Start on Kubernetes

Goal

This guide will show you how to run MicroPerimeter™ Security on local Kubernetes cluster using minikube.

Software prerequisites

Before you start make sure your system configuration is supported.

Supported operating systems:

  • Linux
  • MacOS

Required software:

Please refer to minikube setup instructions to install and configure your minikube.

NOTE: If you require a demo of MicroPerimeter™ Security or more information please reach out to our sales team at sales@cloudentity.com

Installation

Prerequisites: Account setup

Navigate to Cloudentity website, click TRY FOR FREE and register. Follow the instructions received via email to register and log in to demo.cloudentity.com

Step 1: Download and unzip the package

After setting up an account, you will be automatically logged in to demo.cloudentity.com

Navigate to Microservices tab and follow the instructions to download the latest version of the MicroPerimeter™ Security installation package.

You will receive the *.zip package with MicroPerimeter™ Security installation scripts.

NOTE: The package comes integrated with Cloudentity™ OAuth/OIDC Authorization Server, but you have an option to integrate with Okta or Azure AD OIDC Authorization Servers. If you are interested in either of these please follow instructions in linked documents below:

Unzip the package.

Step 2: Verify and Prepare the environment

In terminal navigate to unzipped package e.g.:

cd /home/usr/microperimeter

At the very beginning go to the kubernetes directory:

cd kubernetes

You can verify the prerequisites using the command below:

./bin/verify_prerequisites.sh

NOTE: Kops is not needed for the Minikube based deployment.

Please create the following cluster role binding on your Kubernetes cluster.

kubectl create clusterrolebinding add-on-cluster-admin \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:default

Step 3: Deploy & Run MicroPerimeter

If a service account has not already been installed for Tiller*, install one:

kubectl apply -f helm/helm-service-account.yaml

Install Tiller (in-cluster component of helm) on your cluster with the service account:

helm init --service-account tiller --wait

Install EFK (Elasticsearch + Fluentd + Kibana):

helm upgrade \
  --install efk \
  -f helm/registry/docker-microperimeter.artifactory.cloudentity.com/registry.yaml \
  --set global.registry=docker-microperimeter.artifactory.cloudentity.com \
  --namespace=kube-system \
  --wait helm/efk

Install MicroPerimeter™ System:

helm upgrade \
  --install microperimeter-system \
  -f helm/registry/docker-microperimeter.artifactory.cloudentity.com/registry.yaml \
  -f values.yaml \
  --set global.tag=2.6.0 \
  --set global.registry=docker-microperimeter.artifactory.cloudentity.com \
  --namespace=microperimeter-system \
  --wait helm/microperimeter-system

Import MicroPerimeter™ Security policies:

./bin/mpctl.sh import -d policies/system/kubernetes.yaml -d policies/scopes.yaml -p policies/system/default.yaml

Install MicroPerimeter™ Services:

helm upgrade \
  --install microperimeter-services \
  -f helm/registry/docker-microperimeter.artifactory.cloudentity.com/registry.yaml \
  -f values.yaml \
  --set global.tag=2.6.0 \
  --set global.registry=docker-microperimeter.artifactory.cloudentity.com \
  --namespace=microperimeter-services \
  --wait helm/microperimeter-services

NOTE: The Helm deployment can take a bit of time depending on your connection speed.


In-depth instructions with detailed explanations for the installation process above can be found in our Deploy on Minikube Tutorial

Step 4: Forward ports

To access MicroPerimeter™ Dashboard you need to first forward necessary ports:

kubectl -n microperimeter-services port-forward \
  $(kubectl get pod -n microperimeter-services -l app=microperimeter-edge -o jsonpath='{.items[0].metadata.name}') \
  18000:8080

Step 5: See the dashboard

Open a browser and navigate to the following page http://localhost:18000/dashboard

Congratulations you just deployed MicroPerimeter™ Security on your Kubernetes cluster!

Next steps

Now you can choose to: