Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Installing Netskope One DSPM sidecars using Helm

    Table of Contents

    Overview Architecture Excerpt: Sidecar: Architecture Register Sidecar Pool Excerpt: Sidecar: Registration Install Helm Chart Validate Sidecar Connections Upgrading Sidecars Next Steps

    Overview

    These instructions are used to provision all resources necessary for running sidecars within your own Kubernetes cluster. 

    Architecture

    Excerpt: Sidecar: Architecture

    Netskope One DSPM provides a flexible collection architecture, consisting of one or many sidecars you deploy alongside the main application. These sidecars connect to data stores to runs scans, uploading the results to the Netskope One DSPM application.

    A single sidecar can scan multiple data stores in its installation environment. Typically, you will deploy one sidecar per individual environment (e.g. VNet, VPC, etc.), however you may choose to install multiple sidecars for additional scalability and redundancy. The Netskope One DSPM application automatically load balances scans across healthy sidecars in each sidecar pool. 

    Architecture Diagram

    Below is an architecture diagram showing the relationship between Netskope One DSPM's resources & environments and your own. While it is AWS-specific, the basic concepts apply to other setups, including self-hosted.

     
     

    Register Sidecar Pool

    Excerpt: Sidecar: Registration

    To set up the relationship between your sidecars and Netskope One DSPM-hosted tenant, you will provide the sidecars with a unique authentication token generated within our Sidecar Administration UI.

    If you already have an existing sidecar pool token to use, you can skip this section. Otherwise, follow these instructions to acquire a new token.

    1. Log into the Netskope One DSPM application.
    2. Navigate to the Platform Settings > Sidecar menu to display the Sidecar Administration screen.
    3. Click the Add Sidecar Pool button.
    4. The Add Sidecar Pool modal is displayed.
    5. On the Details tab, complete the following field:
    Field Value
    Name Any friendly value to describe the sidecar pool.
    1. Click Save.
    2. Click Copy at the bottom of the Sidecar Authentication Token modal to save the generated token to your clipboard. 
    1. Click the “x” button to exit the modal.

    Since you haven't yet associated this token with a sidecar, the sidecar pool will appear only when you click the Show Inactive Sidecars icon in the upper right, with empty Version and Status columns for now.

    The above-generated token will be used for each individual sidecar within the sidecar pool.

    Install Helm Chart

    1. Download the correct Helm Chart package from the following URL:
    wget https://Netskope One DSPM-release.s3.us-west-2.amazonaws.com/helm-Netskope One DSPM-hosted.zip
    1. Extract the package contents. 
    2. Navigate to the extracted Netskope One DSPM directory.
    3. Run the following command to install Netskope One DSPM, substituting the following parameters: 

    Note: many deployment parameters can be customized via the command below. We recommend you inspect the contents of the values.yaml file before running this command to familiarize yourself with the deployment parameters and their default values. If you want to change any of the defaults, simply append additional ---set <variable>=<value> flags to the command below.

     
    helm upgrade --install Netskope One DSPM Netskope One DSPM --namespace Netskope One DSPM --create-namespace --set image.tag=latest --values Netskope One DSPM/values.yaml \
    --set Netskope One DSPMMainApplicationHost=... \
    --set sidecarPoolToken=... \
    --set sidecarCount=...
    Parameter Value
    Netskope One DSPMMainApplicationHost

    Your tenant URL minus the protocol.

    For example, if your tenant is accessed using https://example.Netskope One DSPM.io, your value will be example.Netskope One DSPM.io.
    sidecarPoolToken An existing sidecar token, or a new one generated in the Register Sidecar Pool section above.
    sidecarCount (optional)

    (optional) The number of sidecars to deploy in conjunction with the application. If left blank, the default will be 1.

    By default, the most-current sidecar image (tagged as latest) will be downloaded to your local repository.  If necessary, your account team may advise you to substitute the set image.tag value to a more-specific value; otherwise, use latest.

     

    When the installation is complete, the Helm Chart will display output similar to the following example:

    Deployment complete!

Please visit the Sidecar Adminstration page at https://example.Netskope One DSPM.io/platform-settings/sidecar
to confirm the sidecars were successfully registered.

    Resources Created

    Each time it is installed, the Helm Chart will manage deployment & management of the following:

    • One or more pod(s) for individual Netskope One DSPM sidecars

    You can run the kubectl command to view additional detail on each pod.

     
     

    Validate Sidecar Connections

    Excerpt: Sidecar: Validate Sidecar Connection

    When deploying sidecar, you'll need to ensure that the sidecar has the ability to reach two URLs on port 443: 

    https://[tenant-name].Netskope One DSPM.io
     https://[tenant-name]-sidecar.Netskope One DSPM.io

    Take the following steps to verify the connectivity from the sidecar.

    1. SSH to the sidecar
    2. Run the command [curl] to [api/pulse] for both URLs, as shown below
    curl https://[tenant-name].Netskope One DSPM.io/api/pulse
    curl https://[tenant-name]-sidecar.Netskope One DSPM.io/api/pulse
    1. A successful response will resemble the following
    {"version":"6.3.0.311","build_target":"prod","deployment_type":"saas"}%

     

    Once a sidecar is running, you can now validate it is properly communicating with your Netskope One DSPM application. 

    1. Log into the Netskope One DSPM application.
    2. Navigate to the Platform Settings > Sidecar screen.
    3. For the sidecar(s) in question, validate that Version column is populated and its matching Status indicator is green. 

    It may take a few minutes for newly-running sidecars to communicate with the Netskope One DSPM application. If both values have not updated after 20 minutes, double-check that you configured your sidecars correctly and update the pool token, if necessary.

    Upgrading Sidecars

    You may need to occasionally upgrade your sidecars so they remain compatible with your Netskope One DSPM application instance or tenant.

    To upgrade sidecars that were deployed via Helm, you must redeploy the Helm chart using the instructions within the Install Helm Chart section above.

    Next Steps

    Connect Netskope One DSPM to your infrastructure accounts so Data Store discovery & scanning can begin. 

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support