Before you begin installing DOCair in your Kubernetes environment, it’s essential to ensure that the following prerequisites are met. These requirements cover aspects related to infrastructure, Kubernetes configurations, and other elements necessary for successful deployment.
Infrastructure and resources
1.- Kubernetes Cluster:
DOCair currently only supports linux-based container images. The proposal to extend support to other platforms (windows, BSD, etc.) will be studied.
Make sure you have access to a properly configured and functional Kubernetes cluster.
Verify that you have the necessary permissions to deploy and manage resources in the cluster.
Deploying the DOCair API will require granting you container listing, obtaining, and deleting permissions. This will be done through role configuration. More details will be given in Chapter 4.
The DOCair API requires a pod of its own with a container. Assess and tune the hardware resources available in the cluster to ensure that there is sufficient capacity to seamlessly incorporate this resource into your infrastructure.
Ensure that the network allows communication between the cluster nodes that contain the agent and the DOCair API. Agents send messages with the events to the DOCair API.
The DOCair API uses port 29876 to receive event messages from the agents. In addition, the DOCair API will need communication with the DOCexploit backend service, where event logging, classification, and reporting are managed. https is used for that communication with the backend of
docexploit (https://api.docair.docexploit.com). Remember that this configuration is provided automatically, and you only need to ensure connectivity and network availability as per the needs described.
Have the Kubernetes credentials you need to authenticate and manage resources in your cluster.
DOCair API uses authentication to access DOCexploit’s backend services, please have the corresponding credentials at your disposal. During deployment, a secret will be created for the DOCair API. This secret will contain the keys provided by DOCexploit. These keys contain the license for authorization of the use of the analysis system and for access to the configuration and event logging user interface.
