📙 You will learn

How to install ThreadFix 3.1 with a private Docker registry.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: If any

Internally developed containers follow the bitnami imageRegistry pattern so all ThreadFix and bitnami images can be set to use a different registry by setting the parameter global.imageRegistry in Helm values.

Other containers 3rd-party containers used by ThreadFix do not follow this convention and must be manually set per container. The list of images may change from release to release.

Retrieve images needed by ThreadFix

If the ThreadFix helm repository has not been installed, add it with the following command:
Code Block
helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/

Retrieve the list of images to pull from public docker repositories.

Code Block
helm template tf denimgroup/threadfix \| grep -oE 'image:.*' \| sort -u \| sed -e 's\|image: \|\|g' -e 's\|"\|\|g'

Follow the user’s company’s policies and procedures to add these images to the private docker registry

Installing with private Docker registry

If the user’s private repository is a mirror of public repositories or follows the same naming conventions as public repositories, use the following instructions.

Create myValues dir (if it does not already exist).
Code Block
mkdir -p myValues
Set the name of the private registry (replace <imageRegistry> with the appropraite value).
Code Block
IMAGE_REGISTRY=<imageRegistry>

Create a registry.yaml file with the following contents (replace <imageRegistry>) with the fqdn of the user’s private registry):

Code Block

echo "global:
  imageRegistry: $IMAGE_REGISTRY
kong:
  image:
    repository: $IMAGE_REGISTRY/kong
  ingressController:
    image:
      repository: $IMAGE_REGISTRY/kong/kubernetes-ingress-controller
kafka:
  image:
    repository: $IMAGE_REGISTRY/confluentinc/cp-kafka
zk:
  image:
    repository: $IMAGE_REGISTRY/confluentinc/cp-zookeeper
db:
  image:
    repository: $IMAGE_REGISTRY/mysql
## > 3.1.0 only settings
minio:
  image:
    repository: $IMAGE_REGISTRY/minio/minio" > myValues/privateRepo.yaml

Follow standard installation instructions.

Installing with private Docker registry and custom repository names

If the user’s private image registry uses different names for repositories, change each repository name to the name of the image being used.

Create myValues dir (if it does not already exist)
Code Block
mkdir -p myValues

Create a repositories.yaml file in the myValues directory with the following content (replace <imageRegistry> with the FQDN of the user’s registry and <imageRepository> with the name of the container's corresponding image).

Code Block

global:
  imageRegistry: <imageRegistry> #docker.io
  waitImageOverride: <imageRegistry>/<imageRepository>:<imageTag>
appsec:
  image:
    repository: <imageRepository> #denimgroup/appsec
  migration:
    image:
      repository: <imageRepository> #denimgroup/appsec-migration
auth:
  image:
    repository: <imageRepository> #denimgroup/auth
crud:
  image:
    repository: <imageRepository> #denimgroup/crudapi
  migration:
    image:
      repository: <imageRepository> #denimgroup/dbtools
defect:
  image:
    repository: <imageRepository> #denimgroup/defect
importer:
  image:
    repository: <imageRepository> #denimgroup/importer
processor:
  image:
    repository: <imageRepository> #denimgroup/processor
provider:
  image:
    repository: <imageRepository> #denimgroup/provider-web
  migration:
    image:
      repository: <imageRepository> #denimgroup/provider-migration
ui:
  image:
    repository: <imageRepository> #denimgroup/ui
websocket:
  image:
    repository: <imageRepository> #denimgroup/notifier
kong:
  image:
    repository: <imageRegistry>/<imageRepository> #kong
  ingressController:
    image:
      repository: <imageRegistry>/<imageRepository> #kong-dockerkubernetes-
ingress-controller.bintray.io/kong-ingress-controller
  postgresql:
    image:
      repository: <imageRepository> #bitnami/postgresql
kafka:
  image:
    repository: <imageRegistry>/<imageRepository> #confluentinc/cpkafka
zk:
  image:
    repository: <imageRegistry>/<imageRepository> #confluentinc/cpzookeeper
db:
  image:
    repository: <imageRegistry>/<imageRepository> #mysql
## >3.1.0 only
appsecdata:
  image:
    repository: <imageRepository> #denimgroup/appsec-data
appsecimporter:
  image:
    repository: <imageRepository> #denimgroup/appsec-importer
appsecvip:
  image:
    repository: <imageRepository> #denimgroup/appsec-vip
jobcoordinator:
  image:
    repository: <imageRepository> #denimgroup/job-coordinator
queue:
  image:
    repository: <imageRepository> #denimgroup/queue-api
minio:
  image:
    repository: <imageRegistry>/<imageRepository> #minio/minio

Follow normal installation instructions.

Versions Compared

Old Version 1

New Version 2

Key

📙 You will learn

Prerequisites

Retrieve images needed by ThreadFix

Installing with private Docker registry

Installing with private Docker registry and custom repository names

Table of Contents

Page Comparison

Versions Compared

Old Version 1

New Version 2

Key

📙 You will learn

Prerequisites

Retrieve images needed by ThreadFix

Installing with private Docker registry

Installing with private Docker registry and custom repository names

Table of Contents