VSP CMS DEPLOYMENT
VSP CMS is installed as a Load Balancer service.This section describes the process of setting up the VSP Infrastructure Pods:
NOTE:
Ensure that the Master and Worker Nodes are in sync with the NTP server
-
On the Management Node, create the below directory for the files related to CMS
-
cd /home/virsec
-
mkdir -p vsp/cms
-
cd vsp/cms
-
-
Execute the below commands to download the file vsp_download_files.sh:
-
wget --no-check-certificate https://<LFR_IPAddress>:8443/vsp/vsp_download_files.sh
-
chmod +x ./vsp_download_files.sh
-
-
To configure the build scripts for a specific environment, execute the below commands:
-
./vsp_download_files.sh
-
-
Execute the below commands to deploy CMS :
-
CMS URL is provided at the end of script execution
-
cd cms_serviceperpod
-
To view the help menu, execute the below command:
./vsp_deploy_cms.sh -h
-
-u (Optional): To disable SSL hostname verification between CMS and Probe. This is useful when customized domain name is desired for CMS (Default Domain Name: int.cms.virsec.com). Utilize this option in ECS Fargate environment
-
-n: DO NOT utilize this parameter to provide a namespace. CMS MUST be deployed in the default namespace virsec
-
Provide the option “-o” to install the optional CMS services. Indicate with “Y” or “N” for each of the options
-
-S (Optional): For a clean CMS setup. This deletes the previous setup (if any) including the infrastructure services (MongoDB, Kafka and Redis containers). This option can be used if the core CMS services and infrastructure services need update
-
-s (Optional): For clean CMS setup. This deletes the previous setup (if any) excluding the infrastructure services (MongoDB, Kafka and Redis containers). This option can be used if only the core CMS services need update
-
-c (Optional): For CMS Uninstall – This deletes all the CMS deployments and services, including the infrastructure services (MongoDB, Kafka and Redis containers). When CMS is reinstalled, Probes might need reconfiguration as the CMS IP address might have changed
NOTE:
Ensure that when the parameters -s,-S OR -c are utilized, only one of them is provided as per the requirement and never both
Provide -s OR -S as the parameter in AWS EKS setup. Do not use the parameter -c -
-x (Optional): To expose VSP Kafka service Externally. Kafka Service must be exposed externally only when the Applications are deployed on different Kubernetes Cluster than VSP CMS
-
-C: Node name where Client service must be deployed (CMS UI)
-
-K: Node name where Kafka service must be deployed
-
-M: Node name where Mongo service must be deployed
-
-R: Node name where Redis service must be deployed
-
-k: Use this option during CMS installation or startup or upgrade. Allowed Kafka options:
1: For One-way SSL where the Client verifies the server
2: For Two-way SSL where both the Client and Server verify each other. By default, the value is set to 2 if not specified
-
-Z: When CMS services are running. Allowed Kafka options:
1: For One-way SSL where the Client verifies the server
2: For Two-way SSL where both the Client and Server verify each other. By default, the value is set to 2 if not specified
-
-
Sample Usage:
./vsp_deploy_cms.sh -o -x
-
-
To ensure that CMS maintains the same IP address and worker node, execute the below commands:
-
kubectl -n virsec patch deployments vsp-cms-client -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "<WORKER_NODE_NAME>"}}}}}'
-
kubectl -n virsec patch service vsp-cms -p '{"spec" : {"type": "LoadBalancer", "externalIPs":["<WORKER_NODE_IP>"]}}'
NOTE:
If a proxy server is configured for internet access, ensure that the root certificate information is added to the property file, as described in the Deploy Custom SSL Certificates topic of the Maintenance Section
-
-
Verification: To verify the CMS deployment, execute the below command on the Management node to list all the deployments and pods
-
kubectl get pods -n virsec
-