Installing and Uninstalling Container Runtime Sensor

Install the CRS image on your K8s cluster using the unified helm chart - 'qualys-tc' hosted on ArtifactHub - https://artifacthub.io/packages/helm/qualys-helm-chart/qualys-tc.

'qualys-tc' is a unified helm chart used to install: 

  • Qualys Container Runtime Sensor (runtime-sensor)
  • Qualys Container Security Sensor (qcs-sensor)
  • Qualys Cluster Sensor (cluster-sensor)
  • Qualys Admission Controller (admission-controller)

Before you install the helm chart, you need to add and update it in your repository by running the below commands.

helm repo add qualys-helm-chart https://qualys.github.io/Qualys-Helm-Charts/
helm repo update

To install Qualys Container Runtime Sensor in your Cloud Provider,

  1. You can quickly install runtime-sensor setup using below command.
    helm install qualys-helm-chart/qualys-tc \
    --set runtimeSensor.enabled=true \
    -n qualys
  2. (Optional) You can also install CRS by pulling the helm chart locally and installing the CRS using the below commands.
    helm pull qualys-helm-chart/qualys-tc --untar

    Install the CRS after updating values.yaml file by passing the below command.
    helm install qualys-tc ./qualys-tc \
    --create-namespace \
    -n qualys
  3. Identify the environment in which your K8s Cluster is present. CRS currently supports Azure, AWS, GCP, OCI, Self-managed K8s, and Openshift environments.
  4. Get the respective resource id of your environment and run the installation commands.

  5. (Optional) If you don't have a POD, create one to generate the runtime events.
    kubectl create -f <POD_POLICY_FILE>

  6. To generate a file event,

    1. Create a Tracing policy.
      kubectl create -f <TRACING_POLICY_FILE_Name>

    2. Generate the file-events.
      You can generate file-events by either accessing (Open, Read), modifying (Edit) or deleting files which are enlisted in the tracing policy. Once generated you can observe their events (See CRS Output).

Once CRS is installed, the Process Events are automatically available on the Qualys Cloud Platform as shown in CRS Output

 To know how to uninstall a CRS instance, refer to Uninstalling CRS.

Installing CRS in Azure

To install CRS in Azure environment,

  1. Get the 'global.clusterInfoArgs.AZURE.id' (Azure Resource ID) value from your Azure environment by running this command - 
    az resource list --name '<Name of your cluster>'
     

    Sample O/P
    Search for the similar snippet shown below to get your Azure resource id ("id":xxxxxxxxxxxxxxxxxxxxxxxxxxxx).

    "id""/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",

    "location""<location>",

    "name""<cluster name>"

    ...}

  2. Run the following CLI commands to install the CRS.
    helm install qualys-tc qualys-helm-chart/qualys-tc \
    --set global.customerId=<customer id> \
    --set global.activationId=<activation id> \
    --set global.gatewayUrl=<gateway URL> \
    --set global.clusterInfoArgs.cloudProvider=AZURE \
    --set global.clusterInfoArgs.AZURE.id=<Azure Resource Id> \
    --set global.clusterInfoArgs.AZURE.region=<Region> \
    --set runtimeSensor.enabled=true \
    --create-namespace \
    -n qualys

Installing CRS in AWS

To install CRS in AWS environment,

  1. Get the 'global.clusterInfoArgs.AWS.arn' (AWS Resource ID) value from your AWS environment by running this command - 
    aws eks describe-cluster --name <cluster-name>
     

    Sample O/P
    Search for the similar snippet shown below to get your AWS arn
    ("arn":"arn:aws:eks:us-west-2:123456789012:cluster/aws-cluster-1" ).

    cluster": {

           "name": "eks-cluster-1",

           "arn": "arn:aws:eks:us-west-2:123456789012:cluster/eks-cluster-1",

    ...}

  2. Run the following CLI commands to install the CRS.
    helm install qualys-tc qualys-helm-chart/qualys-tc \
    --set global.customerId=<customer id> \
    --set global.activationId=<activation id> \
    --set global.gatewayUrl=<gateway URL> \ 
    --set global.clusterInfoArgs.cloudProvider=AWS \
    --set global.clusterInfoArgs.AWS.arn=<Cluster ARN> \
    --set runtimeSensor.enabled=true \
    --create-namespace \
    -n qualys

Installing CRS in GCP

To install CRS in GCP environment,

  1. Get the 'global.clusterInfoArgs.GCP.krn' value from your GCP environment by running this command - gcloud container clusters describe <cluster-name> --zone <zone/region>.

    Sample O/P
    Search for the 'selfLink' in the output (selfLink:<URL link><GCP Key Resource Name>)


    selfLink:     https://container.googleapis.com/v1/projects/<GCP Project ID>/zones/us-central1-c/clusters/cluster-zonal

    ...

    GCP Key Resource Name (KRN) in the above self link - /projects/<GCP Project ID>/zones/us-central1-c/clusters/cluster-zonal
    KRN is constructed based on your GCP project ID, GCP zone, and the cluster name.   

  2. Run the following CLI commands to install the CRS.
    helm install qualys-tc qualys-helm-chart/qualys-tc \
    --set global.customerId=<customer id> \
    --set global.activationId=<activation id> \
    --set global.gatewayUrl=<gateway URL>     \ 
    --set global.clusterInfoArgs.cloudProvider=GCP     \
    --set global.clusterInfoArgs.GCP.krn=<GCP Key Resource Name>     \ 
    --set runtimeSensor.enabled=true \
    --create-namespace \
    -n qualys

Installing CRS in OCI

To install CRS in OCI environment,

  1. Get the 'global.clusterInfoArgs.OCI.ocid' value from your OCI environment using the OCI console (Cluster Details > Cluster ID).

    Sample O/P
    OCI.ocid=ocid1.cluster.oc1.phx.axxxaaaa7bpfuy3uxxx6ssvhfwpfcxxxxj233evxcn6xxxxcoayt6vcocq

  2. Run the following CLI commands to install the CRS.
    helm install qualys-tc qualys-helm-chart/qualys-tc \
    --set global.customerId=<customer id>     \
    --set global.activationId=<activation id>     \
    --set global.gatewayUrl=<gateway URL>     \ 
    --set global.clusterInfoArgs.cloudProvider=OCI     \
    --set global.clusterInfoArgs.OCI.ocid=<Cluster OCID>     \
    --set global.clusterInfoArgs.OCI.clusterName="OCI"     \
    --set runtimeSensor.enabled=true \ 
    --create-namespace \
    -n qualys

Installing CRS in Self-managed K8s

An environment is considered as 'Self-managed K8s' when the K8s cluster is not from cloud provider Azure, Aws, OCI, or GCP and it is created and managed by you. 

To install CRS in a self-managed K8s environment, run the following CLI commands.

  1. Get the 'global.clusterInfoArgs.name=<cluster name>' value from your Self-managed k8s environment.
  2. Run the following CLI commands.
    helm install qualys-tc qualys-helm-chart/qualys-tc \
    --set global.customerId=<Customer ID> \
    --set global.activationId=<activation ID> \
    --set global.gatewayUrl=<gateway URL> \
    --set global.clusterInfoArgs.SELF_MANAGED_K8S.clusterName=<cluster name> \
    --set global.clusterInfoArgs.cloudProvider=SELF_MANAGED_K8S \
    --set runtimeSensor.enabled=true \
    --create-namespace \
    -n qualys

Installing CRS in Openshift

To install CRS in a Openshift environment, run the following CLI commands.

  1. Get the 'global.clusterInfoArgs.name=<cluster name>' value from your Openshift environment.
  2. Run the following CLI commands.
    helm install qualys-tc qualys-helm-chart/qualys-tc \
    --set global.customerId=<Customer ID> \
    --set global.activationId=<Activation ID> \
    --set global.gatewayUrl="<Gateway URL>" \
    --set global.clusterInfoArgs.SELF_MANAGED_K8S.clusterName=<cluster name> \
    --set global.clusterInfoArgs.cloudProvider=SELF_MANAGED_K8S \ 
    --set runtimeSensor.enabled=true \
    --set global.openshift=true \
    --create-namespace \
    -n qualys

Uninstalling CRS

If you have installed CRS helm chart directly from Helm repo, use below command to uninstall the CRS. 
helm uninstall qualys-helm-chart/qualys-tc \
-n qualys

OR

If you have pulled the CRS helm chart and installed it, use below command to uninstall the CRS.

helm uninstall qualys-tc ./qualys-tc \
-n qualys

 

To know about CRS parameters, refer to Command and Options.