Image Added

📙 You will learn

How to pre-install CustomResourceDefinitions as a Kubernetes admin.

Prerequisites

Audience: IT Professional
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required:

• kubectl

• helm

• tar

The Kong component of ThreadFix requires CustomResourceDefinitions, CRDs, to function. If the user managing ThreadFix does not have the required permissions to create these resources, they can be installed and administered separately by a cluster admin.

The following must be performed by a user with create customresourcedefinition permissions

1. Verify that the current user has permission to create customresourcedefinitions:

   Code Block
   kubectl auth can-i create customresourcedefinition

2. If it has not already been performed, add the denimgroup helm repository:

   Code Block
   helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/

3. Pull the most recent helm chart for ThreadFix:

   Code Block
   helm pull denimgroup/threadfix

4. Extract the CRDs from the ThreadFix chart:

   Code Block
   tar -zvxf threadfix-*.tgz threadfix/charts/kong/crds

5. Apply the CRDs for kong:

kubectl apply -f threadfix/charts/kong/crds

After the CRDs have been created on the Kubernetes cluster, the user that will install ThreadFix will need to verify that they have access to create resources under these new CRDs.

The following should be performed by the user who will install ThreadFix

Verify that the user has the ability to create resources for the new CRDs:

kubectl auth can-i create kongconsumers.configuration.konghq.com
kubectl auth can-i create kongcredentials.configuration.konghq.com
kubectl auth can-i create kongingresses.configuration.konghq.com
kubectl auth can-i create kongplugins.configuration.konghq.com

A user without create permissions on CRDs can install ThreadFix by following the Install with Helm

and appending --skip-crds to the helm install command.

• Example: helm install tf denimgroup/threadfix -f myValues.yaml --skip-crds