KSOC supports Organizations (child accounts) that allow grouping clusters by department, location, organizational unit, etc. Create an Organization to reflect the grouping for the clusters.
- On the Organizations page, click Add Organization.
- Fill in a name and description and click Save.
To add a cluster, obtain the access and secret key for the renamed Organization in the KSOC UI. You will need this to install the V2 KSOC plugins.
- On the Organization's page click the organization name where you want the cluster to reside
- On the Organization's clusters page, click on Add Cluster
- Copy the base64AccessKeyId base64SecretKey values
The remainder of this document assumes the following:
- An Organization (child account) in KSOC already exists
- The user has obtained the base64AccessKey base64SecretKey values required for the installation via the UI
- The user has kubectl installed
- The user has Helm v3 installed
- The user has kubectl admin access to the cluster
cert-manager must be installed, as KSOC deploys Admission Controllers that create certificates to secure their communication with the Kubernetes API. At present KSOC only supports cert-manager as the means of creating these certificates.
You can check if cert-manager is installed using the command below:
kubectl get pods -A | grep cert-manager
If the command above returns no results, you must install cert-manager into your cluster using the following commands:
helm repo add jetstack https://charts.jetstack.io helm repo update helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ --version v1.10.0 \ --set installCRDs=true
A full list of available Helm values is on cert-manager's ArtifactHub page.
Now we have installed cert-manager, we need to validate that it is running successfully. This can be achieved using the command below:
kubectl get pods -n cert-manager
You should see the following pods (with slightly different generated IDs at the end) with a status of Running:
NAME READY STATUS RESTARTS AGE cert-manager-7dc9d6599-5fj6g 1/1 Running 0 1m cert-manager-cainjector-757dd96b8b-hlqgp 1/1 Running 0 1m cert-manager-webhook-854656c6ff-b4zqp 1/1 Running 0 1m
To install the KSOC plugins Helm chart, we need to configure access to the KSOC helm repository using the commands below:
helm repo add ksoc https://charts.pe.tools.ksoc.com/stable helm repo update
If you already had KSOC's Helm chart installed, it is recommended to update it.
helm repo update ksoc
Next, we need to create a values file called
values.yaml with the following content that includes the base64AccessKeyId and base64SecretKey:
ksoc: base64AccessKeyId: "YOURACCESSKEYID" base64SecretKey: "YOURSECRETKEY" clusterName: "This name will be displayed in KSOC"
By default, a secret is created as part of our Helm chart, which we use to securely connect to KSOC. However, it is highly recommended that this secret is created outside of the helm installation and is just referenced in the Helm values.
The structure of the secret is as follows:
apiVersion: v1 kind: Secret metadata: name: ksoc-access-key namespace: ksoc data: access-key-id: "YOURACCESSKEYID" secret-key: "YOURSECRETKEY"
The secret can now be referenced in the Helm chart using the following values.yaml configuration:
ksoc: clusterName: "This name will be displayed in KSOC" accessKeySecretNameOverride: "ksoc-access-key"
KSOC’s ksoc-guard plugin integrates with the Kubernetes admission controller. All admission controller communications require TLS. KSOC’s Helm chart installs and ksoc-guard utilizes Let’s Encrypt to automate the issuance and renewal of certificates using the cert-manager add-on.
Finally, you can install ksoc-plugins using the following command:
helm install \ ksoc ksoc/ksoc-plugins \ --namespace ksoc \ --create-namespace \ -f values.yaml
Now we have installed the KSOC plugins, we need to validate that it is running successfully. This can be achieved using the command below:
kubectl get pods -n ksoc
You should expect to see the following pods in a state of Running:
ksoc-guard-774d79f4b7-b8fhr 2/2 Running 0 1m ksoc-sbom-6db8f6fcb-f9n6p 2/2 Running 0 1m ksoc-sync-774b47cb47-gms9d 1/1 Running 0 1m ksoc-watch-8f5688cbb-pvcws 1/1 Running 0 1m
If you don't see all the pods running within 2 minutes, please check the Installation Troubleshooting page or contact KSOC support.
Updated 4 days ago