Kubernetes:安装传感器

兼容 Kubernetes 1.16 或更高版本和 Helm 3.0.0 或更高版本。

在开始之前

  • 确保具有管理员权限
  • 确保在计算机上安装 Kubernetes
  • 确保在计算机上安装 Helm
  • 确保在计算机上安装 Docker

安装传感器

从您的 CertCentral 帐户下载 Kubernetes 部署包

  1. 在 CertCentral 的侧栏菜单中,单击 Discovery > 管理 Discovery

  2. 在“管理扫描”页面上,单击添加传感器

  3. 在“设置传感器”页面上的 docker 部分的步骤 1 下载 discovery 传感器中,单击 Kubernetes 部署文件

  4. 将程序包 (digicert_sensor_kubernetes.zip) 保存在系统中。请务必记下位置。

  5. 提取 zip 文件中的内容。

使用 Helm 将传感器配置并部署到 Kubernetes

  1. 创建安装目录。

    例如:

    install_dir

    将提取的文件夹 (digicert_sensor_kubernetes) 复制到安装目录。

  2. 在文本编辑器中打开 values.yaml 文件。

  3. 编辑 values.yaml 文件以提供以下传感器配置参数的信息。

    • 用户名
    • 密码
    • 分区名称
    • 传感器名称

    注意:这些参数用于将传感器配置到 CertCentral 帐户。

  4. 转到传感器安装目录(例如,install_dir)并运行 helm install 命令以创建和启动传感器容器。

    helm install <image name> <installation directory path>

    例如:

    helm install digicert-sensor ./install_dir

values.yaml 文件如下类似:

xml 
# Default values for sensor-charts.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 1

image:
  repository: digicertinc/digicert-sensor
  pullPolicy: Always
  tag: "latest"

nameOverride: ""
fullnameOverride: ""

service:
  type: ClusterIP
  port: 8080

ingress:
  enabled: false

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

autoscaling:
  enabled: false

daasDomain: "daas.digicert.com"
sensorHome: /usr/local/digicert/sensor

sensorAuthDetails:
  username: username
  password: password
  divisionName: DivisionName
  sensorName: sensorName

接下来

确认传感器安装:

  • 在 CertCentral 帐户中检查传感器状态。
  • 检查传感器状态日志。

传感器日志位于:<在 sensorHome parameter>/logs/sensor.log 中定义的路径

例如:/usr/local/digicert/sensor/logs/sensor.log

现在可以使用此传感器设置和运行扫描。请参阅设置和运行扫描

如果您使用多个传感器,可能要为传感器重命名,以便更好地进行追踪和识别。请参阅为传感器重命名

简介

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.