Kubernetes deployment preparation
A minimal Siren Investigate deployment consists of the following:
Secrets containing the Investigate configuration file: the certificates and keys.
A StatefulSet to run the Investigate containers.
A service to load balance the Investigate containers in the StatefulSet.
Before you store secrets on the Kubernetes cluster, make sure your cluster is configured to effectively encrypt them. For more information, see the Kubernetes documentation and the documentation of your cluster provider.
On the machine where you have
kubectlinstalled, create a directory named
Optional: If you want to deploy Investigate to a specific namespace, create the namespace with
kubectl create namespace <name>, for example:
kubectl create namespace siren
investigatedirectory, create a file named
investigate.ymland add the following content to the file:
# Listen on all IP addresses server.host: "0.0.0.0" # Disable SSL on Investigate (see the documentation to enable TLS between the ingress and Investigate) server.ssl.enabled: false # Set to the URL of your Elasticsearch cluster including the port elasticsearch.url: "https://siren-es-http:9200" # If you want to disable completely the verification of the Elasticsearch Cluster certificate, set to "none". # # If your cluster is using a public CA, for example if it's hosted on Elastic Cloud, set the verificationMode to "full" # # If your cluster is using a private CA, set the verification mode to "certificate" # and set elasticsearch.ssl.certificateAuthorities to the path of a file containing the CA certificate chain. elasticsearch.ssl.verificationMode: none elasticsearch.username: "sirenserver" # Specify the password of the sirenserver user elasticsearch.password: "password" kibana.defaultAppId: "dashboard" investigate_access_control: enabled: true acl: enabled: true admin_role: investigate_admin cookie: name: 'kac' # This password will be used to encrypt the session cookie, make sure to customize it password: '7vGx4(hLwNur19trqYZkSnOvT$U@*o9r' # Change to true when exposing Investigate to the Internet using TLS secure: false backend: xpack siren_scripting: enabled: true browserApiWhitelist: - 'Math' - 'setTimeout' - 'clearInterval' - 'setInterval' - 'document.getElementById' librariesWhitelist: - 'lodash' - 'EUI' - 'React'
Customize the following parameters:
elasticsearch.url: the URL of the Elasticsearch cluster, including the port.
elasticsearch.password: the password of the
investigate_access_control.cookie.password: a 32 ASCII character key used to encrypt cookies.
Upload the configuration file as a secret named
investigate-config, for example:
kubectl -n siren create secret generic investigate-config --from-file=investigate.yml=investigate.yml
You can use the same command to create additional secrets referenced in your Investigate configuration file, such as TLS certificates and keys.
Create a file named
investigate-set.yamland add the following content:
# Headless service for internal resolution. apiVersion: v1 kind: Service metadata: name: investigate spec: clusterIP: None ports: - port: 5606 name: http selector: app: investigate --- # Investigate containers apiVersion: apps/v1 kind: StatefulSet metadata: name: investigate labels: app: investigate spec: serviceName: investigate replicas: 1 selector: matchLabels: app: investigate template: metadata: labels: app: investigate spec: terminationGracePeriodSeconds: 30 containers: - name: investigate image: sirensolutions/siren-investigate:12.1.4 imagePullPolicy: IfNotPresent ports: - containerPort: 5606 livenessProbe: tcpSocket: port: 5606 initialDelaySeconds: 20 periodSeconds: 10 startupProbe: tcpSocket: port: 5606 initialDelaySeconds: 20 periodSeconds: 20 failureThreshold: 30 resources: limits: memory: 6Gi cpu: 2 requests: memory: 6Gi cpu: 2 env: # The URL of the data cluster. Make sure to set this to the same value as "elasticsearch.url" in the Investigate configuration file. - name: ELASTICSEARCH_URL value: "https://siren-es-http:9200" # Increase this number when you want to force a statefulset upgrade # after changing the configuration secret, then apply the statefulset again. - name: CONFIG_VERSION value: "1" - name: INSTANCE_ID valueFrom: fieldRef: fieldPath: metadata.name volumeMounts: - name: config mountPath: /opt/siren-investigate/config/investigate.yml readOnly: true subPath: investigate.yml volumes: - name: config secret: defaultMode: 0644 secretName: investigate-config
Apply the manifest, for example:
kubectl -n siren apply -f investigate-set.yaml
After a few minutes, confirm that the StatefulSet is ready:
kubectl -n siren get statefulset/investigate NAME READY AGE investigate 1/1 97s
You can view the logs of the Investigate pod with the following command:
kubectl -n siren logs pod/investigate-0
To test that Investigate is running, forward Investigate to your machine, for example:
kubectl -n siren port-forward service/investigate 5606
Sign in to http://localhost:5606.
To see how to change the Investigate configuration and perform version upgrades see the Maintaining Siren Investigate on Kubernetes section.