Step 4:

ARTIFACTORY: Installation Quick Start Guide - Artifactory on EKS with NLB, S3 bucket and configure subdomain docker access method
AuthorFullName__c
Vignesh Surendrababu
articleNumber
000005553
ft:sourceType
Salesforce
FirstPublishedDate
2023-01-17T09:45:17Z
lastModifiedDate
2023-01-22T11:10:58Z
VersionNumber
3
For using the s3 configurations, create a secret by updating the bucket details. (Save this file as custom-binarystore.yaml) and then use the command “kubectl apply -f custom-binarystore.yaml” 
# Prepare your custom Secret file (custom-binarystore.yaml)
kind: Secret
apiVersion: v1
metadata:
 name: custom-binarystore
 labels:
   app: artifactory
   chart: artifactory
stringData:
 binarystore.xml: |-
   <?xml version="1.0" encoding="UTF-8"?>
   <config version="2">
     <chain template="s3-storage-v3-direct" />
     <provider id="s3-storage-v3" type="s3-storage-v3">
         <testConnection>true</testConnection>
         <region>eu-north-1</region>
         <bucketName>bucket-name</bucketName>
         <path>artifactory</path>
         <endpoint>http://s3.amazonaws.com</endpoint>
         <useInstanceCredentials>true</useInstanceCredentials>
         <usePresigning>false</usePresigning>
         <maxConnections>200</maxConnections>
         <connectionTimeout>120000</connectionTimeout>
         <socketTimeout>240000</socketTimeout>
         <signatureExpirySeconds>300</signatureExpirySeconds>
     </provider>
   </config>

Now, once all the values are in place, lets review the configurations along with the parameters used
  1. ServiceAccount: At the time of installation, we need to create the serviceAccount using the role name created for connecting with the s3 bucket, so that the Artifactory pods will be able to connect to the s3. Hence, we have enabled the ServiceAccount.create=true and passed the IAM role arn under the annotation. Note that we need to pass the IAM role created in the above step 2 under “serviceAccount.annotations: eks.amazonaws.com/role-arn: <use the role arn created to access s3 bucket>” in values.yaml
  2. Under the artifactoryConf used under Nginx, the server name should be matching the DNS name of the certificates used with a regex pattern “server_name ~(?<repo>.+)\.test.eks.com test.eks.com”
  3. The “X-JFrog-Override-Base-Url”  used as a proxy_set_header should be matching the “https” endpoint which uses the DNS name.
  4. Now pass the certificate arn on the parameter “service.beta.kubernetes.io/aws-load-balancer-ssl-cert”
  5. Finally, perform the helm installation.