Deploy Using Helm

This is an example guide on how to deploy SUSE Security via Helm to be used alongside SUSE Rancher installations. For further information regarding SUSE Security deployment methods, refer to Planning Deployments.

Prerequisites

  • A running SUSE Rancher cluster.

  • Ensure you have Helm installed to make use of the Helm CLI.

  • The Kubectl command-line tool configured to communicate with your cluster.

Ensure you choose a SUSE Security chart version that is compatible with your SUSE Rancher version. Refer to the NeuVector feature in the Rancher Apps / Cluster Tools section of the SUSE Rancher support matrix for the latest compatible chart. Note all SUSE Security 5.x versions can be applied to all supported Rancher versions.

This example deploys the SUSE Security v5.4.9 chart (108.0.2+up2.8.11) for the Rancher v2.13.x release line.

Installation

  1. Add the Helm repository and update to get the latest charts:

    helm repo add rancher-charts https://charts.rancher.io/
helm repo update

  2. Install the neuvector-crd chart:

    helm install neuvector-crd --namespace cattle-neuvector-system --create-namespace rancher-charts/neuvector-crd --version={chart-version}

    1. If your cluster has Pod Security Admission (PSA) enabled, you must label the namespace to allow privileged containers:

      kubectl label namespace cattle-neuvector-system pod-security.kubernetes.io/enforce=privileged

  3. If you already have a custom values.yaml file, ensure the following values are set. You can use the values.yaml file at the following release-v2.13 chart as a template if needed.

    1. The global.cattle.url is set to your Rancher URL in a format such as https://your-rancher-url.com.

    2. Ensure the value of controller.federation.managedsvc.type is set to NodePort.

    3. The global.cattle.systemDefaultRegistry is set to <Prime-Registry-URL>.

      To learn more about the Prime Registry URL, see our Prime-only documentation. Authentication is required. Use your SUSE Customer Center (SCC) credentials to log in.
      Example: values.yaml
      ...
global: # required for Rancher authentication (https://<Rancher_URL>/)
  cattle:
    url: https://your-rancher-url.com # Update with your Rancher URL
    systemDefaultRegistry: <Prime-Registry-URL>
...
controller:
  federation:
    managedsvc:
      type: NodePort
  prime:
    enabled: true # Activates Prime features in v5.4.6+

  4. Install the main chart:

    helm install neuvector --namespace cattle-neuvector-system --create-namespace rancher-charts/neuvector --version={chart-version} -f values.yaml

  5. Run the following command to find your NodePort to access the SUSE Security UI. From the result below the specified NodePort is 30101.

    kubectl get svc --namespace cattle-neuvector-system neuvector-service-webui

NAME                      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
neuvector-service-webui   NodePort   10.43.207.222   <none>        8443:30101/TCP   21m

Post-Installation

The default login credentials for the SUSE Security UI username and password is admin / admin. You are prompted to change this upon your first login.