NGINX pod wont start after applying the latest Helm chart

[cbell38]

Is this a request for help?: Yes

---

Is this a BUG REPORT or FEATURE REQUEST? (choose one): BUG REPORT

Version of Helm and Kubernetes: 3.12.0

Which chart: 107.77.5

Which product license (Enterprise/Pro/oss): Enterprise

JFrog support reference (if already raised with support team): 285463

What happened: Whenever we try to apply the latest chart the NGINX pod fails to start with the error;

Using deprecated password for user _internal.
2024-02-13 23:49:08 [169 entrypoint-nginx.sh] Preparing to run Nginx in Docker
2024-02-13 23:49:08 [14 entrypoint-nginx.sh] Dockerfile for this image can found inside the container.
2024-02-13 23:49:08 [15 entrypoint-nginx.sh] To view the Dockerfile: 'cat /docker/nginx-artifactory-pro/Dockerfile.nginx'.
2024-02-13 23:49:08 [19 entrypoint-nginx.sh] Setting up directories if missing
2024-02-13 23:49:08 [160 entrypoint-nginx.sh] Generating ssl example.key and example.crt
2024-02-13 23:49:08 [77 entrypoint-nginx.sh] Unable to find Artifactory configuration (/var/opt/jfrog/nginx/conf.d/artifactory.conf). Copying a default one
cp: can't create '/var/opt/jfrog/nginx/conf.d/artifactory.conf': Read-only file system
2024-02-13 23:49:08 [38 38 functions.sh] ERROR: Copying /artifactory.conf to /var/opt/jfrog/nginx/conf.d/artifactory.conf failed
2024-02-13T23:49:08.587791380Z

What you expected to happen: Helm would deploy the latest version

How to reproduce it (as minimally and precisely as possible):

helm upgrade --install artifactory-ha -f .\custom-values-new.yaml --namespace artifactory jfrog/artifactory-ha

Anything else we need to know:

[oumkale]

Hi @cbell38,

Could you please share the following items :

• custom-values-new.yaml
• Is it a fresh install or upgrade? If it is an upgrade please provide the previous chart version
• Please share a k8s version, Is it the open-shift cluster?

[oumkale]

Hi @cbell38,

Still waiting for your details, for more details regarding this issue please check :
#1860 (comment)

[cbell38]

This was an upgrade. We are running on AKS with k8s version 1.25.6.

We wound up being able to resolve the issue. Typically we have a custom ConfigMap for artifactory.conf for HTTP to HTTPS redirect following this doc https://jfrog.com/help/r/artifactory-how-to-enforce-http-to-https-redirection-in-artifactory-for-browser-access-using-nginx-and-helm-charts/step-2 but we wound up having to unset that variable in the values.yaml file and hard code the conf file to artifactoryConf in the chart. We also had to update the ports in the conf to 8080 and 8443

nginx:
  artifactoryConf: |
      ssl_protocols TLSv1.2 TLSv1.3;
      ssl_certificate  /var/opt/jfrog/nginx/ssl/tls.crt;
      ssl_certificate_key  /var/opt/jfrog/nginx/ssl/tls.key;
      ssl_session_cache shared:SSL:1m;
      ssl_prefer_server_ciphers   on;
      ## server configuration
      server {
      listen 8080;
      server_name ~(?<repo>.+)\.jfrt-artifactory jfrt-artifactory;
      return 301 https://$host$request_uri;
      }
      server {
        listen 8443 ssl;
        server_name ~(?<repo>.+)\.artifactory-ha artifactory-ha;
        if ($http_x_forwarded_proto = '') {
          set $http_x_forwarded_proto  $scheme;
        }
        ## Application specific logs
        ## access_log /var/log/nginx/artifactory-access.log timing;
        ## error_log /var/log/nginx/artifactory-error.log;
        rewrite ^/artifactory/?$ / redirect;
        if ( $repo != "" ) {
          rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break;
        }
        chunked_transfer_encoding on;
        client_max_body_size 0;

        location / {
          proxy_read_timeout  3600;
          proxy_max_temp_file_size 0;
          proxy_send_timeout 3600;
          proxy_pass_header   Server;
          proxy_cookie_path   ~*^/.* /;
          proxy_pass          http://artifactory-ha:8082/;
          proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
          proxy_set_header    X-Forwarded-Port  $server_port;
          proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
          proxy_set_header    Host              $http_host;
          proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
          proxy_http_version 1.1;
          proxy_request_buffering off;
          proxy_buffering off;
          proxy_ignore_headers "X-Accel-Buffering";
          add_header Strict-Transport-Security always;
          add_header Strict-Transport-Security always;

          location /artifactory/ {
            if ( $request_uri ~ ^/artifactory/(.*)$ ) {
              proxy_pass       http://artifactory-ha:8081/artifactory/$1;
            }
            proxy_pass          http://artifactory-ha:8081/artifactory/;
          }
          location /pipelines/ {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $http_host;
            proxy_pass  http://artifactory-ha:8082;
          }
        }
      }