Kubernetes Onboarding using Terraform
The Panoptica Kubernetes controller can be deployed using the official Terraform Helm provider. This provides an efficient way to automate the deployment process in the CI/CD pipeline.
First, generate the full Helm command for your deployment, including the Helm chart details and the Helm values. There are three ways you can do this:
- Use our API to generate the Helm chart details and the Helm values separately (recommended):
- Run
panoptica-k8s integration install-command <integration name>
in the Panoptica K8s CLI to generate the full Helm command. - Use the Panoptica console UI to generate the Helm command for deploying Panoptica's Kubernetes controller.
Once you have the full Helm command, you're ready to configure the values in your Terraform file.
See https://registry.terraform.io/providers/hashicorp/helm/latest/docs for details.
Example
For example, if your Helm command looks something like this:
helm upgrade --install panoptica oci://public.ecr.aws/ciscoeti/panoptica/charts/panoptica-kubernetes-integration --version 1.2.4 --create-namespace -n panoptica
--set global.mgmtHostname=portshift.panoptica.app
--set global.panopticaIntegration.id=x8x8x8x8
--set global.panopticaIntegration.kspm.enabled=true
--set global.panopticaIntegration.apiSecurity.enabled=false
--set global.panopticaIntegration.cdr.enabled=false
--set kubernetes-integration-deployment-controller.api.url=us1.deploymentmanager.panoptica.app
--set kubernetes-integration-deployment-controller.syncIntegrationJob.api.url=us1.k8s-integration.panoptica.app
--set kubernetes-integration-deployment-controller.secret.token=x8x8x8x8x8x8x8x8
--set k8sec-controller.controller.secret.sharedSecret=x8x8x8x8x8x8x8x8
--set k8sec-controller.controller.agentID=x8x8x8x8
Your Terraform file would look something like this:
# main.tf
provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
resource "helm_release" "kubernetes_integration" {
name = panoptica
namespace = panoptica
create_namespace = true
repository = "oci://public.ecr.aws/ciscoeti/panoptica/charts/"
chart = "panoptica-kubernetes-integration"
version = 1.2.4
set {
name = "global.mgmtHostname"
value = "portshift.panoptica.app"
}
set {
name = "global.panopticaIntegration.id"
value = "x8x8x8x8"
}
set {
name = "global.panopticaIntegration.kspm.enabled"
value = "true"
}
set {
name = "global.panopticaIntegration.apiSecurity.enabled"
value = "false"
}
set {
name = "global.panopticaIntegration.cdr.enabled"
value = "false"
}
set {
name = "kubernetes-integration-deployment-controller.api.url"
value = "us1.deploymentmanager.panoptica.app"
}
set {
name = "kubernetes-integration-deployment-controller.syncIntegrationJob.api.url"
value = "us1.k8s-integration.panoptica.app"
}
set {
name = "kubernetes-integration-deployment-controller.secret.token"
value = "x8x8x8x8x8x8x8x8"
}
set {
name = "k8sec-controller.controller.secret.sharedSecret"
value = "x8x8x8x8x8x8x8x8"
}
set {
name = "k8sec-controller.controller.agentID"
value = "x8x8x8x8"
}
}
Then, instead of running the Helm command directly in your environment, simply run Terraform as follows:
terraform init
terraform apply
Updated 8 months ago