Note for users on 3.2 or prior. October 2022 - Known Issue Warning: Following changes in the K8 APIs, installing or upgrading ThreadFix on Kubernetes versions 1.25 or newer will fail. This issue is addressed in 3.3.
📙 You will learn
How to install ThreadFix and its dependencies on an existing Kubernetes Cluster.
Prerequisites
Audience: IT Professional Difficulty: Intermediate Time needed: Approximately 10 minutes Tools required: N/A
Minimum Requirements
Helm >= 3.5
kubectl
Running kubernetes cluster with the following:
Version >=1.16
>= 32 GB RAM available in cluster
>=8 GB RAM per node
> 4 core equivalents available in cluster
> 250 GB disk space available in default storage provider
For most cloud providers this will automatically be provisioned
It is recommended to not make any edits or changes to the Helm charts in order to avoid undesired performance. Any necessary changes should be done through the value files.
Installation
For the following instructions, add '-n ' to any kubectl or helm install if installing ThreadFix to separate namespace.
Create myValues directory (if it does not exist).
mkdir -p myValues
If any other steps from the “Preparation Guides” have been completed, ensure that their resulting values files reside in the myValues directory.
Create a ThreadFix license configuration.
Locate the threadfix.license file.
Run the following command (replacing <threadfix.license-path> with the path to the license file):
(Optional) If the above step fails to update due to firewall restrictions, download the helm chart manually through a browser
Navigate to the Release Notes section of this space
Click the “manual helm download”
Copy the resulting tgz file to the machine Helm will install from
In the helm install command below, replace denimgroup/threadfix with the path to the downloaded helm chart. Example: helm install tf threadfix-3.1.0.tgz $HELM_INSTALL_ARGS
kubectl get secret tf-db -o jsonpath={.data.password} | base64 -d
Postgres password:
kubectl get secret tf-postgresql -o jsonpath={.data.postgresql-password} | base64 -d
The Helm command will return instruction on how to retrieve the load balancer address for the ThreadFix installation. Follow the progress of the installation with the following.
kubectl get po -w
When all pods report the status Running or Completed, the installation is complete and ready to use.