Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
📙 You will learn
How to install ThreadFix 3.1 X with a private Docker registry.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: If anyN/A
Internally developed containers follow the bitnami imageRegistry pattern so all ThreadFix and bitnami images can be set to use a different registry by setting the parameter global.imageRegistry in Helm values.
Other 3rd-party containers used by ThreadFix do not follow this convention and must be manually set per container. The list of images may change from release to release.
Retrieve
images neededImages Needed by ThreadFix
If the ThreadFix helm repository has not been installed, add it with the following command:
Code Block helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/
Update the helm repository.
Code Block helm repo update
(Optional) If the above step fails due to firewall rules blocking download, the helm chart may be manually downloaded through a browser:
Navigate to Release Notes page for the version being installed and clicking the “manual download” link.
In the following guide, replace instances of
denimgroup/threadfix
with the name of the tgz file downloaded. Examplethreadfix-3.1.0.tgz
Retrieve the list of images to pull from public docker repositories.
Code Block helm template tf denimgroup/threadfix | grep -oE 'image:.*' | sort -u | sed -e 's|image: ||g' -e 's|"||g'
Follow the user’s company’s policies and procedures to add these images to the private docker registry.
Installing with
privatePrivate Docker
registryRegistry
If the user’s private repository is a mirror of public repositories or follows the same naming conventions as public repositories, use the following instructions.
Create myValues dir (if it does not already exist).
Code Block mkdir -p myValues
Set the name of the private registry (replace
<imageRegistry>
with the appropraite appropriate value).Code Block IMAGE_REGISTRY=<imageRegistry>
Create a registry.yaml file with the following contents (replace <imageRegistry>) with the fqdn of the user’s private registry):.
Code Block echo "global: imageRegistry: $IMAGE_REGISTRY kong: image: repository: $IMAGE_REGISTRY/kong ingressController: image: repository: $IMAGE_REGISTRY/kong/kubernetes-ingress-controller kafka: image: repository: $IMAGE_REGISTRY/confluentinc/cp-kafka zk: image: repository: $IMAGE_REGISTRY/confluentinc/cp-zookeeper db: image: repository: $IMAGE_REGISTRY/mysql ## > 3.1.0 only settings minio: image: repository: $IMAGE_REGISTRY/minio/minio" > myValues/privateRepo.yaml
Follow standard installation instructions.
Installing with
privatePrivate Docker
registry and custom repository namesRegistry and Custom Repository Names
If the user’s private image registry uses different names for repositories, change each repository name to the name of the image being used.
Create myValues dir (if it does not already exist).
Code Block mkdir -p myValues
Create a repositories.yaml file in the myValues directory with the following content (replace <imageRegistry> with the FQDN of the user’s registry and <imageRepository> with the name of the container's corresponding image).
Code Block global: imageRegistry: <imageRegistry> #docker.io waitImageOverride: <imageRegistry>/<imageRepository>:<imageTag> appsec: image: repository: <imageRepository> #denimgroup/appsec migration: image: repository: <imageRepository> #denimgroup/appsec-migration auth: image: repository: <imageRepository> #denimgroup/auth crud: image: repository: <imageRepository> #denimgroup/crudapi migration: image: repository: <imageRepository> #denimgroup/dbtools defect: image: repository: <imageRepository> #denimgroup/defect importer: image: repository: <imageRepository> #denimgroup/importer processor: image: repository: <imageRepository> #denimgroup/processor provider: image: repository: <imageRepository> #denimgroup/provider-web migration: image: repository: <imageRepository> #denimgroup/provider-migration ui: image: repository: <imageRepository> #denimgroup/ui websocket: image: repository: <imageRepository> #denimgroup/notifier kong: image: repository: <imageRegistry>/<imageRepository> #kong ingressController: image: repository: <imageRegistry>/<imageRepository> #kong-dockerkubernetes- ingress-controller.bintray.io/kong-ingress-controller postgresql: image: repository: <imageRepository> #bitnami/postgresql kafka: image: repository: <imageRegistry>/<imageRepository> #confluentinc/cpkafka zk: image: repository: <imageRegistry>/<imageRepository> #confluentinc/cpzookeeper db: image: repository: <imageRegistry>/<imageRepository> #mysql ## >3.1.0 only appsecdata: image: repository: <imageRepository> #denimgroup/appsec-data appsecimporter: image: repository: <imageRepository> #denimgroup/appsec-importer appsecvip: image: repository: <imageRepository> #denimgroup/appsec-vip jobcoordinator: image: repository: <imageRepository> #denimgroup/job-coordinator queue: image: repository: <imageRepository> #denimgroup/queue-api minio: image: repository: <imageRegistry>/<imageRepository> #minio/minio
Follow normal installation instructionsFinish any other tasks from the Installation Checklist , then Install with Helm.
Using Image Pull Secrets
Create an image pull secret in Kubernetes. Additional information here.
Set the name of the image pull secret in bash.
Code Block PULL_SECRET=<name_of_secret>
Create an values file containing the image pull secret.
Code Block echo "global: imagePullSecrets: - $PULL_SECRET kong: image: pullSecrets: - $PULL_SECRET kafka: imagePullSecrets: - name: $PULL_SECRET" > myValues/pullSecrets.yaml
Finish any other tasks from the Installation Checklist , then Install with Helm.
Table of Contents
Table of Contents |
---|