Kubernetes Onboarding using Terraform

The Panoptica Kubernetes controller can be deployed using the official Terraform Helm provider. This provides an efficient way to automate the deployment process in the CI/CD pipeline.

First, generate the full Helm command for your deployment, including the Helm chart details and the Helm values. There are three ways you can do this:

• Use our API to generate the Helm chart details and the Helm values separately (recommended):
  • https://docs.panoptica.app/reference/getintegrationhelmvalues
  • https://docs.panoptica.app/reference/getintegrationhelmchartinfo
• Run panoptica-k8s integration install-command <integration name> in the Panoptica K8s CLI to generate the full Helm command.
• Use the Panoptica console UI to generate the Helm command for deploying Panoptica's Kubernetes controller.

Once you have the full Helm command, you're ready to configure the values in your Terraform file.
See https://registry.terraform.io/providers/hashicorp/helm/latest/docs for details.

Example

For example, if your Helm command looks something like this:

helm upgrade --install panoptica oci://public.ecr.aws/ciscoeti/panoptica/charts/panoptica-kubernetes-integration --version 1.2.4 --create-namespace -n panoptica 
--set global.mgmtHostname=portshift.panoptica.app 
--set global.panopticaIntegration.id=x8x8x8x8
--set global.panopticaIntegration.kspm.enabled=true 
--set global.panopticaIntegration.apiSecurity.enabled=false 
--set global.panopticaIntegration.cdr.enabled=false 
--set kubernetes-integration-deployment-controller.api.url=us1.deploymentmanager.panoptica.app 
--set kubernetes-integration-deployment-controller.syncIntegrationJob.api.url=us1.k8s-integration.panoptica.app 
--set kubernetes-integration-deployment-controller.secret.token=x8x8x8x8x8x8x8x8
--set k8sec-controller.controller.secret.sharedSecret=x8x8x8x8x8x8x8x8 
--set k8sec-controller.controller.agentID=x8x8x8x8

Your Terraform file would look something like this:

# main.tf

provider "helm" {
  kubernetes {
    config_path = "~/.kube/config"
  }
}

resource "helm_release" "kubernetes_integration" {
  name             = panoptica
  namespace        = panoptica
  create_namespace = true

  repository = "oci://public.ecr.aws/ciscoeti/panoptica/charts/"
  chart      = "panoptica-kubernetes-integration"
  version    =  1.2.4

  set {
    name  = "global.mgmtHostname"
    value = "portshift.panoptica.app"
  }
  set {
    name  = "global.panopticaIntegration.id"
    value = "x8x8x8x8"
  }
  set {
    name  = "global.panopticaIntegration.kspm.enabled"
    value = "true"
  }
  set {
    name  = "global.panopticaIntegration.apiSecurity.enabled"
    value = "false"
  }
  set {
    name  = "global.panopticaIntegration.cdr.enabled"
    value = "false"
  }
  set {
    name  = "kubernetes-integration-deployment-controller.api.url"
    value = "us1.deploymentmanager.panoptica.app"
  }
  set {
    name  = "kubernetes-integration-deployment-controller.syncIntegrationJob.api.url"
    value = "us1.k8s-integration.panoptica.app"
  }
  set {
    name  = "kubernetes-integration-deployment-controller.secret.token"
    value = "x8x8x8x8x8x8x8x8"
  }
  set {
    name  = "k8sec-controller.controller.secret.sharedSecret"
    value = "x8x8x8x8x8x8x8x8"
  }
  set {
    name  = "k8sec-controller.controller.agentID"
    value = "x8x8x8x8"
  }
}   

Then, instead of running the Helm command directly in your environment, simply run Terraform as follows:

terraform init  
terraform apply