Install JFrog Advanced Security on your Self-Hosted Environment without Helm

JFrog Security Documentation


JAS requires a Kubernetes cluster for running its workloads. To overcome this limitation, JAS installation includes a streamlined solution that leverages the lightweight K3s distribution to create a Kubernetes cluster using virtual machines for those users not using a Kubernetes cluster.

Configure JAS in an Air-gapped Non-Helm Environment

You need to do certain configurations to make sure that JAS works without any issues in an air-gapped environment. After these configurations, you can proceed with the installation.

Port Configuration

Ensure that you open the following ports before you proceed.

  • Between Xray and k3s master VM - 6443,10250

  • Between k3s VMs - Refer the k3s documentation

  • Between k3s VMs and Artifactory - 8082

Artifactory Configuration

Run the following steps to configure Artifactory.

Xray Configuration

You need to do the Xray configuration in the Xray node or just the first node if you use an HA setup.

  1. Install Docker in the air-gapped Xray node so that you can run the Ansible playbook to set up the k3s infrastructure.

  2. Run the following commands from a machine that has Internet access.

    docker pull 
    docker save | gzip > ansible.tar
  3. Copy ansible.tarvfile to the Xray machine.

  4. Run the following command in the Xray machine.

    docker load < ansible.tar
  5. Make the following changes to the Xray System YAML and restart the Xray service.Xray System YAML

                enabled: true

k3s Node Configuration

Configure k3s node VMs. We recommend that you use three VMs - 1 as master and 2 as workers.

  1. Create the VMs for k3s.

  2. Download the following k3s resources from a machine that was Internet access.

    • k3s binaries (k3s version - 1.24.10+k3s1)

    • k3s airgapped images

  3. Copy k3s binary to /usr/local/bin in the k3s VM and make it executable.

    sudo cp k3s /usr/local/bin
    cd /usr/local/bin
    chmod +x k3s
  4. Copy k3s images to /var/lib/rancher/k3s/agent/images/ in the k3s VM.

    sudo mkdir -p /var/lib/rancher/k3s/agent/images/
    sudo cp k3s-airgap-images-amd64.tar.gz /var/lib/rancher/k3s/agent/images/
Install JAS in an Air-gapped Non-Helm Environment

Ensure that you complete the prerequisites and complete the configuration for an air-gapped environment.

Load Exposure and Contextual Analysis Images

You must load exposure and contextual analysis images to all k3s VMs.

  1. Download images on a machine that has Internet connection.

    docker pull --platform=linux/amd64<XRAY_VERSION>
    docker pull --platform=linux/amd64<XRAY_VERSION>
  2. Save the images as tar files.

    docker save<XRAY_VERSION> > jas_exposure.tar
    docker save<XRAY_VERSION> > jas_contextual_analysis.tar
  3. Copy the tar files to all k3s nodes and load with the following commands.

    k3s ctr images import jas_exposure.tar
    k3s ctr images import jas_contextual_analysis.tar