Open FerdiGul opened 3 years ago
You would likely need to hack things up a bit. This was designed to run on an OS that we called "EDCOP". We have been working on getting Zeek and Suricata into Openshift/OKD. At this point you would need a Kubernetes cluster. Getting host networking would be the easiest way though we used SR-IOV with multus which requires some work. If you are familiar with HELM and Kubernetes I dont think this would be super difficult to get working again. Feel free to push changes to us!
In my system, i have 2 nodes and i just have a error when install helm within your helm repo. But i ve got error about "secretkeyRef" that named "Error: secret "passive-interface" not found"
output of $kubectl describe pod moloch-moloch-capture-0 :
Type Reason Age From Message
Normal Pulled 17m (x3340 over 12h) kubelet Container image "gcr.io/edcop-public/runner:8" already present on machine Warning Failed 114s (x3409 over 12h) kubelet Error: secret "passive-interface" not found
Hello bro, i ve solved the problem as i show on bottom:
$kubectl create secret generic passive-interface --from-literal='interface=neverforget'
two pods are named 'moloch-moloch-capture-0' and 'moloch-moloch-viewer-0' are worked in running status by kube system.
So all my steps for install moloch with helm on my demo system:
1.$git clone https://github.com/sealingtech/EDCOP-MOLOCH
$cd EDCOP-MOLOCH
$helm install moloch moloch/ --values moloch/values.yaml
$helm list (ok)
$kubectl get po
check any error with:
$kubectl describe pod moloch-moloch-capture-0
after that you can see this error "secret 'passive-interface' not found". So when i see this name-key parts as i shared link (https://github.com/sealingtech/EDCOP-MOLOCH/blob/master/moloch/templates/moloch-capture.yaml) , you can see sth like this:
- name: INTERFACE
valueFrom:
secretKeyRef:
**name: passive-interface
key: interface**
`$kubectl create secret generic passive-interface --from-literal='interface=neverforget'``
Consequently, you can see all nodes are up!
So, you know that we own two pod for moloch now but in normally we have to do moloch configurations as like ./Configure and install elasticsearch and other steps as you know. In kubernetes system, how can i do it? i have to enter into pod? so if it is, which pod is? what will we do after install moloch to kubernetes?
The tools were meant to be deployed on this:
https://github.com/sealingtech/EDCOP
We have a lot of documents on here.
If you look on our GitHub we have all the components. For Elasticsearch I would not recommend using ours and instead recommend using the Elasticsearch Operator. All the tools assume that they are able to dump data into data-service and therefore you need to create a Service with that name.
Hi, ı wanna use your moloch for kubernetes but how can i install it my system? Can you explain step by step