Version: v2.1

Kubernetes Installation

You can install the Management Console on a single Docker host or in a dedicated Kubernetes cluster.

Install the ThreatMapper Management Console

The following instructions explain how to install the ThreatMapper console on a Kubernetes Cluster, and configure external access to the Console.

Configure Persistent Volume:
Cloud Managed
If the Kubernetes cluster is hosted in a cloud provider, it is recommended to use cloud managed storage
```
kubectl get storageclass
```
Cloud Provider Storage Class
AWS gp3 (https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html)
GCP standard
Self-Managed: OpenEBS
```
helm repo add openebs https://openebs.github.io/charts
helm install openebs --namespace openebs openebs/openebs --create-namespace
```
... and wait (-w) for the openebs pods to start up:
```
kubectl get pods -o wide --namespace openebs -w
```
The Storage Class will now be openebs-hostpath
Install the metrics server (optional)
If the metrics server is not already installed (kubectl get deployment metrics-server -n kube-system), install as follows:
```
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
```

Cloud Provider	Storage Class
AWS	gp3 (https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html)
GCP	standard

Install the ThreatMapper Console

helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper
helm repo update

# helm show values deepfence/deepfence-console --version 2.1.3 | less

helm install deepfence-console deepfence/deepfence-console \
--set global.imageTag=2.1.1 \
--set global.storageClass=gp3 \
--namespace deepfence-console \
--create-namespace \
--version 2.1.3

... and wait for the pods to start up:

kubectl get pods --namespace deepfence-console -o wide -w

Enable external access with the deepfence-router helm chart:

Deploy deepfence-router:

# helm show values deepfence/deepfence-router --version 2.1.1

helm install deepfence-router deepfence/deepfence-router \
--namespace deepfence-console \
--create-namespace \
--version 2.1.1

... and wait for the cloud platform to deploy an external load-balancer:

kubectl get svc -w deepfence-console-router --namespace deepfence-console

Now proceed to the Initial Configuration.

Fine-tune the Helm deployment

Console Helm Chart

helm show values deepfence/deepfence-console --version 2.1.3 > deepfence_console_values.yaml

# Make the changes in this file and save
vim deepfence_console_values.yaml

helm install -f deepfence_console_values.yaml deepfence-console deepfence/deepfence-console \
    --namespace deepfence-console \
    --create-namespace \
    --version 2.1.3

Router Helm Chart

helm show values deepfence/deepfence-router --version 2.1.1 > deepfence_router_values.yaml

# Make the changes in this file and save
vim deepfence_router_values.yaml

helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router \
    --namespace deepfence-console \
    --create-namespace \
    --version 2.1.1

Delete the ThreatMapper Management Console

To delete the ThreatMapper Management Console

helm delete deepfence-router -n deepfence-console
helm delete deepfence-console -n deepfence-console

Kubernetes Installation

Install the ThreatMapper Management Console​

Cloud Managed​

Self-Managed: OpenEBS​

Fine-tune the Helm deployment​

Console Helm Chart​

Router Helm Chart​

Delete the ThreatMapper Management Console​

Install the ThreatMapper Management Console

Cloud Managed

Self-Managed: OpenEBS

Fine-tune the Helm deployment

Console Helm Chart

Router Helm Chart

Delete the ThreatMapper Management Console