Categories
gcp JFrog Kubernetes

JFrog Artifactory HA on GKE with Google Cloud Storage & Google SQL

Series

This is part of a series of JFrog blogs that will help guide you through installing their new Unified Platform.

General

https://github.com/jfrog/charts/tree/master/stable/artifactory-ha

Goal

  • Install using helm 3
  • Artifactory 7
  • Google Cloud Storage (bucket) — artifacts
  • Google SQL — application database

Example Diagram

Add repo

helm repo add jfrog https://charts.jfrog.io

Update repo

helm repo update

Google Cloud Storage

Go to https://console.cloud.google.com/storage/settings and click the Interoperability tab.

StorageSettings

Scroll down and click Create a key. This will provide you with an Access key and Secret.

GCP_ID=[ACCESS_KEY]
GCP_KEY=[SECRET]

This will create a bucket called artifactory-ha.

Helm

--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.bucketName=artifactory-ha \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \

Google SQL

Create a Google SQL PostgreSQL 11 database

Choose PostgreSQL.

Fill out the necessary fields.

I recommend you choose High availability (regional) for production environments.

Click Create.

Create a user

I created a user called artifactory-ha.

Create a database

I created a database called artifactory-ha.

Create a secret

Create a secret including your database username, password, and URL.

kubectl create secret generic artifactory-ha-db \
  --from-literal=user=artifactory-ha \
  --from-literal=password='${PASSWORD}' \
  --from-literal=url=jdbc:postgresql://${POSTGRESQL_IP}:5432/artifactory-ha \
  -n jfrog

Helm

--set postgresql.enabled=false \
--set database.type=postgresql \
--set database.driver=org.postgresql.Driver \
--set database.secrets.url.name=artifactory-ha-db \
--set database.secrets.url.key=url \
--set database.secrets.user.name=artifactory-ha-db \
--set database.secrets.user.key=user \
--set database.secrets.password.name=artifactory-ha-db \
--set database.secrets.password.key=password \

SSL Certificate

I use Cert-Manager to manage my SSL Certificates.

cat <<EOF | kubectl create -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: jfrog-your-domain-com-tls
  namespace: jfrog
spec:
  secretName: jfrog-your-domain-com-tls
  commonName: jfrog.yourdomain.com
  dnsNames:
    - '*.jfrog.yourdomain.com'
issuerRef:
  name: letsencrypt
  kind: ClusterIssuer
EOF

Helm

--set nginx.tlsSecretName=your-domain-com-tls \

Master Key

Create master key

export MASTER_KEY=$(openssl rand -hex 32)

Helm

--set artifactory.masterKeySecretName=artifactory-ha-master-key \

Join Key

Create join key

export JOIN_KEY=$(openssl rand -hex 32)

Create secret

kubectl create secret generic artifactory-ha-join-key \
  --from-literal=join-key=${JOIN_KEY} \
  -n jfrog

Helm

--set artifactory.joinKeySecretName=artifactory-ha-join-key \

Nginx conf

Download my nginx config and update yourdomain.com to your domain.

wget https://raw.githubusercontent.com/itsmetommy/jfrog/master/artifactorty-ha/artifactory.conf

Create custom nginx configmap.

kubectl create configmap artifactory-ha-nginx-custom-artifactory-conf \
  --from-file artifactory.conf \
  -n jfrog

Helm

--set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-artifactory-conf \

Resources & Limits

Add recommended resources and limits

I’m using the values-large.yaml option as the recommended resources and limits. You can choose from values-small.yaml, values-medium.yaml or values-large.yaml.

Download values-large.yaml.

wget https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/values-large.yaml

Helm

-f values-large.yaml \

Install

Update the version.

helm install artifactory-ha \
  --set initContainers.resources.requests.cpu="10m" \
  --set initContainers.resources.limits.cpu="250m" \
  --set initContainers.resources.requests.memory="64Mi" \
  --set initContainers.resources.limits.memory="128Mi" \
  --set nginx.resources.requests.cpu="100m" \
  --set nginx.resources.limits.cpu="250m" \
  --set nginx.resources.requests.memory="250Mi" \
  --set nginx.resources.limits.memory="500Mi" \
  --set postgresql.enabled=false \
  --set database.type=postgresql \
  --set database.driver=org.postgresql.Driver \
  --set database.secrets.url.name=artifactory-ha-db \
  --set database.secrets.url.key=url \
  --set database.secrets.user.name=artifactory-ha-db \
  --set database.secrets.user.key=user \
  --set database.secrets.password.name=artifactory-ha-db \
  --set database.secrets.password.key=password \
  --set artifactory.persistence.type=google-storage \
  --set artifactory.persistence.googleStorage.bucketName=artifactory-ha \
  --set artifactory.persistence.googleStorage.identity=${GCP_ID} \
  --set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
  --set artifactory.masterKeySecretName=artifactory-ha-master-key \
  --set artifactory.joinKeySecretName=artifactory-ha-join-key \
  --set nginx.tlsSecretName=jfrog-salescloud-dev-sap-tls \
  --set nginx.replicaCount=3 \
  --set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-artifactory-conf \
  -f values-large.yaml \
  --namespace jfrog \
  --version 2.4.10 \
  jfrog/artifactory-ha

DNS

Add DNS entries from the artifactory-ha-nginx service external IP.

kubectl get svc artifactory-ha-nginx -n jfrog
  • jfrog.yourdomain.com
  • *.jfrog.yourdomain.com

Connect

open https://jfrog.yourdomain.com

Base URL

Update the base URL within the General Settings.

Administration → General → Settings

Custom Base URL: jfrog.yourdomain.com

License

https://www.jfrog.com/confluence/display/JFROG/Managing+Licenses#ManagingLicenses-LicenseBucketManagement

The JFrog Platform uses License Buckets to manage large number of Artifactory services. License buckets are available for Enterprise+ license and require JFrog Mission Control.

I have an Enterprise license, so I will be adding it.

When brought to the below screen after login, skip this by clicking the X in the top right hand corner until you install Mission Control.

Check out my Mission Control blog.

Uninstall

helm uninstall artifactory-ha && sleep 90 && kubectl delete pvc -l app=artifactory-ha

Delete storage bucket and SQL database.

gsutil rm -r gs://artifactory-ha
gcloud sql instances delete artifactory-ha

Comments