Deepfactor provides several ways of deploying the Deepfactor Portal on-premises.
The following article describes how to deploy the Deepfactor portal in your Kubernetes cluster including Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), Rancher, etc.
This document describes the easiest way to install the portal in a k8s cluster, using a script that configures most of the default settings for you. If you would prefer a more customizable installation that uses a helm chart, follow these instructions instead: Install Deepfactor Portal using Helm.
Please read the following article for prerequisites required for deploying Deepfactor portal in your Kubernetes environment. Please note, if you intend to use self signed certificate, you can generate it during the course of this installation process.
Prerequisites for deploying Deepfactor portal in Kubernetes Cluster
Installing Deepfactor Portal #
Download and run the Deepfactor portal installation interactive script.
bash -c "$(curl -L https://static.deepfactor.io/scripts/public/df-portal/installer/df-portal-installer.sh)"
You will be asked the following parameters during the course of the installation:
|Hostname||Deepfactor Portal will use this hostname. If you choose to provide your own certificate, it should be valid for this hostname. If you choose to generate a self-signed certificate, this value will be set in ‘Common Name’.
Provide hostname for the portal : staging.deepfactor.io
|Certificate||You can choose to generate a self-signed certificate or provide your own.
Do you want to continue with a Self Signed Certificate? [Y/N]?
If you choose ‘N’, you will be prompted to provide the following:
Provide portal key file path : ./my_private_key.pem Provide portal crt file path : ./my_crt.pem Provide portal ca crt file path : ./my_ca_crt.pem
If you choose ‘Y’, the script will download the required files and generate a self-signed certificate for your portal.
|Image Registry||By default, Deepfactor portal images are pulled from public.ecr.aws/deepfactor/.
If you intend to use your own registry, you can provide the registry path. If you are using a registry that requires authentication, then please provide the path of the docker config file.
Provide image registry name if you want to update it, : default (public.ecr.aws/deepfactor/) Provide docker config file path if you want to create image pull secret :
|Portal admin user details||
Provide first name of admin : Provide last name of admin : Provide email for admin : Provide password for admin : Re-enter the admin password :
|TTL in days||This is the number of days for which the telemetry will be retained in the portal DB.Note: The alerts raised will be preserved forever. However, only the telemetry events received from your running applications will be deleted at the end of the TTL period.
Provide TTL days : 180
|Portal Token||You will need to signup on my.deepfactor.io to get this token.
Provide portal token (get it from https://my.deepfactor.io):
|Memory request and limit for a DAST scan pod||When you launch a DAST scan from the portal or Deepfactor API, a job will launch a pod for the scan. The pod will terminate when the scan ends. You can set the memory request and memory limit for this pod. We recommend an 8Gi memory request and a 16Gi memory limit.
Press Enter to use the default values.
Default and Recommended memory request of zap scan is 8Gi, provide a value to update it : Default and Recommended memory limit of zap scan is 16Gi, provide a value to update it :
|Vault configuration||If you use a vault for storing secrets in your Kubernetes cluster, Deepfactor can pull the JWT secret from the vault. Please read Install and use Vault with Deepfactor Portal to learn more.
Enter ‘N’ or press Enter to continue without a vault.
Is vault configured to store secret? [y/N]? : y Provide vault secret path : deepfactor Provide vault role name : deepfactor
Uninstalling Deepfactor Portal #
Run the following command to uninstall the Deepfactor portal.
helm uninstall df-stable --namespace=deepfactor
Delete the postgres and clickhouse pvc to free up the space.
Note: You will lose all the telemetry and alert data.
kubectl get pvc --namespace=deepfactor kubectl delete pvc <postgres-pvc-name> <clickhouse-pvc-name> <archivestore-pvc-name> <symbolsvc-pvc-name> --namespace=deepfactor
kubectl get secrets -n deepfactor kubectl delete secrets regcred deepfactor-certs <ingress-secret-name> -n deepfactor