From 6e0ee4db02e652bc6aec71b298b232a63c659942 Mon Sep 17 00:00:00 2001 From: Koen Torfs Date: Thu, 25 Jul 2024 18:44:28 +0200 Subject: [PATCH 1/2] Fixes current helm chart limitations for external ingress with nginx ClusterIP service type and https / tls offloading on external ingress --- stable/artifactory/values.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml index 84c9d01fc..b8129a319 100644 --- a/stable/artifactory/values.yaml +++ b/stable/artifactory/values.yaml @@ -1511,12 +1511,18 @@ nginx: proxy_cookie_path ~*^/.* /; proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; {{- if .Values.nginx.service.ssloffload}} + {{- if .Values.nginx.service.ssloffloadForceHttps}} + proxy_set_header X-JFrog-Override-Base-Url https://$host; + proxy_set_header X-Forwarded-Proto https; + {{- else }} proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + {{- end }} {{- else }} proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$host_port; proxy_set_header X-Forwarded-Port $server_port; - {{- end }} proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + {{- end }} proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; {{- if .Values.nginx.disableProxyBuffering}} @@ -1556,6 +1562,8 @@ nginx: ## For minikube, set this to NodePort, elsewhere use LoadBalancer type: LoadBalancer ssloffload: false + ## @param service.ssloffloadForceHttps Override http_x_forwarded_proto flag for external ingress (optional, likely OpenShift specific for ClusterIP based nginx service config) + ssloffloadForceHttps: false ## @param service.ipFamilyPolicy Controller Service ipFamilyPolicy (optional, cloud specific) ## This can be either SingleStack, PreferDualStack or RequireDualStack ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services From 3925136c50b1292603f6993297126b46651cd197 Mon Sep 17 00:00:00 2001 From: Koen Torfs Date: Thu, 25 Jul 2024 18:52:49 +0200 Subject: [PATCH 2/2] bumped chart version and completed changelog --- stable/artifactory/CHANGELOG.md | 9 ++++++--- stable/artifactory/Chart.yaml | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md index f9abf951c..f14f859aa 100644 --- a/stable/artifactory/CHANGELOG.md +++ b/stable/artifactory/CHANGELOG.md @@ -1,6 +1,9 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. +## [107.84.18] - July 25, 2024 +* Support for SSL offload HTTPS proto override in Nginx service(ClusterIP) layer. Introduced `nginx.service.ssloffloadForceHttps` field with boolean type. + ## [107.84.17] - June 27, 2024 * Added image section for `initContainers` instead of `initContainerImage` * Renamed `router.image.imagePullPolicy` to `router.image.pullPolicy` @@ -8,7 +11,7 @@ All changes to this chart will be documented in this file. * Added support for `global.verisons.initContainers` to override `initContainers.image.tag` * Fixed an issue with extraSystemYaml merge * **IMPORTANT** -* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext` +* Renamed `artifactory.setSecurityContext` to `artifactory.podSecurityContext` * Renamed `artifactory.uid` to `artifactory.podSecurityContext.runAsUser` * Renamed `artifactory.gid` to `artifactory.podSecurityContext.runAsGroup` and `artifactory.podSecurityContext.fsGroup` * Renamed `artifactory.fsGroupChangePolicy` to `artifactory.podSecurityContext.fsGroupChangePolicy` @@ -133,7 +136,7 @@ All changes to this chart will be documented in this file. ## [107.58.0] - Mar 23, 2023 * Updated postgresql multi-arch tag version to `13.10.0-debian-11-r14` * Removed obselete remove-lost-found initContainer` -* Added env JF_SHARED_NODE_HAENABLED under frontend when running in the container split mode +* Added env JF_SHARED_NODE_HAENABLED under frontend when running in the container split mode ## [107.57.0] - Mar 02, 2023 * Updated initContainerImage and logger image to `ubi9/ubi-minimal:9.1.0.1793` @@ -351,7 +354,7 @@ All changes to this chart will be documented in this file. ## [12.0.0] - April 22, 2021 * **Breaking change:** -* Increased default postgresql persistence size to `200Gi` +* Increased default postgresql persistence size to `200Gi` * Update postgresql tag version to `13.2.0-debian-10-r55` * Update postgresql chart version to `10.3.18` in chart.yaml - [10.x Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#to-1000) * If this is a new deployment or you already use an external database (`postgresql.enabled=false`), these changes **do not affect you**! diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml index bd74e94a6..6738e511c 100644 --- a/stable/artifactory/Chart.yaml +++ b/stable/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.84.17 +appVersion: 7.84.18 dependencies: - condition: postgresql.enabled name: postgresql