Sometimes two things fit together so naturally, you sense they were built for each other. You might come to feel that way about IBM Cloud Private and JFrog Artifactory because, in important ways, it’s true.
IBM Cloud Private (ICP) and Artifactory are both built to facilitate containerization, the growing technology that makes it easy to develop and deploy cloud-native, scalable microservices. Artifactory empowers your cloud Devops pipeline for automation and ties it directly to Kubernetes, the container orchestrator at the heart of ICP’s architecture.
Snapping these pieces together is pretty easy. We’ll explain why you should, and provide some help to get you going.
ICP is built on K8s, but is a private cloud that runs on your own on-premises infrastructure with permissioned access, shielded behind your firewall. This provides a protected environment appropriate for sensitive data or compliance with a regulatory framework.
Artifactory can also add additional protection, securing your binaries by limiting access to credentialed users and, with XRay scanning, helps prevent code that’s vulnerable to attacks from being deployed.
In Artifactory, you can designate a repository to serve as a Docker registry for containers to be delivered to Kubernetes. But Artifactory does much more to robustly link K8s to your full DevOps pipeline.
As modern software development brings together building blocks of code sourced from many places, it’s vital to be able to trust in each. But components from package repositories like npm and Maven, other collaborators, or your own team can change often and unpredictably.
Artifactory provides a central home for all the binaries in your software supply chain, and stores metadata about each as they are built through your continuous integration and delivery (CI/CD) system. This helps ensure the artifacts moving through the many stages of your development pipeline are expected, compliant, and secure.
More than a conventional Docker registry, Artifactory is your comprehensive Kubernetes registry where you can fully trace content, dependencies, and relationships with other container images, along with the Helm charts that specify their K8s deployment. This empowers you with insight into and control of your entire container chain.
As your trusted source of binaries, Artifactory enables the frictionless DevOps that frees your organization to release new software fast, frequently, and safely.
With Artifactory Enterprise, you can configure your binary repositories for High Availability to provide five nines reliability and the assurance that your builds will always complete. This how-to demonstrates installing Artifactory HA, the version appropriate for enterprise-level work.
In the HA configuration, a redundant set of Artifactory servers runs in multiple pods within the ICP cluster. In this way, at least one instance of Artifactory will be available to serve requests even if one or more pods are blocked, crashed, or taken offline for service. This high reliability helps ensure zero downtime in even the most demanding of workloads.
Your installation will assign NGIX as its ingress controller, to optimally distribute requests to the Artifactory server nodes.
Installing Artifactory in IBM Cloud Private
Getting Artifactory set up and running on IBM Cloud Private is easily done through JFrog’s Helm chart. But there are some important things you need to do first.
Before You Start
Prepare for this installation of Artifactory to IBM Cloud Private by making sure you have these things ready:
- You must install and configure an IBM Cloud Private cluster. While either IBM Cloud Native or Enterprise editions should be used for production, the Community Edition can be successfully used for testing.
- As part of the installation, you must create a storage class that will dynamcially allocate a Persistent Volume. (For greater understanding of storage classes, see the Kubernetes documentation.)
- You must have the IBM Cloud CLI and tools installed.
- You will need an Artifactory Enterprise license to run the high-availability Artifactory configuration this procedure installs. For testing and evaluation purposes, you can request a set of 30-day trial licenses.
Steps to Follow
Once you have an IBM Cloud Private installation and the appropriate cluster environment configured, you can install Artifactory.
Step 1: Create an Image Policy
IBM Cloud Private includes a Container Image Security Enforcement feature that helps assure that container images deployed to an ICP cluster are permitted.
To successfully install Artifactory, you must create an image policy resource that identifies Artifactory as a permitted image.
- Create the file image_policy.yaml with the following content:
apiVersion: securityenforcement.admission.cloud.ibm.com/v1beta1 kind: ClusterImagePolicy metadata: name: artifactory spec: repositories: - name: docker.bintray.io/jfrog/* policy: va: enabled: false
- Run kubectl to create the image policy resource.
$ kubectl create -f image_policy.yaml
Step 2: Install Artifactory HA
A High Availability configuration of Artifactory can be installed into the ICP cluster from the JFrog Helm chart repository.
Because ICP is self-hosted, the ingress controller must be configured to expose the Artifactory service for external reference.
- Install and initialize Helm client:
# Initialize Helm client helm init --client-only
- Add the JFrog Helm chart repository:
# Add JFrog Helm chart repository helm repo add jfrog https://charts.jfrog.io
- Create a secret for your Artifactory credentials:
# Create Secret with SSL Certificate kubectl create secret tls artifactory-ha-tls --cert=path/to/tls.cert --key=path/to/tls.key
- Create an ingress-values.yaml file to use ingress to expose the Artifactory-ha service. The file should have the following content:
ingress: enabled: true defaultBackend: enabled: true hosts: - artifactory.jfrog.team annotations: ingress.kubernetes.io/proxy-body-size: "0" ingress.kubernetes.io/proxy-read-timeout: "600" ingress.kubernetes.io/proxy-send-timeout: "600" kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/configuration-snippet: | rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token; rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3; nginx.ingress.kubernetes.io/proxy-body-size: "0" tls: - secretName: artifactory-ha-tls hosts: - artifactory.jfrog.team # Nginx nginx: enabled: false
- Install Artifactory Enterprise using the Helm chart
# Install artifactory using helm chart helm install --name artifactory-ha -f ingress-values.yaml jfrog/artifactory-ha --tls
- When installation is complete, you can confirm and get further setup instruction by issuing the following command:
# Command to check status of helm artifactory-ha deployment helm status artifactory-ha
The status command will respond with instructions telling you how to:
- Set the master key or secret
- Extract the database password
- Get the Artifactory IP and URL
- Open Artifactory in your browser
- Activate Artifactory HA with licenses
- Install and initialize Helm client:
Give it a Try
WIth Artifactory successfully installed and activated in your IBM Cloud Private cluster, you can get started setting up your repositories and build integration with your chosen CI server. You’ll gain the assurance of delivering reliable, deterministic builds.
We’ve explored a few of the important ways Artifactory works naturally with IBM Cloud Private to fulfill the demands of enterprise-level Kubernetes. But there are many reasons for cloud DevOps to use Artifactory.
Give the installation procedures for ICP a try using a set of Artifactory trial licenses, and discover the many ways Artifactory can help you forge a trusted continuous delivery pipeline from code to cluster.