Install CloudDefense Helm on a Kubernetes Cluster

Prerequisite

A kubernetes cluster whose nodes have to linux/amd64 architecture

Development Environment

• Helm (v3 or above)

• Kubernetes Cluster (kubectl)

  • Minimum Requirement - 1 Node (2 vCPU 8 GB RAM)

  • Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM)

Production Environment

• Helm (v3 or above)

• Managed Postgres Instance for ex. AWS RDS (db.r5.large)

• Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels

Node Groups Node Type

Node Groups Node Type

Install Cluster Auto-Scaler

Install Kafka

Download the kafka helm repo (bitnami)

```
helm repo add bitnami https://charts.bitnami.com/bitnami
`

Install kafka helm

            values.yaml

```
nodeSelector:
  label: external
```

```
helm install kafka bitnami/kafka -f values.yaml -–debug
```

Install CloudDefense Helm

1. clone https://github.com/CloudDefenseAI/charts create roles, role binding and service accounts

```
kubectl apply -f cdefense/rbac
```

2. create secrets

```
kubectl apply -f cdefense/secrets
```

3. add helm repo

```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```

4. Install cdefense

```
helm install cdefense cdefense/cdefense --debug 
```

4. update/upgrade

```
helm upgrade cdefense cdefense/cdefense
```

Configure CloudDefense Helm for SSO

In order to sign in with different identity providers (for ex. github), create ID and secrets

Step 1: Create id, secrets for github

2. Create a New OAuth App

3. Homepage URL is the base_url

4. Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint

Create id, secrets for gitlab

Create id, secrets for bitbucket

Create id, secrets of Microsoft

Create secrets on kubernetes cluster

1. Create a secret for authservice or use a yaml file

apiVersion: v1
kind: Secret
metadata:
  name: authservice-secrets
type: Opaque
stringData:
  SENDGRID_KEY: 
  GOOGLE_CLIENT_ID: 
  GOOGLE_CLIENT_SECRET: 
  GITHUB_CLIENT_ID: 
  GITHUB_CLIENT_SECRET: 
  GITLAB_APPLICATION_ID: 
  GITLAB_APPLICATION_SECRET: 
  BITBUCKET_KEY: 
  BITBUCKET_SECRET: 
  MICROSOFT_CLIENT_ID: 
  MICROSOFT_CLIENT_SECRET: 

2. Restart authservice pod

kubectl apply -f authservice-secrets.yaml

Configure CloudDefense Helm for Importing Repositories

Debugging and Troubleshooting

Pod Description Steps