Series
This is part of a series of JFrog blogs that will help guide you through installing their new Unified Platform.
General
https://github.com/jfrog/charts/tree/master/stable/artifactory-ha
Goal
- Install using helm 3
- Artifactory 7
- Google Cloud Storage (bucket) — artifacts
- Google SQL — application database
Example Diagram
Add repo
helm repo add jfrog https://charts.jfrog.io
Update repo
helm repo update
Google Cloud Storage
Go to https://console.cloud.google.com/storage/settings and click the Interoperability tab.
Storage → Settings
Scroll down and click Create a key. This will provide you with an Access key and Secret.
GCP_ID=[ACCESS_KEY]
GCP_KEY=[SECRET]
This will create a bucket called artifactory-ha.
Helm
--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.bucketName=artifactory-ha \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
Google SQL
Create a Google SQL PostgreSQL 11 database
Choose PostgreSQL.
Fill out the necessary fields.
I recommend you choose High availability (regional) for production environments.
Click Create.
Create a user
I created a user called artifactory-ha.
Create a database
I created a database called artifactory-ha.
Create a secret
Create a secret including your database username, password, and URL.
kubectl create secret generic artifactory-ha-db \
--from-literal=user=artifactory-ha \
--from-literal=password='${PASSWORD}' \
--from-literal=url=jdbc:postgresql://${POSTGRESQL_IP}:5432/artifactory-ha \
-n jfrog
Helm
--set postgresql.enabled=false \
--set database.type=postgresql \
--set database.driver=org.postgresql.Driver \
--set database.secrets.url.name=artifactory-ha-db \
--set database.secrets.url.key=url \
--set database.secrets.user.name=artifactory-ha-db \
--set database.secrets.user.key=user \
--set database.secrets.password.name=artifactory-ha-db \
--set database.secrets.password.key=password \
SSL Certificate
I use Cert-Manager to manage my SSL Certificates.
cat <<EOF | kubectl create -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: jfrog-your-domain-com-tls
namespace: jfrog
spec:
secretName: jfrog-your-domain-com-tls
commonName: jfrog.yourdomain.com
dnsNames:
- '*.jfrog.yourdomain.com'
issuerRef:
name: letsencrypt
kind: ClusterIssuer
EOF
Helm
--set nginx.tlsSecretName=your-domain-com-tls \
Master Key
Create master key
export MASTER_KEY=$(openssl rand -hex 32)
Helm
--set artifactory.masterKeySecretName=artifactory-ha-master-key \
Join Key
Create join key
export JOIN_KEY=$(openssl rand -hex 32)
Create secret
kubectl create secret generic artifactory-ha-join-key \
--from-literal=join-key=${JOIN_KEY} \
-n jfrog
Helm
--set artifactory.joinKeySecretName=artifactory-ha-join-key \
Nginx conf
Download my nginx config and update yourdomain.com to your domain.
wget https://raw.githubusercontent.com/itsmetommy/jfrog/master/artifactorty-ha/artifactory.conf
Create custom nginx configmap.
kubectl create configmap artifactory-ha-nginx-custom-artifactory-conf \
--from-file artifactory.conf \
-n jfrog
Helm
--set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-artifactory-conf \
Resources & Limits
Add recommended resources and limits
I’m using the values-large.yaml option as the recommended resources and limits. You can choose from values-small.yaml, values-medium.yaml or values-large.yaml.
Download values-large.yaml.
wget https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/values-large.yaml
Helm
-f values-large.yaml \
Install
Update the version.
helm install artifactory-ha \
--set initContainers.resources.requests.cpu="10m" \
--set initContainers.resources.limits.cpu="250m" \
--set initContainers.resources.requests.memory="64Mi" \
--set initContainers.resources.limits.memory="128Mi" \
--set nginx.resources.requests.cpu="100m" \
--set nginx.resources.limits.cpu="250m" \
--set nginx.resources.requests.memory="250Mi" \
--set nginx.resources.limits.memory="500Mi" \
--set postgresql.enabled=false \
--set database.type=postgresql \
--set database.driver=org.postgresql.Driver \
--set database.secrets.url.name=artifactory-ha-db \
--set database.secrets.url.key=url \
--set database.secrets.user.name=artifactory-ha-db \
--set database.secrets.user.key=user \
--set database.secrets.password.name=artifactory-ha-db \
--set database.secrets.password.key=password \
--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.bucketName=artifactory-ha \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
--set artifactory.masterKeySecretName=artifactory-ha-master-key \
--set artifactory.joinKeySecretName=artifactory-ha-join-key \
--set nginx.tlsSecretName=jfrog-salescloud-dev-sap-tls \
--set nginx.replicaCount=3 \
--set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-artifactory-conf \
-f values-large.yaml \
--namespace jfrog \
--version 2.4.10 \
jfrog/artifactory-ha
DNS
Add DNS entries from the artifactory-ha-nginx service external IP.
kubectl get svc artifactory-ha-nginx -n jfrog
- jfrog.yourdomain.com
- *.jfrog.yourdomain.com
Connect
open https://jfrog.yourdomain.com
Base URL
Update the base URL within the General Settings.
Administration → General → Settings
Custom Base URL: jfrog.yourdomain.com
License
The JFrog Platform uses License Buckets to manage large number of Artifactory services. License buckets are available for Enterprise+ license and require JFrog Mission Control.
I have an Enterprise license, so I will be adding it.
When brought to the below screen after login, skip this by clicking the X in the top right hand corner until you install Mission Control.
Check out my Mission Control blog.
Uninstall
helm uninstall artifactory-ha && sleep 90 && kubectl delete pvc -l app=artifactory-ha
Delete storage bucket and SQL database.
gsutil rm -r gs://artifactory-ha
gcloud sql instances delete artifactory-ha