Openshift Deploy

Openshift is RedHat's managed private cluster offering - based on Docker and orchestration by Kubernetes.

Steps to get Akto running on your Openshift cluster -

1. You can use same steps as Helm Deploy to deploy Akto.

2. Add service account to get permissions for traffic connector.

3. You can use eBPF on mTLS as your traffic connector.

Add the following to the Daemonset connector -

They listen to any interface by default - which might NOT be allowed in some Openshift clusters. If that's the case, contact [email protected] - we can help listen traffic on br-ex interface.

     containers:
      - name: mirror-api-logging
        ... 
        # add the following lines to add additional privileges
        privileged: true	
        securityContext:
          runAsUser: 0
          privileged: true

Service account manifest

On Openshift, for a pod to be able to listen to node traffic (eg. a daemonset pod), it needs to be assigned some special permissions.

1. Create a Service Account

1. Create a Security Context Constraint. Substitute <NAMESPACE> with Akto daemonset yaml namespace.

1. Add SCC to service account

Notes:

1. The SecurityContextConstraints are based on official Redhat documentation, supporting up to v4.19

Get Support for your Akto setup

There are multiple ways to request support from Akto. We are 24X7 available on the following:

1. In-app intercom support. Message us with your query on intercom in Akto dashboard and someone will reply.

2. Join our discord channel for community support.

3. Contact [email protected] for email support.

4. Contact us here.