Kubernetes

Prerequisites

To deploy and use Defguard on your cluster, you'll need:

A Kubernetes cluster
Kubernetes CLI kubectl installed on your machine
Helm binary

The Helm charts currently support only Traefik ingress – which is relevant and affects exposing gRPC services (see below)

Kubernetes configuration can be found in the git repository.

Deployment

Add Defguard Helm chart repository:

helm repo add defguard https://defguard.github.io/deployment

In Kubernetes cluster, create a namespace for Defguard:

kubectl create namespace defguard

Examine available values for the Helm chart:

helm show values defguard/defguard

To set some values, either crate a file named values.yaml, or use --set option for helm command.

If use other ingress controller than Traefik, the configuration for gRPC ingresses (which use HTTP/2) may need to be adjusted accordingly.

Install the Helm chart in the namespace:

helm install --wait=true --namespace defguard defguard defguard -f values.yaml

Defguard Edge

If you want to deploy Defguard Edge service along with your Defguard instance, you also need to configure values related to the defguard-proxysubchart:

defguard-proxy.enabled: enable the enrollment service
proxyUrl: proxy gRPC endpoint URL (based on defguard-proxy.ingress.grpc.host)
defguard-proxy.publicUrl: public URL of the enrollment service
defguard-proxy.ingress.web.host: enrollment service web ingress address (the enrollment website)
defguard-proxy.ingress.grpc.host: enrollment service gRPC ingress address (for communicating with core)

Defguard Gateway

If you want to deploy Defguard Gateway service along with your Defguard instance, you need to configure values related to the defguard-gateway subchart:

defguard-gateway.enabled: enable the VPN gateway service

PreviousDocker Compose NextTerraform

Was this helpful?