Before you proceed with the installation, review the system requirements.
Note
Currently, it is not possible to connect a JFrog product that is within a Kubernetes cluster with another JFrog product that is outside of the cluster, as this is considered a separate network. Therefore, JFrog products cannot be joined together if one of them is in a cluster.
Note
External RabbiMQ instances are not officially supported; the recommended method of installation is to use the bundled RabbitMQ.
Follow these steps to install the product:
Add the charts.jfrog.io to your Helm client.
helm repo add jfrog https://charts.jfrog.io
Update the repository.
helm repo update
Next, create a unique master key. JFrog Xray requires a unique master key to be used by all micro-services in the same cluster. By default the chart has one set in
values.yaml
(xray.masterKey
).Note
For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage This key is for demo purpose and should not be used in a production environment.
Generate a unique key and pass it to the template during installation/upgrade.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY}
You can pass this master key to the Helm installation through the Helm command or through the
values.yaml
file.The following example shows the
values.yaml
file with the master key.xray: masterKey: <master key value>
Alternatively, you can create a secret containing the master key manually and pass it to the template during installation/upgrade.
# Create a secret containing the key. The key in the secret must be named master-key kubectl create secret generic masterkey-secret --from-literal=master-key=${MASTER_KEY}
You can pass this master key secret to the Helm installation through the Helm command (by passing
masterkey-secret
)or through thevalues.yaml
file.The following example shows the
values.yaml
file with the master key secret.xray: masterKeySecretName: masterkey-secret
Note
In either case, make sure to pass the same master key on all future calls to
helm install
andhelm upgrade
. In the first case, this means always passing--set xray.masterKey=${MASTER_KEY}
. In the second, this means always passing--set xray.masterKeySecretName=masterkey-secret
and ensuring the contents of the secret remain unchanged.You can also provide the master key or master key secret inside a
values.yaml
file and pass it along during the installation.Installation requires a join key.
You can pass the join key along with the Helm install/upgrade command or pass it in a
values.yaml
file.The following sample shows how to provide join key in the
values.yaml
file.xray: joinKey: <join key value>
Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. The key must be named join-key.
kubectl create secret generic joinkey-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>
The following example shows the
values.yaml
file with the join key secret.xray: joinKeySecretName: joinkey-secret
Note
In either case, make sure to pass the same join key on all future calls to
helm install
andhelm upgrade
. This means always passing--set xray.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>
. In the second, this means always passing--set xray.joinKeySecretName=joinkey-secret
and ensuring that the contents of the secret remain unchanged.You need to enter the JFrog URL.
You can either pass the JFrog URL along with the Helm install/upgrade command or pass it along with the
values.yaml
file.The following example shows the
values.yaml
file with the JFrog URL.xray: jfrogUrl: <JFrog URL>
For an HA Xray installation, set the
replicaCount
value as >1 (the recommended is 3).You can either pass the value along with the Helm install/upgrade command or pass it along with the
values.yaml
file.The following example shows the
values.yaml
file with thereplicaCount
values.replicaCount: 3
Create a values.yaml file with all the required configuration if you want to proceed with an installation that holds all the configurations in a
values.yaml
file.You can also use separate configuration files for each configuration and pass them as separate YAML files.
The following sample shows an example
values.yaml
file with join key and master key as secrets, replicaCount, and JFrog URL.replicaCount: 3 xray: jfrogUrl: http://artifactory.rt:8082 joinKeySecretName: joinkey-secret masterKeySecretName: masterkey-secret
The following sample shows an example
values.yaml
file with join key, master key, replicaCount, and JFrog URL.replicaCount: 3 xray: jfrogUrl: http://artifactory.rt:8082 joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE masterKey: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Run the Helm install command to proceed with the installation.
The following command shows how you can pass the required values through a
values.yaml
file.helm upgrade --install xray --namespace xray -f values.yaml
The following command shows how you can pass the required values along with the command.
helm upgrade --install xray --set xray.masterKey=${MASTER_KEY} \ --set xray.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY> \ --set xray.jfrogUrl=<YOUR_PREVIOUSLY_RETRIEVED_BASE_URL> --namespace xray jfrog/xray
The following command shows how you can pass join key and master key as a secret along with the command.
helm upgrade --install xray --set xray.masterKeySecretName=masterkey-secret \ --set xray.joinKeySecretName=joinkey-secret \ --set xray.jfrogUrl=<YOUR_PREVIOUSLY_RETRIEVED_BASE_URL> --namespace xray jfrog/xray
To access the logs, find the name of the pod using the following command.
kubectl --namespace <your namespace> get pods
To get the container logs, run the following command.
kubectl --namespace <your namespace> logs -f <name of the pod>
Customize the product configuration.
Note
Unlike other installations, Helm Chart configurations are made to the
values.yaml
and are then applied to thesystem.yaml
.Follow these steps to apply the configuration changes.
Make the changes to
values.yaml.
Run the command.
helm upgrade --install xray --namespace xray -f values.yaml
Access Xray from your browser at:
http://<jfrogUrl>/ui/
and go to Xray Security & Compliance tab in the Administration module in the UICheck the status of your deployed helm releases.
helm status xray
Note
For advanced installation options, see Helm Charts Installers for Advanced Users.