As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
Install with Helm
You will learn
How to install ThreadFix and its dependencies on an existing Kubernetes Cluster.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A
Minimum Requirements
Helm >= 3.5
kubectl
Running kubernetes cluster with the following:
Version >=1.16
>= 32 GB RAM available in cluster
>=8 GB RAM per node
> 4 core equivalents available in cluster
> 250 GB disk space available in default storage provider
For most cloud providers this will automatically be provisioned
A valid ThreadFix license
A kubernetes user with proper permissions
Suitable for large scale deployments where resources can be added to handle greater throughput of scans and vulnerability data.
Recommended Pre-requisites
A valid TLS certificate for a ThreadFix installation in PEM format
Kubernetes cluster meeting the user’s installation capacity, note the System Recommendations
Follow any applicable Pre-Installation Platform Setup prior to installation
Follow any applicable pre-install tasks prior to installation Installation Checklist
It is recommended to not make any edits or changes to the Helm charts in order to avoid undesired performance. Any necessary changes should be done through the value files.
Installation
For the following instructions, add '-n ' to any kubectl
or helm install
if installing ThreadFix to separate namespace.
Create myValues directory (if it does not exist).
mkdir -p myValues
If any other steps from the “Preparation Guides” have been completed, ensure that their resulting values files reside in the
myValues
directory.Create a ThreadFix license configuration.
Locate the threadfix.license file.
Run the following command (replacing <threadfix.license-path> with the path to the license file):
kubectl create secret generic tf-license --from-file=threadfix.license=<threadfix.license-path>
Create a TLS certificate configuration (optional).
Convert the TLS certificate to base 64 encoded PEM if in a different format. For more information see the Adding a TLS Certificate (Kubernetes) guide.
Run the following (replacing <tls-key> and <tls-cert> with their respective paths):
kubectl create secret tls tf-tls --key <tls-key> --cert <tls-cert>
Create TLS configuration values.
Generate a unique password for PostgreSQL.
Create a myValues.yaml file.
Generate a helm args for all of the values files.
Add the ThreadFix Helm repository:
Add the ThreadFix Helm repository by running the following command
Update the repositories by running:
(Optional) If the above step fails to update due to firewall restrictions, download the helm chart manually through a browser
Navigate to the Release Notes section of this space
Click the “manual helm download”
Copy the resulting tgz file to the machine Helm will install from
In the
helm install
command below, replacedenimgroup/threadfix
with the path to the downloaded helm chart. Example:helm install tf threadfix-3.1.0.tgz $HELM_INSTALL_ARGS
Install ThreadFix with the following command:
ThreadFix will automatically generate internal credentials. Save these in a secure location for recovery purposes.
Network Properties:
Database password:
Postgres password:
The Helm command will return instruction on how to retrieve the load balancer address for the ThreadFix installation. Follow the progress of the installation with the following.
When all pods report the status Running or Completed, the installation is complete and ready to use.
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.