Cloud
August 19, 2021 By Laura Bennett
Shikha Maheshwari
Chris Rosen
5 min read

Step-by-step instructions to integrate NeuVector with the IBM Cloud Kubernetes Service to provide complete runtime container security.

Container technology makes it easy to deploy applications in the cloud, and Kubernetes is one of the popular choices for deploying containerized applications. But in this new and ever-changing container and microservices world, container security is critical. Vulnerabilities in applications residing within a container can be exploited if the right protections are not in place. This tutorial demonstrates how NeuVector integrates with the IBM Cloud Kubernetes Service to provide complete runtime container security for your production Kubernetes workloads.

NeuVector is a cloud-native container firewall for monitoring and protecting Kubernetes container deployments in production. The NeuVector solution is comprised of security containers that can be deployed on each node — like how you deploy your applications using Kubernetes. For evaluation purposes, NeuVector makes an Allinone container and an Enforcer container available.

Prerequisites

Steps

Step 1: Create a Kubernetes cluster in IBM Cloud

  1. Log into your IBM Cloud account. Select Kubernetes from the Navigation Menu.
  2. On the Kubernetes Overview page, select Create a Cluster.
  3. To create a cluster, set the following parameters:
    • Select Standard from the list of pricing plans.
    • Within the Orchestration services section, select the most current version of Kubernetes (if you are presented with a choice).
    • If you are offered Infrastructure options, choose Classic.
    • If you are offered Location choices, keep the default options that are prefilled.
    • If you are offered Worker pool choices to set up the number of worker nodes for your workload, leave it at the default number (this can be resized.)
    • Within the Resource details section, enter a name for your cluster.
    • In the Summary pane, review the order summary and then click Create.
  4. Worker nodes can take a few minutes to provision, but you can see the progress in the Worker nodes tab. When the status reaches Ready, you can start working with your cluster. See the Getting started with IBM Cloud Kubernetes Service documentation for more details about cluster creation.

You can also create a cluster from the command line by using the following IBM Cloud CLI command:

ibmcloud ks cluster create classic --name my_cluster

Step 2: Access the Kubernetes cluster

Now that the cluster is provisioned, you can access it from the IBM Cloud CLI tool that you downloaded in the Prerequisites.

Go to IBM Cloud Dashboard, click on Clusters under the Resource Summary section, then click on the name of the cluster that you created in Step 1. Then click on Actions > Connect via CLI, as shown below:

It will list the instructions to be performed:

Follow the instructions on the terminal to do the following:

  • Log into your cluster.
  • Set the Kubernetes context to your cluster.
  • Verify that you can connect to your cluster.

Step 3: Deploy NeuVector onto your Kubernetes cluster

3.1: Create a NeuVector service instance using IBM Cloud

Create an instance of NeuVector Container Security Platform using the IBM Cloud Catalog:

Provide the name of the service of your choice and click on Create.

Once the service is created, go to IBM Cloud Dashboard > Resource Summary section > Services and Softwares and click on the name of the NeuVector service created. It will take you the page to manage the NeuVector service instance:

Go to the Deployment section. The steps mentioned under Deploying the NeuVector Platform on an IBM Cloud IKS cluster need to be executed. It asks you to download two configuration files inclusing secret manifest and helm values. Please download those in the current working directory and copy the below steps in one bash script and execute all the steps in one go using the script:

Note: Please replace the IC_IKS_CLUSTER_ID value in below script with your cluster ID. To get your cluster ID, you can use the command ibmcloud ks cluster ls |grep <cluster-name>.

# To get your cluster ID
#ibmcloud ks cluster ls |grep <cluster-name>

# Set IKS cluster id (e.g. c1cd1i4xxxj1v6g)
IC_IKS_CLUSTER_ID=c1cd1i4xxxj1v6g

ibmcloud ks cluster config --admin --cluster $IC_IKS_CLUSTER_ID

IC_IKS_INGRESS_DOMAIN=$(ibmcloud ks cluster get --cluster $IC_IKS_CLUSTER_ID --json | python -c "import json,sys;obj=json.load(sys.stdin);print((obj['ingress']['hostname'] if 'ingress' in obj and 'hostname' in obj['ingress'] else (obj['ingressHostname'] if 'ingressHostname' in obj else '')));")
echo $IC_IKS_INGRESS_DOMAIN

IC_IKS_INGRESS_SECRET_NAME=$(ibmcloud ks cluster get --cluster $IC_IKS_CLUSTER_ID --json | python -c "import json,sys;obj=json.load(sys.stdin);print((obj['ingress']['secretName'] if 'ingress' in obj and 'secretName' in obj['ingress'] else (obj['ingressSecretName'] if 'ingressSecretName' in obj else '')));")
echo $IC_IKS_INGRESS_SECRET_NAME

kubectl config current-context
kubectl get pod --all-namespaces

kubectl create namespace neuvector

kubectl apply -n neuvector -f ./neuvector-secret-registry.yaml

NV_VERSION=4.2.2

helm install \
    'neuvector-core' \
    'core' \
    --repo 'https://neuvector.github.io/neuvector-helm/' \
    --namespace neuvector \
    --values ./neuvector-helm.yaml \
    --set "manager.ingress.host=neuvector.${IC_IKS_INGRESS_DOMAIN}" \
    --set "manager.ingress.secretName=${IC_IKS_INGRESS_SECRET_NAME}" \
    --set "tag=${NV_VERSION}" \
    --atomic –wait

After successful execution of all steps, it will give you URL to access NeuVector WebUI as https://neuvector.${IC_IKS_INGRESS_DOMAIN}.

3.2: Apply NeuVector license

Access the URL provided after successful deployment and login to NeuVector using default credentials admin/admin:

  • Accept the End User license agreement. Click on Accept.
  • You will see the following in bottom-right corner:
  • You can click on it to change the password. It will take you to the Profile Settings. Click on Edit Profile. Provide the current password and new password, then click Save.
  • Login again with new password.
  • Next is to add license key. Navigate to the License section as shown below and copy the license key:
  • Login to NeuVector and navigate to Settings > License. Paste the copied license key in the License Code box and click Activate.

Now you are all set to use NeuVector with your IBM Cloud Kubernetes Service Cluster.

Summary

The IBM Cloud Kubernetes Service makes it easy to set up a Kubernetes cluster to host your containerized applications. When running such applications in production, security is required to ensure that the applications are safe and communicating properly. NeuVector provides that runtime security in any cloud environment, providing a Layer 7 firewall, host and container processes monitoring, and vulnerability scanning solution. You can request a demo and access to the download by contacting NeuVector at info@neuvector.com.

Was this article helpful?
YesNo
Laura Bennett
Engineering Manager, Emerging Tech
Shikha Maheshwari
Solutions Architect, Code Patterns Team
Chris Rosen
Program Director, Offering Management

More from Cloud
April 26, 2024

Bigger isn’t always better: How hybrid AI pattern enables smaller language models

5 min read - As large language models (LLMs) have entered the common vernacular, people have discovered how to use apps that access them. Modern AI tools can generate, create, summarize, translate, classify and even converse. Tools in the generative AI domain allow us to generate responses to prompts after learning from existing artifacts. One area that has not seen much innovation is at the far edge and on constrained devices. We see some versions of AI apps running locally on mobile devices with…

April 8, 2024

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

April 4, 2024

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters