Install CloudDefense Helm on a Kubernetes Cluster

Prerequisite

A kubernetes cluster whose nodes have to linux/amd64 architecture

Development Environment

  • Helm (v3 or above)

  • Kubernetes Cluster (kubectl)

    • Minimum Requirement - 1 Node (2 vCPU 8 GB RAM)

    • Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM)

Production Environment

  • Helm (v3 or above)

  • Managed Postgres Instance for ex. AWS RDS (db.r5.large)

  • Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels

Node Groups Node Type

Node Groups Node Type

Node GroupsNode TypeLevelMin NodesMax Nodes

external

t3.medium (2vCPU 4GB)

on-demand

1

4

auth

t3.medium (2vCPUs 4GB)

on-demand

1

4

api

c5.large (2vCPUs 4GB)

on-demand

1

4

web

t3.medium (2vCPUs 2GB)

on-demand

1

4

job

C6i.large (2vCPUs 4GB)

spot

1

4

Install Cluster Auto-Scaler

Install Kafka

Download the kafka helm repo (bitnami)

```
helm repo add bitnami https://charts.bitnami.com/bitnami
`

Install kafka helm

            values.yaml

```
nodeSelector:
  label: external
```

```
helm install kafka bitnami/kafka -f values.yaml -–debug
```

Install CloudDefense Helm

  1. clone https://github.com/CloudDefenseAI/charts create roles, role binding and service accounts

```
kubectl apply -f cdefense/rbac
```

2. create secrets

```
kubectl apply -f cdefense/secrets
```

3. add helm repo

```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```

4. Install cdefense

```
helm install cdefense cdefense/cdefense --debug 
```

4. update/upgrade

```
helm upgrade cdefense cdefense/cdefense
```

Configure CloudDefense Helm for SSO

In order to sign in with different identity providers (for ex. github), create ID and secrets

Step 1: Create id, secrets for github

  1. Create a New OAuth App

  2. Homepage URL is the base_url

  3. Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint

Create id, secrets for gitlab

Create id, secrets for bitbucket

Create id, secrets of Microsoft

Create secrets on kubernetes cluster

  1. Create a secret for authservice or use a yaml file

apiVersion: v1
kind: Secret
metadata:
  name: authservice-secrets
type: Opaque
stringData:
  SENDGRID_KEY: 
  GOOGLE_CLIENT_ID: 
  GOOGLE_CLIENT_SECRET: 
  GITHUB_CLIENT_ID: 
  GITHUB_CLIENT_SECRET: 
  GITLAB_APPLICATION_ID: 
  GITLAB_APPLICATION_SECRET: 
  BITBUCKET_KEY: 
  BITBUCKET_SECRET: 
  MICROSOFT_CLIENT_ID: 
  MICROSOFT_CLIENT_SECRET: 

2. Restart authservice pod

kubectl apply -f authservice-secrets.yaml

Configure CloudDefense Helm for Importing Repositories

Debugging and Troubleshooting

Pod Description Steps

Last updated