⚠️ This project will be deprecated in October 2021. We will leave the repository here in case the community wants to continue its development.
Horusec-admin carries out basic modifications to your Kubernetes cluster through a user-friendly interface. The creation was based on the conjunction with Horusec-Operator, where it can have a simpler way to install the services in an environment using Kubernetes.
To use Horusec-Admin you need to configure some secrets and dependencies, check them below:
- Kubectl and connection with your cluster
- Horusec-Operator installed.
Install Horusec-Operator in your cluster, see below:
kubectl apply -f "https://github.com/ZupIT/horusec-operator/releases/download/v2.0.0/horusec-operator.yaml"
Check if the resource was installed:
kubectl api-resources | grep horus
You may see an output like this:
$ kubectl api-resources | grep horus
horusecplatforms horus install.horusec.io true HorusecPlatform
Now it is necessary to install Horusec-Admin in your cluster:
kubectl apply -f "https://github.com/ZupIT/horusec-admin/releases/download/v2.0.0/horusec-admin.yaml"
See the pod running:
kubectl get pods
You may see an output like this:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
horusec-admin-74594694f-sdmr8 1/1 Running 0 1m
It is not possible to make changes in Horusec-Operator with a YAML file and you will see this data in Horusec-Admin. We recommend the usage of one project to configure Horusec services. In other words, just the horusec-admin or just horusec-operator
The Horusec-admin is running in your cluster by default in an internal port HTTP 3000 is necessary to expose in your local machine to access interface this project.
WARNING! DON'T EXPOSE THIS SERVICE TO EXTERNAL INTERNET BECAUSE CONTAINS SENSITIVE DATA!!!
Follow the steps to configure:
- In your terminal start in port-forward of this service how:
kubectl port-forward horusec-admin-74594694f-sdmr8 3000:3000
If you access http://localhost:3000
you will see Horusec-Admin page:
- Get the access token, it is necessary to see the logs of the service because the token was only showed in the internal pod and renewed every 10 minutes. See the follow example:
kubectl logs pod/horusec-admin-74594694f-sdmr8
Your output:
time="2021-06-25 11:29:12 +0000" level=info msg="Token:04cd71a59715bc535cdc3ef6050c4f0ad49f12f0" prefix=authz
time="2021-06-25 11:29:12 +0000" level=info msg="Valid until:2021-06-25 13:29:12.454049573 +0000 UTC m=+7200.016119300" prefix=authz
time="2021-06-25 11:29:12 +0000" level=info msg=listening addr=":3000" prefix=server
The token in this case is 04cd71a59715bc535cdc3ef6050c4f0ad49f12f0
Select which configuration you want to perform on the platform:
Check the status of the services and if it's available:
Perform general application settings such as data for users of the application among others:
Perform connection settings with services as required databases, Message Broker and SMTP: Remembering that Horusec does not create these features only accomplishes the connection!
Change the type of authentication you want to use in your environment:
Update simply and quickly the host of your application that will be exposed in the ingress of your Kubbernetes cluster:
This is an example to use Horusec-Admin. Check the requirements:
- Configure horusec-operator and all connections and secrets.
- Helm;
- Kind;
After of you install, follow the steps below:
Step 1. Clone horusec-operator project:
git clone https://github.com/ZupIT/horusec-operator.git && cd horusec-operator
Step 2. Up kubernetes cluster with all dependencies and wait to finish:
make up-sample
If you see this message:
Creating horusec_analytic_db...
If you don't see a command prompt, try pressing enter.
psql: could not connect to server: Connection refused
Is the server running on host "postgresql" (10.96.182.42) and accepting
TCP/IP connections on port 5432?
pod "postgresql-client" deleted
pod default/postgresql-client terminated (Error)
Don't worry this is normal because the script is trying create new database, but the pod of the postgresql is not ready, it will run again until create new database.
Step 3. After the script finishes, install Horusec-Operator:
kubectl apply -f "https://github.com/ZupIT/horusec-operator/releases/download/v2.0.0/horusec-operator.yaml"
Step 4. Check if the resource was installed:
kubectl api-resources | grep horus
You may see an output like this:
$ kubectl api-resources | grep horus
horusecplatforms horus install.horusec.io true HorusecPlatform
And you can see the pod manager by this resource:
$ kubectl get pods -n horusec-operator-system
NAME READY STATUS RESTARTS AGE
horusec-operator-controller-manager-7b9696d4c4-t7w2q 2/2 Running 0 2m10s
Step 5. Now, install horusec-admin in your cluster:
kubectl apply -f "https://github.com/ZupIT/horusec-admin/releases/download/v2.0.0/horusec-admin.yaml"
See the pod running:
kubectl get pods
You may see an output like this:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
horusec-admin-74594694f-sdmr8 1/1 Running 0 1m
Step 6. Now in your terminal, start in port-forward of this service:
kubectl port-forward horusec-admin-74594694f-sdmr8 3000:3000
If you access http://localhost:3000
you will see horusec-admin page.
Step 7. Get the access token. See the logs of the service because the token was showed only in the internal pod and renewed every 10 minutes. See follow example:
kubectl logs pod/horusec-admin-74594694f-sdmr8
And your output may be:
time="2021-06-25 11:29:12 +0000" level=info msg="Token:04cd71a59715bc535cdc3ef6050c4f0ad49f12f0" prefix=authz
time="2021-06-25 11:29:12 +0000" level=info msg="Valid until:2021-06-25 13:29:12.454049573 +0000 UTC m=+7200.016119300" prefix=authz
time="2021-06-25 11:29:12 +0000" level=info msg=listening addr=":3000" prefix=server
The token in this case is 04cd71a59715bc535cdc3ef6050c4f0ad49f12f0
.
Step 8. Setup the authentication. Go to the general page and click on "Save" button, and all Horusec services will upload with default configuration. You can see with command:
kubectl get pods
The output will be like this:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
horusec-admin-74594694f-sdmr8 1/1 Running 0 5m
analytic-6f6bffb5d6-f8pl9 1/1 Running 0 74s
api-5cc5b7545-km925 1/1 Running 0 73s
auth-8fbc876d9-62r6d 1/1 Running 0 73s
core-6bf7f9c9fc-fdv5c 1/1 Running 0 73s
horusecplatform-sample-analytic-migration-wwdzc-r9th2 0/1 Completed 0 74s
horusecplatform-sample-analytic-v1-2-v2-8zchl-445mz 0/1 Completed 2 74s
horusecplatform-sample-api-v1-2-v2-5lndp-w2rbd 0/1 Completed 3 74s
horusecplatform-sample-platform-migration-8g5ml-zmntl 0/1 Completed 0 74s
manager-c959f4f67-fz7r4 1/1 Running 0 74s
postgresql-postgresql-0 1/1 Running 0 7m54s
rabbitmq-0 1/1 Running 0 7m54s
vulnerability-7d789fd655-tpjp8 1/1 Running 0 74s
webhook-7b5c45c859-cq4nf 1/1 Running 0 73s
For more information about Horusec, please check out the documentation.
If you want to contribute to this repository, access our Contributing Guide. And if you want to know more about Horusec, check out some of our other projects:
Feel free to reach out to us at:
This project exists thanks to all the contributors. You rock! ❤️🚀