Container image gets automatically built by quay.io at Cerberus image. The builds will be triggered by any commit pushed to this repository.
Refer to the instructions for information on how to build and run the containerized version of cerberus.
To run containerized Cerberus as a Kubernetes/OpenShift Deployment, follow these steps:
- Configure the config.yaml file according to your requirements.
- Create a namespace under which you want to run the cerberus pod using
kubectl create ns <namespace>. - Switch to
<namespace>namespace:- In Kubernetes, use
kubectl config set-context --current --namespace=<namespace> - In OpenShift, use
oc project <namespace>
- In Kubernetes, use
- Create a ConfigMap named kube-config using
kubectl create configmap kube-config --from-file=<path_to_kubeconfig> - Create a ConfigMap named cerberus-config using
kubectl create configmap cerberus-config --from-file=<path_to_cerberus_config> - Create a serviceaccount to run the cerberus pod with privileges using
kubectl create serviceaccount useroot.- In Openshift, execute
oc adm policy add-scc-to-user privileged -z useroot.
- In Openshift, execute
- Create a Deployment and a NodePort Service using
kubectl apply -f cerberus.yml - Accessing the go/no-go signal:
- In Kubernetes, execute
kubectl port-forward --address 0.0.0.0 pod/<cerberus_pod_name> 8080:8080and access the signal athttp://localhost:8080andhttp://<hostname>:8080. - In Openshift, create a route based on service cerberus-service using
oc expose service cerberus-service. List all the routes usingoc get routes. Use HOST/PORT associated with cerberus-service to access the signal.
- In Kubernetes, execute
NOTE: It is not recommended to run Cerberus internal to the cluster as the pod which is running Cerberus might get disrupted.