Install JFrog Advanced Security on your Self-Hosted Environment with Helm

JFrog Installation & Setup Documentation
Content Type
Installation & Setup
ft:sourceType
Paligo

Tip

You are in Step 2, of the JFrog Advanced Security installation. For previous and next steps, refer to Installing JFrog Advanced Security.

You can install JAS in your existing JFrog Platform installation, install a new JFrog Platform installation with JAS, or install JAS along with a new installation of Artifactory and Xray.

You can install JAS with an existing Helm installation of the JFrog Platform.

  1. Contact JFrog Support to purchase or obtain a trial license of JFrog Advanced Security.

  2. Add charts.jfrog.io to your Helm client.

    helm repo add jfrog https://charts.jfrog.io

  3. Run the following command to update the Helm repository.

    helm repo update

  4. You can install JAS in a new JFrog Platform installation with JAS, install JAS in your existing JFrog Platform installation, or install JAS with the installation of Artifactory and Xray.

    New JFrog Platform Installation

    1. Run the following command to install JAS in a new JFrog platform installation.

      helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform --set xray.serviceAccount.create=true --set xray.rbac.create=true --set jas.healthcheck.enabled=true

      You can also install with a values YAML update

      1. Add the following values in the custom-values.yaml file

        serviceAccount: 
  create: true
rbac: 
  create: true

      2. Run the following command.

        helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform -f custom-values.yaml --create-namespace

    Existing JFrog Platform Installation

    1. Run the following command to install JAS in the current JFrog platform installation.

      helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform --set xray.serviceAccount.create=true --set xray.rbac.create=true --set jas.healthcheck.enabled=true

      You can also install with a values YAML update

      1. Add the following values in the custom-values.yaml file.

        serviceAccount: 
  create: true 
rbac: 
  create: true

      2. Run the following command.

        helm upgrade --install jfrog-platform --namespace jfrog-platform --create-namespace jfrog/jfrog-platform -f custom-values.yaml

    Existing Artifactory and Xray Helm Installation

    1. Upgrade Artifactory to version 7.49.x or later. For more information, see Upgrading Artifactory Helm Upgrade.

    2. Upgrade Xray to version 3.67.x or later. For more information, see Xray Helm Upgrade.

    3. Run the following command to install JAS.

      helm upgrade xray jfrog/xray --set serviceAccount.create=true --set rbac.create=true --set jas.healthcheck.enabled=true

      You can also install with a values YAML update

      1. Add the following values in the custom-values.yaml file.

        serviceAccount: 
  create: true 
rbac: 
  create: true

      2. Run the following command.

        helm upgrade --install xray jfrog/xray -f custom-values.yaml

  5. Synchronize the database. For more information, see Synchronizing the Database.

  6. Configure a base URL. For more information, see General Settings.Base URL

Configure JAS for Self-Signed Helm Installation

Note

Starting from Xray version 3.105 and above, no additional self-signed certificate configuration is required for JAS. It will automatically inherit the settings from Xray if necessary.

Required Xray 3.83.11 or later.

Create a secret that contains the ca certificate in PEM base64 format. Update the system.yaml file with the information.

executionService: 
  platformCertificateSecretName: "<secret-name>"
  platformCertificateSecretKey: "<secret-key>"
Install JAS with Helm in an Air-gapped Environment

  1. Ensure that JFConnect is running in the air-gapped mode.

    For more information, see Configure JFrog Platform in an Air-gapped Environment.

  2. Install JAS with Helm with the following updates to the Helm values and system YAML files.

    • Add Contextual Analysis and Exposures images to the internal registry for the local Artifactory.

      Download the images from releases-docker.jfrog.io (with a tag of the same Xray version).

      If already you set the global.imageRegistry (for pulling Xray images) in your values file it should work.

      global:
  imageRegistry: ...

      If you want to change only the location of jas images you can set this in the system.yaml file.

      executionService:
  pullSecret: "<pull-secret-name>"
contextualAnalysis:
  registry: "releases-docker.jfrog.io"
  image: "jfrog/xray-jas-contextual-analysis"
exposures:
  container:
    registry: "releases-docker.jfrog.io"
    image: "jfrog/xray-jas-exposures"

      The tag of the images should be the same as the Xray version.

    • Add Contextual Analysis and Exposures images to the internal registry directly to the Kubernetes nodes.

      Download images on a machine that has an Internet connection.

      docker pull --platform=linux/amd64 releases-docker.jfrog.io/jfrog/xray-jas-exposures:<XRAY_VERSION>
docker pull --platform=linux/amd64 releases-docker.jfrog.io/jfrog/xray-jas-contextual-analysis:<XRAY_VERSION>

      Save the images as tar files.

      docker save releases-docker.jfrog.io/jfrog/xray-jas-exposures:<XRAY_VERSION> > jas_exposure.tar
docker save releases-docker.jfrog.io/jfrog/xray-jas-contextual-analysis:<XRAY_VERSION> > jas_contextual_analysis.tar

      Copy the tar files to all k8s nodes and load with the following commands.

      ctr -n=k8s.io images import jas_exposure.tar
ctr -n=k8s.io images import jas_contextual_analysis.tar