Articles in this section

Deploying Deepfactor Portal in your Kubernetes Cluster Follow

Avatar
DeepFactor Support
  • Updated

Deepfactor provides several ways of deploying the Deepfactor Portal on-premises.
The following article describes how to deploy the Deepfactor portal in your Kubernetes cluster including Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), Rancher, etc.

 

This document describes the easiest way to install the portal in a k8s cluster, using a script that configures most of the default settings for you. If you would prefer a more customizable installation that uses a helm chart, follow these instructions instead: Install Deepfactor Portal using Helm.

 

Prerequisites

  • A Kubernetes cluster (recommended version 1.18 or higher) with the following capacity:
    • A three-node cluster with 2X m5.large (8GB) and 1x m5.xlarge (16GB) is required for running DAST scans.

If you do not have a K8s cluster, you can choose to deploy Deepfactor using the OVA or AMI service providers documentation to bring up a K8s cluster.


Some relevant links are placed below for quick reference.
AWS - https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html
Azure - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
GCP - https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-zonal-cluster#console

Installing Deepfactor Portal

Download and run the Deepfactor portal installation interactive script.

bash -c "$(curl -L https://static.deepfactor.io/scripts/public/df-portal/installer/df-portal-installer.sh)"

You will be asked the following parameters during the course of the installation:

Parameter

Description
Hostname

Deepfactor Portal will use this hostname.

If you choose to provide your own certificate, it should be valid for this hostname.

If you choose to generate a self-signed certificate, this value will be set in 'Common Name'.

Provide hostname for the portal : staging.deepfactor.io
Certificate

You can choose to generate a self-signed certificate or provide your own.

Do you want to continue with a Self Signed Certificate? [Y/N]?

If you choose 'N', you will be prompted to provide the following:

Provide portal key file path : ./my_private_key.pem 
Provide portal crt file path : ./my_crt.pem 
Provide portal ca crt file path : ./my_ca_crt.pem

If you choose 'Y', the script will download the required files and generate a self-signed certificate for your portal.
Image Registry

By default, Deepfactor portal images are pulled from public.ecr.aws/deepfactor/.

If you intend to use your own registry, you can provide the registry path. If you are using a registry that requires authentication, then please provide the path of the docker config file.

Provide image registry name if you want to update it, default (public.ecr.aws/deepfactor/): index.docker.io/ 
Provide docker config file path if you want to create image pull secret :
Portal admin user details
  • First name: Enter the first name of the portal admin user
  • Last name: Enter the last name of the portal admin user
  • Email address: Enter the email address of the portal admin. You will need this to log in to the portal once it is set up.
  • Password: Enter a password for the admin user. This value will not be displayed on the console.
    Note: You must remember the password that you specify as you will need it to log in to the portal once it is set up.
Provide first name of admin :
Provide last name of admin :
Provide email for admin :
Provide password for admin : \n
Re-enter the admin password : \n
TTL in days

This is the number of days for which the telemetry will be retained in the portal DB.

Note: The alerts raised will be preserved forever. However, only the telemetry events received from your running applications will be deleted at the end of the TTL period. 

Provide TTL days : 180
Portal Token

You will need to signup on my.deepfactor.io to get this token.

Provide portal token (get it from https://my.deepfactor.io):
Memory request and limit for a DAST scan pod

When you launch a DAST scan from the portal or Deepfactor API, a job will launch a pod for the scan.

The pod will terminate when the scan ends. You can set the memory request and memory limit for this pod. We recommend an 8Gi memory request and a 16Gi memory limit.

Press Enter to use the default values.

Default and Recommended memory request of zap scan is 8Gi, provide a value to update it :
Default and Recommended memory limit of zap scan is 16Gi, provide a value to update it :
Creating override.yaml for installation.
Vault configuration

If you use a vault for storing secrets in your Kubernetes cluster, Deepfactor can pull the JWT secret from the vault.

Please read Install and use Vault with Deepfactor Portal to learn more.

Enter 'N' or press Enter to continue without a vault.

Is vault configured to store secret? [y/N]? : y
Provide vault secret path : deepfactor
Provide vault role name : deepfactor

 

Uninstalling Deepfactor Portal

Run the following command to uninstall the Deepfactor portal.

helm uninstall df-stable --namespace=deepfactor

Delete the postgres and clickhouse pvc to free up the space.

Note: You will lose all the telemetry and alert data.

kubectl get pvc --namespace=deepfactor
kubectl delete pvc <postgres-pvc-name> <clickhouse-pvc-name> <archivestore-pvc-name> <symbolsvc-pvc-name> --namespace=deepfactor
kubectl get secrets -n deepfactor
kubectl delete secrets regcred deepfactor-certs <ingress-secret-name> -n deepfactor

Related articles

Comments

0 comments

Please sign in to leave a comment.