Deploy SD Elements using Helm

This page contains information about common helm tasks. More information can also be found on the Requirements page.

For information on OpenShift configuration, see Advanced Configuration

Confirm the functionality of the Kubernetes cluster

All nodes should be 'Ready'.

sde$ kubectl get nodes
NAME      STATUS   ROLES                  AGE   VERSION
master1   Ready    control-plane,master   23h   v1.21.0
master2   Ready    control-plane,master   23h   v1.21.0
master3   Ready    control-plane,master   23h   v1.21.0
worker1   Ready    <none>                 23h   v1.21.0
worker2   Ready    <none>                 23h   v1.21.0
worker3   Ready    <none>                 23h   v1.21.0

Deploy SD Elements

Prerequisites:

  • Verify your installation prerequisites using a checklist like the following:

Sr No Prerequisite Item Verified Example Variable

1

SDE version to install

Yes/No

SDE_VERSION

2

The Helm release name for the SDE installation

Yes/No

RELEASE_NAME

3

Service account credentials

Yes/No

SERVICE_USERNAME/SERVICE_PASSWORD

4

Shared Object Storage configured (e.g. AWS S3) (See Shared Object Storage)

Yes/No

BUCKET_NAME/S3_REGION/S3_ACCESS_KEY/S3_SECRET_KEY

5

DNS service installed and configured

Yes/No

N/A
Nginx is the ingress controller used to test deployment compatibility among versions of SD Elements and EKS. Your deployment may use a different ingress controller.
See Tested Versions for Kubernetes versions compatible with the SD Elements installation.
Steps:

  1. Create a file values.custom.yaml with the following content:

global:
  imageRegistryUsername: <SERVICE_USERNAME>
  imageRegistryPassword: <SERVICE_PASSWORD>
  sharedStorage:
    bucketName: <BUCKET_NAME>
    s3Url: https://s3.<S3_REGION>.amazonaws.com
    s3AccessKey: <S3_ACCESS_KEY>
    s3SecretKey: <S3_SECRET_KEY>
sde:
  jwtSecret: your-jwt-secret
  secretKey: your-secret-key
  superuserPassword: your-superuser-password
sc-database:
  clientPassword: your-database-password
sc-datastore:
  clientPassword: your-datastore-password
sc-broker:
  clientPassword: your-broker-password
Replace any remaining passwords and secrets with random strings unique for your installation. Manage these secrets like any software that requires version control.
Such keys and passwords encrypt or otherwise protect assets within your application. Subsequent changes to them could have potentially negative consequences, including SD Elements becoming unable to decrypt data. For a list of those items that should not be changed, please see Additional Information.

  1. Add the SD Elements Helm Repository

$ helm repo add sdelements https://repository.securitycompass.com/artifactory/sde-helm-prod \
  --username <SERVICE_USERNAME> \
  --password <SERVICE_PASSWORD>

  1. Install the SD Elements chart

Note: RELEASE_NAME is an example, replace it with an appropriate name for this deployment

$ helm install RELEASE_NAME sdelements/sde --version <SDE_VERSION> --values values.custom.yaml

Confirm the helm chart has been installed

$ helm list
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
RELEASE_NAME    default         1               2023-03-22 17:22:18.453487279 -0400 EDT deployed        sde-2023.1.00                   2023.1.00

Validate the state of the pods

Pods associated with scheduled jobs such as integration may also show a status of 'Completed'.

$ kubectl get pods
NAME                                                READY   STATUS         RESTARTS   AGE
RELEASE_NAME-web-7768cbd679-txcw5                   1/1     Running        0          15m
RELEASE_NAME-database-cdd77f87-2qcx7                1/1     Running        0          15m
RELEASE_NAME-broker-545db96954-wjc8t                1/1     Running        0          15m
RELEASE_NAME-mailer-68bd5f8774-nsl5j                1/1     Running        0          15m
RELEASE_NAME-worker-15-sde-medium-fb9bc4dcb-7pgfg   1/1     Running        0          15m
RELEASE_NAME-worker-17-5454776c46-4c44n             1/1     Running        0          15m
RELEASE_NAME-reporting-78b6c954cc-lcdk2             1/2     Running        0          15m
RELEASE_NAME-data-store-85c47469fb-k76gr            1/1     Running        0          15m
RELEASE_NAME-worker-10-779c76588c-psvhv             1/1     Running        0          15m
RELEASE_NAME-worker-18-sde-low-87fc95ddb-l8nk7      1/1     Running        0          15m

Access SD Elements

It usually takes around 5-10 minutes to deploy SD Elements depending on the cluster performance and download speeds. During this time a custom friendly 503 message will be shown.

Access to SD Elements is completed through its web service and the nginx controller you’ve selected for use can be configured to provide client access to SD Elements (see Requirements).

Upgrade SD Elements

Refer to the section on how to upgrade SD Elements.

Undeploy SD Elements

Kubernetes storage retention policies include Delete, which will delete data from PersistentVolumes if the PersistentVolumeClaim is removed, or Retain, which won’t. To prevent unexpected data loss when uninstalling helm charts, be aware of the configured retention policy for your PersistentVolume or StorageClass.
Steps:

  1. Get a list of deployed charts (installed releases)

    helm list

  2. Uninstall a release

    helm uninstall <RELEASE_NAME>

SD Elements is no longer deployed.

Additional Information

The following parameters should not be updated by using helm upgrade …​:

Table 1. Static Parameters
Parameter Comments

sde.superuserPassword

Change the superuser password using the SD Elements application

sde.jwtSecret

sde.secretKey

sc-database.clientPassword

Also requires changing within the database using \password

results matching ""

    No results matching ""