How to install Xray HA in K8s? [Video]

Loren Yeung
2021-02-02 09:37

This video goes over how to install JFrog Xray 3.x with a HA configuration in a GKE environment. Prerequisites: Basic knowledge of how to use Helm charts, Helm Client, k8s, Artifactory basics


Video Transcription

Hi there. My name is Loren from JFrog.

Today I will be going over how to install Xray HA on Kubernetes. A brief introduction of Xray for those who don’t know. Xray is a JFrog product that performs binary indexing and scanning.

It is able to identify vulnerabilities with your repositories and build it from its vast compiled database and provide alerts to the relevant stakeholders.

In addition, Xray is able to perform license compliance. So you can allow or disallow artifacts based upon their licensing. Xray is also capable of drilling down and figuring out whether a vulnerable artifact exists in other parts of your Artifactory instance, whether it be part of an archive, in a repository or any snapshot build.

Xray is fully capable of highly available or HA installation. We will walk over this type installation today on the Google Cloud Platform. You’ll want to make sure that your nodes are sized correctly as Xray will consume a non-trivial amount of compute power.

We’ll get started with three nodes of 12 CPUs each. I have pre-installed Artifactory 7 with this machine as you’ll need Artifactory 7 already installed for Xray to join, as well as set up the Helm client, [inaudible 00:01:21].

Let’s get started. Here we can see the Helm version as well as the three nodes. First, you want to start off with adding the Helm repo locally to your Helm install.

Then you’ll want to run helm repo update to get all the updated charts. Let’s quickly install Artifactory. Once that’s done, let’s get the IP address.

It’ll show up momentarily, basically the UI. I skipped over the license details and passwords for privity. Artifactory is now installed.

Now let’s set up Xray. Navigate to security, settings and unlock the details with your password. Go ahead and copy that join key.

Now you want to generate a Kubernetes secret from your join key using the following command.

Now let’s create your master key secret. By default, the master key value in our helm chart is hard hard-coded for demo purposes so you want to use something like open SSL to randomize it. It’s the same command before to create the secret.

Now that you’ve created your secret, you want to put them into a [inaudible 00:03:01]. So you can see here the end result is a Jfrog URL which you see reachable public URL from Artifactory.

Your join key and master key secrets on replica account. Normally an Xray HA installation will require three VMs installed three times set up in a cluster. But on Kubernetes, you can set the replica count and this will set the number of nodes over installation. We recommend setting the RabbitMQ back their count to match the number of Xray nodes.

Finally, we recommend setting the password somewhere for ease of upgrade for each database. Alternatively, you can auto-generate the passwords and pass it in for each upgrade field that Helm client.

Let’s go ahead and install Xray now.

We can see here that the replica accounts coming up for RabbitMQ and now that the Xray nodes are coming up as well. Now all three nodes that I can figure out. Let’s go to the URL

There we have it. We can advocate to in-depth resources as you see the index repos, obviously we have none. You can go to monitoring and under service status. We can see all three nodes of Xray is running. You can find our charts on our GitHub/JFrog/charts, and then navigating to the stable and then /Xray for the Xray charts where you will find further configuration details and other settings, including diva. The full values are yet more as well as ways to configure workers and other loads. Thank you for watching my video on how to install Xray HA on Kubernetes.