October 2022 - Known Issue Warning: Following changes in the K8 APIs, installing or upgrading ThreadFix on Kubernetes versions 1.25 or newer will fail. This issue will be addressed in the next ThreadFix release.
📙 You will learn
How to install ThreadFix and its dependencies on an existing Kubernetes Cluster.
Prerequisites
Audience: IT Professional Difficulty: Intermediate Time needed: Approximately 10 minutes Tools required: N/A
Suitable for large scale deployments where resources can be added to handle greater throughput of scans and vulnerability data.
Minimum Requirements
Helm >= 3.5
kubectl
Running kubernetes cluster with the following:
Version >=1.16
>= 32 GB RAM available in cluster
>=8 GB RAM per node
> 4 core equivalents available in cluster
> 250 GB disk space available in default storage provider
For most cloud providers this will automatically be provisioned
(Optional) If the above step fails to update due to firewall restrictions, download the helm chart manually through a browser
Navigate to the Release Notes section of this space
Click the “manual helm download”
Copy the resulting tgz file to the machine Helm will install from
In the helm install command below, replace denimgroup/threadfix with the path to the downloaded helm chart. Example: helm install tf threadfix-3.1.0.tgz $HELM_INSTALL_ARGS
kubectl get secret tf-db -o jsonpath={.data.password} | base64 -d
Postgres password:
kubectl get secret tf-postgresql -o jsonpath={.data.postgresql-password} | base64 -d
The Helm command will return instruction on how to retrieve the load balancer address for the ThreadFix installation. Follow the progress of the installation with the following.
kubectl get po -w
When all pods report the status Running or Completed, the installation is complete and ready to use.