Skip to content

How to install?

Note

Step 1: Onboarding the cluster to the accuknox UI (Eg. CWPP cluster).

Step 2: Fetch the cluster id and workload id for the below agents installation.

Alt

Installing Helm

This guide shows how to install the Helm CLI. Helm can be installed either from source, or from pre-built binary releases.

From the Binary Releases

Every release of Helm provides binary releases for a variety of OSes. These binary versions can be manually downloaded and installed.

Download your desired version

Unpack it (tar -zxvf helm-v3.0.0-linux-amd64.tar.gz)

Find the helm binary in the unpacked directory, and move it to its desired destination (mv linux-amd64/helm /usr/local/bin/helm)

Note: Helm automated tests are performed for Linux AMD64 only during CircleCi builds and releases. Testing of other OSes are the responsibility of the community requesting Helm for the OS in question.

For more reference: Click here..


Add accuknox repository to install Agents helm package:

helm repo add accuknox-onprem-agents https://USERNAME:[email protected]/repository/accuknox-onprem-agents
helm repo update
helm search repo accuknox-onprem-agents

Follow the below order to install agents on k8s cluster.

Cilium

Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.

At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration.

Installation

Note 1.10.5 having crashingloopback issues, so we are using 1.9.8

curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum} sha256sum --check cilium-linux-amd64.tar.gz.sha256sum

sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin

rm cilium-linux-amd64.tar.gz{,.sha256

cilium install --version 1.9.8

cilium hubble enable

Validate the cilium Installation

To validate that Cilium has been properly installed, you can run

cilium status --wait

Alt

Alt

Refer official site: https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/

kArmor

kArmor is a CLI client to help manage KubeArmor. KubeArmor is a container-aware runtime security enforcement system that restricts the behavior (such as process execution, file access, and networking operation) of containers at the system level.

Installation

curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sh

kubectl get pods -n kubesystem | grep kubearmor
Alt

FYR: https://github.com/kubearmor/kubearmor-client

Refer official site: https://www.accuknox.com/kubearmor/

Shared-informer-agent

kubectl create ns accuknox-agents
helm upgrade --install accuknox-shared-informer-agent shared-informer-agent-chart-1.0.1.tgz -n accuknox-agents

Policy Enforcement Agent

kubectl create ns policy-agent
helm upgrade --install accuknox-policy-enforcement-agent policy-enforcement-agent-1.0.1.tgz -n policy-agent
kubectl set env deploy/policy-enforcement-agent -n policy-agent workspace_id=<wid>

Note: wid - workspace id number fetch from Accuknox UI.

Feeder-Service

kubectl create ns accuknox-feeder-service
helm upgrade --install accuknox-feeder-service feeder-service-1.0.1.tgz -n accuknox-feeder-service

Knox-Containersec

helm upgrade --install accuknox-knox-containersec knox-containersec-chart-1.0.1.tgz -n accuknox-agents

S3-audit-reporter

kubectl create ns accuknox-s3-audit-reporter-agent
helm upgrade --install accuknox-s3-audit-reporter-agent s3-audit-reporter-charts-1.0.1.tgz -n accuknox-s3-audit-reporter-agent

Back to top