Requirements

SD Elements Service Accounts

An SD Elements service account is used to access our Helm chart repository and Docker registry. These credentials are provided by the Security Compass support team: sdesupport@securitycompass.com.

Add the sdelements/sde repo using the helm repo add command.

$ helm repo add sdelements https://repository.securitycompass.com/artifactory/sde-helm-prod \
    --username ${SERVICE_USERNAME} --password ${SERVICE_PASSWORD}
"sdelements" has been added to your repositories
$ helm search repo sdelements
NAME                            CHART VERSION   APP VERSION     DESCRIPTION
sdelements/sde                  [SDE_VERSION]   [SDE_VERSION]   SDElements by Security Compass Ltd.

Software

There are a variety of methods of orchestrating a containerized application, and platforms which support this. SD Elements requires the following:

  • Helm >= 3.10.0, preferably latest

  • A platform which supports deploying containers using Helm

  • If using Kubernetes, you must use a kubectl version that is within one minor version difference of your cluster. For example, a v1.30 client can communicate with v1.29, v1.30, and v1.31 control planes. Using the latest compatible version of kubectl helps avoid unforeseen issues. See this link for the official documentation on the matter.

  • A storage provider with support for the ReadWriteOnly Kubernetes storage mode

    Starting with the SD Elements 2022.3 release, the ReadWriteMany storage mode being replaced with ReadWriteOnly. Existing deployments will need it until they get upgraded to version 2022.3. A kubernetes based storage is required for ReadWriteOnly.

  • An ingress controller or load balancer that allows external clients to reach the SD Elements web deployment, and the ability to deploy SD Elements within such an environment. For proper configuration, consult the documentation for the solution that you selected for your environment.

  • Name resolution both within the Kubernetes cluster and for endpoints outside of it. This may be accomplished with an open-source CNI (Container Network Interface) plugin, or if using a cloud Kubernetes environment its native name resolution system.

Hardware

The requirements below are the minimal node compute resources that should be able to support both Kubernetes and SD Elements.

  • Cloud platforms that support Kubernetes will configure and manage the Kubernetes control plane, leaving the data plane resources as configurable. The total amount of resources for SD Elements should be the equivalent of no less than 1 vCPUs and 4GB RAM, as well as EBS/Block storage is for ReadWriteOnly storage mode.

  • For bare metal Kubernetes clusters, those where both the control plane and data plane are managed by the administrators who will deploy SD Elements, the cluster should consist of at least 3 control plane nodes, and 5 data plane nodes each using 4 vCPUs and 8GB RAM.

Kubernetes Cluster

  • SD Elements may be deployed in a new or existing Kubernetes cluster.

  • SD Elements may be deployed in a cloud or on-premise environment.

  • The officially-supported Kubernetes platforms are AWS Elastic Kubernetes Service (EKS) and Red Hat Openshift.

    • While any Kubernetes platform may be used, only those listed above are guaranteed to be warrantied. Support and troubleshooting on all others will be provided on a best effort basis.

    • See the Tested Versions table for the supported versions of these platforms.

Access & Permissions

VM Environment Container Environment

  • SSH access to the instance

  • Permission elevation to root user

  • Backup creation and retrieval

  • Container environment:

    • Write access for the infrastructure provider of choice. If an existing Kubernetes cluster will be used, full access may not be needed.

  • Kubernetes cluster:

    • Write access for the namespace to which SD Elements will be deployed

Shared Object Storage

SD Elements shares files internally among its microservices. When you install or upgrade SD Elements, you will need to configure Shared Object Storage to facilitate API object storage.

Tested Versions

The table below contains versions of SD Elements that are deployable on corresponding versions of Kubernetes. While all listed versions should work, those emphasized in bold and italics represent deployments verified by QA.

SD Elements VersionMicrok8s VersionEKS VersionOpenShift Version
5.12.291.18
1.19
1.20
1.21
1.18
5.13.381.18
1.19
1.20
1.21
1.18
5.14.171.18
1.19
1.20
1.21
1.18
5.15.171.18
1.19
1.20
1.21
1.18
5.16.251.18
1.19
1.20
1.21
1.18
1.19
5.17.191.18
1.19
1.20
1.21
1.18
1.19
5.18.241.18
1.19
1.20
1.21
1.18
1.19
5.19.211.18
1.19
1.20
1.21
1.18
1.19
5.20.191.18
1.19
1.20
1.21
1.18
1.19
1.20
2022.2.XX1.18
1.19
1.20
1.21
1.18
1.19
1.20
1.21		4.8
2022.3.XX1.21
1.22
1.20
1.21
1.22		4.8
2022.4.XX1.21
1.22
1.23
1.20
1.21
1.22
1.23		4.9
2023.1.XX1.22
1.23
1.24
1.25
1.26
1.234.11
2023.2.XX1.22
1.23
1.24
1.25
1.26
1.234.11
2023.3.XX1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.244.12
2023.4.XX1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.254.12
2024.1.XX1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.264.12

results matching ""

    No results matching ""