Guest Blog: Deploying JFrog Artifactory with Nutanix Karbon
Anyone working with containers and Kubernetes knows the value of a rock-solid container registry. We’ll show you how to deploy JFrog Artifactory Enterprise in a highly available configuration as a Kubernetes Docker registry with Nutanix Karbon.
This enterprise-grade Kubernetes Certified distribution by Nutanix simplifies the provisioning, operations and lifecycle management of Kubernetes with a native K8s experience. Karbon makes it simple to deploy a highly available Kubernetes cluster and operate web-scale workloads.
One of the most challenging aspects of any stateful K8s application is managing persistent storage. However, with Nutanix Karbon and integrated CSI Volume Driver, managing persistent storage is extremely simple. In this walk-through we’ll be using the default Storage Class created with every Karbon cluster deployment, which uses Nutanix Volumes on the backend.
Before You Start
We’ll be installing Artifactory Enterprise in HA mode via a Helm chart, so basic knowledge of Helm is recommended, but not required. If you’re just getting started with Helm, take a look at this Nutanix Community forum post which runs through using Tillerless Helm with Nutanix Karbon.
You’ll also need an Artifactory Enterprise license. If you haven’t purchased one, you can get a free trial of Artifactory, and be sure to select the “I want a multi-server trial…” checkbox for an Artifactory Enterprise setup.
The default Artifactory HA Helm chart installs an NGINX server, which utilizes the built-in LoadBalancer Kubernetes resource. For NGINX to be assigned an External IP, MetalLB in Layer 2 mode is required. To install MetalLB, first apply the MetalLB manifest, then create a Config Map with a pool of IP addresses available for MetalLB to hand out.
$ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.7.3/manifests/metallb.yaml> $ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.7.3/manifests/metallb.yaml $ cat metallb-config.yaml apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - 10.45.100.11-10.45.100.15 # Substitute your IPs here $ kubectl apply -f metallb-config.yaml
Steps to Follow
To deploy Artifactory on Nutanix and create a Kubernetes Docker registry for containers on Karbon, perform these procedures.
Deploy Artifactory
To start the Artifactory deployment, open up a terminal from a MacOS or Linux machine that has Helm installed. For more info, please see our Tillerless Helm on Karbon blog post. We’ll first initialize our tillerless helm, and then start the service.
$ helm init --client-only $ helm tiller start
Next, we’ll add the JFrog repo to helm, and then install Artifactory HA, with one simple command. Since every Karbon cluster has a default Storage Class based on Nutanix Volumes automatically created at cluster creation, there’s no need to configure storage, which typically is the most challenging aspect of K8s.
$ helm repo add jfrog https://charts.jfrog.io $ helm install --name artifactory-demo jfrog/artifactory-ha
Next, monitor the pods, services, and persistent volume claims. Ensure that all pods change to a Running state, the NGINX Service gets an External-IP, and all volume claims are Bound.
$ kubectl get pods NAME READY STATUS RESTARTS AGE artifactory-demo-artifactory-ha-member-0 1/1 Running 0 4m52s artifactory-demo-artifactory-ha-member-1 1/1 Running 0 2m14s artifactory-demo-artifactory-ha-primary-0 1/1 Running 0 4m52s artifactory-demo-nginx-548c7b744d-czngv 1/1 Running 0 4m52s artifactory-demo-postgresql-6f66bb8c8b-k5zkf 1/1 Running 0 4m52s $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE artifactory-demo-artifactory-ha ClusterIP 172.19.188.165 8081/TCP 4m52s artifactory-demo-artifactory-ha-primary ClusterIP 172.19.245.160 8081/TCP 4m52s artifactory-demo-nginx LoadBalancer 172.19.254.27 10.45.100.11 80:31895/TCP,443:30121/TCP 4m52s artifactory-demo-postgresql ClusterIP 172.19.101.143 5432/TCP 4m52s kubernetes ClusterIP 172.19.0.1 443/TCP 16m $ kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE artifactory-demo-postgresql Bound pvc-22558e21-4042-11e9-aafc-506b8d53468e 50Gi RWO default-storageclass 4m53s volume-artifactory-demo-artifactory-ha-member-0 Bound pvc-227e62e2-4042-11e9-aafc-506b8d53468e 200Gi RWO default-storageclass 4m52s volume-artifactory-demo-artifactory-ha-member-1 Bound pvc-80ca05f3-4042-11e9-aafc-506b8d53468e 200Gi RWO default-storageclass 2m14s volume-artifactory-demo-artifactory-ha-primary-0 Bound pvc-2282341f-4042-11e9-aafc-506b8d53468e 200Gi RWO default-storageclass 4m52s
Take note that all of the Persistent Volume Claims are created from our default Storage Class that gets created with every Karbon cluster. You’ll also see the matching Volumes in the Karbon UI:
You’ll note that the default size of the Persistent Volume Claims are 200GiB. If this is not enough for your environment, you have several options. One option is to set the size of the PVC to a larger number at deployment:
$ helm install --name artifactory-demo --set artifactory.persistence.size="1Ti" jfrog/artifactory-ha
Another option would be to add NFS storage, like Nutanix Files, or S3 compliant Object storage, like Nutanix Buckets. These are also set via helm settings, and can be defined before initial deployment or later with a helm upgrade command. For more information, please see the Artifactory storage section of the helm chart.
If for any reason you need to view the logs of a pod, in order to troubleshoot or verify configuration, you can do so with the following command.
$ kubectl logs | less
Once all of your pods are running, and PVCs are bound, you can access Artifactory HA via the LoadBalancer External IP listed above, or by running the following two commands.
$ export SERVICE_IP=$(kubectl get svc --namespace default artifactory-demo-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') $ echo https://$SERVICE_IP/
It is recommended that you add this IP to your company’s domain server.
Set Up Artifactory
Enter the domain name, or IP that was just gathered into a web browser, where you should see a “Welcome to JFrog Artifactory” message.
Click Next, where you’ll be prompted for your license keys.
Paste your keys in, and click next, where you’ll be prompted to set a new admin password.
After entering a strong password, click Next. Depending on your environment, a proxy server may be required to access the internet. If so, enter your proxy server information on the page that appears. If a proxy server is not required, click Skip.
On the next page, you have the option of selecting the package type(s) that you want repositories created for. Choose your package(s) and click Create.
Finally, you should get a notification stating “Artifactory on-boarding complete!” Click Finish to start using Artifactory.
Create the Kubernetes Docker registry
For each repository added in the previous step, you’ll find an entry in the Set Me Up box in the middle of the homepage. We’ll be walking through setting up docker, but for any other registry, we recommend starting here.
As an example, we’re going to walk through configuring Artifactory as a Kubernetes Docker registry for containers. If you did not add docker in the previous step, and wish to follow along, navigate to Admin > Repositories > Local, and then click the + New button in the upper right.
In order to use Artifactory as Docker registry it’s mandatory to use a Reverse Proxy. Luckily the default helm chart deploys an NGINX server that we can use. As outlined in ReverseProxyConfiguration.md , there are a couple of steps to take within Artifactory.
Navigate to Admin > Configuration > HTTP Settings, and change or fill in the following fields, leaving all others as default:
- Docker Access Method: Repository Path
- Reverse Proxy Server Provider: NGINX
- Internal Hostname: Name of the Artifactory Kubernetes Service, in my case artifactory-demo-artifactory-ha
HTTP Settings: Reverse Proxy SettingsClick Save, upon which the changes will automatically be pushed to the NGINX server. Back in your MacOS or Linux terminal, we’re going to push a Docker image to our new repository. In the event you do not have a local image, let’s pull one first.
$ docker pull python:3.5
Next, we’ll set a variable to make copy and pasting easier (be sure to substitute our hostname for your hostname or IP), and then log in to our new repository with docker login. At the password prompt, enter your Artifactory credentials from the previous step.
$ export ARTIFACTORY="jfrog.nutanix.com" $ docker login -u admin ${ARTIFACTORY} Password: Login Succeeded
Finally, we’ll tag our python image, and push our image to our Artifactory repository.
$ docker tag python:3.5 ${ARTIFACTORY}/docker/python:3.5 $ docker push ${ARTIFACTORY}/docker/python:3.5 The push refers to repository [jfrog.nutanix.com/docker/python] a83742433b45: Pushed 319fab820b58: Pushed 3c74ba240996: Pushed 526dede64623: Pushed 7de462056991: Pushed 3443d6cf0f1f: Pushed f3a38968d075: Pushed a327787b3c73: Pushed 5bb0785f2eee: Pushed 3.5: digest: sha256:4c257cd3a276806e90aacd7d470b361869178ee023613b2d942fdc292a3068b4 size: 2218
Back in the Artifactory UI, we should see our new image:
Summary
In this blog, we showed how easy it is to deploy Artifactory HA on Nutanix Karbon by utilizing JFrog’s Helm Chart and the built-in Nutanix CSI driver. We then stepped through an example use case of creating an Artifactory Docker Repository, and pushing a Docker image. However, Docker is just one type of dozens of different packages that Artifactory can manage. Thanks for your time today!