Skip to content

Manage onboarded cluster

View Onboarded Clusters

  1. Log in to Accuknox and select Manage Onboarded Clusters
    from the Workspace Manager menu.
  2. Onboarded Clusters can be viewed here.

Install Agents in Onboarded Clusters

  1. Log in to Accuknox and select Manage Onboarded Clusters
    from the Workspace Manager menu.
  2. Select the Cluster and click Next button.

On the Workspace Manager page, under Manage Onboarded Clusters, Select the Cluster and click Next . You can view the following Pre-requisites and List of Agents:

  • Pre-requisites
    • Create Namespace
    • Adding AccuKnox Helm repository
  • Cilium
  • KubeArmor
  • Feeder Service
  • Shared Informer Agent
  • Policy Enforcement Agent
  • Data Protection

Pre-requisites

Create Namespace

kubectl create namespace accuknox-agents

Adding AccuKnox Helm repository

Required incase of installing by Helm

Add AccuKnox repository to install agents helm package

helm repo add accuknox-agents https://username:[email protected]/repository/accuknox-agents

Note: Change credentials as per UI.

Once repository added successfully, update the helm repository

helm repo update

1. Cilium

Installation Guide

Description
This agent is used to apply network policies

Download Cilium CLI

curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-amd64.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
rm cilium-linux-amd64.tar.gz{,.sha256sum}
Install Cilium
cilium install
Enable Hubble in Cilium
cilium hubble enable

2. KubeArmor

Installation Guide

Description
This agent is used to apply system level policies

Download and install karmor CLI

curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/local/bin
Install KubeArmor
karmor install

3. Feeder Service

Installation Guide

Description
Feeder service deployment that collects feeds from Kubearmor and Cilium.

Helm
To Install agents on destination cluster

helm upgrade --install feeder-service accuknox-agents/feeder-service -n accuknox-agents
Set the env of Feeder Service
kubectl set env deploy/feeder-service -n accuknox-agents tenant_id=000 cluster_id=000

Note: The tenant_id & cluster_id will vary according to different clusters.

4. Shared Informer Agent

Installation Guide

Description
this agent authenticates with your cluster and collects information regarding entities like nodes, pods & namespaces.

Helm
To Install agents on destination cluster

helm upgrade --install shared-informer-agent-chart accuknox-agents/shared-informer-agent-chart -n accuknox-agents

5. Policy Enforcement Agent

Installation Guide

Description
This agent authenticates with your cluster and enforces label and policy.

Helm
To Install agents on destination cluster

helm upgrade --install policy-enforcement-agent accuknox-agents/policy-enforcement-agent-chart -n accuknox-agents
Set the env of policy-enforcement-agent
kubectl set env deploy/policy-enforcement-agent -n accuknox-agents workspace_id=000

Note: The workspace_id will vary according to different clusters.

6. Data Protection

Installation Guide

Description
Trains a model based on container workload type. It constantly monitors the syscalls happening inside the container. After training, if the vae sees syscalls happening in a way not seen in training phase, it will send high reconstruction error with detailed forensics information.

To Install agents on destination cluster

helm upgrade --install knox-containersec-chart accuknox-agents/knox-containersec-chart -n accuknox-agents

Back to top