Use Custom Secrets in Helm Installation

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Secrets are Kubernetes objects that are used for storing sensitive data such as username and passwords with encryption. If you need to add a custom secret in a custom init or sidecar container, use the section for defining custom secrets in the values.yaml file (by default this section is commented out).

Artifactory

artifactory:
  # Add custom secrets - secret per file
    customSecrets:
      - name: custom-secret
        key: custom-secret.yaml
        data: >
          secret data

Xray

common:
  # Add custom secrets - secret per file
    customSecrets:
      - name: custom-secret
        key: custom-secret.yaml
        data: >
          secret data

Insight

common:
  # Add custom secrets - secret per file
    customSecrets:
      - name: custom-secret
        key: custom-secret.yaml
        data: >
          secret data

Distribution

distribution:
  # Add custom secrets - secret per file
    customSecrets:
      - name: custom-secret
        key: custom-secret.yaml
        data: >
          secret data

Pipelines

pipelines:
  # Add custom secrets - secret per file
    customSecrets:
      - name: custom-secret
        key: custom-secret.yaml
        data: >
          secret data

To use a custom secret, you need to define a custom volume.

The following example shows how to define a custom volume in Artifactory.

Artifactory

artifactory:
  ## Add custom volumes
  customVolumes: |
    - name: custom-secret
      secret:
        secretName: custom-secret

To use a volume, you will need to define a volume mount as part of a custom init or sidecar container.

The following example shows how to define a volume mount as part of a sidecar container in Artifactory.

Artifactory

artifactory:
  customSidecarContainers:
    - name: side-car-container
      volumeMounts:
      - name: custom-secret
        mountPath: /opt/custom-secret.yaml
        subPath: custom-secret.yaml
        readOnly: true

You can configure the sidecar to run as a custom user by setting the following in the container template.

  # Example of running container as root (id 0)
  securityContext:
    runAsUser: 0
    fsGroup: 0