Kubeshark on Openshift
Prerequisites:
- An active Redhat account
- An active AWS account
- Have the following CLIs installed and configured: rosa, aws and oc.
If you don’t have an Openshift cluster, you can follow the instructions below to install one.
Adding Constraints
Kubeshark requires adding the following SCCs: privileged
and anyuid
to the following service accounts: default
and kubeshark-service-account
in the namespace Kubeshark is about to run in (e.g. default
).
oc adm policy add-scc-to-user privileged -z default -n default
oc adm policy add-scc-to-user anyuid -z default -n default
oc adm policy add-scc-to-user privileged -z kubeshark-service-account -n default
oc adm policy add-scc-to-user anyuid -z kubeshark-service-account -n default
Install Kubeshark
You can now install Kubeshark:
sh <(curl -Ls https://kubeshark.co/install)
Change the Workers Pods
Running Kubeshark requires some configuration changes, disabling properties that are still not fully supported:
kubeshark tap --set tap.proxy.worker.srvPort=30001 --set tap.tls=false
That’s it, your good to go!
TL;DR - Create an Openshift Cluster
Get rosa
token from here.
Login to Openshift:
rosa login --token="eyJh..."
Ensure AWS CLI is installed and configure:
aws configure
Read more about how to install AWS CLI here.
Create the require roles in AWS for an Openshift Cluster
rosa create account-roles --mode auto
Create an Openshift cluster
rosa create cluster --cluster-name <cluster-name> --sts --mode auto
Choose ManagedOpenShift-Installer-Role
when asked:
You can track the cluster creation progress with:
rosa logs install -c <cluster-name> --watch
Once the cluster is created, create a cluster-admin
user:
rosa create admin --cluster=<cluster-name>
Follow the on-screen instruction to log in to the actual cluster. Something like:
oc login https://api.kubeshark.ABC1.p1.openshiftapps.com:6443 --username cluster-admin --password <super_long_pwd>
Verify all nodes are in Ready
status:
oc get nodes