zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 16:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
dffdb33ae14a4e498c31d5e300692d1deafa4b63
JFrog-Cloud-Installers/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-existing-vpc.template.yaml
Arturo Aparicio 1e13be4f22 Structured files into more logical form
2019-11-26 15:44:29 -08:00

664 lines
26 KiB
YAML
Executable File
Raw Blame History

AWSTemplateFormatVersion: '2010-09-09'
Description: Deploys an EKS cluster with JFrog Artifactory into an existing VPC (qs-1q037efm3).
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCIDR
- RemoteAccessCIDR
- AdditionalEKSAdminArns
- KubeConfigKmsContext
- Label:
default: Network configuration
Parameters:
- VPCID
- VPCCIDR
- PrivateSubnet1ID
- PrivateSubnet2ID
- PrivateSubnet3ID
- PublicSubnet1ID
- PublicSubnet2ID
- PublicSubnet3ID
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- PrivateSubnet3CIDR
- Label:
default: Bastion configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOS
- BastionRootVolumeSize
- BastionEnableTCPForwarding
- BastionEnableX11Forwarding
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- ArtifactoryDeploymentSize
- NumberOfSecondary
- SMLicensesName
- Certificate
- CertificateKey
- CertificateDomain
- MasterKey
- PrivateRepoUsername
- PrivateRepoApiKey
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseName
- DatabaseEngine
- DatabaseVersion
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DBAllocatedStorage
- MultiAZDatabase
- Label:
default: EC2/EKS configuration
Parameters:
- KubernetesVersion
- NodeInstanceType
- NumofSecondaryNodes
- NodeVolumeSize
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- LambdaZipsBucketName
ParameterLabels:
KeyPairName:
default: SSH key name
AccessCIDR:
default: Permitted IP range
RemoteAccessCIDR:
default: Remote access CIDR
AdditionalEKSAdminArns:
default: Additional EKS admin ARNs
KubeConfigKmsContext:
default: Kubernetes config KMS context
VPCID:
default: VPC ID
VPCCIDR:
default: VPC CIDR
PublicSubnet1ID:
default: Public subnet 1 ID
PublicSubnet2ID:
default: Public subnet 2 ID
PublicSubnet3ID:
default: Public subnet 3 ID
PrivateSubnet1ID:
default: Private subnet 1 ID
PrivateSubnet2ID:
default: Private subnet 2 ID
PrivateSubnet3ID:
default: Private subnet 3 ID
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
PrivateSubnet3CIDR:
default: Private subnet 3 CIDR
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTCPForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOS:
default: Bastion operating system
ArtifactoryVersion:
default: Artifactory version
ArtifactoryDeploymentSize:
default: Artifactory deployment size
NumberOfSecondary:
default: Number of secondary pods
SMLicensesName:
default: Artifactory licenses secret name
Certificate:
default: Certificate
CertificateKey:
default: Certificate key
CertificateDomain:
default: Certificate domain
PrivateRepoUsername:
default: Username to include for private RPM repository
PrivateRepoApiKey:
default: Api Key for private RPM repository
MasterKey:
default: Master server key
DatabaseName:
default: Database name
DatabaseEngine:
default: Database engine
DatabaseVersion:
default: Database version
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DBAllocatedStorage:
default: Database allocated storage
MultiAZDatabase:
default: High available database
NodeInstanceType:
default: Node instance type
NodeVolumeSize:
default: Node EBS volume size
NumofSecondaryNodes:
default: Number of secondary nodes
KubernetesVersion:
default: Kubernetes version
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
LambdaZipsBucketName:
default: Lambda zips bucket name
Parameters:
KeyPairName:
Description: The name of an existing public/private key pair, which allows you
to securely connect to your instance after it launches.
Type: AWS::EC2::KeyPair::KeyName
AccessCIDR:
Description: The CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCIDR:
Description:
The remote CIDR range for allowing SSH into the Bastion instance.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant specific ranges inside your corporate network SSH access.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Type: String
AdditionalEKSAdminArns:
Description: '[OPTIONAL] The Amazon Resource Names (ARNs): a comma-separated list of IAM users and roles to be granted admin access to the EKS cluster.'
Default: ""
Type: CommaDelimitedList
KubeConfigKmsContext:
Description: String value used by KMS to encrypt/decrypt Kubernetes configuration file.
Default: "JFrogArtifactory"
Type: String
VPCID:
Description: The ID of your existing VPC for deployment (e.g., vpc-0343606e).
Type: AWS::EC2::VPC::Id
VPCCIDR:
Description: The CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PublicSubnet1ID:
Description: The ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-z0376dab).
Type: "AWS::EC2::Subnet::Id"
PublicSubnet2ID:
Description: The ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-a29c3d84).
Type: "AWS::EC2::Subnet::Id"
PublicSubnet3ID:
Description: The ID of the public subnet in Availability Zone 3 in your existing VPC (e.g., subnet-a29c3d84).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1ID:
Description: The ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet2ID:
Description: The ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b58c3d67).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet3ID:
Description: The ID of the private subnet in Availability Zone 3 in your existing VPC (e.g., subnet-b58c3d67).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1CIDR:
Description: The CIDR of the private subnet in Availability Zone 1 in your existing VPC (e.g., 10.0.0.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2CIDR:
Description: The CIDR of the private subnet in Availability Zone 2 in your existing VPC (e.g., 10.0.32.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PrivateSubnet3CIDR:
Description: The CIDR block for private subnet 3 located in Availability Zone 3 in your existing VPC (e.g., 10.0.64.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Type: String
NodeInstanceType:
Description: The Amazon EC2 instance type for the nodes hosting the Kubernetes pods.
AllowedValues:
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
ConstraintDescription: Must be a valid EC2 instance type
Default: m4.xlarge
Type: String
NodeVolumeSize:
Description: The size of EBS volumes for master node instances, in GB.
Default: 200
Type: String
NumofSecondaryNodes:
Description: The initial number of secondary node instances to create.
If you do not have large enough instances to boot the number of secondary pods, the deployment will fail.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
KubernetesVersion:
Description: The Kubernetes control plane version.
AllowedValues: [ "1.13", "1.12", "1.11" ]
Default: "1.13"
Type: String
ProvisionBastionHost:
Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being
created in private subnets, the default setting of Enabled this is highly recommended.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: The size of the bastion instances.
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: "t2.micro"
Type: String
BastionRootVolumeSize:
Description: The size of the root volume on the bastion instances.
Default: 10
Type: Number
BastionEnableTCPForwarding:
Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance
or not.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via the bootstrapping of the bastion host.
Setting this value to true will enable X Windows over SSH.
X11 forwarding can be very useful but it is also a security risk, so we recommend
that you keep the default (false) setting unless required.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOS:
Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-14.04-LTS-HVM"
- "Ubuntu-Server-16.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux-HVM"
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory pods to complete your HA deployment.
Minimum number of 2 to fit the Artifactory best practices. Do not select more than
you license for.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryVersion:
Description: The version of Artifactory that you want to deploy into the Quick Start.
Please see the release notes to select the version you want to deploy.
https://www.jfrog.com/confluence/display/RTF/Release+Notes
#AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
#ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 6.15.0
Type: String
ArtifactoryDeploymentSize:
Description: Configuration settings implemented by the Helm chart. There are currently three supported sizes.
'Large:' Memory request of 6 GiB, memory limit of 10GiB; CPU request of 4, CPU limit of 8; Java heap size minimum of 6 GB, maximum of 8 GB.
'Medium:' Memory request of 4 GiB, memory limit of 8 GiB; CPU request of 2, CPU limit of 6; Java heap size minimum of 4 GB, maximum of 6 GB.
'Small:' Memory request of 4 GiB, memory limit of 6 GiB; CPU request of 2, CPU limit of 4; Java heap size of 4 GB.
AllowedValues:
- Small
- Medium
- Large
Default: Medium
Type: String
SMLicensesName:
Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses.
Type: String
Certificate:
Description: The certificate file to be used to terminate SSL.
AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$
ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- "
Type: String
CertificateKey:
Description: The private key for the certificate.
AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$
ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----"
NoEcho: 'true'
Type: String
CertificateDomain:
Description: The domain matching that of the certificate. Ensure that it matches your certificate.
AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$
ConstraintDescription: The domain must not start or end with a '.'
Type: String
PrivateRepoUsername:
Description: Username to include for private RPM repository
NoEcho: 'true'
Type: String
PrivateRepoApiKey:
Description: Api Key for private RPM repository
NoEcho: 'true'
Type: String
MasterKey:
Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
DatabaseName:
Description: The name for your DB instance. The name must be unique across all DB instances
owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive,
but is stored as all lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: The database engine that you want to run, currently locked to MySQL.
AllowedValues:
- MySQL
Default: MySQL
Type: String
DatabaseVersion:
Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions
supported by Artifactory and RDS.
AllowedValues:
- 5.5
- 5.6
- 5.7
Default: 5.7
Type: String
DatabaseUser:
Description: The login ID for the master user of your DB instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter
Default: artifactory
Type: String
DatabasePassword:
Description: The password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: The size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.t3.medium
- db.m3.medium
- db.m3.large
- db.m3.xlarge
- db.m3.2xlarge
- db.m4.large
- db.m4.xlarge
- db.m4.2xlarge
- db.m4.10xlarge
- db.m4.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.t3.medium
Type: String
DBAllocatedStorage:
Description: The size in GB of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
MultiAZDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription:
Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
(-).
Default: aws-quickstart
Description:
S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
Type: String
QSS3KeyPrefix:
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription:
Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Description:
S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
Type: String
LambdaZipsBucketName:
Description: '[OPTIONAL] The name of the S3 bucket where the Lambda .zip
files should be placed. If you leave this parameter blank, an S3 bucket will be created.'
Default: ''
Type: String
Rules:
EKSSupport:
Assertions:
- AssertDescription: Your AWS Region does *NOT* yet support Amazon EKS
Assert: !Contains
- - us-west-2
- us-east-1
- us-east-2
- eu-west-1
- eu-west-2
- eu-west-3
- eu-north-1
- eu-central-1
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ap-northeast-2
- ap-south-1
- !Ref 'AWS::Region'
Resources:
EKSStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks.template.yaml"
Parameters:
KeyPairName: !Ref KeyPairName
RemoteAccessCIDR: !Ref RemoteAccessCIDR
AdditionalEKSAdminArns: !Join [ ",", !Ref AdditionalEKSAdminArns ]
VPCID: !Ref VPCID
PrivateSubnet1ID: !Ref PrivateSubnet1ID
PrivateSubnet2ID: !Ref PrivateSubnet2ID
PrivateSubnet3ID: !Ref PrivateSubnet3ID
PublicSubnet1ID: !Ref PublicSubnet1ID
PublicSubnet2ID: !Ref PublicSubnet2ID
PublicSubnet3ID: !Ref PublicSubnet3ID
KubernetesVersion: !Ref KubernetesVersion
NodeInstanceType: !Ref NodeInstanceType
NumberOfNodes: '1' # 1 for the Artifactory master?
NodeGroupName: "artifactory-primary"
NodeVolumeSize: !Ref NodeVolumeSize
KubeConfigKmsContext: !Ref KubeConfigKmsContext
BootstrapArguments: "--kubelet-extra-args '--node-labels=partition=artifactory-primary'"
ProvisionBastionHost: !Ref ProvisionBastionHost
BastionInstanceType: !Ref BastionInstanceType
BastionOS: !Ref BastionOS
BastionRootVolumeSize: !Ref BastionRootVolumeSize
BastionEnableTCPForwarding: !Ref BastionEnableTCPForwarding
BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-amazon-eks/"
LambdaZipsBucketName: !Ref LambdaZipsBucketName
ArtifactorySecondaryNodesStack:
Type: "AWS::CloudFormation::Stack"
Properties:
TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks-nodegroup.template.yaml'
Parameters:
KeyPairName: !Ref KeyPairName
PrivateSubnet1ID: !Ref PrivateSubnet1ID
PrivateSubnet2ID: !Ref PrivateSubnet2ID
PrivateSubnet3ID: !Ref PrivateSubnet3ID
VPCID: !Ref VPCID
NodeInstanceType: !Ref NodeInstanceType
NumberOfNodes: !Ref NumofSecondaryNodes
NodeGroupName: "artifactory-secondary"
NodeVolumeSize: !Ref NodeVolumeSize
EKSControlPlane: !GetAtt EKSStack.Outputs.EKSClusterName
ControlPlaneSecurityGroup: !GetAtt EKSStack.Outputs.ControlPlaneSecurityGroup
NodeInstanceProfile: !GetAtt EKSStack.Outputs.NodeInstanceProfile
NodeInstanceRoleName: !GetAtt EKSStack.Outputs.NodeInstanceRoleName
KubernetesVersion: !Ref KubernetesVersion
BootstrapArguments: "--kubelet-extra-args '--node-labels=partition=artifactory-secondary'"
# Allow the bastion host to SSH into the secondary node pools
BastionToRegularIngress:
Type: "AWS::EC2::SecurityGroupIngress"
Properties:
Description: Allow SSH from Bastion server to Regular Nodes
GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup
SourceSecurityGroupId: !GetAtt EKSStack.Outputs.BastionSecurityGroup
IpProtocol: tcp
ToPort: 22
FromPort: 22
# Allow the secondary node pools to bidirectionally communicate with "initial" (master) nodes
RegularToMasterIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Allows regular nodes to communicate with master nodes
GroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup
SourceSecurityGroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup
IpProtocol: '-1'
FromPort: 0
ToPort: 65535
MasterToRegularIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
Description: Allows master nodes to communicate with regular agent nodes
GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup
SourceSecurityGroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup
IpProtocol: '-1'
FromPort: 0
ToPort: 65535
ArtifactoryCoreInfraStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml"
Parameters:
VPCID: !Ref VPCID
VPCCIDR: !Ref VPCCIDR
PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR
PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR
PrivateSubnet3CIDR: !Ref PrivateSubnet3CIDR
SubnetIds: !Join [ ",", [ !Ref PrivateSubnet1ID, !Ref PrivateSubnet2ID, !Ref PrivateSubnet3ID ]]
DBAllocatedStorage: !Ref DBAllocatedStorage
MultiAZDatabase: !Ref MultiAZDatabase
DatabaseEngine: !Ref DatabaseEngine
DatabaseVersion: !Ref DatabaseVersion
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseName: !Ref DatabaseName
ArtifactoryCoreStack:
DependsOn: ArtifactorySecondaryNodesStack
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-eks-core-workload.template.yaml"
Parameters:
KubeManifestLambdaArn: !GetAtt EKSStack.Outputs.KubeManifestLambdaArn
HelmLambdaArn: !GetAtt EKSStack.Outputs.HelmLambdaArn
KubeConfigPath: !GetAtt EKSStack.Outputs.KubeConfigPath
KubeConfigKmsContext: !Ref KubeConfigKmsContext
KubeGetLambdaArn: !GetAtt EKSStack.Outputs.KubeGetLambdaArn
NumberOfSecondary: !Ref NumberOfSecondary
AccessCIDR: !Ref AccessCIDR
ArtifactoryLicense1: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense1}}'
ArtifactoryLicense2: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense2}}'
ArtifactoryLicense3: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense3}}'
ArtifactoryLicense4: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense4}}'
CertificateKey: !Ref CertificateKey
Certificate: !Ref Certificate
CertificateDomain: !Ref CertificateDomain
PrivateRepoUsername: !Ref PrivateRepoUsername
PrivateRepoApiKey: !Ref PrivateRepoApiKey
ArtifactoryIAMAcessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.IAMAcessKey
SecretAccessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.SecretAccessKey
ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket
ArtifactoryDBEndpointAddress: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryDBEndpointAddress
DatabaseName: !Ref DatabaseName
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
MasterKey: !Ref MasterKey
ArtifactoryVersion: !Ref ArtifactoryVersion
ArtifactoryDeploymentSize: !Ref ArtifactoryDeploymentSize
Outputs:
ArtifactoryUrl:
Value: !GetAtt ArtifactoryCoreStack.Outputs.ArtifactoryUrl
Description: Public Artifactory URL
BastionIP:
Value: !GetAtt EKSStack.Outputs.BastionIP
Description: Bastion host IP, for admin access via SSH
KubeConfigPath:
Value: !GetAtt EKSStack.Outputs.KubeConfigPath
Description: (Advanced) Amazon S3 bucket containing encrypted Kubernetes config which can be used to access the Kubernetes API.
Reference in New Issue View Git Blame Copy Permalink