Skip to main content
Version: v3.7 (deprecated)

Managed Elasticsearch and PostgreSQL

For production deployment of Deepfence Management Console, we recommend using cloud/vendor managed Elasticsearch and PostgreSQL services.

Elasticsearch

Amazon Opensearch Service

Please use the following settings to configure the Elasticsearch service

OptionRecommended Value
Deployment typeProduction
Version7.10
Auto-TuneEnable
Availability Zones2-AZ / 3-AZ depending on requirements
Number of nodes2 / 3
Instance typet3.medium.search / m6g.large.search or better
Storage typeEBS
EBS volume typegp3
EBS storage size per node>100 GiB
Master node - Instance typem6g.large.search / r6g.large.search
Master - Number of nodes3
Public accessNo (provide access only to management console nodes)
Enable fine-grained access controlYes
Create master userSet username and password
PasswordShould only contain alphabets, numbers and -
Access policyOnly use fine-grained access control
EncryptionYes

In console helm chart, set the values for elasticsearch accordingly.

db:
elasticsearch:
scheme: "https"
host: search-deepfence-aaaaaa.us-east-1.es.amazonaws.com
port: "443"
# Accepted characters for username and password: alphabets, numbers and -
user: "<user>"
password: "<password>"

Elastic Cloud

Please use the following settings to configure the Elasticsearch service

OptionRecommended Value
Version7.17.6
Hardware profileGeneral purpose
Size4 GB RAM or better

In console helm chart, set the values for elasticsearch accordingly.

db:
elasticsearch:
scheme: "https"
host: deepfence-012345.es.us-east-1.aws.found.io
port: "443"
# Accepted characters for username and password: alphabets, numbers and -
user: "<user>"
password: "<password>"

PostgreSQL

AWS RDS

Please use the following settings to configure the Elasticsearch service

OptionRecommended Value
EnginePostgreSQL
Version13.7-R1 or above
AvailabilitySingle DB instance / Multi-AZ DB instance
CredentialsSet username and password
DB instance classdb.m6i.large / db.t3.medium or better
Storage typeProvisioned IOPS SSD
Allocated storage>= 100
Provisioned IOPS>= 3000
Public accessNo (provide access only to management console nodes)
Database authenticationPassword authentication
Initial database namedeepfence

In console helm chart, set the values for postgresql accordingly.

db:
postgresUserDb:
host: pg-db-1.aaaaaa.us-east-1.rds.amazonaws.com
port: "5432"
user: "postgres"
password: "<password>"
dbname: "deepfence"
sslmode: "disable"