Kubernetes Deployment Method#
This guide describes how to deploy the Censys Cloud Connector using Kubernetes.
Prerequisites#
The following prerequisites are required to deploy using Kubernetes:
A valid
providers.yml
file
Getting Started#
Note
The following steps assume that you have already cloned the Censys Cloud Connector repository and are in the root directory.
If you haven’t already, create a namespace for the Censys Cloud Connector
kubectl create namespace censys-cloud-connectors
Please note that the the above namespace is used in the following steps. If you choose to use a different namespace, please update the commands accordingly.
Set the current namespace to the Censys Cloud Connector namespace
kubectl config set-context --current --namespace=censys-cloud-connectors
Create a Kubernetes secret for the Environment Variables from the
.env
file
kubectl create secret generic censys-cloud-connectors-env \
--from-env-file=.env \
--dry-run=client \
--save-config \
-o yaml | kubectl apply -f -
Create a Kubernetes secret for the Censys Cloud Connector
providers.yml
file
The chart will look for a secret named censys-cloud-connectors-providers
in
the censys-cloud-connectors
namespace. The secret should contain a file named
providers.yml
with the contents of your providers.yml
file.
kubectl create secret generic censys-cloud-connectors-providers \
--from-file=providers.yml \
--dry-run=client \
--save-config \
-o yaml | kubectl apply -f -
(Optional) Create a Kubernetes secret for the Censys Cloud Connector
secrets
directory
Note
This step is required if you are scanning Google Cloud Platform.
If you choose to use this method, you will need to uncomment the
credentialsSecretName
value in thevalues.yaml
file which should be set tocensys-cloud-connectors-secrets
.
kubectl create secret generic censys-cloud-connectors-secrets \
--from-file=secrets \
--dry-run=client \
--save-config \
-o yaml | kubectl apply -f -
(Optional) Modify the
values.yaml
file to customize the deployment
This is the place to customize the schedule of the Censys Cloud Connector, the default is to run every 4 hours. We recommend that you do not run the Censys Cloud Connector more frequently than every hour. For assistance with writing the cron schedule, please see the Crontab Guru website.
See the Configuration section for more information on the available configuration options.
Install the Censys Cloud Connector Chart
helm upgrade --install censys-cloud-connectors ./kubernetes/censys-cloud-connectors
Optionally test:
Run the Censys Cloud Connector Manually
kubectl create job --from=cronjob/censys-cloud-connectors censys-cloud-connectors-manual --dry-run=client -o yaml | kubectl apply -f -
Check the logs of the Censys Cloud Connector Job
kubectl logs job.batch/censys-cloud-connectors-manual --follow
Configuration#
The following table describes the available configuration options for the Censys Cloud Connector Chart.
Key |
Description |
---|---|
|
The name of the secret containing the .env file. |
|
The name of the secret containing the providers.yml file. |
|
(Optional) The name of the secret containing all the credentials stored in the secrets directory. |
|
(Optional) The override for the name of the chart. |
|
(Optional) The override for the fullname (including release name) of the chart. |
|
(Optional) The authorization token to use when accessing the docker registry. |
|
The image for the censys-cloud-connector container. |
|
(Optional) Overrides the image pull policy. |
|
(Optional) Overrides the image tag whose default is latest. |
|
(Optional) The interval at which the censys-cloud-connector container will run (in cron format). Defaults to every 4 hours. |
|
(Optional) The concurrency policy for the cronjob. |
|
(Optional) The annotations to add to the pod. |
|
(Optional) The security context to add to the pod. |
|
(Optional) The security context to add to the container. |
|
(Optional) The resources to allocate to the container. |
|
(Optional) The node selector to use when scheduling the pod. |
|
(Optional) The tolerations to use when scheduling the pod. |
|
(Optional) The affinity to use when scheduling the pod. |
Upgrading#
To upgrade the Censys Cloud Connector Chart, ensure that you have the latest version of the chart and run the following command:
helm upgrade --install censys-cloud-connectors ./kubernetes/censys-cloud-connectors
Uninstalling#
To uninstall the Censys Cloud Connector Chart, run the following command:
helm uninstall censys-cloud-connectors
You can also delete the Censys Cloud Connector namespace:
kubectl delete namespace censys-cloud-connectors
Troubleshooting#
The Censys Cloud Connector is not running#
If the Censys Cloud Connector is not running, you can check the logs of the Censys Cloud Connector Job to see if there are any errors.
kubectl logs job.batch/censys-cloud-connectors-manual --follow
The Censys Cloud Connector is not able to access the .env
file#
If you see an error similar to the following, it means that the Censys Cloud
Connector is not able to access the .env
file.
ERROR:censys_cloud_connectors: n validation error for Settings
...
This means that the envSecretName
value in the values.yaml
file is
either incorrect or the secret does not contain the .env
file. You may also
be provided with a more specific error message indicating which environment
variable is missing or invalid.
The Censys Cloud Connector is not able to access the providers.yml
file#
If you see an error similar to the following, it means that the Censys Cloud
Connector is not able to access the providers.yml
file.
Error: [Errno 2] No such file or directory: '/providers/providers.yml'
This means that the providersSecretName
value in the values.yaml
file is
or the secret does not contain the providers.yml
file.
The Censys Cloud Connector is not able to access the secrets
directory#
If you see an error similar to the following, it means that the Censys Cloud
Connector is not able to access the secrets
directory.
Error: [Errno 2] No such file or directory: 'secrets/<file>'
This means that the secretsSecretName
value in the values.yaml
file is
either incorrect or the secrets directory does not contain the required files.
My issue is not listed here#
If your issue is not listed here, please contact Censys Support.