From 3f58b0d6e7e8ea5243336a9f5f1aa9d7ea59ed98 Mon Sep 17 00:00:00 2001 From: Paul Pan Date: Thu, 2 Jan 2025 14:28:43 -0800 Subject: [PATCH 1/4] added examples to deploy 3-Node Artifactory Cluster with Distribution and direct-S3 Persistence --- .../HA-with-distirbution-S3/readme.md | 99 +++++++++++++++++++ .../values-artifactory.yaml | 91 +++++++++++++++++ .../HA-with-distirbution-S3/values-main.yaml | 46 +++++++++ .../values-openshift.yaml | 24 +++++ 4 files changed, 260 insertions(+) create mode 100644 examples/jfrog-platform/HA-with-distirbution-S3/readme.md create mode 100644 examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml create mode 100644 examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml create mode 100644 examples/jfrog-platform/HA-with-distirbution-S3/values-openshift.yaml diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/readme.md b/examples/jfrog-platform/HA-with-distirbution-S3/readme.md new file mode 100644 index 000000000..5f8d8abac --- /dev/null +++ b/examples/jfrog-platform/HA-with-distirbution-S3/readme.md @@ -0,0 +1,99 @@ +## 3-Node Artifactory Cluster with Distribution and direct-S3 Persistence + +### Overall +| Product | Enabled | +|-------------|-------------| +| Artifactory | ✅ | +| xray | ❌ | +| distribution | ✅ | +| insight | ❌ | +| pipelines | ❌ | +| worker | ❌ | + + +### Artifactory +| Detail | Value | +|-------------|-------------| +| Replica | 3 | +| Database | External Postgres | +| Persistence | Default Storage Class + S3 | +| SSL | ✅ | +| Ingress | ❌ | +| Nginx Deployment | ❌ | +| UnifiedSecret | ✅ | +| Default Admin Credential | ❌ | +| Default Master Key | ❌ | +| Restriected Resources | ✅ | +| Private Registry | ✅ | + + +### Distribution + +| Detail | Value | +|-------------|-------------| +| Replica | 2 | +| Database | Bundled Postgres | +| Persistence | Default Storage Class | +| External redis | ❌ | +| SSL | ✅ | +| UnifiedSecret | ❌ | +| Restriected Resources | ✅ | +| Private Registry | ✅ | + + +Note: This requires distribution chart 102.23.0+ to work, which comes default with platform chart 10.17.4+. + + +## Install + +1. In values-main.yaml, add your Artifactory hostname as jfrogUrl. + +2. To pull images from a private registry, create your own imagePullSecrets and fill in imagePullSecrets and imageRegistry in values-main.yaml: + + $ kubectl create secret docker-registry regsecret --docker-server= --docker-username= --docker-password= --docker-email= + +3. Passing secret: + + If you want to change the secret name, remember to update the reference in values-main or values-artifactory + + a. Master Key + + $ kubectl create secret generic my-master-key --from-literal=master-key="$(openssl rand -hex 32)" -n + + b. Join Key + + $ kubectl create secret generic my-join-key --from-literal=join-key="$(openssl rand -hex 32)" -n + + c. CA Certificate for SSL + + Passing your own ca.crt for artifactory if needed for ssl configuration. See prerequisite for ca.crt. [here](https://jfrog.com/help/r/jfrog-installation-setup-documentation/prerequisites-for-custom-tls-certificate) + + $ kubectl create secret tls my-cacert --cert=ca.crt --key=ca.private.key -n + + d. Default Admin Credentials + + $ kubectl create secret generic my-admin --from-literal=bootstrap.creds="$(printf "%s@%s=%s" admin 127.0.0.1 password| base64 )" -n + +4. Fill in database details ( values-artifactory.yaml ). [See here for more details related to database.](https://jfrog.com/help/r/jfrog-installation-setup-documentation/database-configuration) + + $ kubectl create secret generic my-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n + +5. Fill in awsS3V3 connection details. To use IAM roles, check [here](https://jfrog.com/help/r/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user) + +6. Pull charts ( if you need to reference the suggested sizing paramerters ) and install + + +``` +$ helm pull jfrog/jfrog-platform --untar +``` + + +``` +$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml +``` + +7. If you are installing on openshift, add values-openshift.yaml + +``` +$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml +``` diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml b/examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml new file mode 100644 index 000000000..0ed015eb0 --- /dev/null +++ b/examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml @@ -0,0 +1,91 @@ +artifactory: + ingress: + enabled: false + router: + tlsEnabled: true + + artifactory: + name: artifactory + admin: + username: "admin" + password: + secret: my-admin + dataKey: bootstrap.creds + + service: + name: artifactory + + replicator: + enabled: false + ingress: + enabled: false + + persistence: + enabled: true + accessMode: ReadWriteOnce + size: 200Gi + type: s3-storage-v3-direct + awsS3V3: + testConnection: false + identity: # required + credential: # required + region: # required + bucketName: artifactory-aws + path: artifactory/filestore + endpoint: # optional + port: # optional + maxConnections: 150 # optional + + access: + enabled: true + accessConfig: + security: + tls: true + + mc: + enabled: true + + # Nginx + nginx: + enabled: true + labels: {} + service: + ## For minikube, set this to NodePort, elsewhere use LoadBalancer + type: LoadBalancer + ssloffload: false + ## For supporting whitelist on the Nginx LoadBalancer service + ## Set this to a list of IP CIDR ranges + ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32'] + ## or pass from helm command line + ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}' + loadBalancerSourceRanges: [] + ## Assuming ssl terminiation at load balancer + ## For example, on Eks , add annoation like + ## service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:... + ## service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + annotations: {} + ## Provide static ip address + loadBalancerIP: + + # chose your selector/affinities/toleration strategy based on actual need + nodeSelector: {} + tolerations: [] + affinity: {} + + + postgresql: + enabled: false + + database: + type: "postgresql" + driver: org.postgresql.Driver + secrets: + user: + name: "my-database" + key: "db-user" + password: + name: "my-database" + key: "db-password" + url: + name: "my-database" + key: "db-url" \ No newline at end of file diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml b/examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml new file mode 100644 index 000000000..71877b15b --- /dev/null +++ b/examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml @@ -0,0 +1,46 @@ +global: + imagePullSecrets: + - regsecret ## credential for your local registry + imageRegistry: releases-docker.jfrog.io ## local private registry + jfrogUrl: 'https://myjfrog.io' ## The artifactory host url + joinKeySecretName: my-join-key + masterKeySecretName: my-master-key + database: + initDBCreation: false + +## This Postgresql is used by all products , set postgresql.enabled: false, when you want to use external postgresql for all products +postgresql: + enabled: false + +## This Rabbitmq is used by Xray and Pipelines only, set rabbitmq.enabled: false, when Xray or Pipelines is not enabled +rabbitmq: + enabled: false + +## This Redis is used by pipelines only, set redis.enabled: false, when pipelines is not enabled +redis: + enabled: false + +artifactory: + enabled: true + artifactory: + replicaCount: 3 + +xray: + enabled: false + +distribution: + enabled: true + unifiedUpgradeAllowed: true + distribution: + unifiedSecretInstallation: false + postgresql: + enabled: true + +insight: + enabled: false + +pipelines: + enabled: false + +pdnServer: + enabled: false \ No newline at end of file diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/values-openshift.yaml b/examples/jfrog-platform/HA-with-distirbution-S3/values-openshift.yaml new file mode 100644 index 000000000..dd75046fa --- /dev/null +++ b/examples/jfrog-platform/HA-with-distirbution-S3/values-openshift.yaml @@ -0,0 +1,24 @@ +artifactory: + containerSecurityContext: + enabled: false + artifactory: + podSecurityContext: + enabled: false + nginx: + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false +distribution: + containerSecurityContext: + enabled: false + podSecurityContext: + enabled: false + redis: + containerSecurityContext: + enabled: false + postgresql: + securityContext: + enabled: false + containerSecurityContext: + enabled: false \ No newline at end of file From 9b7c678807f0292e4c94558704729712f8c80933 Mon Sep 17 00:00:00 2001 From: Paul Pan Date: Mon, 6 Jan 2025 14:52:02 -0800 Subject: [PATCH 2/4] Update the examples based on the suggestions provided. Use an external database whenever possible, and ensure all information is passed securely using secrets. --- .../HA-with-distribution-S3/binarystore.xml | 22 +++++++++++++++++ .../readme.md | 24 ++++++++++++------- .../values-artifactory.yaml | 16 ++----------- .../values-distribution.yaml | 16 +++++++++++++ .../values-main.yaml | 5 ---- .../values-openshift.yaml | 0 6 files changed, 55 insertions(+), 28 deletions(-) create mode 100644 examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml rename examples/jfrog-platform/{HA-with-distirbution-S3 => HA-with-distribution-S3}/readme.md (68%) rename examples/jfrog-platform/{HA-with-distirbution-S3 => HA-with-distribution-S3}/values-artifactory.yaml (76%) create mode 100644 examples/jfrog-platform/HA-with-distribution-S3/values-distribution.yaml rename examples/jfrog-platform/{HA-with-distirbution-S3 => HA-with-distribution-S3}/values-main.yaml (94%) rename examples/jfrog-platform/{HA-with-distirbution-S3 => HA-with-distribution-S3}/values-openshift.yaml (100%) diff --git a/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml b/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml new file mode 100644 index 000000000..1d1a1d8d8 --- /dev/null +++ b/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml @@ -0,0 +1,22 @@ + + + + + + + + s3.amazonaws.com + bucketName + pathPrefix + s3Region + yourIdentity + yourCredentials + true + 600 + 50 + 10000 + + + 5000000000 + + \ No newline at end of file diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/readme.md b/examples/jfrog-platform/HA-with-distribution-S3/readme.md similarity index 68% rename from examples/jfrog-platform/HA-with-distirbution-S3/readme.md rename to examples/jfrog-platform/HA-with-distribution-S3/readme.md index 5f8d8abac..c9f3b12a5 100644 --- a/examples/jfrog-platform/HA-with-distirbution-S3/readme.md +++ b/examples/jfrog-platform/HA-with-distribution-S3/readme.md @@ -1,4 +1,4 @@ -## 3-Node Artifactory Cluster with Distribution and direct-S3 Persistence +## 3-Node Artifactory Cluster with Distribution and direct-S3 Provider ### Overall | Product | Enabled | @@ -19,11 +19,11 @@ | Persistence | Default Storage Class + S3 | | SSL | ✅ | | Ingress | ❌ | -| Nginx Deployment | ❌ | +| Nginx Deployment | ✅ | | UnifiedSecret | ✅ | -| Default Admin Credential | ❌ | +| Non-Default Admin Credential | ✅ | | Default Master Key | ❌ | -| Restriected Resources | ✅ | +| Sizing Parameters | artifactory-xlarge | | Private Registry | ✅ | @@ -32,12 +32,12 @@ | Detail | Value | |-------------|-------------| | Replica | 2 | -| Database | Bundled Postgres | +| Database | External Postgres | | Persistence | Default Storage Class | | External redis | ❌ | | SSL | ✅ | | UnifiedSecret | ❌ | -| Restriected Resources | ✅ | +| Sizing Parameters | distribution-xlarge | | Private Registry | ✅ | @@ -77,23 +77,29 @@ Note: This requires distribution chart 102.23.0+ to work, which comes default wi 4. Fill in database details ( values-artifactory.yaml ). [See here for more details related to database.](https://jfrog.com/help/r/jfrog-installation-setup-documentation/database-configuration) $ kubectl create secret generic my-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n + $ kubectl create secret generic my-distribution-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n -5. Fill in awsS3V3 connection details. To use IAM roles, check [here](https://jfrog.com/help/r/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user) +5. Create the binarystore.xml secrect or pull the values from environment variables. + + $ kubectl create secret generic my-binarystore --from-file=binarystore.xml + + To use IAM roles, check [here](https://jfrog.com/help/r/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user) 6. Pull charts ( if you need to reference the suggested sizing paramerters ) and install ``` +$ helm repo update $ helm pull jfrog/jfrog-platform --untar ``` ``` -$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml +$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml ``` 7. If you are installing on openshift, add values-openshift.yaml ``` -$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml +$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml ``` diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml b/examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml similarity index 76% rename from examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml rename to examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml index 0ed015eb0..1e99dc2c3 100644 --- a/examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml +++ b/examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml @@ -7,8 +7,6 @@ artifactory: artifactory: name: artifactory admin: - username: "admin" - password: secret: my-admin dataKey: bootstrap.creds @@ -23,18 +21,8 @@ artifactory: persistence: enabled: true accessMode: ReadWriteOnce - size: 200Gi - type: s3-storage-v3-direct - awsS3V3: - testConnection: false - identity: # required - credential: # required - region: # required - bucketName: artifactory-aws - path: artifactory/filestore - endpoint: # optional - port: # optional - maxConnections: 150 # optional + size: 100Gi + customBinarystoreXmlSecret: my-binarystore access: enabled: true diff --git a/examples/jfrog-platform/HA-with-distribution-S3/values-distribution.yaml b/examples/jfrog-platform/HA-with-distribution-S3/values-distribution.yaml new file mode 100644 index 000000000..ad6c43cdf --- /dev/null +++ b/examples/jfrog-platform/HA-with-distribution-S3/values-distribution.yaml @@ -0,0 +1,16 @@ +distribution: + postgresql: + enabled: false + database: + type: "postgresql" + driver: org.postgresql.Driver + secrets: + user: + name: "my-distribution-database" + key: "db-user" + password: + name: "my-distribution-database" + key: "db-password" + url: + name: "my-distribution-database" + key: "db-url" \ No newline at end of file diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml b/examples/jfrog-platform/HA-with-distribution-S3/values-main.yaml similarity index 94% rename from examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml rename to examples/jfrog-platform/HA-with-distribution-S3/values-main.yaml index 71877b15b..9fc078044 100644 --- a/examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml +++ b/examples/jfrog-platform/HA-with-distribution-S3/values-main.yaml @@ -33,14 +33,9 @@ distribution: unifiedUpgradeAllowed: true distribution: unifiedSecretInstallation: false - postgresql: - enabled: true insight: enabled: false pipelines: - enabled: false - -pdnServer: enabled: false \ No newline at end of file diff --git a/examples/jfrog-platform/HA-with-distirbution-S3/values-openshift.yaml b/examples/jfrog-platform/HA-with-distribution-S3/values-openshift.yaml similarity index 100% rename from examples/jfrog-platform/HA-with-distirbution-S3/values-openshift.yaml rename to examples/jfrog-platform/HA-with-distribution-S3/values-openshift.yaml From b928c35abaee75e533234f183dc34bd113a5b09f Mon Sep 17 00:00:00 2001 From: Paul Pan Date: Mon, 6 Jan 2025 14:52:02 -0800 Subject: [PATCH 3/4] Update the examples based on the suggestions provided. Use an external database whenever possible, and ensure all information is passed securely using secrets. --- examples/jfrog-platform/HA-with-distribution-S3/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/jfrog-platform/HA-with-distribution-S3/readme.md b/examples/jfrog-platform/HA-with-distribution-S3/readme.md index c9f3b12a5..b1c606d82 100644 --- a/examples/jfrog-platform/HA-with-distribution-S3/readme.md +++ b/examples/jfrog-platform/HA-with-distribution-S3/readme.md @@ -79,7 +79,7 @@ Note: This requires distribution chart 102.23.0+ to work, which comes default wi $ kubectl create secret generic my-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n $ kubectl create secret generic my-distribution-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n -5. Create the binarystore.xml secrect or pull the values from environment variables. +5. Create the binarystore.xml secret or pull the values from environment variables. $ kubectl create secret generic my-binarystore --from-file=binarystore.xml From 0fe2b9a6398c0b04805cf342b6bdcfff6323df80 Mon Sep 17 00:00:00 2001 From: Paul Pan Date: Thu, 9 Jan 2025 15:19:21 -0800 Subject: [PATCH 4/4] - Added code block for all commands - Updated S3 example to use IAM role - Modified OpenShift notes - Explained the use of sizing files --- .../HA-with-distribution-S3/binarystore.xml | 3 +- .../HA-with-distribution-S3/readme.md | 73 ++++++++++++------- .../values-artifactory.yaml | 5 ++ 3 files changed, 54 insertions(+), 27 deletions(-) diff --git a/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml b/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml index 1d1a1d8d8..e880457ce 100644 --- a/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml +++ b/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml @@ -8,13 +8,12 @@ s3.amazonaws.com bucketName pathPrefix - s3Region - yourIdentity yourCredentials true 600 50 10000 + true 5000000000 diff --git a/examples/jfrog-platform/HA-with-distribution-S3/readme.md b/examples/jfrog-platform/HA-with-distribution-S3/readme.md index b1c606d82..419a75e50 100644 --- a/examples/jfrog-platform/HA-with-distribution-S3/readme.md +++ b/examples/jfrog-platform/HA-with-distribution-S3/readme.md @@ -34,72 +34,95 @@ | Replica | 2 | | Database | External Postgres | | Persistence | Default Storage Class | -| External redis | ❌ | +| External Redis | ❌ | | SSL | ✅ | | UnifiedSecret | ❌ | | Sizing Parameters | distribution-xlarge | | Private Registry | ✅ | - -Note: This requires distribution chart 102.23.0+ to work, which comes default with platform chart 10.17.4+. - - ## Install -1. In values-main.yaml, add your Artifactory hostname as jfrogUrl. +1. In `values-main.yaml`, add your Artifactory hostname as `jfrogUrl`. -2. To pull images from a private registry, create your own imagePullSecrets and fill in imagePullSecrets and imageRegistry in values-main.yaml: - +2. To pull images from a private registry, create your own `imagePullSecrets` and fill in `imagePullSecrets` and `imageRegistry` in `values-main.yaml`: + + ``` $ kubectl create secret docker-registry regsecret --docker-server= --docker-username= --docker-password= --docker-email= + ``` 3. Passing secret: - If you want to change the secret name, remember to update the reference in values-main or values-artifactory + If you want to change the secret name, remember to update the reference in `values-main.yaml` or `values-artifactory.yaml` a. Master Key + ``` $ kubectl create secret generic my-master-key --from-literal=master-key="$(openssl rand -hex 32)" -n + ``` b. Join Key + ``` $ kubectl create secret generic my-join-key --from-literal=join-key="$(openssl rand -hex 32)" -n + ``` c. CA Certificate for SSL - Passing your own ca.crt for artifactory if needed for ssl configuration. See prerequisite for ca.crt. [here](https://jfrog.com/help/r/jfrog-installation-setup-documentation/prerequisites-for-custom-tls-certificate) + Passing your own `ca.crt` for artifactory if needed for ssl configuration. See prerequisite for `ca.crt`. [here](https://jfrog.com/help/r/jfrog-installation-setup-documentation/prerequisites-for-custom-tls-certificate) + ``` $ kubectl create secret tls my-cacert --cert=ca.crt --key=ca.private.key -n + ``` d. Default Admin Credentials + ``` $ kubectl create secret generic my-admin --from-literal=bootstrap.creds="$(printf "%s@%s=%s" admin 127.0.0.1 password| base64 )" -n + ``` -4. Fill in database details ( values-artifactory.yaml ). [See here for more details related to database.](https://jfrog.com/help/r/jfrog-installation-setup-documentation/database-configuration) +4. Fill in database details ( `values-artifactory.yaml` ). [See here for more details related to database.](https://jfrog.com/help/r/jfrog-installation-setup-documentation/database-configuration) + ``` $ kubectl create secret generic my-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n $ kubectl create secret generic my-distribution-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n + ``` -5. Create the binarystore.xml secret or pull the values from environment variables. +5. Create the `binarystore.xml` secret or pull the values from environment variables. + ``` $ kubectl create secret generic my-binarystore --from-file=binarystore.xml + ``` - To use IAM roles, check [here](https://jfrog.com/help/r/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user) + [Create an IAM role with `AmazonS3FullAccess` permission](https://jfrog.com/help/r/active/artifactory-connect-artifactory-to-s3-bucket-with-iam-role) + + Associate an IAM role to the service account in `values-artifactory.yaml` by specifying the ARN: -6. Pull charts ( if you need to reference the suggested sizing paramerters ) and install + ``` + serviceAccount: + create: true + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam:::role/ + ``` +6. Pull charts ( if you need to reference the suggested sizing paramerters ) and install -``` -$ helm repo update -$ helm pull jfrog/jfrog-platform --untar -``` + In this example, we are going to reference the baseline xlarge sizing parameters for our Artifactory and Distribution release. To do so, first pull and untar the chart. You may skip these steps and add/create your own sizing parameter YAML. + + See more details regarding the baseline sizing parameters [here](https://jfrog.com/help/r/jfrog-platform-reference-architecture/jfrog-platform-reference-architecture) + ``` + $ helm repo update + $ helm pull jfrog/jfrog-platform --untar + ``` -``` -$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml -``` + ``` + $ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml + ``` -7. If you are installing on openshift, add values-openshift.yaml +7. If installing on OpenShift, add values-openshift.yaml: -``` -$ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml -``` + ``` + $ helm install jfrog/jfrog-platform -n -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml + ``` + +Note: To install on OpenShift out-of-the-box, you need Distribution chart 102.23.0+, so the minimum platform chart version is 10.17.4+. \ No newline at end of file diff --git a/examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml b/examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml index 1e99dc2c3..2141faa35 100644 --- a/examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml +++ b/examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml @@ -17,6 +17,11 @@ artifactory: enabled: false ingress: enabled: false + + serviceAccount: + create: true + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam:::role/ persistence: enabled: true