Categories
gcp JFrog Kubernetes

JFrog Artifactory HA Edge on GKE with Google Cloud Storage & Google SQL

Series

This is part of a series of JFrog blogs that will help guide you through installing their new Unified Platform.

General

https://github.com/jfrog/charts/tree/master/stable/artifactory-ha

Installing Edge is the exact same steps as installing Artifactory. The only difference is the license.

Add repo

helm repo add jfrog https://charts.jfrog.io

Update repo

helm repo update

Google Cloud Storage

Go to https://console.cloud.google.com/storage/settings and click the Interoperability tab.

Storage → Settings

Scroll down and click Create a key. This will provide you with an Access key and Secret.

GCP_ID=[ACCESS_KEY]
GCP_KEY=[SECRET]

This will create a bucket called artifactory-ha-edge.

Helm

--set artifactory.persistence.type=google-storage \
--set artifactory.persistence.googleStorage.bucketName=artifactory-ha-edge \
--set artifactory.persistence.googleStorage.identity=${GCP_ID} \
--set artifactory.persistence.googleStorage.credential=${GCP_KEY} \

Google SQL

Create a Google PostgreSQL 11 database with a user and database named artifactory-ha-edge.

Create a secret

Create a secret including your database username, password, and URL.

kubectl create secret generic artifactory-ha-edge-db \
  --from-literal=user=artifactory-ha-edge \
  --from-literal=password='${PASSWORD}' \
  --from-literal=url=jdbc:postgresql://${POSTGRESQL_IP}:5432/artifactory-ha-edge \
  -n jfrog

Helm

--set postgresql.enabled=false \
--set database.type=postgresql \
--set database.driver=org.postgresql.Driver \
--set database.secrets.url.name=artifactory-ha-edge-db \
--set database.secrets.url.key=url \
--set database.secrets.user.name=artifactory-ha-edge-db \
--set database.secrets.user.key=user \
--set database.secrets.password.name=artifactory-ha-edge-db \
--set database.secrets.password.key=password \

SSL Certificate

I use Cert-Manager to manage my SSL Certificates.

cat <<EOF | kubectl create -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: edge-your-domain-com-tls
  namespace: jfrog
spec:
  secretName: edge-your-domain-com-tls
  commonName: edge.yourdomain.com
  dnsNames:
    - '*.edge.yourdomain.com'
issuerRef:
  name: letsencrypt
  kind: ClusterIssuer
EOF

Helm

--set nginx.tlsSecretName=edge-your-domain-com-tls \

Master Key

Create master key

export MASTER_KEY=$(openssl rand -hex 32)

Helm

--set artifactory.masterKeySecretName=artifactory-ha-edge-master-key \

Join Key

You should be using the same join key as Artifactroy HA. In my case, the secret has already been generated within the same namespace, so there is no reason for me to create another one.

Helm

--set artifactory.joinKeySecretName=artifactory-ha-join-key \

Nginx conf

Download my nginx config and update yourdomain.com to your domain.

wget https://raw.githubusercontent.com/itsmetommy/jfrog/master/artifactory-ha-edge/artifacory.conf

Create custom nginx configmap.

kubectl create configmap artifactory-ha-nginx-custom-edge-artifactory-conf \
  --from-file artifactory.conf \
  -n jfrog

Helm

--set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-edge-artifactory-conf \

Resources & Limits

Add recommended resources and limits

I’m using the values-large.yaml option as the recommended resources and limits. You can choose from values-small.yaml, values-medium.yaml or values-large.yaml.

Download values-large.yaml.

wget https://raw.githubusercontent.com/jfrog/charts/master/stable/artifactory-ha/values-large.yaml

Helm

-f values-large.yaml \

Install

Update the version.

helm install artifactory-ha-edge \
  --set initContainers.resources.requests.cpu="10m" \
  --set initContainers.resources.limits.cpu="250m" \
  --set initContainers.resources.requests.memory="64Mi" \
  --set initContainers.resources.limits.memory="128Mi" \
  --set nginx.resources.requests.cpu="100m" \
  --set nginx.resources.limits.cpu="250m" \
  --set nginx.resources.requests.memory="250Mi" \
  --set nginx.resources.limits.memory="500Mi" \
  --set postgresql.enabled=false \
  --set database.type=postgresql \
  --set database.driver=org.postgresql.Driver \
  --set database.secrets.url.name=artifactory-ha-edge-db \
  --set database.secrets.url.key=url \
  --set database.secrets.user.name=artifactory-ha-edge-db \
  --set database.secrets.user.key=user \
  --set database.secrets.password.name=artifactory-ha-edge-db \
  --set database.secrets.password.key=password \
  --set artifactory.persistence.type=google-storage \
  --set artifactory.persistence.googleStorage.bucketName=artifactory-ha-edge \
  --set artifactory.persistence.googleStorage.identity=${GCP_ID} \
  --set artifactory.persistence.googleStorage.credential=${GCP_KEY} \
  --set artifactory.masterKeySecretName=artifactory-ha-edge-master-key \
  --set artifactory.joinKeySecretName=artifactory-ha-join-key \
  --set nginx.tlsSecretName=edge-salescloud-dev-sap-tls \
  --set nginx.replicaCount=3 \
  --set nginx.customArtifactoryConfigMap=artifactory-ha-nginx-custom-edge-artifactory-conf \
  -f values-large.yaml \
  --namespace jfrog \
  --version 2.4.10 \
  jfrog/artifactory-ha

DNS

Add DNS entries from the artifactory-ha-edge-nginx service external IP.

kubectl get svc artifactory-ha-edge-nginx -n jfrog
  • edge.yourdomain.com
  • *.edge.yourdomain.com

Connect

open https://edge.yourdomain.com

Add License

Go to jfrog.yourdomain.com

Go to Artifactory.

Administration tab → Platform Deployments → + Register Platform Deployment

Go to edge.yourdomain.com

Go to Edge and get the Join Key.

Go back to jfrog.yourdomain.com

Go to Artifactory and enter in the details of your Edge instance.

Now that you’ve added your Edge instance, attach the license.

Add the Edge License Bucket: Administration → License Buckets → + Add New Bucket.

Attach the licenses: Administration → License → Click the down arrow within the EDGE license → Attach License.

Choose the number of licenses you’d like to add and click Attach License.

Go to edge.yourdomain.com

Go to your Edge instance and confirm that the licenses have been added.

Administration → Licenses → Licenses.

Uninstall

helm uninstall artifactory-ha-edge -n jfrog && \
  sleep 90 && \
  for h in `kubectl get pvc -l app=artifactory-ha -n jfrog | grep volume-artifactory-ha-edge | awk '{print $1}'`;do kubectl delete pvc $h -n jfrog;done

gsutil rm -r gs://[BUCKET_NAME]
gcloud sql instances delete [INSTANCE_NAME]
Comments