Enable TLS in RabbitMQ for Xray in JFrog Platform Chart

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Available from JFrog Platform Chart version 10.14.1.

  1. Set global.rabbitmq.auth.tls.enabled and rabbitmq.auth.tls.enabledas true in the values.yaml file.

    global:
      rabbitmq:
         auth:
             tls:
                enabled: true
    rabbitmq:
       auth:
           tls:
              enabled: true

    Warning

    Ensure that you both global.rabbitmq.auth.tls.enabled and rabbitmq.auth.tls.enabled values as the same so that the settings are shared between Xray and Pipelines.

  2. Add extraConfiguration: |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}} to access the RabbitMQ Management Portal through the HTTPS mode.

    global:
      rabbitmq:
         auth:
             tls:
                enabled: true
    rabbitmq:
       auth:
           tls:
              enabled: true
              extraConfiguration: 
                  |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}

    Warning

    If you use Pipelines, you can access the RabbitMQ Management Portal only through the HTTP mode since Pipelines does not support TLS in RabbitMQ.

  3. Select whether you want RabbitMQ to generates certs or whether you wish to use your own certs.

    • Set global.rabbitmq.auth.tls.autogenerated and rabbitmq.auth.tls.autogenerated as true in the values.yaml file so that RabbitMQ generates the certs.

      global:
        rabbitmq:
           auth:
               tls:
                  enabled: true
                  autogenerated: true
      rabbitmq:
         auth:
             tls:
                enabled: true
                autogenerated: true
                extraConfiguration: 
                    |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}        
    • Set rabbitmq.auth.tls.autogenerated as false in the values.yaml file so that you can use your own certs.

      global:
        rabbitmq:
           auth:
               tls:
                  enabled: true
                  autogenerated: false
      rabbitmq:
         auth:
             tls:
                enabled: true
                autogenerated: false
                extraConfiguration: 
                    |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}
      

    Warning

    Ensure that you both global.rabbitmq.auth.tls.autogenerated and rabbitmq.auth.tls.autogenerated values as the same so that the settings are shared between Xray and Pipelines.

    Currently, Pipelines does not support TLS mode and the Pipelines chart overrides tls.enabled value from the platform chart.

  4. If you want to use your own certs, you can pass the certs as a Kubernetes secret.

    Pass Certs as a Kubernetes Secret

    To pass your certs as a Kubernetes secret, set rabbitmq.auth.tls.existingSecret with the secret name.

    global:
      rabbitmq:
         auth:
             tls:
                enabled: true
                autogenerated: false
                existingSecret: <secret name>
    rabbitmq:
       auth:
           tls:
              enabled: true
              autogenerated: false
              existingSecret: <secret name>
              extraConfiguration: 
                  |-management.listener.ssl = {{ .Values.global.rabbitmq.auth.tls.enabled}}
    
  5. If you want to install only Xray without other JFrog products along with Artifactory, make the following update in the values.yaml file.

    xray:
      enabled: true
    insight:
      enabled: false
    distribution:
      enabled: false
    pipelines:
      enabled: false
  6. Run the following command to apply the values.yaml in the JFrog Platform installation.

    helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-platform -f values.yaml

    You can also run a fresh installation of Xray installation with this updated values.yaml along with the other requirements mentioned in Xray Single Node Helm Installation.