This guide outlines the steps for installing the Cequence eBPF Sensor as a DaemonSet within your Kubernetes cluster. The Cequence eBPF sensor captures network traffic and transmits it to the Cequence Unified API Protection Platform (UAP) for analysis. The Cequence eBPF sensor can also provide sensitive data masking when required.
Alternately, you can deploy the data masking functionality using the Cequence Sensor as a Sidecar.
Installation Steps
Create Client Secret
- Log in to the Cequence UAP web UI.
- Navigate to User Management, click on "Clients" and then click on "Add New Client"
- Provide a "Client Name", such as defender-client-0, and select "Traffic Ingestion". Click "Save".
- Click on the secret icon.
- A dialog box with the Client Secret appears.
- Later in this article, the terms "Client Name" and "client-id" are used interchangeably, as well as "Client Secret" as "client-secret".
Add Helm Repository
Run the following commands to add the Helm repository.
helm repo add cequence https://cequence.gitlab.io/helm-charts/
helm repo update
Create Overrides File
Create a text file named tls-sensor-overrides.yaml with the following contents.
sensor:
clientId: ""
clientSecret: ""
uapSubdomain: ""
Create Registry Secret
Run the following kubernetes commands to create a registry secret.
kubectl create ns cequence
kubectl create secret \
docker-registry regcred \
--docker-server=registry.gitlab.com \
--docker-username=<your-username> \
--docker-password=<your-password> \
-n cequence
Deploy DaemonSet
Run the following commands to install the Cequence eBPF sensor as a kubernetes DaemonSet.
helm upgrade --install tls-sensor-daemonset \
cequence/tls-sensor-daemonset \
--namespace cequence \
--values ./tls-sensor-overrides.yaml