|
| 1 | +# Integrating JFrog Xray with Coder Kubernetes Workspaces |
| 2 | + |
| 3 | +<div> |
| 4 | + <a href="https://github.com/matifali" style="text-decoration: none; color: inherit;"> |
| 5 | + <span style="vertical-align:middle;">Muhammad Atif Ali</span> |
| 6 | + <img src="https://github.com/matifali.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/> |
| 7 | + </a> |
| 8 | +</div> |
| 9 | +March 17, 2024 |
| 10 | + |
| 11 | +--- |
| 12 | + |
| 13 | +This guide will walk you through the process of adding |
| 14 | +[JFrog Xray](https://jfrog.com/xray/) integration to Coder Kubernetes workspaces |
| 15 | +using Coder's [JFrog Xray Integration](github.com/coder/coder-xray). |
| 16 | + |
| 17 | +## Prerequisites |
| 18 | + |
| 19 | +- A self-hosted JFrog Platform instance. |
| 20 | +- Kubernetes workspaces running on Coder. |
| 21 | + |
| 22 | +## Deploying the Coder Xray Integration |
| 23 | + |
| 24 | +1. Create a JFrog Platform |
| 25 | + [Access Token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens) |
| 26 | + with a user that has the read |
| 27 | + [permission](https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions) |
| 28 | + for the repositories you want to scan. |
| 29 | +2. Create a Coder |
| 30 | + [token](https://coder.com/docs/v2/latest/cli/tokens_create#tokens-create) |
| 31 | + with a user that has the |
| 32 | + [`owner`](https://coder.com/docs/v2/latest/admin/users#roles) role. |
| 33 | +3. Create kubernetes secrets for the JFrog Xray and Coder tokens. |
| 34 | + |
| 35 | +```bash |
| 36 | +kubectl create secret generic coder-token --from-literal=coder-token='<token>' |
| 37 | +kubectl create secret generic jfrog-token --from-literal=user='<user>' --from-literal=token='<token>' |
| 38 | +``` |
| 39 | + |
| 40 | +4. Deploy the Coder Xray integration. |
| 41 | + |
| 42 | +```bash |
| 43 | +helm repo add coder-xray https://helm.coder.com/coder-xray |
| 44 | + |
| 45 | +helm upgrade --install coder-xray coder-xray/coder-xray \ |
| 46 | + --namespace coder-xray \ |
| 47 | + --create-namespace \ |
| 48 | + --set namespace="<CODER_WORKSPACES_NAMESPACE>" \ # Replace with your Coder workspaces namespace |
| 49 | + --set coder.url="https://<your-coder-url>" \ |
| 50 | + --set coder.secretName="coder-token" \ |
| 51 | + --set artifactory.url="https://<your-artifactory-url>" \ |
| 52 | + --set artifactory.secretName="jfrog-token" |
| 53 | +``` |
| 54 | + |
| 55 | +### Updating the Coder template |
| 56 | + |
| 57 | +[`coder-xray`](https://github.com/coder/coder-xray) will scan all kubernetes |
| 58 | +workspaces in the specified namespace. It depends on the `image` available in |
| 59 | +Artifactory and indexed by Xray. To ensure that the images are available in |
| 60 | +Artifactory, update the Coder template to use the Artifactory registry. |
| 61 | + |
| 62 | +```tf |
| 63 | +image = "<ARTIFACTORY_URL>/<REPO>/<IMAGE>:<TAG>" |
| 64 | +``` |
| 65 | + |
| 66 | +> **Note**: To authenticate with the Artifactory registry, you may need to |
| 67 | +> create a |
| 68 | +> [Docker config](https://jfrog.com/artifactory/docs/docker/#docker-login) and |
| 69 | +> use it in the `imagePullSecrets` field of the kubernetes pod. See this |
| 70 | +> [guide](./image-pull-secret.md) for more information. |
| 71 | +
|
| 72 | + |
0 commit comments