You will learn
📙
How to pre-install CustomResourceDefinitions as a Kubernetes admin.
Prerequisites
Audience: IT Professional
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required:
kubectl
helm
tar
The Kong component of ThreadFix requires CustomResourceDefinitions, CRDs, to function. If the user managing ThreadFix does not have the required permissions to create these resources, they can be installed and administered separately by a cluster admin.
The following must be performed by a user with create customresourcedefinition permissions
Verify that the current user has permission to create customresourcedefinitions:
kubectl auth can-i create customresourcedefinition
If it has not already been performed, add the denimgroup helm repository:
helm repo add denimgroup https://threadfix-downloads.s3-us-west-2.amazonaws.com/helm/
Pull the most recent helm chart for ThreadFix:
helm pull denimgroup/threadfix
Extract the CRDs from the ThreadFix chart:
tar -zvxf threadfix-*.tgz threadfix/charts/kong/crds
Apply the CRDs for kong:
kubectl apply -f threadfix/charts/kong/crds
After the CRDs have been created on the Kubernetes cluster, the user that will install ThreadFix will need to verify that they have access to create resources under these new CRDs.
The following should be performed by the user who will install ThreadFix
Verify that the user has the ability to create resources for the new CRDs:
kubectl auth can-i create kongconsumers.configuration.konghq.com kubectl auth can-i create kongcredentials.configuration.konghq.com kubectl auth can-i create kongingresses.configuration.konghq.com kubectl auth can-i create kongplugins.configuration.konghq.com
A user without create permissions on CRDs can install ThreadFix by following the Install with Helm - 3.1 For Review WIP and appending --skip-crds
to the helm install command.
Example:
helm install tf denimgroup/threadfix -f myValues.yaml --skip-crds