sealingtech / EDCOP-MOLOCH

5 stars 4 forks source link

how can i add your helm repo to kubernetes system? #7

Open FerdiGul opened 3 years ago

FerdiGul commented 3 years ago

Hi, ı wanna use your moloch for kubernetes but how can i install it my system? Can you explain step by step

dlohin commented 3 years ago

You would likely need to hack things up a bit. This was designed to run on an OS that we called "EDCOP". We have been working on getting Zeek and Suricata into Openshift/OKD. At this point you would need a Kubernetes cluster. Getting host networking would be the easiest way though we used SR-IOV with multus which requires some work. If you are familiar with HELM and Kubernetes I dont think this would be super difficult to get working again. Feel free to push changes to us!

FerdiGul commented 3 years ago

In my system, i have 2 nodes and i just have a error when install helm within your helm repo. But i ve got error about "secretkeyRef" that named "Error: secret "passive-interface" not found"

output of $kubectl describe pod moloch-moloch-capture-0 :

Type Reason Age From Message


Normal Pulled 17m (x3340 over 12h) kubelet Container image "gcr.io/edcop-public/runner:8" already present on machine Warning Failed 114s (x3409 over 12h) kubelet Error: secret "passive-interface" not found

FerdiGul commented 3 years ago

Hello bro, i ve solved the problem as i show on bottom: $kubectl create secret generic passive-interface --from-literal='interface=neverforget'

two pods are named 'moloch-moloch-capture-0' and 'moloch-moloch-viewer-0' are worked in running status by kube system.

So all my steps for install moloch with helm on my demo system:

1.$git clone https://github.com/sealingtech/EDCOP-MOLOCH

  1. $cd EDCOP-MOLOCH

  2. $helm install moloch moloch/ --values moloch/values.yaml

  3. $helm list (ok)

  4. $kubectl get po

  5. check any error with: $kubectl describe pod moloch-moloch-capture-0 after that you can see this error "secret 'passive-interface' not found". So when i see this name-key parts as i shared link (https://github.com/sealingtech/EDCOP-MOLOCH/blob/master/moloch/templates/moloch-capture.yaml) , you can see sth like this:

    - name: INTERFACE
      valueFrom:
        secretKeyRef:
          **name: passive-interface
          key: interface**
  6. `$kubectl create secret generic passive-interface --from-literal='interface=neverforget'``

Consequently, you can see all nodes are up!

FerdiGul commented 3 years ago

So, you know that we own two pod for moloch now but in normally we have to do moloch configurations as like ./Configure and install elasticsearch and other steps as you know. In kubernetes system, how can i do it? i have to enter into pod? so if it is, which pod is? what will we do after install moloch to kubernetes?

dlohin commented 3 years ago

The tools were meant to be deployed on this:
https://github.com/sealingtech/EDCOP

We have a lot of documents on here.

If you look on our GitHub we have all the components. For Elasticsearch I would not recommend using ours and instead recommend using the Elasticsearch Operator. All the tools assume that they are able to dump data into data-service and therefore you need to create a Service with that name.