Quick start
Installing Soveren is extremely simple:
-
Install the Soveren Agent in your Kubernetes cluster
-
Go to the Soveren app in the Soveren Cloud and start getting insights!
Installing the Agent
-
Create a new Soveren token and have it handy for the following steps. The token identifies and authorizes your Agent within the Soveren Cloud.
-
Create a namespace for Soveren installation:
You can use any other valid namespace name instead ofkubectl create namespace soverenio
soverenio
. -
Add the Soveren Helm repository:
helm repo add soveren https://soverenio.github.io/helm-charts
-
Install the Soveren Agent using the
<TOKEN>
that you obtained on the step 1:You can use any other valid release name instead ofhelm install -n soverenio soveren-agent soveren/soveren-agent --set digger.token="<TOKEN>"
soveren-agent
. -
That's it! You may go to the Soveren app now and check the dashboards.
For more advanced configuration options please take a look at the configuration page.
What happens under the hood
There are several things which happen automatically in the cluster when you install the Soveren Agent:
-
Soveren Agent contains Interceptors and Personal Data Detector, which itself consists of several components.
-
Both Interceptors and Personal Data Detector are deployed into the namespace
soverenio
. -
Soveren Agent subscribes to a lot of metadata from the Kubernetes API. For this, a dedicated
ServiceAccount
is created for Personal Data Detector. ThisServiceAccount
is given cluster-wide permissions (ClusterRoleBinding
) toget
,list
andwatch
on severalapiGroups
. -
Interceptors do not need special Kubernetes RBAC permissions to capture the traffic.
-
Interceptors read data from virtual network interfaces of the host. For this, the containers in which Interceptors are running require several things:
-
privileged: true
-
dnsPolicy: ClusterFirstWithHostNet
-
hostNetwork: true
-
hostPID: true
-