Install CloudDefense Helm on a Kubernetes Cluster
Prerequisite
A kubernetes cluster whose nodes have to linux/amd64 architecture
Development Environment
Helm (v3 or above)
Kubernetes Cluster (kubectl)
Minimum Requirement - 1 Node (2 vCPU 8 GB RAM)
Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM)
Production Environment
Helm (v3 or above)
Managed Postgres Instance for ex. AWS RDS (db.r5.large)
Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels
Node Groups Node Type
Node Groups Node Type
external
t3.medium (2vCPU 4GB)
on-demand
1
4
auth
t3.medium (2vCPUs 4GB)
on-demand
1
4
api
c5.large (2vCPUs 4GB)
on-demand
1
4
web
t3.medium (2vCPUs 2GB)
on-demand
1
4
job
C6i.large (2vCPUs 4GB)
spot
1
4
Install Cluster Auto-Scaler
Install Kafka
Download the kafka helm repo (bitnami)
```
helm repo add bitnami https://charts.bitnami.com/bitnami
`
Install kafka helm
values.yaml
```
nodeSelector:
label: external
```
```
helm install kafka bitnami/kafka -f values.yaml -–debug
```
Install CloudDefense Helm
clone https://github.com/CloudDefenseAI/charts create roles, role binding and service accounts
```
kubectl apply -f cdefense/rbac
```
2. create secrets
```
kubectl apply -f cdefense/secrets
```
3. add helm repo
```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```
4. Install cdefense
```
helm install cdefense cdefense/cdefense --debug
```
4. update/upgrade
```
helm upgrade cdefense cdefense/cdefense
```
Configure CloudDefense Helm for SSO
In order to sign in with different identity providers (for ex. github), create ID and secrets
Step 1: Create id, secrets for github
Create a New OAuth App
Homepage URL is the base_url
Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint
Create id, secrets for gitlab
Create id, secrets for bitbucket
Create id, secrets of Microsoft
Create secrets on kubernetes cluster
Create a secret for authservice or use a yaml file
apiVersion: v1
kind: Secret
metadata:
name: authservice-secrets
type: Opaque
stringData:
SENDGRID_KEY:
GOOGLE_CLIENT_ID:
GOOGLE_CLIENT_SECRET:
GITHUB_CLIENT_ID:
GITHUB_CLIENT_SECRET:
GITLAB_APPLICATION_ID:
GITLAB_APPLICATION_SECRET:
BITBUCKET_KEY:
BITBUCKET_SECRET:
MICROSOFT_CLIENT_ID:
MICROSOFT_CLIENT_SECRET:
2. Restart authservice pod
kubectl apply -f authservice-secrets.yaml
Configure CloudDefense Helm for Importing Repositories
Debugging and Troubleshooting
Pod Description Steps
Last updated