For using the s3 configurations, create a secret by updating the bucket details. (Save this file as custom-binarystore.yaml) and then use the command “kubectl apply -f custom-binarystore.yaml”
Now, once all the values are in place, lets review the configurations along with the parameters used
# Prepare your custom Secret file (custom-binarystore.yaml) kind: Secret apiVersion: v1 metadata: name: custom-binarystore labels: app: artifactory chart: artifactory stringData: binarystore.xml: |- <?xml version="1.0" encoding="UTF-8"?> <config version="2"> <chain template="s3-storage-v3-direct" /> <provider id="s3-storage-v3" type="s3-storage-v3"> <testConnection>true</testConnection> <region>eu-north-1</region> <bucketName>bucket-name</bucketName> <path>artifactory</path> <endpoint>http://s3.amazonaws.com</endpoint> <useInstanceCredentials>true</useInstanceCredentials> <usePresigning>false</usePresigning> <maxConnections>200</maxConnections> <connectionTimeout>120000</connectionTimeout> <socketTimeout>240000</socketTimeout> <signatureExpirySeconds>300</signatureExpirySeconds> </provider> </config>
Now, once all the values are in place, lets review the configurations along with the parameters used
- ServiceAccount: At the time of installation, we need to create the serviceAccount using the role name created for connecting with the s3 bucket, so that the Artifactory pods will be able to connect to the s3. Hence, we have enabled the ServiceAccount.create=true and passed the IAM role arn under the annotation. Note that we need to pass the IAM role created in the above step 2 under “serviceAccount.annotations: eks.amazonaws.com/role-arn: <use the role arn created to access s3 bucket>” in values.yaml
- Under the artifactoryConf used under Nginx, the server name should be matching the DNS name of the certificates used with a regex pattern “server_name ~(?<repo>.+)\.test.eks.com test.eks.com”
- The “X-JFrog-Override-Base-Url” used as a proxy_set_header should be matching the “https” endpoint which uses the DNS name.
- Now pass the certificate arn on the parameter “service.beta.kubernetes.io/aws-load-balancer-ssl-cert”
- Finally, perform the helm installation.