OPEN FOSSA APP

Using managed external hosting for external services

Suggest Edits

Using managed external hosting for external services

If you're using managed external hosting for your external service dependencies, there might be some configuration outside of FOSSA and Kubernetes that you'll need to do with your external service host.

If you're using the self-hosted option for a service, you can skip the section for that service.

Database

Postgres version

Your database should be running Postgres 12 or higher.

Postgres database existence

Postgres servers can have multiple databases (specified by their dbname). FOSSA connects to a specific database specified by your chart configuration. Ensure that this database exists.

For example, if your dbname is fossa, then ensure you have run:

CREATE DATABASE fossa;

Postgres permissions

FOSSA will create two schemas within your Postgres database:

  • fossa
  • hubble

Ensure that the database user you specified for FOSSA has sufficient permissions to create schemas within its database.

Storage

Creating buckets

You may need to manually create buckets in S3 before they can be used. The bucket names to create should be the same ones you configured in your chart.

IAM permissions

For each of your buckets, ensure that FOSSA has permissions for GetObject, ListBucket, and PutObject. This may require you to configure permissions on either the access/secret key configured or the IAM role of the pods.

For an example IAM permission configuration, substitute for <CORE_BUCKET_NAME> and <HUBBLE_BUCKET_NAME> in:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FOSSA",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::<CORE_BUCKET_NAME>/*",
                "arn:aws:s3:::<CORE_BUCKET_NAME>",
                "arn:aws:s3:::<HUBBLE_BUCKET_NAME>/*",
                "arn:aws:s3:::<HUBBLE_BUCKET_NAME>"
            ]
        }
    ]
}

Configuring CORS

The bucket for the FOSSA web application will need to be configured to allow CORS. The FOSSA web application uses CORS requests to serve bucket contents.

For an example CORS configuration, substitute for <FOSSA_HOSTNAME> in:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT"
        ],
        "AllowedOrigins": [
            "<FOSSA_HOSTNAME>"
        ],
        "ExposeHeaders": [
            "Content-Type",
            "X-Content-Type-Options"
        ],
        "MaxAgeSeconds": 3000
    }
]

Updated 6 months ago