search

jfrog / charts

JFrog official Helm Charts
https://jfrog.com/integration/helm-repository/
Apache License 2.0
259 stars 448 forks source link

JoinKey not being found and Artifactory not starting when using value from secret. Present in bootstrap dir but not copied. #1918

Open shettypriy opened 2 months ago

shettypriy commented 2 months ago

Is this a request for help?: yes

Version of Helm and Kubernetes: argocd version | grep -i helm Helm Version: v3.6.0+g7f2df64

EKS kubernetes version 1.29

Which chart: artifactory-oss

Which product license (Enterprise/Pro/oss): oss

What happened: Artifactory will not start. Logs are full of stack traces relating to the join key: 2024-09-10T16:48:58.990Z [jfrou] [INFO ] [5dde291e9e618397] [security_keys.go:185 ] [main ] [] - Cluster join: Join key is missing. Pending for 5 seconds with 5m0s timeout What you expected to happen: I expected the artifactory pod to run completely

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know:

I have created kubernetes secrets for both masterkey and joinkey and mentioned the secretname in values.yaml file. Below is my helm values file

# Default values for artifactory-oss.
# This is a YAML-formatted file.

# Beware when changing values here. You should know what you are doing!
# Access the values with {{ .Values.key.subkey }}

# This chart is based on the main artifactory chart with some customizations.
# See all supported configuration keys in https://github.com/jfrog/charts/tree/master/stable/artifactory

## All values are under the 'artifactory' sub chart.
artifactory:
  ## Artifactory
  ## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
  artifactory:
    ## Default tag is from the artifactory sub-chart in the requirements.yaml
    image:
      registry: releases-docker.jfrog.io
      repository: jfrog/artifactory-oss
      # tag:
    ## Uncomment the following resources definitions or pass them from command line
    ## to control the cpu and memory resources allocated by the Kubernetes cluster
    resources:
      requests:
       memory: "1Gi"
       cpu: "500m"
      limits:
       memory: "4Gi"
       cpu: "2" 
    javaOpts:
     xms: "1g"
     xmx: "3g" 
    ## The following Java options are passed to the java process running Artifactory.
    ## You should set them according to the resources set above.
    ## IMPORTANT: Make sure resources.limits.memory is at least 1G more than Xmx.
    javaOpts: {}
    # xms: "1g"
    # xmx: "3g"
    # other: ""
  installer:
    platform: art-oss-helm
  installerInfo: '{"productId":"Helm_artifactory-oss/{{ .Chart.Version }}","features":[{"featureId":"Platform/{{ printf "%s-%s" "kubernetes" .Capabilities.KubeVersion.Version }}"},{"featureId":"Database/{{ .Values.database.type }}"},{"featureId":"PostgreSQL_Enabled/{{ .Values.postgresql.enabled }}"},{"featureId":"Nginx_Enabled/{{ .Values.nginx.enabled }}"},{"featureId":"ArtifactoryPersistence_Type/{{ .Values.artifactory.persistence.type }}"},{"featureId":"SplitServicesToContainers_Enabled/{{ .Values.splitServicesToContainers }}"},{"featureId":"UnifiedSecretInstallation_Enabled/{{ .Values.artifactory.unifiedSecretInstallation }}"},{"featureId":"Filebeat_Enabled/{{ .Values.filebeat.enabled }}"},{"featureId":"ReplicaCount/{{ .Values.artifactory.replicaCount }}"}]}'
  ## Nginx
  ## See full list of supported Nginx options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
  nginx:
    enabled: false
    tlsSecretName: ""
    service:
      type: LoadBalancer
  ## Ingress
  ## See full list of supported Ingress options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
  ingress:
    enabled: false
    tls:
  ## PostgreSQL
  ## See list of supported postgresql options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
  ## Configuration values for the PostgreSQL dependency sub-chart
  ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md
  postgresql:
    enabled: false
  ## This key is required for upgrades to protect old PostgreSQL chart's breaking changes.
  databaseUpgradeReady: "yes"
  ## If NOT using the PostgreSQL in this chart (artifactory.postgresql.enabled=false),
  ## specify custom database details here or leave empty and Artifactory will use embedded derby.
  ## See full list of database options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
  # database:
  jfconnect:
    enabled: false
  federation:
    enabled: false 
  extraSystemYaml: 
    shared:
      security:
        masterKeyExternal: true    
masterKeySecretName: artifactory-oss-masterkey-kube-secret  
joinKeySecretName: artifactory-oss-joinkey-kube-secret
## Enable the PostgreSQL sub chart
postgresql:
  enabled: false
router:
  image:
    tag: 7.118.0
initContainers:
  image:
    tag: 9.4.949.1716471857
artm commented 2 months ago

same as https://github.com/jfrog/charts/issues/1917

shettypriy commented 2 months ago

@artm I installed artifactory-oss from scratch. It is a fresh installation

reespozzi commented 2 months ago

@shettypriy we also installed from scratch, maybe something in https://github.com/jfrog/charts/issues/1917 can unblock you - especially about looking for errors elsewhere

shettypriy commented 2 months ago

@reespozzi I am trying to create security.import.xml and artifactory.config.import.xml as mentioned https://github.com/jfrog/charts/issues/1917 . But I want to what should be the contents in this file. But I do not see any other error apart from join key is missing

shettypriy commented 2 months ago

can someone help me with the contents of security.import.xml and artifactory.config.import.xml?

reespozzi commented 2 months ago

@shettypriy you can ignore those. Removed from my original comment, not directly related

shettypriy commented 2 months ago

@reespozzi artifactory-server and access-server log had below error

DB Type derby is not allowed: Cannot start the application with a database other than PostgreSQL. For more information, see JFrog documentation.

After adding below configurations in values.yaml file and correcting the indentation, it worked

artifactory:
  ## Artifactory
  ## See full list of supported Artifactory options and documentation in artifactory chart: https://github.com/jfrog/charts/tree/master/stable/artifactory
   artifactory:
      database:
          allowNonPostgresql: true
      systemYaml: |
        shared:
          database:
             allowNonPostgresql: true
gitta-jfrog commented 2 months ago

Hi All,

Please Note: JFrog does not support to run Artifactory on Kubernetes with Derby database.

When running Artifactory with JFrog Helm Chart - You must use the embedded PostgreSQL database (Or external database like Oracle, MSSQL, etc)

I will suggest to enable PostgreSQL and reinstalled the chart.