Install CloudDefense Helm on a Kubernetes Cluster

Prerequisite

A kubernetes cluster whose nodes have to linux/amd64 architecture

Development Environment

Helm (v3 or above)
Kubernetes Cluster (kubectl)
- Minimum Requirement - 1 Node (2 vCPU 8 GB RAM)
- Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM)

Production Environment

Helm (v3 or above)
Managed Postgres Instance for ex. AWS RDS (db.r5.large)
Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels

Node Groups Node Type

Node Groups

Node Type

Level

Min Nodes

Max Nodes

external

t3.medium (2vCPU 4GB)

on-demand

auth

t3.medium (2vCPUs 4GB)

on-demand

api

c5.large (2vCPUs 4GB)

on-demand

web

t3.medium (2vCPUs 2GB)

on-demand

job

C6i.large (2vCPUs 4GB)

spot

Install Cluster Auto-Scaler

Install Kafka

Download the kafka helm repo (bitnami)

```
helm repo add bitnami https://charts.bitnami.com/bitnami
`

Install kafka helm

            values.yaml

```
nodeSelector:
  label: external
```

```
helm install kafka bitnami/kafka -f values.yaml -–debug
```

Install CloudDefense Helm

clone https://github.com/CloudDefenseAI/charts create roles, role binding and service accounts

```
kubectl apply -f cdefense/rbac
```

2. create secrets

```
kubectl apply -f cdefense/secrets
```

3. add helm repo

```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```

4. Install cdefense

```
helm install cdefense cdefense/cdefense --debug 
```

4. update/upgrade

```
helm upgrade cdefense cdefense/cdefense
```

Configure CloudDefense Helm for SSO

In order to sign in with different identity providers (for ex. github), create ID and secrets

Step 1: Create id, secrets for github

go to github developer settings
Create a New OAuth App
Homepage URL is the base_url
Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint

Create id, secrets for gitlab

Create id, secrets for bitbucket

Create id, secrets of Microsoft

Create secrets on kubernetes cluster

Create a secret for authservice or use a yaml file

apiVersion: v1
kind: Secret
metadata:
  name: authservice-secrets
type: Opaque
stringData:
  SENDGRID_KEY: 
  GOOGLE_CLIENT_ID: 
  GOOGLE_CLIENT_SECRET: 
  GITHUB_CLIENT_ID: 
  GITHUB_CLIENT_SECRET: 
  GITLAB_APPLICATION_ID: 
  GITLAB_APPLICATION_SECRET: 
  BITBUCKET_KEY: 
  BITBUCKET_SECRET: 
  MICROSOFT_CLIENT_ID: 
  MICROSOFT_CLIENT_SECRET:

2. Restart authservice pod

kubectl apply -f authservice-secrets.yaml

Configure CloudDefense Helm for Importing Repositories

Debugging and Troubleshooting

Pod Description Steps

PreviousCloud Defense CLI NextInstall CloudDefense suite on a Kubernetes cluster

Last updated 2 years ago