zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 07:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

added Cloud Formation templates for ECS and EKS

Browse Source
This commit is contained in:
Vinay Aggarwal
2019-11-18 16:54:25 -08:00
parent 8e7a87dfe1
commit 5d2fb7a659
40 changed files with 4690 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
CloudFormation-JCR-EKS/.gitmodules vendored Normal file
View File

@@ -0,0 +1,12 @@
[submodule "submodules/quickstart-aws-vpc"]
path = submodules/quickstart-aws-vpc
url = https://github.com/aws-quickstart/quickstart-aws-vpc.git
branch = master
[submodule "submodules/quickstart-linux-bastion"]
path = submodules/quickstart-linux-bastion
url = https://github.com/aws-quickstart/quickstart-linux-bastion.git
branch = master
[submodule "submodules/quickstart-amazon-eks"]
path = submodules/quickstart-amazon-eks
url = https://github.com/aws-quickstart/quickstart-amazon-eks.git
branch = master

202
CloudFormation-JCR-EKS/LICENSE.txt Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

34
CloudFormation-JCR-EKS/Makefile Normal file
View File

@@ -0,0 +1,34 @@
.PHONY: help run submodules
submodules:
git submodule init
git submodule update
cd submodules/quickstart-linux-bastion && git submodule init && git submodule update
cd submodules/quickstart-amazon-eks && git submodule init && git submodule update
help:
@echo "make test : executes taskcat"
create:
aws cloudformation create-stack --stack-name test --template-body file://$(pwd)/templates/jfrog-artifactory-ec2-new-vpc.template --parameters $(cat .ignore/params) --capabilities CAPABILITY_IAM
delete:
aws cloudformation delete-stack --stack-name test
.ONESHELL:
test: lint submodules
cd .. && pwd && taskcat -c theflash/ci/config.yml -n
lint:
time taskcat -l -c ci/config.yml
public_repo:
taskcat -c theflash/ci/config.yml -u
#https://taskcat-tag-quickstart-jfrog-artifactory-c2fa9d34.s3-us-west-2.amazonaws.com/quickstart-jfrog-artifactory/templates/jfrog-artifactory-ec2-master.template
#curl https://taskcat-tag-quickstart-jfrog-artifactory-7008506c.s3-us-west-2.amazonaws.com/quickstart-jfrog-artifactory/templates/jfrog-artifactory-ec2-master.template
get_public_dns:
aws elb describe-load-balancers | jq '.LoadBalancerDescriptions[]| .CanonicalHostedZoneName'
get_bastion_ip:
aws ec2 describe-instances | jq '.[] | select(.[].Instances[].Tags[].Value == "LinuxBastion") '

0
CloudFormation-JCR-EKS/README.md Normal file
View File

70
CloudFormation-JCR-EKS/ci/jfrog-new-vpc-jcr6-eks.json Executable file
View File

@@ -0,0 +1,70 @@
[
{
"ParameterKey": "KeyPairName",
"ParameterValue": "$[taskcat_getkeypair]"
},
{
"ParameterKey": "RemoteAccessCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "AccessCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_genaz_3]"
},
{
"ParameterKey": "DatabasePassword",
"ParameterValue": "$[taskcat_genpass_8A]"
},
{
"ParameterKey": "QSS3BucketName",
"ParameterValue": "$[taskcat_autobucket]"
},
{
"ParameterKey": "QSS3KeyPrefix",
"ParameterValue": "quickstart-jfrog-artifactory/"
},
{
"ParameterKey": "SMLicensesName",
"ParameterValue": "jfrog-artifactory"
},
{
"ParameterKey": "DatabaseInstance",
"ParameterValue": "db.t3.medium"
},
{
"ParameterKey": "ArtifactoryVersion",
"ParameterValue": "6.15.0"
},
{
"ParameterKey": "CertificateDomain",
"ParameterValue": "localdomain"
},
{
"ParameterKey": "MasterKey",
"ParameterValue": "1ce2be4490ca2c662cb79636cf9b7b8e"
},
{
"ParameterKey": "Certificate",
"ParameterValue": "-----BEGIN CERTIFICATE-----\nMIIFaDCCA1ACCQD45dB5tZFvCDANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55dmFsZTEOMAwGA1UECgwFSkZy\nb2cxFDASBgNVBAsMC0FydGlmYWN0b3J5MSAwHgYDVQQDDBdhcnRpZmFjdG9yeS5s\nb2NhbGRvbWFpbjAeFw0xOTA3MjMyMzE4MjVaFw0yMDA3MjIyMzE4MjVaMHYxCzAJ\nBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMQ4wDAYD\nVQQKDAVKRnJvZzEUMBIGA1UECwwLQXJ0aWZhY3RvcnkxIDAeBgNVBAMMF2FydGlm\nYWN0b3J5LmxvY2FsZG9tYWluMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC\nAgEA0b3OgTFKkNbXXHzPv3l9IqX7fFZcfS2ZMD4mBuNlGQ6kyyraeoKKiVdkOgQV\n/dwDxLeW6y+637J2KBiZTccHUS8/eC5ky9E6ECeFToCYsucUKRiWo9Uss6XS1N+Q\nKQHktCVYy+KFDkJIVEL6LFbUMLz0k1jOhI/FRveT8LQ9cZsfy8KIrCF92ErcdPSL\n02KO6RgaBjxRFtAw2ZdO07O9kcKBC5BpJdrEnJHalVJsJbZOqIuNjyKKp/8s9TtW\nEYhXAbz05RrdQ97Cse1a/rHR5EWL+ITRw3Q/mQUv/ilSrSxb+chtgGb0qdP7aV0h\nLOuxttQFFU2o62LHqnda6dWljxKpSYUz47ugCK0M4T2bRhy7lUgmZ3PcfZYLE2ue\nh1qIJfkDfi1WpbptJAs4MbgfTvF2FCAsh8tyFnl+TA5QBWLRcOF9y1qUAATa1JKX\nzKGf/5hExBRpuq371j4SLAb5qXYUuQqZiCe3O6qTx2Wo/jAOPV49wfK9D9fW5qmq\nND1Rpp8sKjlb2ixm7dhCWyWV+iGHpzX5tjBW35rikAisUoap47I1fNzYMiSTvbhv\n2+by2YY8jsiYRCRIAKzRbgOgDOXnYVtWFpLgUldMqWqo+X3LztYE8CxD0CQK5u12\nGxM5ztXKEaitCqUSjY34Gl4owukA9tzGnu09OuAYGkxVBO0CAwEAATANBgkqhkiG\n9w0BAQsFAAOCAgEATH4kyuKvZtq32b3I7yZ27Xp2yaxABs17g0jAzkv7o9GILo+3\ncVAJS2warQti+c+A2edjqEc97JXb6ul7/SHs7B9B0P4BZSUsI0byuPlQ45Kht891\njz3SF1o6jpKTniQPqsulMMshmYB6oY6CIyvKpaMaG3DypEXFmwEU7CdWr7oVISkn\npU6N6fI+V94Wzd1yHL8Jm/ixP4lqBAZqDhxNRq/Vok94wu2jvWwPIn2M+9myAiOs\nTSpcqLg8Vn70XkK5uuN1UXYU5QDo78GEZpOj7YfCxVjB43Ct/sEiu3iB0GzyEvq6\njlv07H9PyLjYeM7CuhZdgULBqEWbqNhO5XL/QJMYG06kXkT3GiWFP8pjnQRcJM4Z\nqQv8fOTDTuX5GumXKctXJwc7y9uywoIPwffEKlGuofWhihy8r/YXu2BgShDF3zYV\n1RAHVcWtPT5IqejpRZX5LdL4Hr2eCeUkcVCo7qqYLEwxFnQNG1nMrJJ2ewnlzPac\nJNNPRXgTDF3OkbON+3Wn/H0ndqIoqapHXSlkR54Stsk9yjHuaJ9TCANw2mxMDzf0\nRGw9ecirjpzQdP9jT/zK9X4kqFc0T3P6qN3X3s/OPPbroassRk/eqI/oMS6lNcQm\ny+SvRUrdtzKgmAfVE5yMLTVG0cZM4gWJ35DZHHqWnrbFEg7C0NLzoYc6yeQ=\n-----END CERTIFICATE-----"
},
{
"ParameterKey": "CertificateKey",
"ParameterValue": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDRvc6BMUqQ1tdc\nfM+/eX0ipft8Vlx9LZkwPiYG42UZDqTLKtp6goqJV2Q6BBX93APEt5brL7rfsnYo\nGJlNxwdRLz94LmTL0ToQJ4VOgJiy5xQpGJaj1SyzpdLU35ApAeS0JVjL4oUOQkhU\nQvosVtQwvPSTWM6Ej8VG95PwtD1xmx/LwoisIX3YStx09IvTYo7pGBoGPFEW0DDZ\nl07Ts72RwoELkGkl2sSckdqVUmwltk6oi42PIoqn/yz1O1YRiFcBvPTlGt1D3sKx\n7Vr+sdHkRYv4hNHDdD+ZBS/+KVKtLFv5yG2AZvSp0/tpXSEs67G21AUVTajrYseq\nd1rp1aWPEqlJhTPju6AIrQzhPZtGHLuVSCZnc9x9lgsTa56HWogl+QN+LValum0k\nCzgxuB9O8XYUICyHy3IWeX5MDlAFYtFw4X3LWpQABNrUkpfMoZ//mETEFGm6rfvW\nPhIsBvmpdhS5CpmIJ7c7qpPHZaj+MA49Xj3B8r0P19bmqao0PVGmnywqOVvaLGbt\n2EJbJZX6IYenNfm2MFbfmuKQCKxShqnjsjV83NgyJJO9uG/b5vLZhjyOyJhEJEgA\nrNFuA6AM5edhW1YWkuBSV0ypaqj5fcvO1gTwLEPQJArm7XYbEznO1coRqK0KpRKN\njfgaXijC6QD23Mae7T064BgaTFUE7QIDAQABAoICAAgKDnBFQ2Zp1bdl0VC1h2Zc\nllcduE3UAZsnxq1c6fMb7JUc/2LSvhyljOHsZitk04AmyVIacj9Ax+ahir7Acjda\naERjAtoNGvyjhyiLJU82LD+nAZ8l/KCmKn6eUxg/SlTdWZn3BMKXJ86TAqPQcDGu\nDHHZZZEPMbCWrMT9I53HJGDbBAIVBo3T0L9q4DEqBfBJTDYQ+cq2EClG826J5SpB\nGlEnJ+Cbkg2uSYKPtjV712f+cV6bJFVsIn0D2Tiy0SLv6zMc5H5Fe5D2WBaLGlB1\nmffcn22udwGWgVBspQ6eNKhOVmQljhs0VN6lAzCFmDo5xjga0e6zypNuH732wnG3\nrOoIs6Qo5FQT4fSRSdSANlWJ8cF1OPL7ll0CN1BGfNa304s/C+qNO9SgMn6gmp3G\nuXYSgILp5UraRvn/KYXXVf/IRYrg6bnJ1TcuKCWJPjtibFLmIZutPkOTNF3YSW4s\nUOfLFK8Ky4r0/H6Nzt1r/f9qPHqVG7ILPWP1fwpcq06Tb6wvrJ1xkW9f3JTiWLMi\njkDiuQTmDf1JOk/TslZ3Mj6JDYFdHgT3lZdSNHiRuGgQ278ax/waSRn5W0LXr5b5\ntdHOBqLKnq7l96Hj0IArcrgh1ocJw4pP9JFWGDV2zfG+HzTf6QGmWj6j1Vf/91VN\n75tJmgKjScdU/DX+hTQBAoIBAQDy1YVc5Xwr+JzBV+xMorzVdaZ9Fwpycoy7OPy2\nNjFk1XD/cSDDK7aTDd9v8HF8Kmw4kVtngIkP/kdY4Gdu1oP22f2wkKjXGFQaRWPl\nNNEDhC+f7tjvGbF702jhB0kFdn3f7fEWyr4j8FP4xUqOczF2tzPgKeTkfz+ckQ0m\nDgmjm3vcPb+ZDLDE7fBw0On/qZr9dCH0oBwl7CMWmKggzYQEKNBbJowBwIlwTmL6\nI8Xzj7CAcV9sIVboJb7jNQPOCzHJA9bTGf5LMbD6X6D6Avlvd1J74/fFWkLME6CI\n0mlF5aOW2qKMo57DtnnEEKCL/6DXPfRvX6CuwbHqS5SIbwnxAoIBAQDdHPfDcpjU\n51KgFe4WoygNGVI604Aqv4ZnumJ4oshS71KqQidXgGBch9fDUad1txbDkeOHFW4u\nYwT67VsHeP7jbCA1Rn7MY8DASlSdJkZ7e4trUh1xfYH5tJK3i5hXMPu221sc7l5z\nNTKlohn00tIjy0adehk5oIyr1w1l9DtX6TMK2uNa7Z79mYFZLhrWRX6a93M4MA+J\nTq0bKF8j+x8RG2VZF6mom4XkHLOhYC9osG4xbj8AbhKBt9XrUcu+TT9Ct/kE7b54\ncvWtyf19cwviApebfQIn31pwieUaSncztSHdARCgVETP1334yOtrgKWb3CifaQHH\n0N+BqsrJR469AoIBAHAufAHCcm7N13zqZVuyApKKW3OGZWkhyinj1btHpeHzSNR5\nKq1/UET3L7XC2mqGHqCzZgqWsrsUuVkxshbeOvCbHDupWJalwpSwYcnNcJGzS10T\nNlye/gM6U0VB3FYNu3Drt2jUGKr5p5FRc3QDe2JgmDKCqB93OafWysA90+4lMj84\nt365AiC321AC81cMv3E/aUBdhyNtx3f05hbhWo+hW0AAusVEcTnUvJzaUeSHCP8N\nYQvPCxsL9Pd50lwph8JZZ7D2XSfXuO6xpuhY32rDMPPTCO+/FwS4PH141vFXeQ+D\nyXw3Sm0Xq4EMPV7vpRpKoNWi09Rn3w1iBShSQ8ECggEBAK7l3flEaS1m+I1WK2jO\nj7ykvc14RJYLvwXHgWKI6EnpsgqonzPwgMhQT1PY/8v2EdSKTl4ojmm0u1i8bNeh\nVoSPn35kj6GeefXgFcPkZbYBCEvQvSdrLmdU9QSoL80wGrsOEaj1x9H7T1+CtGNa\nawwTG30u+ksB+qNmTNvLbzFfbZd1gocHFE7moFDpTiMU/0sW1pWoNnHWwMiNi4wL\ndAx1DhqFxBZxRlwkc9X/HiECBXemC8GMT6k5v8UOg0m5EoP0v82tPI9L55cbAh67\n5LdWc5NzM0RUwNXpzUWZh2ZoLSwCTqNzZKa+fo9OZiE3tkdtwtgtGFJ0noaTkSnb\nJ0UCggEAWh58mtJ9TdAZdtU7kkx1/3c91hxl+up8PTSS6BdFa8DXxt9iQq4r914c\nVbfdnzKH7K245alH2aOcdw/TrK0ulQOazGGX2E6pWJV/ndxaUM4beUDUYbTVec3O\niVFWQT/Kp4WQktHQIu0w2fZElgOo30X3eTFEx0bvAm9Or2PiR34JAB5yerrEuFWq\n+Y3oZVb1tzJgLrVqAE6ct/TwkzhLaehlzPFNQb1u5POe3aUHjr5gsZDkqZua3Ys2\nQhArEEmrhEqRBACPWKWb6fSc+ajYlhltLg2g3EMqL4arW/3hgI2KS0vdiPtMRDvQ\n2YpoPnf204ak0AcDNZX257FnjRltUg==\n-----END PRIVATE KEY-----"
},
{
"ParameterKey": "CertificateDomain",
"ParameterValue": "localdomain"
},
{
"ParameterKey": "PrivateRepoUsername",
"ParameterValue": ""
},
{
"ParameterKey": "PrivateRepoApiKey",
"ParameterValue": ""
}
]

13
CloudFormation-JCR-EKS/ci/taskcat.yml Executable file
View File

@@ -0,0 +1,13 @@
global:
marketplace-ami: false
owner: quickstart-eng@amazon.com
qsname: quickstart-jfrog-artifactory
regions:
- us-west-2
reporting: true
tests:
jfrog-artifactory-jcr6-eks:
parameter_input: jfrog-new-vpc-jcr6-eks.json
template_file: jfrog-jcr6-eks-master.template.yaml
regions:
- us-west-2

301
CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-core-workload.template.yaml Executable file
View File

@@ -0,0 +1,301 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys Artifactory into an existing Kubernetes cluster"
Parameters:
KubeManifestLambdaArn:
Type: String
HelmLambdaArn:
Type: String
KubeConfigPath:
Type: String
KubeConfigKmsContext:
Type: String
KubeGetLambdaArn:
Type: String
NumberOfSecondary:
Type: Number
AccessCIDR:
Type: String
ArtifactoryLicense1:
Type: String
ArtifactoryLicense2:
Type: String
ArtifactoryLicense3:
Type: String
ArtifactoryLicense4:
Type: String
ArtifactoryIAMAcessKey:
Type: String
NoEcho: 'true'
SecretAccessKey:
Type: String
NoEcho: 'true'
ArtifactoryS3Bucket:
Type: String
CertificateKey:
Type: String
NoEcho: 'true'
Certificate:
Type: String
CertificateDomain:
Type: String
PrivateRepoUsername:
NoEcho: 'true'
Type: String
PrivateRepoApiKey:
NoEcho: 'true'
Type: String
ArtifactoryDBEndpointAddress:
Type: String
DatabaseName:
Type: String
NoEcho: 'true'
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
MasterKey:
Type: String
NoEcho: 'true'
ArtifactoryVersion:
Type: String
ArtifactoryDeploymentSize:
Type: String
Mappings:
DeploymentSize:
Large:
requestsMem: "6Gi"
requestsCpu: "4"
limitsMem: "10Gi"
limitsCpu: "8"
javaOptsXms: "6g"
javaOptsXmx: "8g"
Medium:
requestsMem: "4Gi"
requestsCpu: "2"
limitsMem: "8Gi"
limitsCpu: "6"
javaOptsXms: "4g"
javaOptsXmx: "6g"
Small:
requestsMem: "4Gi"
requestsCpu: "2"
limitsMem: "6Gi"
limitsCpu: "4"
javaOptsXms: "4g"
javaOptsXmx: "4g"
Resources:
NameSpace:
Type: "Custom::KubeManifest"
Version: '1.0'
Properties:
ServiceToken: !Ref KubeManifestLambdaArn
KubeConfigPath: !Ref KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
Manifest:
kind: Namespace
apiVersion: v1
metadata:
name: jfrog-artifactory
labels:
app: artifactory
CertificateStore:
DependsOn: NameSpace
Type: "Custom::KubeManifest"
Version: '1.0'
Properties:
ServiceToken: !Ref KubeManifestLambdaArn
KubeConfigPath: !Ref KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
Manifest:
kind: Secret
apiVersion: v1
metadata:
name: artifactory-nginx-tls
namespace: jfrog-artifactory
labels:
app: artifactory
chart: artifactory
type: kubernetes.io/tls
data:
tls.crt:
Fn::Base64:
!Sub "${Certificate}"
tls.key:
Fn::Base64:
!Sub "${CertificateKey}"
LicenseStore:
DependsOn: NameSpace
Type: "Custom::KubeManifest"
Version: '1.0'
Properties:
ServiceToken: !Ref KubeManifestLambdaArn
KubeConfigPath: !Ref KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
Manifest:
kind: Secret
apiVersion: v1
metadata:
name: artifactory-cluster-license
namespace: jfrog-artifactory
labels:
app: artifactory
chart: artifactory
type: Opaque
stringData:
art.lic: !Sub
>-
${ArtifactoryLicense1}
${ArtifactoryLicense2}
${ArtifactoryLicense3}
${ArtifactoryLicense4}
ArtifactoryDeployment:
Type: "Custom::Helm"
DependsOn:
- LicenseStore
- CertificateStore
Version: '1.0'
Properties:
ServiceToken: !Ref HelmLambdaArn
KubeConfigPath: !Ref KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
Namespace: jfrog-artifactory
Name: quickstart-artifactory-ha
Chart: jfrog/artifactory-ha
RepoUrl: https://charts.jfrog.io
ValueYaml: !Sub
- |
artifactory:
name: artifactory-ha
image:
repository: docker.bintray.io/jfrog/artifactory-jcr
version: ${ArtifactoryVersion}
pullPolicy: Always
deleteDBPropertiesOnStartup: true
license:
secret: artifactory-cluster-license
dataKey: art.lic
masterKey: ${MasterKey}
preStartCommand: "wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar"
persistence:
enabled: false
type: aws-s3
awsS3:
endpoint: s3.${AWS::Region}.amazonaws.com
region: ${AWS::Region}
identity: ${ArtifactoryIAMAcessKey}
credential: ${SecretAccessKey}
bucketName: ${ArtifactoryS3Bucket}
primary:
resources:
requests:
memory: "${requests_memory}"
cpu: "${requests_cpu}"
limits:
memory: "${limits_memory}"
cpu: "${limits_cpu}"
javaOpts:
xms: "${java_xms}"
xmx: "${java_xmx}"
nodeSelector:
partition: artifactory-primary
node:
replicaCount: ${NumberOfSecondary}
resources:
requests:
memory: "${requests_memory}"
cpu: "${requests_cpu}"
limits:
memory: "${limits_memory}"
cpu: "${limits_cpu}"
javaOpts:
xms: "${java_xms}"
xmx: "${java_xmx}"
nodeSelector:
partition: artifactory-secondary
## Only used if "affinity" is empty
podAntiAffinity:
## Valid values are "soft" or "hard"; any other value indicates no anti-affinity
type: "soft"
topologyKey: "kubernetes.io/hostname"
postgresql:
enabled: false
database:
type: mysql
url: jdbc:mysql://${ArtifactoryDBEndpointAddress}:3306/${DatabaseName}?characterEncoding=UTF-8&elideSetAutoCommits=true #&verifyServerCertificate=true&useSSL=true&requireSSL=true
user: ${DatabaseUser}
password: ${DatabasePassword}
nginx:
image:
repository: docker.bintray.io/jfrog/nginx-artifactory-pro
version: ${ArtifactoryVersion}
tlsSecretName: artifactory-nginx-tls
nodeSelector:
partition: artifactory-primary
service:
loadBalancerSourceRanges: [ "${AccessCIDR}" ]
artifactoryConf: |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt;
ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen {{ .Values.nginx.internalPortHttps }} ssl;
listen {{ .Values.nginx.internalPortHttp }} ;
server_name ~(?<repo>.+).${CertificateDomain} ~(?<repo>.+).jfrog.team
{{- range .Values.ingress.hosts -}}
{{- if contains "." . -}}
{{ "" | indent 0 }} ~(?<repo>.+)\.{{ . }}
{{- end -}}
{{- end -}};
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory-access.log timing;
## error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
rewrite ^/(v2)/(.*) /artifactory/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 2400;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- { requests_memory: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, requestsMem],
requests_cpu: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, requestsCpu],
limits_memory: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, limitsMem ],
limits_cpu: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, limitsCpu ],
java_xms: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, javaOptsXms ],
java_xmx: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, javaOptsXmx ] }
IngressHostName:
DependsOn: ArtifactoryDeployment
Type: "Custom::KubeGet"
Version: '1.0'
Properties:
ServiceToken: !Ref KubeGetLambdaArn
KubeConfigPath: !Ref KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
Namespace: jfrog-artifactory
Name: svc/quickstart-artifactory-ha-nginx
JsonPath: '{.status.loadBalancer.ingress[0].hostname}'
Outputs:
ArtifactoryUrl:
Value: !Sub https://${IngressHostName}

663
CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-existing-vpc.template.yaml Executable file
View File

@@ -0,0 +1,663 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: Deploys an EKS cluster with JFrog Artifactory into an existing VPC (qs-1q037efm3).
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCIDR
- RemoteAccessCIDR
- AdditionalEKSAdminArns
- KubeConfigKmsContext
- Label:
default: Network configuration
Parameters:
- VPCID
- VPCCIDR
- PrivateSubnet1ID
- PrivateSubnet2ID
- PrivateSubnet3ID
- PublicSubnet1ID
- PublicSubnet2ID
- PublicSubnet3ID
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- PrivateSubnet3CIDR
- Label:
default: Bastion configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOS
- BastionRootVolumeSize
- BastionEnableTCPForwarding
- BastionEnableX11Forwarding
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- ArtifactoryDeploymentSize
- NumberOfSecondary
- SMLicensesName
- Certificate
- CertificateKey
- CertificateDomain
- MasterKey
- PrivateRepoUsername
- PrivateRepoApiKey
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseName
- DatabaseEngine
- DatabaseVersion
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DBAllocatedStorage
- MultiAZDatabase
- Label:
default: EC2/EKS configuration
Parameters:
- KubernetesVersion
- NodeInstanceType
- NumofSecondaryNodes
- NodeVolumeSize
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- LambdaZipsBucketName
ParameterLabels:
KeyPairName:
default: SSH key name
AccessCIDR:
default: Permitted IP range
RemoteAccessCIDR:
default: Remote access CIDR
AdditionalEKSAdminArns:
default: Additional EKS admin ARNs
KubeConfigKmsContext:
default: Kubernetes config KMS context
VPCID:
default: VPC ID
VPCCIDR:
default: VPC CIDR
PublicSubnet1ID:
default: Public subnet 1 ID
PublicSubnet2ID:
default: Public subnet 2 ID
PublicSubnet3ID:
default: Public subnet 3 ID
PrivateSubnet1ID:
default: Private subnet 1 ID
PrivateSubnet2ID:
default: Private subnet 2 ID
PrivateSubnet3ID:
default: Private subnet 3 ID
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
PrivateSubnet3CIDR:
default: Private subnet 3 CIDR
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTCPForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOS:
default: Bastion operating system
ArtifactoryVersion:
default: Artifactory version
ArtifactoryDeploymentSize:
default: Artifactory deployment size
NumberOfSecondary:
default: Number of secondary pods
SMLicensesName:
default: Artifactory licenses secret name
Certificate:
default: Certificate
CertificateKey:
default: Certificate key
CertificateDomain:
default: Certificate domain
PrivateRepoUsername:
default: Username to include for private RPM repository
PrivateRepoApiKey:
default: Api Key for private RPM repository
MasterKey:
default: Master server key
DatabaseName:
default: Database name
DatabaseEngine:
default: Database engine
DatabaseVersion:
default: Database version
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DBAllocatedStorage:
default: Database allocated storage
MultiAZDatabase:
default: High available database
NodeInstanceType:
default: Node instance type
NodeVolumeSize:
default: Node EBS volume size
NumofSecondaryNodes:
default: Number of secondary nodes
KubernetesVersion:
default: Kubernetes version
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
LambdaZipsBucketName:
default: Lambda zips bucket name
Parameters:
KeyPairName:
Description: The name of an existing public/private key pair, which allows you
to securely connect to your instance after it launches.
Type: AWS::EC2::KeyPair::KeyName
AccessCIDR:
Description: The CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCIDR:
Description:
The remote CIDR range for allowing SSH into the Bastion instance.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant specific ranges inside your corporate network SSH access.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Type: String
AdditionalEKSAdminArns:
Description: '[OPTIONAL] The Amazon Resource Names (ARNs): a comma-separated list of IAM users and roles to be granted admin access to the EKS cluster.'
Default: ""
Type: CommaDelimitedList
KubeConfigKmsContext:
Description: String value used by KMS to encrypt/decrypt Kubernetes configuration file.
Default: "JFrogArtifactory"
Type: String
VPCID:
Description: The ID of your existing VPC for deployment (e.g., vpc-0343606e).
Type: AWS::EC2::VPC::Id
VPCCIDR:
Description: The CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PublicSubnet1ID:
Description: The ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-z0376dab).
Type: "AWS::EC2::Subnet::Id"
PublicSubnet2ID:
Description: The ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-a29c3d84).
Type: "AWS::EC2::Subnet::Id"
PublicSubnet3ID:
Description: The ID of the public subnet in Availability Zone 3 in your existing VPC (e.g., subnet-a29c3d84).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1ID:
Description: The ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet2ID:
Description: The ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b58c3d67).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet3ID:
Description: The ID of the private subnet in Availability Zone 3 in your existing VPC (e.g., subnet-b58c3d67).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1CIDR:
Description: The CIDR of the private subnet in Availability Zone 1 in your existing VPC (e.g., 10.0.0.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2CIDR:
Description: The CIDR of the private subnet in Availability Zone 2 in your existing VPC (e.g., 10.0.32.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PrivateSubnet3CIDR:
Description: The CIDR block for private subnet 3 located in Availability Zone 3 in your existing VPC (e.g., 10.0.64.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Type: String
NodeInstanceType:
Description: The Amazon EC2 instance type for the nodes hosting the Kubernetes pods.
AllowedValues:
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
ConstraintDescription: Must be a valid EC2 instance type
Default: m4.xlarge
Type: String
NodeVolumeSize:
Description: The size of EBS volumes for master node instances, in GB.
Default: 200
Type: String
NumofSecondaryNodes:
Description: The initial number of secondary node instances to create.
If you do not have large enough instances to boot the number of secondary pods, the deployment will fail.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
KubernetesVersion:
Description: The Kubernetes control plane version.
AllowedValues: [ "1.13", "1.12", "1.11" ]
Default: "1.13"
Type: String
ProvisionBastionHost:
Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being
created in private subnets, the default setting of Enabled this is highly recommended.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: The size of the bastion instances.
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: "t2.micro"
Type: String
BastionRootVolumeSize:
Description: The size of the root volume on the bastion instances.
Default: 10
Type: Number
BastionEnableTCPForwarding:
Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance
or not.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via the bootstrapping of the bastion host.
Setting this value to true will enable X Windows over SSH.
X11 forwarding can be very useful but it is also a security risk, so we recommend
that you keep the default (false) setting unless required.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOS:
Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-14.04-LTS-HVM"
- "Ubuntu-Server-16.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux-HVM"
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory pods to complete your HA deployment.
Minimum number of 2 to fit the Artifactory best practices. Do not select more than
you license for.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryVersion:
Description: The version of Artifactory that you want to deploy into the Quick Start.
Please see the release notes to select the version you want to deploy.
https://www.jfrog.com/confluence/display/RTF/Release+Notes
#AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
#ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 6.15.0
Type: String
ArtifactoryDeploymentSize:
Description: Configuration settings implemented by the Helm chart. There are currently three supported sizes.
'Large:' Memory request of 6 GiB, memory limit of 10GiB; CPU request of 4, CPU limit of 8; Java heap size minimum of 6 GB, maximum of 8 GB.
'Medium:' Memory request of 4 GiB, memory limit of 8 GiB; CPU request of 2, CPU limit of 6; Java heap size minimum of 4 GB, maximum of 6 GB.
'Small:' Memory request of 4 GiB, memory limit of 6 GiB; CPU request of 2, CPU limit of 4; Java heap size of 4 GB.
AllowedValues:
- Small
- Medium
- Large
Default: Medium
Type: String
SMLicensesName:
Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses.
Type: String
Certificate:
Description: The certificate file to be used to terminate SSL.
AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$
ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- "
Type: String
CertificateKey:
Description: The private key for the certificate.
AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$
ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----"
NoEcho: 'true'
Type: String
CertificateDomain:
Description: The domain matching that of the certificate. Ensure that it matches your certificate.
AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$
ConstraintDescription: The domain must not start or end with a '.'
Type: String
PrivateRepoUsername:
Description: Username to include for private RPM repository
NoEcho: 'true'
Type: String
PrivateRepoApiKey:
Description: Api Key for private RPM repository
NoEcho: 'true'
Type: String
MasterKey:
Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
DatabaseName:
Description: The name for your DB instance. The name must be unique across all DB instances
owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive,
but is stored as all lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: The database engine that you want to run, currently locked to MySQL.
AllowedValues:
- MySQL
Default: MySQL
Type: String
DatabaseVersion:
Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions
supported by Artifactory and RDS.
AllowedValues:
- 5.5
- 5.6
- 5.7
Default: 5.7
Type: String
DatabaseUser:
Description: The login ID for the master user of your DB instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter
Default: artifactory
Type: String
DatabasePassword:
Description: The password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: The size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.t3.medium
- db.m3.medium
- db.m3.large
- db.m3.xlarge
- db.m3.2xlarge
- db.m4.large
- db.m4.xlarge
- db.m4.2xlarge
- db.m4.10xlarge
- db.m4.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.t3.medium
Type: String
DBAllocatedStorage:
Description: The size in GB of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
MultiAZDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription:
Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
(-).
Default: aws-quickstart
Description:
S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
Type: String
QSS3KeyPrefix:
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription:
Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Description:
S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
Type: String
LambdaZipsBucketName:
Description: '[OPTIONAL] The name of the S3 bucket where the Lambda .zip
files should be placed. If you leave this parameter blank, an S3 bucket will be created.'
Default: ''
Type: String
Rules:
EKSSupport:
Assertions:
- AssertDescription: Your AWS Region does *NOT* yet support Amazon EKS
Assert: !Contains
- - us-west-2
- us-east-1
- us-east-2
- eu-west-1
- eu-west-2
- eu-west-3
- eu-north-1
- eu-central-1
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ap-northeast-2
- ap-south-1
- !Ref 'AWS::Region'
Resources:
EKSStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks.template.yaml"
Parameters:
KeyPairName: !Ref KeyPairName
RemoteAccessCIDR: !Ref RemoteAccessCIDR
AdditionalEKSAdminArns: !Join [ ",", !Ref AdditionalEKSAdminArns ]
VPCID: !Ref VPCID
PrivateSubnet1ID: !Ref PrivateSubnet1ID
PrivateSubnet2ID: !Ref PrivateSubnet2ID
PrivateSubnet3ID: !Ref PrivateSubnet3ID
PublicSubnet1ID: !Ref PublicSubnet1ID
PublicSubnet2ID: !Ref PublicSubnet2ID
PublicSubnet3ID: !Ref PublicSubnet3ID
KubernetesVersion: !Ref KubernetesVersion
NodeInstanceType: !Ref NodeInstanceType
NumberOfNodes: '1' # 1 for the Artifactory master?
NodeGroupName: "artifactory-primary"
NodeVolumeSize: !Ref NodeVolumeSize
KubeConfigKmsContext: !Ref KubeConfigKmsContext
BootstrapArguments: "--kubelet-extra-args '--node-labels=partition=artifactory-primary'"
ProvisionBastionHost: !Ref ProvisionBastionHost
BastionInstanceType: !Ref BastionInstanceType
BastionOS: !Ref BastionOS
BastionRootVolumeSize: !Ref BastionRootVolumeSize
BastionEnableTCPForwarding: !Ref BastionEnableTCPForwarding
BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-amazon-eks/"
LambdaZipsBucketName: !Ref LambdaZipsBucketName
ArtifactorySecondaryNodesStack:
Type: "AWS::CloudFormation::Stack"
Properties:
TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks-nodegroup.template.yaml'
Parameters:
KeyPairName: !Ref KeyPairName
PrivateSubnet1ID: !Ref PrivateSubnet1ID
PrivateSubnet2ID: !Ref PrivateSubnet2ID
PrivateSubnet3ID: !Ref PrivateSubnet3ID
VPCID: !Ref VPCID
NodeInstanceType: !Ref NodeInstanceType
NumberOfNodes: !Ref NumofSecondaryNodes
NodeGroupName: "artifactory-secondary"
NodeVolumeSize: !Ref NodeVolumeSize
EKSControlPlane: !GetAtt EKSStack.Outputs.EKSClusterName
ControlPlaneSecurityGroup: !GetAtt EKSStack.Outputs.ControlPlaneSecurityGroup
NodeInstanceProfile: !GetAtt EKSStack.Outputs.NodeInstanceProfile
NodeInstanceRoleName: !GetAtt EKSStack.Outputs.NodeInstanceRoleName
KubernetesVersion: !Ref KubernetesVersion
BootstrapArguments: "--kubelet-extra-args '--node-labels=partition=artifactory-secondary'"
# Allow the bastion host to SSH into the secondary node pools
BastionToRegularIngress:
Type: "AWS::EC2::SecurityGroupIngress"
Properties:
Description: Allow SSH from Bastion server to Regular Nodes
GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup
SourceSecurityGroupId: !GetAtt EKSStack.Outputs.BastionSecurityGroup
IpProtocol: tcp
ToPort: 22
FromPort: 22
# Allow the secondary node pools to bidirectionally communicate with "initial" (master) nodes
RegularToMasterIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Allows regular nodes to communicate with master nodes
GroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup
SourceSecurityGroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup
IpProtocol: '-1'
FromPort: 0
ToPort: 65535
MasterToRegularIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Allows master nodes to communicate with regular agent nodes
GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup
SourceSecurityGroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup
IpProtocol: '-1'
FromPort: 0
ToPort: 65535
ArtifactoryCoreInfraStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml"
Parameters:
VPCID: !Ref VPCID
VPCCIDR: !Ref VPCCIDR
PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR
PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR
PrivateSubnet3CIDR: !Ref PrivateSubnet3CIDR
SubnetIds: !Join [ ",", [ !Ref PrivateSubnet1ID, !Ref PrivateSubnet2ID, !Ref PrivateSubnet3ID ]]
DBAllocatedStorage: !Ref DBAllocatedStorage
MultiAZDatabase: !Ref MultiAZDatabase
DatabaseEngine: !Ref DatabaseEngine
DatabaseVersion: !Ref DatabaseVersion
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseName: !Ref DatabaseName
ArtifactoryCoreStack:
DependsOn: ArtifactorySecondaryNodesStack
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-eks-core-workload.template.yaml"
Parameters:
KubeManifestLambdaArn: !GetAtt EKSStack.Outputs.KubeManifestLambdaArn
HelmLambdaArn: !GetAtt EKSStack.Outputs.HelmLambdaArn
KubeConfigPath: !GetAtt EKSStack.Outputs.KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
KubeGetLambdaArn: !GetAtt EKSStack.Outputs.KubeGetLambdaArn
NumberOfSecondary: !Ref NumberOfSecondary
AccessCIDR: !Ref AccessCIDR
ArtifactoryLicense1: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense1}}'
ArtifactoryLicense2: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense2}}'
ArtifactoryLicense3: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense3}}'
ArtifactoryLicense4: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense4}}'
CertificateKey: !Ref CertificateKey
Certificate: !Ref Certificate
CertificateDomain: !Ref CertificateDomain
PrivateRepoUsername: !Ref PrivateRepoUsername
PrivateRepoApiKey: !Ref PrivateRepoApiKey
ArtifactoryIAMAcessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.IAMAcessKey
SecretAccessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.SecretAccessKey
ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket
ArtifactoryDBEndpointAddress: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryDBEndpointAddress
DatabaseName: !Ref DatabaseName
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
MasterKey: !Ref MasterKey
ArtifactoryVersion: !Ref ArtifactoryVersion
ArtifactoryDeploymentSize: !Ref ArtifactoryDeploymentSize
Outputs:
ArtifactoryUrl:
Value: !GetAtt ArtifactoryCoreStack.Outputs.ArtifactoryUrl
Description: Public Artifactory URL
BastionIP:
Value: !GetAtt EKSStack.Outputs.BastionIP
Description: Bastion host IP, for admin access via SSH
KubeConfigPath:
Value: !GetAtt EKSStack.Outputs.KubeConfigPath
Description: (Advanced) Amazon S3 bucket containing encrypted Kubernetes config which can be used to access the Kubernetes API.

598
CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-master.template.yaml Executable file
View File

@@ -0,0 +1,598 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCIDR
- RemoteAccessCIDR
- AdditionalEKSAdminArns
- KubeConfigKmsContext
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- VPCCIDR
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- PrivateSubnet3CIDR
- PublicSubnet1CIDR
- PublicSubnet2CIDR
- PublicSubnet3CIDR
- Label:
default: Bastion configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOS
- BastionRootVolumeSize
- BastionEnableTCPForwarding
- BastionEnableX11Forwarding
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- ArtifactoryDeploymentSize
- NumberOfSecondary
- SMLicensesName
- Certificate
- CertificateKey
- CertificateDomain
- MasterKey
- PrivateRepoUsername
- PrivateRepoApiKey
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseName
- DatabaseEngine
- DatabaseVersion
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DBAllocatedStorage
- MultiAZDatabase
- Label:
default: EC2/EKS configuration
Parameters:
- NodeInstanceType
- NodeVolumeSize
- NumofSecondaryNodes
- KubernetesVersion
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- LambdaZipsBucketName
ParameterLabels:
KeyPairName:
default: SSH key name
AccessCIDR:
default: Permitted IP range
RemoteAccessCIDR:
default: Remote access CIDR
AdditionalEKSAdminArns:
default: Additional EKS admin ARNs
KubeConfigKmsContext:
default: Kubernetes config KMS context
AvailabilityZones:
default: Availability Zones
VPCCIDR:
default: VPC CIDR
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
PrivateSubnet3CIDR:
default: Private subnet 3 CIDR
PublicSubnet1CIDR:
default: Public subnet 1 CIDR
PublicSubnet2CIDR:
default: Public subnet 2 CIDR
PublicSubnet3CIDR:
default: Public subnet 3 CIDR
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTCPForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOS:
default: Bastion operating system
NumberOfSecondary:
default: Number of secondary pods
ArtifactoryVersion:
default: Artifactory version
ArtifactoryDeploymentSize:
default: Artifactory deployment size
SMLicensesName:
default: Artifactory licenses secret name
Certificate:
default: Certificate
CertificateKey:
default: Certificate key
CertificateDomain:
default: Certificate domain
PrivateRepoUsername:
default: Username to include for private RPM repository
PrivateRepoApiKey:
default: Api Key for private RPM repository
MasterKey:
default: Master server key
DatabaseName:
default: Database name
DatabaseEngine:
default: Database engine
DatabaseVersion:
default: Database version
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DBAllocatedStorage:
default: Database allocated storage
MultiAZDatabase:
default: High available database
NodeInstanceType:
default: Node instance type
NodeVolumeSize:
default: Node EBS volume size
NumofSecondaryNodes:
default: Number of secondary nodes
KubernetesVersion:
default: Kubernetes version
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
LambdaZipsBucketName:
default: Lambda zips bucket name
Parameters:
KeyPairName:
Description: The name of an existing public/private key pair, which allows you
to securely connect to your instance after it launches.
Type: AWS::EC2::KeyPair::KeyName
AccessCIDR:
Description: The CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCIDR:
Description:
The remote CIDR range for allowing SSH into the Bastion instance.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant specific ranges inside your corporate network SSH access.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Type: String
AdditionalEKSAdminArns:
Description: '[OPTIONAL] The Amazon Resource Names (ARNs): a comma-separated list of IAM users and roles to be granted admin access to the EKS cluster.'
Default: ""
Type: CommaDelimitedList
KubeConfigKmsContext:
Description: String value used by KMS to encrypt/decrypt Kubernetes configuration file.
Default: "JFrogArtifactory"
Type: String
AvailabilityZones:
Description:
The list of Availability Zones to use for the subnets in the VPC. Three
Availability Zones are used for this deployment, and the logical order of your
selections is preserved.
Type: List<AWS::EC2::AvailabilityZone::Name>
VPCCIDR:
Description: The CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PrivateSubnet1CIDR:
Description: The CIDR block for private subnet 1 located in Availability Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2CIDR:
Description: The CIDR block for private subnet 2 located in Availability Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PrivateSubnet3CIDR:
Description: The CIDR block for private subnet 3 located in Availability Zone 3.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Type: String
PublicSubnet1CIDR:
Description:
The CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Type: String
PublicSubnet2CIDR:
Description:
The CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Type: String
PublicSubnet3CIDR:
Description: The CIDR block for the public (DMZ) subnet 3 located in Availability Zone 3.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.160.0/20
Type: String
NodeInstanceType:
Description: The Amazon EC2 instance type for the nodes hosting the Kubernetes pods.
AllowedValues:
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
ConstraintDescription: Must be a valid EC2 instance type.
Default: m4.xlarge
Type: String
NodeVolumeSize:
Description: The size of EBS volumes for master node instances, in GB.
Default: 200
Type: String
NumofSecondaryNodes:
Description: The initial number of secondary node instances to create.
If you do not have large enough instances to boot the number of secondary pods, the deployment will fail.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
KubernetesVersion:
Description: The Kubernetes control plane version.
AllowedValues: [ "1.13", "1.12", "1.11" ]
Default: "1.13"
Type: String
ProvisionBastionHost:
Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being
created in private subnets, the default setting of Enabled this is highly recommended.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: The size of the bastion instances.
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: "t2.micro"
Type: String
BastionRootVolumeSize:
Description: The size of the root volume on the bastion instances.
Default: 10
Type: Number
BastionEnableTCPForwarding:
Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance
or not.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via the bootstrapping of the bastion host.
Setting this value to true will enable X Windows over SSH.
X11 forwarding can be very useful but it is also a security risk, so we recommend
that you keep the default (false) setting unless required.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOS:
Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-14.04-LTS-HVM"
- "Ubuntu-Server-16.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux-HVM"
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory pods to complete your HA deployment.
Minimum number of 2 to fit the Artifactory best practices. Do not select more than
you license for.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryVersion:
Description: The version of Artifactory that you want to deploy into the Quick Start.
Please see the release notes to select the version you want to deploy.
https://www.jfrog.com/confluence/display/RTF/Release+Notes
#AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
#ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 6.15.0
Type: String
ArtifactoryDeploymentSize:
Description: Configuration settings implemented by the Helm chart. There are currently three supported sizes.
'Large:' Memory request of 6 GiB, memory limit of 10GiB; CPU request of 4, CPU limit of 8; Java heap size minimum of 6 GB, maximum of 8 GB.
'Medium:' Memory request of 4 GiB, memory limit of 8 GiB; CPU request of 2, CPU limit of 6; Java heap size minimum of 4 GB, maximum of 6 GB.
'Small:' Memory request of 4 GiB, memory limit of 6 GiB; CPU request of 2, CPU limit of 4; Java heap size of 4 GB.
AllowedValues:
- Small
- Medium
- Large
Default: Medium
Type: String
SMLicensesName:
Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses.
Type: String
Certificate:
Description: The certificate file to be used to terminate SSL.
AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$
ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- "
Type: String
CertificateKey:
Description: The private key for the certificate.
AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$
ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----"
NoEcho: 'true'
Type: String
CertificateDomain:
Description: The domain matching that of the certificate. Ensure that it matches your certificate.
AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$
ConstraintDescription: The domain must not start or end with a '.'
Type: String
PrivateRepoUsername:
Description: Username to include for private RPM repository
NoEcho: 'true'
Type: String
PrivateRepoApiKey:
Description: Api Key for private RPM repository
NoEcho: 'true'
Type: String
MasterKey:
Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
DatabaseName:
Description: The name for your DB instance. The name must be unique across all DB instances
owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive,
but is stored as all lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: The database engine that you want to run, currently locked to MySQL.
AllowedValues:
- MySQL
Default: MySQL
Type: String
DatabaseVersion:
Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions
supported by Artifactory and RDS.
AllowedValues:
- 5.5
- 5.6
- 5.7
Default: 5.7
Type: String
DatabaseUser:
Description: The login ID for the master user of your DB instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter
Default: artifactory
Type: String
DatabasePassword:
Description: The password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: The size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.t3.medium
- db.m3.medium
- db.m3.large
- db.m3.xlarge
- db.m3.2xlarge
- db.m4.large
- db.m4.xlarge
- db.m4.2xlarge
- db.m4.10xlarge
- db.m4.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.t3.medium
Type: String
DBAllocatedStorage:
Description: The size in GB of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
MultiAZDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription:
Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
(-).
Default: aws-quickstart
Description:
S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
Type: String
QSS3KeyPrefix:
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription:
Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Description:
S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
Type: String
LambdaZipsBucketName:
Description: '[OPTIONAL] The name of the S3 bucket where the Lambda .zip
files should be placed. If you leave this parameter blank, an S3 bucket will be created.'
Type: String
Default: ''
Rules:
EKSSupport:
Assertions:
- AssertDescription: Your AWS Region does *NOT* yet support Amazon EKS
Assert: !Contains
- - us-west-2
- us-east-1
- us-east-2
- eu-west-1
- eu-west-2
- eu-west-3
- eu-north-1
- eu-central-1
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ap-northeast-2
- ap-south-1
- !Ref 'AWS::Region'
Resources:
VPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template
Parameters:
KeyPairName: !Ref KeyPairName
AvailabilityZones: !Join [",", !Ref AvailabilityZones]
NumberOfAZs: '3'
VPCCIDR: !Ref VPCCIDR
PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR'
PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR'
PrivateSubnet3ACIDR: !Ref 'PrivateSubnet3CIDR'
PrivateSubnetATag2: "kubernetes.io/role/internal-elb="
PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR'
PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR'
PublicSubnet3CIDR: !Ref 'PublicSubnet3CIDR'
PublicSubnetTag2: "kubernetes.io/role/elb="
ArtifactoryEKSExistingVPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-eks-existing-vpc.template.yaml'
Parameters:
KeyPairName: !Ref KeyPairName
AccessCIDR: !Ref AccessCIDR
RemoteAccessCIDR: !Ref RemoteAccessCIDR
AdditionalEKSAdminArns: !Join [ ",", !Ref AdditionalEKSAdminArns ]
KubeConfigKmsContext: !Ref KubeConfigKmsContext
VPCID: !GetAtt VPCStack.Outputs.VPCID
VPCCIDR: !Ref VPCCIDR
PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID'
PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID'
PrivateSubnet3ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID'
PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID'
PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID'
PublicSubnet3ID: !GetAtt 'VPCStack.Outputs.PublicSubnet3ID'
PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR
PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR
ProvisionBastionHost: !Ref ProvisionBastionHost
BastionInstanceType: !Ref BastionInstanceType
BastionOS: !Ref BastionOS
BastionRootVolumeSize: !Ref BastionRootVolumeSize
BastionEnableTCPForwarding: !Ref BastionEnableTCPForwarding
BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
ArtifactoryVersion: !Ref ArtifactoryVersion
ArtifactoryDeploymentSize: !Ref ArtifactoryDeploymentSize
NumberOfSecondary: !Ref NumberOfSecondary
SMLicensesName: !Ref SMLicensesName
Certificate: !Ref Certificate
CertificateKey: !Ref CertificateKey
CertificateDomain: !Ref CertificateDomain
PrivateRepoUsername: !Ref PrivateRepoUsername
PrivateRepoApiKey: !Ref PrivateRepoApiKey
MasterKey: !Ref MasterKey
DatabaseName: !Ref DatabaseName
DatabaseEngine: !Ref DatabaseEngine
DatabaseVersion: !Ref DatabaseVersion
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DBAllocatedStorage: !Ref DBAllocatedStorage
MultiAZDatabase: !Ref MultiAZDatabase
KubernetesVersion: !Ref KubernetesVersion
NodeInstanceType: !Ref NodeInstanceType
NodeVolumeSize: !Ref NodeVolumeSize
NumofSecondaryNodes: !Ref NumofSecondaryNodes
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
LambdaZipsBucketName: !Ref LambdaZipsBucketName
Outputs:
ArtifactoryUrl:
Value: !GetAtt ArtifactoryEKSExistingVPCStack.Outputs.ArtifactoryUrl
Description: Public Artifactory URL
BastionIP:
Value: !GetAtt ArtifactoryEKSExistingVPCStack.Outputs.BastionIP
Description: Bastion host IP, for admin access via SSH
KubeConfigPath:
Value: !GetAtt ArtifactoryEKSExistingVPCStack.Outputs.KubeConfigPath
Description: (Advanced) Amazon S3 bucket containing encrypted Kubernetes config which can be used to access the Kubernetes API.