This repository shows the manifest yaml files required to deploy the Aqua CyberCenter on the following Kubernetes platforms:
- Kubernetes
- OpenShift
- Kubernetes engines: EKS, GKE, ICP, AKS, TKG, and TKGI
Before you follow the deployment steps explained below, Aqua strongly recommends you refer to the product documentation, Deploy Offline CyberCenter for detailed information.
The deployment commands shown below use the kubectl cli. You can also deploy using the oc cli commands, to work on all platforms including OpenShift.
- Your Aqua credentials: username and password
- Your Aqua Enterprise License Token
It is recommended that you complete the sizing and capacity assessment for the deployment. Refer to Sizing Guide.
The CyberCenter image is added in the CyberCenter deploy yaml file at the line 40. You can use one of the two following CyberCenter images:
- cc-standard:latest: is used for support on vulnerabilities related to all the operating systems. This image is used in the deployment yaml file.
- cc-premium:latest: is used to get support on vulnerabilities related to all the programming languages including the operating systems.
- mTLS with server: To configure the CyberCenter with mTLS (mutual TLS) to have secure communication with server, refer to the product documentation, Configure mTLS between the Offline CyberCenter and Server.
- (Optional) mTLS with scanner: If you deploy additional scanners for the scanning operation, the offline CyberCenter communicates with these scanners. To configure the offline CyberCenter with mTLS to have secure communication with scanner, refer to the product documentation, Configure mTLS between the Offline CyberCenter and Scanner.
You can skip any of the steps if you have already performed.
Step 1. Create a namespace (or an OpenShift project) by name aqua (if not already done).
kubectl create namespace aquaStep 2. Create a docker-registry secret (if not already done).
kubectl create secret docker-registry aqua-registry \
--docker-server=registry.aquasec.com \
--docker-username=<your-name> \
--docker-password=<your-pword> \
--docker-email=<your-email> \
-n aquaStep 3. Create a service account (if not already done).
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/deployments/2022.4/cyber_center/kubernetes_and_openshift/manifests/001_cybercenter_serviceAccount.yamlkubectl apply -f https://raw.githubusercontent.com/aquasecurity/deployments/2022.4/cyber_center/kubernetes_and_openshift/manifests/002_cybercenter_deploy.yamlAfter the offline CyberCenter is deployed successfully, you must disable Fast Scanning from Aqua UI to scan artifacts successfully. For more information on disabling this option, refer to Configure Scan Options.