This article describes how to install Cequence Honeytrap in a Kubernetes environment using Helm.
Prerequisites
Before beginning the installation, ensure you have:
- Helm installed and configured
- Access to a Kubernetes cluster
- Policy Engine credentials and endpoint information
- Container registry credentials (regcred)
Installation Steps
Step 1: Add the Cequence Helm Repository
Add the Cequence Helm chart repository to your Helm configuration:
helm repo add cequence https://cequence.gitlab.io/helm-charts
Step 2: Update and Verify Repository
If you have previously added the Cequence repository, update it and verify the latest available Honeytrap release:
helm repo update helm search repo cequence/honeytrap --versions
Note: At the time of publication, the latest available version was 4.9.0.
Step 3: Create Values Override File
Create a values override file (for example, values.yaml) with your environment-specific configuration:
config:
policyEngine:
# Policy Engine hostname (FQDN where Policy Engine is running)
host: "policy-engine.<fqdn>"
secret: "honeytrap-policy-engine-credentials"
username: "PolicyAdmin"
password: "<supplied by Cequence>"
# Policy Engine port
port: 443
# Protocol scheme for Policy Engine connection
scheme: "https"
honeytrapContainer:
resources:
limits:
cpu: 3000m
memory: 1Gi
requests:
cpu: 1000m
memory: 1Gi
hosts:
# Domain used to configure ingress routing
domain: "example.com"
# Host suffix appended with hyphen to subdomain (such as honeytrap-staging.example.com)
hostSuffix: ""
# Subdomain for Honeytrap ingress route (when set, hostSuffix is not applied)
name: ""
imagePullSecrets:
- name: regcred
ingress:
annotations: {}
class: nginx
enabled: true
tls:
secretName: ""Configuration Parameters
The following table describes the key configuration parameters:
| Parameter | Description | Default Value |
config.policyEngine.host | Fully qualified domain name where Policy Engine is running | Required |
config.policyEngine.port | Port where Policy Engine is accessible | 443 |
config.policyEngine.scheme | Protocol scheme (https or http) | https |
honeytrapContainer.resources | CPU and memory resource limits and requests | See example |
hosts.domain | Base domain for ingress routing | |
ingress.class | Ingress controller class | |
ingress.enabled | Enable or disable ingress creation | true |
Step 4: Install Honeytrap Using Helm
Execute the following command to install Honeytrap with your custom configuration:
helm install honeytrap cequence/honeytrap -f values.yaml
Verification
After installation, verify the deployment status:
kubectl get pods -l app.kubernetes.io/name=honeytrap kubectl get ingress
Next Steps
After successful installation:
- Verify connectivity to the Policy Engine
- Configure your load balancer or proxy to route traffic to Honeytrap
- Test the installation with sample requests