@ -1,15 +0,0 @@
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: pv0001-large
-spec:
-  capacity:
-    storage: 200Gi
-  hostPath:
-    path: /mnt/pv-data/pv0001-large
-  accessModes:
-    - ReadWriteOnce
-    - ReadWriteMany
-    - ReadOnlyMany
-  persistentVolumeReclaimPolicy: Recycle
-  volumeMode: Filesystem

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0002-large.yaml

@@ -1,15 +0,0 @@
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: pv0002-large
-spec:
-  capacity:
-    storage: 200Gi
-  hostPath:
-    path: /mnt/pv-data/pv0002-large
-  accessModes:
-    - ReadWriteOnce
-    - ReadWriteMany
-    - ReadOnlyMany
-  persistentVolumeReclaimPolicy: Recycle
-  volumeMode: Filesystem

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0003-large.yaml

@@ -1,15 +0,0 @@
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: pv0003-large
-spec:
-  capacity:
-    storage: 200Gi
-  hostPath:
-    path: /mnt/pv-data/pv0003-large
-  accessModes:
-    - ReadWriteOnce
-    - ReadWriteMany
-    - ReadOnlyMany
-  persistentVolumeReclaimPolicy: Recycle
-  volumeMode: Filesystem

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0004-large.yaml

@@ -1,15 +0,0 @@
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: pv0004-large
-spec:
-  capacity:
-    storage: 200Gi
-  hostPath:
-    path: /mnt/pv-data/pv0004-large
-  accessModes:
-    - ReadWriteOnce
-    - ReadWriteMany
-    - ReadOnlyMany
-  persistentVolumeReclaimPolicy: Recycle
-  volumeMode: Filesystem

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/pv-examples/pv0005-large.yaml

@@ -1,15 +0,0 @@
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: pv0005-large
-spec:
-  capacity:
-    storage: 200Gi
-  hostPath:
-    path: /mnt/pv-data/pv0005-large
-  accessModes:
-    - ReadWriteOnce
-    - ReadWriteMany
-    - ReadOnlyMany
-  persistentVolumeReclaimPolicy: Recycle
-  volumeMode: Filesystem

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: artifactory-ha
   repository: https://charts.jfrog.io/
-  version: 2.0.25
-digest: sha256:1de97dca862a0b7e74fc937fbeff231119071a00cea8e42f92adb87c59fa554c
-generated: "2020-03-09T12:41:44.126599-07:00"
+  version: 2.0.31
+digest: sha256:d7c2af74a0188ca8df2a97158c83b36f85dfae72c1b60ce4540a4e00da2d9a6f
+generated: "2020-03-19T17:29:04.445679-07:00"

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/requirements.yaml

@@ -1,4 +1,4 @@
 dependencies:
   - name: artifactory-ha
-    version: 2.0.25
+    version: 2.0.31
     repository: https://charts.jfrog.io/

Openshift4/artifactory-ha-operator/helm-charts/openshift-artifactory-ha/values.yaml

@@ -2,11 +2,14 @@
 # Requires one custom init container
 # to resolve the user id perm issue with redhat
 artifactory-ha:
+  initContainerImage: registry.redhat.io/ubi8-minimal
+  waitForDatabase: false
   artifactory:
     ## Add custom init containers execution before predefined init containers
     customInitContainersBegin: |
       - name: "redhat-custom-setup"
-        image: "{{ .Values.initContainerImage }}"
+        #image: "{{ .Values.initContainerImage }}"
+        image: {{ index .Values "initContainerImage" }}
         imagePullPolicy: "{{ .Values.artifactory.image.pullPolicy }}"
         command:
           - 'sh'
@@ -17,4 +20,68 @@ artifactory-ha:
         volumeMounts:
           - mountPath: "{{ .Values.artifactory.persistence.mountPath }}"
             name: volume
-    ## Add custom init containers
+    ## Change to use RH UBI images
+    image:
+      repository: "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/artifactory-pro"
+    node:
+      waitForPrimaryStartup:
+        enabled: false
+  nginx:
+    image:
+      repository: "image-registry.openshift-image-registry.svc:5000/jfrog-artifactory/nginx-artifactory-pro"
+    http:
+      externalPort: 80
+      internalPort: 8080
+    https:
+      externalPort: 443
+      internalPort: 8443
+    mainConf: |
+      # Main Nginx configuration file
+      worker_processes  4;
+      error_log  {{ .Values.nginx.persistence.mountPath }}/logs//error.log warn;
+      pid        /tmp/nginx.pid;
+      events {
+        worker_connections  1024;
+      }
+      http {
+        include       /etc/nginx/mime.types;
+        default_type  application/octet-stream;
+        variables_hash_max_size 1024;
+        variables_hash_bucket_size 64;
+        server_names_hash_max_size 4096;
+        server_names_hash_bucket_size 128;
+        types_hash_max_size 2048;
+        types_hash_bucket_size 64;
+        proxy_read_timeout 2400s;
+        client_header_timeout 2400s;
+        client_body_timeout 2400s;
+        proxy_connect_timeout 75s;
+        proxy_send_timeout 2400s;
+        proxy_buffer_size 32k;
+        proxy_buffers 40 32k;
+        proxy_busy_buffers_size 64k;
+        proxy_temp_file_write_size 250m;
+        proxy_http_version 1.1;
+        client_body_buffer_size 128k;
+        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+        '$status $body_bytes_sent "$http_referer" '
+        '"$http_user_agent" "$http_x_forwarded_for"';
+        log_format timing 'ip = $remote_addr '
+        'user = \"$remote_user\" '
+        'local_time = \"$time_local\" '
+        'host = $host '
+        'request = \"$request\" '
+        'status = $status '
+        'bytes = $body_bytes_sent '
+        'upstream = \"$upstream_addr\" '
+        'upstream_time = $upstream_response_time '
+        'request_time = $request_time '
+        'referer = \"$http_referer\" '
+        'UA = \"$http_user_agent\"';
+        access_log  {{ .Values.nginx.persistence.mountPath }}/logs/access.log  timing;
+        sendfile        on;
+        #tcp_nopush     on;
+        keepalive_timeout  65;
+        #gzip  on;
+        include {{ .Values.nginx.persistence.mountPath }}/conf.d/*.conf;
+      }

Openshift4/artifactory-ha-operator/unload.sh

@@ -8,3 +8,9 @@ oc delete pods --all
 oc delete svc --all
 oc delete networkpolicies --all
 oc delete pvc --all
+oc delete PodDisruptionBudget --all
+for s in $(oc get secrets | grep artifactory | cut -f1 -d ' '); do
+    oc delete secret $s
+done
+oc delete serviceaccount artifactoryha-artifactory-ha
+oc delete role artifactoryha-artifactory-ha