How to use ingress-controller for Artifactory and configure Subdomain Docker Access Method on Kubernetes

Vignesh Surendrababu
2021-05-18 06:00

Relevant versions: This information pertains to Artifactory versions above 7

NGINX Ingress Controller is a traffic management solution for cloud‑native apps in Kubernetes and containerized environments.

When getting started with Docker and your on-prem Artifactory Pro installation using the subdomain method, you would need to configure a reverse proxy and here we'll use an Nginx Ingress Controller. To do this sensibly, you'll want to have an Ingress Controller installed on your Kubernetes cluster.

You may refer to the example instructions available on this external article to install the Ingress Controller

As this example specifically enables Artifactory to work as a Docker Registry using the Subdomain method. Refer to, Artifactory as Docker Registry documentation for more information about this setup.

Follow these steps to configure the rewrite rules in Ingress Controller.

Step 1: Over the example, we have used a GKE cluster and installed Ingress Controller using instructions available here
Example:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.45.0/deploy/static/provider/cloud/deploy.yaml -n ingress-nginx

Step 2: Obtain a wildcard SSL certificate or use a wildcard self-signed certificate. Make sure your certificate matches the Artifactory hostname used in your reverse proxy configuration. In our example below we will use artifactory.jfrogsupport.in

Step 3: Use the below annotations and Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom values.yaml file

nginx:
  enabled: false
ingress:
  enabled: true
  defaultBackend:
    enabled: false
  hosts:
    – artifactory.jfrogsupport.in
    – '*.artifactory.jfrogsupport.in'
  tls:
    – secretName: ingress-tls
      hosts:
        – artifactory.jfrogsupport.in
        – '*.artifactory.jfrogsupport.in'
  annotations:
    ingress.kubernetes.io/force-ssl-redirect: "true"
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-read-timeout: "2400"
    ingress.kubernetes.io/proxy-send-timeout: "2400"
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: "/"
    nginx.ingress.kubernetes.io/proxy-buffering: "off"
    nginx.ingress.kubernetes.io/server-alias: artifactory.jfrogsupport.in *.artifactory.jfrogsupport.in
    nginx.ingress.kubernetes.io/configuration-snippet: |
      if ($host ~ "^(?<repo>.+).artifactory.jfrogsupport.in") {
        set $repo $1;
      } 
      rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/v2/$1 break;

Step 4: Perform a helm upgrade using the custom values.yaml
Example values.yaml:

artifactory:
  node:
    replicaCount: 1
  masterKey: <provide master.key>
  joinKey: <provide join.key>
postgresql:
  postgresqlPassword: <provide database password>
databaseUpgradeReady: true
unifiedUpgradeAllowed: true
nginx:
  enabled: false
ingress:
  enabled: true
  defaultBackend:
    enabled: false
  hosts:
    – artifactory.jfrogsupport.in
    – '*.artifactory.jfrogsupport.in'
  tls:
    – secretName: ingress-tls
      hosts:
        – artifactory.jfrogsupport.in
        – '*.artifactory.jfrogsupport.in'
  annotations:
    ingress.kubernetes.io/force-ssl-redirect: "true"
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-read-timeout: "600"
    ingress.kubernetes.io/proxy-send-timeout: "600"
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: "/"
    nginx.ingress.kubernetes.io/proxy-buffering: "off"
    nginx.ingress.kubernetes.io/server-alias: artifactory.jfrogsupport.in *.artifactory.jfrogsupport.in
    nginx.ingress.kubernetes.io/configuration-snippet: |
      if ($host ~ "^(?<repo>.+).artifactory.jfrogsupport.in") {
        set $repo $1;
      } 
      rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/v2/$1 break;

Command:

helm upgrade –install artifactory jfrog/artifactory-ha -f values.yaml –namespace <namespace>

To verify the Docker login:

docker login -u admin -p password <repository-name>.artifactory.jfrogsupport.in

Perform Docker Pull and Push using the below format:

docker pull/push <repository-name>.artifactory.jfrogsupport.in/nginx:latest

Published: May 18, 2021