(408) 800-2536 support@dasera.com

Welcome to Dasera's Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Installing Dasera sidecars using Helm

    Table of Contents

    Overview Architecture Register Sidecar Pool Install Helm Chart Validate Sidecar Connections Upgrading Sidecars Next Steps

    Overview

    These instructions are used to provision all resources necessary for running sidecars within your own Kubernetes cluster. 

    Architecture

    Excerpt: Sidecar: Architecture

    Dasera provides a flexible collection architecture, consisting of one or many sidecars you deploy alongside the main application. These sidecars connect to data stores to runs scans, uploading the results to the Dasera application.

    A single sidecar can scan multiple data stores in its installation environment. Typically, you will deploy one sidecar per individual environment (e.g. VNet, VPC, etc.), however you may choose to install multiple sidecars for additional scalability and redundancy. The Dasera application automatically load balances scans across healthy sidecars in each sidecar pool. 

    Architecture Diagram

    Below is an architecture diagram showing the relationship between Dasera's resources & environments and your own. While it is AWS-specific, the basic concepts apply to other setups, including self-hosted.

     
     

    Register Sidecar Pool

    Excerpt: Sidecar: Registration

    To setup the relationship between your sidecars and Dasera-hosted tenant, you will provide the sidecars with a unique authentication token generated within our Sidecar Administration UI.

    If you already have an existing sidecar pool token to use, you can skip this section. Otherwise, follow these instructions to acquire a new token.

    1. Log into the Dasera application.
    2. Navigate to the Platform Settings > Sidecar menu to display the Sidecar Administration screen.
    3. Click the Add Sidecar Pool button.
    4. The Add Sidecar Pool modal is displayed.
    5. On the Details tab, complete the following field:
    Field Value
    Name Any friendly value to describe the sidecar pool.
    1. Click the Generate Credentials button.
    2. The Token tab is displayed in the Add Sidecar Pool modal.
    3. Click the copy icon next to the Sidecar Token field to save the generated token to your clipboard. 

    Excerpt: Callout: Token Copy

    Be sure to copy your new token before you continue, as you will not be able to se

    Be sure to copy your new token before you continue, as you will not be able to see it again.

     
    1. Click the I’VE COPIED IT button to exit the modal.

    Since you haven't yet associated this token with a sidecar, the Version and Status columns will be empty for now.

    The above generated token will be used for each individual sidecar within the sidecar pool.

    Install Helm Chart

    1. Download the correct Helm Chart package from the following URL:
    wget https://dasera-release.s3.us-west-2.amazonaws.com/helm-dasera-hosted.zip
    1. Extract the package contents. 
    2. Navigate to the extracted dasera directory.
    3. Run the following command to install Dasera, substituting the following parameters: 

    Note: many deployment parameters can be customized via the command below. We recommend you inspect the contents of the values.yaml file before running this command to familiarize yourself with the deployment parameters and their default values. If you want to change any of the defaults, simply append additional ---set <variable>=<value> flags to the command below.

     
    helm upgrade --install dasera dasera --namespace dasera --create-namespace --set image.tag=latest --values dasera/values.yaml \
    --set daseraMainApplicationHost=... \
    --set sidecarPoolToken=... \
    --set sidecarCount=...
    Parameter Value
    daseraMainApplicationHost

    Your tenant URL minus the protocol.

    For example, if your tenant is accessed using https://example.dasera.io, your value will be example.dasera.io.
    sidecarPoolToken An existing sidecar token, or a new one generated in the Register Sidecar Pool section above.
    sidecarCount (optional)

    (optional) The number of sidecars to deploy in conjunction with the application. If left blank, the default will be 1.

    By default, the most-current sidecar image (tagged as latest) will be downloaded to your local repository.  If necessary, your account team may advise you to substitute the set image.tag value to a more-specific value; otherwise, use latest.

     

    When the installation is complete, the Helm Chart will display output similar to the following example:

    Deployment complete!

Please visit the Sidecar Adminstration page at https://example.dasera.io/platform-settings/sidecar
to confirm the sidecars were successfully registered.

    Resources Created

    Each time it is installed, the Helm Chart will manage deployment & management of the following:

    • One or more pod(s) for individual Dasera sidecars

    You can run the kubectl command to view additional detail on each pod.

     
     

    Validate Sidecar Connections

    Excerpt: Sidecar: Validate Sidecar Connection

    When deploying sidecar, you'll need to ensure that the sidecar has the ability to reach two URLs on port 443: 

    https://[tenant-name].dasera.io
     https://[tenant-name]-sidecar.dasera.io

    Your tenant name reflects how you access your Dasera instance. For example, if Dasera is accessed using https://example.dasera.io, your tenant URL will be example.dasera.io.

     

    Take the following steps to verify the connectivity from the sidecar.

    1. SSH to the sidecar
    2. Run the command [curl] to [api/pulse] for both URLs, as shown below
    curl https://[tenant-name].dasera.io/api/pulse
    curl https://[tenant-name]-sidecar.dasera.io/api/pulse
    1. A successful response will resemble the following
    {"version":"6.3.0.311","build_target":"prod","deployment_type":"saas"}%

     

    Once a sidecar is running, you can now validate it is properly communicating with your Dasera application. 

    1. Log into the Dasera application.
    2. Navigate to the Platform Settings > Sidecar screen.
    3. For the sidecar(s) in question, validate that Version column is populated and its matching Status indicator is green. 

    It may take a few minutes for newly-running sidecars to communicate with the Dasera application. If both values have not updated after 20 minutes, double-check that you configured your sidecars correctly and update the pool token, if necessary.

    Upgrading Sidecars

    You may need to occasionally upgrade your sidecars so they remain compatible with your Dasera application instance or tenant.

    To upgrade sidecars that were deployed via Helm, you must redeploy the Helm chart using the instructions within the Install Helm Chart section above.

    Next Steps

    Connect Dasera to your infrastructure accounts so Data Store discovery & scanning can begin. 

    Was this article helpful?

    Recently Updated

    Still can't find what you are looking for?

    Contact Support