global:
imageRegistry: repository.securitycompass.com
imageRegistryFormat: "%s/sde-docker-%s/%s/%s:%s"
imageOrganization: prod
imageSource: sdeRequirements
Table of Contents
Security Compass Artifact Store
As of SD Elements 2023.1 (April 2023), the SD Elements Helm chart and images are delivered through a new artifact store, repository.securitycompass.com
If the SD Elements deployment environment requires network restrictions ensure the repository.securitycompass.com hostname of the new artifact store is allowed and is accessible from within the Kubernetes cluster.
For customers with existing SD Elements instances pulling images directly from the Security Compass artifact store ensure the custom values file has not overwritten these values before attempting an upgrade. Skip this step if these values have not previously been set (i.e., SD Elements was deployed using the respective defaults).
SD Elements Service Accounts
An SD Elements service account is used to access our Helm chart repository and Docker registry. These credentials are provided by the Security Compass support team: sdesupport@securitycompass.com.
Add the sdelements/sde repo using the helm repo add command.
$ helm repo add sdelements https://repository.securitycompass.com/artifactory/sde-helm-prod \
--username ${SERVICE_USERNAME} --password ${SERVICE_PASSWORD}
"sdelements" has been added to your repositories$ helm search repo sdelements
NAME CHART VERSION APP VERSION DESCRIPTION
sdelements/sde [SDE_VERSION] [SDE_VERSION] SDElements by Security Compass Ltd.Software
There are a variety of methods of orchestrating a containerized application, and platforms which support this. SD Elements requires the following:
-
Helm >= 3.10.0, preferably latest
-
A platform which supports deploying containers using Helm
-
If using Kubernetes, you must use a kubectl version that is within one minor version difference of your cluster. For example, a v1.30 client can communicate with v1.29, v1.30, and v1.31 control planes. Using the latest compatible version of kubectl helps avoid unforeseen issues. See this link for the official documentation on the matter.
-
A storage provider with support for the
ReadWriteOnlyKubernetes storage modeStarting with the SD Elements 2022.3 release, the ReadWriteManystorage mode being replaced withReadWriteOnly. Existing deployments will need it until they get upgraded to version 2022.3. A kubernetes based storage is required forReadWriteOnly. -
An ingress controller or load balancer that allows external clients to reach the SD Elements web deployment, and the ability to deploy SD Elements within such an environment. For proper configuration, consult the documentation for the solution that you selected for your environment.
-
Name resolution both within the Kubernetes cluster and for endpoints outside of it. This may be accomplished with an open-source CNI (Container Network Interface) plugin, or if using a cloud Kubernetes environment its native name resolution system.
Hardware
-
Cloud platforms that support Kubernetes will configure and manage the Kubernetes control plane, leaving the data plane resources as configurable.
The resource requirements for SD Elements depend on the specific features enabled through its configuration. For a standard installation, it is generally recommended to allocate 8 vCPUs, 32 GB of memory, and 100 GB of block storage across data nodes. -
For bare metal Kubernetes clusters, those where the administrators who will deploy SD Elements manage both the control plane and data plane, the cluster should include a minimum of 3 control plane nodes and a number of data nodes able to provide the same resource mentioned above.
Kubernetes Cluster
-
SD Elements may be deployed in a new or existing Kubernetes cluster.
-
SD Elements may be deployed in a cloud or on-premise environment.
-
The officially-supported Kubernetes platforms are AWS Elastic Kubernetes Service (EKS) and Red Hat Openshift.
-
While any Kubernetes platform may be used, only those listed above are guaranteed to be warrantied. Support and troubleshooting on all others will be provided on a best effort basis.
-
See the Tested Versions table for the supported versions of these platforms.
-
Access & Permissions
| VM Environment | Container Environment |
|---|---|
|
|
Shared Object Storage
SD Elements shares files internally among its microservices. When you install or upgrade SD Elements, you will need to configure Shared Object Storage to facilitate API object storage.
Tested Versions
The table below contains versions of SD Elements that are deployable on corresponding versions of Kubernetes. Where multiple versions are listed, only the most recent is regularly tested with the latest version of SD Elements.
SD Elements Version |
Postgres |
Redis |
RabbitMQ |
Kubernetes |
2024.3 |
|
|
|
|
2024.2 |
|
|
|
|
2024.1 |
|
|
|
|
2023.4 |
|
|
|
|
2023.3 |
|
|
|
|
2023.2 |
|
|
|
|
2023.1 |
|
|
|
|
Compatible Cluster Services
These services have been confirmed to be compatible with SD Elements through active usage in Security Compass' SaaS offering. The table is intended to be a starting point; it does not necessarily represent the only services that can be used.
| Only the services and components provided in the SD Elements Helm chart are verified through routine testing. The services below are not directly tested with SD Elements and therefore cannot be warrantied or supported by SD Elements Support. |
Category |
Services |
Ingress Controller |
|
Monitoring |
|
Alerting |
|
Application Performance Monitoring |