sde$ kubectl get nodes NAME STATUS ROLES AGE VERSION master1 Ready control-plane,master 23h v1.21.0 master2 Ready control-plane,master 23h v1.21.0 master3 Ready control-plane,master 23h v1.21.0 worker1 Ready <none> 23h v1.21.0 worker2 Ready <none> 23h v1.21.0 worker3 Ready <none> 23h v1.21.0
Deploy SD Elements using Helm
Table of Contents
- Confirm the functionality of the Kubernetes cluster
- Deploy SD Elements
- Note: RELEASE_NAME is an example, replace it with an appropriate name for this deployment
- Confirm the helm chart has been installed
- Validate the state of the pods
- Access SD Elements
- Upgrade SD Elements
- Undeploy SD Elements
- Additional Information
This page contains information about common helm tasks. More information can also be found on the Requirements page.
For information on OpenShift configuration, see Advanced Configuration
Confirm the functionality of the Kubernetes cluster
All nodes should be 'Ready'.
Deploy SD Elements
Prerequisites:
-
Verify your installation prerequisites using a checklist like the following:
| Sr No | Prerequisite Item | Verified | Example Variable |
|---|---|---|---|
1 |
SDE version to install |
Yes/No |
|
2 |
The Helm release name for the SDE installation |
Yes/No |
|
3 |
Yes/No |
|
|
4 |
Shared Object Storage configured (e.g. AWS S3) (See Shared Object Storage) |
Yes/No |
|
5 |
DNS service installed and configured |
Yes/No |
N/A |
| Nginx is the ingress controller used to test deployment compatibility among versions of SD Elements and EKS. Your deployment may use a different ingress controller. |
| See Tested Versions for Kubernetes versions compatible with the SD Elements installation. |
Steps:
-
Create a file
values.custom.yamlwith the following content:
global:
imageRegistryUsername: <SERVICE_USERNAME>
imageRegistryPassword: <SERVICE_PASSWORD>
sharedStorage:
bucketName: <BUCKET_NAME>
s3Url: https://s3.<S3_REGION>.amazonaws.com
s3AccessKey: <S3_ACCESS_KEY>
s3SecretKey: <S3_SECRET_KEY>
sde:
jwtSecret: your-jwt-secret
secretKey: your-secret-key
superuserPassword: your-superuser-password
systemAdminEmail: your-sysadmin-email@yourdomain
postgresql:
auth:
username: sde
password: your-database-password
sc-datastore:
clientPassword: your-datastore-password
rabbitmq:
auth:
erlangCookie: your-erlang-cookie
password: your-broker-password
sc-cam:
databasePassword: your-cam-database-password
brokerPassword: your-cam-broker-password| Replace any remaining passwords and secrets with random strings unique for your installation. Manage these secrets like any software that requires version control. |
| Such keys and passwords encrypt or otherwise protect assets within your application. Subsequent changes to them could have potentially negative consequences, including SD Elements becoming unable to decrypt data. For a list of those items that should not be changed, please see Additional Information. |
-
Add the SD Elements Helm Repository
$ helm repo add sdelements https://repository.securitycompass.com/artifactory/sde-helm-prod \
--username <SERVICE_USERNAME> \
--password <SERVICE_PASSWORD>-
Install the SD Elements chart
Note: RELEASE_NAME is an example, replace it with an appropriate name for this deployment
$ helm install RELEASE_NAME sdelements/sde --version <SDE_VERSION> --values values.custom.yaml
Confirm the helm chart has been installed
$ helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
RELEASE_NAME default 1 2023-03-22 17:22:18.453487279 -0400 EDT deployed sde-2023.1.00 2023.1.00Validate the state of the pods
Pods associated with scheduled jobs such as integration may also show a status of 'Completed'.
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
RELEASE_NAME-web-7768cbd679-txcw5 1/1 Running 0 15m
RELEASE_NAME-database-cdd77f87-2qcx7 1/1 Running 0 15m
RELEASE_NAME-broker-545db96954-wjc8t 1/1 Running 0 15m
RELEASE_NAME-mailer-68bd5f8774-nsl5j 1/1 Running 0 15m
RELEASE_NAME-worker-15-sde-medium-fb9bc4dcb-7pgfg 1/1 Running 0 15m
RELEASE_NAME-worker-17-5454776c46-4c44n 1/1 Running 0 15m
RELEASE_NAME-reporting-78b6c954cc-lcdk2 1/2 Running 0 15m
RELEASE_NAME-data-store-85c47469fb-k76gr 1/1 Running 0 15m
RELEASE_NAME-worker-10-779c76588c-psvhv 1/1 Running 0 15m
RELEASE_NAME-worker-18-sde-low-87fc95ddb-l8nk7 1/1 Running 0 15mAccess SD Elements
| It usually takes around 5-10 minutes to deploy SD Elements depending on the cluster performance and download speeds. During this time a custom friendly 503 message will be shown. |
Access to SD Elements is completed through its web service and the nginx controller you’ve selected for use can be configured to provide client access to SD Elements (see Requirements).
Upgrade SD Elements
Refer to the section on how to upgrade SD Elements.
Undeploy SD Elements
Kubernetes storage retention policies include Delete, which will delete data from PersistentVolumes if the PersistentVolumeClaim is removed, or Retain, which won’t. To prevent unexpected data loss when uninstalling helm charts, be aware of the configured retention policy for your PersistentVolume or StorageClass.
|
Steps:
-
Get a list of deployed charts (installed releases)
helm list -
Uninstall a release
helm uninstall <RELEASE_NAME>
SD Elements is no longer deployed.
Additional Information
The following parameters should not be updated by using helm upgrade …:
| Parameter | Comments |
|---|---|
|
Change the superuser password using the SD Elements application |
|
|
|
|
|
This is the custom user for the sde application |
|
This password is for custom postgres user, also requires changing within the database using |
|
This password is for |
|
Also requires changing within the rabbitmq using the |
|
Required for communication between nodes, please see: Official Documentation: The Erlang Cookie |