Deploying a pod that contains the eBPF sensor and Cequence Bridge uses the Helm utility. You'll also need the client ID and client Secret pair you generated earlier.
Before you start
Confirm that you have access to your Kubernetes cluster with a current version of Helm.
What you'll need
- Credentials to a user account on a host with access to your Kubernetes cluster
- Credentials to the Cequence Helm chart repository. Your Cequence team provides these credentials.
- Access to a text editor on the host you're using for this installation process
- Privileges to create, move, and rename files and directories
- Privileges to set pod capabilities
Items to download
You don't need to download anything for this installation process.
Configure the privileges in your environment
Because the eBPF sensor operates at the kernel level, it has to have specific privileges to operate correctly.
In environments where privileged pods are available, configuring the capabilities of the pod is simple. Pod privileges are managed in a YAML configuration file, typically named pod-config.yml. Open the configuration file in a text editor and add the following section.
securityContext:
privileged: true
In environments where privileged pods aren't available, configure the following specific set of capabilities.
| Capability | Description |
| CAP_SYS_RESOURCE | Manages eBPF maps limits |
|
CAP_BPF+CAP_PERFMON or CAP_SYS_ADMIN |
Used to load and attach eBPF programs |
| CAP_SYS_PTRACE | Enables the collection of information about processes |
| CAP_NET_ADMIN | Enables packet capture |
| CAP_SETPCAP | Reduce bounding set capabilities |
| CAP_SYSLOG | Enables access to kernel symbols through /proc/kallsyms |
| CAP_IPC_LOCK | Only required in Ubuntu environments |
| CAP_SYS_ADMIN | Required in cgroup v1 environments |
To configure these capabilities, open the pod-config.yml file in a text editor and add the following lines in the securityContext: section. You can either use CAP_BPF and CAP_PERFMON or CAP_SYS_ADMIN depending on the needs of your use case.
securityContext:
capabilities:
add:
- CAP_SYS_RESOURCE
- CAP_SYS_ADMIN
- CAP_SYS_PTRACE
- CAP_NET_ADMIN
- CAP_SETPCAP
- CAP_SYSLOG
- CAP_IPC_LOCK
Prepare your environment
Add the Cequence Helm repository to pull the Helm chart you need to install the eBPF sensor.
Run the following commands from a terminal to add the Cequence chart repository and make sure it's up to date.
helm repo add cequence https://cequence.gitlab.io/helm-charts
helm repo update cequence
Run the following command to search for the eBPF sensor's Helm chart.
helm search repo cequence/sensor
A best practice is to create a separate namespace fo the eBPF sensor. This is an optional step, which you can take by running the following command.
kubectl create namespace cequence
Set up Kubernetes secrets
Kubernetes needs credentials to access to the Cequence registry. Run the following command to create the Kubernetes secrets that contain those credentials.
kubectl create secret docker-registry regcred \
--docker-server=registry.gitlab.com \
--docker-username=<username> \
--docker-password=<password> \
--namespace cequence
Kubernetes also needs credentials for the Cequence UAP platform. Add the Cequence client secrets by running the following command. Replace <client_id> and <client_secret> with the values of the client ID and client secret you created earlier.
kubectl create secret generic client-credentials \
--from-literal=clientId=<client_id> \
--from-literal=clientSecret=<client_secret> \
-n cequence
Set up the overrides file
A Helm overrides file provides configuration exceptions to the configuration specified in a Helm chart. In a text editor, create a file named sensor.yaml. Save the file in the /opt/cequence/ebpf directory.
The following example shows a minimal overrides file. Replace <subdomain> with your Cequence UAP platform subdomain.
image:
pullSecrets:
- name: regcred
bridge:
uapSubdomain: "<subdomain>"
auth:
secretsRefName: "client-credentials"
The README file for the Helm chart has detailed information on supported configurations.
Installing the sensor
To install the eBPF sensor, run the following command.
helm install sensor cequence/sensor -n cequence --version 5.5.1 -f sensor.yaml
If the overrides file name is not sensor.yaml, use the actual file name.
Verifying a successful installation
You can run several Kubernetes management commands to confirm that the container with the Cequence eBPF sensor and Bridge are running properly.
Check all the resources running in the Cequence namespace with get all -n.
kubectl get all -n cequence
Check the status of a Kubernetes pod with describe pod.
kubectl describe pod pod-name
Check the logs for a given pod with logs.
kubectl logs cequence/ebpf-sensor
Things to try in case of problems
You can check the events from a given pod with get events.
kubectl get events --sort-by=.metadata.creationTimestamp
To test pod connectivity and get a health report, check the health endpoint with the curl command.
curl http://localhost:8080/health
Removing the eBPF sensor
To uninstall the eBPF sensor, run the following command.
helm uninstall sensor -n cequence