Install CloudDefense suite on a Kubernetes cluster

Pre-requisites

There are three main pre-requisites for a production grade cdefense installation on-premises

1. A managed Postgres instance (for AWS RDS db.r5.large)

   1. enable automated backups

2. A kubernetes cluster (/examples/eks) with at least two nodegroups

   1. node group for jobs

      1. each node has { label: job }

   2. node group for all else

      1. (optional) each node has { label: cdefense }

3. A cluster auto-scaler

Install kafka

• Download the kafka helm repo (bitnami)

• (optional) create/edit values.yaml

• Install kafka helm

Install cdefense

• add cdefense helm repo

• update repos

• clone the repo

• create roles, role binding and service accounts

• create secrets

• Install cdefense helm

  or

Configure Social Authentication

In order to sign in with different identity providers (for ex. github), create ID and secrets

Github

• go to github developer settings

• create a New OAuth App

• Homepage URL is the base_url

• Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint

create secrets for authservice

• create a secret for authservice

• restart authservice pod

How to change location of logs

• update value.yaml

in case of private bucket

• Edit the scan-server-secrets.yaml file

• or update secrets on cluster

  • encode values as base64 strings

  • edit scan-server-secrets

• save and restart api pod