Requirements
- kubectl v1.18 or higher
- eksctl (optional)
- Google Cloud Platform service account key file which will be provided to you by Capsule8
- Save the key file provided to you by Capsule8 file locally to
~/.capsule8/service-account.json
- Make a note of the email address in that file.
- Save the key file provided to you by Capsule8 file locally to
- Additional requirement can be found here
The Kubernetes manifest yaml file will install the Capsule8 Console, Capsule8 Sensor, and a Postgres database for evaluation purposes.
Steps to Installing the Console on Kubernetes
Please perform the following steps as shown below:
1. Initial Setup Verification
Before starting, verify that kubectl
is configured to point to your target installation cluster
# Verify the correct cluster is selected
$ kubectl config current-context
2. Create Kubernetes Secret
Set an environment variable in the terminal that you plan on using:
$ export CAPSULE8_SERVICE_ACCOUNT_EMAIL=${SERVICE_ACCOUNT_EMAIL}
Replace ${SERVICE_ACCOUNT_EMAIL}
with the email from your service account key file before running the following kubectl command to create a new Kubernetes Secret. This secret will be used to authenticate your kubelet so that it can pull from our private container registry.
$ kubectl create secret docker-registry capsule8-registry-secret \
--docker-username=_json_key \
--docker-server=https://us.gcr.io \
--docker-email=$CAPSULE8_SERVICE_ACCOUNT_EMAIL \
--docker-password="$(cat ~/.capsule8/service-account.json)"
Now run the below command to see your new Secret:
$ kubectl get secrets
You should now see your new Secret. This secret will be used to authenticate your kubelet so that it can pull from our private container registry although other registries can be used.
Note: Please note that access is granted specifically for our manifests which references the K8s docker-registry capsule8-registry-secret
3. Apply the Manifest
Download a copy of the manifest provided by Capsule8 and apply it:
# Apply the manifest to create the initial resources
$ kubectl apply -f https://capsule8-assets.s3.amazonaws.com/latest/sensor-console-manifest.yaml
# Wait for the pods to come online
$ kubectl get pods -w
# Port forward the Capsule8 Console
$ kubectl port-forward service/capsule8-console 8080:3030
Open http://localhost:8080 in a browser to access the Console.
Notes:
- It is recommended that all production deployments use a managed service for the database (e.g. AWS RDS) instead.
- If you do not already have a test cluster, Capsule8 recommends using eksctl to spin up an EKS cluster which can be as simple as running
$ eksctl create cluster
. For more information on eksctl, see the official AWS documentation
Comments
0 comments
Please sign in to leave a comment.