Install CloudDefense.AI Helm on a Kubernetes Cluster

Modified on Thu, 12 Oct, 2023 at 2:45 PM



 Prerequisite

    A kubernetes cluster whose nodes have to linux/amd64 architecture 

Development Environment

  • Helm (v3 or above) 
  • Kubernetes Cluster (kubectl) 
           1. Minimum Requirement - 1 Node (2 vCPU 8 GB RAM) 
           2. Recommended Requirements - 2 Nodes (2 vCPUs 16 GB RAM) 


Production Environment

  • Helm (v3 or above) 
  • Managed Postgres Instance for ex. AWS RDS (db.r5.large) 
  • Kubernetes Cluster (kubectl) On Demand Nodes in Node Groups with Labels
Node Groups Node Type

Node Groups
Node Type
Level
Min Nodes
Max Nodes
external 
t3.medium (2vCPU 4GB)
on-demand
1
4
auth 
t3.medium (2vCPUs 4GB)
on-demand
1
4
api
c5.large (2vCPUs 4GB)
on-demand
1
4
web
t3.medium (2vCPUs 2GB)
on-demand
1
4
job
C6i.large (2vCPUs 4GB)
spot
1
4




Install Cluster Auto-Scaler


Install Kafka
Download the kafka helm repo (bitnami)


```
helm repo add bitnami https://charts.bitnami.com/bitnami
`



Install kafka helm


            values.yaml
```
nodeSelector:
  label: external
```
```
helm install kafka bitnami/kafka -f values.yaml -–debug
```




Install CloudDefense.AI Helm

1. clone https://github.com/CloudDefenseAI/charts create roles, role binding and service accounts


```
kubectl apply -f cdefense/rbac
```
2. create secrets
```
kubectl apply -f cdefense/secrets
```
3. add helm repo
```
helm repo add cdefense https://clouddefenseai.github.io/charts/
```
4. Install cdefense
```
helm install cdefense cdefense/cdefense --debug 
```
4. update/upgrade
```
helm upgrade cdefense cdefense/cdefense
```

Configure CloudDefense Helm for SSO

In order to sign in with different identity providers (for ex. github), create ID and secrets


Step 1: Create id, secrets for github

           1.  go to github developer settings 
  • 2.
    Create a New OAuth App 
  • 3.
    Homepage URL is the base_url 
  • 4.
    Authorization callback URL is https://{base_url}/auth/realms/cdefense/broker/github/endpoint

Create id, secrets for gitlab

Create id, secrets for bitbucket

Create id, secrets of Microsoft

Create secrets on kubernetes cluster


    1. Create a secret for authservice or use a yaml file


apiVersion: v1
kind: Secret
metadata:
  name: authservice-secrets
type: Opaque
stringData:
  SENDGRID_KEY: 
  GOOGLE_CLIENT_ID: 
  GOOGLE_CLIENT_SECRET: 
  GITHUB_CLIENT_ID: 
  GITHUB_CLIENT_SECRET: 
  GITLAB_APPLICATION_ID: 
  GITLAB_APPLICATION_SECRET: 
  BITBUCKET_KEY: 
  BITBUCKET_SECRET: 
  MICROSOFT_CLIENT_ID: 
  MICROSOFT_CLIENT_SECRET: 
2. Restart authservice pod


kubectl apply -f authservice-secrets.yaml

Configure CloudDefense Helm for Importing Repositories
Debugging and Troubleshooting
Pod Description Steps

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article