Install with Helm

In this section, you will find how to install Horusec web application in your Kubernetes cluster using Helm.

What is Helm?

Helm is a package manager that gathers in one file named Chart, all Kubernetes' resources that make up an application. For more information, access Helm’s documentation.

This installation is for you to use Horusec’s web application together with your Kubernetes' cluster with Helm.


Check out the requirements in the Set up section.

Horusec Helm Charts

Horusec’s web application solution has 8 different services.

The commands in this guide use Helm Charts included in the Horusec’s release package for each service, see them below:

  1. Core
  2. Analytic
  3. API
  4. Auth
  5. Manager
  6. Messages
  7. Webhook
  8. Vulnerability


Before start the Horusec’s web application service installation, you have to configure:

1. Data storage and message-broker

Follow the steps to configure Horusec Helm Charts:

Step 1. Create the namespace horusec-system for Horusec’s components (if you have already done it, go to next step):

kubectl create namespace horusec-system

Step 2. Add the Bitnami’s Chart repository and install what you need:

# add a chart repository and make sure you get the latest list of charts
helm repo add bitnami && helm repo update

# install the RabbitMQ chart
helm install rabbitmq bitnami/rabbitmq -n horusec-system

# for demonstration purposes, we're using a single instance of PostgreSQL with multiple databases
helm install postgresql bitnami/postgresql -n horusec-system -f - <<EOF
  userdata.sql: |
    create database horusec_db;
    create database analytic_db;

2. Sensitive data configuration

Configure the sensitive data, follow the next steps:

Step 1: Create horusec-system namespace for the Horusec’s components:

kubectl create namespace horusec-system

Step 2: The services make this solution use Kubernetes' Secrets to manage sensitive data like passwords, oAuth tokens and SSH keys. You have to configure some Secrets before starting the installation.

Step 3: Create Kubernetes' Secrets:

kubectl create secret generic horusec-database --from-literal=username=$POSTGRES_USERNAME --from-literal=password=$POSTGRES_PASSWORD --namespace horusec-system

kubectl create secret generic horusec-broker --from-literal=username=$RABBITMQ_USERNAME --from-literal=password=$RABBITMQ_PASSWORD --namespace horusec-system

kubectl create secret generic horusec-jwt --from-literal=jwt-token=$JWT_SECRET --namespace horusec-system

Horusec’s services installation

  • Go to the Horusec release page to download the Helm chart and extract the release automatically (Linux or macOS):
export HORUSEC_VERSION=2.16.2

curl -fsLo horusec-platform-${HORUSEC_VERSION}.zip${HORUSEC_VERSION}.zip
unzip horusec-platform-${HORUSEC_VERSION}.zip horusec-platform-${HORUSEC_VERSION}/deployments/helm/horusec-platform/*
rm horusec-platform-${HORUSEC_VERSION}.zip
  • Install Horusec Platform chart, it deploys all the components you select:
helm install horusec horusec-platform-${HORUSEC_VERSION}/deployments/helm/horusec-platform -n horusec-system

Access Horusec Helm Charts

After all the services are installed and running in your enviroment, you can access the graphic interface through the Horusec-Manager service link.

  • The Charts default behaviour is to create an Ingress with an input rule, routing the HTTP traffic to your service based on a specific host. Use Ingress Controller to manage the external access to your Kubernetes' cluster services:
kubectl -n horusec-system get ingresses horusec -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
  • The easiest way to access these addresses without the DNS configuration is to add them to the Host files in your machine. For example:
export INGRESS_HOST=$(kubectl -n horusec-system get ingresses horusec -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

echo "$INGRESS_HOST core.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST manager.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST messages.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST vulnerability.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST webhook.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST analytic.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST api.local" | sudo tee -a /etc/hosts