Amazon's Elastic Cloud Kubernetes (EKS) Anywhere is a new deployment option for Amazon EKS, which allows customers to create and operate Kubernetes clusters on customer-managed infrastructure, supported by AWS.
Unlike the Bring Your Own License (BYOL) model, which uses a Docker image, the deployment of JFrog Artifactory on Elastic Cloud Kubernetes (EKS), EKS Anywhere uses Helm Charts to leverage the AWS License Manager.
Use Elastic Cloud Kubernetes (EKS) / EKS Anywhere
To set up AWS Container Marketplace using JFrog Artifactory on Elastic Cloud Kubernetes (EKS) / EKS Anywhere, follow these instructions.
Prerequisites
An active AWS subscription
EKS / EKS-Anywhere / any Kubernetes installation
Setup
Subscribe to the listing.
Navigate toContinue to configuration | Continue to launch | select the Launch target & method.
Follow the Launch instructions to your launch target.
Upgrade Artifactory in the AWS Container Marketplace
To upgrade, you will need to relaunch the EKS instance with the new version and connect to the same database.
AWS License Manager
The AWS License Manager enables the creation and management of software licenses for container products on Marketplace, which extends the licensing possibilities for container products on Marketplace to pay upfront contract pricing in addition to pay as you go pricing models, creating a flexible model for license management.
This document describes the integration process of the AWS License Manager, with JFrog Artifactory, and is intended for AWS Marketplace customers. The AWS License Manager is designed to provide efficient usage of licenses, enabling customers to maximize the way in which they utilize licenses, and reduce the need for multiple licenses.
The AWS License Manager makes it easier for organizations to manage their software licenses from different vendors. The JFrog Artifactory integration with the Amazon AWS Container Marketplace supports two models for licensing support:
Elastic Cloud Kubernetes (EKS) /EKS Anywhere
Bring Your Own License (BYOL) model
Configure the Required Artifactory Parameters to Integrate the AWS License Manager with Artifactory
For Artifactory to work with the AWS License Manager, you will need to configure the following Artifactory parameters:
Parameter | Details |
IS_AWS_LICENSE | This parameter decides in which mode to start up the license manager, and whether to use Artifactory or AWS. |
AWS_WEB_IDENTITY_REFRESH_TOKEN_FILE | This is the path to the token file that is required to identify with the AWS license manager. |
AWS_REGION | This parameter sets the region; the default is us-east-1. |
AWS_ROLE_ARN | This is the role that holds the permissions for the license. |
AWS License Manager Licensing Lifecycle Workflow
The licensing lifecycle consists of three main calls, which support the licensing functionality:
Check-out
Extend license usage
Check-in
Check-out
In this call, the customer goes to the AWS License Manager to get a license, thereby “checking out” the license from the available pool.
Extend License Usage
Once a license has been successfully checked-out from the AWS License Manager, the JFrog Platform will monitor its validity and try to extend it, if required. As long as extension is continued--and as long as there has not been a lull in reporting for over 1 hour--the license remains in effect and available, for as long as the reporting continues.
Check-in
After the customer has completed using the license, they will use the check-in call. For example, when done, a graceful shutdown of the server will automatically check the license back into the pool.
License Termination
While the license check-in is the preferred method of returning a license to the pool, the call to extend license usage will also provide the same result in cases such as Internet connectivity problems.
This works by the assumption of the AWS License Manager that if reporting stops, for any reason (such as a disconnect), the extension is terminated, and the license is returned to the license pool after 60 minutes (note that the same task that checks for the extension will also try to acquire a new license if the license has been terminated).
Read-only Mode
Whenever the license expires, Artifactory will fall back to read-only mode, the same as it does today whenever a license expires. The customer will be able to view the packages but most actions will be blocked due to license expiry. Read-only mode will also happen if a license fails to be acquired.
Use the Bring Your Own License (BYOL) Model
The AWS Container Marketplace offers an alternative Docker image to the official JFrog Artifactory Docker image. The Marketplace image is identical to the official JFrog Artifactory Docker image, but does not start up with the default credentials (admin:password). Instead; the user must get or set the first time password.
Prerequisites
An active AWS subscription
An Artifactory Pro (or higher) license
Docker (or service capable of deploying Docker images)
Setup
Navigate to Continue to configuration | Continue to launch | View container image details.
Follow the login instructions and perform a pull of the image.
Configure the image as you would configure the official JFrog Docker image (with a different image name).
Run the image and get or set the first time password.
Set the Password for the First Time
Amazon AWS Container Marketplace does not allow default passwords. You must provide a password during container initialization or one will be randomly generated.
To set the first time initialization password for the 'admin' user, pass the environment variable ARTIFACTORY_PASSWORD
with the desired password.
Example
docker run ... --env ARTIFACTORY_PASSWORD=my-new-password <image-url>
If no initialization password is provided, one will be generated and printed to the logs.
To get the randomly generated password, look at the first few lines of the Docker container logs.
Example
docker logs <container-id> | head -n 10 INFO: Since ARTIFACTORY_PASSWORD environment is not set. We are generating our own random password. Generated ARTIFACTORY_PASSWORD is Ieqo868W99SBY5cqzx
Note
This password is only valid for the initial setup and should then be changed via the UI or REST API.
Upgrade Artifactory in the AWS Container Marketplace
Follow the official Docker to Docker upgrade procedure, using a different image name/source.