Open xujy1991 opened 4 months ago
gitta-jfrog
commented
3 months ago Hi @xujy1991
The recommended way is to use the IAM role with ServiceAccount. You can find more details about this configuration here.
If you would like to use the AccessKey and SecretKey you can do it by configuring:
awsS3V3:
identity: AccessKey
credential: SecretKey
xujy1991
commented
3 months ago Hi @xujy1991
The recommended way is to use the IAM role with ServiceAccount. You can find more details about this configuration here.
If you would like to use the AccessKey and SecretKey you can do it by configuring:
awsS3V3: identity: AccessKey credential: SecretKey
Thank you. So for the type s3-storage-v3-direct, is it configured in binarystore.xml? The exception is that binarystore.xml needs to be modified in pod after the service is deployed?
gitta-jfrog
commented
3 months ago The binarystore.xml will be generated according to the values.yaml configuration - No need to update the binarystore.xml in the pod level. see example:
artifactory:
persistence:
type: s3-storage-v3-direct
awsS3V3:
testConnection: false
identity:
credential:
region:
bucketName: artifactory-aws
path: artifactory/filestore
endpoint:The binarystore.xml will be generated according to the values.yaml configuration - No need to update the binarystore.xml in the pod level. see example:
artifactory: persistence: type: s3-storage-v3-direct awsS3V3: testConnection: false identity: credential: region: bucketName: artifactory-aws path: artifactory/filestore endpoint:
Thank you for your patient answer,I followed the following command to execute the deployment, However, the artifactory service keeps reporting errors as shown in the figure during startup,I only modified persistence.type to s3,No modifications were made to other values.yaml,What is the reason for this?
artifactory-oss:7.77.7
Deployment command:helm install artifactory-oss ./artifactory-oss
values.yaml:
persistence: mountPath: "/var/opt/jfrog/artifactory" enabled: true
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
accessMode: ReadWriteOnce
## Storage default size. Should be increased for production deployments.
size: 20Gi
## Use a custom Secret to be mounted as your binarystore.xml
## NOTE: This will ignore all settings below that make up binarystore.xml
customBinarystoreXmlSecret:
## Redundancy required For HA deployments, with "cluster" persistence storage type
redundancy: 3
lenientLimit: 1
## Cache default size. Should be increased for production deployments.
maxCacheSize: 5000000000
cacheProviderDir: cache
## Set the persistence storage type. This will apply the matching binarystore.xml to Artifactory config
## Supported types are:
## file-system (default)
## cluster-file-system
## nfs
## google-storage
## google-storage-v2
## google-storage-v2-direct
## cluster-google-storage-v2
## aws-s3-v3
## s3-storage-v3-direct
## cluster-s3-storage-v3
## s3-storage-v3-archive
## azure-blob
## azure-blob-storage-direct
## cluster-azure-blob-storage
type: aws-s3-v3
awsS3V3:
testConnection: false
identity: xxxx
credential: xxxxx
region:
bucketName: artifactory-aws
path: artifactory/filestore
endpoint: xxxxx
port:
useHttp:
maxConnections: 50
connectionTimeout:
socketTimeout:
kmsServerSideEncryptionKeyId:
kmsKeyRegion:
kmsCryptoMode:
useInstanceCredentials: true
usePresigning: false
signatureExpirySeconds: 300
signedUrlExpirySeconds: 30
cloudFrontDomainName:
cloudFrontKeyPairId:
cloudFrontPrivateKey:
enableSignedUrlRedirect: false
enablePathStyleAccess: false
multiPartLimit:So I'm wondering, does the oss version not support S3 storage? Or is there something wrong with my configuration?
@gitta-jfrog @sponte @gliptak @pniederlag
I don't see where to fill in ak and sk. Don't you need to fill in accesskey and secretkey of object storage to access s3? awsS3V3: testConnection: true identity: credential: region: zj bucketName: path: artifactory/filestore endpoint: port: useHttp: maxConnections: 50 connectionTimeout: socketTimeout: kmsServerSideEncryptionKeyId: kmsKeyRegion: kmsCryptoMode: useInstanceCredentials: true usePresigning: false signatureExpirySeconds: 300 signedUrlExpirySeconds: 30 cloudFrontDomainName: cloudFrontKeyPairId: cloudFrontPrivateKey: enableSignedUrlRedirect: false