Installation in a Kubernetes cluster¶
Compatible software versions¶
| Recommended Software | Alternative Software | ||
|---|---|---|---|
| Helm | 3 | - | - |
| PostgreSQL | 13+ | Postgres DB (Platform V Pangolin SE) | 6.x.x * |
| MinIO | Latest * | Ceph | Latest * |
* Standard APIs are used
Preparing for installation¶
Distribution structure¶
The distribution directory contains the following main files:
| File name | Description |
|---|---|
values.yaml |
A file containing the values of the variables required for deployment. Manual editing of the parameters is required before deployment |
images/gujian-backend.tar |
The image of the container with the backend |
images/gujian-dashboard.tar |
The image of the container with the control panel |
images/gujian-fuchsiad.tar |
The image of the container with the scanning service |
Important
If the previous installation is being updated, it is enough to reuse previously created parameters in values.yaml for databases and for S3 storage. Data structures and schemas will be automatically updated when a new version is launched.
The structure of the values.yaml file may differ in different versions of the distribution.
Deploying a database for the scanning service¶
It is necessary to deploy a PostgreSQL-based database for the scanning service with the following list of parameters, then enter the values in the parameters of the values.yaml file:
values.yaml parameter |
Value | Description |
|---|---|---|
FUCHSIAD_POSTGRES_SERVER_URL |
The address of the database server in the format ip:port |
Scanning service database URL |
FUCHSIAD_POSTGRES_DB |
fuchsiad |
Scanning service database name |
FUCHSIAD_POSTGRES_USER |
fuchsiad |
Username for the scanning service database |
FUCHSIAD_POSTGRES_PASSWORD |
*** | User password |
FUCHSIAD_POSTGRES_SSL_MODE |
require |
Regulates the use of the SSL protocol to connect to the database |
Deploying a database for the backend¶
It is necessary to deploy a PostgreSQL-based database for the backend with the following list of parameters, then enter the values in the parameters of the values.yaml file:
values.yaml parameter |
Value | Description |
|---|---|---|
BACKEND_POSTGRES_SERVER_URL |
The address of the database server in the format ip:port |
Backend database URL |
BACKEND_POSTGRES_DB |
backend |
Backend database name |
BACKEND_POSTGRES_USER |
backend |
Username for the backend database |
BACKEND_POSTGRES_PASSWORD |
*** | User password |
BACKEND_POSTGRES_SSL_MODE |
require |
Regulates the use of the SSL protocol to connect to the database |
S3 connection parameters for the scanning service¶
Pre-creation of buckets in S3 storage is not required, they are automatically created by the scanner. The parameter values must be assigned to the corresponding parameters of the values.yaml file:
values.yaml parameter |
Value | Description |
|---|---|---|
S3_SERVER_URL |
MinIO server | URL of the S3 API interface |
S3_ROOT_USER |
User | S3 user with bucket creation rights |
S3_ROOT_PASSWORD |
*** | User password |
Uploading container images to the corporate image registry¶
Upload three images to the corporate Docker registry. For all three images, edit the contents of the values.yaml file as indicated below:
values.yaml parameter |
Manufacturer's parameters. They must be changed to the ones relevant for the internal registry | Description |
|---|---|---|
dashboard.repository |
nexus.gujian.cloud/gujian-dast/gujian-dashboard |
images/gujian-dashboard.tar image name after uploading to the corporate registry |
dashboard.tag |
2024-04-15 |
images/gujian-dashboard.tar image tag after uploading to the corporate registry |
backend.repository |
nexus.gujian.cloud/gujian-dast/gujian-backend |
images/gujian-backend.tar image name after uploading to the corporate registry |
backend.tag |
2024-04-15 |
images/gujian-backend.tar image tag after uploading to the corporate registry |
fuchsiad.repository |
nexus.gujian.cloud/gujian-dast/gujian-fuchsiad |
images/gujian-fuchsiad.tar image name after uploading to the corporate registry |
fuchsiad.tag |
2024-04-15 |
images/gujian-fuchsiad.tar image tag after uploading to the corporate registry |
Creating a secret for the corporate Docker Registry¶
If the corporate Docker Registry is only accessible via authentication, you need to create a secret in the namespace where you plan to install the application, for example:
apiVersion: v1
kind: Secret
metadata:
name: nexus
namespace: fuchsia
data:
.dockerconfigjson: [config]
type: kubernetes.io/dockerconfigjson
The name of this secret must be entered in the values.yaml file.
values.yaml parameter |
Parameters out of the box. Must be changed to the current ones | Description |
|---|---|---|
imagePullSecrets |
Parameters | The secret to accessing the Corporate Docker Registry |
Installation in a Kubernetes cluster¶
Deployment using Helm¶
At this stage, the values.yaml file with the current parameters should have already been edited. To deploy on the server, run the command:
Accessibility from an external network¶
To ensure the accessibility of the web interface, it is necessary to make the gujian-dash-dashboard service available.