Virtru Private Keystore: Deployment via Helm
Pulling the helm chart
To get started with your helm chart, create a local directory to store your chart. Then run the following command to add Virtru's helm charts to your local helm repo:
helm repo add virtru-charts https://virtru-corp.github.io/virtru-charts/
To view your helm repos, run:
helm repo list
You should see
virtru-charts added from the URL
To download a chart for editing, run the following command:
helm pull virtru-charts/cks --untar
You should see a directory called
cks created inside of your working directory.
There are a number of ways that Kubernetes secrets can be managed. If you do not have an existing external secret manager for your Kubernetes clusters, you can create secrets by using the
appSecrets section of the
Please note we recommend that you consider using an external secrets manager. Creating secrets via the
values.yaml is a default option to help get your CKS up and running more quickly.
This section will detail potential changes that you will need to make to your
values.yaml file is where all of the CKS configuration will occur. This is where the environment variables and secret values will be configured.
These values will be generated by running the CKS setup wizard in a Linux server. The steps are outlined in our public docs at . Once you complete running the CKS wizard in a Linux server, you’ll want to save the contents of the
send_to_virtru.tar.gz tar ball and use the information in there in order to build your
values.yaml file contents for your K8s deployment. Once the script has completed successfully, the file,
send_to_virtru.tar.gz will be in your
/var/virtru/cks directory. This file will contain the required information so that Virtru can communicate with your CKS appliance.
Next, please send the
send_to_virtru.tar.gz zip file to Virtru Deployment Team via the Secure Share link shown below. The information in this file will be used in order to get your CKS connected to the Virtru production environment once a go-live date has been coordinated between your organization and Virtru.
To serve traffic appropriately, you must have an ingress controller for your CKS service. This is enabled by default, but you will need to update the host under
ingress.hosts.host to match the FQDN of your CKS.
Depending on your environment, you will need to add annotations to:
- Apply your CA signed certificate
- Designate load balancer configurations
- Expose your load balancer to the internet
Update your secrets to match the values from your local CKS config as mapped below.
|Value from CKS setup script
env/cks.env => AUTH_TOKEN_STORAGE_IN_MEMORY_TOKEN_JSON
You can have multiple RSA keypairs on your CKS as long as they follow the naming convention rsa###.pub and rsa###.pem for all public/private keypairs.
Note: Indentation matters for a multiline string, ensure proper indentation for your CKS keys secrets.
Virtru Private KeystoreInstalling the
Use a standard helm install command to deploy your CKS. An example command is listed below:
helm install -n virtru -f ./values.yaml cks ./ --create-namespace