how can i add your helm repo to kubernetes system?

[FerdiGul]

Hi,
ı wanna use your moloch for kubernetes but how can i install it my system? Can you explain step by step

[dlohin]

You would likely need to hack things up a bit. This was designed to run on an OS that we called "EDCOP". We have been working on getting Zeek and Suricata into Openshift/OKD. At this point you would need a Kubernetes cluster. Getting host networking would be the easiest way though we used SR-IOV with multus which requires some work. If you are familiar with HELM and Kubernetes I dont think this would be super difficult to get working again. Feel free to push changes to us!

[FerdiGul]

In my system, i have 2 nodes and i just have a error when install helm within your helm repo. But i ve got error about "secretkeyRef" that named "Error: secret "passive-interface" not found"

output of $kubectl describe pod moloch-moloch-capture-0 :

Type Reason Age From Message

---

Normal Pulled 17m (x3340 over 12h) kubelet Container image "gcr.io/edcop-public/runner:8" already present on machine
Warning Failed 114s (x3409 over 12h) kubelet Error: secret "passive-interface" not found

[FerdiGul]

Hello bro, i ve solved the problem as i show on bottom:
$kubectl create secret generic passive-interface --from-literal='interface=neverforget'

two pods are named 'moloch-moloch-capture-0' and 'moloch-moloch-viewer-0' are worked in running status by kube system.

So all my steps for install moloch with helm on my demo system:

1. $git clone https://github.com/sealingtech/EDCOP-MOLOCH
2. $cd EDCOP-MOLOCH
3. $helm install moloch moloch/ --values moloch/values.yaml
4. $helm list (ok)
5. $kubectl get po
6. check any error with:
$kubectl describe pod moloch-moloch-capture-0
after that you can see this error "secret 'passive-interface' not found". So when i see this name-key parts as i shared link (https://github.com/sealingtech/EDCOP-MOLOCH/blob/master/moloch/templates/moloch-capture.yaml) , you can see sth like this:

    - name: INTERFACE
      valueFrom:
        secretKeyRef:
          **name: passive-interface
          key: interface**

7. `$kubectl create secret generic passive-interface --from-literal='interface=neverforget'``

Consequently, you can see all nodes are up!

[FerdiGul]

So, you know that we own two pod for moloch now but in normally we have to do moloch configurations as like ./Configure and install elasticsearch and other steps as you know. In kubernetes system, how can i do it? i have to enter into pod? so if it is, which pod is? what will we do after install moloch to kubernetes?

[dlohin]

The tools were meant to be deployed on this:
https://github.com/sealingtech/EDCOP

We have a lot of documents on here.

If you look on our GitHub we have all the components. For Elasticsearch I would not recommend using ours and instead recommend using the Elasticsearch Operator. All the tools assume that they are able to dump data into data-service and therefore you need to create a Service with that name.