Skip to main content

Installing Spider on Kubernetes



To setup Spider, you need to have the credentials to download Spider docker images.
The Controller and Whisperer images are in a public accessible repository, but not the server images.

The credentials are coming together with your License key when you purchase a Spider license.

They have a limited validity duration, set to your license expiration date.


Spider Kubernetes setup requires the following tools to run:

Optional dependencies


Spider may authenticate users to an LDAP.

Using LDAP for authentication may be used in parallel or in replacement as local authentication.

You may indeed have both: local authenticated users and ldap authenticated users.
But a user may have only one of those authentication methods.

When the user does not exist, but has a valid LDAP account, it is automatically created.

For LDAP auth, you need to provide in the values.yml file:

  • the LDAP server address,
  • the base path where users are stored in the LDAP.

No service account is required. Spider does:

  1. it searches on the LDAP by the user's email
  2. it binds the user to the LDAP with its id and the provided password to check the later

OIDC provider

Spider may also authenticate users using OpenId Connect protocol against any Identity Provider implementing OIDC (Google, Gitlab, GitHub, Keycloak...).

Spider supports many OIDC providers at once.

OIDC authentication is done in parallel as others.
The user may have an LDAP or local account, and connect with OIDC.

When the user does not exist, but has a valid OIDC account, it is created with a fake random password.

For OIDC auth, you need to provide in the values.yml file:

  • a name to identify and display it on the login page
  • the client_id and client_secret of Spider application as registered in the identity provider,
  • the URL endpoints of the identity provider to authenticate and exchange code to token
  • the jwks uri to check the token signature

Optionally, you may have to define:

  • the OAuth scopes to use,
    • openid profile email are used as default scopes
  • the userInfo URL to get the user details when the provider does not provide an id_token with the access_token.

S3 bucket

Spider may backup regularly its configuration resources:

  • Users + User settings
  • Teams
  • Whisperers

To allow backup of data, you need to provide access to a S3 - or compatible - bucket.
Address and credentials have to be provided in the setup.yml values file.


When installing Spider, you may also ask it to restore a previous backup automatically after installation.

SMTP server

Spider sends mails at various times (configurable):

  • For alerting
  • During user creation workflow
  • When a user profile changes
  • At team creation or updates
  • ...

To send a mail, Spider needs access to a SMTP server, with credentials to provide in setup.yml.

Helm repository

Spider Helmchart is published Floocus Helm repository.

You may add it to your Helm repositories:

$ helm repo add floocus

Or you may add the option --repo to the installation command.

Once added, you may search for available Spider helmchart using:

$ helm search repo floocus
floocus/spider-analyzer 1.0.2 latest Helmchart to deploy Spider Analyzer server


Create a values.yaml file containing the custom values to customize your Helm installation.

Sample (simplest) configuration file:

version: 2023.06.15
key: yourLicenseKey
privateKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
privateKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
publicKey: '-----BEGIN RSA PUBLIC KEY-----\n...\n-----END RSA PUBLIC KEY-----'
port: 65
password: myESPassword
login: your-spider-token
password: your-spider-api-key
createAccountsAtInstallation: false
- givenName: "John"
familyName: "Doe"
email: ""
privateKey: '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
publicKey: '-----BEGIN RSA PUBLIC KEY-----\n...\n-----END RSA PUBLIC KEY-----'

This is the minimal setup, but many options are available to define:

  • Secured ingress
  • LDAP authentication
  • Elasticsearch infrastructure
  • etc.

For a complete reference, see the values file reference.


Once configuration is set, you run a one line command that installs Spider on the selected target.

$ helm install spider floocus/spider-analyzer \
-f ./values.yaml \
--namespace spider-system \

This will install Spider with:

  • spider release name,
  • using floocus/spider-analyzer chart from Floocus repository,
  • using setup.yaml configuration file,
  • in namespace spider-system that will be created if it does not exist yet.


To upgrade to a new version, set the new version in the setup.yaml file, and run:

$ helm upgrade spider floocus/spider-analyzer \
-f ./values.yaml \
--namespace spider-system


To uninstall Spider, do so using Helm command:

$ helm uninstall spider \
--namespace spider-system