Manage onboarded cluster
View Onboarded Clusters¶
- Log in to Accuknox and select
Manage Onboarded Clusters
from theWorkspace Manager
menu. - Onboarded Clusters can be viewed here.
Install Agents in Onboarded Clusters¶
- Log in to Accuknox and select
Manage Onboarded Clusters
from theWorkspace Manager
menu. - Select the Cluster and click Next button.
On the Workspace Manager
page, under Manage Onboarded Clusters
, Select the Cluster and click Next . You can view the following Pre-requisites and List of Agents:
- Pre-requisites
- Create Namespace
- Adding AccuKnox Helm repository
- Cilium
- KubeArmor
- Feeder Service
- Shared Informer Agent
- Policy Enforcement Agent
- Data Protection
Pre-requisites¶
Create Namespace¶
kubectl create namespace accuknox-agents
Adding AccuKnox Helm repository¶
Required incase of installing by Helm
Add AccuKnox repository to install agents helm package
helm repo add accuknox-agents https://username:[email protected]/repository/accuknox-agents
Note: Change credentials as per UI.
Once repository added successfully, update the helm repository
helm repo update
1. Cilium¶
Installation Guide
Description
This agent is used to apply network policies
Download Cilium CLI
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
cilium install
cilium hubble enable
2. KubeArmor¶
Installation Guide
Description
This agent is used to apply system level policies
Download and install karmor CLI
curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/local/bin
karmor install
3. Feeder Service¶
Installation Guide
Description
Feeder service deployment that collects feeds from Kubearmor and Cilium.
Helm
To Install agents on destination cluster
helm upgrade --install feeder-service accuknox-agents/feeder-service -n accuknox-agents
kubectl set env deploy/feeder-service -n accuknox-agents tenant_id=000 cluster_id=000
Note: The
tenant_id
&cluster_id
will vary according to different clusters.
4. Shared Informer Agent¶
Installation Guide
Description
this agent authenticates with your cluster and collects information regarding entities like nodes, pods & namespaces.
Helm
To Install agents on destination cluster
helm upgrade --install shared-informer-agent-chart accuknox-agents/shared-informer-agent-chart -n accuknox-agents
5. Policy Enforcement Agent¶
Installation Guide
Description
This agent authenticates with your cluster and enforces label and policy.
Helm
To Install agents on destination cluster
helm upgrade --install policy-enforcement-agent accuknox-agents/policy-enforcement-agent-chart -n accuknox-agents
kubectl set env deploy/policy-enforcement-agent -n accuknox-agents workspace_id=000
Note: The
workspace_id
will vary according to different clusters.
6. Data Protection¶
Installation Guide
Description
Trains a model based on container workload type. It constantly monitors the syscalls happening inside the container. After training, if the vae sees syscalls happening in a way not seen in training phase, it will send high reconstruction error with detailed forensics information.
To Install agents on destination cluster
helm upgrade --install knox-containersec-chart accuknox-agents/knox-containersec-chart -n accuknox-agents