# Deploy API Signer to Kubernetes Using Helm Chart Set up an API Signer to run on Kubernetes. Here's the general flow: - First, provision API Signer on a local machine using the Fordefi web console. - Activate the API Signer. - Prepare the cluster for the Helm deployment by setting the necessary API Signer state and use Helm Chart to deploy the API Signer to the remote cluster. - Provision API users by registering them using API Signer. ## Provision API Signer 1. [Create an API Signer](/developers/authentication#create-an-api-user-and-token) in the Fordefi web console. 2. Log in to Fordefi's Docker repository: ```shell docker login -ufordefi fordefi.jfrog.io ``` 3. Run the API Signer on a local machine, mounting a local directory for storing its credentials: ```Text docker run -v /path/to/api-signer-storage:/storage \ -it fordefi.jfrog.io/fordefi/api-signer:latest ``` Output: ``` ======================================== ========= API-Signer Main Menu ========= ======================================== Use the arrow keys to navigate: ↓ ↑ → ← ? API-Signer is not provisioned. What do you want to do?: ▸ Provision signer Configure signer Exit ``` 4. When prompted, choose `Provision signer` and follow the on-screen instructions. Move on to [Activate the API Signer](/developers/getting-started/set-up-an-api-signer/activate-api-signer) to ensure that the API Signer is part of your organization. ## Prepare the cluster for Helm Chart deployment 1. Create a namespace: ```shell kubectl create namespace fordefi-api-signer ``` 2. Store the image pull secret in the namespace: ```shell kubectl create secret docker-registry -n fordefi-api-signer fordefi-reg-creds \ --docker-server=fordefi.jfrog.io \ --docker-username=fordefi --docker-password= ``` 3. Store the API Signer secrets in the namespace: ```shell kubectl create secret generic -n fordefi-api-signer \ --from-file credentials=/path/to/api-signer-storage/filedb/CREDENTIALS.json \ --from-file secrets=/path/to/api-signer-storage/filedb/SECRETS.json \ api-signer-secrets ``` 4. Add the Helm repository: ```shell helm repo add fordefi-helm \ https://fordefi.jfrog.io/artifactory/api/helm/fordefi-helm \ --username fordefi --password ``` 5. Update Helm repositories: ```shell helm repo update ``` 6. Install the Helm chart: ```shell helm install \ --namespace fordefi-api-signer \ fordefi-api-signer \ fordefi-helm/api-signer ``` Output: ``` NAME: api-signer-1697478488 LAST DEPLOYED: Mon Oct 16 20:48:10 2023 NAMESPACE: fordefi-api-signer STATUS: deployed REVISION: 1 TEST SUITE: None ``` 7. Check that the deployment was successful: ```shell kubectl get pod -n fordefi-api-signer ``` Output: ``` NAME READY STATUS RESTARTS AGE api-signer-1697478488-54b4dc44c6-njhw9 1/1 Running 0 62s ``` 8. Once you have completed all the steps, ensure that you delete the files that were created by API Signer from your local machine: ```shell rm -rf /path/to/api-signer-storage ``` ## Provision new API users Create an API user in the web console and follow the [pairing instructions](/developers/getting-started/pair-an-api-client-with-the-api-signer). Then, to upload the public key to API Signer, run the following command and continue as instructed. ```shell kubectl exec -it $(kubectl get pods -n fordefi-api-signer | grep api-signer | awk '{print $1}'| head -n 1) -n fordefi-api-signer -- ./api-signer ```