CloudDefense.AI
  • Connect Repositories
    • Scan a Github/Gitlab
    • Scan an Azure DevOps repository
    • Scan a Bitbucket repository
  • Scans
    • Written code Scan (SAST)
    • Open Source Libraries Scan (SCA)
    • Secrets Scan
    • DAST Scans
    • API Scan from CloudDefense UI
  • CI/CD
    • GitHub Enterprise Actions
    • Methods for CI/CD integration with CLI
    • CI/CD Policies
    • Jenkins integration with cdefence
  • Integration
    • IaC on GCR Scan
    • IaC on Amazon ECR Scan
    • IaC on Docker Hub Scan
    • Integration with ServiceNow
    • Integration with Jira
    • SSO Okta App Integration
    • Set up CloudDefense Single Sign-On (SSO)
    • SIEM
      • Azure Sentinel
      • IBM Qradar
      • Micro Focus ArcSight Logger
  • Features
    • Sharing Integration
    • How to Enable Multi-Factor Authentication
    • AUTO PR
    • Remediation using SAST Recommendations
    • Global Allowed List and Local allowed list - Documentation
    • File Exclude
  • CloudDefense CLI
    • Cloud Defense CLI
  • On-Prem Installation
    • Install CloudDefense Helm on a Kubernetes Cluster
    • Install CloudDefense suite on a Kubernetes cluster
  • Others
    • Team Management
    • User Management
    • App Management
    • LogIn/Signup process
Powered by GitBook
On this page
  • Prerequisite
  • Development Environment
  • Production Environment
  • Install Cluster Auto-Scaler
  • Install Kafka
  • Install CloudDefense Helm
  • Configure CloudDefense Helm for SSO
  • Step 1: Create id, secrets for github
  • Create id, secrets for gitlab
  • Create id, secrets for bitbucket
  • Create id, secrets of Microsoft
  • Configure CloudDefense Helm for Importing Repositories
  1. On-Prem Installation

Install CloudDefense Helm on a Kubernetes Cluster

PreviousCloud Defense CLINextInstall CloudDefense suite on a Kubernetes cluster

Last updated 2 years ago

Prerequisite

A kubernetes cluster whose nodes have to linux/amd64 architecture

Development Environment

  • Helm (v3 or above)

  • Kubernetes Cluster (kubectl)

    • Minimum Requirement - 1 Node (2 vCPU 8 GB RAM)

    • Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM)

Production Environment

  • Helm (v3 or above)

  • Managed Postgres Instance for ex. AWS RDS (db.r5.large)

  • Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels

Node Groups Node Type

Node Groups Node Type

Node Groups
Node Type
Level
Min Nodes
Max Nodes

external

t3.medium (2vCPU 4GB)

on-demand

1

4

auth

t3.medium (2vCPUs 4GB)

on-demand

1

4

api

c5.large (2vCPUs 4GB)

on-demand

1

4

web

t3.medium (2vCPUs 2GB)

on-demand

1

4

job

C6i.large (2vCPUs 4GB)

spot

1

4

Install Cluster Auto-Scaler

Install Kafka

Download the kafka helm repo (bitnami)

```
helm repo add bitnami https://charts.bitnami.com/bitnami
`

Install kafka helm

            values.yaml

```
nodeSelector:
  label: external
```

```
helm install kafka bitnami/kafka -f values.yaml -–debug
```

Install CloudDefense Helm

  1. clone https://github.com/CloudDefenseAI/charts create roles, role binding and service accounts

```
kubectl apply -f cdefense/rbac
```

2. create secrets

```
kubectl apply -f cdefense/secrets
```

3. add helm repo

```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```

4. Install cdefense

```
helm install cdefense cdefense/cdefense --debug 
```

4. update/upgrade

```
helm upgrade cdefense cdefense/cdefense
```

Configure CloudDefense Helm for SSO

In order to sign in with different identity providers (for ex. github), create ID and secrets

Step 1: Create id, secrets for github

  1. Create a New OAuth App

  2. Homepage URL is the base_url

  3. Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint

Create id, secrets for gitlab

Create id, secrets for bitbucket

Create id, secrets of Microsoft

Create secrets on kubernetes cluster

  1. Create a secret for authservice or use a yaml file

apiVersion: v1
kind: Secret
metadata:
  name: authservice-secrets
type: Opaque
stringData:
  SENDGRID_KEY: 
  GOOGLE_CLIENT_ID: 
  GOOGLE_CLIENT_SECRET: 
  GITHUB_CLIENT_ID: 
  GITHUB_CLIENT_SECRET: 
  GITLAB_APPLICATION_ID: 
  GITLAB_APPLICATION_SECRET: 
  BITBUCKET_KEY: 
  BITBUCKET_SECRET: 
  MICROSOFT_CLIENT_ID: 
  MICROSOFT_CLIENT_SECRET: 

2. Restart authservice pod

kubectl apply -f authservice-secrets.yaml

Configure CloudDefense Helm for Importing Repositories

Debugging and Troubleshooting

Pod Description Steps

go to

github developer settings