Update the examples based on the suggestions provided. Use an externa…

…l database whenever possible, and ensure all information is passed securely using secrets.
jfrog · Jan 6, 2025 · cc44b9d · cc44b9d
1 parent 7cc7946
commit cc44b9d
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 28 deletions.
diff --git a/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml b/examples/jfrog-platform/HA-with-distribution-S3/binarystore.xml
@@ -0,0 +1,22 @@
+<config version="2">
+   <chain>
+        <provider id="cache-fs" type="cache-fs">
+            <provider id="s3-storage-v3" type="s3-storage-v3"/>
+        </provider>
+   </chain>
+   <provider id="s3-storage-v3" type="s3-storage-v3">
+       <endpoint>s3.amazonaws.com</endpoint>
+       <bucketName>bucketName</bucketName>
+       <path>pathPrefix</path>
+       <region>s3Region</region>
+       <identity>yourIdentity</identity>
+       <credential>yourCredentials</credential>
+       <usePresigning>true</usePresigning>
+       <signatureExpirySeconds>600</signatureExpirySeconds>
+       <maxConnections>50</maxConnections>
+       <connectionTimeout>10000</connectionTimeout>
+   </provider>
+   <provider type="cache-fs" id="cache-fs">
+       <maxCacheSize>5000000000</maxCacheSize>
+   </provider>
+</config>
diff --git a/...latform/HA-with-distirbution-S3/readme.md → ...latform/HA-with-distribution-S3/readme.md b/...latform/HA-with-distirbution-S3/readme.md → ...latform/HA-with-distribution-S3/readme.md
@@ -1,4 +1,4 @@
-## 3-Node Artifactory Cluster with Distribution and direct-S3 Persistence
+## 3-Node Artifactory Cluster with Distribution and direct-S3 Provider
 
 ### Overall
 | Product   | Enabled   |
@@ -19,11 +19,11 @@
 | Persistence | Default Storage Class + S3 |
 | SSL | ✅ |
 | Ingress | ❌ |
-| Nginx Deployment | ❌ |
+| Nginx Deployment | ✅ |
 | UnifiedSecret | ✅ |
-| Default Admin Credential | ❌ |
+| Non-Default Admin Credential | ✅ |
 | Default Master Key |  ❌ |
-| Restriected Resources | ✅ |
+| Sizing Parameters | artifactory-xlarge |
 | Private Registry | ✅ |
 
 
@@ -32,12 +32,12 @@
 | Detail   | Value    |
 |-------------|-------------|
 | Replica      | 2       |
-| Database | Bundled Postgres |
+| Database | External Postgres |
 | Persistence | Default Storage Class |
 | External redis | ❌ |
 | SSL | ✅ |
 | UnifiedSecret | ❌ |
-| Restriected Resources | ✅ |
+| Sizing Parameters | distribution-xlarge |
 | Private Registry | ✅ |
 
 
@@ -77,23 +77,29 @@ Note: This requires distribution chart 102.23.0+ to work, which comes default wi
 4. Fill in database details ( values-artifactory.yaml ). [See here for more details related to database.](https://jfrog.com/help/r/jfrog-installation-setup-documentation/database-configuration)
 
   $ kubectl create secret generic my-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n <namespace>
+  $ kubectl create secret generic my-distribution-database --from-literal=db-url='database_url' --from-literal=db-user='admin_user' --from-literal=db-password='password' -n <namespace>
 
-5. Fill in awsS3V3 connection details. To use IAM roles, check [here](https://jfrog.com/help/r/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user)
+5. Create the binarystore.xml secrect or pull the values from environment variables. 
+
+   $  kubectl create secret generic my-binarystore --from-file=binarystore.xml
+
+   To use IAM roles, check [here](https://jfrog.com/help/r/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user/artifactory-how-to-configure-an-aws-s3-object-store-using-an-iam-role-instead-of-an-iam-user)
 
 6. Pull charts ( if you need to reference the suggested sizing paramerters ) and install 
 
 
 ```
+$ helm repo update
 $ helm pull jfrog/jfrog-platform --untar
 ```
 
 
 ```
-$ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
+$ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
 ```
 
 7. If you are installing on openshift, add values-openshift.yaml
 
 ```
-$ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
+$ helm install <name> jfrog/jfrog-platform -n <namespace> -f values-main.yaml -f values-artifactory.yaml -f values-distribution.yaml -f values-openshift.yaml -f jfrog-platform/charts/artifactory/sizing/artifactory-xlarge.yaml -f jfrog-platform/charts/distribution/sizing/distribution-xlarge.yaml
 ```
diff --git a/...h-distirbution-S3/values-artifactory.yaml → ...h-distribution-S3/values-artifactory.yaml b/...h-distirbution-S3/values-artifactory.yaml → ...h-distribution-S3/values-artifactory.yaml
@@ -7,8 +7,6 @@ artifactory:
   artifactory:
     name: artifactory
     admin:
-      username: "admin"
-      password: 
       secret: my-admin
       dataKey: bootstrap.creds
 
@@ -23,18 +21,8 @@ artifactory:
     persistence:
       enabled: true
       accessMode: ReadWriteOnce
-      size: 200Gi
-      type: s3-storage-v3-direct
-      awsS3V3:
-        testConnection: false
-        identity:                                 # required
-        credential:                               # required
-        region:                                   # required
-        bucketName: artifactory-aws
-        path: artifactory/filestore
-        endpoint:                                 # optional
-        port:                                     # optional
-        maxConnections: 150                       # optional
+      size: 100Gi
+      customBinarystoreXmlSecret: my-binarystore
 
   access:
     enabled: true

diff --git a/examples/jfrog-platform/HA-with-distribution-S3/values-distribution.yaml b/examples/jfrog-platform/HA-with-distribution-S3/values-distribution.yaml
@@ -0,0 +1,16 @@
+distribution:
+  postgresql:
+    enabled: false
+  database:
+    type: "postgresql"
+    driver: org.postgresql.Driver
+    secrets: 
+      user:
+        name: "my-distribution-database"
+        key: "db-user"
+      password:
+        name: "my-distribution-database"
+        key: "db-password"
+      url:
+        name: "my-distribution-database"
+        key: "db-url"
diff --git a/.../HA-with-distirbution-S3/values-main.yaml → .../HA-with-distribution-S3/values-main.yaml b/.../HA-with-distirbution-S3/values-main.yaml → .../HA-with-distribution-S3/values-main.yaml
@@ -33,14 +33,9 @@ distribution:
   unifiedUpgradeAllowed: true
   distribution:
     unifiedSecretInstallation: false
-  postgresql:
-    enabled: true
 
 insight:
   enabled: false
 
 pipelines:
-  enabled: false
-
-pdnServer:
   enabled: false
diff --git a/...ith-distirbution-S3/values-openshift.yaml → ...ith-distribution-S3/values-openshift.yaml b/...ith-distirbution-S3/values-openshift.yaml → ...ith-distribution-S3/values-openshift.yaml