The site that you are currently viewing is a static version of the Software Factory documentation delivered with the

version v7.2.
For up-to-date documentation, see the latest version.

Artifactory

1. Application

Reference:LLD – Software Factory as a Product - Artifactory
Type & Classification:Product
Step:Continuous Delivery
Bid/Project/Product Name & ID:Software Factory as a Product (SWaaP)
Solution Level:Digital product
Solution Name:Software Factory as a Product
Solution description:As deployed, create and update a Software Factory
Key Products/Solution:

2. Introduction

2.1 Document purpose

This document is a low level design - LLD which aims to describe how the architecture evoked in high level design - HLD will be implemented. This document will describe the protocols used in the target architecture, how to implement them and any modifications made to their default behavior. Once validated by Thales, this document will then serve as a basis for the implementation of configurations on equipment.

2.2 Document scope

This document is not a manual and is not intended to replace the reference literature describing with great precision all network protocols.

The protocols used will be briefly described as well as the modifications made to their default behavior.

2.3 Referenced documentation

Document referenceDocument Name
TASDTechnical Architecture and Security Document of SWaaP
SCOM-ArtifactorySoftware Center Operation Manual of Artifactory

3. Component general description

This component is part of Software Factory as a Product (SWaaP), and it is visible in the TASD .

This component permits to expose artifacts management services to any Software engineer (end user of SWaaP). It is based on JFrog Artifactory COTS. Those artifacts can be managed using:

  • Artifactory UI
  • Artifactory API(s) and any compatible CLI.

4. Functional & Business Requirements

No formal list of requirements has been expressed by clients. It is designed and developed based on business use cases.

4.1 Feature summary

Feature NameLevel of availability (EA/GA)Value
Artifacts storageGAStore your artifacts for your project needs
Artifacts SharingGAShare your artifact
Proxy of public artifactsGAAccess public artifacts from popular repositories like officials mvn, npm, Docker etc.
Proxy of other Artifactory repositoryGAAccess to lower level of sensitivity Software Factory artifacts.

4.2 Prerequisites

Every prerequisites of the product are applicable to this component. In detail:

4.3 Variability

The component is delivered with no set of plugin. Only this configuration is supported.

Any plugin is considered as unsupported. Installing an unsupported plugin expose the Operations team to a risk: the product may break the compatibility unexpectedly. As soon as one unsupported plugin is installed, the Product team can no longer guarantee support and may charge part or full support effort as Professional Service.

As with any Software Factory component, a plugin may no longer be supported during the Software Factory product lifecycle. In this case, this note will be updated, and the release note of the first version in which the plugin was removed will document it as a breaking change.

5. Architecture decision record

Here is a list of decisions:

Ref.Date/StatusDescription
ADR-ART-0012022/09Add Artifactory as a component of the Software Factory as a Product (SWaaP). See ADR001 in TASD .

Table 3 - List of architecture decision record.

5.1 ADR-ART-001: Add Artifactory as a component of the product

5.1.1 Status: Accepted

5.1.2 Context

  • See ADR001 in TASD .

5.1.3 Decision

  • Introduce Artifactory in the product from its current implementation on TDP C2 & TDP C3-CA

5.1.4 Consequences

6. Architecture description

6.1 Business architecture and allocation to services

You will find in Figure 1 business architecture for software code and CI/CD engineering allocated to services:

[Figure 1 ](../../../tasd/allocated_business_archi.drawio.svg)

Figure 1 - Business architecture allocated to services.

Note: in dash, external items.

6.2 Application architecture

Physical architecture is described in Figure 2 :

Figure 2

Figure 2 - Physical architecture

Artifactory is using these external services:

  • A Software Factory or mirror for deployment (PRE_001)
  • Kubernetes with Flux (PRE_002, PRE_003)
  • Persistent storage to store the configuration and cache (PRE_004)
  • Ingress with TLS and DNS resolution associated for one entry point and certificates, classically https://artifactory.SF-DOMAIN (PRE_005, PRE_006, PRE_007)
  • Object storage to store artefact (PRE_008); we recommend S3 or Azure Blob Storage but Artifactory supports several filestore . Alternative for non production can be pvc.
  • IAM (PRE_009); we recommend SAML SSO. See IAM
  • Mail server (PRE_014); you can configure is using Artifactory mail server configuration documentation
  • Database (PRE_015); we recommend Managed PostgreSQL database. Alternative can be internal to namespace provided PostgreSQL database that is provided with the product.

Artifactory System Architecture Diagram in Figure 3

Figure 3

Figure 3 - Artifactory HLD architecture

Artifactory product contains the following microservices:

  • Artifactory Service is the main application service.

  • Router - the central hub for communication between all the microservices and all the products in the JPD.

  • Access - the authentication server and service registry. Manages users, groups, permissions, and access tokens for all products in the JPD.

  • [NEW] Topology is a service registry that streamlines platform topology management. It is extracted from Access. (from Artifactory version >= 7.104)

  • [NEW] One Model is a centralized hub for all GraphQL APIs that defines a mechanism for creating and maintaining a unified model of entities managed by the JFrog Platform, promoting a common language used by all JFrog products and services. This also includes a third-party service called Apollo Router. (from Artifactory version >= 7.104)

  • Event is a distribution mechanism for JFrog products. Distributes webhook events to external systems.

  • Frontend - the application user interface (UI for the entire JPD).

  • JFConnect - fetches the entitlements from the subscription into a JPD. See JFConnect Microservice

  • Metadata - serves the Packages screen in the JPD UI.

  • Observability consolidates logs and metrics in the service.

  • [NEW] JFConfig - can be used by other JFrog services to store configuration in a key-value format in DB in a centralized way. (from Artifactory version >= 7.104)

  • [NEW] Evidence enables the signing of CRD evidences for Artifacts, Builds, Packages, or Release bundles. (from Artifactory version >= 7.111)

  • [NEW] Artifactory Federation Service (RTFS) synchronizes huge volumes of artifact metadata between customer sites. See Artifactory Federation Service . (from Artifactory version >=7.104 and is disabled by default)

  • Mission Control is the single access point to manage multiple JPDs. See Installing Mission Control . (available with an Enterprise+ license)

  • JFBus is an event-streaming service that serves as the primary event processing and communication hub across the JFrog Platform. This service is disabled.

6.2.1 User management

This role matrix has been defined in TASD:

User roleDescription user roleComment
UC1End user / Software engineerPerson that can write in a solution/product/project tenant
UC2ReaderPerson that can read content of a solution/product/project tenant
UC3Tenant ownerPerson that can administrate a solution/product/project tenant
UC4Software Factory application adminPerson that can administrate Software Factory instance components
UC5Software Factory system adminPerson that can administrate the deployment/upgrade of the Software Factory instance
UC6Software Factory tribePerson that are delivering asset to deploy/upgrade a Software Factory instance

For Artifactory, a tenant is a consistent set of repositories / permissions / project(s).

6.2.2 RACI

In addition of global RACI (Responsible, Accountable, Consulted, Informed) of the SWaaP defined in TASD:

ActionUC4UC1
Grant access to ArtifactoryR/A
Create an Artifactory PermissionR/A
Create an Artifactory repository without assignation to a projectR/A
Manage an Artifactory permissions through Permission systemR/A
Manage repositorie permissions through Permission systemR/A
Create an Artifactory ProjectR/A
Create a Repository in the Artifactory ProjectR/A
Manage users in the ProjectR/A
Assign existing repositories to the ProjectR/A
Create a local Artifactory groupR/A
Add a member to a local Artifactory groupR/A
Remove a member from a local Artifactory groupR/A
Consult the list of local Artifactory group membersR/A
Adding a local Artifactory group to a PermissionR/A
Adding a local Artifactory group to a ProjectR/A
Increase Project storage quotaR/A

6.3 Delivery

Component is part of the Software Factory as a Product (SWaaP) delivery. See TASD for more details.

6.3.1 Latest Version

6.3.2 Version Chart 107.146.17 / Artifactory 7.146.17

6.4 Infrastructure architecture

6.4.1 Software Factory API

Here is a list of services that can be integrated with the Artifactory.

Ref.NameRequiredDescription
SFE01Flux → Git in Software Factory for deploymentMandatoryCode in a Git server for deployment of the product
SFE02Flux → Registry in Software Factory for deploymentMandatoryRegistries with helm charts and containers for deployment of the product
SFE03Object StorageHighly recommendedComponents store data on Object Storage (S3/Azure blob storage)
SFE04IAM - SAML SSOHighly recommendedUsers should be authenticated using SAML SSO
SFE05End user notification (SMTP)Highly recommendedNotification should be sent via mail using SMTP
SFE06Managed Databases (PostgreSQL)Mandatory for productionComponents store data in a PostgreSQL data base - Alternative is to use deploy embedded data base with the product
SFB02CLI or Runner → ArtifactoryMandatoryGitLab Runner or CLI should connect to Artifactory using Artifactory public API - NextGen-CICD can manage this API
SFE08User / applicative admin → Artifactory (and Xray)MandatoryUser and applicative admin should use Artifactory UI or public API to access to Artifactory or Xray
SFI04Xray → ArtifactoryMandatoryXray is integrated in Artifactory (it is accessible through Artifactory UI)
SFE10Artifactory ← Other ArtifactoryHighly recommendedArtifactory remote on a upper sensitive data domain pulling Artifactory repository on a lower sensitive data domain to upper

7. Operational and maintenance

In this chapter you will find strategy and policy. Detail implementation will be described in the SCOM-Artifactory .

7.1 Life cycle policy

Cadence of version is describe in the Product Lifecycle .

7.2 License

We support and recommend deployment with enterprise + Artifactory license.

7.3 Deployment

The component is deployed as a standard component using Flux and SWaaP packaging. See TASD for more details.

Configuration for the deployment is described in the SCOM-Artifactory .

7.4 IAM

We support and recommend integration with IAM using SAML SSO. This configuration can be done in Artifactory admin UI

7.5 Scaling

We support and recommend a configuration to manage 1k active users. For different sizing case, see JFrog documentation

7.6 Backup / restore

We recommend to manage point in time restore at platform level. Like that it is possible to restore synchronously:

  • volumes,
  • database,
  • and object storage.

For information, JFrog proposes a backup procedure

7.7 Monitoring

This chapter will be completed issue link

7.8 Logging

We recommend to apply the platform logging & SOC management strategy.