Skip to main content

Installing Prequel

Helm

Add the Prequel Helm chart repository with the following command:

helm repo add prequel https://prequel-dev.github.io/helm

Step 1: Name the installation

export INSTALL_NAME=prequel-collector

Step 2: Configure secrets

You can provide the API token at install time or use a secrets manager to install it ahead of time in the same namespace.

info

The API token can be found in the Prequel cloud console under your User Profile -> Onboarding. Prequel Customer Success will also provide you with an API token to use for your first installation.

If you are providing the token at install time, then set the following environment variable and move on to the next step:

export PROVISION_TOKEN=<prequel-api-token>
tip

You can avoid providing the API token at install time by using an external secrets manager and adding --set externalSecrets=true

If you are using an external secrets manager, then ensure the following secrets are installed in the same namespace as the Helm chart:

---
apiVersion: v1
kind: Secret
metadata:
  name: myprequeltoken
type: Opaque
stringData:
  apiKey: <prequel provision token>
---
apiVersion: v1
kind: Secret
metadata:
  name: registrycred
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: <prequel registry credentials>

Install with --set externalSecrets=true.

Step 3. Set the cluster name

Prequel will assign a random cluster identifier during the install if none is provided. You can specify a friendly name at install time so that you can recognize the cluster in the Prequel cloud console. Prequel recommends setting this value, especially when installing Prequel on CI/CD environments.

export CLUSTER_NAME="prequel-gke-cluster-1"

Step 4. Install

helm install -n prequel $INSTALL_NAME prequel/prequel-collector \
  --set api.token=$PROVISION_TOKEN \
  --set api.clusterName=$CLUSTER_NAME \
  --create-namespace
  • If you are installing on OpenShift, then follow optional steps below and add --set scc=true
  • If you are adding node affinity/tolerations, then follow optional steps below and add -f prequel_patch.yaml

Optional Step 5. Set the SecurityContextConstraints (required for OpenShift only)

If you are installing Prequel on an OpenShift cluster, then you must set scc=true in the Helm values.yaml or specify --set scc=true on the command line when you execute the Helm installation command below.

Optional Step 6. Set node affinity

If you prefer to install Prequel on a subset of your cluster nodes using affinity labels, then you can update the values.yaml file or specify a Helm patch file.

For example, if you would only like to install Prequel on nodes with the following labels:

  • customer=test
  • kubernetes.io/arch=amd64
  • kubernetes.io/os=linux

Then create the following prequel_patch.yaml patch file:

probes:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/arch
            operator: In
            values:
            - amd64
          - key: kubernetes.io/os
            operator: In
            values:
            - linux
          - key: customer
            operator: In
            values:
            - test

Be sure to add -f prequel-patch.yaml to your Helm install command below.

Optional Step 7. Set node tolerations

In Kubernetes, taints allow nodes to repel pods. If taints have been applied to nodes in your environment, you'll need to declare tolerations to allow Kubernetes to schedule pods on nodes with matching taints.

For example, if you would like to install Prequel on nodes with the following labels:

  • service=dedicated

Then add the following to your prequel_patch.yaml patch file:

$ cat tolerations.yaml 
probes:
  tolerations:
    - key: service 
      operator: Equal
      value: dedicated
      effect: NoSchedule

Be sure to add -f prequel_patch.yaml to your Helm install command below.

ArgoCD

ArgoCD UI

  1. Go to Applications -> New App
  2. Set the Application Name to prequel-vX.Y.Z
  3. Set the Project Name to your configured project
  4. Configure the Sync Policy and options as you see fit (we recommend the defaults)
  5. Set the Source Repository URL to https://prequel-dev.github.io/helm and the Type to "Helm"
  6. Set the Chart to prequel-collector and the Version to the latest version available in the dropdown
  7. Select the Destination Cluster
  8. Set the Namespace to prequel (ensure that this namespace exists)

Update the Helm values:

  1. Set the api.token to the Prequel API token provided to you by Customer Success
  2. Set the api.clusterName to a recognizable and unique name that will shown in the UI for detections from this cluster
  3. Set node affinity and tolerations using the syntax described in the Helm instructions above.

Below is an example ArgoCD application yaml that you can use to configure your Prequel application. Be sure to add/remove/change the following values:

  • name
  • server
  • targetRevision
  • api.token
  • api.clusterName
  • affinity
  • tolerations
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: prequel
spec:
  destination:
    name: prequel-collector
    namespace: prequel
    server: 'https://kubernetes.default.svc'
  source:
    path: ''
    repoURL: 'https://prequel-dev.github.io/helm'
    targetRevision: 0.8.1
    chart: prequel-collector
    helm:
      parameters:
        - name: >-
            probes.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key
          value: kubernetes.io/arch
        - name: >-
            probes.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator
          value: In
        - name: >-
            probes.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0]
          value: amd64
        - name: >-
            probes.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[1].key
          value: customer-label
        - name: >-
            probes.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[1].operator
          value: In
        - name: >-
            probes.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[1].values[0]
          value: customer1
        - name: probes.tolerations[0].key
          value: dedicated
        - name: probes.tolerations[0].operator
          value: Equal
        - name: probes.tolerations[0].value
          value: probes
        - name: probes.tolerations[0].effect
          value: NoSchedule
        - name: api.token
          value: <prequel-token>
        - name: api.clusterName
          value: test-clustername
  sources: []
  project: default