This page contains instructions for deploying Khulnasoft Enterprise in a Kubernetes cluster, using the Helm package manager.
Refer to the Khulnasoft Enterprise product documentation for the broader context: Kubernetes with Helm Charts.
- Overview
- Deployment instructions
- Quick-start deployment (not for production purposes)
- Issues and feedback
This repository includes the following charts; they can be deployed separately:
| Chart | Description | Latest Chart Version |
|---|---|---|
| Server | Deploys the Console, Database, and Gateway components; optionally deploys Envoy component | 2022.4.20 |
| Enforcer | Deploys the Khulnasoft Enforcer daemonset | 2022.4.16 |
| Scanner | Deploys the Khulnasoft Scanner deployment | 2022.4.6 |
| KubeEnforcer | Deploys Khulnasoft KubeEnforcer | 2022.4.32 |
| Gateway | Deploys the Khulnasoft Standalone Gateway | 2022.4.12 |
| Tenant-Manager | Deploys the Khulnasoft Tenant Manager | 2022.4.0 |
| Cyber Center | Deploys Khulnasoft CyberCenter offline for air-gap environment | 2022.4.2 |
| Cloud Connector | Deploys the Khulnasoft Cloud Connector | 2022.4.4 |
| QuickStart | Not for production use (see below). Deploys the Console, Database, Gateway and KubeEnforcer components | 2022.4.1 |
| Codesec-Agent | Argon Broker Deployment | 1.2.6 |
Khulnasoft Enterprise deployments include the following components:
- Server (Console, Database, and Gateway)
- Enforcer
- KubeEnforcer
- Scanner (Optional)
Follow the steps in this section for production-grade deployments. You can either clone the khulnasoft-helm git repo or you can add our Helm private repository (https://helm.khulnasoft.com).
- Add the Khulnasoft Helm repository to your local Helm repos by executing the following command:
helm repo add khulnasoft-helm https://helm.khulnasoft.com
helm repo update- Search for all components of the latest version in our Khulnasoft Helm repository
helm search khulnasoft-helm
# Examples
helm search khulnasoft-helm --versions
helm search khulnasoft-helm --version 2022.4helm search repo khulnasoft-helm
# Examples
helm search repo khulnasoft-helm --versions
helm search repo khulnasoft-helm --version 2022.4Example output:
NAME CHART VERSION APP VERSION DESCRIPTION
khulnasoft-helm/codesec-agent 1.2.3 2022.4 A Helm chart for the Argon Broker Deployment
khulnasoft-helm/cloud-connector 2022.4.4 2022.4 A Helm chart for Khulnasoft Cloud-Connector
khulnasoft-helm/cyber-center 2022.4.2 2022.4 A Helm chart for Khulnasoft CyberCenter
khulnasoft-helm/enforcer 2022.4.16 2022.4 A Helm chart for the Khulnasoft Enforcer
khulnasoft-helm/kube-enforcer 2022.4.32 2022.4 A Helm chart for the Khulnasoft KubeEnforcer Starboard
khulnasoft-helm/gateway 2022.4.12 2022.4 A Helm chart for the Khulnasoft Gateway
khulnasoft-helm/scanner 2022.4.6 2022.4 A Helm chart for the Khulnasoft Scanner CLI component
khulnasoft-helm/server 2022.4.20 2022.4 A Helm chart for the Khulnasoft Console components
khulnasoft-helm/tenant-manager 2022.4.1 2022.4 A Helm chart for the Khulnasoft Tenant Manager
-
Add Khulnasoft Helm Repository
helm repo add khulnasoft-helm https://helm.khulnasoft.com helm repo updateCheck for available chart versions either from Changelog or by running the below command.
helm search repo khulnasoft-helm/enforcer --versionsCreate the
khulnasoftnamespace.kubectl create namespace khulnasoft
Create
khulnasoft-registrysecretkubectl create secret docker-registry khulnasoft-registry-secret \ --docker-server=registry.khulnasoft.com \ --docker-username=$YOUR_REGISTRY_USER \ --docker-password=$YOUR_REGISTRY_PASSWORD \ -n khulnasoft -
Deploy the Server chart.
helm upgrade --install --namespace khulnasoft khulnasoft khulnasoft-helm/server --version $VERSION \ --set imageCredentials.create=false \ --set global.platform=$PLATFORM -
Deploy the Enforcer chart.
helm upgrade --install --namespace khulnasoft khulnasoft-enforcer khulnasoft-helm/enforcer --version $VERSION \ --set imageCredentials.create=false \ --set global.platform=$PLATFORM -
Deploy the KubeEnforcer chart.
helm upgrade --install --namespace khulnasoft kube-enforcer khulnasoft-helm/kube-enforcer --version $VERSION \ --set global.platform=$PLATFORM \ --set certsSecret.autoGenerate=true -
(Optional) Deploy the Scanner chart.
helm upgrade --install --namespace khulnasoft scanner khulnasoft-helm/scanner --version $VERSION \ --set user=$KHULNASOFT_CONSOLE_USERNAME \ --set password=$KHULNASOFT_CONSOLE_PASSWORD -
Gateway is Deployed by default with Server chart, advanced Gateway Deployment options can be found Here.
-
(Optional) Deploy the TenantManager chart.
helm upgrade --install --namespace khulnasoft tenant-manager khulnasoft-helm/tenant-manager --version $VERSION \ --set platform=$PLATFORM -
(Optional) Deploy the Cyber-Center chart.
helm upgrade --install --namespace khulnasoft khulnasoft-cyber-center khulnasoft-helm/cyber-center --version $VERSION \ --set imageCredentials.create=false -
(Optional) Deploy the Cloud-Connector chart.
helm upgrade --install --namespace khulnasoft khulnasoft-cloud-connector khulnasoft-helm/cloud-connector --version $VERSION \ --set userCreds.username=$KHULNASOFT_CONSOLE_USERNAME \ --set userCreds.password=$KHULNASOFT_CONSOLE_PASSWORD \ --set authType.tokenAuth=false \ --set authType.userCreds=true -
Access the Khulnasoft UI in browser with {{ .Release.Name }}-console-svc service and port, to check the service details:
kubectl get svc -n khulnasoft
- Example:
- http://< Console IP/DNS >:8080* (default access without SSL) or
- https://< Console IP/DNS >:443* (If SSL configured to console component in server chart)
- Example:
This section not all-inclusive. It describes some common issues that we have encountered during deployments.
- Error message: UPGRADE/INSTALL FAILED, configmaps is forbidden.
- Example:
Error: UPGRADE FAILED: configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list configmaps in the namespace "kube-system"- Solution: Create a service account for Tiller to utilize.
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init --service-account tiller --upgrade- Error message: No persistent volumes available for this claim and no storage class is set.
- Solution: Most managed Kubernetes deployments do NOT include all possible storage provider variations at setup time. Refer to the official Kubernetes guidance on storage classes for your platform. For more information see the storage documentation.
- Error message: When executing
kubectl get events -n khulnasoftyou might encounter either No persistent volumes available for this claim and no storage class is set or PersistentVolumeClaim is not bound. - Solution: If you encounter either of these errors, you need to create a persistent volume prior to chart deployment with a generic or existing storage class. Specify
db.persistence.storageClassin the values.yaml file. A sample file usingkhulnasoft-storageis included in the repo.
kubectl apply -f pv-example.yamlQuick-start deployments are fast and easy. They are intended for deploying Khulnasoft Enterprise for non-production purposes, such as proofs-of-concept (POCs) and environments intended for instruction, development, and test.
Use the khulnasoft-quickstart chart to
- Clone the GitHub repository
git clone https://github.com/khulnasoft/khulnasoft-helm.git
cd khulnasoft-helm/- Create the
khulnasoftnamespace.
kubectl create namespace khulnasoft- Deploy khulnasoft-quickstart chart
helm upgrade --install --namespace khulnasoft khulnasoft ./khulnasoft-quickstart --set imageCredentials.username=<>,imageCredentials.password=<>If you encounter any problems or would like to give us feedback on deployments, we encourage you to raise issues here on GitHub.