Skip to main content
Version: 5.16.0

Getting Started

Prerequisites

Before you run the Structsure Enterprise, ensure you have the following:

  • A Kubernetes deployment with at least 8 CPU and 32 GiB of memory available
  • A default storage class and a minimum of 50 GiB of storage available
  • The Zarf bin for your OS
  • Zarf initialized with the Git server component enabled

Refer to the following guide to set up a demo environment.

Single-Node Demo Environment

This portion of the guide will briefly walk you through setting up a single-node demo environment for the Structsure Enterprise. Following these instructions will result in a single EC2 instance, running K3s, and using the local-path storage provisioner. This demo environment is not suitable for hosting production workloads, but could be used as an "edge" deployment or for development/assessment scenarios.

Deploy an EC2 Instance:

To run a single-node deployment of the Structsure Enterprise, we need an EC2 Instance with a minimum 8 CPUs, 32 GB of memory, and 50 GB of storage.

The following steps will guide you on deploying an instance via the AWS EC2 console:

  1. Log into the AWS console to create EC2 Instances. Note: Only users with permissions can access the AWS console.

  2. Navigate to the EC2 Service.

  3. Locate and click the "Launch instance" button.

  4. Provide a name for your instance, such as structsure-demo.

  5. Select Amazon Linux from the Quick Start AMI list. Note: You must select 64-bit (x86) for the architecture.

  6. Select t3a.2xlarge, t3.2xlarge, t2.2xlarge or any other instance with 8 vCPU and 32 GiB memory available in your Region.

  7. Click the "Create new key pair" link.

    a. Name the link, e.g., structsure-demo.

    b. Ensure that "Key pair type" is RSA and "Private key file format" is .pem.

    c. Click the "Create key pair" button. Store the resulting private key in a safe place.

  8. Verify you have a proper VPC and Subnet selected.

  9. Verify you have a proper security group selected, or alternatively create a new one allowing SSH and HTTPS inbound from your workstation.

  10. In the Configure Storage block, set the root volume to: 50 GiB.

  11. Click the "Launch instance" button and wait for the instance to start.

Get the Zarf Bin:

Connect to your new instance via SSH. If you need assistance, refer to the AWS documentation.

  1. Execute the following curl commands to download the correct Zarf bin and Zarf init package.

    curl -C - -LO https://github.com/defenseunicorns/zarf/releases/download/v0.29.2/zarf_v0.29.2_Linux_amd64
    curl -C - -LO https://github.com/defenseunicorns/zarf/releases/download/v0.29.2/zarf-init-amd64-v0.29.2.tar.zst

  2. Execute the following command to install the bin on your system.

    sudo install zarf_v0.29.2_Linux_amd64 /usr/local/bin/zarf

  3. Execute the following command to test the Zarf bin. It should output v0.29.2.

    zarf version

  4. Initialize Zarf by executing the following command. Note: This may take some time. Ensure you are running this command with sudo.

    ```bash
    sudo zarf init --no-progress --confirm --components k3s,git-server
    ```

Deploy Structsure Enterprise

Obtain a copy of the Structsure Enterprise deployment package. This package consists of several parts and should be copied to the deployment system. The package can be deployed by issuing the following command. For a full install reference, refer to the installation-options document.

For this single node install, we will rely on nip.io for DNS. It's a convenient way to give a DNS name to any arbitrary IP address, and will allow us to focus on getting Structsure up and running quickly.

note

Although the nip.io service will give a DNS name to any IP address, it will not allow you to route to private IP addresses (such as those starting with 10. or 192.168.) over the public Internet. As such, if you are not able to access the EC2 instance from within the same VPC (using a VPN or another method), then this should be the public IPv4 address of the EC2 instance.

The following command assumes an EC2 instance with a private IP address of 10.32.39.24:

sudo zarf package deploy zarf-package-structsure-enterprise-amd64-v5.0.0.tar.zst.part000 --no-progress --confirm --set DOMAIN=10-32-39-24.nip.io

Accessing Structsure Enterprise Web Applications

When deployment is complete, the web applications (apps) should be accessible. The URLs for each app will be different for every deployment, as the DNS domain is either provided as an argument or auto-discovered by the installation process. You can list these hostnames by issuing the following command:

sudo kubectl get VirtualService -A

The output in the HOSTS column can be used to construct the URL simply by prepending https:// to the hostname. The HOSTS column will reflect the hostname of the EC2 instance that it is being run on. For example, the Grafana web app can be accessed via https://grafana.10-32-39-24.nip.io, as determined by the output shown below.

NAMESPACE    NAME                                      GATEWAYS                  HOSTS                                 AGE
monitoring   monitoring-monitoring-kube-grafana        ["istio-system/public"]   ["grafana.10-32-39-24.nip.io"]        9m16s
monitoring   monitoring-monitoring-kube-alertmanager   ["istio-system/public"]   ["alertmanager.10-32-39-24.nip.io"]   9m16s
monitoring   monitoring-monitoring-kube-prometheus     ["istio-system/public"]   ["prometheus.10-32-39-24.nip.io"]     9m16s
neuvector    neuvector-neuvector                       ["istio-system/public"]   ["neuvector.10-32-39-24.nip.io"]      6m4s
argocd       argocd-argocd-server                      ["istio-system/public"]   ["argocd.10-32-39-24.nip.io"]         5m47s

The following sections will walk you through authenticating to each web app. It is highly recommended that you log into these immediately after deploying and update with a secure password that adheres to your organizational policy. Alternatively, you can set up Single Sign-On (SSO) for your deployment.

Grafana

The default username for Grafana is admin, and the default password is prom-operator.

Alertmanager

No credentials are required to access Alertmanager. To configure authentication for Alertmanager, please see the SSO configuration documentation.

Prometheus

No credentials are required to access Prometheus. To configure authentication for Prometheus, please see the SSO configuration documentation.

Argo CD

The default username for Argo CD is admin. The initial password can be obtained by executing the following command:

sudo kubectl get secret -n argocd argocd-initial-admin-secret -o go-template='{{ index .data "password" | base64decode }}'

NeuVector

Before logging into NeuVector, you will be required to accept the End User Agreement. Both the default username and password for NeuVector is admin.

Uninstall

To uninstall the Structsure Enterprise, issue the following command:

sudo zarf destroy --confirm

Please note that this will remove all Structsure Enterprise managed workloads and data from your Kubernetes cluster. It will also remove any Zarf related workloads from your cluster. If you initialized K3s using Zarf, it will stop and uninstall K3s, as well.