Enabling JFrog Catalog in Xray Helm Chart

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Starting from Xray version 3.107.14 and above, JFrog Catalog has been added as a dependency chart in Xray . You can install it by enabling it in values.yaml.

With External PostgreSQL

JFrog Catalog requires an additional database to function. For production deployments, use an external database with a dedicated database for the catalog.

Create a custom custom-values.yaml file and install using helm. This is an example of installing the Xray chart with JFrog Catalog enabled.

global:
  jfrogUrl: <artifactory url>
  joinKey: <join key>

postgresql:
  enabled: false

rabbitmq:
  auth:
    password: guest

database:
  url: "postgres://postgresql:5432/xraydb?sslmode=disable"
  user: xray
  password: xray

catalog:
  enabled: true
  database:
    url: "postgres://postgresql:5432/catalogdb?sslmode=disable"
    user: xray
    password: xray
  • Please note that .Values.jfrogUrl and .Values.joinKey should be provided in the global section for the catalog subchart to access them. You can also pass them as secrets. Please refer to the values.yaml for the supported keys.

  • Bundled PostgreSQL (.Values.postgresql.enabled) should be set to false when using external Postgresql

  • .Values.catalog.enabled should be set to true, and the database configuration should be provided in the .Values.catalog.database section.

  • To modify additional settings for the catalog chart, check the full values.yaml file for the supported keys and tags.

With External PostgreSQL in OpenShift

When installing in OpenShift cluster ensure to turn off the security contexts for both pods and containers. This applies to Xray, JFrog Catalog and RabbitMQ pods. Example: Create a custom custom-values.yaml file and install using Helm.

global:
  jfrogUrl: <artifactory url>
  joinKey: <join key>

containerSecurityContext:
  enabled: false
podSecurityContext:
  enabled: false
rbac:
  create: true
serviceAccount:
  create: true

database:
  url: "postgres://postgresql:5432/xraydb?sslmode=disable"
  user: xray
  password: xray

rabbitmq:
  auth:
    password: guest 
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false

catalog:
  enabled: true
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false
  database:
    url: "postgres://postgresql:5432/catalogdb?sslmode=disable"
    user: xray
    password: xray
With Bundled PostgreSQL (Not recommended for production)

Note

Upgrades to bundled Postgresql is not supported

Example: Create a custom custom-values.yaml file and install using Helm.

global:
  jfrogUrl: <artifactory url>
  joinKey: <join key>

postgresql:
  auth:
    username: xray
    password: password

rabbitmq:
  auth:
    password: guest

catalog:
  enabled: true
  ## The user and password for .Values.catalog.database are the same as .Values.postgresql.auth.username and .Values.postgresql.auth.password when using the bundled PostgreSQL.
  ## Post hook job will create the additional catalog database in the bundled postgresql using the user and password provided here
  database:
    user: xray
    password: password

Note

The .Values.catalog.database section should use the same credentials as the .Values.postgresql.auth section for the user and password. This is because this specific user is responsible for creating an additional database for the catalog in the bundled PostgreSQL, using a post-deployment hook.

  • If using external secrets for the bundled PostgreSQL (.Values.postgresql.auth.secretKeys), set .Values.catalog.createCatalogDb.enabled to false, manually create the catalog database, and then provide the database configuration in the .Values.catalog.database section.

  • If you encounter any issues with the post hook or the wait-for-database init container in the catalog pod, set .Values.catalog.createCatalogDb.enabled to false, create the catalog database manually in PostgreSQL, and provide the database configuration under the .Values.catalog.database section.

  • please check the full values.yaml file for the supported keys and tags.

With Bundled PostgreSQL in OpenShift (Not recommended for production)

Note

Upgrades to bundled Postgresql is not supported

Example: Create a custom custom-values.yaml file and install using Helm.

global:
  jfrogUrl: <artifactory url>
  joinKey: <join key>

containerSecurityContext:
  enabled: false
podSecurityContext:
  enabled: false
rbac:
  create: true
serviceAccount:
  create: true

postgresql:
  auth:
    username: xray
    password: password
  primary:
    podSecurityContext:
      enabled: false
    containerSecurityContext:
      enabled: false

rabbitmq:
  auth:
    password: guest
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false

catalog:
  enabled: true
  ## The user and password for .Values.catalog.database are the same as .Values.postgresql.auth.username and .Values.postgresql.auth.password when using the bundled PostgreSQL.
  ## A post-hook job will create the additional catalog database in the bundled PostgreSQL using the username and password provided here.
  database:
    user: xray
    password: password
  podSecurityContext:
    enabled: false
  containerSecurityContext:
    enabled: false
Override/Change System YAML settings.

To override or change system.yaml settings for Xray or Catalog, use the extraSystemYaml tag, which is supported in both charts.

Example:

xray:
  extraSystemYaml:
    shared:
      application:
        level: debug
catalog:
  enabled: true
  extraSystemYaml:
    shared:
      application:
        level: debug