# Install CloudDefense Helm on a Kubernetes Cluster {% embed url="" %} ### Prerequisite A kubernetes cluster whose nodes have to linux/amd64 architecture ### Development Environment * Helm (v3 or above) * Kubernetes Cluster (kubectl) * Minimum Requirement - 1 Node (2 vCPU 8 GB RAM) * Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM) ### Production Environment * Helm (v3 or above) * Managed Postgres Instance for ex. AWS RDS (db.r5.large) * Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels Node Groups Node Type Node Groups Node Type | Node Groups | Node Type | Level | Min Nodes | Max Nodes | | ----------- | ---------------------- | --------- | --------- | --------- | | external | t3.medium (2vCPU 4GB) | on-demand | 1 | 4 | | auth | t3.medium (2vCPUs 4GB) | on-demand | 1 | 4 | | api | c5.large (2vCPUs 4GB) | on-demand | 1 | 4 | | web | t3.medium (2vCPUs 2GB) | on-demand | 1 | 4 | | job | C6i.large (2vCPUs 4GB) | spot | 1 | 4 | ### Install Cluster Auto-Scaler ### Install Kafka Download the kafka helm repo (bitnami) ```` ``` helm repo add bitnami https://charts.bitnami.com/bitnami ` ```` Install kafka helm ```` values.yaml ``` nodeSelector: label: external ``` ``` helm install kafka bitnami/kafka -f values.yaml -–debug ``` ```` ### Install CloudDefense Helm 1. clone create roles, role binding and service accounts ```` ``` kubectl apply -f cdefense/rbac ``` ```` 2\. create secrets ```` ``` kubectl apply -f cdefense/secrets ``` ```` 3\. add helm repo ```` ``` helm repo add cdefense https://clouddefenseai.github.io/charts/ ``` ```` 4\. Install cdefense ```` ``` helm install cdefense cdefense/cdefense --debug ``` ```` 4\. update/upgrade ```` ``` helm upgrade cdefense cdefense/cdefense ``` ```` ## Configure CloudDefense Helm for SSO In order to sign in with different identity providers (for ex. github), create ID and secrets ### Step 1: Create id, secrets for github 1. go to [github developer settings](https://github.com/settings/developers) 2. Create a New OAuth App 3. Homepage URL is the base\_url 4. Authorization callback URL is https\://{base\_url}/auth/realms/cdefense/broker/github/endpoint

### Create id, secrets for gitlab

### Create id, secrets for bitbucket

### Create id, secrets of Microsoft Create secrets on kubernetes cluster 1. Create a secret for authservice or use a yaml file ``` apiVersion: v1 kind: Secret metadata: name: authservice-secrets type: Opaque stringData: SENDGRID_KEY: GOOGLE_CLIENT_ID: GOOGLE_CLIENT_SECRET: GITHUB_CLIENT_ID: GITHUB_CLIENT_SECRET: GITLAB_APPLICATION_ID: GITLAB_APPLICATION_SECRET: BITBUCKET_KEY: BITBUCKET_SECRET: MICROSOFT_CLIENT_ID: MICROSOFT_CLIENT_SECRET: ``` 2\. Restart authservice pod ``` kubectl apply -f authservice-secrets.yaml ``` ### Configure CloudDefense Helm for Importing Repositories Debugging and Troubleshooting Pod Description Steps --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.clouddefenseai.com/on-prem-installation/install-clouddefense-helm-on-a-kubernetes-cluster.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.