Openshift Deploy

Learn how to deploy Akto on Openshift cluster

Openshift is RedHat's managed private cluster offering - based on Docker and orchestration by Kubernetes.

Steps to get Akto running on your Openshift cluster -

You can use same steps as to deploy Akto.
to get permissions for traffic connector.
You can use or as your traffic connector.

Add the following to the Daemonset connector -

They listen to any interface by default - which might NOT be allowed in some Openshift clusters. If that's the case, contact support@akto.io - we can help listen traffic on br-ex interface.

     containers:
      - name: mirror-api-logging
        ... 
        # add the following lines to add additional privileges
        privileged: true	
        securityContext:
          runAsUser: 0
          privileged: true

Service account manifest

On Openshift, for a pod to be able to listen to node traffic (eg. a daemonset pod), it needs to be assigned some special permissions.

1. Create a Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
  name: akto-daemonset-serviceaccount
  annotations:
    "scc.openshift.io/scc": "akto-daemonset-scc"

Create a Security Context Constraint. Substitute <NAMESPACE> with Akto daemonset yaml namespace.

apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: akto-daemonset-scc
allowPrivilegedContainer: true
allowHostNetwork: true
requiredDropCapabilities:
- NET_ADMIN
seLinuxContext:
  type: RunAsAny
runAsUser:
  type: RunAsAny
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: MustRunAs
users:
- system:serviceaccount:<NAMESPACE>:akto-daemonset-serviceaccount

Add SCC to service account

oc adm policy add-scc-to-user akto-daemonset-scc -z akto-daemonset-serviceaccount

PreviousAzure Deploy NextHeroku

Last updated 7 months ago

Was this helpful?