Documentation for Helm Chart Deployment

This documentation provides step-by-step instructions for a less experienced administrator to deploy the anomalyguard application into a Kubernetes cluster using a custom Helm chart pulled from a public Azure Container Registry (ACR).

Prerequisites

Before starting the installation, the administrator must have:

Access to a Kubernetes cluster (e.g., Azure Kubernetes Service – AKS).
Installed and configured tools: kubectl, helm (v3+), and az CLI (Azure Command-Line Interface).
External PostgreSQL Database configured (see Step 2).
Network Access from Kubernetes Pods to the license server (see Important Notice).

IMPORTANT NOTICE: Licensing and Marketplace Requirements

The network and database requirements below apply ONLY to the installation using this custom Helm Chart.

Requirement	Custom Helm Chart (This Documentation)	Azure Marketplace Package
Access to `api.anomalyguard.com`	REQUIRED – For license initialization and verification.	NOT REQUIRED – Licensing is handled by Azure Marketplace mechanisms (described in separate documentation).
External PostgreSQL DB	REQUIRED – Must be prepared and configured (Step 2).	NOT REQUIRED – The database is automatically included and managed within the Marketplace package.

Network Access for Licensing

For the backend application to start and run successfully, outbound network access must be enabled for the Pods to connect to the license API:

URL: https://api.anomalyguard.com (standard port 443)

The administrator must ensure that any Firewall, Network Security Group (NSG), or Kubernetes Network Policy is not blocking this communication.

Step 1: Configure Kubernetes Access (`kubectl`)

The kubectl tool is a client and requires configuration to connect to the cluster with the correct authorization. This step assumes deployment to Azure Kubernetes Service (AKS).

1.1 Log in to Azure (if not already logged in)

az login

This command will open a browser for interactive sign-in.

1.2 Get and Set the Cluster Context

Use the Azure CLI to download the cluster configuration and set it as the current context in your local ~/.kube/config file. Replace the placeholders ( and ) with your actual values.

az aks get-credentials --resource-group <resource-group-name> --name <cluster-name>

1.3 Verify Connection

Confirm that kubectl is connected and authorized:

kubectl get nodes

If nodes are listed, the connection is successful.

Step 2: PostgreSQL Database Preparation

The application requires an external PostgreSQL instance.

2.1 Secure the Database: Ensure you have a running, accessible PostgreSQL instance.
2.2 Create Database and Schema: Create a database (e.g., anomaly_db) and a schema named anobi (as required by the Helm chart's configuration).
2.3 Create Access Account: Create a dedicated database user (<u>) and password (<p>) with necessary permissions for the anobi schema.

Key Values to Note: Host (IP/DNS), Port (usually 5432), Database Name, Username (<u>), Password (<p>).

Step 3: Create Kubernetes Secret (for Database Credentials)

The database access details from Step 2 must be securely stored in Kubernetes as a Secret named anomalyguard-db within the target namespace (anomgrd).

3.1 Create Namespace

If the namespace anomgrd (as defined in global.namespace in your values.yaml) does not exist, create it:

kubectl create namespace anomgrd

3.2 Create the Secret

Replace the placeholders with the actual values from Step 2:

kubectl create secret generic anomalyguard-db \
--from-literal=appDbConnstring="Host=<host>;Port=5432;Database=<db>;Username=<u>;Password=<p>;Timeout=60;" \
--from-literal=appDbSchema="anobi" \
-n anomgrd

Step 4: Download Helm Chart and Modify Configuration

To customize parameters such as the number of backend slave replicas, resource limits, or Ingress settings, you must download the chart locally.

4.1 Log in to ACR (OCI)

Though the registry is public, Helm requires login for OCI operations:

helm registry login acranomalyguard.azurecr.io`
# You may use 'anon' or any placeholder username/password as it is public.

4.2 Download and Extract the Chart

Download the Helm chart to a local directory:

helm pull oci://acranomalyguard.azurecr.io/helm/anomalyguard-app --untar

This creates a local directory named anomalyguard-app containing the default values.yaml file.

4.3 Edit values.yaml

Open the anomalyguard-app/values.yaml file and make necessary adjustments.

Example: Modifying Backend Slave Replicas:

# ... inside backend:slave section
  slave:
    replicas: 5  # <-- Changed the replica count to 5
# ...

Example: Configuring Ingress Host:

# ...
ingress:
  enabled: true
  className: nginx
  host: "anomguard.your-domain.com" # <-- Set the domain
# ...

Step 5: Install the Application using the Local Chart

Use the locally downloaded and modified chart directory for the final installation.

helm install anomalyguard-release ./anomalyguard-app --namespace anomgrd

./anomalyguard-app: The path to the local directory containing the chart.
anomalyguard-release: The chosen name for this specific Helm installation (release).

Step 6: Verification of Installation

After installation, verify that all components are running correctly.

Check Helm Release Status:

helm status anomalyguard-release -n anomgrd

Verify Pods, Services, and Ingress:

kubectl get all -n anomgrd

Confirm that the number of backend slave Pods matches your configuration (e.g., 5) and all Pods are in the Running state.

Verify Ingress:

kubectl get ingress -n anomgrd