Once the certificates and s3 buckets are created, let's construct the values yaml file as shown in the below example
Note: The important fields have been highlighted (in bold letters) above where the customized values need to be updated
In order to create the secrets for license, joinKey, masterKey refer to the instructions available here: https://jfrog.com/knowledge-base/artifactory-installation-quick-start-guide-helm/
serviceAccount: create: true name: artifactory annotations: eks.amazonaws.com/role-arn: <use the role arn created to access s3 bucket> artifactory: joinKeySecretName: joinkey-secret masterKeySecretName: masterkey-secret license: secret: artifactory-cluster-license dataKey: artifactory.txt persistence: enabled: true accessMode: ReadWriteOnce customBinarystoreXmlSecret: custom-binarystore databaseUpgradeReady: true nginx: enabled: true artifactoryConf: | {{- if .Values.nginx.https.enabled }} ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; ssl_session_cache shared:SSL:1m; ssl_prefer_server_ciphers on; {{- end }} ## server configuration server { {{- if .Values.nginx.internalPortHttps }} listen {{ .Values.nginx.internalPortHttps }} ssl; {{- else -}} {{- if .Values.nginx.https.enabled }} listen {{ .Values.nginx.https.internalPort }} ssl; {{- end }} {{- end }} {{- if .Values.nginx.internalPortHttp }} listen {{ .Values.nginx.internalPortHttp }}; {{- else -}} {{- if .Values.nginx.http.enabled }} listen {{ .Values.nginx.http.internalPort }}; {{- end }} {{- end }} server_name ~(?<repo>.+)\.test.eks.com test.eks.com {{- range .Values.ingress.hosts -}} {{- if contains "." . -}} {{ "" | indent 0 }} ~(?<repo>.+)\.{{ . }} {{- end -}} {{- end -}}; if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } ## Application specific logs ## access_log /var/log/nginx/artifactory-access.log timing; ## error_log /var/log/nginx/artifactory-error.log; rewrite ^/artifactory/?$ / redirect; if ( $repo != "" ) { rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break; } chunked_transfer_encoding on; client_max_body_size 0; location / { proxy_ssl_server_name on; proxy_read_timeout 2400; proxy_send_timeout 2400; proxy_pass_header Server; proxy_request_buffering off; proxy_http_version 1.1; proxy_buffering off; proxy_cookie_path ~*^/.* /; proxy_pass {{ include "artifactory.scheme" . }}://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalPort }}/; {{- if .Values.nginx.service.ssloffload}} proxy_set_header X-JFrog-Override-Base-Url https://test.eks.com; {{- else }} proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; proxy_set_header X-Forwarded-Port $server_port; {{- end }} proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security always; location /artifactory/ { if ( $request_uri ~ ^/artifactory/(.*)$ ) { proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/$1; } proxy_pass http://{{ include "artifactory.fullname" . }}:{{ .Values.artifactory.externalArtifactoryPort }}/artifactory/; } } } http: enabled: true https: enabled: true service: annotations: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" service.beta.kubernetes.io/aws-load-balancer-internal: "false" service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-north-1:XXXXXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https service.beta.kubernetes.io/aws-load-balancer-type: nlb externalTrafficPolicy: Local ssloffload: true type: LoadBalancer postgresql: postgresqlPassword: password unifiedUpgradeAllowed: true
Note: The important fields have been highlighted (in bold letters) above where the customized values need to be updated
In order to create the secrets for license, joinKey, masterKey refer to the instructions available here: https://jfrog.com/knowledge-base/artifactory-installation-quick-start-guide-helm/