Kubernetes: Install a sensor

Compatible with Kubernetes 1.16 or later and Helm 3.0.0 or later.

Before you begin

  • Make sure you have admin privileges
  • Make sure you have Kubernetes set up on your machine
  • Make sure you have Helm installed on your machine
  • Make sure you have Docker installed on your machine

Install sensor

Download the Kubernetes deployment package from your CertCentral account

  1. In CertCentral, in the sidebar menu, click Discovery > Manage Discovery.

  2. On the Manage scans page, click Add sensor.

  3. On the Set up a sensor page, under step 1 Download a discovery sensor in the docker section, click Kubernetes deployment files.

  4. Save the package (digicert_sensor_kubernetes.zip) in your system. Make sure to note the location.

  5. Extract the contents of the zip file.

Configure and deploy the sensor to Kubernetes using Helm

  1. Create the installation directory.

    For example:

    install_dir

    And copy the extracted folder (digicert_sensor_kubernetes) in the installation directory.

  2. Open the values.yaml file in a text editor.

  3. Edit the values.yaml file to provide the information for the following parameters to configure the sensor.

    • Username
    • Password
    • Division name
    • Sensor name

    Note: These parameters are used to provision a sensor to a CertCentral account.

  4. Go to the sensor installation directory (install_dir) and run the helm install command to install and start the sensor.

    helm install <image name> <installation directory path>

    For example:

    helm install digicert-sensor ./install_dir

The values.yaml file looks like this:

xml 
# Default values for sensor-charts.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 1

image:
  repository: digicertinc/digicert-sensor
  pullPolicy: Always
  tag: "latest"

nameOverride: ""
fullnameOverride: ""

service:
  type: ClusterIP
  port: 8080

ingress:
  enabled: false

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

autoscaling:
  enabled: false

daasDomain: "daas.digicert.com"
sensorHome: /usr/local/digicert/sensor

sensorAuthDetails:
  username: username
  password: password
  divisionName: DivisionName
  sensorName: sensorName

What's next

Verify sensor installation:

  • Check the sensor status in your CertCentral account.
  • Check the sensor status logs.

Sensor log location is: <path defined in sensorHome parameter>/logs/sensor.log

For example: /usr/local/digicert/sensor/logs/sensor.log

Now, you're ready to set up and run a scan using this sensor. See Set up and run a scan.

If you're using multiple sensors, you may want to rename the sensors to make tracking and identification easier. See Rename the sensor.

案内

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.