AppScan360 Helm Based Installation is a Helmfile-based installation solution for AppScan360. This document provides step-by-step instructions for setting up and configuring the AppScan-360-Helm-Files repository, including how to clone the repository, generate an access token, and customize the installation files for specific customer requirements.
- Good Internet Connection
- Prepare A Ubuntu 22.04 LTS or newer
- Hardware Specifications remains same as of Standalone
- Kubernetes, Helm, Docker, Ingress, Cert-Manager, Storage Class with AccessMode ReadWriteMany needs to be installed
- Access to Harbor is required.
- Download the Helmfile binary:
wget -O helmfile.tar.gz $(curl -s https://api.github.com/repos/helmfile/helmfile/releases/latest | grep browser_download_url | grep linux_amd64.tar.gz | cut -d '"' -f 4) - Extract the downloaded file:
tar -xvzf helmfile_*_linux_amd64.tar.gz - Move the helmfile binary to the appropriate directory:
sudo mv helmfile /usr/local/bin/
- Set the binary to be executable:
sudo chmod +x /usr/local/bin/helmfile
- Verify the installation:
helmfile --version
Note Post helmfile binary installation and customer has harbor access Perform harbor login by either of the below steps:
2. environment variable HCLCR_USERNAME (harbor username) and HCLCR_PASSWORD (harbor password/cli secret). OR
{
"auths": {
"hclcr.io": {
"auth": "secretvalue"
}
}
}
The repository for AppScan-360-Helm-Files is hosted on a GitHub server. To clone the repository, follow these steps:
Once the repository is cloned, you will find the following directory structure.
AppScan-360-Helm-Files
├── Helm.d
├── ├── helmfile-ASCP.yaml.gotmpl
├── ├── helmfile-ASRA.yaml.gotmpl
│ ├── helmfile-SCA.yaml.gotmpl
├── └── helmFileCustomization
├── ├── singular-singular.clusterKit-Sample.yaml
└── helmfile.yaml.gotmplsingular-singular.clusterKit-Sample.yaml: A file specific to the customer, requiring customization according to customer specifications which needs to be renamed to singular-singular.clusterKit.yaml.
The singular-singular.clusterKit.yaml file must be tailored to each customer's environment. It is important to update the details in this file to accurately reflect the customer's setup. Not doing so may cause deployment configurations to be incorrect. The CUSTOMIZE_ME in each section contains the details that the customer needs to fill in each sections. Customers should replace the CUSTOMIZE_ME placeholders with the appropriate information based on their environment and configuration requirements. Failure to do this may result in incorrect deployment settings.
For each upgrade, run git pull inside the cloned repository(AppScan-360-Helm-Files) to update the files. Pay attention to the ReadMe and singular-singular.clusterKit-Sample.yaml for any updates that may need to be incorporated into the customer's customized file during an upgrade.
-
Navigate to the cloned AppScan-360-Helm-Files folder.
-
Run the following commands:
helmfile sync
-
Navigate to the cloned AppScan-360-Helm-Files folder.
-
Run the following commands:
helmfile destroy
Software Composition Analysis (SCA) is included when you install AppScan 360° with a parameter.
Note: Software Composition Analysis (SCA) is not included in the AppScan 360° by default; you must enable it.
To install AppScan360 along with SCA:
includeSCA=true helmfile syncTo uninstall AppScan360 along with SCA:
includeSCA=true helmfile destroyTo enable automatic updates of the Software Composition Analysis (SCA) vulnerability database, set the following environment variables that point to the HCL Harbor registry with the correct credentials.
export SCA_AUTOUPDATER_REGISTRY_USERNAME=<HCL_HARBOR_USERNAME>
export SCA_AUTOUPDATER_REGISTRY_PASSWORD=<HCL_HARBOR_PASSWORD>Important: If you do not set up automatic updates, you must update the vulnerability database manually.
AppScan 360° supports version-controlled installation using Git tags and archives. To clone the latest version of AppScan 360° using Git:
git clone
https://github.com/HCL-TECH-SOFTWARE/AppScan-360-Helm-Files.gitTo clone a specific version of AppScan 360° using Git, where X.X.X is the specific version number:
git clone --branch vX.X.X
https://github.com/HCL-TECH-SOFTWARE/AppScan-360-Helm-Files.gitTo download an archive directly, where X.X.X is the specific version number:
wget https://github.com/HCL-TECH-SOFTWARE/AppScan-360-Helm-Files/archive/refs/tags/vX.X.X.zipTo extract a specific archive, where X.X.X is the specific version number:
unzip AppScan-360-Helm-Files-vX.X.X.zipor
tar -xvzf AppScan-360-Helm-Files-vX.X.X.tar.gzPoints to Harbor’s production project, which may not have the final images yet.
Rollback to previous helmfile based installation to previous version
helm rollback <release-name> <revision-number> -n <namespace>Example release names:
- asra (namespace: hcl-appscan-asra)
- appscan360-ascp (namespace: hcl-appscan-ascp)
- scaservices (namespace: hcl-appscan-sca)
You can find the available revision numbers using:
helm history <release-name> -n <namespace>Common issues that can be encountered:
- no state file found. It must be named helmfile.d/* : When we navigate inside AppScan-360-Helm-Files -> helm.d -> run helmfile sync, this command needs to be run from AppScan-360-Helm-Files
- in ./helmfile.yaml: in .helmfiles[0]: in helm.d/helmfile-ASCP.yaml: failed processing release appscan360-ascp: values file matching "helmFileCustomizations/singular-singular.clusterKit.yaml" does not exist in ".": When singular-singular.clusterKit.yaml is missing
- Failed to pull helm-packages or docker images: When docker login is missing or HCLCR_USERNAME and HCLCR_PASSWORD environment variable is missing
- Failed to get pull secret: When .docker/config.json file is missing or AS360_KNI_JSON_CONFIG_AS_BASE64 with appropriate value is not defined