JFrog Distribution Helm Chart - DEPRECATED

This chart is deprecated! You can find the new chart in:

• Sources: https://github.com/jfrog/charts
• Charts repository: https://charts.jfrog.io

helm repo add jfrog https://charts.jfrog.io

Prerequisites Details

• Kubernetes 1.8+

Chart Details

This chart will do the following:

• Deploy Mongodb database.
• Deploy a Redis.
• Deploy a distributor.
• Deploy a distribution.

Requirements

• A running Kubernetes cluster
• Dynamic storage provisioning enabled
• Default StorageClass set to allow services using the default StorageClass for persistent storage
• A running Artifactory Enterprise Plus
• Kubectl installed and setup to use the cluster
• Helm installed and setup to use the cluster (helm init)

Installing the Chart

To install the chart with the release name distribution:

helm install --name distribution stable/distribution

Accessing Distribution

NOTE: It might take a few minutes for Distribution's public IP to become available, and the nodes to complete initial setup. Follow the instructions outputted by the install command to get the Distribution IP and URL to access it.

Updating Distribution

Once you have a new chart version, you can update your deployment with

helm upgrade distribution stable/distribution

Create a unique Master Key

JFrog Distribution requires a unique master key to be used by all micro-services in the same cluster. By default the chart has one set in values.yaml (distribution.masterKey).

This key is for demo purpose and should not be used in a production environment!

You should generate a unique one and pass it to the template at install/upgrade time.

# Create a key
$ export MASTER_KEY=$(openssl rand -hex 32)
$ echo ${MASTER_KEY}

# Pass the created master key to helm
$ helm install --set distribution.masterKey=${MASTER_KEY} -n distribution stable/distribution

NOTE: Make sure to pass the same master key with --set distribution.masterKey=${MASTER_KEY} on all future calls to helm install and helm upgrade!

External Databases

There is an option to use external database services (MongoDB or PostgreSQL) for your Distribution.

MongoDB

To use an external MongoDB, You need to set Distribution MongoDB connection URL.

For this, pass the parameter: mongodb.enabled=false,global.mongoUrl=${DISTRIBUTION_MONGODB_CONN_URL},global.mongoAuditUrl=${DISTRIBUTION_MONGODB_AUDIT_URL}.

IMPORTANT: Make sure the DB is already created before deploying Distribution services

# Passing a custom MongoDB to Distribution

# Example
# MongoDB host: custom-mongodb.local
# MongoDB port: 27017
# MongoDB user: distribution
# MongoDB password: password1_X

$ export DISTRIBUTION_MONGODB_CONN_URL='mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@custom-mongodb.local:27017/${MONGODB_DATABSE}'
$ export DISTRIBUTION_MONGODB_AUDIT_URL='mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@custom-mongodb.local:27017/audit?maxpoolsize=500'
$ helm install -n distribution --set global.mongoUrl=${DISTRIBUTION_MONGODB_CONN_URL},global.mongoAuditUrl=${DISTRIBUTION_MONGODB_AUDIT_URL} stable/distribution

External Redis

To use an external Redis, You need to disable the use of the bundled Redis and set a custom Redis connection URL.

For this, pass the parameters: redis.enabled=false and global.redisUrl=${DISTRIBUTION_REDIS_CONN_URL}.

IMPORTANT: Make sure the DB is already created before deploying Distribution services

# Passing a custom Redis to Distribution

# Example
# Redis host: custom-redis.local
# Redis port: 6379
# Redis password: password2_X

$ export DISTRIBUTION_REDIS_CONN_URL='redis://:${REDIS_PASSWORD}@custom-redis.local:6379'
$ helm install -n distribution --set redis.enabled=false,global.redisUrl=${DISTRIBUTION_REDIS_CONN_URL} stable/distribution

Configuration

The following table lists the configurable parameters of the distribution chart and their default values.

Specify each parameter using the --set key=value[,key=value] argument to helm install.

Ingress and TLS

To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:

helm install --name distribution \
  --set ingress.enabled=true \
  --set ingress.hosts[0]="distribution.company.com" \
  --set distribution.service.type=NodePort \
  stable/distribution

If your cluster allows automatic creation/retrieval of TLS certificates (e.g. cert-manager), please refer to the documentation for that mechanism.

To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:

kubectl create secret tls distribution-tls --cert=path/to/tls.cert --key=path/to/tls.key

Include the secret's name, along with the desired hostnames, in the Distribution Ingress TLS section of your custom values.yaml file:

  ingress:
    ## If true, Distribution Ingress will be created
    ##
    enabled: true

    ## Distribution Ingress hostnames
    ## Must be provided if Ingress is enabled
    ##
    hosts:
      - distribution.domain.com
    annotations:
      kubernetes.io/tls-acme: "true"
    ## Distribution Ingress TLS configuration
    ## Secrets must be manually created in the namespace
    ##
    tls:
      - secretName: distribution-tls
        hosts:
          - distribution.domain.com

Useful links

• https://www.jfrog.com/confluence/display/EP/Getting+Started
• https://www.jfrog.com/confluence/display/DIST/Installing+Distribution
• https://www.jfrog.com/confluence/