Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

📙 You will learn

How to install ThreadFix 3.X and its dependencies on a standalone virtual machine and an existing Kubernetes Cluster.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A

Suitable for large scale deployments where resources can be added to handle greater throughput of scans and vulnerability data.

Requirements

  • Helm >= 3.2

  • kubectl

  • Running kubernetes cluster with the following:

    • >= 32 GB RAM available in cluster

      • >=8 GB RAM per node

    • > 4 core equivalents available in cluster

    • > 250 GB disk space available in default storage provider

      • For most cloud providers this will automatically be provisioned

Installation

For the following instructions, add '-n ' to any kubectl or helm install if installing ThreadFix to separate namespace.

  1. Create a ThreadFix license configuration.

    1. Locate the threadfix.license file.

    2. Run the following command (replacing <threadfix.license-path> with the path to the license file):

      kubectl create secret generic tf-license --from-file=threadfix.license=<threadfix.license-path>

  2. Create a TLS certificate configuration.

    1. Convert the TLS certificate to base 64 encoded PEM if in a different format.

    2. Run the following(replacing <tls-key> and <tls-cert> with their respective paths):

      kubectl create secret tls tf-tls --key <tls-key> --cert <tls-cert>

  3. Add the ThreadFix Helm repository:

    1. Add the ThreadFix Helm repository by running the following command:

      helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/

    2. Update the repositories by running:

      helm repo update

  4. Create a myValues.yaml file with the following (replace <password> with a randomly generated password of choice): 

    kong:
  env:
    SSL_CERT: /etc/secrets/tf-tls/tls.crt
    SSL_CERT_KEY: /etc/secrets/tf-tls/tls.key
  secretVolumes:
    - tf-tls
  postgresql:
    postgresqlPassword: <password>
global:
  threadfix:
    licenseCMOverride: tf-license

  5. Install ThreadFix with the following command:

    helm install tf denimgroup/threadfix -f myValues.yaml

  6. ThreadFix will automatically generate internal credentials. Save these in a secure location for recovery purposes.

    1. Network Properties:

      kubectl get secrets tf-network-props -o 'go-template={{index .data "network.properties"}}' | base64 -d

    2. Database password:

      kubectl get secret tf-db -o jsonpath={.data.password} | base64 -d

    3. Postgres password:

      kubectl get secret tf-postgresql -o jsonpath={.data.postgresql-password} | base64 -d

  7. The Helm command will return instruction on how to retrieve the load balancer address for the ThreadFix installation. Follow the progress of the installation with the following.

    kubectl get po -w

  8. When all pods report the status Running, the installation is complete and ready to use.

Table of Contents

  • No labels

[www.threadfix.it] | [www.coalfire.com]
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.