Install CloudDefense.AI Helm on a Kubernetes Cluster

Modified on Thu, 5 Sep at 7:37 PM

Prerequisites

  • A Kubernetes cluster with nodes having linux/amd64 architecture.

Development Environment

  • Helm (v3 or above)

  • Kubernetes Cluster (kubectl)

    • Minimum Requirement: 1 Node (2 vCPU, 8 GB RAM)

    • Recommended Requirements: 2 Nodes (2 vCPUs, 16 GB RAM)

Production Environment

  • Helm (v3 or above)

  • Managed Postgres Instance (e.g., AWS RDS with db.r5.large specifications)

  • Kubernetes Cluster (kubectl)

  • On-Demand Nodes in Node Groups with Labels

Installation Guide


1. Install Cluster Auto-Scaler

2. Install Kafka

  • Download the Kafka Helm repo (Bitnami):
    helm repo add bitnami <https://charts.bitnami.com/bitnami>

  • Install Kafka Helm:
    helm install kafka bitnami/kafka -f values.yaml --debug

Ensure to customize values.yaml as per your requirements.

3. Install CloudDefense.AI Helm


  1. Clone the Cloud Defense.AI charts repository:
    git clone <https://github.com/CloudDefenseAI/charts>

  1. Create roles, role bindings, and service accounts:
    kubectl apply -f charts/cdefense/rbac

  1. Create secrets:
    kubectl apply -f charts/cdefense/secrets

  1. Add CloudDefense.AI Helm repo:
    helm repo add cdefense <https://clouddefenseai.github.io/charts/>

  1. Install CloudDefense.AI:

helm install cdefense cdefense/cdefense --debug

  1. Update/Upgrade CloudDefense.AI:
    helm upgrade cdefense cdefense/cdefense



4. Configure CloudDefense Helm for SSO

In order to enable Single Sign-On (SSO) with different identity providers such as GitHub, GitLab, Bitbucket, or Microsoft, follow these steps:

  1. Create IDs and secrets for GitHub, GitLab, Bitbucket, and Microsoft:

  • Go to the respective identity provider's developer portal.

  • Create a new OAuth App.

  • Set the Homepage URL as the base URL of your application.

  • Set the Authorization callback URL as https://{base_url}/auth/realms/cdefense/broker/{provider}/endpoint.

Create Secrets on Kubernetes Cluster:

Create a Kubernetes secret containing the necessary authentication information. You can either create the secret directly or use a YAML file as shown below:

apiVersion: v1

kind: Secret

metadata:

  name: authservice-secrets

  type: Opaque

stringData:

  SENDGRID_KEY:

  GOOGLE_CLIENT_ID:

  GOOGLE_CLIENT_SECRET:

  GITHUB_CLIENT_ID:

  GITHUB_CLIENT_SECRET:

  GITLAB_APPLICATION_ID:

  GITLAB_APPLICATION_SECRET:

  BITBUCKET_KEY:

  BITBUCKET_SECRET:

  MICROSOFT_CLIENT_ID:

  MICROSOFT_CLIENT_SECRET:


        2. Restart AuthService Pod:

             Apply the created secret to the cluster and restart the AuthService pod:

             kubectl apply -f authservice-secrets.yaml

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article