Question: Support for use in Podman or Kubernetes environments

[jezkerwin]

Has there been any thought to running Vectr in a Podman or Kubernetes type environment?

I'm manually attempting to convert the docker-compose file to Podman or k8s but if it's been done by someone else already.

[SRAPSpencer]

We have considered it and done some research but it is something we haven't had the engineering bandwidth to dedicate to implementing. We don't see any reason it wouldn't be possible but you may experience some performance issues with a MongoDB container that isn't running on the same container host.

Recently it seems Red Hat added some official support for compose. https://www.redhat.com/sysadmin/podman-docker-compose

We haven't tried this yet but it's likely the path of least resistance if you can't use docker proper. I'd love to hear how it goes if you try it.

[carlvonderheid]

We were able to get VECTR running with our delivered docker-compose.yml file leveraging the podman-compose project. There are some notes about that here at the bottom of the FAQ: https://docs.vectr.io/upgrading/non-root-migration/faq/

[reg0bs]

I am creating k8s manifests for vectr as well at the moment and I am wondering which environment variables are needed for which workloads. Is there any documentation matching the variables from the env file with the different containers? Thanks!

[SRAPSpencer]

I am creating k8s manifests for vectr as well at the moment and I am wondering which environment variables are needed for which workloads. Is there any documentation matching the variables from the env file with the different containers? Thanks!

You can find the env documentation here

https://docs.vectr.io/VECTR-Installation-Configuration-ENV-File-Description/

They essentially all relate to the tomcat container and mongo connection. The main obstacle full k8s support is the VXF containers.

https://docs.vectr.io/vxf/configuration/

These are rta_webserver, rta_builder and Redis. We haven't validating running without them, but you can likely get away with it. Communicating between these and tomcat isn't currently configurable, there is some expected values in the default docker environment.

I'd recommend just getting vectr_tomcat and mongo up and communicating first if this is something you're looking to pursue.

[reg0bs]

Thanks for your help!

I brought all the containers up and the application seems fine to me, but I don't know what talks to what in the background. I guess the containers you are speaking of make use of resolving other containers by name using DNS? Because if this is the case it should be able to mimic this behavior using services in k8s.

If you point me to where these values are stored and how I check if my environment fully works I can have a look if you want.

[carlvonderheid]

Yes, the containers resolve by service name using DNS.

We are currently researching Helm to deploy on K8s. There are a few things that we need to fix in the codebase to make VECTR easy for users to orchestrate outside of the docker-compose.yml that we provided.

Here are a couple off the top of my head:

1. If the service name of "vectr-mongo" changes, the name needs to propagate to the MONGO_URL in the .env file.
2. We have not yet made "vectr-rta-webserver" configurable or templated, so that'll need to stay as is in order to use Attack Automation.

[l50]

Was any progress ever made by anyone on this problem? Are there any manifests or a helm chart out there?

[SRAPSpencer]

Was any progress ever made by anyone on this problem? Are there any manifests or a helm chart out there?

No progress officially, but we are aware of it. Some changes have been made to the run as user for the container to help facilitate it in the future. https://docs.vectr.io/upgrading/non-root-migration/faq/

[thebleucheese]

VECTR can be deployed in a kubernetes environment but we're unable to offer community-level support for complex configurations at this time. Please contact us on discord or via our website to discuss further if needed.