Starting from Xray version 3.107.14 and above, JFrog Catalog has been added as a dependency chart in Xray . You can install it by enabling it in values.yaml
.
With External PostgreSQL
JFrog Catalog requires an additional database to function. For production deployments, use an external database with a dedicated database for the catalog.
Create a custom custom-values.yaml
file and install using helm. This is an example of installing the Xray chart with JFrog Catalog enabled.
global: jfrogUrl: <artifactory url> joinKey: <join key> postgresql: enabled: false rabbitmq: auth: password: guest database: url: "postgres://postgresql:5432/xraydb?sslmode=disable" user: xray password: xray catalog: enabled: true database: url: "postgres://postgresql:5432/catalogdb?sslmode=disable" user: xray password: xray
Please note that
.Values.jfrogUrl
and.Values.joinKey
should be provided in the global section for the catalog subchart to access them. You can also pass them as secrets. Please refer to thevalues.yaml
for the supported keys.Bundled PostgreSQL (
.Values.postgresql.enabled
) should be set to false when using external Postgresql.Values.catalog.enabled
should be set to true, and the database configuration should be provided in the.Values.catalog.database
section.To modify additional settings for the catalog chart, check the full
values.yaml
file for the supported keys and tags.
With External PostgreSQL in OpenShift
When installing in OpenShift cluster ensure to turn off the security contexts for both pods and containers. This applies to Xray, JFrog Catalog and RabbitMQ pods. Example: Create a custom custom-values.yaml
file and install using Helm.
global: jfrogUrl: <artifactory url> joinKey: <join key> containerSecurityContext: enabled: false podSecurityContext: enabled: false rbac: create: true serviceAccount: create: true database: url: "postgres://postgresql:5432/xraydb?sslmode=disable" user: xray password: xray rabbitmq: auth: password: guest podSecurityContext: enabled: false containerSecurityContext: enabled: false catalog: enabled: true podSecurityContext: enabled: false containerSecurityContext: enabled: false database: url: "postgres://postgresql:5432/catalogdb?sslmode=disable" user: xray password: xray
With Bundled PostgreSQL (Not recommended for production)
Note
Upgrades to bundled Postgresql is not supported
Example: Create a custom custom-values.yaml
file and install using Helm.
global: jfrogUrl: <artifactory url> joinKey: <join key> postgresql: auth: username: xray password: password rabbitmq: auth: password: guest catalog: enabled: true ## The user and password for .Values.catalog.database are the same as .Values.postgresql.auth.username and .Values.postgresql.auth.password when using the bundled PostgreSQL. ## Post hook job will create the additional catalog database in the bundled postgresql using the user and password provided here database: user: xray password: password
Note
The .Values.catalog.database
section should use the same credentials as the .Values.postgresql.auth
section for the user and password. This is because this specific user is responsible for creating an additional database for the catalog in the bundled PostgreSQL, using a post-deployment hook.
If using external secrets for the bundled PostgreSQL (
.Values.postgresql.auth.secretKeys
), set .Values.catalog.createCatalogDb.enabled
to false, manually create the catalog database, and then provide the database configuration in the.Values.catalog.database
section.If you encounter any issues with the post hook or the wait-for-database init container in the catalog pod, set
.Values.catalog.createCatalogDb.enabled
to false, create the catalog database manually in PostgreSQL, and provide the database configuration under the.Values.catalog.database
section.please check the full
values.yaml
file for the supported keys and tags.
With Bundled PostgreSQL in OpenShift (Not recommended for production)
Note
Upgrades to bundled Postgresql is not supported
Example: Create a custom custom-values.yaml
file and install using Helm.
global: jfrogUrl: <artifactory url> joinKey: <join key> containerSecurityContext: enabled: false podSecurityContext: enabled: false rbac: create: true serviceAccount: create: true postgresql: auth: username: xray password: password primary: podSecurityContext: enabled: false containerSecurityContext: enabled: false rabbitmq: auth: password: guest podSecurityContext: enabled: false containerSecurityContext: enabled: false catalog: enabled: true ## The user and password for .Values.catalog.database are the same as .Values.postgresql.auth.username and .Values.postgresql.auth.password when using the bundled PostgreSQL. ## A post-hook job will create the additional catalog database in the bundled PostgreSQL using the username and password provided here. database: user: xray password: password podSecurityContext: enabled: false containerSecurityContext: enabled: false
Override/Change System YAML settings.
To override or change system.yaml
settings for Xray or Catalog, use the extraSystemYaml
tag, which is supported in both charts.
Example:
xray: extraSystemYaml: shared: application: level: debug catalog: enabled: true extraSystemYaml: shared: application: level: debug