charts

StrongDM Proxy

This repo provides an implementation of a StrongDM proxy service inside Kubernetes using Helm.

Prerequisites

• A Kubernetes Cluster v1.16+
• Helm 3.0+
• Git
• If you are going to use Nginx Ingress Controller, then you will need to manually patch your services to allow TCP and UDP traffic
• A StrongDM Proxy Cluster key and secret

[!NOTE] To get a Proxy Cluster key and secret, you’ll need an external address to register. If you don’t have such an address during installation of this chart, you may create a cluster in the Admin UI with a placeholder name. You may change that value after creation with the StrongDM CLI.

Installing the Chart

helm repo add strongdm https://helm.strongdm.com/stable/
helm install [RELEASE_NAME] strongdm/sdm-proxy -f values.yaml
helm status [RELEASE_NAME]

See configuration below.

See helm install for command documentation.

Upgrading the Chart

helm upgrade [RELEASE_NAME] strongdm/sdm-proxy

See helm upgrade for command documentation.

Uninstalling the Chart

helm uninstall [RELEASE_NAME]

The command removes all the Kubernetes components associated with the release and deletes the release.

See helm uninstall for command documentation.

Configuration

Please view values.yaml for descriptions on supported Helm values.

Examples

Provide SDM_PROXY_CLUSTER_ACCESS_KEY and SDM_PROXY_CLUSTER_SECRET_KEY directly:

strongdm:
  auth:
    # take care when setting these values directly
    clusterKey: foo.bar.baz
    clusterSecret: foo.bar.baz

Use an existing secret that contains SDM_ADMIN_TOKEN, SDM_PROXY_CLUSTER_ACCESS_KEY, and SDM_PROXY_CLUSTER_SECRET_KEY, and also register this cluster in StrongDM:

strongdm:
  auth:
    secretName: my-secret
  autoRegisterCluster:
    enabled: true

This site is open source. Improve this page.