AWSTemplateFormatVersion: "2010-09-09" Description: "Deploys Artifactory into an existing Kubernetes cluster (qs-1qpmn20mc)" Metadata: cfn-lint: config: ignore_checks: - W9002 - W9003 - W9004 - W9006 Parameters: ArtifactoryNumberOfNodes: Type: Number XrayNumberOfNodes: Type: Number AccessCidr: Type: String ArtifactoryLicense1: Type: String ArtifactoryLicense2: Type: String ArtifactoryLicense3: Type: String ArtifactoryLicense4: Type: String ArtifactoryLicense5: Type: String ArtifactoryLicense6: Type: String ArtifactoryLicense7: Type: String ArtifactoryIamAcessKey: Type: String NoEcho: "true" SecretAccessKey: Type: String NoEcho: "true" ArtifactoryS3Bucket: Type: String CertificateKey: Type: String NoEcho: "true" Certificate: Type: String DatabaseUser: Type: String NoEcho: "true" DatabasePassword: Type: String NoEcho: "true" DatabaseUrl: Type: String XrayDatabaseUser: Type: String NoEcho: "true" XrayDatabasePassword: Type: String NoEcho: "true" XrayDatabaseUrl: Type: String DatabaseHost: Type: String DatabaseDriver: Type: String DatabasePluginUrl: Type: String DatabasePlugin: Type: String DatabaseType: Type: String MasterKey: Type: String NoEcho: "true" HelmChartVersion: Type: String XrayEnabled: Default: "false" Type: String ArtifactoryDeploymentSize: Type: String KubeClusterName: Type: String Mappings: DeploymentSize: xxxLarge: requestsMem: "240Gi" requestsCpu: "64" limitsMem: "384Gi" limitsCpu: "96" javaOptsXms: "192g" javaOptsXmx: "288g" xxLarge: requestsMem: "160Gi" requestsCpu: "48" limitsMem: "256Gi" limitsCpu: "64" javaOptsXms: "128g" javaOptsXmx: "192g" xLarge: requestsMem: "120Gi" requestsCpu: "32" limitsMem: "192Gi" limitsCpu: "48" javaOptsXms: "96g" javaOptsXmx: "144g" Large: requestsMem: "80Gi" requestsCpu: "16" limitsMem: "128Gi" limitsCpu: "32" javaOptsXms: "64g" javaOptsXmx: "96g" Medium: requestsMem: "42Gi" requestsCpu: "8" limitsMem: "64Gi" limitsCpu: "16" javaOptsXms: "32g" javaOptsXmx: "48g" Small: requestsMem: "20Gi" requestsCpu: "4" limitsMem: "32Gi" limitsCpu: "8" javaOptsXms: "16g" javaOptsXmx: "24g" xSmall: requestsMem: "6Gi" requestsCpu: "2" limitsMem: "16Gi" limitsCpu: "4" javaOptsXms: "8g" javaOptsXmx: "12g" xxSmall: requestsMem: "4Gi" requestsCpu: "2" limitsMem: "6Gi" limitsCpu: "2" javaOptsXms: "4g" javaOptsXmx: "4g" Resources: NameSpace: Type: "Custom::KubeManifest" Version: "1.0" Properties: ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" ClusterName: !Ref KubeClusterName Manifest: kind: Namespace apiVersion: v1 metadata: name: "jfrog-platform" labels: app: "jfrog-platform" CertificateStore: DependsOn: NameSpace Type: "Custom::KubeManifest" Version: "1.0" Properties: ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" ClusterName: !Ref KubeClusterName Manifest: kind: Secret apiVersion: v1 metadata: name: artifactory-nginx-tls namespace: "jfrog-platform" labels: app: "jfrog-platform" chart: "jfrog-platform" type: kubernetes.io/tls data: tls.crt: Fn::Base64: !Join ["\n", "Fn::Split": ["|", !Ref Certificate]] tls.key: Fn::Base64: !Join ["\n", "Fn::Split": ["|", !Ref CertificateKey]] LicenseStore: DependsOn: NameSpace Type: "Custom::KubeManifest" Version: "1.0" Properties: ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" ClusterName: !Ref KubeClusterName Manifest: kind: Secret apiVersion: v1 metadata: name: artifactory-cluster-license namespace: "jfrog-platform" labels: app: "jfrog-platform" chart: "jfrog-platform" type: Opaque stringData: art.lic: !Sub >- ${ArtifactoryLicense1} ${ArtifactoryLicense2} ${ArtifactoryLicense3} ${ArtifactoryLicense4} ${ArtifactoryLicense5} ${ArtifactoryLicense6} ${ArtifactoryLicense7} SecureStoreDatabase: DependsOn: NameSpace Type: "Custom::KubeManifest" Version: "1.0" Properties: ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" ClusterName: !Ref KubeClusterName Manifest: kind: Secret apiVersion: v1 metadata: name: artifactory-cluster-db namespace: "jfrog-platform" labels: app: "jfrog-platform" chart: "jfrog-platform" type: Opaque data: db-user: Fn::Base64: !Sub ${DatabaseUser} db-password: Fn::Base64: !Sub ${DatabasePassword} db-url: Fn::Base64: !Sub ${DatabaseUrl} xray-db-user: Fn::Base64: !Sub ${XrayDatabaseUser} xray-db-password: Fn::Base64: !Sub ${XrayDatabasePassword} xray-db-url: Fn::Base64: !Sub ${XrayDatabaseUrl} ArtifactoryDeployment: Type: "AWSQS::Kubernetes::Helm" Metadata: cfn-lint: config: ignore_checks: - E3001 - E9101 ignore_reasons: - E9101: "'master' is part of the product naming conventions for now" DependsOn: - LicenseStore - CertificateStore Properties: ClusterID: !Ref KubeClusterName Namespace: "jfrog-platform" Name: quickstart-jfrog-platform Chart: jfrog/jfrog-platform Repository: "https://charts.jfrog.io/" Version: !Ref HelmChartVersion ValueYaml: !Sub - | global: # TODO: I am not sure how to get these URLs. # ingress URL is dependent on artifactory deployment # now artifactory deployment is dependent on ingress. # jfrogUrl: IngressHostName # jfrogUrlUI: IngressHostName masterKey: ${MasterKey} joinKey: ${MasterKey} database: type: ${DatabaseType} driver: ${DatabaseDriver} host: "${DatabaseHost}" sslMode: disable initDBCreation: false secrets: user: name: artifactory-cluster-db key: "db-user" password: name: artifactory-cluster-db key: "db-password" url: name: artifactory-cluster-db key: "db-url" customCertificates: enabled: false artifactory: artifactory: replicaCount: ${ArtifactoryNumberOfNodes} persistence: enabled: false local: false type: aws-s3-v3 binarystoreXml: | crossNetworkStrategy crossNetworkStrategy 3 remote local 5e+10 cache false ${ArtifactoryIamAcessKey} ${SecretAccessKey} ${AWS::Region} ${ArtifactoryS3Bucket} artifactory/filestore false false 300 resources: requests: memory: "${requests_memory}" cpu: "${requests_cpu}" limits: memory: "${limits_memory}" cpu: "${limits_cpu}" javaOpts: xms: "${java_xms}" xmx: "${java_xmx}" installerInfo: '{"productId": "CloudFormation_artifactory-ha/1.0.0","features": [{"featureId": "Partner/ACC-006973"}]}' enabled: true deleteDBPropertiesOnStartup: true license: secret: artifactory-cluster-license dataKey: art.lic preStartCommand: mkdir -p /var/opt/jfrog/artifactory/etc/artifactory/info/; mkdir -p /var/opt/jfrog/artifactory/bootstrap/artifactory/tomcat/lib/; curl ${DatabasePluginUrl} --output /var/opt/jfrog/artifactory/bootstrap/artifactory/tomcat/lib/${DatabasePlugin} waitForDatabase: false postgresql: enabled: false database: type: ${DatabaseType} driver: ${DatabaseDriver} secrets: user: name: artifactory-cluster-db key: "db-user" password: name: artifactory-cluster-db key: "db-password" url: name: artifactory-cluster-db key: "db-url" postgresql: enabled: false nginx: enabled: true replicaCount: 3 service: loadBalancerSourceRanges: [ "${AccessCidr}" ] tlsSecretName: artifactory-nginx-tls xray: enabled: ${XrayEnabled} replicaCount: ${XrayNumberOfNodes} postgresql: enabled: false database: type: ${DatabaseType} driver: ${DatabaseDriver} secrets: user: name: artifactory-cluster-db key: "xray-db-user" password: name: artifactory-cluster-db key: "xray-db-password" url: name: artifactory-cluster-db key: "xray-db-url" rabbitmq: enabled: ${XrayEnabled} replicaCount: ${XrayNumberOfNodes} redis: enabled: false distribution: enabled: false mission-control: enabled: false pipelines: enabled: false insight: enabled: false - { requests_memory: !FindInMap [ DeploymentSize, !Ref ArtifactoryDeploymentSize, requestsMem, ], requests_cpu: !FindInMap [ DeploymentSize, !Ref ArtifactoryDeploymentSize, requestsCpu, ], limits_memory: !FindInMap [ DeploymentSize, !Ref ArtifactoryDeploymentSize, limitsMem, ], limits_cpu: !FindInMap [ DeploymentSize, !Ref ArtifactoryDeploymentSize, limitsCpu, ], java_xms: !FindInMap [ DeploymentSize, !Ref ArtifactoryDeploymentSize, javaOptsXms, ], java_xmx: !FindInMap [ DeploymentSize, !Ref ArtifactoryDeploymentSize, javaOptsXmx, ], } IngressHostName: DependsOn: ArtifactoryDeployment Type: "Custom::KubeGet" Version: "1.0" Properties: ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeGet-${KubeClusterName}" ClusterName: !Ref KubeClusterName Namespace: "jfrog-platform" Name: svc/quickstart-jfrog-platform-artifactory-nginx JsonPath: "{.status.loadBalancer.ingress[0].hostname}" Outputs: ArtifactoryUrl: Value: !Sub "https://${IngressHostName}"