Install Artifactory on Kubernetes using Helm

JFrog Installation & Setup Documentation
Content Type
Installation & Setup

Installing Artifactory using Helm Charts provides a streamlined and declarative method for deploying Artifactory on Kubernetes. This approach simplifies the management of Artifactory's services, configurations, and dependencies within a Kubernetes cluster.

Here you'll find step-by-step instructions for installing JFrog Artifactory using Helm Charts, covering both single-node and high-availability (HA) configurations.

Prerequisistes

Install Steps

The following steps cover the installation process for both single-node and HA.

  1. Add JFrog Helm Charts Repository

    1. Add Repository:

      helm repo add jfrog https://charts.jfrog.io

    2. Update Repository:

      helm repo update

  2. Create Unique Master and Join Keys

    Artifactory requires unique master and join keys. While default keys exist in the chart's values.yaml (especially for artifactory.joinKey), these are for demonstration purposes only and should not be used in a production environment.

    For production-grade installations, always generate unique keys and pass them during installation. Changing the master key later is very difficult.

    1. Create Keys (Environment Variables):

      export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
export JOIN_KEY=$(openssl rand -hex 32)
echo ${JOIN_KEY}

    2. Alternatively: Create Kubernetes Secrets (Recommended for Production):

      You can manually create Kubernetes secrets containing these keys, which offers a more secure way to manage sensitive data. The key names within the secrets must be master-key and join-key respectively.

      # For Master Key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
kubectl create secret generic my-masterkey-secret -n artifactory --from-literal=master-key=${MASTER_KEY}

# For Join Key
export JOIN_KEY=$(openssl rand -hex 32)
echo ${JOIN_KEY}
kubectl create secret generic my-joinkey-secret -n artifactory --from-literal=join-key=${JOIN_KEY}

      In either case, ensure that you pass the same keys/secret names on all future Helm install and Helm upgrade calls. This means always passing --set artifactory.masterKey=${MASTER_KEY} (for the custom master key) or --set artifactory.masterKeySecretName=my-masterkey-secret (for the manual secret), and similarly for the join key.

  3. Install Artifactory Helm Chart

    Install the Artifactory chart based on your desired deployment type (single-node or HA). This step creates the necessary Kubernetes resources including Artifactory pods, services, and persistent volumes.

    Note

    When using a customized values.yaml file, remember to attach a -f flag to each upgrade command in the file.

    1. Option A: Single-Node Installation

      Install the artifactory chart with your generated master and join keys.

      helm upgrade --install artifactory \
  --set artifactory.masterKey=${MASTER_KEY} \
  --set artifactory.joinKey=${JOIN_KEY} \
  --namespace artifactory --create-namespace \
  jfrog/artifactory

    2. Option B: High Availability (HA) Installation (Recommended for New Deployments)

      For new HA installations, use the artifactory chart and set artifactory.replicaCount to 3 (recommended) or higher. The minimum should be 2.

      helm upgrade --install artifactory \
  --set artifactory.replicaCount=3 \
  --set artifactory.masterKey=${MASTER_KEY} \
  --set artifactory.joinKey=${JOIN_KEY} \
  --namespace artifactory --create-namespace \
  jfrog/artifactory

  4. Change Internal PostgreSQL Password (Optional)

    If the Helm chart deployed an internal PostgreSQL database (default behavior), it is recommended to change its auto-generated password for security. For more information, see Auto-generated Passwords (Internal PostgreSQL).

    By default, Helm deploys Artifactory with PostgreSQL (running in a separate pod). For more information about creating and configuring databases, see Set up Database.

  5. Set up Supported Filestores

    The filestore is where Artifactory physically stores the binaries.

    • Single-Node: A local filesystem is the default, but externalizing it (for example, to a dedicated volume) is recommended for easier management and potential migration.

    • High Availability (HA): A shared filestore is mandatory. This can be NFS, S3, Azure Blob Storage, Google Cloud Storage, or another supported object storage solution. All Artifactory nodes in the cluster must have unified and reliable network access to this single shared filestore.

    Helm filestore (storage) installations require certain modifications. For more information, see Advanced Storage Options.

  6. Customize Artifactory Configuration

    For all Artifactory deployments using Helm charts, whether single-node or High Availability (HA), the primary method for configuring Artifactory is through the Helm chart's values.yaml file. Unlike native installations, you do not directly edit the system.yaml file on individual nodes. For more information on system.yaml and its parameters, see System YAML configuration.

    To configure Artifactory for Helm, you will need to override the default system.yaml configuration through this values.yaml file. For details on how to override these defaults specifically with Helm, see Overriding the Default System YAML File.

  7. Connect to Artifactory

    It may take a few minutes for Artifactory's public IP (LoadBalancer IP) to become available. Follow these instructions to get the Artifactory URL to access it:

    # Watch the status of the service until LoadBalancer IP is available:
kubectl get svc --namespace <your namespace> -w <release-name>-artifactory-nginx # Or <release-name>-nginx for artifactory chart

# Once available, get the IP and URL:
export SERVICE_IP=$(kubectl get svc --namespace <your namespace> <release-name>-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/

    For example (assuming release name art77 and namespace art):

    Congratulations. You have just deployed JFrog Artifactory.
1. Get the Artifactory URL by running these commands:
   NOTE: It may take a few minutes for the LoadBalancer IP to be available.
         You can watch the status of the service by running 'kubectl get svc --namespace art -w art77-artifactory-nginx'
   export SERVICE_IP=$(kubectl get svc --namespace art art77-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
   echo http://$SERVICE_IP/
2. Open Artifactory in your browser
   Default credential for Artifactory:
   user: admin
   password: password

  8. Install HA License (HA Only)

    For HA setups, you must install the Artifactory HA license. This can be done using one of three methods: REST API, Artifactory UI, or a Kubernetes Secret. For more information, see Adding Licenses.

  9. Monitor Artifactory

    To access the logs and monitor Artifactory pods:

    • Find the name of the pod:

      kubectl --namespace <your namespace> get pods

    • Get the container logs:

      kubectl --namespace <your namespace> logs -f <name of the pod>

  10. Access Artifactory UI

    After starting Artifactory, open your browser and go to http://<SERVER_HOSTNAME>:8082/, replacing <SERVER_HOSTNAME> with your server's actual IP address or hostname.

    For HA setup, you will typically access Artifactory through a load balancer that distributes traffic across your HA nodes. Configure your load balancer to direct traffic to http://< ARTIFACTORY_NODE_IP>:8082/ on each node.

  11. Initial Setup

    Upon first access, you'll be guided through an onboarding wizard:

    • Change Default Admin Password: The default credentials are admin/password. Change this immediately.

    • Configure Base URL: Configure the Base URL.

    • Apply Licenses: If you have an Artifactory Pro or Enterprise license, apply it.