Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Deployment with Existing Kubernetes

This document provides installation and configuration procedures for Superna 5.x deployment.

  1. Download Installation Files

    Obtain the necessary installation files for Superna 5.x deployment.

    • Download the Bootstrap script: bootstrap.sh (link to be added)
    • Download the YAML template: bootstrap.template.yaml (link to be added)
    • Save both files in a directory where you have execution permissions

  2. Configure Template

    Prepare the configuration file with your environment-specific parameters.

    • Open the YAML template with a text editor
    • Configure the required parameters for your environment:
    env:
      # Endpoint FQDN configuration
      # Production environments require DNS-resolvable domain
      fqdn: hyperion-<identifier>.k8s.superna.net
      
      # Kubernetes namespace configuration
      # Must be unique within the cluster
      namespace_prefix: <identifier>

    argocd:
      # Authentication configuration
      password: <your_password>

    hyperion:
      provider:
        # Helm repository configuration
        url: git@bitbucket.org:superna/helm-charts
        private: true
      
      helm:
        chart_values: |-
          # Database configuration
          postgres:
            useExistingCNPG: true
          # Message queue configuration
          kafka:
            useExistingStrimzi: true

    # Alert configuration
    smtp:
      # SMTP server configuration
      host: email-smtp.us-east-2.amazonaws.com
      port: 587
      user: <smtp_username>
      password: <smtp_password>

  3. Execute Installation

    Run the bootstrap script to initiate the Superna 5.x deployment.

    • Open a terminal window
    • Navigate to the directory containing the downloaded files
    • Execute the bootstrap script with appropriate parameters:
    ./bootstrap.sh <identifier> <your_yaml_file>

    Example:

    ./bootstrap.sh myenv ./bootstrap.dev.yaml

    Where:

    • <identifier>: Namespace prefix for the deployment
    • <your_yaml_file>: Path to configuration file

  4. Verify Installation

    Confirm that all Superna 5.x services are running correctly.

    • Check that services are deployed and running:
    kubectl get services -n <identifier>-hyperion
    • Verify all core services show STATUS: Running

  5. Access Management Interface

    Configure access to the Superna 5.x web interface.

    • Configure port forwarding to access the web interface:
    kubectl port-forward -n <identifier>-hyperion svc/<identifier>-hyperion-central-eyeglass 8081:8081
    • Open a web browser and navigate to: http://127.0.0.1:8081
    • Log in with your credentials
    note

    Port forwarding provides local-only access. Production environments require proper network configuration with dedicated URL.

  6. Configure Storage Monitoring

    Add storage devices to be monitored by Superna 5.x.

    Superna 5.x supports the following storage platforms:

    • PowerScale
    • Qumulo
    • VAST
    • AWS S3

  7. Add Storage Device

    Register a storage device for monitoring.

    • Prepare the API request with your device information
    • Execute the following API call:
    curl -X PUT http://127.0.0.1:8081/RestClient/device/ManagedDevices -d \
    '{
      "platformCode": "aws",
      "onpremClusterID": "onprem",
      "properties": {
        "accountID": "<account_id>",
        "credentials": {
          "type": "ACCESS_KEY",
          "accessKey": "<access_key>",
          "secretKey": "<secret_key>"
        }
      },
      "protectedBuckets": ["<bucket_name>"]
    }'

    Where:

    • platformCode: Storage platform identifier (aws, qumulo, vast, powerscale)

    • onpremClusterID: Logical cluster identifier

    • properties: Platform-specific configuration parameters

    • protectedBuckets: Resources to be monitored (platform-specific)

    • Verify device registration in the management interface

  8. Testing Threat Detection (Optional)

    Verify that the threat detection system is working correctly.

    • For AWS S3: Upload files with suspicious extensions (.locky, .cryptolocker) to your monitored bucket
    • For PowerScale/Qumulo/VAST: Create files with suspicious extensions on your monitored shares
    • Return to the Superna 5.x UI and check the "Threat detections" page
    • You should see new threat events appear
    • Click an event to see details and available response options

  9. Start the Onboarding Mode

    Begin the automated learning period for your environment.

    • Navigate to the System Settings section in the Superna 5.x UI

    • Verify that Onboarding Mode is active (this is the default for new installations)

    • Review the default settings:

      • Auto-learning is enabled
      • User lockouts are disabled
      • Snapshots are enabled for NFS exports and SMB shares
      • Event expiry times are preset based on severity
      important

      You should remain in Onboarding Mode until the number of detections per day over a 3-day period falls below 2. This ensures the system has properly learned your environment's baseline behavior.

    • Monitor the Threat Detection dashboard daily during the Onboarding period

    • After sufficient learning (typically 1 week), you'll receive a notification that you're ready to exit Onboarding Mode

    After completing setup and starting Onboarding Mode, Superna 5.x continuously monitors your chosen storage platform, learns from detected events, and prepares to provide optimized protection for your environment.