charts

StrongDM Relay

This repo provides an implementation of a StrongDM relay or gateway inside Kubernetes using Helm.

Prerequisites

• A Kubernetes Cluster v1.16+
• Helm 3.0+
• Git
• If you are going to use Nginx Ingress Controller, then you will need to manually patch your services to allow TCP and UDP traffic
• A StrongDM Gateway/Relay Token

[!NOTE] To get a Gateway token, you’ll need an external address to register. If you don’t have such an address during installation of this chart, you may create a Gateway in the Admin UI with a placeholder name. You may change that value after creation with the StrongDM CLI.

Installing the Chart

helm repo add strongdm https://helm.strongdm.com/stable/
helm install [RELEASE_NAME] strongdm/sdm-relay -f values.yaml
helm status [RELEASE_NAME]

See configuration below.

See helm install for command documentation.

Upgrading the Chart

helm upgrade [RELEASE_NAME] strongdm/sdm-relay

See helm upgrade for command documentation.

Uninstalling the Chart

helm uninstall [RELEASE_NAME]

The command removes all the Kubernetes components associated with the release and deletes the release.

See helm uninstall for command documentation.

Running Multiple Gateways

A single SDM_RELAY_TOKEN token can’t be reused between nodes. To prevent conflicts during updates, this deployment hard-codes a replicaCount of 1 and a deployment strategy of Recreate.

This also implies that running multiple nodes requires multiple installations of this Helm chart. The SDM proxy Helm chart supports multiple replicas with a single installation, should this functionality be desired.

Configuration

Please view values.yaml for descriptions on supported Helm values.

Examples

Provide SDM_ADMIN_TOKEN directly to create this node during installation:

strongdm:
  auth:
    adminToken: foo.bar.baz # take care when setting this value directly

Use an existing secret that contains SDM_ADMIN_TOKEN, create this node during installation, and also register this cluster in StrongDM:

strongdm:
  auth:
    secretName: my-admin-token-secret
  autoRegisterCluster:
    enabled: true

Provide SDM_RELAY_TOKEN directly:

strongdm:
  auth:
    relayToken: my-relay-token # take care when setting this value directly
  autoCreateNode:
    enabled: false

This site is open source. Improve this page.