# Install CloudDefense Helm on a Kubernetes Cluster

{% embed url="<https://youtu.be/iCSK1XLL-Xk>" %}

### &#x20;Prerequisite

A kubernetes cluster whose nodes have to linux/amd64 architecture&#x20;

### Development Environment

* Helm (v3 or above)&#x20;
* Kubernetes Cluster (kubectl)&#x20;
  * Minimum Requirement - 1 Node (2 vCPU 8 GB RAM)&#x20;
  * Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM)&#x20;

### Production Environment

* Helm (v3 or above)&#x20;
* Managed Postgres Instance for ex. AWS RDS (db.r5.large)&#x20;
* Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels

Node Groups Node Type

Node Groups Node Type

| Node Groups | Node Type              | Level     | Min Nodes | Max Nodes |
| ----------- | ---------------------- | --------- | --------- | --------- |
| external    | t3.medium (2vCPU 4GB)  | on-demand | 1         | 4         |
| auth        | t3.medium (2vCPUs 4GB) | on-demand | 1         | 4         |
| api         | c5.large (2vCPUs 4GB)  | on-demand | 1         | 4         |
| web         | t3.medium (2vCPUs 2GB) | on-demand | 1         | 4         |
| job         | C6i.large (2vCPUs 4GB) | spot      | 1         | 4         |

### Install Cluster Auto-Scaler

### Install Kafka

Download the kafka helm repo (bitnami)

````
```
helm repo add bitnami https://charts.bitnami.com/bitnami
`
````

Install kafka helm

````
            values.yaml

```
nodeSelector:
  label: external
```

```
helm install kafka bitnami/kafka -f values.yaml -–debug
```
````

### Install CloudDefense Helm

1. clone <https://github.com/CloudDefenseAI/charts> create roles, role binding and service accounts

````
```
kubectl apply -f cdefense/rbac
```
````

2\. create secrets

````
```
kubectl apply -f cdefense/secrets
```
````

3\. add helm repo

````
```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```
````

4\. Install cdefense

````
```
helm install cdefense cdefense/cdefense --debug 
```
````

4\. update/upgrade

````
```
helm upgrade cdefense cdefense/cdefense
```
````

## Configure CloudDefense Helm for SSO

In order to sign in with different identity providers (for ex. github), create ID and secrets

### Step 1: Create id, secrets for github

1. go to [github developer settings](https://github.com/settings/developers)&#x20;
2. Create a New OAuth App&#x20;
3. Homepage URL is the base\_url&#x20;
4. Authorization callback URL is https\://{base\_url}/auth/realms/cdefense/broker/github/endpoint

<figure><img src="https://lh3.googleusercontent.com/FOY_a11iPhYToQmgxQotgI52cNB8tYKl3gxdDaNPe4SopXf6YvjbCjVX2YrVbj1UUglAyjzfUCViKMFToJt7n5JHkjjfq3HvD5HMEJejHFels6BMjSM25ZvVOCwjPrL1rZDRdXDvi0wkYN3aClA1JMRJ4cXWdNzKG2Pgz6hLZBrc62K9Whc3YOwEDlP2JA" alt=""><figcaption></figcaption></figure>

### Create id, secrets for gitlab

<figure><img src="https://lh6.googleusercontent.com/EDQoSyrv2RL5se3EJJPwUBJe__c7ijPOqi0WV5uaoxgPAa4p9DGDAVx9F_6fI8QD_aKx0oDAuW_zcSkvxFUYEWTeHm1VPmtLMQcqOgmqwEi_LirLUhxeARgP4u8DPQL24UHfENuS47JoQxENP1C3UK8w9TlqrxVCfRsk0_DRURRblQneYYdXmLtikH6CFw" alt=""><figcaption></figcaption></figure>

### Create id, secrets for bitbucket

<figure><img src="https://lh5.googleusercontent.com/slYSJDmyCgEx3FG18w4lWygN9jOab-NNdwvNygLzYeW0GBqLnbGodnv6ocaFu9D-KjFhaLhhE4OZ4f95FFc7hb4wI60-UIRg5twRxBnb0IcuQQhGbrDVrdl9FN4AqrrWgkBap8pIlKYukaP0D6d8LLyinpgcAgi2x-z5gZhOQhhzfJvXGfMr-6eq2MKAKA" alt=""><figcaption></figcaption></figure>

### Create id, secrets of Microsoft

Create secrets on kubernetes cluster

1. Create a secret for authservice or use a yaml file

```
apiVersion: v1
kind: Secret
metadata:
  name: authservice-secrets
type: Opaque
stringData:
  SENDGRID_KEY: 
  GOOGLE_CLIENT_ID: 
  GOOGLE_CLIENT_SECRET: 
  GITHUB_CLIENT_ID: 
  GITHUB_CLIENT_SECRET: 
  GITLAB_APPLICATION_ID: 
  GITLAB_APPLICATION_SECRET: 
  BITBUCKET_KEY: 
  BITBUCKET_SECRET: 
  MICROSOFT_CLIENT_ID: 
  MICROSOFT_CLIENT_SECRET: 
```

2\. Restart authservice pod

```
kubectl apply -f authservice-secrets.yaml
```

### Configure CloudDefense Helm for Importing Repositories

Debugging and Troubleshooting

Pod Description Steps