Test deployment¶
Important
- These instructions are not designed for production deployment and are provided for test purposes only to demonstrate the process.
- It is not recommended to deploy the database in Kubernetes for production use. This is acceptable for test deployments.
Compatible-software¶
| Recommended Software | Recommended Software version | Alternative Software | Alternative Software version |
|---|---|---|---|
| Helm | 3 | - | - |
| PostgreSQL | 16+ | Postgres DB (Platform V Pangolin SE) | 6.x.x * |
| MinIO | Latest * | Ceph | Latest * |
* Standard APIs are used
Deployment¶
-
Create a namespace.
-
If the corporate registry is only accessible with authentication, create a secret.
PostgreSQL launch¶
-
Create a PostgreSQL cluster for
fuchsiadandbackendusing the provided TimescaleDB manifest.timescaledb.yaml
apiVersion: v1 kind: Secret metadata: name: timescaledb-secrets type: Opaque stringData: fuchsiad-user: "fuchsia" fuchsiad-password: "kk243kKLLjlfdsnl2d762J" fuchsiad-database: "fuchsia" backend-user: "backend" backend-password: "gfdsgebhkkhHBI723hvIB2njk42" backend-database: "backend" --- apiVersion: v1 kind: Service metadata: name: fuchsiad-database spec: type: ClusterIP ports: - port: 5432 targetPort: 5432 protocol: TCP selector: app: fuchsiad-database --- apiVersion: apps/v1 kind: StatefulSet metadata: name: fuchsiad-database spec: serviceName: fuchsiad-database replicas: 1 selector: matchLabels: app: fuchsiad-database template: metadata: labels: app: fuchsiad-database spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: timescaledb image: timescale/timescaledb:2.22.1-pg16 ports: - containerPort: 5432 name: postgres env: - name: POSTGRES_USER valueFrom: secretKeyRef: name: timescaledb-secrets key: fuchsiad-user - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: timescaledb-secrets key: fuchsiad-password - name: POSTGRES_DB valueFrom: secretKeyRef: name: timescaledb-secrets key: fuchsiad-database - name: PGDATA value: /var/lib/postgresql/data/pgdata securityContext: capabilities: drop: - ALL allowPrivilegeEscalation: false readOnlyRootFilesystem: false privileged: false resources: requests: memory: "2Gi" cpu: "1" limits: memory: "4Gi" cpu: "2" volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data volumeClaimTemplates: - metadata: name: postgres-data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 5Gi --- apiVersion: v1 kind: Service metadata: name: backend-database spec: type: ClusterIP ports: - port: 5432 targetPort: 5432 protocol: TCP selector: app: backend-database --- apiVersion: apps/v1 kind: StatefulSet metadata: name: backend-database spec: serviceName: backend-database replicas: 1 selector: matchLabels: app: backend-database template: metadata: labels: app: backend-database spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: timescaledb image: timescale/timescaledb:2.22.1-pg16 ports: - containerPort: 5432 name: postgres env: - name: POSTGRES_USER valueFrom: secretKeyRef: name: timescaledb-secrets key: backend-user - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: timescaledb-secrets key: backend-password - name: POSTGRES_DB valueFrom: secretKeyRef: name: timescaledb-secrets key: backend-database - name: PGDATA value: /var/lib/postgresql/data/pgdata securityContext: capabilities: drop: - ALL allowPrivilegeEscalation: false readOnlyRootFilesystem: false privileged: false resources: requests: memory: "2Gi" cpu: "1" limits: memory: "4Gi" cpu: "2" volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data volumeClaimTemplates: - metadata: name: postgres-data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 5Gi
S3 storage launch¶
-
Create a manifest using the provided MinIO configuration file.
minio.yaml
apiVersion: v1 kind: Secret metadata: name: minio-secrets type: Opaque stringData: root-user: "fuchsia" root-password: "kl1olL9au79" --- apiVersion: v1 kind: Service metadata: name: minio spec: type: ClusterIP ports: - port: 9000 targetPort: 9000 protocol: TCP name: api - port: 9001 targetPort: 9001 protocol: TCP name: console selector: app: minio --- apiVersion: apps/v1 kind: StatefulSet metadata: name: minio spec: serviceName: minio replicas: 1 selector: matchLabels: app: minio template: metadata: labels: app: minio spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: minio image: minio/minio:RELEASE.2025-09-07T16-13-09Z-cpuv1 args: - server - /data - --console-address - ":9001" ports: - containerPort: 9000 name: api - containerPort: 9001 name: console env: - name: MINIO_ROOT_USER valueFrom: secretKeyRef: name: minio-secrets key: root-user - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: name: minio-secrets key: root-password securityContext: capabilities: drop: - ALL allowPrivilegeEscalation: false readOnlyRootFilesystem: false privileged: false resources: requests: memory: "1Gi" cpu: "500m" limits: memory: "2Gi" cpu: "1" volumeMounts: - name: minio-data mountPath: /data volumeClaimTemplates: - metadata: name: minio-data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 5Gi
Scanner launch¶
- In the top section of the
values.yamlfile, fill in the empty fields related to S3 storage and PostgreSQL. -
Launch the scanner using Helm.