Series
This is part of a series of JFrog blogs that will help guide you through installing their new Unified Platform.
General
https://github.com/jfrog/charts/tree/master/stable/artifactory-ha
Goal
- Install using helm 3
- Artifactory 7
- Google Cloud Storage (bucket) — artifacts
- Google SQL — application database
Example Diagram

Add repo
helm repo add jfrog https://charts.jfrog.io
Update repo
helm repo update
Google Cloud Storage
Go to https://console.cloud.google.com/storage/settings and click the Interoperability tab.
Storage → Settings

Scroll down and click Create a key. This will provide you with an Access key and Secret.

GCP_ID=[ACCESS_KEY] GCP_KEY=[SECRET]
This will create a bucket called artifactory-ha.
Helm
--set artifactory.persistence.type=google-storage \ --set artifactory.persistence.googleStorage.bucketName=artifactory-ha \ --set artifactory.persistence.googleStorage.identity=${GCP_ID} \ --set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
Google SQL
Create a Google SQL PostgreSQL 11 database

Choose PostgreSQL.

Fill out the necessary fields.

I recommend you choose High availability (regional) for production environments.

Click Create.

Create a user
I created a user called artifactory-ha.

Create a database
I created a database called artifactory-ha.

Create a secret
Create a secret including your database username, password, and URL.
kubectl create secret generic artifactory-ha-db \ --from-literal=user=artifactory-ha \ --from-literal=password='${PASSWORD}' \ --from-literal=url=jdbc:postgresql://${POSTGRESQL_IP}:5432/artifactory-ha \ -n jfrog
Helm
--set postgresql.enabled=false \ --set database.type=postgresql \ --set database.driver=org.postgresql.Driver \ --set database.secrets.url.name=artifactory-ha-db \ --set database.secrets.url.key=url \ --set database.secrets.user.name=artifactory-ha-db \ --set database.secrets.user.key=user \ --set database.secrets.password.name=artifactory-ha-db \ --set database.secrets.password.key=password \
SSL Certificate
I use Cert-Manager to manage my SSL Certificates.
cat <<EOF | kubectl create -f - apiVersion: certmanager.k8s.io/v1alpha1 kind: Certificate metadata: name: jfrog-your-domain-com-tls namespace: jfrog spec: secretName: jfrog-your-domain-com-tls commonName: jfrog.yourdomain.com dnsNames: - '*.jfrog.yourdomain.com' issuerRef: name: letsencrypt kind: ClusterIssuer EOF
Helm
--set nginx.tlsSecretName=your-domain-com-tls \
Master Key
Create master key
export MASTER_KEY=$(openssl rand -hex 32)
Helm
--set artifactory.masterKeySecretName=artifactory-ha-master-key \
Join Key
Create join key
export JOIN_KEY=$(openssl rand -hex 32)
Create secret
kubectl create secret generic artifactory-ha-join-key \ --from-literal=join-key=${JOIN_KEY} \ -n jfrog
Helm
--set artifactory.joinKeySecretName=artifactory-ha-join-key \
Nginx conf
Download my nginx config and update yourdomain.com to your domain.
wget https://raw.githubusercontent.com/itsmetommy/jfrog/master/artifactorty-ha/artifactory.conf
Create custom nginx configmap.
kubectl create configmap artifactory-ha-nginx-custom-artifactory-conf \ --from-file artifactory.conf \ -n jfrog
Helm
--set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-artifactory-conf \
Resources & Limits
Add recommended resources and limits
I’m using the values-large.yaml option as the recommended resources and limits. You can choose from values-small.yaml, values-medium.yaml or values-large.yaml.
Download values-large.yaml.
wget https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/values-large.yaml
Helm
-f values-large.yaml \
Install
Update the version.
helm install artifactory-ha \ --set initContainers.resources.requests.cpu="10m" \ --set initContainers.resources.limits.cpu="250m" \ --set initContainers.resources.requests.memory="64Mi" \ --set initContainers.resources.limits.memory="128Mi" \ --set nginx.resources.requests.cpu="100m" \ --set nginx.resources.limits.cpu="250m" \ --set nginx.resources.requests.memory="250Mi" \ --set nginx.resources.limits.memory="500Mi" \ --set postgresql.enabled=false \ --set database.type=postgresql \ --set database.driver=org.postgresql.Driver \ --set database.secrets.url.name=artifactory-ha-db \ --set database.secrets.url.key=url \ --set database.secrets.user.name=artifactory-ha-db \ --set database.secrets.user.key=user \ --set database.secrets.password.name=artifactory-ha-db \ --set database.secrets.password.key=password \ --set artifactory.persistence.type=google-storage \ --set artifactory.persistence.googleStorage.bucketName=artifactory-ha \ --set artifactory.persistence.googleStorage.identity=${GCP_ID} \ --set artifactory.persistence.googleStorage.credential=${GCP_KEY} \ --set artifactory.masterKeySecretName=artifactory-ha-master-key \ --set artifactory.joinKeySecretName=artifactory-ha-join-key \ --set nginx.tlsSecretName=jfrog-salescloud-dev-sap-tls \ --set nginx.replicaCount=3 \ --set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-artifactory-conf \ -f values-large.yaml \ --namespace jfrog \ --version 2.4.10 \ jfrog/artifactory-ha
DNS
Add DNS entries from the artifactory-ha-nginx service external IP.
kubectl get svc artifactory-ha-nginx -n jfrog
- jfrog.yourdomain.com
- *.jfrog.yourdomain.com
Connect
open https://jfrog.yourdomain.com

Base URL
Update the base URL within the General Settings.
Administration → General → Settings
Custom Base URL: jfrog.yourdomain.com

License
The JFrog Platform uses License Buckets to manage large number of Artifactory services. License buckets are available for Enterprise+ license and require JFrog Mission Control.
I have an Enterprise license, so I will be adding it.
When brought to the below screen after login, skip this by clicking the X in the top right hand corner until you install Mission Control.

Check out my Mission Control blog.
Uninstall
helm uninstall artifactory-ha && sleep 90 && kubectl delete pvc -l app=artifactory-ha
Delete storage bucket and SQL database.
gsutil rm -r gs://artifactory-ha gcloud sql instances delete artifactory-ha