Install a sidecar with Helm 3
Prerequisites
- Have a Kubernetes cluster deployed.
- Install Helm 3.
Deploy the sidecar
The Cyral sidecar is typically installed in the same VPC as the data repositories it protects.
In the Cyral management console, navigate to the Sidecars tab and click the plus sign.
Follow the instructions titled Deploying sidecar to Kubernetes cluster using Helm 3.
Fill in the required configuration for your sidecar and download the generated value file.
caution
In the template, the access key and registry key variables are assigned automatically by the Cyral template generator. Cyral uses these key values to access the Cyral control plane and Cyral container registry, respectively. These values are private keys, so you should not upload them to any source control or non-private storage.
If you keep your access key and registry key values in secure storage, then you must restore these values in your template each time you deploy. When you do so, double-check that these values match the current values for your environment. Incorrect values will prevent communication between the sidecar and the Cyral management console or even prevent the sidecar from being deployed.
Modify the downloaded
values.yaml
file if needed. For a list of deployment settings, see the Sidecar deployment scenarios and Sidecar settings reference, below.tip
You can also run
helm show values --repo https://charts.cyral.com cyral-sidecar
to get a full view of the possible values on the latest version of the sidecar chart.Apply the
values.yaml
file to your Kubernetes cluster.info
The command for applying the sidecar to your cluster will be generated after you've finished downloading the generated
values.yaml
file.note
You also have the option to deploy using your own namespace name. To do this substitute the name we provide with your own. To create a namespace, the command is:
kubectl create namespace <namespace name>
The command to deploy the sidecar with a custom namespace will look similar to:
helm upgrade -i cyral-bmzrjg cyral-sidecar --namespace <namespace name> -f sidecar.yaml --repo https://charts.cyral.com --version <Cyral version>
Once your sidecar has been deployed, the Cyral management console lists it in the Sidecars tab. Here, we've created a sidecar named
sandbox-sidecar
.
Next, you should assign at least one repository to your sidecar, and Cyral recommends adding a domain alias for your sidecar.
Sidecar deployment scenarios
Cyral Sidecar Helm value.yaml
files downloaded from the Cyral management console
allow you to deploy a sidecar with the options you chose in Cyral's
UI. After you download the charts, you can further customize them by
editing the downloaded file. Below, we show the settings for
these common deployment scenarios: