OPEN FOSSA APP

Preparing your installation

Suggest Edits

Preparing your installation

In this guide, we'll walk through how to install FOSSA Enterprise into an existing Kubernetes cluster.

Overview

When installing FOSSA, there are a couple of possible installation configurations.

The FOSSA application itself runs inside your Kubernetes cluster. This application requires:

  1. An S3-compatible object storage backend.
  2. A Postgres-compatible SQL database.

For each of these external services, you can choose to either self-host or use managed external hosting. FOSSA comes pre-installed with self-hosted options for both of these external services (using MinIO for object storage and self-hosted Postgres for the database), although they will require extra CPU, memory, and disk resources to run in-cluster.

We strongly recommend using managed external hosting for both the object storage backend (using Amazon S3, or equivalent) and the database (using Amazon RDS, or equivalent). The provided self-hosted options are not suitable for a production installation.

Prerequisites

FOSSA image credentials

To install FOSSA, you'll need a username and password to download the FOSSA application images.

Contact your FOSSA account manager to get these credentials.

Kubernetes cluster

Your Kubernetes cluster should meet these requirements:

  • Kubernetes 1.23.8 or newer
  • kubectl compatible with your cluster
  • helm 3.11.0 or newer
  • 32 vCPU
  • 64 GB of memory
  • 500 GB of available storage space

To use the simplified charts, your Kubernetes cluster will also need:

  • Support for dynamic volume provisioning
  • An ingress controller

Database

If you're using managed external hosting for your database, your host should meet these requirements:

  • Postgres 12 or newer
  • 4 vCPU
  • 8 GB of memory
  • 200 GB of available storage space

If you're using self-hosted Postgres, our self-hosted database image will set up the correct Postgres version for you. You should add these resource requirements to your cluster's requirements.

S3-compatible object storage

If you're using managed external hosting for object storage, your host should meet these requirements:

  • 2 vCPU
  • 4 GB of memory
  • 500 GB of available storage space

If you're using self-hosted object storage, you should add these resource requirements to your cluster's requirements.

Email

FOSSA uses email to send user invites, notifications, and other transactional application emails. To enable this functionality, you'll need to provide an SMTP server for FOSSA to send mail to.

Networking

FOSSA needs access to the following ports:

  • Inbound:
    • 443 (HTTPS): for users to access FOSSA
  • Outbound:
    • 22 (SSH), 80 (HTTP), 443 (HTTPS) - all are required: for FOSSA to access public package registries, download code for analysis, and integrate with other tools
    • 25/465/587 (SMTP - pick one of three): for FOSSA to send emails using SMTP
    • 5432 (Postgres): used to connect to Postgres, if you're using managed external hosting for Postgres

DNS and SSL

Once FOSSA is installed, you will need to configure your DNS to make it accessible to users:

  • You'll need to add an entry for the FOSSA web application.
  • If you're using self-hosted object storage, you'll also need to add an entry for the self-hosted MinIO instance.

If you intend to terminate SSL at the FOSSA application, you will also need SSL certificates for each domain name (one for the web application, and one for the object storage if you're using self-hosted object storage).

Self-signed certificates

If your network uses self-signed certificates, FOSSA can be configured to trust those certificates. Have these certificates ready to reference during configuration.

Updated 6 months ago