Deepfactor provides several ways of deploying the Deepfactor Portal on-premises.
The following article describes how to deploy the Deepfactor portal in your Kubernetes cluster including Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), Rancher, etc.
This document describes the easiest way to install the portal in a k8s cluster, using a script that configures most of the default settings for you. If you would prefer a more customizable installation that uses a helm chart, follow these instructions instead: Install Deepfactor Portal using Helm.
Prerequisites
- A Kubernetes cluster (recommended version 1.18 or higher) with the following capacity:
- A three-node cluster with 2X m5.large (8GB) and 1x m5.xlarge (16GB) is required for running DAST scans.
If you do not have a K8s cluster, you can choose to deploy Deepfactor using the OVA or AMI service providers documentation to bring up a K8s cluster.
Some relevant links are placed below for quick reference.
AWS - https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html
Azure - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
GCP - https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-zonal-cluster#console
- Helm3 and kubectl installed on your local machine from which you intend to install Deepfactor Portal
https://helm.sh/docs/intro/install/
https://docs.docker.com/engine/install/ - kube-config for your K8s cluster on your local machine.
- An SSL certificate for the domain you want to assign to the Deepfactor portal. For example, deepfactor.mycompany.com. If you want to generate and use a self-signed certificate, you can choose to do so, during the course of installation.
Installing Deepfactor Portal
Download and run the Deepfactor portal installation interactive script.
bash -c "$(curl -L https://static.deepfactor.io/scripts/public/df-portal/installer/df-portal-installer.sh)"
You will be asked the following parameters during the course of the installation:
Parameter |
Description |
Hostname |
Deepfactor Portal will use this hostname. If you choose to provide your own certificate, it should be valid for this hostname. If you choose to generate a self-signed certificate, this value will be set in 'Common Name'. Provide hostname for the portal : staging.deepfactor.io |
Certificate |
You can choose to generate a self-signed certificate or provide your own. Do you want to continue with a Self Signed Certificate? [Y/N]? If you choose 'N', you will be prompted to provide the following: Provide portal key file path : ./my_private_key.pem If you choose 'Y', the script will download the required files and generate a self-signed certificate for your portal. |
Image Registry |
By default, Deepfactor portal images are pulled from public.ecr.aws/deepfactor/. If you intend to use your own registry, you can provide the registry path. If you are using a registry that requires authentication, then please provide the path of the docker config file. Provide image registry name if you want to update it, default (public.ecr.aws/deepfactor/): index.docker.io/ |
Portal admin user details |
Provide first name of admin : |
TTL in days |
This is the number of days for which the telemetry will be retained in the portal DB. Note: The alerts raised will be preserved forever. However, only the telemetry events received from your running applications will be deleted at the end of the TTL period. Provide TTL days : 180 |
Portal Token |
You will need to signup on my.deepfactor.io to get this token. Provide portal token (get it from https://my.deepfactor.io): |
Memory request and limit for a DAST scan pod |
When you launch a DAST scan from the portal or Deepfactor API, a job will launch a pod for the scan. The pod will terminate when the scan ends. You can set the memory request and memory limit for this pod. We recommend an 8Gi memory request and a 16Gi memory limit. Press Enter to use the default values. Default and Recommended memory request of zap scan is 8Gi, provide a value to update it : |
Vault configuration |
If you use a vault for storing secrets in your Kubernetes cluster, Deepfactor can pull the JWT secret from the vault. Please read Install and use Vault with Deepfactor Portal to learn more. Enter 'N' or press Enter to continue without a vault. Is vault configured to store secret? [y/N]? : y |
Uninstalling Deepfactor Portal
Run the following command to uninstall the Deepfactor portal.
helm uninstall df-stable --namespace=deepfactor
Delete the postgres and clickhouse pvc to free up the space.
Note: You will lose all the telemetry and alert data.
kubectl get pvc --namespace=deepfactor kubectl delete pvc <postgres-pvc-name> <clickhouse-pvc-name> <archivestore-pvc-name> <symbolsvc-pvc-name> --namespace=deepfactor
kubectl get secrets -n deepfactor kubectl delete secrets regcred deepfactor-certs <ingress-secret-name> -n deepfactor
Comments
0 comments
Please sign in to leave a comment.