Skip to main content

Install on an Existing cluster

Introduction#

GitGuardian Private Repository Monitoring is a Kubernetes application. You can install the software on an existing cluster or use our installer that has an embedded, production-ready Kubernetes distribution packaged with it.

This documentation cover the existing Kubernetes installation. For embedded clusters, please refer to this documentation.

Installation#

KOTS plugin#

First, you need to install the KOTS plugin for kubectl. You can do this with this command:

curl https://kots.io/install | bash

KOTS console#

Once you have the plugin installed, you can install the KOTS admin console:

kubectl kots install gitguardian-seal/prod

You will be be prompted to choose a namespace to deploy the application, and a password to access the admin console.

Namespace and password prompt

Once the installation of the admin console is finished, a port-forward will be setup, and you will be able to access the admin console on http://localhost:8800.

End of existing cluster installation

Application#

  1. Enter the password provided at the end of the cluster installation.

Admin console password

  1. Upload the license downloaded on the portal for instructions on how to download the license file).

License upload

  1. Configure the application. You need to fill all the required fields:
    • Application URL: URL for GitGuardian application.
    • Admin user fields: Used to create the first GitGuardian user. Password will need to be changed after the first login.
  • Ingress: A default ingress is provided.
    • Nginx TLS certificate: You can either use auto-generated self-signed certificates or upload your own. These are not the same as the TLS certificates for the admin console used during step 1. If you choose to use self-signed certificates or your own private CA, you need to disable SSL verification for GitHub webhook.

Admin console application configuration

Other configuration options available:

  • Scaling (advanced): how many replicas for each application component.
  • Databases/datastores: Whether to use an embedded postgres/redis or an external one.
  1. Check if preflight checks pass.

Admin console preflights

  1. Launch

Admin console By default, this is accessed on http://localhost:8800 using this command kubectl kots admin-console --namespace $your_namespace, which is a wrapper around kubectl port-forward. You can configure an ingress if you want a public endpoint.