When you deploy Artifactory with the default Nginx that comes with our Helm chart it by default creates an internet-facing load balancer which is restricted in most of the Kubernetes environments. In such cases, if you would like to deploy Artifactory using an external load balancer and an Ingress that only exposes the Artifactory service to your organization’s network, the following steps can be followed.
1. Set Up a Kubernetes Cluster
Create a Kubernetes cluster with any cloud provider. I have used EKS (AWS Kubernetes cluster). Also, make sure you have installed the kubectl service along with Helm (v3 preferred) on your system to execute the Kubernetes and Helm basic utility commands against the Kubernetes cluster.
2. Install Nginx-Ingress Controller
Install Nginx-Ingress Controller using the below commands (we can deploy nginx-ingress with the custom certificates. For more information, please refer to the Github page here)
$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo update
$ kubectl create ns nginx-ingress
$ helm upgrade --install nginx-ingress -n nginx-ingress ingress-nginx/ingress-nginx
3. Configure DNS to Point to Nginx-Ingress
Point the domain to an EXTERNAL_IP of Nginx-Ingress service
For example, create a DNS test.artifactory.com and point it to EXTERNAL_IP
## Command to get EXTERNAL_IP
kubectl get svc -n nginx-ingress nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
4. Create Secrets for Nginx Certificates
Create the secrets for the Nginx certificates using the below command & under the namespace where Artifactory would be deployed.
command:
$ kubectl create secret tls <secret name>--cert=/path to/tls.pem --key=/path to/tls.key -n artifactory
Example:
$ kubectl create secret tls nginx-tls --cert=/Users/admin/Documents/kubernetes/certs/tls.crt --key=/Users/admin/Documents/kubernetes/certs/tls.key -n artifactory
5. Deploy JFrog Artifactory with Custom Ingress Configuration
Install JFrog Artifactory using Helm Chart by adding the below ingress configuration to values.yaml file (we can add nginx.annotations as per the nginx-ingress standard. For more information about the Nginx ingress controller annotations please refer to Nginx annotation page here).
values.yaml
postgresql:
enabled: true
postgresqlPassword: <PASSWORD>
databaseUpgradeReady: true
unifiedUpgradeAllowed: true
artifactory:
masterKeySecretName: my-masterkey-secret
joinKeySecretName: my-joinkey-secret
license:
secret: artifactory-cluster-license
dataKey: art.lic
nginx:
enabled: false
ingress:
enabled: true
defaultBackend:
enabled: true
hosts:
- <nginx-ingress-svc-external-hostname or dns hostname>
routerPath: /
artifactoryPath: /artifactory/
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^/(v2)/token /artifactory/api/docker/null/v2/token;
rewrite ^/(v2)/([^\/]*)/(.*) /artifactory/api/docker/$2/$1/$3;
tls:
- secretName: nginx-tls
hosts:
- <nginx-ingress-svc-external-hostname or dns hostname>
## Command to install artifactory using helm chart
$ helm repo add jfrog-charts https://charts.jfrog.io
$ helm repo update
$ helm upgrade --install artifactory -f values.yaml jfrog-charts/artifactory
Once you have installed Artifactory wait for a couple of minutes till the status indicates the services to be healthy. Then, you should be able to access it via the defined domain name.
Example: https://jfrog.artifactory.com