/opencve-helm

Primary LanguageSmarty

Artifact Hub

opencve-helm

DISCLAIMER

  • This helm chart could to be used in production environments!
  • Registration is working only when you have configured smtp server.
  • Users are managed by admin user which must be created manually. Working ONLY with HTTPS.
  • You need to have for import initial database at least 6GB RAM then you could have lower RAM

Installation

Prepare self-signed SSL certificate (example.crt) and key (example.key) if you don't have prepared yours.

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout example.key -out example.crt -extensions san -config <(echo "[req]"; echo distinguished_name=req; echo "[san]"; echo subjectAltName=DNS:example.com,DNS:example.net) -subj /CN=example.com

Create secret from certificate and key

kubectl create ns opencve
kubectl create secret tls opencve-ssl-secret --key example.key --cert example.crt -n opencve

Install with Helm

Add Helm repository

helm repo add opencve https://cleveritcz.github.io/opencve-helm/opencve
helm repo update

Download values.yaml, change host name in ingress section and what others you want to have

helm show values opencve/opencve > values.yaml

Install opencve with this command

helm install opencve opencve/opencve -n opencve --create-namespace -f values.yaml

Install with git

Download git repository

git clone https://github.com/cleveritcz/opencve-helm.git
cd opencve-helm

Change host in values.yaml under ingress section from opencve.cleverit.cz to your domain where the application will be running.

helm install opencve . -n opencve --create-namespace
  • Check if everything is running except opencve-celery-beat
kubectl get pods -n opencve
  • Then run these commands:
export POD_NAME=$(kubectl get pods --namespace opencve -l "app=webserver" -o jsonpath="{.items[0].metadata.name}")
kubectl exec -it $POD_NAME -n opencve -- opencve create-user john john.doe@example.com --admin

Caveats

  • Please note that the initialization can take several minutes while OpenCVE downloads and imports the CVEs, CPEs and co.
  • Even when uninstalling the pvc will remain on the k8s cluster. If you change certain settings (like postgres passwords) you need to delete the pvc manually and let the init container reinitialize it.
  • Autoscaling is working from Kubernetes v1.23 and higher

Uninstallation

helm uninstall opencve -n opencve
kubectl delete pvc data-opencve-postgresql-0 -n opencve --force
kubectl delete ns opencve --force

We provide a documentation with the details of each step.