这可能是云原生安全圈最大的事儿,NeuVector被开源了,
以下是安装部署记录,
用helm安装,还得是v2版本,
wget https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz,
tar -zxvf helm-v2.17.0-linux-amd64.tar.gz,
安装tiller,vim helm-rbac.yaml,
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
kubectl apply -f helm-rbac.yaml,
./linux-amd64/helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.17.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts --service-account=tiller,
安装NeuVector,
./linux-amd64/helm repo add neuvector https://neuvector.github.io/neuvector-helm/,
./linux-amd64/helm repo update,
./linux-amd64/helm repo list,
./linux-amd64/helm install --name my-neuvector --namespace neuvector neuvector/core,
更换镜像,不然默认的镜像下载不下来,
kubectl set image deployment.apps/neuvector-controller-pod *=neuvector/controller.preview:5.0.0-preview.1 -n neuvector,
kubectl set image deployment.apps/neuvector-manager-pod *=neuvector/manager.preview:5.0.0-preview.1 -n neuvector,
kubectl set image deployment.apps/neuvector-scanner-pod *=neuvector/scanner.preview:latest -n neuvector,
kubectl set image daemonset.apps/neuvector-enforcer-pod *=neuvector/enforcer.preview:5.0.0-preview.1 -n neuvector,
kubectl get cronjob/neuvector-updater-pod -n neuvector -o yaml | sed 's#image: registry.neuvector.com/updater:latest#image: neuvector/updater.preview:latest#' | kubectl replace -f -,
查看服务,kubectl get svc -n neuvector,
找到neuvector-service-webui的NodePort端口,
访问界面,https://10.90.11.167:30431,admin/admin,
我实验环境里看到的,流量图画的真好,
入侵检测报的也准确,
原文始发于微信公众号(云计算和网络安全技术实践):NeuVector的安装部署
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论