ARTIFACTORY: Best practice configuring Helm smart remote repository

Sai Undurthi
2023-01-22 11:10

This article talks about best practices that we should implement while configuring a Smart remote repository with Helm.

It is a common practice to use reverse proxies with port while setting up On-premise Artifactory instances. Overriding the port in reverseProxy configuration in config descriptor as shown below is how one would configure:

Note: This applies only when hardcoding the port in ReverseProxy section <reverseProxies>
        <reverseProxy>
            <key>nginx</key>
            <webServerType>nginx</webServerType>
            <artifactoryAppContext>artifactory</artifactoryAppContext>
            <publicAppContext>artifactory</publicAppContext>
            <serverName>server.artifactory.com</serverName>
            <serverNameExpression xsi:nil="true"/>
            <sslCertificate xsi:nil="true"/>
            <sslKey xsi:nil="true"/>
            <dockerReverseProxyMethod>portPerRepo</dockerReverseProxyMethod>
            <useHttps>false</useHttps>
            <useHttp>true</useHttp>
            <sslPort>443</sslPort>

When we do so and reach the on-prem environment with "443" (as can be seen in the "reverseProxies" section in the config.xml), we have to align the remote repo config in the target Artifactory instance to have the port mentioned as well. 

For example:

Even though 443 is default port for https you’d need to configure the target Artifactory instance remote repository to be "https://server.artifactory.com:443/artifactory/helm/" instead of 
"https://server.artifactory.com/artifactory/helm/".

Absence of doing that can cause the “index.yaml” file in target remote repository to not be overwritten with target Artifactory URL.

UNEXPECTED BEHAVIOR:

Assuming abc.jfrog.io is our target Artifactory instance where the smart remote repository is configured pointing to source Artifactory helm repository[ https://server.artifactory.com/artifactory/helm/ ] you’d notice the helm index on abc.jfrog.io to have the URL’s pointing to  https://server.artifactory.com:443/ instead of being overwritten to https://abc.jfrog.io

Example of index file on abc.jfrog.io- apiVersion: v2
    created: 2022-12-14T01:03:05.6801Z
    description: A Helm chart for Kubernetes
    digest: 03c6ad1f6b723b98bea9efb3453fw3f380d7a0f4aaa849bfdc445
    name: exper
    urls:
    - https://server.artifactory.com:443/artifactory/api/helm/helm/exper-1.1.0.tgz
    type: application

FIX:

  • Configure the remote helm repository using the port https://server.artifactory.com:443/artifactory/helm/ 
  • Zap cache and Re-calculate index.

Example of fixed index file on abc.jfrog.io would be overwritten like:
 - apiVersion: v2
    created: 2022-12-14T01:03:05.6801Z
    description: A Helm chart for Kubernetes
    digest: 03c6ad1f6b723b98bea9efb3453fw3f380d7a0f4aaa849bfdc445
    name: exper
    urls:
    - https://abc.jfrog.io/artifactory/api/helm/helm/exper-1.1.0.tgz
    type: application