In order to configure to use an NFS to store the checksum and backups when running Artifactory on a kubernetes cluster installed using helm charts, we have to create the PV and PVC manually in the Kubernetes cluster using the NFS.
Then we need to map those created PVC to the Artifactory helm deployment using the values.yaml.
Below the steps to configure mount the NFS mount point to the Artifactory helm deployment. In this example, we have used a VM in GCP with CentOs
Step 1: Create the GCP machine with CentOS (You may use any OS type)
Step 2: Login to the server and Install the below package for the NFS server using the yum command. (It is also possible to use an existing NFS server).
yum install -y nfs-utils
Step 3: Once the packages are installed, enable and start NFS services.
systemctl start nfs-server rpcbind systemctl enable nfs-server rpcbind
Step 4: Create an NFS Share on the server and Allow the NFS client to read and write to the created directory.
mkdir /nfsfileshare1 chmod 777 /nfsfileshare1/
Step 5: As a next step modify the /etc/exports file to make an entry of the directory /nfsfileshare1 that you want to share.
1. vi /etc/exports
2. Add the NFS share something like below to the file.
/nfsfileshare1 10.110.20.111(rw,sync,no_root_squash)
a. /nfsfileshare1: shared directory
b. 10.110.20.111: IP address of client machine. We can also use the hostname instead of an IP address. It is also possible to define the range of clients with subnets like 10.110.20.111/24. For this, I have used ‘*’ so that all clients can access the NFS server.
c. rw: Writable permission to shared folder
d. sync: All changes according to the filesystem are immediately flushed to disk; the respective write operations are being waited for.
e. no_root_squash: By default, any file request made by user root on the client machine is treated as by user nobody on the server. (Exactly which UID the request is mapped to depends on the UID of user “nobody” on the server, not the client.) If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server.
Step 6: Export the shared directories using the following command and to complete the NFS Server configuration use the below command.
exportfs -r
Step 7: We may need to configure the firewall on the NFS server to allow NFS clients to access the NFS share. To do that, run the following commands on the NFS server.
firewall-cmd --permanent --add-service mountd firewall-cmd --permanent --add-service rpc-bind firewall-cmd --permanent --add-service nfs firewall-cmd --reload
Step 8: Log in to the Kubernetes cluster and create PV using the below YAML and kubectl command using the NFS Server. On this example we have used a GKE cluster
$ kubectl apply -f pv-nfs1.yaml -namespace artifactory
pv-nfs1.yaml
apiVersion: v1 kind: PersistentVolume metadata: name: artifactory-ha-data-pv-nfs1 labels: id: artifactory-ha-data-pv-nfs1 type: nfs-volume spec: capacity: storage: 50Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain nfs: server: "10.110.20.111" path: "/nfsfileshare1" readOnly: false
Step 9: Create the PVC from the created PV in step 8 using the below YAML and kubectl command.
$ kubectl apply -f pv-nfs1.yaml -namespace artifactory
pvc-nfs1.yaml
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: artifactory-ha-nfs-pvc-nfs1 labels: type: nfs-volume spec: accessModes: - ReadWriteOnce storageClassName: "" resources: requests: storage: 50Gi selector: matchLabels: id: artifactory-ha-data-pv-nfs1
Step 10: Create Another PV using the below YAML and kubectl command file from the created NFS Server to configure the Artifactory backup. I have created another NFS server so that I can store the backup on different NFS.
$ kubectl apply -f pv-nfs2.yaml -namespace artifactory
pv-nfs2.yaml:
apiVersion: v1 kind: PersistentVolume metadata: name: artifactory-ha-data-pv-nfs2 labels: id: artifactory-ha-data-pv-nfs2 type: nfs-volume spec: capacity: storage: 50Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain nfs: server: "10.110.20.112" path: "/nfsfileshare2" readOnly: false
Step 11: Create the PVC from the created PV in step 10 using the below YAML and kubectl command.
$ kubectl apply -f pv-nfs2.yaml -namespace artifactory
pvc-nfs2.yaml
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: artifactory-ha-nfs-pvc-nfs2 labels: type: nfs-volume spec: accessModes: - ReadWriteOnce storageClassName: "" resources: requests: storage: 50Gi selector: matchLabels: id: artifactory-ha-data-pv-nfs2
Step 12: Create the values.yaml with the below snippet.
values.yaml
postgresql: enabled: true postgresqlPassword: Password@123 nginx: enabled: true databaseUpgradeReady: true unifiedUpgradeAllowed: true artifactory: masterKeySecretName: my-masterkey-secret joinKeySecretName: my-joinkey-secret copyOnEveryStartup: - source: /artifactory_bootstrap/binarystore.xml target: etc/artifactory/ customVolumes: | - name: "nfs-vol1" persistentVolumeClaim: claimName: "artifactory-ha-nfs-pvc-nfs1" - name: "nfs-vol2" persistentVolumeClaim: claimName: "artifactory-ha-nfs-pvc-nfs2" customVolumeMounts: | - name: "nfs-vol1" mountPath: "/var/opt/jfrog/artifactory/JFROG/filestore" - name: "nfs-vol2" mountPath: "/var/opt/jfrog/artifactory/JFROG/backup" persistence: type: "file-system" binarystoreXml: <config version="v1"> <chain template="file-system"/> <provider id="file-system" type="file-system"> <baseDataDir>/opt/jfrog/artifactory/var/JFROG</baseDataDir> <fileStoreDir>filestore</fileStoreDir> </provider> </config>
Step 13: Execute the below helm command to install Artifactory using helm charts.
$ helm upgrade --install artifactory -f values.yaml -namespace artifactory jfrog-charts/artifactory
After successful installation, you can check the filestore configured by login into Artifactory and navigating to the Administration→Monitoring→Storage.
Also, Configure the Artifactory backup on the ‘/var/opt/jfrog/artifactory/JFROG/backup’ directory that we have mounted on the Artifactory. For more information about Backups, Please refer to our Backups confluence page.