Kubernetes Integration Installation¶
This guide provides instruction on installing the Boost Kubernetes integration.
Prerequisites¶
The individual responsible for installing the integration must have the necessary permissions to deploy a helm chart to the relevant cluster(s).
Requested Permissions¶
The following are the permissions of the Kubernetes agent that will be running within the cluster:
rules:
- apiGroups: [""]
resources: ["nodes", "services", "namespaces"]
verbs: ["get", "list"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list"]
- apiGroups: ["traefik.containo.us", "traefik.io"]
resources: ["ingressroutes"]
verbs: ["get", "list"]
Instructions¶
-
Navigate to the
Integrations page. -
Click the Install button that is on the GitLab Integration Card underneath the
Availablesection.
-
A modal will appear, requesting the name of the Kubernetes integration. It is advised that the name that is chosen is the name of the cluster that is being added.
-
After the Boost token has been generated, save the create secret command to the clipboard and prepare to paste the value into a terminal.
-
Paste the previously copied value into a terminal, in the same namespace that the Boost Kubernetes agent will eventually run in.
-
Install the Boost Kubernetes scanner helm chart using the following command:
helm install \ --set secret.name=boost-k8s-token \ oci://public.ecr.aws/boostsecurityio/boostsec-scanner-k8s-chart --generate-name -
Review the results in the Boost console by going to the Asset Management page. If the Boost Kubernetes scanner is working correctly, you should see the cluster you recently added and the cluster's associated services.
To continue along the journey of achieving end-to-end runtime visibility with Boost, view the instructions on how to achieve Code-to-Cloud Visibility.