Install Artifactory with Helm Charts
Install JFrog Artifactory on Kubernetes or OpenShift self-managed clusters using Helm charts. Covers single-node and high-availability (HA) deployments with step-by-step instructions for configuration, verification, and troubleshooting.
Overview
To install JFrog Artifactory with Helm charts, add the jfrog Helm repository, generate master and join keys, and run helm upgrade --install artifactory jfrog/artifactory. This guide covers Kubernetes and OpenShift self-managed clusters for Artifactory 7.x, including single-node and high-availability (HA) deployments.
| Detail | Value |
|---|---|
| Artifactory version | 7.x (all releases) |
| Helm version | 3.17 or later |
| Default UI port | 8082 |
| Default admin credentials | admin / password — change on first login |
| HA minimum replicas | 2 (recommended: 3) |
| Helm chart | jfrog/artifactory from https://charts.jfrog.io |
Prerequisites for Installing Artifactory with Helm
Before you begin, verify the following:
- OS: JFrog-supported platform and OS
- Hardware: Meets minimum hardware sizing requirements
- Network: Meets JFrog's network requirements for JFrog products
- Kubernetes cluster: A functional cluster (GKE, EKS, AKS, OpenShift, or equivalent); see Helm chart requirements for supported cluster types
- Kubernetes version: 1.27 or later; see Helm chart requirements for the full compatibility matrix
- Helm 3.17+: Installed and configured to connect to your cluster; see Helm chart requirements
- OpenShift only: Cluster-admin permissions to configure
securityContextsettings - For Java requirements, supported browsers, and additional platform details, see Artifactory System Requirements
Install JFrog Artifactory using Helm
Follow the steps for your environment: Kubernetes or OpenShift. OpenShift requires one additional step — disabling securityContext in values.yaml — before installing the chart.
-
Add the JFrog Helm Charts repository
helm repo add jfrog https://charts.jfrog.io helm repo update -
Create unique master and join keys
Artifactory requires unique master and join keys. Default keys in
values.yamlare for demonstration only — never use them in production. Changing the master key after installation is very difficult.Option A: Environment variables
export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY} export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY}Option B: Kubernetes secrets (recommended for production)
# Master key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY} kubectl create secret generic my-masterkey-secret -n artifactory --from-literal=master-key=${MASTER_KEY} # Join key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY} kubectl create secret generic my-joinkey-secret -n artifactory --from-literal=join-key=${JOIN_KEY}Always pass the same keys on all future
helm installandhelm upgradecalls using--set artifactory.masterKey=${MASTER_KEY}or--set artifactory.masterKeySecretName=my-masterkey-secret. For more information, see Manage Keys. -
Install the Artifactory Helm chart
Note
When using a customized
values.yamlfile, attach a-fflag to each upgrade command.Install based on your deployment type:
Option A: Single-node
helm upgrade --install artifactory \ --set artifactory.masterKey=${MASTER_KEY} \ --set artifactory.joinKey=${JOIN_KEY} \ --namespace artifactory --create-namespace \ jfrog/artifactoryOption B: High Availability (HA) — recommended for new deployments
helm upgrade --install artifactory \ --set artifactory.replicaCount=3 \ --set artifactory.masterKey=${MASTER_KEY} \ --set artifactory.joinKey=${JOIN_KEY} \ --namespace artifactory --create-namespace \ jfrog/artifactoryMinimum replica count for HA is
2; recommended is3. -
Change the internal PostgreSQL password (optional)
If the Helm chart deployed an internal PostgreSQL database (default behavior), change PostgreSQL's auto-generated password for security. For more information, see Auto-generated Passwords (Internal PostgreSQL) and Set up Database.
-
Set up the filestore
The filestore is where Artifactory physically stores binaries.
- Single-node: A local filesystem is the default. Externalizing to a dedicated volume is recommended for easier management.
- HA: A shared filestore is mandatory (NFS, S3, Azure Blob Storage, Google Cloud Storage, or another supported solution). All nodes must have unified network access to this single shared filestore.
For Helm-specific storage modifications, see Advanced Storage Options.
-
Customize Artifactory configuration
For Helm deployments, configure Artifactory through the chart's
values.yamlfile. Do not edit thesystem.yamlfile directly on individual nodes. Forsystem.yamlparameter reference, see System YAML Configuration. To override defaults viavalues.yaml, see Overriding the Default System YAML File. -
Connect to Artifactory
It may take a few minutes for the LoadBalancer IP to become available.
# Watch until LoadBalancer IP is available: kubectl get svc --namespace <your-namespace> -w <release-name>-artifactory-nginx # Once available, get the URL: export SERVICE_IP=$(kubectl get svc --namespace <your-namespace> <release-name>-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP/Example output (release name
art77, namespaceart):Congratulations. You have just deployed JFrog Artifactory. 1. Get the Artifactory URL by running these commands: NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of the service by running 'kubectl get svc --namespace art -w art77-artifactory-nginx' export SERVICE_IP=$(kubectl get svc --namespace art art77-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP/ 2. Open Artifactory in your browser Default credential for Artifactory: user: admin password: password -
Install the HA license (HA only)
For HA setups, install the Artifactory HA license using the REST API, Artifactory UI, or a Kubernetes Secret. For more information, see .
-
Monitor Artifactory
To access logs and monitor Artifactory pods:
# Find pod names: kubectl --namespace <your-namespace> get pods # Stream logs for a pod: kubectl --namespace <your-namespace> logs -f <pod-name> -
Access the Artifactory UI
Open
http://<SERVER_HOSTNAME>:8082/in your browser. For HA, access through your load balancer pointing tohttp://<ARTIFACTORY_NODE_IP>:8082/on each node. -
Complete initial setup
On first access, the onboarding wizard guides you through:
- Change Default Admin Password: Default credentials are
admin/password. Change immediately. - Configure Base URL: Set the Base URL for your deployment. See Configure a Custom Base URL.
- Apply Licenses: Apply your Artifactory Pro or Enterprise license through the Onboarding Wizard.
- Change Default Admin Password: Default credentials are
Verify the Artifactory Installation
After installation, confirm JFrog Artifactory is running correctly.
-
Check pod status:
kubectl get pods --namespace artifactoryExpected: All pods show
Runningstatus. For HA, all replica pods areRunning. -
Check the health endpoint:
curl -f http://<LB-IP>/artifactory/api/system/pingExpected:
OK -
Access the UI:
Open
http://<LB-IP>:8082/ui/in your browser. Expected: The JFrog Artifactory login page loads.
Troubleshooting the Helm Installation
The following table covers common issues encountered during Artifactory Helm installation and their solutions.
| Symptom | Cause | Fix |
|---|---|---|
Pod stuck in Pending state | Insufficient cluster resources (CPU, RAM, or disk) | Increase node count or adjust resource limits in values.yaml |
| LoadBalancer IP not assigned | Cloud provider quota reached or misconfigured networking | Check cloud provider load balancer quota; verify cluster network settings |
| Cannot connect to database | Internal PostgreSQL pod not ready | Wait for the postgresql pod to reach Running; check logs with kubectl logs <postgresql-pod> |
| Master key error on upgrade | Master key not passed to helm upgrade | Always pass --set artifactory.masterKey=${MASTER_KEY} on every helm upgrade call |
securityContext errors on OpenShift | OpenShift strict security policies not accommodated | Disable securityContext in values.yaml per the OpenShift tab, step 3 |
Frequently Asked Questions
❓ What Helm version is required to install JFrog Artifactory?
A: Helm 3.17 or later is required. Helm 2 is not supported. Verify your version by running helm version — the output should show v3.17.x or later. See Helm requirements for the full compatibility list.
❓ What port does Artifactory listen on after a Helm installation?
A: Artifactory listens on port 8082 by default. The Nginx ingress pod handles incoming requests and routes them to the Artifactory service. Access the UI at http://<LB-IP>:8082/ui/ after the LoadBalancer IP is assigned.
❓ Can I install Artifactory on OpenShift using the standard Artifactory Helm chart?
A: Yes. The OpenShift installation uses the same jfrog/artifactory Helm chart. The only difference is that OpenShift requires securityContext settings to be disabled in values.yaml for Artifactory, PostgreSQL, RTFS, and Nginx. See the OpenShift tab, step 3 for the full values.yaml configuration.
❓ How do I upgrade Artifactory after installing with Helm?
A: Run helm upgrade artifactory jfrog/artifactory --set artifactory.masterKey=${MASTER_KEY} --set artifactory.joinKey=${JOIN_KEY} -n artifactory. Always pass the original master and join keys on every helm upgrade call — omitting them causes Helm to generate new keys, which breaks the existing installation.
❓ What are the default admin credentials for a new Helm installation?
A: The default credentials are username admin and password password. Change the password immediately through the onboarding wizard on first login. The wizard requires a password change before you can proceed to the main UI.
Next Steps
Updated 17 days ago