Install Deepfactor Mutating Webhook

Introduction #

This document provides step by step guide to installing Deepfactor Mutating Admission Controller Webhook via helm charts. Please ensure you have the required prerequisites for installing the Deepfactor webhook specified in the following article.

Prerequisites for installing Deepfactor Mutating Admission webhook

The Deepfactor webhook requires a certificate to communicate with the kube api server. The recommended way to generate this certificate is to use cert-manager. However, if you would like to generate a self-signed certificate manually, you can find the steps to do so in this article

Manually generate certificate for the webhook

Add Deepfactor Helm Repository #

Add Deepfactor Helm Repository using the commands below. If you do not have helm installed, please click here.

helm repo add deepfactor https://static.deepfactor.io/helm-charts
helm repo update

 

Customize webhook-override.yaml #

Store the default webhook config in a file named webhook-override.yaml

helm show values deepfactor/webhook \
| grep -A100 -e '^webhookconfig:' | tee webhook-override.yaml

 

If you do not have cert-manager installed in your kubernetes cluster, please add the following lines in webhook-override.yaml at the root level. As part of the Deepfactor webhook installation, cert-manager will also be installed. If you already have cert manager installed, you can skip adding the following lines in your webhook-override.yaml file.

cert-manager:
  enablemodule: true
  installCRDs: true

 

Update the override.yaml with the following changes

  • Update the dfRunToken value under the webhookconfig section with the run token fetched from the Deepfactor portal UI
  • Add certManager section under webhook
webhook:
  certManager:
    enabled: true
    issuerRef: {}
    # if you have any issuer then you can pass it like this
    # issuerRef:
      # name: df-webhook-issuer
      # kind: ClusterIssuer/Issuer
webhookconfig:
  dfRunToken: "GET_FROM_PORTAL_UI"

 

Install Deepfactor Mutating Admission Webhook #

Now that you have set up your webhook-override.yaml, install the Deepfactor webhook using the command below:

helm upgrade --install df-webhook-stable -n df-webhook deepfactor/webhook \
--set clusterName=CLUSTER_NAME_OF_YOUR_CHOICE --create-namespace -f webhook-override.yaml

 

Please provide a name for this cluster. After successful installation of the webhook, you will be able to view and configure this cluster on the portal UI. To know how to configure the Deepfactor admission webhook, please read the following article:
Configure Deepfactor Kubernetes admission webhook

 

Upgrade Deepfactor Webhook #

helm repo update
helm upgrade --install df-webhook-stable -n df-webhook deepfactor/webhook \
--set clusterName=CLUSTER_NAME_OF_YOUR_CHOICE --create-namespace -f webhook-override.yaml

 

Uninstall Deepfactor Webhook #

helm uninstall df-webhook-stable -n df-webhook

 

Manually generate certificate for the webhook #

We recommend using cert-manager to generate certificates for webhook. However if you would like to generate the certificate manually, please use the below steps

Run the following commands to generate certificate

rm -rf webhook-certs
export HELM_RELEASE_NAME=df-webhook-stable
export HELM_RELEASE_NAMESPACE=df-webhook
bash -c "$(curl -L https://static.deepfactor.io/scripts/public/df-webhook/cert-gen/certgen.sh)"

 

On successful completion, you will find the following three files under the certs directory.

  • ca.crt
  • tls.crt
  • tls.key

Ensure you disable cert manager in the webhook-override.yaml

cert-manager:
  enablemodule: false

 

Also do not add the certManager section under webhook section of the webhook-override.yaml file.

Pass the generated certificates in the helm install command as shown below. Now the webhook will be installed and will use the manually generated certificates.

helm upgrade --install $HELM_RELEASE_NAME -n $HELM_RELEASE_NAMESPACE deepfactor/webhook \
--set-file=webhook.ca.crt=webhook-certs/ca.crt \
--set-file=webhook.tls.crt=webhook-certs/tls.crt \
--set-file=webhook.tls.key=webhook-certs/tls.key \
--create-namespace -f webhook-override.yaml \
--set clusterName=CLUSTER_NAME_OF_YOUR_CHOICE

 

Please provide a name for this cluster. After successful installation of the webhook, you will be able to view and configure this cluster on the portal UI. To know how to configure the Deepfactor admission webhook, please read the following article:
Configure Deepfactor Kubernetes admission webhook

Was this article helpful?

Powered by BetterDocs

Deepfactor Icon

Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing.

Product Pricing Resources Company Documentation Login Request a Quote Demo

SUBSCRIBE TO OUR NEWSLETTER!

Sign Up

© 2023 Deepfactor, Inc. All Rights Reserved.

Privacy Policy | Terms of Service | Open Source Disclosure