Kubernetes
Prerequisites
To deploy and use Defguard on your cluster you'll need:
Kubernetes CLI kubectl installed on your machine
helm binary https://github.com/helm/helm/releases/latest
Our helm charts currently support only Traefik ingress - which is relevant and affects exposing GRPC services (see below ingress.hosts.grpc
).
Deployment
We prepared a git repository with Kubernetes configuration, clone it:
Then create namespace for Defguard on your cluster:
Copy and fill in values file:
Required values (the rest should work if left as-is):
ingress.hosts.grpc
: GRPC ingress address - GRPC clients like defguard gateway, yubi-bridge
If you are configuring your gateway or yubi-bridge - please use this GRPC URL for communication.
If you have other ingress controller than traefik - you need to configure GRPC ingress manualy with corresponding to your setup.
ingress.hosts.web
: Web ingress address - Defguard webapp will be available here.publicUrl
: Public URL your Defguard will be available under. Usually the same as ingress.hosts.web, but differ depending on your loadbalancer and/or reverse-proxy setup.
If you want to deploy the enrollment service along with your Defguard instance you also need to configure values related to the defguard-proxy
subchart:
defguard-proxy.enabled
: enable the enrollment servicedefguard-proxy.upstreamGrpcUrl
: defguard server gRPC endpoint URLdefguard-proxy.publicUrl
: public URL of the enrollment servicedefguard-proxy.ingress.hosts.web
: enrollment service ingress address
And finally install the Helm chart in the namespace:
publicUrl
: Public URL your Defguard will be available under. Usually the same as ingress.hosts.web, but differ depending on your loadbalancer and/or reverse-proxy setup.
Last updated