Skip to main content
Version: v4.5

Install a sidecar with Helm 3

Prerequisites

  1. Have a Kubernetes cluster deployed.
  2. Install Helm 3.

Deploy the sidecar

The Cyral sidecar is typically installed in the same VPC as the data repositories it protects.

  1. In the Cyral management console, navigate to the Sidecars tab and click the plus sign.



  2. Follow the instructions titled Deploying sidecar to Kubernetes cluster using Helm 3.



  3. Fill in the required configuration for your sidecar and download the generated value file.



    caution

    In the template, the access key and registry key variables are assigned automatically by the Cyral template generator. Cyral uses these key values to access the Cyral control plane and Cyral container registry, respectively. These values are private keys, so you should not upload them to any source control or non-private storage.

    If you keep your access key and registry key values in secure storage, then you must restore these values in your template each time you deploy. When you do so, double-check that these values match the current values for your environment. Incorrect values will prevent communication between the sidecar and the Cyral management console or even prevent the sidecar from being deployed.

  4. Modify the downloaded values.yaml file if needed. For a list of deployment settings, see the Sidecar deployment scenarios and Sidecar settings reference, below.

    tip

    You can also run helm show values --repo https://charts.cyral.com cyral-sidecar to get a full view of the possible values on the latest version of the sidecar chart.

  5. Apply the values.yaml file to your Kubernetes cluster.

    info

    The command for applying the sidecar to your cluster will be generated after you've finished downloading the generated values.yaml file.

    note

    You also have the option to deploy using your own namespace name. To do this substitute the name we provide with your own. To create a namespace, the command is:

    kubectl create namespace <namespace name>

    The command to deploy the sidecar with a custom namespace will look similar to:

    helm upgrade -i cyral-bmzrjg cyral-sidecar --namespace <namespace name> -f sidecar.yaml --repo https://charts.cyral.com --version <Cyral version>

    Once your sidecar has been deployed, the Cyral management console lists it in the Sidecars tab. Here, we've created a sidecar named sandbox-sidecar.



Next, you should bind at least one repository to your sidecar, and Cyral recommends adding a domain alias for your sidecar.

Sidecar deployment scenarios

Cyral Sidecar Helm value.yaml files downloaded from the Cyral management console allow you to deploy a sidecar with the options you chose in Cyral's UI. After you download the charts, you can further customize them by editing the downloaded file. Below, we show the settings for these common deployment scenarios: