Xray on OpenShift is available from version 3.80.9 onwards.
Before you proceed with the installation, review the system requirements.
Follow these steps to install the product:
Add the charts.jfrog.io to your Helm client.
helm repo add jfrog https://charts.jfrog.io
Update the repository.
helm repo update
Installation requires a join key.
You can pass the join key along with the Helm install/upgrade command or pass it in a
values.yaml
file.The following sample shows how to provide join key in the
values.yaml
file.xray: joinKey: <join key value>
Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. The key must be named join-key.
kubectl create secret generic joinkey-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>
The following example shows the
values.yaml
file with the join key secret.xray: joinKeySecretName: joinkey-secret
Note
In either case, make sure to pass the same join key on all future calls to
helm install
andhelm upgrade
. This means always passing--set xray.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>
. In the second, this means always passing--set xray.joinKeySecretName=joinkey-secret
and ensuring that the contents of the secret remain unchanged.You need to enter the JFrog URL.
You can either pass the JFrog URL along with the Helm install/upgrade command or pass it along with the
values.yaml
file.The following example shows the
values.yaml
file with the JFrog URL.xray: jfrogUrl: <JFrog URL>
When you deploy Xray helm chart on an OpenShift cluster, you need to disable the
podSecurityContext
andcontainerSecurityContext
. Default OpenShift functionality automatically assigns and arbitrary UID block associated with the project.Set the following values in the
values.yaml
so that you can pass it along with the installation.containerSecurityContext: enabled: false podSecurityContext: enabled: false rbac: create: true serviceAccount: create: true rabbitmq: rbac: create: true podSecurityContext: enabled: false containerSecurityContext: enabled: false
To make PostgreSQL work on OpenShift, disable the securityContext in the pod and container level in the
values.yaml
file, and set the following values.postgresql: postgresqlPassword: password securityContext: enabled: false containerSecurityContext: enabled: false serviceAccount: enabled: true
Create a
values.yaml
file with all the required configuration if you want to proceed with an installation that holds all the configurations in avalues.yaml
file.You can also use separate configuration files for each configuration and pass them as separate yaml files.
The following sample shows an example
values.yaml
file with join key and JFrog URL.xray: jfrogUrl: http://artifactory.rt:8082 joinKey: EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE containerSecurityContext: enabled: false podSecurityContext: enabled: false rbac: create: true serviceAccount: create: true rabbitmq: rbac: create: true podSecurityContext: enabled: false containerSecurityContext: enabled: false postgresql: postgresqlPassword: password securityContext: enabled: false containerSecurityContext: enabled: false serviceAccount: enabled: true
The following sample shows an example
values.yaml
file with join key as a secret and JFrog URL.xray: jfrogUrl: http://artifactory.rt:8082 joinKeySecretName: joinkey-secret containerSecurityContext: enabled: false podSecurityContext: enabled: false rbac: create: true serviceAccount: create: true rabbitmq: rbac: create: true podSecurityContext: enabled: false containerSecurityContext: enabled: false postgresql: postgresqlPassword: password securityContext: enabled: false containerSecurityContext: enabled: false serviceAccount: enabled: true
To access the logs, find the name of the pod using the following command.
kubectl --namespace <your namespace> get pods
To get the container logs, run the following command.
kubectl --namespace <your namespace> logs -f <name of the pod>
Customize the product configuration (optional).
Unlike other installations, Helm Chart configurations are made to the
values.yaml
and are then applied to thesystem.yaml
.Follow these steps to apply the configuration changes.
Make the changes to
values.yaml.
Run the command.
helm upgrade --install xray --namespace xray -f values.yaml
Access Xray from your browser at:
http://<jfrogUrl>/ui/:port
.Go to the Xray Security & Compliance tab in the Administration module in the UI.
Check the status of your deployed Helm release.
helm status xray
Note
Xray Helm Chart installation uses "/" as the RabbitMQ vhost. If you install Xray with the JFrog Platform charts, the RabbitMQ vhost is named "xray".
For advanced installation options, see Helm Charts Installers for Advanced Users.