Prevent/Prevent-Web

Instructions for deploying the Service and securing web applications running in pods.

Use case

Instructions for deploying the K2 Service and securing web applications running in pods.

Prerequisites

Please check K2 Agent Supported components

K2 Agent Supported Components

It is mandatory to install k2-agent & k2-service in each namespace that protected the application runs in.
The service link should be enabled for application pod spec. For more information about enableServiceLinks Follow: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podspec-v1-core

Steps

Step1 : Kubernetes Volume/CSI setup

Perform Kubernetes Volume/CSI setup as mentioned here

Create a Volume in your cluster with the storage backend of your choice under name ‘k2-volume-1-10-16-PRODUCTION’. Refer https://kubernetes.io/docs/concepts/storage/volumes/ for help regarding K8s Volumes.

Download the collector package from the below URL :

sudo wget -O k2-collectors.zip 'k2io.net/centralmanager/api/v1/help/installers/1.10.16/download/900/96034619811149418751983254798275494295/vm-all.zip?agent_name=all&groupName=PRODUCTION&agentDeploymentEnvironment=PRODUCTION&pullPolicyRequired=true'

Extract the contents of k2-collectors.zip :
```
unzip k2-collectors.zip
```
Copy the contents of the k2-collectors directory into the ‘k2-volume-1-10-16-PRODUCTION’ volume.
(Optional) Remove the k2-collectors.zip :
```
rm -f k2-collectors.zip
```

You need to add this volume to K2 Agent Pod at /opt/k2-ic mount point in the below yaml before install.

Step 2 : Download Yaml

Download the K2 DaemonSet installation YAML for an agent. By default, K2 Prevent-Web is selected.

Download it from Kubernetes page of the Installation Section of the K2M UI.

Step 3 : Unzip the K2DaemonSet Installation files

sudo unzip minion-k2segment-k2preventweb.zip

For Advanced Configuration of K2 Agents Yaml, Please Refer

K8s Yaml Configuration

Step 4 : Grant view access

Grant view access to default user on default namespace by creating a clusterrolebinding object with the built-in view clusterrole.

kubectl create clusterrolebinding default-read-default --clusterrole view  --serviceaccount=default:default

Step 5 : Install Yaml

Install the above YAML(s) along with a desired kubernetes namespace in which you want the applications to be protected by K2. The mechanism to specify namespace will vary as per your setup.

Congratulations, You have successfully installed K2 Platform on your premises.

PreviousKubernetes NextSegment

Last updated 3 years ago

Was this helpful?