Distribution Single Node Helm Installation

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Before you proceed, see System Requirements for information on supported platforms, supported browsers, and other requirements.

Operating Systems and Platform Support

The following table lists the supported operating systems and the versions.

Product

Debian

RHEL

Ubuntu

Windows Server

Amazon Linux

Distribution

10.x, 11.x

8.x, 9.x

20.04, 22.04

Amazon Linux 2023

Operating Systems - End of Support

As part of JFrog commitment to maintain the security and reliability of the JFrog Platform, Artifactory will officially run with Node.js 20.x on all installation types from Artifactory 7.77.3.

Node.js 20.x provided with Linux Archive/Debian/RPM installations (non-containerized distributions) is not supported on the following operating systems.

Hence, these operating systems will no longer supported from Artifactory version 7.77.3.

Supported Platforms

The following table lists the supported platforms.

Product

x86-64

ARM64

Kubernetes

OpenShift

Distribution

1.19+

Installation on Kubernetes environments is through Helm Charts. Supported Helm version is Helm 3+.

Kubernetes Sizing Requirements

We have included YAML files with the different sizing configuration for Distribution in our GitHub page. You can use these YAML when you set up your cluster.

ARM64 Support

From version 7.41.4, Artifactory supports installation on ARM64 architecture through Helm and Docker installations. You must set up an external database as the Artifactory database since Artifactory does not support the bundled database with the ARM64 installation. Artifactory installation pulls the ARM64 image automatically when you run the Helm or Docker installation on the ARM64 platform.

ARM64 support is also available for Xray, Pipelines (in Helm installation), and Insight.

Database and Third-Party Applications in Distribution

Distribution supports the following versions of PostgreSQL.

  • 15.x

  • 13.x

  • 12.x

Distribution HA requires an external database. Any change to configuration requires restarting of any Distribution node for changes to take effect for the whole Distribution cluster.

Distribution requires Redis and supports Redis 7.x. A supported Redis version is bundled with the Distribution installer.

Redis Password Restrictions

Redis password should contain only alphanumeric characters and should not contain any special characters.

Distribution Network Ports

Distribution uses the 8082 port by default for external communication.

Distribution uses the following internal ports by default for communication with JFrog Platform microservices.

Microservice

Port

Distribution Server

8080

Router

8082, 8046, 8047, and 8049

Redis

6379

PostgreSQL (if you use the bundled Postgres database)

5432

Observability

8036

gRPC

8037

In addition, review the Helm Chart requirements.

Helm Chart Requirements

For Helm Charts installations, JFrog services requires the following prerequisites.

  • Kubernetes 1.19+ (for installation instructions, see Kubernetes installation)

  • Kubernetes cluster with:

    • Dynamic storage provisioning enabled

    • Default StorageClass set to persistent storage

  • Kubectl installed and set up to use the cluster

  • Helm v3 installed

JFrog validates compatibility with the core Kubernetes distribution. Since Kubernetes distribution vendors may apply additional logic or hardening (for example Rancher) JFrog Platform deployment with such platform vendors might not be fully supported.

Deploying Distribution for Small, Medium or Large Installations

In the chart directory, includes three values files, one for each installation type--small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory.

Complete the following steps to install the product.

  1. Add the ChartCenter Helm repository to your Helm client.

    helm repo add jfrog https://charts.jfrog.io
  2. Update the repository.

    helm repo update
  3. Initiate installation by providing a join key and JFrog url as a parameter to the Distribution chart installation.

    helm upgrade --install distribution --set distribution.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY> \
                 --set distribution.jfrogUrl=<YOUR_PREVIOUSLY_RETIREVED_BASE_URL> --namespace distribution jfrog/distribution

    Alternatively, you can create a secret containing the join key manually and pass it to the template during installation.

    1. Create a secret containing the key. The key in the secret must be named join-key.

      kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>
    2. Pass the created secret to Helm.

      helm upgrade --install distribution --set distribution.joinKeySecretName=my-secret --namespace distribution jfrog/distribution

    In either case, make sure to pass the same join key on all future calls to helm install and helm upgrade. This means always passing --set distribution.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>. In the second case, this means always passing --set distribution.joinKeySecretName=my-secret and ensuring the contents of the secret remain unchanged.

  4. Customize the product configuration (optional) including database, Java Opts, and filestore.

    Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

    Follow these steps to apply the configuration changes.

    1. Make the changes to values.yaml.

    2. Run the following command.

      helm upgrade --install distribution --namespace distribution -f values.yaml
  5. Access Distribution from your browser at:http://<jfrogUrl>/ui/.

    Go to theDashboard tab in theApplicationmodule in the UI.

  6. Check the status of your deployed Helm releases.

    helm status distribution

Note

For advanced installation options, see Helm Charts Installers for Advanced Users.

After installing and before running Distribution, you may set the following configurations.

Where to find the system configurations?

You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/distribution/var/etc folder. For more information, see Distribution YAML Configuration.

If you don't have a System YAML file in your folder, copy the template available in the folder and name it system.yaml.

For the Helm charts, the system.yaml file is managed in the chart’s values.yaml.

Artifactory Connection Details for Distribution

Distribution requires a working Artifactory server and a suitable license.

The Distribution connection to Artifactory requires the following parameters.

  • jfrogUrl - URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs. For example: http://jfrog.acme.com instead of http://10.20.30.40:8082.

    Set it in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

  • join.key - This is the secret key required by Artifactory for registering and authenticating the Distribution server.

    You can fetch the Artifactory joinKey (join Key) from the JPD UI in the Administration module | User Management | Settings | Join Key.

    Set the join.key used by your Artifactory server in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

Add Signing Keys to JFrog Distribution

The JFrog Platform supports signing keys to establish trust with your clients for downloading your packages from Artifactory. Signing keys consist of a public and a private key pair, which are used for signing and verifying release bundles. When installing a new Edge, you will need to propagate the public keys to the new Edge. To learn about how to add and propagate keys, see GPG Signing.GPG Signing

Change PostgreSQL Database Credentials

Distribution comes bundled with a PostgreSQL Database out-of-the-box, which comes pre-configured with default credentials

To change the default credentials:

# Access PostgreSQL as the Distribution user adding the optional -W flag to invoke the password prompt
$ psql -d distribution -U distribution -W
  
# Securely change the password for user "distribution". Enter and then retype the password at the prompt.
\password distribution
  
# Verify the update was successful by logging in with the new credentials
$ psql -d distribution -U distribution -W

Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

Change Redis Database Credentials

Redis Password Restrictions

Redis password should contain only alphanumeric characters and should not contain any special characters.

  1. Set your Redis password in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

  2. For Helm installations, you can set the password in the values.yaml file.

    distribution:
     jfrogUrl: http://xx.xx.xxx.xx
     joinKey: 6a8d2eaa5eab7d6945c020245c98344b9b42b9665073a36c74645d52e565dce4
     persistence:
      enabled: true
    redis:
     password: <password>
  3. Restart all the services.