In CertCentral, in the sidebar menu, click Discovery > Manage Discovery.
On the Manage scans page, click Add sensor.
On the Set up a sensor page, under step 1 Download a discovery sensor in the docker section, click Kubernetes deployment files.
Save the package (digicert_sensor_kubernetes.zip) in your system. Make sure to note the location.
Extract the contents of the zip file.
Create the installation directory.
For example:
install_dir
And copy the extracted folder (digicert_sensor_kubernetes) in the installation directory.
Open the values.yaml file in a text editor.
Edit the values.yaml file to provide the information for the following parameters to configure the sensor.
Note: These parameters are used to provision a sensor to a CertCentral account.
Go to the sensor installation directory (install_dir
) and run the helm install
command to install and start the sensor.
helm install <image name> <installation directory path>
For example:
helm install digicert-sensor ./install_dir
The values.yaml file looks like this:
# Default values for sensor-charts.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: digicertinc/digicert-sensor
pullPolicy: Always
tag: "latest"
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
daasDomain: "daas.digicert.com"
sensorHome: /usr/local/digicert/sensor
sensorAuthDetails:
username: username
password: password
divisionName: DivisionName
sensorName: sensorName
Verify sensor installation:
Sensor log location is: <path defined in sensorHome parameter>/logs/sensor.log
For example: /usr/local/digicert/sensor/logs/sensor.log
Now, you're ready to set up and run a scan using this sensor. See Set up and run a scan.
If you're using multiple sensors, you may want to rename the sensors to make tracking and identification easier. See Rename the sensor.