global:
imageRegistry: repository.securitycompass.com
imageRegistryFormat: "%s/sde-docker-%s/%s/%s:%s"
imageOrganization: prod
imageSource: sdeRequirements
Table of Contents
Security Compass Artifact Store
As of SD Elements 2023.1 (April 2023), the SD Elements Helm chart and images are delivered through a new artifact store, repository.securitycompass.com
If the SD Elements deployment environment requires network restrictions ensure the repository.securitycompass.com hostname of the new artifact store is allowed and is accessible from within the Kubernetes cluster.
For customers with existing SD Elements instances pulling images directly from the Security Compass artifact store ensure the custom values file has not overwritten these values before attempting an upgrade. Skip this step if these values have not previously been set (i.e., SD Elements was deployed using the respective defaults).
SD Elements Service Accounts
An SD Elements service account is used to access our Helm chart repository and Docker registry. These credentials are provided by the Security Compass support team: sdesupport@securitycompass.com.
Add the sdelements/sde repo using the helm repo add command.
$ helm repo add sdelements https://repository.securitycompass.com/artifactory/sde-helm-prod \
--username ${SERVICE_USERNAME} --password ${SERVICE_PASSWORD}
"sdelements" has been added to your repositories$ helm search repo sdelements
NAME CHART VERSION APP VERSION DESCRIPTION
sdelements/sde [SDE_VERSION] [SDE_VERSION] SDElements by Security Compass Ltd.Software
There are a variety of methods of orchestrating a containerized application, and platforms which support this. SD Elements requires the following:
-
Helm >= 3.10.0, preferably latest
-
A platform which supports deploying containers using Helm
-
If using Kubernetes, you must use a kubectl version that is within one minor version difference of your cluster. For example, a v1.30 client can communicate with v1.29, v1.30, and v1.31 control planes. Using the latest compatible version of kubectl helps avoid unforeseen issues. See this link for the official documentation on the matter.
-
A storage provider with support for the
ReadWriteOnlyKubernetes storage modeStarting with the SD Elements 2022.3 release, the ReadWriteManystorage mode being replaced withReadWriteOnly. Existing deployments will need it until they get upgraded to version 2022.3. A kubernetes based storage is required forReadWriteOnly. -
An ingress controller or load balancer that allows external clients to reach the SD Elements web deployment, and the ability to deploy SD Elements within such an environment. For proper configuration, consult the documentation for the solution that you selected for your environment.
-
Name resolution both within the Kubernetes cluster and for endpoints outside of it. This may be accomplished with an open-source CNI (Container Network Interface) plugin, or if using a cloud Kubernetes environment its native name resolution system.
Hardware
The requirements below are the minimal node compute resources that should be able to support both Kubernetes and SD Elements.
-
Cloud platforms that support Kubernetes will configure and manage the Kubernetes control plane, leaving the data plane resources as configurable. The total amount of resources available for a default installation of SD Elements should be the equivalent of at least 4 vCPUs, 16GB memory, and 100GB of block storage.
-
For bare metal Kubernetes clusters, those where both the control plane and data plane are managed by the administrators who will deploy SD Elements, the cluster should consist of at least 3 control plane nodes, and 5 data plane nodes each using 4 vCPUs and 8GB RAM.
Kubernetes Cluster
-
SD Elements may be deployed in a new or existing Kubernetes cluster.
-
SD Elements may be deployed in a cloud or on-premise environment.
-
The officially-supported Kubernetes platforms are AWS Elastic Kubernetes Service (EKS) and Red Hat Openshift.
-
While any Kubernetes platform may be used, only those listed above are guaranteed to be warrantied. Support and troubleshooting on all others will be provided on a best effort basis.
-
See the Tested Versions table for the supported versions of these platforms.
-
Access & Permissions
| VM Environment | Container Environment |
|---|---|
|
|
Shared Object Storage
SD Elements shares files internally among its microservices. When you install or upgrade SD Elements, you will need to configure Shared Object Storage to facilitate API object storage.
Tested Versions
The table below contains versions of SD Elements that are deployable on corresponding versions of Kubernetes. Where multiple versions are listed, only the most recent is regularly tested with the latest version of SD Elements.
SD Elements Version |
Postgres |
Redis |
RabbitMQ |
Kubernetes |
2024.3 |
|
|
|
|
2024.2 |
|
|
|
|
2024.1 |
|
|
|
|
2023.4 |
|
|
|
|
2023.3 |
|
|
|
|
2023.2 |
|
|
|
|
2023.1 |
|
|
|
|
Compatible Cluster Services
These services have been confirmed to be compatible with SD Elements through active usage in Security Compass' SaaS offering. The table is intended to be a starting point; it does not necessarily represent the only services that can be used.
| Only the services and components provided in the SD Elements Helm chart are verified through routine testing. The services below are not directly tested with SD Elements and therefore cannot be warrantied or supported by SD Elements Support. |
Category |
Services |
Ingress Controller |
|
Monitoring |
|
Alerting |
|
Application Performance Monitoring |