This document outlines how to install the Deepfactor portal in your Kubernetes cluster using a Helm chart. This installation process is intended for scenarios where customization needs to be performed during the installation.
For a simpler installation process that uses default choices for most options, visit Deploying Deepfactor Portal in your Kubernetes Cluster.
Requirements
To deploy the Deepfactor portal on Kubernetes, the following are required.
-
kubectl is compatible with your cluster.
-
Helm v3
-
A Kubernetes cluster, 1.19 through 1.21. 8vCPU and 32GB of RAM are recommended.
-
A valid Deepfactor Portal key. You can obtain the key by registering on Deepfactor's website.
-
TLS Certificates in PEM format.
Installation
1. Generate TLS certificate
Self signed certificate | Create self-signed certificate for Deepfactor Portal on your K8s cluster |
AWS private CA certificate | Create AWS Private CA Certificate for Deepfactor Portal on your K8s cluster |
Let's Encrypt certificate | Create Let's Encrypt certificate for Deepfactor Portal on your K8s cluster |
Note: The following steps assume that you have already create the deepfactor namespace as part of this step. If not already done, please execute the following command to create it
kubectl create ns deepfactor
2. Add the Deepfactor Helm chart repo
helm repo add deepfactor https://static.deepfactor.io/helm-charts
helm repo update
3. Create an override.yaml file with your config
Note: If you are using cert-manager replace app.deepfactor.io with the name of the secret created by the cert-manager issued certificate
dfstartup:
config:
firstName: Alice
lastName: Smith
emailID: alice@example.io
ttlDays: 30
ingress:
hostName: app.deepfactor.io
secretName: app.deepfactor.io
4. Install the portal
helm install df-stable deepfactor/deepfactor -n deepfactor \
-f override.yaml \
--set dfstartup.config.password=YOUR_PORTAL_PASSWORD \
--set dfstartup.config.portalToken= \
"YOUR_DEEPFACTOR_LICENSE_KEY_FROM_MY.DEEPFACTOR.IO"
Advanced Configuration
The Deepfactor Helm charts support additional configurable values that can be specified in the override.yaml file.
dfstartup.config.firstName |
First name of the admin login for the portal |
|
Yes |
dfstartup.config.lastName |
Last name of the admin login for the portal |
|
Yes |
dfstartup.config.emailID |
Email id of the first/admin login for the portal |
|
Yes |
dfstartup.config.ttlDays |
The number of days to retain the telemetry |
|
Yes |
dfstartup.config.password |
The password of the first/admin login for the portal |
|
Yes |
dfstartup.config.portalToken |
The Deepfactor portal license key that can be obtained from https://my.deepfactor.io |
|
Yes |
appSettings.numberOfConcurrentWebScansAllowed |
The number of concurrent webscans allowed on this portal |
1 |
No |
deepfactorImageRegistry |
The registry to fetch the deepfactor service images from |
|
No |
imagePullSecrets |
The secret that contains the image pull dockerconfig to pull from private registries |
|
No |
ingress-nginx.enablemodule |
The Deepfactor portal by default creates an ingress-nginx controller. You would have to disable this if you choose to use an existing ingress |
true |
No |
ingress-nginx.tcp.13443 |
|
|
No |
nginx.service.proxyPort |
The port number to use for the webscan proxy |
13443 |
No |
webappsvc.zapPod.memReq |
The memory request for the webscan pod |
8Gi |
No |
webappsvc.zapPod.memLimit |
The memory limit for the webscan pod |
16Gi |
No |
postgres.password |
The password for the postgres database used by the portal |
Auto-generated random password |
No |
postgres.storage.requests |
The storage size that is requested for the postgres database |
100Gi |
No |
clickhouse.password |
The password for the clickhouse database used by the portal |
Auto-generated random password |
No |
clickhouse.storage.requests |
The storage size that is requested for the clickhouse database |
300Gi |
No |
Customizations
We understand that different enterprises have different policies for Kubernetes clusters and hence we provide a rich set of customizations for our Deepfactor K8s portal installation. You can specify an override.yaml file while deploying our helm charts in your cluster. Some common customization scenarios are captured in the following article
Comments
0 comments
Please sign in to leave a comment.