Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Created a document simplifying deployment with Helm-Charts #615

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Created a document simplifying deployment with Helm-Charts #615

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
38d3bab
Onboarding Week Contributions
danny-h3 Mar 3, 2025
0842302
Initial Commit for Issue 585
danny-h3 Mar 3, 2025
fc041d1
Read Me Change
danny-h3 Mar 3, 2025
7396492
Finished Helm Chart Documentation
danny-h3 Mar 18, 2025
045a86a
Revised Helm Chart Documentation
danny-h3 Mar 21, 2025
8e80941
Docs README Update
danny-h3 Mar 21, 2025
9a50769
Removing Irrelevant File
danny-h3 Mar 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Index

- [Tornjak Deployment Using Helm-Charts](/docs/tornjak-helm-chart.md)

- [Blogs](/docs/blogs.md)

- [Debugging, Hints and Tips for Solving Common Problems with Tornjak](/docs/tornjak-hints.md)
Expand All @@ -15,8 +17,7 @@

- [Server plugin: Datastore "SQL"](/docs/plugins/plugin_server_datastore_sql.md)

- [Server plugin: SPIRECRDManager](/docs/plugins/plugin_server_spirecrd.md)

- [Server plugin: SPIRECRDManager](/docs/plugins/plugin_server_spirecrd.md
- [Tornjak Agent](/docs/tornjak-agent.md)
- [Tornjak SPIRE Server Agent](/docs/tornjak-agent.md#tornjak-spire-server-agent)
- [APIs](/docs/tornjak-agent.md#apis)
Expand Down
139 changes: 139 additions & 0 deletions docs/tornjak-helm-chart.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
# Deploying Tornjak via SPIFFE Helm Charts Hardened

## Overview

You can deploy **Tornjak** using the [SPIFFE Helm Charts Hardened](https://github.com/spiffe/helm-charts-hardened)
repository.

This guide walks you through deploying both the frontend and backend of Tornjak with Direct Access,
using Helm charts in a local Kubernetes environment via Minikube. By the end, you’ll have a working instance
of SPIRE integrated with Tornjak for easier visibility and management of your SPIFFE identities.

## Prerequisites

Make sure you have the following installed on your system:

- [Minikube](https://minikube.sigs.k8s.io/docs/start/?arch=%2Fmacos%2Fx86-64%2Fstable%2Fbinary+download)
- [Helm](https://helm.sh/docs/intro/install/)

---

## Step-by-Step Deployment

### 1. Start Minikube

```bash
minikube start
```

Once minikube is up you can continue to the next step.

---

### 2. Clone the Helm Charts Repository

Clone the `helm-charts-hardened` repository if you haven't already, then navigate
into it and create a new branch.

```bash
git clone https://github.com/spiffe/helm-charts-hardened.git
cd helm-charts-hardened
git checkout -b your-branch
```

You can name the branch whatever you like.

---

### 3. Create a Custom Values File

In the root of your `helm-charts-hardened` directory, create a YAML file (e.g `your-values.yaml`).
This file will define the Helm configurations Helm uses when deploying SPIRE.

Here's a template you can start with:
```yaml
global:
openshift: false # Set to true if deploying on OpenShift
spire:
recommendations:
enabled: true
namespaces:
create: true
ingressControllerType: "" # Use "ingress-nginx" if exposing services outside Minikube
clusterName: server.example
trustDomain: server.example
caSubject:
country: US
organization: Server
commonName: server.example
# Uncomment and set the correct version if you face issues with kubectl/rancher versions:
# tools:
# kubectl:
# tag: "v1.23.3"

```

⚠️ Note: If you name your file something other than your-values.yaml, remember to use that
name in the following commands.

---

### 4. Deploy SPIRE

Now we can excute the following to deploy our SPIRE instance:

```bash
helm upgrade --install -n spire-mgmt spire-crds spire-crds --repo https://spiffe.github.io/helm-charts-hardened/ --create-namespace

helm upgrade --install -n spire-mgmt spire spire --repo https://spiffe.github.io/helm-charts-hardened/ -f your-values.yaml
```

---

### 5. Deploy Tornjak

Now we can deploy Tornjak with SPIRE.

First, we need to export the Tornjak backend API URL:

```bash
export TORNJAK_API=http://localhost:10000
```

Then, run the following Helm command to deploy Tornjak with the frontend and backend enabled:
```bash
helm upgrade --install -n spire-mgmt spire spire \
--repo https://spiffe.github.io/helm-charts-hardened/ \
--set tornjak-frontend.apiServerURL=$TORNJAK_API \
--values examples/tornjak/values.yaml \
--values your-values.yaml \
--render-subchart-notes
```

---

### 6. Test Deployment
You can verify the deployment with:

```bash
helm test spire -n spire-server
```

---

### 7. Access Tornjak UI

To access the Tornjak frontend you'll need to forward the necessary ports. Make sure that you
run each of the following commands in a **seperate** terminal:

```bash
kubectl -n spire-server port-forward service/spire-tornjak-backend 10000:10000
```
```bash
kubectl -n spire-server port-forward service/spire-tornjak-frontend 3000:3000
```

Open your browser and enter: 'http://localhost:3000`
You should now see the Tornjak UI!

---