Versions Compared

Old Version 1

changes.mady.by.user Daniel Colon

Saved on

compared with

New Version 2

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Image RemovedImage Added

📙 You will learn

How to install ThreadFix 3.0 X and its dependencies on a standalone virtual machine and an existing Kubernetes Cluster.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A

Suitable for large scale deployments where resources can be added to handle greater throughput of scans and vulnerability data.

Requirements

  • Helm >= 3.2

  • kubectl

  • Running kubernetes cluster with the following:

    • >= 32 GB RAM available in cluster

      • >=8 GB RAM per node

    • > 4 core equivalents available in cluster

    • > 250 GB disk space available in default storage provider

      • For most cloud providers this will automatically be provisioned

Installation

For the following instructions, add '-n ' to any kubectl or helm install if installing ThreadFix to separate namespace.

  1. Create a ThreadFix license configuration.

    1. Locate the threadfix.license file.

    2. Run the following command (replacing <threadfix.license-path> with the path to the license file):

      Code Block
      kubectl create secret generic tf-license --from-file=threadfix.license=<threadfix.license-path>

  2. Create a TLS certificate configuration.

    1. Convert the TLS certificate to base 64 encoded PEM if in a different format.

    2. Run the following(replacing <tls-key> and <tls-cert> with their respective paths):

      Code Block
      kubectl create secret tls tf-tls --key <tls-key> --cert <tls-cert>

  3. Add the ThreadFix Helm repository:

    1. Add the ThreadFix Helm repository by running the following command:

      Code Block
      helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/

    2. Update the repositories by running:

      Code Block
      helm repo update

  4. Create a myValues.yaml file with the following (replace <password> with a randomly generated password of choice):

    Code Block
    kong:
  env:
    SSL_CERT: /etc/secrets/tf-tls/tls.crt
    SSL_CERT_KEY: /etc/secrets/tf-tls/tls.key
  secretVolumes:
    - tf-tls
  postgresql:
    postgresqlPassword: <password>
global:
  threadfix:
    licenseCMOverride: tf-license

  5. Install ThreadFix with the following command:

    Code Block
    helm install tf denimgroup/threadfix -f myValues.yaml

  6. ThreadFix will automatically generate internal credentials. Save these in a secure location for recovery purposes.

    1. Network Properties:

      Code Block
      kubectl get secrets tf-network-props -o 'go-template={{index .data "network.properties"}}' | base64 -d

    2. Database password:

      Code Block
      kubectl get secret tf-db -o jsonpath={.data.password} | base64 -d

    3. Postgres password:

      Code Block
      kubectl get secret tf-postgresql -o jsonpath={.data.postgresql-password} | base64 -d

  7. The Helm command will return instruction on how to retrieve the load balancer address for the ThreadFix installation. Follow the progress of the installation with the following.

    Code Block
    kubectl get po -w

  8. When all pods report the status Running, the installation is complete and ready to use.

Table of

contents

Contents

Table of Contents