Versions Compared

Old Version 4

changes.mady.by.user Eric Cuevas

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Image RemovedImage Added

📙 You will learn

excerpt

How to install ThreadFix and its dependencies on an existing Kubernetes Cluster.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A

Suitable for large scale deployments where resources can be added to handle greater throughput of scans and vulnerability data.

Minimum Requirements

  • Helm >= 3.25

  • kubectl

  • Running kubernetes cluster with the following:

    • Version >=1.16

    • >= 32 GB RAM available in cluster

      • >=8 GB RAM per node

    • > 4 core equivalents available in cluster

    • > 250 GB disk space available in default storage provider

      • For most cloud providers this will automatically be provisioned

  • A valid ThreadFix license

  • A kubernetes user with proper permissions

Suitable for large scale deployments where resources can be added to handle greater throughput of scans and vulnerability data.

Recommended Pre-requisites

Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFBDAD

It is recommended to not make any edits or changes to the Helm charts in order to avoid undesired performance. Any necessary changes should be done through the value files.

Installation

For the following instructions, add '-n ' to any kubectl or helm install if installing ThreadFix to separate namespace.

  1. Create myValues directory (if it does not exist).

    Code Block
    mkdir -p myValues

  2. If any other steps from the “Preparation Guides” have been

completeddone

  • Add the ThreadFix Helm repository by running the following command

    Code Block
    helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/

    • Update the repositories by running:

    Code Block
    helm repo update

    1. completed, ensure that their resulting values files reside in the myValues directory.

    2. Create a ThreadFix license configuration.

      1. Locate the threadfix.license file.

      2. Run the following command (replacing <threadfix.license-path> with the path to the license file):

        Code Block
        kubectl create secret generic tf-license --from-file=threadfix.license=<threadfix.license-path>

    3. Create a TLS certificate configuration (optional).

      1. Convert the TLS certificate to base 64 encoded PEM if in a different format. For more information see the Adding a TLS Certificate (Kubernetes) guide.

      2. Run the following (replacing <tls-key> and <tls-cert> with their respective paths):

        Code Block
        kubectl create secret tls tf-tls --key <tls-key> --cert <tls-cert>

      3. Create TLS configuration values.

        Code Block
        echo "kong:
  env:
    SSL_CERT: /etc/secrets/tf-tls/tls.crt
    SSL_CERT_KEY: /etc/secrets/tf-tls/tls.key
  secretVolumes:
    - tf-tls" > myValues/tls.yaml

    Add the ThreadFix Helm repository:

    1. Generate a unique password for PostgreSQL.

      Code Block
      PG_PASSWORD=$(openssl rand -base64 25)

    2. Create a myValues.yaml file.

      Code Block
      echo "kong:
  postgresql:
    auth:
    postgresqlPassword
    1.   password: $PG_PASSWORD
global:
  threadfix:
    licenseCMOverride: tf-license" > myValues/myValues.yaml
    2. Generate a helm args for all of the values files.
       Code Block
      HELM_INSTALL_ARGS=$(for values_file in myValues/*.yaml; do echo -n "-f $values_file "; done)
    3. Add the ThreadFix Helm repository:
      1. Add the ThreadFix Helm repository by running the following command
         Code Block
        helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/
      2. Update the repositories by running:
         Code Block
        helm repo update
    4. (Optional) If the above step fails to update due to firewall restrictions, download the helm chart manually through a browser
      1. Navigate to the Release Notes section of this space
      2. Click the “manual helm download”
      3. Copy the resulting tgz file to the machine Helm will install from
      4. In the helm install command below, replace denimgroup/threadfix with the path to the downloaded helm chart. Example: helm install tf threadfix-3.1.0.tgz $HELM_INSTALL_ARGS
    5. Install ThreadFix with the following command:
       Code Block
      helm install tf denimgroup/threadfix $HELM_INSTALL_ARGS
       
    6. ThreadFix will automatically generate internal credentials. Save these in a secure location for recovery purposes.
      1. Network Properties:
         Code Block
        kubectl get secrets tf-network-props -o 'go-template={{index .data "network.properties"}}' | base64 -d
      2. Database password:
         Code Block
        kubectl get secret tf-db -o jsonpath={.data.password} | base64 -d
      3. Postgres password:
         Code Block
        kubectl get secret tf-postgresql -o jsonpath={.data.postgresql-password} | base64 -d
         
    7. The Helm command will return instruction on how to retrieve the load balancer address for the ThreadFix installation. Follow the progress of the installation with the following.
       Code Block
      kubectl get po -w
       
    8. When all pods report the status Running or Completed, the installation is complete and ready to use.
    Table of Contents
     Table of Contents
    maxLevel7
    minLevel1