FedRamp Install

This page covers installing Kloudfuse using the kfuse-fed chart for FIPS environments. The FED chart uses cloud provider managed services (RDS, ElastiCache, MSK) instead of bundled in-cluster deployments.

Before proceeding, complete the following:

  1. Prerequisites

Helm Registry Login

token.json is the GCP service account key file provided by Kloudfuse for accessing the Helm chart registry.

cat token.json | helm registry login -u _json_key --password-stdin us-east1-docker.pkg.dev

Namespace and Image Pull Secret

export NAMESPACE=<your-namespace>

kubectl create namespace "$NAMESPACE"

kubectl create secret docker-registry kfuse-image-pull-credentials \
  --namespace="$NAMESPACE" \
  --docker-server='us.gcr.io' \
  --docker-username=_json_key \
  --docker-email='container-registry@mvp-demo-301906.iam.gserviceaccount.com' \
  --docker-password="$(cat token.json)"

Create custom-values.yaml

Start with the FED values from Cloud Services and add any environment-specific overrides (TLS, ingress, observability, affinity, tolerations).

Install

helm upgrade --install kfuse \
  oci://us-east1-docker.pkg.dev/mvp-demo-301906/kfuse-helm/kfuse-fed \
  --namespace="$NAMESPACE" \
  --version <chart-version> \
  -f custom-values.yaml