Installation

Create Organization

KSOC supports Organizations (child accounts) that allow grouping clusters by department, location, organizational unit, etc. Create an Organization to reflect the grouping for the clusters.

  1. On the Organizations page, click Add Organization.
  2. Fill in a name and description and click Save.

Add Cluster

To add a cluster, obtain the access and secret key for the renamed Organization in the KSOC UI. You will need this to install the V2 KSOC plugins.

  1. On the Organization's page click the organization name where you want the cluster to reside
  2. On the Organization's clusters page, click on Add Cluster
  3. Copy the base64AccessKeyId base64SecretKey values

Installation KSOC Plugins

The remainder of this document assumes the following:

  • An Organization (child account) in KSOC already exists
  • The user has obtained the base64AccessKey base64SecretKey values required for the installation via the UI
  • The user has kubectl installed
  • The user has Helm v3 installed
  • The user has kubectl admin access to the cluster

Workflow

1. Install cert-manager

cert-manager must be installed, as KSOC deploys Admission Controllers that create certificates to secure their communication with the Kubernetes API. At present KSOC only supports cert-manager as the means of creating these certificates.

You can check if cert-manager is installed using the command below:

kubectl get pods -A | grep cert-manager

If the command above returns no results, you must install cert-manager into your cluster using the following commands:

helm repo add jetstack https://charts.jetstack.io
helm repo update

helm install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.10.0 \
  --set installCRDs=true

A full list of available Helm values is on cert-manager's ArtifactHub page.

2. Verify cert-manager installation

Now we have installed cert-manager, we need to validate that it is running successfully. This can be achieved using the command below:

kubectl get pods -n cert-manager 

You should see the following pods (with slightly different generated IDs at the end) with a status of Running:

NAME                                         READY   STATUS RESTARTS   AGE
cert-manager-7dc9d6599-5fj6g                 1/1       Running   0          1m
cert-manager-cainjector-757dd96b8b-hlqgp     1/1       Running   0          1m
cert-manager-webhook-854656c6ff-b4zqp        1/1       Running   0          1m

3. Configure KSOC helm repository

To install the KSOC plugins Helm chart, we need to configure access to the KSOC helm repository using the commands below:

helm repo add ksoc https://charts.pe.tools.ksoc.com/stable  
helm repo update

If you already had KSOC's Helm chart installed, it is recommended to update it.

helm repo update ksoc

4. Create cluster-specific values file

Next, we need to create a values file called values.yaml with the following content that includes the base64AccessKeyId and base64SecretKey:

ksoc:
  base64AccessKeyId: "YOURACCESSKEYID"
  base64SecretKey: "YOURSECRETKEY"
  clusterName: "This name will be displayed in KSOC"

4.1 Recommended installation

By default, a secret is created as part of our Helm chart, which we use to securely connect to KSOC. However, it is highly recommended that this secret is created outside of the helm installation and is just referenced in the Helm values.

The structure of the secret is as follows:

apiVersion: v1
kind: Secret
metadata:
  name: ksoc-access-key
  namespace: ksoc
data:
  access-key-id: "YOURACCESSKEYID"
  secret-key: "YOURSECRETKEY"

The secret can now be referenced in the Helm chart using the following values.yaml configuration:

ksoc:
  clusterName: "This name will be displayed in KSOC"
  accessKeySecretNameOverride: "ksoc-access-key"

KSOC’s ksoc-guard plugin integrates with the Kubernetes admission controller. All admission controller communications require TLS. KSOC’s Helm chart installs and ksoc-guard utilizes Let’s Encrypt to automate the issuance and renewal of certificates using the cert-manager add-on.

5. Installing the KSOC plugins

Finally, you can install ksoc-plugins using the following command:

helm install \
  ksoc ksoc/ksoc-plugins \
  --namespace ksoc \
  --create-namespace \
  -f values.yaml 

6. Verify KSOC plugins

Now we have installed the KSOC plugins, we need to validate that it is running successfully. This can be achieved using the command below:

kubectl get pods -n ksoc

You should expect to see the following pods in a state of Running:

ksoc-guard-774d79f4b7-b8fhr   2/2   Running   0         1m
ksoc-sbom-6db8f6fcb-f9n6p     2/2   Running   0         1m
ksoc-sync-774b47cb47-gms9d    1/1   Running   0         1m
ksoc-watch-8f5688cbb-pvcws    1/1   Running   0         1m

If you don't see all the pods running within 2 minutes, please check the Installation Troubleshooting page or contact KSOC support.