Before you proceed with the installation, review the system requirements.
In addition, review requirements specific to the Helm installation.
Helm Chart Requirements
For installing Helm Charts, JFrog services need the following requirements:
Kubernetes 1.27+ (for installation instructions, see Kubernetes installation)
Kubernetes cluster with:
Dynamic storage provisioning enabled
Note
When deploying a JFrog application on an AWS EKS cluster, the AWS EBS CSI Driver is required for dynamic volume provisioning. However, this driver is not included in the JFrog Helm Charts. For more information, see Store Kubernetes volumes with Amazon EBS.
Default StorageClass set to persistent storage
Kubectl installed and set up to use the cluster
Helm v3 installed. For more information about installing Helm, see Helm installation.
JFrog validates compatibility with the core Kubernetes distribution. Since Kubernetes distribution vendors may apply additional logic or hardening (for example Rancher) JFrog Platform deployment with such platform vendors might not be fully supported.
Customized YAML File
When using a customized values.yaml
file, remember to attach a -f
flag to each upgrade command in the file.
Installation Steps
Follow these steps to install the product:
Add JFrog Helm Charts repository to your Helm client.
helm repo add jfrog https://charts.jfrog.io
Update the repository.
helm repo update
Create a unique Master Key (Artifactory requires a unique master key) and pass it to the template during installation.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY}
Custom Master Key in Production Installations
For production grade installations, we strongly recommend that you use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage. Therefore, generate a unique key and pass it to the template at install/upgrade time.
Alternatively, you can manually create a secret containing the master key and pass it to the template during installation.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY} # Create a secret containing the key. The key in the secret must be named master-key kubectl create secret generic my-masterkey-secret -n artifactory --from-literal=master-key=${MASTER_KEY}
In either case, make sure to pass the same master key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.masterKey=${MASTER_KEY}
(for the custom master key) or--set artifactory.masterKeySecretName=my-masterkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Next, create a unique join key.
# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY}
By default the chart has one set in the
values.yaml
(artifactory.joinKey
). However, this key is for demonstration purposes only and should not be used in a production environment. Generate a unique key and pass it to the template during installation.Alternatively, you can manually create a secret containing the join key and pass it to the template during installation.
# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY} # Create a secret containing the key. The key in the secret must be named join-key kubectl create secret generic my-joinkey-secret -n artifactory --from-literal=join-key=${JOIN_KEY}
In either case, make sure to pass the same join key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.joinKey=${JOIN_KEY}
(for the custom join key) or--set artifactory.joinKeySecretName=my-joinkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Install the chart with the release name
artifactory
and with master key and join key.helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory --create-namespace jfrog/artifactory
Change Internal PostgreSQL Password
If you are using an internal PostgreSQL, it is recommended to change the PostgreSQL password. For more information, see Auto-generated Passwords (Internal PostgreSQL).
Connect to Artifactory.
It may take a few minutes for Artifactory's public IP to become available. Follow the instructions that are output by the install command above to get the Artifactory IP to access it. Below you will find a sample instruction of what to look for to pick the URL to reach Artifactory (in the following example, art77 is the release name and art is the namespace).
Congratulations. You have just deployed JFrog Artifactory. 1. Get the Artifactory URL by running these commands: NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of the service by running 'kubectl get svc --namespace art -w art77-artifactory-nginx' export SERVICE_IP=$(kubectl get svc --namespace art art77-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP/ 2. Open Artifactory in your browser Default credential for Artifactory: user: admin password: password
To access the logs, find the name of the pod using the following command.
kubectl --namespace <your namespace> get pods
To get the container logs, run the following command.
kubectl --namespace <your namespace> logs -f <name of the pod>
Optional Steps
Customize the product configuration including database, Java Opts, and filestore.
Filestore Options
Helm filestore (storage) installations require certain modifications. For more information, see Advanced Storage Options.
Note
Unlike other installations, Helm Chart configurations are made to the
values.yaml
file and are then applied to thesystem.yaml
file.Follow these steps to apply the configuration changes:
Make the changes to
values.yaml.
Run the command.
To configure Artifactory for Helm, you will need to override the default
system.yaml
configuration. For more information, see Overriding the Default System YAML File.By default, Helm deploys Artifactory with PostgreSQL (running in a separate pod).