Insight Single Node Helm Chart Installation

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Before you proceed with the installation, review the system requirements.

Operating Systems and Platform Support

The following table lists the supported operating systems and the versions.

Product

Debian

RHEL

Ubuntu

Amazon Linux

Windows Server

Insight

10.x, 11.x

8.x, 9.x

20.04, 22.04

Amazon Linux 2023

Supported Platforms

The following table lists the supported platforms.

Product

x86-64

ARM64

Kubernetes

OpenShift

Insight

1.19+

Installation on Kubernetes environments is through Helm Charts. Supported Helm version is Helm 3+.

Kubernetes Sizing Requirements

We have included YAML files with different sizing configurations for Artifactory , Xray, and Distribution in our GitHub pages. You can use these YAML files when you set up your cluster.

ARM64 Support

Starting from version 7.41.4, Artifactory supports installation on ARM64 architecture through Helm and Docker installations. You must set up an external database as the Artifactory database since Artifactory does not support the bundled database with the ARM64 installation. Artifactory installation pulls the ARM64 image automatically when you run the Helm or Docker installation on the ARM64 platform.

ARM64 support is also available for Xray, Distribution and Insight.

Database and Third-Party Applications in Insight

A database is required, which is fundamental to management of Insight and is also used to store cluster wide configuration files. Currently PostgreSQL is supported, and any change to configuration requires restarting all Insight nodes for changes to take effect.

Insight supports the following versions of PostgreSQL.

  • 15.x

  • 13.x

  • 12.x

An Elasticsearch database is required to store the data from which Insight generates trends and charts.

Insight supports the following versions of Elasticsearch.

  • 7.17.1 (for Insight 1.11.3 and later)

  • 7.16.2 (for Insight 1.5.0 to 1.10.2)

  • 7.15.1 (for Insight 1.2.3 to 1.30)

  • 7.14.1 (for Insight 1.0.1 to 1.1.3)

Insight Network Ports

Insight uses the 8082 port by default for external communication.

Insight uses the following internal ports by default for communication with JFrog Platform microservices.

  • 8080 for the Insight Server

  • 8082, 8046, 8047, and 8049 for the Router

  • 8087 for Insights

  • 5432 for PostgreSQL (if you use the bundled Postgres database)

  • 9200 for Elasticsearch (if you use the bundled Elasticsearch)

In addition, review the Helm Chart requirements.

Deploying Artifactory for Small, Medium or Large Installations

In the chart directory, includes three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory:

Follow these steps to install the product:

  1. Add the https://charts.jfrog.io to your Helm client.

    helm repo add jfrog https://charts.jfrog.io
  2. Update the repository.

    helm repo update
  3. Initiate installation by providing a join key and JFrog url as a parameter to the Insight chart installation.

    helm upgrade --install insight --set insightServer.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY> \
                 --set insightServer.jfrogUrl=<YOUR_PREVIOUSLY_RETRIEVED_BASE_URL> --namespace insight jfrog/insight

    Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. The key must be named join-key.

    kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>
     
    # Pass the created secret to helm
    helm upgrade --install insight --set insightServer.joinKeySecretName=my-secret --namespace insight jfrog/insight

    In either case, make sure to pass the same join key on all future calls to helm install and helm upgrade! This means always passing --set insightServer.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>. In the second, this means always passing --set insightServer.joinKeySecretName=my-secret and ensuring the contents of the secret remain unchanged.

  4. Customize the product configuration (optional) including database, Java Opts, and filestore.

    Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

    Follow these steps to apply the configuration changes.

    1. Make the changes to values.yaml.

    2. Run the command.

      helm upgrade --install insight --namespace insight -f values.yaml
    3. Restart Insight to apply the changes.

  5. Access Insight from your browser at: http://<jfrogUrl>/ui/ and go to the Dashboard tab in the Application module in the UI.

  6. Check the status of your deployed Helm releases.

    helm status insight

After installing and before running Insight, you may set the following configurations.

Where to find the system configurations?

You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/insight/var/etc folder. For more information, see Insight YAML Configuration.

If you don't have a System YAML file in your folder, copy the template available in the folder and name it system.yaml.

For the Helm charts, the system.yaml file is managed in the chart’s values.yaml.

Artifactory Connection Details

Insight requires a working Artifactory server and a suitable license. The Insight connection to Artifactory requires 2 parameters:

  • jfrogUrl - URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. We recommend that you use DNS names rather than direct IPs. For example, http://jfrog.acme.com instead of http://10.20.30.40:8082.

    Set it in the Shared Configurations section of the $JFROG_HOME/insight/etc/system.yaml file.

  • join.key - This is the "secret" key required by Artifactory for registering and authenticating the Insight server.

    You can fetch the Artifactory joinKey (join Key) from the JPD UI in the Administration module | User Management | Settings | Join Key.

    Set the join.key used by your Artifactory server in the Shared Configurations section of the $JFROG_HOME/insight/etc/system.yaml file.

Change PostgreSQL Database Credentials

Insight comes bundled with a PostgreSQL Database out-of-the-box, which comes pre-configured with default credentials.

Note

These commands are indicative and assume some familiarity with PostgreSQL. Do not copy and paste them. For docker-compose, you need to ssh into the PostgreSQL container before you run them.

To change the default credentials:

# Access PostgreSQL as the insight user adding the optional -W flag to invoke the password prompt
$ psql -d insight -U insight -W
# Securely change the password for user "mission_control". Enter and then retype the password at the prompt.
\password insight
# Verify the update was successful by logging in with the new credentials
$ psql -d insight -U insight -W
Change Elasticsearch Credentials
  1. Obtain the username used to access Elasticsearch from $JFROG_HOME/insight/var/etc/system.yaml available at elasticsearch.username.

  2. Update the user's password:

    $ELASTICSEARCH_HOME/bin/elasticsearch-users passwd <username>.

  3. Change the password in system.yaml to the new password

Add certificates to connect to external Elasticsearch over SSL

To use an external Elasticsearch over an SSL connection, you must copy the certificate files to the trusted folder in the Insight installation ($JFROG_HOME/insight/var/etc/security/keys/trusted) and restart Insight services.

Set your PostgreSQL and Elasticsearch connection details in the Shared Configurations section of the $JFROG_HOME/insight/var/etc/system.yaml file.