This article describes the required prerequisites needed for a successful Defender Kubernetes deployment. Please refer to this article before installing your Defender. All Defender deployments use the following prerequisites unless a difference is explicitly referenced in the Prerequisites Matrix. Please see the following article for dependency versions: Defender Dependency Matrix
Step 1: Add Helm Charts
You will need to add all of the necessary helm repositories.
- helm repo add cequence https://cequence.gitlab.io/helm-charts/
Run the following command to ensure the latest repositories have been deployed
helm repo update
Downloading Images from Your Registry
If you cannot install images in your environment directly from Cequence's registry or the 3rd party dependency registries, please notify your Cequence account team. Cequence will provide the images directly so you can upload them to your corporate standard registry. You can then install Cequence Defender by directly pointing to your registry rather than Cequence's repository.
Your account team will also guide you on editing the Helm values file to reflect the location of your private images.
Step 2: Prepare your Cluster
Create a namespace for your Defender deployment
Create a namespace to deploy the Defender
kubectl create namespace <defender-namespace>
Set the new namespace as the <defender-namespace>.
kubectl config set-context --current --namespace=<defender-namespace>
If you are using the Cequence repositories, you Must have GitLab credentials with the proper authorization. You can use one of the following options. Also, note the defender should be installed in the same namespace as your UAP Platform, so if you deployed a Cequence UAP Platform, you can skip this step.
kubectl create secret docker-registry regcred --docker-server=registry.gitlab.com --docker-username=<your-username> --docker-password=<your-password> -n <defender-namespace>
Or via docker file. You must already have your docker-config.json file for this to work.
kubectl create secret generic regcred --from-file=.dockerconfigjson=./docker-config.json --type=kubernetes.io/dockerconfigjson -n <defender-namespace>
If you do not have credentials, please contact your Cequence Account manager for further direction. Otherwise, we will provide you with the images for your company repository
Step 3: Prepare your UAP Platform
Setup a Cequence API-Edge Traffic Ingestion Account
In the authentication pane of the Cequence UI, navigate to the Authentication tab on the left-side pane. Select the client and set it to “Traffic Ingestion.”
Then select the “eye” icon to see your client key and store that in a notepad.
Step 4: Install Cequence Defender
After successfully completing all the prerequisites in this article, proceed to install the Cequence Defender using the steps listed in Cequence Defender Installation.