Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
📙 You will learn
How to install ThreadFix and its dependencies on an existing Kubernetes Cluster.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A
Suitable for large scale deployments where resources can be added to handle greater throughput of scans and vulnerability data.
Minimum Requirements
Helm >= 3.2
kubectl
Running kubernetes cluster with the following:
Version >=1.16
>= 32 GB RAM available in cluster
>=8 GB RAM per node
> 4 core equivalents available in cluster
> 250 GB disk space available in default storage provider
For most cloud providers this will automatically be provisioned
A valid ThreadFix license
A kubernetes user with proper permissions
Recommended Pre-requisites
A valid TLS certificate for a ThreadFix installation in PEM format
Kubernetes cluster meeting the user’s installation capacity, note (Review) the System Recommendations (not ready)
Follow any applicable https://denimgroup.atlassian.net/wiki/spaces/T3D/pages/2768535564/Platform+ Pre-Installation Platform Setup prior to installation
Follow any applicable pre-install tasks prior to installation Installation Checklist - 3.1 WIP
Installation
For the following instructions, add '-n ' to any kubectl
or helm install
if installing ThreadFix to separate namespace.
Create myValues directory (if it does not exist).
Code Block mkdir -p myValues
If any other steps from the “Preparation Guides” have been completeddone, ensure that their resulting values files reside in the
myValues
directory.Create a ThreadFix license configuration.
Locate the threadfix.license file.
Run the following command (replacing <threadfix.license-path> with the path to the license file):
Code Block kubectl create secret generic tf-license --from-file=threadfix.license=<threadfix.license-path>
Create a TLS certificate configuration (optional).
Convert the TLS certificate to base 64 encoded PEM if in a different format. For more information see the Adding a TLS Certificate (Kubernetes) guide
Run the following (replacing <tls-key> and <tls-cert> with their respective paths):
Code Block kubectl create secret tls tf-tls --key <tls-key> --cert <tls-cert>
Create TLS configuration values
Code Block echo "kong: env: SSL_CERT: /etc/secrets/tf-tls/tls.crt SSL_CERT_KEY: /etc/secrets/tf-tls/tls.key secretVolumes: - tf-tls" > myValues/tls.yaml
Add the ThreadFix Helm repository:
Add the ThreadFix Helm repository by running the following command
Code Block helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/
Update the repositories by running:
Code Block helm repo update
Generate a unique password for PostgreSQL
Code Block PG_PASSWORD=$(openssl rand -base64 25)
Create a myValues.yaml file
Code Block echo "kong: postgresql: postgresqlPassword: $PG_PASSWORD global: threadfix: licenseCMOverride: tf-license" > myValues/myValues.yaml
Generate a helm args for all of the values files
Code Block HELM_INSTALL_ARGS=$(for values_file in myValues/*.yaml; do echo -n "-f $values_file "; done)
Install ThreadFix with the following command:
Code Block helm install tf denimgroup/threadfix $HELM_INSTALL_ARGS
ThreadFix will automatically generate internal credentials. Save these in a secure location for recovery purposes.
Network Properties:
Code Block kubectl get secrets tf-network-props -o 'go-template={{index .data "network.properties"}}' | base64 -d
Database password:
Code Block kubectl get secret tf-db -o jsonpath={.data.password} | base64 -d
Postgres password:
Code Block kubectl get secret tf-postgresql -o jsonpath={.data.postgresql-password} | base64 -d
The Helm command will return instruction on how to retrieve the load balancer address for the ThreadFix installation. Follow the progress of the installation with the following.
Code Block kubectl get po -w
When all pods report the status Running or Completed, the installation is complete and ready to use.
Table of Contents
Table of Contents |
---|