From aef35eb2e84e6e5751f1cece76f5c63e3f5ddf10 Mon Sep 17 00:00:00 2001
From: Ken Brooks <kenneth.s.brooks@gmail.com>
Date: Thu, 18 Oct 2018 10:33:46 -0400
Subject: [PATCH 01/14] ingress annotation changes specifially to support
 docker registry

---
 stable/artifactory-ha/README.md              | 26 +++++++++++++++++++
 stable/artifactory-ha/templates/ingress.yaml |  6 ++---
 stable/artifactory/README.md                 | 27 ++++++++++++++++++++
 stable/artifactory/templates/ingress.yaml    |  6 ++---
 4 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md
index 54a33f3a1..014e024f8 100644
--- a/stable/artifactory-ha/README.md
+++ b/stable/artifactory-ha/README.md
@@ -394,6 +394,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `ingress.hosts`             | Artifactory Ingress hostnames       | `[]`                                                 |
 | `ingress.tls`               | Artifactory Ingress TLS configuration (YAML) | `[]`                                        |
 | `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` |
+| `ingress.annotations`       | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. |  |
 | `nginx.enabled`             | Deploy nginx server                      | `true`                                          |
 | `nginx.name`                | Nginx name                        | `nginx`                                                |
 | `nginx.replicaCount`        | Nginx replica count               | `1`                                                    |
@@ -495,6 +496,31 @@ Include the secret's name, along with the desired hostnames, in the Artifactory
           - artifactory.domain.com
 ```
 
+### Ingress annotations
+
+The following is helpful for configuring ingress to expose docker login.
+
+```
+ingress:
+  enabled: true
+  defaultBackend:
+    enabled: false
+  hosts:
+    - myhost.example.com
+  annotations:
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    ingress.kubernetes.io/proxy-body-size: "0"
+    ingress.kubernetes.io/proxy-read-timeout: "600"
+    ingress.kubernetes.io/proxy-send-timeout: "600"
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
+      rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  tls:
+    - hosts:
+      - "myhost.example.com"
+```
 
 ## Useful links
 - https://www.jfrog.com/confluence/display/EP/Getting+Started
diff --git a/stable/artifactory-ha/templates/ingress.yaml b/stable/artifactory-ha/templates/ingress.yaml
index 478305865..4ebfcae9c 100644
--- a/stable/artifactory-ha/templates/ingress.yaml
+++ b/stable/artifactory-ha/templates/ingress.yaml
@@ -10,10 +10,10 @@ metadata:
     chart: {{ template "artifactory-ha.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+{{- if .Values.ingress.annotations }}
   annotations:
-    {{- range $key, $value := .Values.ingress.annotations }}
-      {{ $key }}: {{ $value | quote }}
-    {{- end }}
+{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
+{{- end }}
 spec:
   {{- if .Values.ingress.defaultBackend.enabled }}
   backend:
diff --git a/stable/artifactory/README.md b/stable/artifactory/README.md
index 13cde9a53..815384a12 100644
--- a/stable/artifactory/README.md
+++ b/stable/artifactory/README.md
@@ -250,6 +250,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `ingress.hosts`             | Artifactory Ingress hostnames       | `[]`                                                 |
 | `ingress.tls`               | Artifactory Ingress TLS configuration (YAML) | `[]`                                        |
 | `ingress.defaultBackend.enabled` | If true, the default `backend` will be added using serviceName and servicePort | `true` |
+| `ingress.annotations`       | Ingress annotations, which are written out if annotations section exists in values. Everything inside of the annotations section will appear verbatim inside the resulting manifest. See `Ingress annotations` section below for examples of how to leverage the annotations, specifically for how to enable docker authentication. |  |
 | `nginx.name` | Nginx name | `nginx`                                                                                      |
 | `nginx.enabled` | Deploy nginx server | `true`                                                                           |
 | `nginx.replicaCount` | Nginx replica count | `1`                                                                         |
@@ -338,6 +339,32 @@ Include the secret's name, along with the desired hostnames, in the Artifactory
           - artifactory.domain.com
 ```
 
+### Ingress annotations
+
+The following is helpful for configuring ingress to expose docker login.
+
+```
+ingress:
+  enabled: true
+  defaultBackend:
+    enabled: false
+  hosts:
+    - myhost.example.com
+  annotations:
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    ingress.kubernetes.io/proxy-body-size: "0"
+    ingress.kubernetes.io/proxy-read-timeout: "600"
+    ingress.kubernetes.io/proxy-send-timeout: "600"
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
+      rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  tls:
+    - hosts:
+      - "myhost.example.com"
+```
+
 ## Useful links
 https://www.jfrog.com
 https://www.jfrog.com/confluence/
diff --git a/stable/artifactory/templates/ingress.yaml b/stable/artifactory/templates/ingress.yaml
index 258065989..650e717ba 100644
--- a/stable/artifactory/templates/ingress.yaml
+++ b/stable/artifactory/templates/ingress.yaml
@@ -10,10 +10,10 @@ metadata:
     chart: {{ template "artifactory.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
+{{- if .Values.ingress.annotations }}
   annotations:
-    {{- range $key, $value := .Values.ingress.annotations }}
-      {{ $key }}: {{ $value | quote }}
-    {{- end }}
+{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
+{{- end }}
 spec:
   {{- if .Values.ingress.defaultBackend.enabled }}
   backend:

From 12ac3d77ff9db4991781021af0ee96cd7b7ebab4 Mon Sep 17 00:00:00 2001
From: Eldad Assis <eldada@jfrog.com>
Date: Thu, 18 Oct 2018 22:08:51 +0300
Subject: [PATCH 02/14] Artifactory version 6.5.1

---
 stable/artifactory-ha/CHANGELOG.md | 3 +++
 stable/artifactory-ha/Chart.yaml   | 4 ++--
 stable/artifactory/CHANGELOG.md    | 3 +++
 stable/artifactory/Chart.yaml      | 4 ++--
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md
index 0201321bc..0f89fdba2 100644
--- a/stable/artifactory-ha/CHANGELOG.md
+++ b/stable/artifactory-ha/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.6.4] - Oct 18, 2018
+* Updated Artifactory version to 6.5.1
+
 ## [0.6.3] - Oct 17, 2018
 * Add Apache 2.0 license
 
diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml
index b1f2bba31..7e2de6018 100644
--- a/stable/artifactory-ha/Chart.yaml
+++ b/stable/artifactory-ha/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: artifactory-ha
 home: https://www.jfrog.com/artifactory/
-version: 0.6.3
-appVersion: 6.5.0
+version: 0.6.4
+appVersion: 6.5.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
 keywords:
diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md
index d16a0de61..5e7a37bea 100644
--- a/stable/artifactory/CHANGELOG.md
+++ b/stable/artifactory/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [7.6.3] - Oct 18, 2018
+* Updated Artifactory version to 6.5.1
+
 ## [7.6.2] - Oct 17, 2018
 * Add Apache 2.0 license
 
diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml
index 2a6ac6aad..632a3dce9 100644
--- a/stable/artifactory/Chart.yaml
+++ b/stable/artifactory/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: artifactory
 home: https://www.jfrog.com/artifactory/
-version: 7.6.2
-appVersion: 6.5.0
+version: 7.6.3
+appVersion: 6.5.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
 keywords:

From 9a639e588d498f8eb9653537b6b268adfaf0d848 Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Thu, 18 Oct 2018 16:24:00 -0400
Subject: [PATCH 03/14] Allow providing a pre-existing secret that contains the
 master key

---
 stable/artifactory-ha/README.md                | 18 ++++++++++++++++--
 stable/artifactory-ha/templates/NOTES.txt      |  5 ++++-
 .../artifactory-node-statefulset.yaml          |  2 +-
 .../artifactory-primary-statefulset.yaml       |  2 +-
 .../templates/artifactory-secrets.yaml         |  2 ++
 stable/artifactory-ha/values.yaml              |  3 +++
 stable/artifactory/README.md                   |  1 +
 .../templates/artifactory-secrets.yaml         |  2 ++
 .../templates/artifactory-statefulset.yaml     |  2 +-
 stable/artifactory/values.yaml                 |  2 ++
 10 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md
index 54a33f3a1..c5dd28ede 100644
--- a/stable/artifactory-ha/README.md
+++ b/stable/artifactory-ha/README.md
@@ -166,7 +166,20 @@ echo ${MASTER_KEY}
 # Pass the created master key to helm
 helm install --name artifactory-ha --set artifactory.masterKey=${MASTER_KEY} jfrog/artifactory-ha
 ```
-**NOTE:** Make sure to pass the same master key with `--set artifactory.masterKey=${MASTER_KEY}` on all future calls to `helm install` and `helm upgrade`!
+
+Alternatively, you can create a secret containing the master key manually and pass it to the template at install/upgrade time.
+```bash
+# Create a key
+export MASTER_KEY=$(openssl rand -hex 32)
+echo ${MASTER_KEY}
+
+# Create a secret containing the key. The key in the secret must be named master-key
+kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY}
+
+# Pass the created secret to helm
+helm install --name artifactory-ha --set artifactory.masterKeySecretName=my-secret jfrog/artifactory-ha
+```
+**NOTE:** In either case, make sure to pass the same master key on all future calls to `helm install` and `helm upgrade`! In the first case, this means always passing `--set artifactory.masterKey=${MASTER_KEY}`. In the second, this means always passing `--set artifactory.masterKeySecretName=my-secret` and ensuring the contents of the secret remain unchanged.
 
 ### Install Artifactory HA license
 For activating Artifactory HA, you must install an appropriate license. There are two ways to manage the license. **Artifactory UI** or a **Kubernetes Secret**.
@@ -325,7 +338,8 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.image.pullPolicy`       | Container pull policy                | `IfNotPresent`                             |
 | `artifactory.image.repository`       | Container image                      | `docker.bintray.io/jfrog/artifactory-pro`  |
 | `artifactory.image.version`          | Container image tag                  | `.Chart.AppVersion`                        |
-| `artifactory.masterKey`      | Artifactory Master Key. Can be generated with `openssl rand -hex 32` |`FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`|
+| `artifactory.masterKey`           | Artifactory Master Key. Can be generated with `openssl rand -hex 32` |`FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`|
+| `artifactory.masterKeySecretName` | Artifactory Master Key secret name                                   |                                                                  |
 | `artifactory.license.secret` | Artifactory license secret name              |                                            |
 | `artifactory.license.dataKey`| Artifactory license secret data key          |                                            |
 | `artifactory.service.name`   | Artifactory service name to be set in Nginx configuration | `artifactory`                 |
diff --git a/stable/artifactory-ha/templates/NOTES.txt b/stable/artifactory-ha/templates/NOTES.txt
index c88f32d9d..1ed1ed53c 100644
--- a/stable/artifactory-ha/templates/NOTES.txt
+++ b/stable/artifactory-ha/templates/NOTES.txt
@@ -1,6 +1,6 @@
 Congratulations. You have just deployed JFrog Artifactory HA!
 
-{{- if eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" }}
+{{- if (not .Values.artifactory.masterKeySecretName) and eq .Values.artifactory.masterKey "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" }}
 
 
 ***************************************** WARNING ******************************************
@@ -12,6 +12,9 @@ Congratulations. You have just deployed JFrog Artifactory HA!
 * $ echo ${MASTER_KEY}                                                                     *
 *                                                                                          *
 * Pass the created master key to helm with '--set artifactory.masterKey=${MASTER_KEY}'     *
+*                                                                                          *
+* Alternatively, you can use a pre-existing secret with a key called master-key with       *
+* '--set artifactory.masterKeySecretName=${SECRET_NAME}'                                   *
 ********************************************************************************************
 {{- end }}
 
diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
index fd4defbac..ef2acd0dc 100644
--- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
@@ -143,7 +143,7 @@ spec:
         - name: ARTIFACTORY_MASTER_KEY
           valueFrom:
             secretKeyRef:
-              name: {{ template "artifactory-ha.fullname" . }}
+              name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
               key: master-key
         - name: HA_IS_PRIMARY
           value: "false"
diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
index 4820c9685..a6b70782f 100644
--- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
@@ -146,7 +146,7 @@ spec:
         - name: ARTIFACTORY_MASTER_KEY
           valueFrom:
             secretKeyRef:
-              name: {{ template "artifactory-ha.fullname" . }}
+              name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory-ha.fullname" .) }}"
               key: master-key
         - name: HA_IS_PRIMARY
           value: "true"
diff --git a/stable/artifactory-ha/templates/artifactory-secrets.yaml b/stable/artifactory-ha/templates/artifactory-secrets.yaml
index 5ef89a6ae..2665d32b0 100644
--- a/stable/artifactory-ha/templates/artifactory-secrets.yaml
+++ b/stable/artifactory-ha/templates/artifactory-secrets.yaml
@@ -9,7 +9,9 @@ metadata:
     release: {{ .Release.Name }}
 type: Opaque
 data:
+{{- if not .Values.artifactory.masterKeySecretName }}
   master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
+{{- end }}
 {{- if .Values.database.password }}
   db-password: {{ .Values.database.password | b64enc | quote }}
 {{- end }}
diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml
index e16fda823..96323d194 100644
--- a/stable/artifactory-ha/values.yaml
+++ b/stable/artifactory-ha/values.yaml
@@ -97,8 +97,11 @@ artifactory:
   ## You can generate one with the command:
   ## 'openssl rand -hex 32'
   ## Pass it to helm with '--set artifactory.masterKey=${MASTER_KEY}'
+  ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName
   ## IMPORTANT: You should NOT use the example masterKey for a production deployment!
   masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+  # masterKeySecretName:
+
 
   ## Artifactory license secret.
   ## If artifactory.license.secret is passed, it will be mounted as
diff --git a/stable/artifactory/README.md b/stable/artifactory/README.md
index 13cde9a53..550321beb 100644
--- a/stable/artifactory/README.md
+++ b/stable/artifactory/README.md
@@ -225,6 +225,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.livenessProbe.successThreshold`     | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 |
 | `artifactory.livenessProbe.failureThreshold`     | Minimum consecutive failures for the probe to be considered failed after having succeeded.   | 10 |
 | `artifactory.masterKey`                          | master.key to be used on bootstrap | `FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF` |
+| `artifactory.masterKeySecretName`                | Artifactory Master Key secret name |                                                                    |
 | `artifactory.readinessProbe.enabled`             | would you like a readinessProbe to be enabled           |  `true`     |
 | `artifactory.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 60                        |
 | `artifactory.readinessProbe.periodSeconds`       | How often to perform the probe            | 10                        |
diff --git a/stable/artifactory/templates/artifactory-secrets.yaml b/stable/artifactory/templates/artifactory-secrets.yaml
index 9b350c024..e3ae96ce4 100644
--- a/stable/artifactory/templates/artifactory-secrets.yaml
+++ b/stable/artifactory/templates/artifactory-secrets.yaml
@@ -12,4 +12,6 @@ data:
   {{- if .Values.database.password }}
   db-password: {{ .Values.database.password | b64enc | quote }}
   {{- end }}
+  {{- if not .Values.artifactory.masterKeySecretName }}
   master-key: {{ .Values.artifactory.masterKey | b64enc | quote }}
+  {{- end }}
diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml
index ffe073a39..711c3ffa2 100644
--- a/stable/artifactory/templates/artifactory-statefulset.yaml
+++ b/stable/artifactory/templates/artifactory-statefulset.yaml
@@ -118,7 +118,7 @@ spec:
         - name: ARTIFACTORY_MASTER_KEY
           valueFrom:
             secretKeyRef:
-              name: {{ template "artifactory.fullname" . }}
+              name: "{{ .Values.artifactory.masterKeySecretName | default (include "artifactory.fullname" .) }}"
               key: master-key
         - name: EXTRA_JAVA_OPTIONS
           value: "
diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml
index ad46de4f2..cd794a08a 100644
--- a/stable/artifactory/values.yaml
+++ b/stable/artifactory/values.yaml
@@ -73,6 +73,8 @@ artifactory:
   ## Create configMap with artifactory.config.import.xml and security.import.xml and pass name of configMap in following parameter
   configMapName:
   masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+  ## Alternatively, you can use a pre-existing secret with a key called master-key by specifying masterKeySecretName
+  # masterKeySecretName:
   ## Extra postStart command to install JDBC driver for MySql/MariaDb/Oracle
   # postStartCommand: "curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar && chown 1030:1030 /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar"
 

From 38a796da2be263e403ff6c4e02c453adc8d4fd4b Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Fri, 19 Oct 2018 13:19:00 -0400
Subject: [PATCH 04/14] Allow arbitrary annotations on the primary and member
 pods

---
 .../templates/artifactory-node-statefulset.yaml               | 3 +++
 .../templates/artifactory-primary-statefulset.yaml            | 3 +++
 stable/artifactory-ha/values.yaml                             | 2 ++
 stable/artifactory/templates/artifactory-statefulset.yaml     | 4 ++++
 stable/artifactory/values.yaml                                | 2 ++
 5 files changed, 14 insertions(+)

diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
index ef2acd0dc..ce18f44e3 100644
--- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
@@ -27,6 +27,9 @@ spec:
         release: {{ .Release.Name }}
       annotations:
         checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore.yaml") . | sha256sum }}
+      {{- range $key, $value := .Values.artifactory.annotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
     spec:
       serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
     {{- if .Values.imagePullSecrets }}
diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
index a6b70782f..51d1b3747 100644
--- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
@@ -27,6 +27,9 @@ spec:
         release: {{ .Release.Name }}
       annotations:
         checksum/binarystore: {{ include (print $.Template.BasePath "/artifactory-binarystore.yaml") . | sha256sum }}
+      {{- range $key, $value := .Values.artifactory.annotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
     spec:
       serviceAccountName: {{ template "artifactory-ha.serviceAccountName" . }}
     {{- if .Values.imagePullSecrets }}
diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml
index 96323d194..05b7bee81 100644
--- a/stable/artifactory-ha/values.yaml
+++ b/stable/artifactory-ha/values.yaml
@@ -211,6 +211,8 @@ artifactory:
   # Name of ConfigMap for Distribution Cert
   distributionCerts:
 
+  annotations: {}
+
   ## Type specific configurations.
   ## There is a difference between the primary and the member nodes.
   ## Customising their resources and java parameters is done here.
diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml
index 711c3ffa2..8091733f3 100644
--- a/stable/artifactory/templates/artifactory-statefulset.yaml
+++ b/stable/artifactory/templates/artifactory-statefulset.yaml
@@ -25,6 +25,10 @@ spec:
         role: {{ template "artifactory.name" . }}
         component: {{ .Values.artifactory.name }}
         release: {{ .Release.Name }}
+      annotations:
+      {{- range $key, $value := .Values.artifactory.annotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
     spec:
       serviceAccountName: {{ template "artifactory.serviceAccountName" . }}
     {{- if .Values.imagePullSecrets }}
diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml
index cd794a08a..1b467c088 100644
--- a/stable/artifactory/values.yaml
+++ b/stable/artifactory/values.yaml
@@ -78,6 +78,8 @@ artifactory:
   ## Extra postStart command to install JDBC driver for MySql/MariaDb/Oracle
   # postStartCommand: "curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar && chown 1030:1030 /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar"
 
+  annotations: {}
+
   service:
     name: artifactory
     type: ClusterIP

From c690034d5f1b503f8e871618561d0722967f25a4 Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Thu, 18 Oct 2018 17:57:24 -0400
Subject: [PATCH 05/14] Enforce size limits on local storage when using
 emptyDir

---
 stable/artifactory-ha/README.md                              | 2 +-
 .../templates/artifactory-node-statefulset.yaml              | 3 ++-
 .../templates/artifactory-primary-statefulset.yaml           | 3 ++-
 stable/artifactory/README.md                                 | 2 +-
 stable/artifactory/templates/artifactory-statefulset.yaml    | 5 +++--
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md
index c5dd28ede..a7524f360 100644
--- a/stable/artifactory-ha/README.md
+++ b/stable/artifactory-ha/README.md
@@ -364,7 +364,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.persistence.mountPath`  | Artifactory persistence volume mount path       | `"/var/opt/jfrog/artifactory"`  |
 | `artifactory.persistence.enabled`    | Artifactory persistence volume enabled          | `true`                          |
 | `artifactory.persistence.accessMode` | Artifactory persistence volume access mode      | `ReadWriteOnce`                 |
-| `artifactory.persistence.size`       | Artifactory persistence volume size             | `200Gi`                         |
+| `artifactory.persistence.size`       | Artifactory persistence or local volume size    | `200Gi`                         |
 | `artifactory.persistence.type`       | Artifactory HA storage type                     | `file-system`                   |
 | `artifactory.persistence.redundancy` | Artifactory HA storage redundancy               | `3`                             |
 | `artifactory.persistence.nfs.ip`            | NFS server IP                        |                                     |
diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
index ce18f44e3..f8ee4753c 100644
--- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
@@ -247,7 +247,8 @@ spec:
       {{- end }}
       {{- if .Values.artifactory.persistence.local }}
       - name: volume
-        emptyDir: {}
+        emptyDir:
+          sizeLimit: {{ .Values.artifactory.persistence.size }}
       {{- else }}
   volumeClaimTemplates:
   - metadata:
diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
index 51d1b3747..d1578c866 100644
--- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
@@ -276,7 +276,8 @@ spec:
       {{- end }}
       {{- if .Values.artifactory.persistence.local }}
       - name: volume
-        emptyDir: {}
+        emptyDir:
+          sizeLimit: {{ .Values.artifactory.persistence.size }}
       {{- else }}
   volumeClaimTemplates:
   - metadata:
diff --git a/stable/artifactory/README.md b/stable/artifactory/README.md
index 550321beb..dafbd057f 100644
--- a/stable/artifactory/README.md
+++ b/stable/artifactory/README.md
@@ -235,7 +235,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.persistence.mountPath` | Artifactory persistence volume mount path | `"/var/opt/jfrog/artifactory"`         |
 | `artifactory.persistence.enabled` | Artifactory persistence volume enabled | `true`                                      |
 | `artifactory.persistence.accessMode` | Artifactory persistence volume access mode | `ReadWriteOnce`                      |
-| `artifactory.persistence.size` | Artifactory persistence volume size | `20Gi`                                            | 
+| `artifactory.persistence.size` | Artifactory persistence or local volume size | `20Gi`                                   |
 | `artifactory.resources.requests.memory` | Artifactory initial memory request                  |                          |
 | `artifactory.resources.requests.cpu`    | Artifactory initial cpu request     |                                          |
 | `artifactory.resources.limits.memory`   | Artifactory memory limit            |                                          |
diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml
index 8091733f3..79c188ae4 100644
--- a/stable/artifactory/templates/artifactory-statefulset.yaml
+++ b/stable/artifactory/templates/artifactory-statefulset.yaml
@@ -250,5 +250,6 @@ spec:
     {{- end }}
       {{- else }}
       - name: artifactory-volume
-        emptyDir: {}
-      {{- end }}
\ No newline at end of file
+        emptyDir:
+          sizeLimit: {{ .Values.artifactory.persistence.size }}
+      {{- end }}

From 0f6736722362de2ccd681ae5f48cab4ad14265a7 Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Fri, 19 Oct 2018 09:09:44 -0400
Subject: [PATCH 06/14] Allow specification of member node anti-affinity

Makes it easier to choose between 'hard' or 'soft' anti-affinity. This
ensures that the member node pods run on different parts of the cluster
based on the given topology

This doesn't apply to the non-ha chart since it doesn't allow multiple
nodes
---
 .../artifactory-node-statefulset.yaml         | 24 +++++++++++++++++++
 stable/artifactory-ha/values.yaml             |  8 +++++++
 2 files changed, 32 insertions(+)

diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
index f8ee4753c..9e8082643 100644
--- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
@@ -215,10 +215,34 @@ spec:
       nodeSelector:
 {{ toYaml . | indent 8 }}
     {{- end }}
+    {{- if .Values.artifactory.node.affinity }}
     {{- with .Values.artifactory.node.affinity }}
       affinity:
 {{ toYaml . | indent 8 }}
     {{- end }}
+    {{- else if eq .Values.artifactory.node.podAntiAffinity.type "soft" }}
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
+              labelSelector:
+                matchLabels:
+                  app: {{ template "artifactory-ha.name" . }}
+                  release: {{ .Release.Name }}
+                  role: {{ template "artifactory-ha.node.name" . }}
+    {{- else if eq .Values.artifactory.node.podAntiAffinity.type "hard" }}
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - topologyKey: {{ .Values.artifactory.node.podAntiAffinity.topologyKey }}
+            labelSelector:
+              matchLabels:
+                app: {{ template "artifactory-ha.name" . }}
+                release: {{ .Release.Name }}
+                role: {{ template "artifactory-ha.node.name" . }}
+    {{- end }}
     {{- with .Values.artifactory.node.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml
index 05b7bee81..f284ff41a 100644
--- a/stable/artifactory-ha/values.yaml
+++ b/stable/artifactory-ha/values.yaml
@@ -267,8 +267,16 @@ artifactory:
 
     tolerations: []
 
+    ## Complete specification of the "affinity" of the member nodes; if this is non-empty,
+    ## "podAntiAffinity" values are not used.
     affinity: {}
 
+    ## Only used if "affinity" is empty
+    podAntiAffinity:
+      ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity
+      type: ""
+      topologyKey: "kubernetes.io/hostname"
+
 # Nginx
 nginx:
   enabled: true

From 827a417575873b79573c59272139172770473043 Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Fri, 19 Oct 2018 09:42:15 -0400
Subject: [PATCH 07/14] Allow providing pre-existing secrets for external
 database credentials

---
 stable/artifactory-ha/README.md               | 27 +++++++++++++++----
 .../artifactory-primary-statefulset.yaml      | 13 +++++++++
 stable/artifactory-ha/values.yaml             | 11 ++++++++
 stable/artifactory/README.md                  | 13 +++++++++
 .../templates/artifactory-statefulset.yaml    | 13 +++++++++
 stable/artifactory/values.yaml                | 11 ++++++++
 6 files changed, 83 insertions(+), 5 deletions(-)

diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md
index a7524f360..7cdfe2442 100644
--- a/stable/artifactory-ha/README.md
+++ b/stable/artifactory-ha/README.md
@@ -299,6 +299,19 @@ This can be done with the following parameters
 ```
 **NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
 
+If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`:
+```bash
+# Create a secret containing the database credentials
+kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD}
+...
+--set postgresql.enabled=false \
+--set database.secrets.user.name=my-secret \
+--set database.secrets.user.key=user \
+--set database.secrets.password.name=my-secret \
+--set database.secrets.password.key=password \
+...
+```
+
 ### Deleting Artifactory
 To delete the Artifactory HA cluster
 ```bash
@@ -457,11 +470,15 @@ The following table lists the configurable parameters of the artifactory chart a
 | `postgresql.resources.requests.cpu`       | PostgreSQL initial cpu request     |                                         |
 | `postgresql.resources.limits.memory`      | PostgreSQL memory limit            |                                         |
 | `postgresql.resources.limits.cpu`         | PostgreSQL cpu limit               |                                         |
-| `database.type`           | External database type (`postgresql`, `mysql`, `oracle` or `mssql`)  |                       |
-| `database.host`           | External database hostname                         |                                         |
-| `database.port`           | External database port                             |                                         |
-| `database.user`           | External database username                         |                                         |
-| `database.password`       | External database password                         |                                         |
+| `database.type`                  | External database type (`postgresql`, `mysql`, `oracle` or `mssql`)  |                       |
+| `database.host`                  | External database hostname                         |                                         |
+| `database.port`                  | External database port                             |                                         |
+| `database.user`                  | External database username                         |                                         |
+| `database.password`              | External database password                         |                                         |
+| `database.secrets.user.name`     | External database username `Secret` name           |                                         |
+| `database.secrets.user.key`      | External database username `Secret` key            |                                         |
+| `database.secrets.password.name` | External database password `Secret` name           |                                         |
+| `database.secrets.password.key`  | External database password `Secret` key            |                                         |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
index d1578c866..262a5467d 100644
--- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
@@ -116,6 +116,18 @@ spec:
           value: '{{ .Values.database.host }}'
         - name: DB_PORT
           value: '{{ .Values.database.port }}'
+      {{- if .Values.database.secrets }}
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.database.secrets.user.name }}
+              key: {{ .Values.database.secrets.user.Key }}
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.database.secrets.password.name }}
+              key: {{ .Values.database.secrets.password.key }}
+      {{- else }}
         - name: DB_USER
           value: '{{ .Values.database.user }}'
         - name: DB_PASSWORD
@@ -123,6 +135,7 @@ spec:
             secretKeyRef:
               name: {{ template "artifactory-ha.fullname" . }}
               key: db-password
+      {{- end }}
       {{- end }}
         - name: EXTRA_JAVA_OPTIONS
           value: "
diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml
index f284ff41a..eb7a279ef 100644
--- a/stable/artifactory-ha/values.yaml
+++ b/stable/artifactory-ha/values.yaml
@@ -82,8 +82,19 @@ database:
   type:
   host:
   port:
+  ## If you would like this chart to create the secret containing the db
+  ## password, use these values
   user:
   password:
+  ## If you have existing Kubernetes secrets containing db credentials, use
+  ## these values
+  secrets: {}
+  #  user:
+  #    name: "rds-artifactory"
+  #    key: "db-user"
+  #  password:
+  #    name: "rds-artifactory"
+  #    key: "db-password"
 
 # Artifactory
 artifactory:
diff --git a/stable/artifactory/README.md b/stable/artifactory/README.md
index dafbd057f..c0aeb6612 100644
--- a/stable/artifactory/README.md
+++ b/stable/artifactory/README.md
@@ -177,6 +177,19 @@ This can be done with the following parameters
 ```
 **NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
 
+If you store your database credentials in a pre-existing Kubernetes `Secret`, you can specify them via `database.secrets` instead of `database.user` and `database.password`:
+```bash
+# Create a secret containing the database credentials
+kubectl create secret generic my-secret --from-literal=user=${DB_USER} --from-literal=password=${DB_PASSWORD}
+...
+--set postgresql.enabled=false \
+--set database.secrets.user.name=my-secret \
+--set database.secrets.user.key=user \
+--set database.secrets.password.name=my-secret \
+--set database.secrets.password.key=password \
+...
+```
+
 ### Deleting Artifactory
 To delete the Artifactory.
 ```bash
diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml
index 79c188ae4..5ba099c0d 100644
--- a/stable/artifactory/templates/artifactory-statefulset.yaml
+++ b/stable/artifactory/templates/artifactory-statefulset.yaml
@@ -111,6 +111,18 @@ spec:
           value: '{{ .Values.database.host }}'
         - name: DB_PORT
           value: '{{ .Values.database.port }}'
+        {{- if .Values.database.secrets }}
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.database.secrets.user.name }}
+              key: {{ .Values.database.secrets.user.Key }}
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.database.secrets.password.name }}
+              key: {{ .Values.database.secrets.password.key }}
+        {{- else }}
         - name: DB_USER
           value: '{{ .Values.database.user }}'
         - name: DB_PASSWORD
@@ -118,6 +130,7 @@ spec:
             secretKeyRef:
               name: {{ template "artifactory.fullname" . }}
               key: db-password
+        {{- end }}
       {{- end }}
         - name: ARTIFACTORY_MASTER_KEY
           valueFrom:
diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml
index 1b467c088..f39695e1c 100644
--- a/stable/artifactory/values.yaml
+++ b/stable/artifactory/values.yaml
@@ -268,5 +268,16 @@ database:
   type:
   host:
   port:
+  ## If you would like this chart to create the secret containing the db
+  ## password, use these values
   user:
   password:
+  ## If you have existing Kubernetes secrets containing db credentials, use
+  ## these values
+  secrets: {}
+  #  user:
+  #    name: "rds-artifactory"
+  #    key: "db-user"
+  #  password:
+  #    name: "rds-artifactory"
+  #    key: "db-password"

From 996c19e888b5bee8747f627916dfb850b5d7bfe9 Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Fri, 19 Oct 2018 11:52:08 -0400
Subject: [PATCH 08/14] Fix caching when using the s3 provider

The current configuration of the binary store for the s3 provider
causes Artifactory to download artifacts from s3 on every request. This
negatively impacts performance. This commit updates the binary store
configuration so that Artifactory first uses the cache-fs provider
before reaching out to s3. This change better aligns the configuration
of the binary store with the default configuration in the documentation
at https://www.jfrog.com/confluence/display/RTF/Configuring+the+Filestore#ConfiguringtheFilestore-S3ClusterBinaryProvider

This doesn't apply to the non-ha chart since it doesn't include a
binary store file
---
 stable/artifactory-ha/README.md               | 27 +++++++------
 .../templates/artifactory-binarystore.yaml    | 39 +++++++++----------
 stable/artifactory-ha/values.yaml             |  3 ++
 3 files changed, 37 insertions(+), 32 deletions(-)

diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md
index 7cdfe2442..29e12925a 100644
--- a/stable/artifactory-ha/README.md
+++ b/stable/artifactory-ha/README.md
@@ -374,12 +374,13 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.readinessProbe.timeoutSeconds`      | When the probe times out                  | 10                                                    |
 | `artifactory.readinessProbe.successThreshold`    | Minimum consecutive successes for the probe to be considered successful after having failed. | 1  |
 | `artifactory.readinessProbe.failureThreshold`    | Minimum consecutive failures for the probe to be considered failed after having succeeded.   | 10 |
-| `artifactory.persistence.mountPath`  | Artifactory persistence volume mount path       | `"/var/opt/jfrog/artifactory"`  |
-| `artifactory.persistence.enabled`    | Artifactory persistence volume enabled          | `true`                          |
-| `artifactory.persistence.accessMode` | Artifactory persistence volume access mode      | `ReadWriteOnce`                 |
-| `artifactory.persistence.size`       | Artifactory persistence or local volume size    | `200Gi`                         |
-| `artifactory.persistence.type`       | Artifactory HA storage type                     | `file-system`                   |
-| `artifactory.persistence.redundancy` | Artifactory HA storage redundancy               | `3`                             |
+| `artifactory.persistence.mountPath`    | Artifactory persistence volume mount path           | `"/var/opt/jfrog/artifactory"`  |
+| `artifactory.persistence.enabled`      | Artifactory persistence volume enabled              | `true`                          |
+| `artifactory.persistence.accessMode`   | Artifactory persistence volume access mode          | `ReadWriteOnce`                 |
+| `artifactory.persistence.size`         | Artifactory persistence or local volume size        | `200Gi`                         |
+| `artifactory.persistence.maxCacheSize` | Artifactory cache-fs provider maxCacheSize in bytes | `50000000000`                   |
+| `artifactory.persistence.type`         | Artifactory HA storage type                         | `file-system`                   |
+| `artifactory.persistence.redundancy`   | Artifactory HA storage redundancy                   | `3`                             |
 | `artifactory.persistence.nfs.ip`            | NFS server IP                        |                                     |
 | `artifactory.persistence.nfs.haDataMount`   | NFS data directory                   | `/data`                             |
 | `artifactory.persistence.nfs.haBackupMount` | NFS backup directory                 | `/backup`                           |
@@ -390,12 +391,14 @@ The following table lists the configurable parameters of the artifactory chart a
 | `artifactory.persistence.googleStorage.identity`    | Google Storage service account id   |                              |
 | `artifactory.persistence.googleStorage.credential`  | Google Storage service account key  |                              |
 | `artifactory.persistence.googleStorage.path`        | Google Storage path in bucket       | `artifactory-ha/filestore`   |
-| `artifactory.persistence.awsS3.bucketName`          | AWS S3 bucket name                  | `artifactory-ha`             |
-| `artifactory.persistence.awsS3.endpoint`            | AWS S3 bucket endpoint              | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
-| `artifactory.persistence.awsS3.region`              | AWS S3 bucket region                |                              |
-| `artifactory.persistence.awsS3.identity`            | AWS S3 AWS_ACCESS_KEY_ID            |                              |
-| `artifactory.persistence.awsS3.credential`          | AWS S3 AWS_SECRET_ACCESS_KEY        |                              |
-| `artifactory.persistence.awsS3.path`                | AWS S3 path in bucket               | `artifactory-ha/filestore`   |
+| `artifactory.persistence.awsS3.bucketName`          | AWS S3 bucket name                     | `artifactory-ha`             |
+| `artifactory.persistence.awsS3.endpoint`            | AWS S3 bucket endpoint                 | See https://docs.aws.amazon.com/general/latest/gr/rande.html |
+| `artifactory.persistence.awsS3.region`              | AWS S3 bucket region                   |                              |
+| `artifactory.persistence.awsS3.identity`            | AWS S3 AWS_ACCESS_KEY_ID               |                              |
+| `artifactory.persistence.awsS3.credential`          | AWS S3 AWS_SECRET_ACCESS_KEY           |                              |
+| `artifactory.persistence.awsS3.path`                | AWS S3 path in bucket                  | `artifactory-ha/filestore`   |
+| `artifactory.persistence.awsS3.refreshCredentials`  | AWS S3 renew credentials on expiration | `true`                       |
+| `artifactory.persistence.awsS3.testConnection`      | AWS S3 test connection on start up     | `false`                      |
 | `artifactory.javaOpts.other` | Artifactory extra java options (for all nodes) | `-Dartifactory.locking.provider.type=db` |
 | `artifactory.replicator.enabled`            | Enable Artifactory Replicator | `false`                                    |
 | `artifactory.distributionCerts`            | Name of ConfigMap for Artifactory Distribution Certificate  |               |
diff --git a/stable/artifactory-ha/templates/artifactory-binarystore.yaml b/stable/artifactory-ha/templates/artifactory-binarystore.yaml
index e4b3614e2..326a7f172 100644
--- a/stable/artifactory-ha/templates/artifactory-binarystore.yaml
+++ b/stable/artifactory-ha/templates/artifactory-binarystore.yaml
@@ -65,7 +65,7 @@ data:
 
         <!-- Set max cache-fs size -->
         <provider id="cache-fs" type="cache-fs">
-            <maxCacheSize>50000000000</maxCacheSize>
+            <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
         </provider>
 
         <provider id="eventual-cluster" type="eventual-cluster">
@@ -98,25 +98,22 @@ data:
 {{- if eq .Values.artifactory.persistence.type "aws-s3" }}
     <!-- AWS S3 -->
     <config version="2">
-        <chain>
-            <provider id="sharding-cluster" type="sharding-cluster">
-                <readBehavior>crossNetworkStrategy</readBehavior>
-                <writeBehavior>crossNetworkStrategy</writeBehavior>
-                <redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
-                <minSpareUploaderExecutor>2</minSpareUploaderExecutor>
-                <sub-provider id="eventual-cluster" type="eventual-cluster">
-                    <provider id="retry" type="retry">
-                        <provider id="s3" type="s3"/>
-                    </provider>
-                </sub-provider>
-                <dynamic-provider id="remote" type="remote"/>
-                <property name="zones" value="local,remote"/>
+        <chain> <!--template="cluster-s3"-->
+            <provider id="cache-fs" type="cache-fs">
+                <provider id="sharding-cluster" type="sharding-cluster">
+                    <sub-provider id="eventual-cluster" type="eventual-cluster">
+                        <provider id="retry-s3" type="retry">
+                            <provider id="s3" type="s3"/>
+                        </provider>
+                    </sub-provider>
+                    <dynamic-provider id="remote" type="remote"/>
+                </provider>
             </provider>
         </chain>
 
         <!-- Set max cache-fs size -->
         <provider id="cache-fs" type="cache-fs">
-            <maxCacheSize>50000000000</maxCacheSize>
+            <maxCacheSize>{{ .Values.artifactory.persistence.maxCacheSize }}</maxCacheSize>
         </provider>
 
         <provider id="eventual-cluster" type="eventual-cluster">
@@ -129,15 +126,17 @@ data:
             <zone>remote</zone>
         </provider>
 
-        <provider id="file-system" type="file-system">
-            <fileStoreDir>{{ .Values.artifactory.persistence.mountPath }}/data/filestore</fileStoreDir>
-            <tempDir>/tmp</tempDir>
+        <provider id="sharding-cluster" type="sharding-cluster">
+            <readBehavior>crossNetworkStrategy</readBehavior>
+            <writeBehavior>crossNetworkStrategy</writeBehavior>
+            <redundancy>{{ .Values.artifactory.persistence.redundancy }}</redundancy>
+            <property name="zones" value="local,remote"/>
         </provider>
 
         <provider id="s3" type="s3">
             <endpoint>{{ .Values.artifactory.persistence.awsS3.endpoint }}</endpoint>
-            <refreshCredentials>true</refreshCredentials>
-            <testConnection>false</testConnection>
+            <refreshCredentials>{{ .Values.artifactory.persistence.awsS3.refreshCredentials }}</refreshCredentials>
+            <testConnection>{{ .Values.artifactory.persistence.awsS3.testConnection }}</testConnection>
             <httpsOnly>true</httpsOnly>
             <region>{{ .Values.artifactory.persistence.awsS3.region }}</region>
             <bucketName>{{ .Values.artifactory.persistence.awsS3.bucketName }}</bucketName>
diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml
index eb7a279ef..21e6496a6 100644
--- a/stable/artifactory-ha/values.yaml
+++ b/stable/artifactory-ha/values.yaml
@@ -156,6 +156,7 @@ artifactory:
     mountPath: "/var/opt/jfrog/artifactory"
     accessMode: ReadWriteOnce
     size: 200Gi
+    maxCacheSize: 50000000000
     ## artifactory data Persistent Volume Storage Class
     ## If defined, storageClassName: <storageClass>
     ## If set to "-", storageClassName: "", which disables dynamic provisioning
@@ -202,6 +203,8 @@ artifactory:
       identity:
       credential:
       path: "artifactory-ha/filestore"
+      refreshCredentials: true
+      testConnection: false
   service:
     name: artifactory
     type: ClusterIP

From 3fcebab24ba178609f723c5b1a0ebadeaed87184 Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Fri, 19 Oct 2018 11:58:28 -0400
Subject: [PATCH 09/14] Allow arbitrary properties when using the s3 binary
 store provider

This doesn't apply to the non-ha chart since it doesn't include a
binary store file
---
 stable/artifactory-ha/templates/artifactory-binarystore.yaml | 3 +++
 stable/artifactory-ha/values.yaml                            | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/stable/artifactory-ha/templates/artifactory-binarystore.yaml b/stable/artifactory-ha/templates/artifactory-binarystore.yaml
index 326a7f172..67aad03bb 100644
--- a/stable/artifactory-ha/templates/artifactory-binarystore.yaml
+++ b/stable/artifactory-ha/templates/artifactory-binarystore.yaml
@@ -143,6 +143,9 @@ data:
             <identity>{{ .Values.artifactory.persistence.awsS3.identity }}</identity>
             <credential>{{ .Values.artifactory.persistence.awsS3.credential }}</credential>
             <path>{{ .Values.artifactory.persistence.awsS3.path }}</path>
+            {{- range $key, $value := .Values.artifactory.persistence.awsS3.properties }}
+            <property name="{{ $key }}" value="{{ $value }}"/>
+            {{- end }}
         </provider>
     </config>
 {{- end }}
diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml
index 21e6496a6..790360b65 100644
--- a/stable/artifactory-ha/values.yaml
+++ b/stable/artifactory-ha/values.yaml
@@ -205,6 +205,9 @@ artifactory:
       path: "artifactory-ha/filestore"
       refreshCredentials: true
       testConnection: false
+      ## Additional properties to set on the s3 provider
+      properties: {}
+      #  httpclient.max-connections: 100
   service:
     name: artifactory
     type: ClusterIP

From c5ba6fe5555b8996739a0a7ff8749e78736c6666 Mon Sep 17 00:00:00 2001
From: Robbie deMuth <robbie.demuth@appian.com>
Date: Fri, 19 Oct 2018 14:40:50 -0400
Subject: [PATCH 10/14] Update chart version and changelog

---
 stable/artifactory-ha/CHANGELOG.md | 9 +++++++++
 stable/artifactory-ha/Chart.yaml   | 2 +-
 stable/artifactory/CHANGELOG.md    | 6 ++++++
 stable/artifactory/Chart.yaml      | 2 +-
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md
index 0f89fdba2..64d8a7037 100644
--- a/stable/artifactory-ha/CHANGELOG.md
+++ b/stable/artifactory-ha/CHANGELOG.md
@@ -1,6 +1,15 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.6.5] - Oct 19, 2018
+* Allow providing pre-existing secret containing master key
+* Allow arbitrary annotations on primary and member node pods
+* Enforce size limits when using local storage with `emptyDir`
+* Allow `soft` or `hard` specification of member node anti-affinity
+* Allow providing pre-existing secrets containing external database credentials
+* Fix `s3` binary store provider to properly use the `cache-fs` provider
+* Allow arbitrary properties when using the `s3` binary store provider
+
 ## [0.6.4] - Oct 18, 2018
 * Updated Artifactory version to 6.5.1
 
diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml
index 7e2de6018..083d65ea7 100644
--- a/stable/artifactory-ha/Chart.yaml
+++ b/stable/artifactory-ha/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory-ha
 home: https://www.jfrog.com/artifactory/
-version: 0.6.4
+version: 0.6.5
 appVersion: 6.5.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md
index 5e7a37bea..48c612171 100644
--- a/stable/artifactory/CHANGELOG.md
+++ b/stable/artifactory/CHANGELOG.md
@@ -1,6 +1,12 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [7.6.4] - Oct 19, 2018
+* Allow providing pre-existing secret containing master key
+* Allow arbitrary annotations on primary and member node pods
+* Enforce size limits when using local storage with `emptyDir`
+* Allow providing pre-existing secrets containing external database credentials
+
 ## [7.6.3] - Oct 18, 2018
 * Updated Artifactory version to 6.5.1
 
diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml
index 632a3dce9..d58f6caae 100644
--- a/stable/artifactory/Chart.yaml
+++ b/stable/artifactory/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory
 home: https://www.jfrog.com/artifactory/
-version: 7.6.3
+version: 7.6.4
 appVersion: 6.5.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.

From ea1c8429feb78ebc9403377a3859d0414a0d0866 Mon Sep 17 00:00:00 2001
From: Ken Brooks <kenneth.s.brooks@gmail.com>
Date: Fri, 19 Oct 2018 20:37:23 -0400
Subject: [PATCH 11/14] Version bump in CHANGELOG.md and Chart.yaml

---
 stable/artifactory-ha/CHANGELOG.md | 3 +++
 stable/artifactory-ha/Chart.yaml   | 2 +-
 stable/artifactory/CHANGELOG.md    | 3 +++
 stable/artifactory/Chart.yaml      | 2 +-
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md
index 0f89fdba2..b1c1526c4 100644
--- a/stable/artifactory-ha/CHANGELOG.md
+++ b/stable/artifactory-ha/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.6.5] - Oct 19, 2018
+* Updated ingress annotation support (with examples) to support docker registry v2
+
 ## [0.6.4] - Oct 18, 2018
 * Updated Artifactory version to 6.5.1
 
diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml
index 7e2de6018..083d65ea7 100644
--- a/stable/artifactory-ha/Chart.yaml
+++ b/stable/artifactory-ha/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory-ha
 home: https://www.jfrog.com/artifactory/
-version: 0.6.4
+version: 0.6.5
 appVersion: 6.5.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md
index 5e7a37bea..eb8e052de 100644
--- a/stable/artifactory/CHANGELOG.md
+++ b/stable/artifactory/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [7.6.4] - Oct 19, 2018
+* Updated ingress annotation support (with examples) to support docker registry v2
+
 ## [7.6.3] - Oct 18, 2018
 * Updated Artifactory version to 6.5.1
 
diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml
index 632a3dce9..d58f6caae 100644
--- a/stable/artifactory/Chart.yaml
+++ b/stable/artifactory/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory
 home: https://www.jfrog.com/artifactory/
-version: 7.6.3
+version: 7.6.4
 appVersion: 6.5.1
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.

From 1256a5ba9b1b940788c9000b30b2e6c7153477bf Mon Sep 17 00:00:00 2001
From: Eldad Assis <eldada@jfrog.com>
Date: Sun, 21 Oct 2018 19:24:14 +0300
Subject: [PATCH 12/14] Artifactory version 6.5.2

---
 stable/artifactory-ha/CHANGELOG.md | 3 +++
 stable/artifactory-ha/Chart.yaml   | 4 ++--
 stable/artifactory/CHANGELOG.md    | 3 +++
 stable/artifactory/Chart.yaml      | 4 ++--
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md
index 64d8a7037..32ff92fdc 100644
--- a/stable/artifactory-ha/CHANGELOG.md
+++ b/stable/artifactory-ha/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.6.6] - Oct 21, 2018
+* Updated Artifactory version to 6.5.2
+
 ## [0.6.5] - Oct 19, 2018
 * Allow providing pre-existing secret containing master key
 * Allow arbitrary annotations on primary and member node pods
diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml
index 083d65ea7..4c462e2e9 100644
--- a/stable/artifactory-ha/Chart.yaml
+++ b/stable/artifactory-ha/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: artifactory-ha
 home: https://www.jfrog.com/artifactory/
-version: 0.6.5
-appVersion: 6.5.1
+version: 0.6.6
+appVersion: 6.5.2
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
 keywords:
diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md
index 48c612171..6b58de9e0 100644
--- a/stable/artifactory/CHANGELOG.md
+++ b/stable/artifactory/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [7.6.5] - Oct 21, 2018
+* Updated Artifactory version to 6.5.2
+
 ## [7.6.4] - Oct 19, 2018
 * Allow providing pre-existing secret containing master key
 * Allow arbitrary annotations on primary and member node pods
diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml
index d58f6caae..45ba927f9 100644
--- a/stable/artifactory/Chart.yaml
+++ b/stable/artifactory/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: artifactory
 home: https://www.jfrog.com/artifactory/
-version: 7.6.4
-appVersion: 6.5.1
+version: 7.6.5
+appVersion: 6.5.2
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
 keywords:

From a5c8cfb351debac90b6d56ca066ad0383fe31518 Mon Sep 17 00:00:00 2001
From: Jainish Shah <Jainishshah@yahoo.com>
Date: Tue, 23 Oct 2018 10:48:26 -0700
Subject: [PATCH 13/14] Allow user to configure externalTrafficPolicy for
 Loadbalancer (#94)

* externalTrafficPolicy

* Adding DevOps keyword to charts
---
 stable/artifactory-ha/CHANGELOG.md                 | 3 +++
 stable/artifactory-ha/Chart.yaml                   | 3 ++-
 stable/artifactory-ha/README.md                    | 1 +
 stable/artifactory-ha/templates/nginx-service.yaml | 4 +++-
 stable/artifactory-ha/values.yaml                  | 2 ++
 stable/artifactory/CHANGELOG.md                    | 3 +++
 stable/artifactory/Chart.yaml                      | 3 ++-
 stable/artifactory/README.md                       | 1 +
 stable/artifactory/templates/nginx-service.yaml    | 4 +++-
 stable/artifactory/values.yaml                     | 2 ++
 10 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md
index 90943d4f2..17a20cb83 100644
--- a/stable/artifactory-ha/CHANGELOG.md
+++ b/stable/artifactory-ha/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.6.8] - Oct 22, 2018
+* Allow user to configure externalTrafficPolicy for Loadbalancer
+
 ## [0.6.7] - Oct 22, 2018
 * Updated ingress annotation support (with examples) to support docker registry v2
 
diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml
index 79a0b38f8..5a1d6e7a7 100644
--- a/stable/artifactory-ha/Chart.yaml
+++ b/stable/artifactory-ha/Chart.yaml
@@ -1,13 +1,14 @@
 apiVersion: v1
 name: artifactory-ha
 home: https://www.jfrog.com/artifactory/
-version: 0.6.7
+version: 0.6.8
 appVersion: 6.5.2
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
 keywords:
 - artifactory
 - jfrog
+- devops
 sources:
 - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
 - https://github.com/jfrog/charts
diff --git a/stable/artifactory-ha/README.md b/stable/artifactory-ha/README.md
index 269f5462f..b27ab79a9 100644
--- a/stable/artifactory-ha/README.md
+++ b/stable/artifactory-ha/README.md
@@ -436,6 +436,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `nginx.service.type`        | Nginx service type                | `LoadBalancer`                                         |
 | `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) |        |
 | `nginx.service.annotations` | Nginx service annotations           | `{}`                            |
+| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` |
 | `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx |                                 |
 | `nginx.externalPortHttp` | Nginx service external port            | `80`                            |
 | `nginx.internalPortHttp` | Nginx service internal port            | `80`                            |
diff --git a/stable/artifactory-ha/templates/nginx-service.yaml b/stable/artifactory-ha/templates/nginx-service.yaml
index ffc3c02fc..f8375d37c 100644
--- a/stable/artifactory-ha/templates/nginx-service.yaml
+++ b/stable/artifactory-ha/templates/nginx-service.yaml
@@ -19,7 +19,9 @@ spec:
   {{ if .Values.nginx.service.loadBalancerIP -}}
   loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}
   {{ end -}}
-  externalTrafficPolicy: Local
+  {{- if .Values.nginx.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }}
+  {{- end }}
 {{- end }}
 {{- if .Values.nginx.service.loadBalancerSourceRanges }}
   loadBalancerSourceRanges:
diff --git a/stable/artifactory-ha/values.yaml b/stable/artifactory-ha/values.yaml
index 790360b65..2507a6589 100644
--- a/stable/artifactory-ha/values.yaml
+++ b/stable/artifactory-ha/values.yaml
@@ -317,6 +317,8 @@ nginx:
     loadBalancerSourceRanges: []
     ## Provide static ip address
     loadBalancerIP:
+    ## There are two available options: “Cluster” (default) and “Local”.
+    externalTrafficPolicy: Cluster
   externalPortHttp: 80
   internalPortHttp: 80
   externalPortHttps: 443
diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md
index 0c109897b..8395f8854 100644
--- a/stable/artifactory/CHANGELOG.md
+++ b/stable/artifactory/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [7.6.7] - Oct 23, 2018
+* Allow user to configure externalTrafficPolicy for Loadbalancer
+
 ## [7.6.6] - Oct 22, 2018
 * Updated ingress annotation support (with examples) to support docker registry v2
 
diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml
index ed183a051..36085f22f 100644
--- a/stable/artifactory/Chart.yaml
+++ b/stable/artifactory/Chart.yaml
@@ -1,13 +1,14 @@
 apiVersion: v1
 name: artifactory
 home: https://www.jfrog.com/artifactory/
-version: 7.6.6
+version: 7.6.7
 appVersion: 6.5.2
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
 keywords:
 - artifactory
 - jfrog
+- devops
 sources:
 - https://bintray.com/jfrog/product/JFrog-Artifactory-Pro/view
 - https://github.com/jfrog/charts
diff --git a/stable/artifactory/README.md b/stable/artifactory/README.md
index 783e930a0..17b2c8da4 100644
--- a/stable/artifactory/README.md
+++ b/stable/artifactory/README.md
@@ -275,6 +275,7 @@ The following table lists the configurable parameters of the artifactory chart a
 | `nginx.image.pullPolicy`    | Container pull policy                   | `IfNotPresent`                                   |
 | `nginx.service.type`| Nginx service type | `LoadBalancer`                                                                |
 | `nginx.service.loadBalancerSourceRanges`| Nginx service array of IP CIDR ranges to whitelist (only when service type is LoadBalancer) |  |
+| `nginx.service.externalTrafficPolicy`| Nginx service desires to route external traffic to node-local or cluster-wide endpoints. | `Cluster` |
 | `nginx.loadBalancerIP`| Provide Static IP to configure with Nginx |                                                      |
 | `nginx.externalPortHttp` | Nginx service external port | `80`                                                            |
 | `nginx.internalPortHttp` | Nginx service internal port | `80`                                                            |
diff --git a/stable/artifactory/templates/nginx-service.yaml b/stable/artifactory/templates/nginx-service.yaml
index 268999d30..b6d2efcdf 100644
--- a/stable/artifactory/templates/nginx-service.yaml
+++ b/stable/artifactory/templates/nginx-service.yaml
@@ -19,7 +19,9 @@ spec:
   {{ if .Values.nginx.service.loadBalancerIP -}}
   loadBalancerIP: {{ .Values.nginx.service.loadBalancerIP }}
   {{ end -}}
-  externalTrafficPolicy: Local
+  {{- if .Values.nginx.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.nginx.service.externalTrafficPolicy }}
+  {{- end }}
 {{- end }}
 {{- if .Values.nginx.service.loadBalancerSourceRanges }}
   loadBalancerSourceRanges:
diff --git a/stable/artifactory/values.yaml b/stable/artifactory/values.yaml
index f39695e1c..3af9e0f39 100644
--- a/stable/artifactory/values.yaml
+++ b/stable/artifactory/values.yaml
@@ -177,6 +177,8 @@ nginx:
     annotations: {}
     ## Provide static ip address
     loadBalancerIP:
+    ## There are two available options: “Cluster” (default) and “Local”.
+    externalTrafficPolicy: Cluster
   externalPortHttp: 80
   internalPortHttp: 80
   externalPortHttps: 443

From 558eaaf71872c7c477b358e06019a01c8b43ef67 Mon Sep 17 00:00:00 2001
From: robbie-demuth <robbie.demuth@appian.com>
Date: Wed, 24 Oct 2018 15:34:16 -0400
Subject: [PATCH 14/14] Fix external database secret (#96)

* Fix providing external secret for database credentials
* Update chart version and changelog
---
 stable/artifactory-ha/CHANGELOG.md                  |  3 +++
 stable/artifactory-ha/Chart.yaml                    |  2 +-
 .../templates/artifactory-node-statefulset.yaml     | 13 +++++++++++++
 .../templates/artifactory-primary-statefulset.yaml  |  2 +-
 stable/artifactory/CHANGELOG.md                     |  3 +++
 stable/artifactory/Chart.yaml                       |  2 +-
 .../templates/artifactory-statefulset.yaml          |  2 +-
 7 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/stable/artifactory-ha/CHANGELOG.md b/stable/artifactory-ha/CHANGELOG.md
index 17a20cb83..cf80a661c 100644
--- a/stable/artifactory-ha/CHANGELOG.md
+++ b/stable/artifactory-ha/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory-ha Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.6.9] - Oct 23, 2018
+* Fix providing external secret for database credentials
+
 ## [0.6.8] - Oct 22, 2018
 * Allow user to configure externalTrafficPolicy for Loadbalancer
 
diff --git a/stable/artifactory-ha/Chart.yaml b/stable/artifactory-ha/Chart.yaml
index 5a1d6e7a7..ebbe0fecb 100644
--- a/stable/artifactory-ha/Chart.yaml
+++ b/stable/artifactory-ha/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory-ha
 home: https://www.jfrog.com/artifactory/
-version: 0.6.8
+version: 0.6.9
 appVersion: 6.5.2
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
diff --git a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
index 9e8082643..32a1134d1 100644
--- a/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-node-statefulset.yaml
@@ -113,6 +113,18 @@ spec:
           value: '{{ .Values.database.host }}'
         - name: DB_PORT
           value: '{{ .Values.database.port }}'
+      {{- if .Values.database.secrets }}
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.database.secrets.user.name }}
+              key: {{ .Values.database.secrets.user.key }}
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.database.secrets.password.name }}
+              key: {{ .Values.database.secrets.password.key }}
+      {{- else }}
         - name: DB_USER
           value: '{{ .Values.database.user }}'
         - name: DB_PASSWORD
@@ -120,6 +132,7 @@ spec:
             secretKeyRef:
               name: {{ template "artifactory-ha.fullname" . }}
               key: db-password
+      {{- end }}
       {{- end }}
         - name: EXTRA_JAVA_OPTIONS
           value: "
diff --git a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
index 262a5467d..86d4141ac 100644
--- a/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
+++ b/stable/artifactory-ha/templates/artifactory-primary-statefulset.yaml
@@ -121,7 +121,7 @@ spec:
           valueFrom:
             secretKeyRef:
               name: {{ .Values.database.secrets.user.name }}
-              key: {{ .Values.database.secrets.user.Key }}
+              key: {{ .Values.database.secrets.user.key }}
         - name: DB_PASSWORD
           valueFrom:
             secretKeyRef:
diff --git a/stable/artifactory/CHANGELOG.md b/stable/artifactory/CHANGELOG.md
index 8395f8854..3e01b5e29 100644
--- a/stable/artifactory/CHANGELOG.md
+++ b/stable/artifactory/CHANGELOG.md
@@ -1,6 +1,9 @@
 # JFrog Artifactory Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [7.6.8] - Oct 23, 2018
+* Fix providing external secret for database credentials
+
 ## [7.6.7] - Oct 23, 2018
 * Allow user to configure externalTrafficPolicy for Loadbalancer
 
diff --git a/stable/artifactory/Chart.yaml b/stable/artifactory/Chart.yaml
index 36085f22f..55cf7eebf 100644
--- a/stable/artifactory/Chart.yaml
+++ b/stable/artifactory/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: artifactory
 home: https://www.jfrog.com/artifactory/
-version: 7.6.7
+version: 7.6.8
 appVersion: 6.5.2
 description: Universal Repository Manager supporting all major packaging formats,
   build tools and CI servers.
diff --git a/stable/artifactory/templates/artifactory-statefulset.yaml b/stable/artifactory/templates/artifactory-statefulset.yaml
index 5ba099c0d..25c5b7b81 100644
--- a/stable/artifactory/templates/artifactory-statefulset.yaml
+++ b/stable/artifactory/templates/artifactory-statefulset.yaml
@@ -116,7 +116,7 @@ spec:
           valueFrom:
             secretKeyRef:
               name: {{ .Values.database.secrets.user.name }}
-              key: {{ .Values.database.secrets.user.Key }}
+              key: {{ .Values.database.secrets.user.key }}
         - name: DB_PASSWORD
           valueFrom:
             secretKeyRef: