Once the certificates and s3 buckets are created, let's construct the values yaml file as shown in the below example
Note: The important fields have been highlighted (in bold letters) above where the customized values need to be updated
In order to create the secrets for license, joinKey, masterKey refer to the instructions available here: https://jfrog.com/knowledge-base/artifactory-installation-quick-start-guide-helm/
serviceAccount:
create: true
name: artifactory
annotations:
eks.amazonaws.com/role-arn: <use the role arn created to access s3 bucket>
artifactory:
joinKeySecretName: joinkey-secret
masterKeySecretName: masterkey-secret
license:
secret: artifactory-cluster-license
dataKey: artifactory.txt
persistence:
enabled: true
accessMode: ReadWriteOnce
customBinarystoreXmlSecret: custom-binarystore
databaseUpgradeReady: true
nginx:
enabled: true
artifactoryConf: |
{{- if .Values.nginx.https.enabled }}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt;
ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
{{- end }}
## server configuration
server {
{{- if .Values.nginx.internalPortHttps }}
listen {{ .Values.nginx.internalPortHttps }} ssl;
{{- else -}}
{{- if .Values.nginx.https.enabled }}
listen {{ .Values.nginx.https.internalPort }} ssl;
{{- end }}
{{- end }}
{{- if .Values.nginx.internalPortHttp }}
listen {{ .Values.nginx.internalPortHttp }};
{{- else -}}
{{- if .Values.nginx.http.enabled }}
listen {{ .Values.nginx.http.internalPort }};
{{- end }}
{{- end }}
server_name ~(?<repo>.+)\.test.eks.com test.eks.com
{{- range .Values.ingress.hosts -}}
{{- if contains "." . -}}
{{ "" | indent 0 }} ~(?<repo>.+)\.{{ . }}
{{- end -}}
{{- end -}};
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory-access.log timing;
## error_log /var/log/nginx/artifactory-error.log;
rewrite ^/artifactory/?$ / redirect;
if ( $repo != "" ) {
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break;
}
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_ssl_server_name on;
proxy_read_timeout 2400;
proxy_send_timeout 2400;
proxy_pass_header Server;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_buffering off;
proxy_cookie_path ~*^/.* /;
proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/;
{{- if .Values.nginx.service.ssloffload}}
proxy_set_header X-JFrog-Override-Base-Url https://test.eks.com;
{{- else }}
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
{{- end }}
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Strict-Transport-Security always;
location /artifactory/ {
if ( $request_uri ~ ^/artifactory/(.*)$ ) {
proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1;
}
proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/;
}
}
}
http:
enabled: true
https:
enabled: true
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-internal: "false"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-north-1:XXXXXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
service.beta.kubernetes.io/aws-load-balancer-type: nlb
externalTrafficPolicy: Local
ssloffload: true
type: LoadBalancer
postgresql:
postgresqlPassword: password
unifiedUpgradeAllowed: true
Note: The important fields have been highlighted (in bold letters) above where the customized values need to be updated
In order to create the secrets for license, joinKey, masterKey refer to the instructions available here: https://jfrog.com/knowledge-base/artifactory-installation-quick-start-guide-helm/