Install Deepfactor K8s webhook on EKS Fargate

Introduction #

This document is a guide for installing the Deepfactor admission webhook in your AWS EKS cluster running on AWS Fargate via helm charts. Please ensure you have the required prerequisites for installing the Deepfactor webhook specified in the following article.

Prerequisites for installing Deepfactor Mutating Admission webhook

A Fargate EKS cluster can be created either by using CLI, UI, or eksctl command line tool as follows.

eksctl create cluster --name my-cluster --region AWS_REGION --fargate

 

Create Fargate Profile For Deepfactor webhook #

Create a fargate profile for the df-webhook namespace into which the Deepfactor webhook will be deployed using the command below

eksctl create fargateprofile \
      --cluster my-cluster \
      --name my-fargate-profile-name \
      --namespace df-webhook \
      --region AWS_REGION \
      --labels key=value

 

Install Deepfactor Mutating Webhook #

Follow the instructions provided in the following document to install and configure the Deepfactor webhook.

Install Deepfactor Mutating Webhook

If you choose to manage certificates using cert-manager, please use the following command to install the webhook. cert-manager uses port 10250 by default and since AWS Fargate kubelet also uses the same port, you will need to use a different port for cert manager by providing an override value in the helm upgrade command.

export HELM_RELEASE_NAME=df-webhook-stable
export HELM_RELEASE_NAMESPACE=df-webhook
helm upgrade --install $HELM_RELEASE_NAME -n $HELM_RELEASE_NAMESPACE deepfactor/webhook \
--set clusterName=CLUSTER_NAME_OF_YOUR_CHOICE --create-namespace -f webhook-override.yaml --set cert-manager.webhook.securePort=10260

 

If you choose to manually generate the certificate using the scripts provided in the above document, please use the following command to install the webhook.

export HELM_RELEASE_NAME=df-webhook-stable
export HELM_RELEASE_NAMESPACE=df-webhook
helm upgrade --install $HELM_RELEASE_NAME -n $HELM_RELEASE_NAMESPACE deepfactor/webhook \
      --set-file=webhook.ca.crt=webhook-certs/ca.crt \
      --set-file=webhook.tls.crt=webhook-certs/tls.crt \
      --set-file=webhook.tls.key=webhook-certs/tls.key \
      --create-namespace -f webhook-override.yaml \
      --set clusterName=CLUSTER_NAME_OF_YOUR_CHOICE
Was this article helpful?

Powered by BetterDocs

Deepfactor Icon

Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing.

Product Pricing Resources Company Documentation Login Request a Quote Demo

SUBSCRIBE TO OUR NEWSLETTER!

Sign Up

© 2023 Deepfactor, Inc. All Rights Reserved.

Privacy Policy | Terms of Service | Open Source Disclosure