Installation for Kubernetes
Sternum provides protection for container environments managed by Kubernetes. To install Sternum within Kubernetes, consider the below system requirements and installation details.
System Requirements
| Environment | Requirements |
|---|---|
| Kubernetes | Master Nodes running:
|
| Helm |
|
| Kubectl context | kubectl context to the target Kubernetes cluster |
| Kubernetes Security Context | Allow Sternum to run privileged containers |
Installation
The installation and deployment of Sternum in a Kubernetes cluster is managed by helm. In order to generate a deployment script for installing Sternum via helm, log into the Sternum Platform and navigate to Integrations menu in the sidebar.
Then, follow the below steps to generate a deployment script to run on your Kubernetes environment:
- STEP 1: Give the Environment a name. Environment names are used to tag events and alerts when sent from Sternum. It can reflect a Kubernetes cluster name or a region where multiple clusters are deployed. This is used to group alerts of resources monitored together.
- STEP 2: Select the Kubernetes tab under Install
- STEP 3: Follow the instructions to copy the provided
helmcommand and run it within your Kubernetes environment / on a Master Node
Validating Deployment
To verify that the Sternum components are running within your Kubernetes environment, run the following kubectl command:
kubectl get pods -n scs
The command should return one instance of the following components for each node in the scs namespace:
- sternum-compute-collector
- sternum-compute-security
- sternum-compute-ebpf
Additional details
Sternum is deployed in the scs namespace as a set of redundant components. The security components are deployed on all nodes of the cluster via a Deployment and a DaemonSet.
Uninstall
To uninstall Sternum components, run the below helm command:
helm uninstall sternum-scs -n scs
After uninstall, running pods protected by Sternum need to be restarted in order to completely remove the Sternum components.