Setting up Artifactory deployed with Helm to connect in an encrypted manner can be challenging In this guide we will introduce a simple and straightforward manner to setup Artifactory to connect to an encrypted external AWS RDS postgres server. 1. First, we will need to download the certificates chain from the AWS official site according to your AWS RDS region:After downloading, you can rename the .pem file to .crt. (No need to convert the certificate format to .der) You can view the certificate chain using the following command:
keytool -printcert -v -file global-bundle.pem OR simply: cat global-bundle.pem
2. Create a secret containing the certificate:
kubectl create secret generic new-cert --from-file=./server.crt -n <NAMESPACE>
3. Below is an example snippet that includes the necessary settings for a secure connection.
This should be included as part of your values.yaml:
postgresql: # Disabling the default creation of Postgresql locally in the cluster.
enabled: false
artifactory:
customCertificates: # Mounting a certificate
enabled: true
certificateSecretName: new-cert
database:
url: 'jdbc:postgresql://<RDS-Server>:5432/artifactory?sslmode=verify-full&sslrootcert=/var/opt/jfrog/artifactory/etc/security/keys/trusted/server.crt'
driver: org.postgresql.Driver
type: postgresql
user: artifactory
password: password (Make sure to create the Helm deployment in the same namespace of the secret).
In case of encountering an error: “Your collation seems to have changed” following a DB upgrade or migration, you can follow the steps in this article to fix it: https://jfrog.com/help/r/artifactory-how-to-fix-your-collation-seems-to-have-changed-error/artifactory-how-to-fix-your-collation-seems-to-have-changed-error
You're welcome to reach out to JFrog Support for more information.