Deploy in Google Kubernetes Engine (GKE) with multi-node clusters

Google Kubernetes Engine (GKE) treats persistent volumes as cluster resources and they are shared by all nodes of a cluster. Our current method for using a Persistent Volume Claim (PVC) for retaining state and config of a sensor does not work in a GKE cluster of more than 1 node, as each sensor will attempt to write to the same PVC storage location causing the sensors to fail.

See the steps below for deploying the sensor to multi-node clusters of GKE. Be sure to choose the correct yaml file according to the runtime. For Docker Runtime, use cssensor-ds.yml (see steps under GKE node version 1.18 and older). For Containerd Runtime, use cssensor-containerd-ds.yml (see steps under GKE node version 1.19 and later).

GKE node version 1.18 and older

Follow the steps below for deploying the sensor to multi-node clusters of GKE. The steps in this section apply to GKE node version 1.18 and older.

Modify the cssensor-ds.yml with the following args:

args: ["--k8s-mode", "--sensor-without-persistent-storage", "--enable-console-logs"]

 

Under volumeMounts remove/comment persistent-volume and agent-volume sections.

volumeMounts:

- mountPath: /usr/local/qualys/qpa/data

 name: persistent-volume

- mountPath: /usr/local/qualys/qpa/data/conf/agent-data

 name: agent-volume

 

Under volumes remove/comment the persistent-volume and agent-volume sections.

volumes:

- name: persistent-volume

 hostPath:

   path: /usr/local/qualys/sensor/data

   type: DirectoryOrCreate

- name: agent-volume

 hostPath:

   path: /etc/qualys

   type: DirectoryOrCreate

GKE node version 1.19 and later

Follow the steps below for deploying the sensor to multi-node clusters of GKE. The steps in this section apply to GKE node version 1.19 and later.

Steps for deploying without persistent storage

Modify the cssensor-containerd-ds.yml with the following args:

args: ["--k8s-mode", "--container-runtime", "containerd", "--sensor-without-persistent-storage", "--enable-console-logs"]

 

Under volumeMounts remove/comment persistent-volume and agent-volume sections.

volumeMounts:

- mountPath: /usr/local/qualys/qpa/data

 name: persistent-volume

- mountPath: /usr/local/qualys/qpa/data/conf/agent-data

 name: agent-volume

 

Under volumes remove/comment the persistent-volume and agent-volume sections.

volumes:

- name: persistent-volume

 hostPath:

   path: /usr/local/qualys/sensor/data

   type: DirectoryOrCreate

- name: agent-volume

 hostPath:

   path: /etc/qualys

   type: DirectoryOrCreate

Steps for deploying with persistent storage

Follow the deployment instructions as outlined in the section Deploy in Kubernetes - Containerd Runtime but make the following change to the persistent storage path under volumes.

Under volumes, change the persistent storage path from "/usr/local/qualys/sensor/data" to "/tmp/qualys/sensor/data" since the default path is not writable on GKE nodes.

volumes:

- name: persistent-volume

 hostPath:

   path: /tmp/qualys/sensor/data

   type: DirectoryOrCreate