Install CloudDefense Helm on a Kubernetes Cluster
A kubernetes cluster whose nodes have to linux/amd64 architecture
- Helm (v3 or above)
- Kubernetes Cluster (kubectl)
- Minimum Requirement - 1 Node (2 vCPU 8 GB RAM)
- Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM)
- Helm (v3 or above)
- Managed Postgres Instance for ex. AWS RDS (db.r5.large)
- Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels
Node Groups Node Type
Node Groups Node Type
Node Groups | Node Type | Level | Min Nodes | Max Nodes |
---|---|---|---|---|
external | t3.medium (2vCPU 4GB) | on-demand | 1 | 4 |
auth | t3.medium (2vCPUs 4GB) | on-demand | 1 | 4 |
api | c5.large (2vCPUs 4GB) | on-demand | 1 | 4 |
web | t3.medium (2vCPUs 2GB) | on-demand | 1 | 4 |
job | C6i.large (2vCPUs 4GB) | spot | 1 | 4 |
Download the kafka helm repo (bitnami)
```
helm repo add bitnami https://charts.bitnami.com/bitnami
`
Install kafka helm
values.yaml
```
nodeSelector:
label: external
```
```
helm install kafka bitnami/kafka -f values.yaml -–debug
```
- 1.clone https://github.com/CloudDefenseAI/charts create roles, role binding and service accounts
```
kubectl apply -f cdefense/rbac
```
2. create secrets
```
kubectl apply -f cdefense/secrets
```
3. add helm repo
```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```
4. Install cdefense
```
helm install cdefense cdefense/cdefense --debug
```
4. update/upgrade
```
helm upgrade cdefense cdefense/cdefense
```
In order to sign in with different identity providers (for ex. github), create ID and secrets
- 1.
- 2.Create a New OAuth App
- 3.Homepage URL is the base_url
- 4.Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint
Create secrets on kubernetes cluster
- 1.Create a secret for authservice or use a yaml file
apiVersion: v1
kind: Secret
metadata:
name: authservice-secrets
type: Opaque
stringData:
SENDGRID_KEY:
GOOGLE_CLIENT_ID:
GOOGLE_CLIENT_SECRET:
GITHUB_CLIENT_ID:
GITHUB_CLIENT_SECRET:
GITLAB_APPLICATION_ID:
GITLAB_APPLICATION_SECRET:
BITBUCKET_KEY:
BITBUCKET_SECRET:
MICROSOFT_CLIENT_ID:
MICROSOFT_CLIENT_SECRET:
2. Restart authservice pod
kubectl apply -f authservice-secrets.yaml
Debugging and Troubleshooting
Pod Description Steps