Skip to content

Commit

Permalink
added examples to deploy 3-Node Artifactory Cluster with Distribution…
Browse files Browse the repository at this point in the history 
… and direct-S3 Persistence
  • Loading branch information
@ypan887
ypan887 committed Jan 2, 2025
1 parent 9248171 commit 7cc7946
Show file tree
Hide file tree
Showing 4 changed files with 260 additions and 0 deletions.
99 changes: 99 additions & 0 deletions examples/jfrog-platform/HA-with-distirbution-S3/readme.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
## 3-Node Artifactory Cluster with Distribution and direct-S3 Persistence

### Overall
| Product | Enabled |
|-------------|-------------|
| Artifactory ||
| xray ||
| distribution ||
| insight ||
| pipelines ||
| worker ||


### Artifactory
| Detail | Value |
|-------------|-------------|
| Replica | 3 |
| Database | External Postgres |
| Persistence | Default Storage Class + S3 |
| SSL ||
| Ingress ||
| Nginx Deployment ||
| UnifiedSecret ||
| Default Admin Credential ||
| Default Master Key ||
| Restriected Resources ||
| Private Registry ||


### Distribution

| Detail | Value |
|-------------|-------------|
| Replica | 2 |
| Database | Bundled Postgres |
| Persistence | Default Storage Class |
| External redis ||
| SSL ||
| UnifiedSecret ||
| Restriected Resources ||
| Private Registry ||


Note: This requires distribution chart 102.23.0+ to work, which comes default with platform chart 10.17.4+.


## Install

1. In values-main.yaml, add your Artifactory hostname as jfrogUrl.

2. To pull images from a private registry, create your own imagePullSecrets and fill in imagePullSecrets and imageRegistry in values-main.yaml:

$ kubectl create secret docker-registry regsecret --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

3. Passing secret:

If you want to change the secret name, remember to update the reference in values-main or values-artifactory

a. Master Key

$ kubectl create secret generic my-master-key --from-literal=master-key="$(openssl rand -hex 32)" -n <namespace>

b. Join Key

$ kubectl create secret generic my-join-key --from-literal=join-key="$(openssl rand -hex 32)" -n <namespace>

c. CA Certificate for SSL

Passing your own ca.crt for artifactory if needed for ssl configuration. See prerequisite for ca.crt. [here](https://jfrog.com/help/r/jfrog-installation-setup-documentation/prerequisites-for-custom-tls-certificate)

$ kubectl create secret tls my-cacert --cert=ca.crt --key=ca.private.key -n <namespace>

d. Default Admin Credentials

$ kubectl create secret generic my-admin --from-literal=bootstrap.creds="$(printf "%s@%s=%s" admin 127.0.0.1 password| base64 )" -n <namespace>

4. Fill in database details ( values-artifactory.yaml ). [See here for more details related to database.](https://jfrog.com/help/r/jfrog-installation-setup-documentation/database-configuration)

$ kubectl create secret generic my-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n <namespace>

5. Fill in awsS3V3 connection details. To use IAM roles, check [here](https://jfrog.com/help/r/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user)

6. Pull charts ( if you need to reference the suggested sizing paramerters ) and install


```
$ helm pull jfrog/jfrog-platform --untar
```


```
$ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
```

7. If you are installing on openshift, add values-openshift.yaml

```
$ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
```
91 changes: 91 additions & 0 deletions examples/jfrog-platform/HA-with-distirbution-S3/values-artifactory.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
artifactory:
ingress:
enabled: false
router:
tlsEnabled: true

artifactory:
name: artifactory
admin:
username: "admin"
password:
secret: my-admin
dataKey: bootstrap.creds

service:
name: artifactory

replicator:
enabled: false
ingress:
enabled: false

persistence:
enabled: true
accessMode: ReadWriteOnce
size: 200Gi
type: s3-storage-v3-direct
awsS3V3:
testConnection: false
identity: # required
credential: # required
region: # required
bucketName: artifactory-aws
path: artifactory/filestore
endpoint: # optional
port: # optional
maxConnections: 150 # optional

access:
enabled: true
accessConfig:
security:
tls: true

mc:
enabled: true

# Nginx
nginx:
enabled: true
labels: {}
service:
## For minikube, set this to NodePort, elsewhere use LoadBalancer
type: LoadBalancer
ssloffload: false
## For supporting whitelist on the Nginx LoadBalancer service
## Set this to a list of IP CIDR ranges
## Example: loadBalancerSourceRanges: ['10.10.10.5/32', '10.11.10.5/32']
## or pass from helm command line
## Example: helm install ... --set nginx.service.loadBalancerSourceRanges='{10.10.10.5/32,10.11.10.5/32}'
loadBalancerSourceRanges: []
## Assuming ssl terminiation at load balancer
## For example, on Eks , add annoation like
## service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:...
## service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
annotations: {}
## Provide static ip address
loadBalancerIP:

# chose your selector/affinities/toleration strategy based on actual need
nodeSelector: {}
tolerations: []
affinity: {}


postgresql:
enabled: false

database:
type: "postgresql"
driver: org.postgresql.Driver
secrets:
user:
name: "my-database"
key: "db-user"
password:
name: "my-database"
key: "db-password"
url:
name: "my-database"
key: "db-url"
46 changes: 46 additions & 0 deletions examples/jfrog-platform/HA-with-distirbution-S3/values-main.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
global:
imagePullSecrets:
- regsecret ## credential for your local registry
imageRegistry: releases-docker.jfrog.io ## local private registry
jfrogUrl: 'https://myjfrog.io' ## The artifactory host url
joinKeySecretName: my-join-key
masterKeySecretName: my-master-key
database:
initDBCreation: false

## This Postgresql is used by all products , set postgresql.enabled: false, when you want to use external postgresql for all products
postgresql:
enabled: false

## This Rabbitmq is used by Xray and Pipelines only, set rabbitmq.enabled: false, when Xray or Pipelines is not enabled
rabbitmq:
enabled: false

## This Redis is used by pipelines only, set redis.enabled: false, when pipelines is not enabled
redis:
enabled: false

artifactory:
enabled: true
artifactory:
replicaCount: 3

xray:
enabled: false

distribution:
enabled: true
unifiedUpgradeAllowed: true
distribution:
unifiedSecretInstallation: false
postgresql:
enabled: true

insight:
enabled: false

pipelines:
enabled: false

pdnServer:
enabled: false
24 changes: 24 additions & 0 deletions examples/jfrog-platform/HA-with-distirbution-S3/values-openshift.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
artifactory:
containerSecurityContext:
enabled: false
artifactory:
podSecurityContext:
enabled: false
nginx:
podSecurityContext:
enabled: false
containerSecurityContext:
enabled: false
distribution:
containerSecurityContext:
enabled: false
podSecurityContext:
enabled: false
redis:
containerSecurityContext:
enabled: false
postgresql:
securityContext:
enabled: false
containerSecurityContext:
enabled: false

0 comments on commit 7cc7946

Please sign in to comment.