As we are using the JFrog Platform charts in this example, make sure to add the JFrog helm repository to your helm client using the commands below
Since Xray requires Artifactory to be installed prior, enable the Artifactory in the values. yaml as shown below
Once enabling the Artfactory, let’s construct the environment variables and Kubernetes secrets required for Xray to connect to PostgreSQL database
Step 1: Create a kubernetes secret using the below command using the certificate and key files
Step 2: Export the connection strings as shown below and update the directory on the connection string to point
Step 3: Now, Update values.yaml of Platform charts under xray section with below configuration and you will need to enable the customCertificates, then use the secret name created on step 1 in certificateSecretName field
Step 4: Use the below values.yaml file format and perform a helm install or upgrade
Note: On the above values.yaml Artifactory, Xray, rabbitmq needs to be enabled
To perform installation or upgrade:
$ helm repo add jfrog https://charts.jfrog.io $ helm repo update
Since Xray requires Artifactory to be installed prior, enable the Artifactory in the values. yaml as shown below
artifactory: enabled: true
Once enabling the Artfactory, let’s construct the environment variables and Kubernetes secrets required for Xray to connect to PostgreSQL database
Step 1: Create a kubernetes secret using the below command using the certificate and key files
$ kubectl create secret generic postgres-tls --from-file=client-key.pem --from-file=client-cert.pem --from-file=server-ca.pem --namespace jfrog-platform
Step 2: Export the connection strings as shown below and update the directory on the connection string to point
"$JFROG_HOME/xray/var/etc/security/keys/trusted"
export XRAY_POSTGRESQL_HOST=<provide the host>
export XRAY_POSTGRESQL_PORT=5432
export XRAY_POSTGRESQL_USER=xray
export XRAY_POSTGRESQL_PASSWORD=password
export XRAY_POSTGRESQL_DATABASE=<provide the database name>
export XRAY_POSTGRESQL_SERVER_CA=server-ca.pem
export XRAY_POSTGRESQL_CLIENT_CERT=client-key.pem
export XRAY_POSTGRESQL_CLIENT_KEY=client-cert.pem
export XRAY_POSTGRESQL_TLS_SECRET=postgres-tls
export XRAY_POSTGRESQL_CONN_URL="postgres://${XRAY_POSTGRESQL_HOST}:${POSTGRESQLXRAY_POSTGRESQL_PORT_PASSWORD}@${XRAY_POSTGRESQL_HOST}:${XRAY_POSTGRESQL_PORT}/${XRAY_POSTGRESQL_DATABASE}?sslrootcert=opt/jfrog/xray/var/etc/security/keys/trusted/${XRAY_POSTGRESQL_SERVER_CA}&sslkey=opt/jfrog/xray/var/etc/security/keys/trusted/${XRAY_POSTGRESQL_CLIENT_KEY}&sslcert=opt/jfrog/xray/var/etc/security/keys/trusted/${XRAY_POSTGRESQL_CLIENT_CERT}&sslmode=verify-ca" Step 3: Now, Update values.yaml of Platform charts under xray section with below configuration and you will need to enable the customCertificates, then use the secret name created on step 1 in certificateSecretName field
xray: enabled: true ## certificates added to this secret will be copied to $JFROG_HOME/xray/var/etc/security/keys/trusted directory customCertificates: enabled: true certificateSecretName: postgres-tls
Step 4: Use the below values.yaml file format and perform a helm install or upgrade
global:
database:
initDBCreation: false
postgresql:
enabled: false
artifactory:
enabled: true
artifactory:
replicaCount: 1
xray:
enabled: true
common:
preStartCommand: "chmod 600 /var/opt/jfrog/xray/etc/security/keys/trusted/postgres.crt && ls -ltr"
## certificates added to this secret will be copied to $JFROG_HOME/xray/var/etc/security/keys/trusted directory
customCertificates:
enabled: true
certificateSecretName: postgres-tls
database:
url: '${XRAY_POSTGRESQL_CONN_URL}'
user: ${XRAY_POSTGRESQL_USER}
password: ${XRAY_POSTGRESQL_PASSWORD}
rabbitmq:
enabled: true
redis:
enabled: false
distribution:
enabled: false
insight:
enabled: false
pipelines:
enabled: false Note: On the above values.yaml Artifactory, Xray, rabbitmq needs to be enabled
To perform installation or upgrade:
$ helm upgrade --install jfrog-platform --namespace jfrog-platform jfrog/jfrog-platform