Install with Helm
What is Helm?
Helm is a package manager that gathers in one file named Chart, all Kubernetes' resources that make up an application. For more information, access Helm’s documentation.
This installation is for you to use Horusec’s web application together with your Kubernetes' cluster with Helm.
Requirements
Check out the requirements in the Set up section.
Horusec Helm Charts
Horusec’s web application solution has 8 different services.
The commands in this guide use Helm Charts included in the Horusec’s release package for each service, see them below:
Configuration
Before start the Horusec’s web application service installation, you have to configure:
1. Data storage and message-broker
Before you start the configuration:
-
Install PostgreSQL and RabbitMQ using Bitnami’s Helm Charts, for a quick start in non-productive environments.
-
If you already have available connections with
PostgreSQLandRabbitMQ, just follow your credentials configuration and inform the addresses of these connections in the variables during Horusec’s services installation.
Follow the steps to configure Horusec Helm Charts:
Step 1. Create the namespace horusec-system for Horusec’s components (if you have already done it, go to next step):
kubectl create namespace horusec-system
Step 2. Add the Bitnami’s Chart repository and install what you need:
# add a chart repository and make sure you get the latest list of charts
helm repo add bitnami https://charts.bitnami.com/bitnami && helm repo update
# install the RabbitMQ chart
helm install rabbitmq bitnami/rabbitmq -n horusec-system
# for demonstration purposes, we're using a single instance of PostgreSQL with multiple databases
helm install postgresql bitnami/postgresql -n horusec-system -f - <<EOF
initdbScripts:
userdata.sql: |
create database horusec_db;
create database analytic_db;
EOF
2. Sensitive data configuration
Configure the sensitive data, follow the next steps:
Step 1: Create horusec-system namespace for the Horusec’s components:
kubectl create namespace horusec-system
Step 2: The services make this solution use Kubernetes' Secrets to manage sensitive data like passwords, oAuth tokens and SSH keys. You have to configure some Secrets before starting the installation.
If you have already installed PostgreSQL and RabbitMQ with Bitnami’s Charts, now you have to get its crendentials:
export POSTGRES_USERNAME="postgres"
export POSTGRES_PASSWORD=$(kubectl get secret --namespace horusec-system postgresql -o jsonpath="{.data.postgres-password}" | base64 --decode)
export RABBITMQ_USERNAME="user"
export RABBITMQ_PASSWORD=$(kubectl get secret --namespace horusec-system rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode)
export JWT_SECRET="4ff42f67-5929-fc52-65f1-3afc77ad86d5"
If your postgres helm chart is in a version < 11.0.0, the password export must be done as follows:
export POSTGRES_PASSWORD=$(kubectl get secret --namespace horusec-system postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)
Step 3: Create Kubernetes' Secrets:
kubectl create secret generic horusec-database --from-literal=username=$POSTGRES_USERNAME --from-literal=password=$POSTGRES_PASSWORD --namespace horusec-system
kubectl create secret generic horusec-broker --from-literal=username=$RABBITMQ_USERNAME --from-literal=password=$RABBITMQ_PASSWORD --namespace horusec-system
kubectl create secret generic horusec-jwt --from-literal=jwt-token=$JWT_SECRET --namespace horusec-system
Horusec’s services installation
- Go to the Horusec release page to download the Helm chart and extract the release automatically (Linux or macOS):
export HORUSEC_VERSION=2.16.2
curl -fsLo horusec-platform-${HORUSEC_VERSION}.zip https://github.com/ZupIT/horusec-platform/archive/refs/tags/v${HORUSEC_VERSION}.zip
unzip horusec-platform-${HORUSEC_VERSION}.zip horusec-platform-${HORUSEC_VERSION}/deployments/helm/horusec-platform/*
rm horusec-platform-${HORUSEC_VERSION}.zip
- Install Horusec Platform chart, it deploys all the components you select:
helm install horusec horusec-platform-${HORUSEC_VERSION}/deployments/helm/horusec-platform -n horusec-system
Access Horusec Helm Charts
After all the services are installed and running in your enviroment, you can access the graphic interface through the Horusec-Manager service link.
- The Charts default behaviour is to create an Ingress with an input rule, routing the HTTP traffic to your service based on a specific host. Use Ingress Controller to manage the external access to your Kubernetes' cluster services:
kubectl -n horusec-system get ingresses horusec -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
In some environments, the load balancer can be exposed using a host name instead an IP address. When this happen, use jsonpath like the example below:
kubectl -n horusec-system get ingresses horusec -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
- The easiest way to access these addresses without the DNS configuration is to add them to the Host files in your machine. For example:
export INGRESS_HOST=$(kubectl -n horusec-system get ingresses horusec -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "$INGRESS_HOST core.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST manager.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST messages.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST vulnerability.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST webhook.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST analytic.local" | sudo tee -a /etc/hosts
echo "$INGRESS_HOST api.local" | sudo tee -a /etc/hosts
- Now, access Horusec’s Manager URL: http://manager.local/
For test cases, Horusec offers a default e-mail and a password for you to access the platform, check out:
email: dev@example.com
password: Devpass0*
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.