Skip to main content

Installing Spider server

Prerequisites

Credentials

To set up Spider, you need to have the credentials to download Spider docker images.
The Controller, Gocipher and Whisperer images are in a public accessible repository, but not the server images.

The credentials are coming together with your License key when you purchase a Spider license.
They have a limited validity duration, set to your license expiration date.

Tools

Spider Kubernetes setup requires the following tools to run:

Optional dependencies

LDAP

Spider may authenticate users to an LDAP.

Using LDAP for authentication may be used in parallel or in replacement as local authentication.

You may indeed have both: local authenticated users and ldap authenticated users.
But a user may have only one of those authentication methods.

When the user does not exist, but has a valid LDAP account, it is automatically created.

For LDAP auth, you need to provide in the values.yml file:

  • the LDAP server address,
  • the base path where users are stored in the LDAP.

No service account is required. Spider does:

  1. it searches on the LDAP by the user's email
  2. it binds the user to the LDAP with its id and the provided password to check the later

OIDC provider

Spider may also authenticate users using OpenId Connect protocol against any Identity Provider implementing OIDC (Google, Gitlab, GitHub, Keycloak...).

Spider supports many OIDC providers at once.

OIDC authentication is done in parallel as others.
The user may have an LDAP or local account, and connect with OIDC.

When the user does not exist, but has a valid OIDC account, it is created with a fake random password.

For OIDC auth, you need to provide in the values.yml file:

  • a name to identify and display it on the login page
  • the client_id and client_secret of Spider application as registered in the identity provider,
  • the URL endpoints of the identity provider to authenticate and exchange code to token
  • the jwks uri to check the token signature

Optionally, you may have to define:

  • the OAuth scopes to use,
    • openid profile email are used as default scopes
  • the userInfo URL to get the user details when the provider does not provide an id_token with the access_token.

S3 bucket

Spider may backup regularly its configuration resources:

  • Users + User settings
  • Teams
  • Whisperers

To allow backup of data, you need to provide access to a S3 - or compatible - bucket.
Address and credentials have to be provided in the setup.yml values file.

tip

When installing Spider, you may also ask it to restore a previous backup automatically after installation.

SMTP server

Spider sends mails at various times (configurable):

  • For alerting
  • During user creation workflow
  • When a user profile changes
  • At team creation or updates
  • ...

To send a mail, Spider needs access to a SMTP server, with credentials to provide in setup.yml.

Helm repository

Spider Helmchart is published Floocus Helm repository.

You may add it to your Helm repositories:

$ helm repo add floocus https://repository.floocus.com/helm

Or you may add the option --repo https://repository.floocus.com/helm to the installation command.

Once added, you may search for available Spider helmchart using:

$ helm search repo floocus
NAME CHART VERSION APP VERSION DESCRIPTION
floocus/spider-analyzer 1.0.2 latest Helmchart to deploy Spider Analyzer server

Configuration

Create a values.yaml file containing the custom values to customize your Helm installation.

Sample (simplest) configuration file:

global:
version: 2023.06.15
endpoint:
host: spider.sample.io
publicPath: http://spider.sample.io
license:
key: yourLicenseKey
privateKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
jwt:
privateKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
publicKey: '-----BEGIN RSA PUBLIC KEY-----\n...\n-----END RSA PUBLIC KEY-----'
smtp:
email: spider.analyzer@sample.io
server: smtp.sample.io
port: 65
elasticsearch:
password: myESPassword
registries:
serverRegistryAuth:
login: your-spider-token
password: your-spider-api-key
customers:
supportEmails:
- admin@sample.io
admins:
createAccountsAtInstallation: false
accounts:
- givenName: "John"
familyName: "Doe"
email: "john.doe@sample.io"
controller:
privateKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
publicKey: '-----BEGIN RSA PUBLIC KEY-----\n...\n-----END RSA PUBLIC KEY-----'
gocipher:
privateKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
publicKey: '-----BEGIN RSA PUBLIC KEY-----\n...\n-----END RSA PUBLIC KEY-----'

This is the minimal setup, but many options are available to define:

  • Secured ingress
  • LDAP authentication
  • Elasticsearch infrastructure
  • etc.

For a complete reference, see the values file reference.

Installation

Once configuration is set, you run a one line command that installs Spider on the selected target.

$ helm install spider floocus/spider-analyzer \
-f ./values.yaml \
--namespace spider-system \
--create-namespace

This will install Spider with:

  • spider release name,
  • using floocus/spider-analyzer chart from Floocus repository,
  • using setup.yaml configuration file,
  • in namespace spider-system that will be created if it does not exist yet.

Upgrade

To upgrade to a new version, set the new version in the setup.yaml file, and run:

$ helm upgrade spider floocus/spider-analyzer \
-f ./values.yaml \
--namespace spider-system

Removal

To uninstall Spider, do so using Helm command:

$ helm uninstall spider \
--namespace spider-system