Outshift Logo

INSIGHTS

7 min read

Blog thumbnail
Published on 04/26/2023
Last updated on 02/05/2024

KubeClarity: Install and Test Drive

Share

Lean Into Software Supply Chain Security with KubeClarity Series
https://github.com/openclarity/kubeclarity
Learn How to Install and Use KubeClarity
Figure-1: Learn to Install KubeClarity

After exploring the inner workings of KubeClarity in the previous post, we've made significant progress with the KubeClarity series and are ready to get hands-on with it. In this blog post, I'll walk you through installing KubeClarity and setting it up to run a few vulnerability scans as a solid foundation to begin your KubeClarity adventure.


Installation

KubeClarity understands there's no one-size-fits-all solution, so it offers multiple installation options. Install it locally, via Docker, or on a Kubernetes cluster-based system. For those using KubeClarity for the first time, I suggest going for a Docker-based installation to avoid platform-specific dependency issues. If you still want to try a local install on your platform, check out the README for more details.

In this post, I’ll focus on two types of installs: a Docker-based install followed by an install on a KinD cluster.


Docker-Based Installation

Let's proceed with the installation assuming you've cloned the KubeClarity repo and have a local Docker instance up and running.

Opting for a Docker-based installation is a breeze and will only take three commands to get KubeClarity up and running. The installation package also includes readily available synthetic demo data for testing. So, you'll be up and running in just a blink of an eye, go ahead and try it.


Build

First, run the below command to build UI and backend (the image tag is set using VERSION).

VERSION=test make docker-backend

Check out Figure-2 below to see what a successful run of this command should look like:

Output from make docker-backend command
Figure-2: Output from” make docker-backend” Command

Run

Next, run the backend using demo data with the following command:

docker run -p 8080:8080 -e FAKE_RUNTIME_SCANNER=true -e FAKE_DATA=true -e ENABLE_DB_INFO_LOGS=true -e DATABASE_DRIVER=LOCAL ghcr.io/openclarity/kubeclarity:test run

Check out Figure-3 below to see what a successful run of this command should look like:

Docker Run
Figure-3: Output from KubeClarity “docker run” Command

Launch UI

Next, open KubeClarity UI in the browser:

 http://localhost:8080

Notice the UI dashboard in Figure-4 below. It comes populated with sample data for you to visualize. Feel free to click around and play with various features supported on KubeClarity UI.


KubeClarity UI Dashboard
Figure-4: KubeClarity UI Dashboard with Synthetic Data

Wasn't that super easy? Technically, we can end this blog here because we have the software up and running. But if you want to take it further and run KubeClarity in a Kubernetes cluster with real data, let's jump in and try a KinD-based install next.



KinD-Based Installation

This section assumes you have KinD installed, up, and running on your machine. If you need a refresher on KinD, you can learn more about it here and install it. Make sure to install a version that is suitable for your platform. 

Note: KubeClarity currently does not support multi-platform Docker builds and is limited to the standard X86/AMD architectures. If you are on an ARM or some other unsupported platform, you should seek alternate installation means like EKS. Installing KubeClarity on an unsupported platform may not fully initialize its functional components. Let's dive in if you're ready to run KubeClarity in KinD.

Here is my KinD cluster configuration as an example. I’d recommend using the same configuration and following these instructions exactly if you are a first-time installer or new to KinD-based installs. Otherwise, skip these steps and jump straight to the next section to install KubeClarity if you already have a KinD cluster running.

Configure Cluster

First, create a cluster config using the example code below:

cat > kind-cluster.yaml << EOF

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
 - role: control-plane
 - role: worker

EOF

Create Cluster

Verify that the cluster is created by running the get nodes command as below:

kubectl get nodes

If you used the config file from above, you should see a similar output with a single control plane and two worker nodes like my example output as captured in Figure-5 below:

List of KinD Cluster Nodes
      Figure-5: List of KinD Cluster Nodes

Now that the KinD cluster is running let’s install KubeClarity.


Install KubeClarity

KubeClarity helps you manage installations conveniently with Helm charts. Check here if you need a primer on Helm. To Install KubeClarity with Helm charts, you must run the following five steps outlined in the README.


 helm repo add kubeclarity https://openclarity.github.io/kubeclarity


Make sure we get the latest list of charts

 helm repo update

helm show values kubeclarity/kubeclarity > values.yaml

Check the configuration in values.yaml file from above and update the required values if needed. To enable and configure the supported SBOM generators and vulnerability scanners, you can check the "analyzer" and "scanner" config under the "vulnerability-scanner" section in Helm values. You can skip this step and leave it on default config settings.


helm install --values values.yaml --create-namespace kubeclarity kubeclarity/kubeclarity -n kubeclarity

Let's verify that the installation is complete and all pods are running. You should see four pods running in the “kubeclarity” namespace, like in Figure-6 below.

In my case, I have a load balancer deployed to the front end of my cluster, which is why you may see some extra pods. Installing a load balancer is completely optional.


KubeClarity namespace
Figure-6: KubeClarity Pods Running in The KubeClarity Namespace

Launch UI

To access the UI port forward as indicated by the KubeClarity, install instructions in the readme.

kubectl port-forward -n kubeclarity svc/kubeclarity-kubeclarity 9999:8080

Open KubeClarity UI in the browser: http://localhost:9999/

With a fresh installation, you will notice that the KubeClarity UI dashboard is a clean slate with empty data, as seen in Figure-7 below:


KubeClarity Dashboard One
Figure 7: KubeClarity UI Dashboard with Empty Data


Let’s start a scan and jump-start KubeClarity in the KinD cluster. Select the “Run Time” scan option in the UI from the left-hand pane, as shown in Figure-8 below:

KubeClarity UI Dashboard for Starting a Run Time Scan
Figure-8: KubeClarity UI Dashboard for Starting a Run Time Scan


Choose the options from the drop-down as seen in Figure-9 below, and start the scan by pressing the “Start Scan” button on the right side.


KubeClarity UI Dashboard Showing Options for Starting a Run Time Scan
Figure-9: KubeClarity UI Dashboard Showing Options for Starting a Run Time Scan

Feel free to click around and discover all the amazing features KubeClarity offers. It's sure to impress you!


Conclusion

Explore KubeClarity, navigate the UI screens, and experiment with its security features. You can see firsthand how KubeClarity identifies, reports, and offers solutions for addressing vulnerabilities in your container environments. Enjoy the ride!


Next Up

To help you understand how to use KubeClarity with your cloud applications, we'll walk through installing KubeClarity on an EKS cluster and deploying and scanning a custom application.



---------------------------------

Pallavi Kalapatapu is a Principal engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization.

Subscribe card background
Subscribe
Subscribe to
the Shift!

Get emerging insights on emerging technology straight to your inbox.

Unlocking Multi-Cloud Security: Panoptica's Graph-Based Approach

Discover why security teams rely on Panoptica's graph-based technology to navigate and prioritize risks across multi-cloud landscapes, enhancing accuracy and resilience in safeguarding diverse ecosystems.

thumbnail
I
Subscribe
Subscribe
 to
the Shift
!
Get
emerging insights
on emerging technology straight to your inbox.

The Shift keeps you at the forefront of cloud native modern applications, application security, generative AI, quantum computing, and other groundbreaking innovations that are shaping the future of technology.

Outshift Background