[examples] Platform chart with 3-Node Artifactory with Distribution and direct-S3 Persistence

examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml

@@ -0,0 +1,21 @@
+<config version="2">
+   <chain>
+        <provider id="cache-fs" type="cache-fs">
+            <provider id="s3-storage-v3" type="s3-storage-v3"/>
+        </provider>
+   </chain>
+   <provider id="s3-storage-v3" type="s3-storage-v3">
+       <endpoint>s3.amazonaws.com</endpoint>
+       <bucketName>bucketName</bucketName>
+       <path>pathPrefix</path>
+       <credential>yourCredentials</credential>
+       <usePresigning>true</usePresigning>
+       <signatureExpirySeconds>600</signatureExpirySeconds>
+       <maxConnections>50</maxConnections>
+       <connectionTimeout>10000</connectionTimeout>
+       <useInstanceCredentials>true</useInstanceCredentials>
+   </provider>
+   <provider type="cache-fs" id="cache-fs">
+       <maxCacheSize>5000000000</maxCacheSize>
+   </provider>
+</config>

examples/jfrog-platform/HA-with-distribution-S3/readme.md

@@ -0,0 +1,128 @@
+## 3-Node Artifactory Cluster with Distribution and direct-S3 Provider
+
+### Overall
+| Product   | Enabled   |
+|-------------|-------------|
+| Artifactory      | ✅      |
+| xray | ❌ |
+| distribution | ✅ |
+| insight | ❌ |
+| pipelines | ❌ |
+| worker | ❌ |
+
+
+### Artifactory
+| Detail   | Value    |
+|-------------|-------------|
+| Replica      | 3      |
+| Database | External Postgres |
+| Persistence | Default Storage Class + S3 |
+| SSL | ✅ |
+| Ingress | ❌ |
+| Nginx Deployment | ✅ |
+| UnifiedSecret | ✅ |
+| Non-Default Admin Credential | ✅ |
+| Default Master Key |  ❌ |
+| Sizing Parameters | artifactory-xlarge |
+| Private Registry | ✅ |
+
+
+### Distribution
+
+| Detail   | Value    |
+|-------------|-------------|
+| Replica      | 2       |
+| Database | External Postgres |
+| Persistence | Default Storage Class |
+| External Redis | ❌ |
+| SSL | ✅ |
+| UnifiedSecret | ❌ |
+| Sizing Parameters | distribution-xlarge |
+| Private Registry | ✅ |
+
+## Install
+
+1. In `values-main.yaml`, add your Artifactory hostname as `jfrogUrl`.
+
+2. To pull images from a private registry, create your own `imagePullSecrets` and fill in `imagePullSecrets` and `imageRegistry` in `values-main.yaml`:
+
+  ``` 
+  $ kubectl create secret docker-registry regsecret --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
+  ```
+
+3. Passing secret: 
+
+  If you want to change the secret name, remember to update the reference in `values-main.yaml` or `values-artifactory.yaml`
+
+  a. Master Key
+
+  ```
+  $ kubectl create secret generic my-master-key --from-literal=master-key="$(openssl rand -hex 32)" -n <namespace>
+  ```
+
+  b. Join Key
+
+  ```
+  $ kubectl create secret generic my-join-key --from-literal=join-key="$(openssl rand -hex 32)" -n <namespace>
+  ```
+
+  c. CA Certificate for SSL
+
+  Passing your own `ca.crt` for artifactory if needed for ssl configuration. See prerequisite for `ca.crt`. [here](https://jfrog.com/help/r/jfrog-installation-setup-documentation/prerequisites-for-custom-tls-certificate) 
+
+  ``` 
+  $ kubectl create secret tls my-cacert --cert=ca.crt --key=ca.private.key -n <namespace>
+  ```
+
+  d. Default Admin Credentials
+
+  ```
+  $ kubectl create secret generic my-admin --from-literal=bootstrap.creds="$(printf "%s@%s=%s" admin 127.0.0.1 password| base64 )" -n <namespace>
+  ```
+
+4. Fill in database details ( `values-artifactory.yaml` ). [See here for more details related to database.](https://jfrog.com/help/r/jfrog-installation-setup-documentation/database-configuration)
+
+  ```
+  $ kubectl create secret generic my-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n <namespace>
+  $ kubectl create secret generic my-distribution-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n <namespace>
+  ```
+
+5. Create the `binarystore.xml` secret or pull the values from environment variables. 
+
+   ```
+   $  kubectl create secret generic my-binarystore --from-file=binarystore.xml
+   ```
+
+   [Create an IAM role with `AmazonS3FullAccess` permission](https://jfrog.com/help/r/active/artifactory-connect-artifactory-to-s3-bucket-with-iam-role)
+
+   Associate an IAM role to the service account in `values-artifactory.yaml` by specifying the ARN:
+
+   ```
+   serviceAccount:
+    create: true
+    annotations:
+      eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
+   ```
+
+6. Pull charts ( if you need to reference the suggested sizing paramerters ) and install 
+
+  In this example, we are going to reference the baseline xlarge sizing parameters for our Artifactory and Distribution release. To do so, first pull and untar the chart. You may skip these steps and add/create your own sizing parameter YAML.
+
+  See more details regarding the baseline sizing parameters [here](https://jfrog.com/help/r/jfrog-platform-reference-architecture/jfrog-platform-reference-architecture)
+
+  ```
+  $ helm repo update
+  $ helm pull jfrog/jfrog-platform --untar
+  ```
+
+  ```
+  $ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
+  ```
+
+7. If installing on OpenShift, add values-openshift.yaml:
+
+  ```
+  $ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
+  ```
+
+Note: To install on OpenShift out-of-the-box, you need Distribution chart 102.23.0+, so the minimum platform chart version is 10.17.4+.

examples/jfrog-platform/HA-with-distribution-S3/values-artifactory.yaml

@@ -0,0 +1,84 @@
+artifactory:
+  ingress:
+    enabled: false
+  router:
+    tlsEnabled: true
+
+  artifactory:
+    name: artifactory
+    admin:
+      secret: my-admin
+      dataKey: bootstrap.creds
+
+    service:
+      name: artifactory
+
+    replicator:
+      enabled: false
+      ingress:
+        enabled: false
+
+    serviceAccount:
+      create: true
+      annotations:
+        eks.amazonaws.com/role-arn: arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
+
+    persistence:
+      enabled: true
+      accessMode: ReadWriteOnce
+      size: 100Gi
+      customBinarystoreXmlSecret: my-binarystore
+
+  access:
+    enabled: true
+    accessConfig:
+      security:
+        tls: true
+
+  mc:
+    enabled: true
+
+  # Nginx
+  nginx:
+    enabled: true
+    labels: {}
+    service:
+      ## For minikube, set this to NodePort, elsewhere use LoadBalancer
+      type: LoadBalancer
+      ssloffload: false
+      ## For supporting whitelist on the Nginx LoadBalancer service
+      ## Set this to a list of IP CIDR ranges
+      ## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
+      ## or pass from helm command line
+      ## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}'
+      loadBalancerSourceRanges: []
+      ## Assuming ssl terminiation at load balancer
+      ## For example, on Eks , add annoation like 
+      ## service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...
+      ## service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
+      annotations: {}
+      ## Provide static ip address
+      loadBalancerIP:
+
+  # chose your selector/affinities/toleration strategy based on actual need 
+    nodeSelector: {}
+    tolerations: []
+    affinity: {}
+
+
+  postgresql:
+    enabled: false
+
+  database:
+    type: "postgresql"
+    driver: org.postgresql.Driver
+    secrets: 
+      user:
+        name: "my-database"
+        key: "db-user"
+      password:
+        name: "my-database"
+        key: "db-password"
+      url:
+        name: "my-database"
+        key: "db-url"

examples/jfrog-platform/HA-with-distribution-S3/values-distribution.yaml

@@ -0,0 +1,16 @@
+distribution:
+  postgresql:
+    enabled: false
+  database:
+    type: "postgresql"
+    driver: org.postgresql.Driver
+    secrets: 
+      user:
+        name: "my-distribution-database"
+        key: "db-user"
+      password:
+        name: "my-distribution-database"
+        key: "db-password"
+      url:
+        name: "my-distribution-database"
+        key: "db-url"

examples/jfrog-platform/HA-with-distribution-S3/values-main.yaml

@@ -0,0 +1,41 @@
+global:
+  imagePullSecrets:
+     - regsecret              ## credential for your local registry
+  imageRegistry: releases-docker.jfrog.io   ## local private registry
+  jfrogUrl: 'https://myjfrog.io'            ## The artifactory host url
+  joinKeySecretName: my-join-key
+  masterKeySecretName: my-master-key
+  database:
+    initDBCreation: false
+
+## This Postgresql is used by all products , set postgresql.enabled: false, when you want to use external postgresql for all products
+postgresql:
+  enabled: false
+
+## This Rabbitmq is used by Xray and Pipelines only, set rabbitmq.enabled: false, when Xray or Pipelines is not enabled
+rabbitmq:
+  enabled: false
+
+## This Redis is used by pipelines only, set redis.enabled: false, when pipelines is not enabled
+redis:
+  enabled: false
+
+artifactory:
+  enabled: true
+  artifactory:
+    replicaCount: 3
+
+xray:
+  enabled: false
+
+distribution:
+  enabled: true
+  unifiedUpgradeAllowed: true
+  distribution:
+    unifiedSecretInstallation: false
+
+insight:
+  enabled: false
+
+pipelines:
+  enabled: false

examples/jfrog-platform/HA-with-distribution-S3/values-openshift.yaml

@@ -0,0 +1,24 @@
+artifactory:
+  containerSecurityContext:
+    enabled: false
+  artifactory:
+    podSecurityContext: 
+      enabled: false
+  nginx:
+    podSecurityContext:
+      enabled: false
+    containerSecurityContext:
+      enabled: false
+distribution:
+  containerSecurityContext:
+    enabled: false
+  podSecurityContext:
+    enabled: false
+  redis:
+    containerSecurityContext:
+      enabled: false
+  postgresql:
+    securityContext:
+      enabled: false
+    containerSecurityContext:
+      enabled: false