Start by installing a Kubernetes cluster. This can be done on one of the hyperscalers (AWS, GCP or Azure), cloud providers (Digital Ocean, Scaleway, etc) or on-premise in your own private network.
Before setting up Kerberos Enterprise, some configuration needs to happen. First thing that we need to do is setting up the RBAC permissions (Role Based Access Control). We need to enable this to be able to query specific endpoints from the Kubernetes API. By default these endpoints are locked, so we need to unlock them.
First clone the configrations from our Github repo.
git clone https://github.com/kerberos-io/enterprise cd enterprise-factory
Next go into the directory and execute the first Kubernetes configuration file
kubectl create -f ./yaml/factory/clusterrole.yaml
This will make several actions inside your cluster available. We need this to be able to create deployments from the factory web app.
Next we will install a couple of dependencies which are required for Kerberos Enterprise. Helm is a package manager for Kubernetes, it helps you setting up services more easily (this could be a MQTT broker, a database, etc). Instead of writing yaml files for every service we need, we use so called Charts (libraries), that you can reuse and configure the, with the appropriate settings.
Use one of the preferred OS package managers to install the Helm client:
brew install helm choco install kubernetes-helm scoop install helm gofish install helm
When you've installed the Helm client, we need to use it to initiate Helm (also called the Tiller service) inside your cluster. Tiller is what they call the server component of Helm.
kubectl create serviceaccount tiller --namespace kube-system kubectl create -f ./yaml/factory/tiller-clusterrolebinding.yaml helm init --service-account tiller
Now you have installed Helm inside your cluster we can move on by installing the dependencies.
Traefik is a reverse proxy and load balancer which allows you to expose your deployments more easily. Kerberos uses Traefik to expose it's APIs more easily.
By executing following helm command, we will install traefik and link it to a specific DNS name. Open the traefik values file,
yaml/traefik/values.yaml, and update the DNS name to your own domain.
dashboard: enabled: true --> domain: traefik.domain.com serviceType: NodePort rbac: enabled: true
helm install command.
helm install --name traefik -f ./yaml/traefik/values.yaml stable/traefik
After installation you should have an IP attached to traefik service, look for it by executing the
get service command. You will see the ip address in the
kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 36h --> traefik LoadBalancer 10.0.27.93 22.214.171.124 443:31623/TCP,80:31804/TCP 35h traefik-dashboard NodePort 10.0.252.6 <none> 80:31146/TCP 35h
Go to your DNS provider and link the domain you've configured in the first step
traefik.domain.com to the IP address of the
When browsing to
traefik.domain.com, you should see the traefik dashboard showing up.
Kerberos Enterprise generates configurations for every surveillance camera that you want to monitor. These configuration files are stored centrally in a MongoDB database. Therefore we use Helm to install a MongoDB instance inside your cluster.
Have a look into the
yaml/mongodb/values.yaml file, you will find plenty of configurations for your mongodb instance. You will also find the attribute where you can change the root password of mongodb.
helm repo add bitnami https://charts.bitnami.com/bitnami helm install --name mongodb bitnami/mongodb --values ./yaml/mongodb/values.yaml
The last step is to install the factory service. Kerberos Enterprise is managed through an application which we call the Factory.
The Factory is responsible for initiating the deployments inside your cluster. These deployments is what we also call (similar to the Open Source version) the machinery.
The Factory comes as a web interface which provides you with a tool to update your machineries easily, monitor them, etc. The Factory is the central portal for managing Kerberos Enterprise inside your cluster.
Before installing the Factory service, open the
yaml/factory/kubernetes.yaml configuration file. At the bottom file you will find two endpoints, similar to the traefik config file. Update the domain names to your own domain, and add these to your DNS server (pointing to the same IP as the traefik EXTERNAL-IP).
spec: rules: --> - host: factory.domain.com http: paths: - path: / backend: serviceName: factory servicePort: 80 --> - host: api.factory.domain.com http: paths: - path: / backend: serviceName: factory servicePort: 8081
Once you have corrected the DNS names, install the Factory service inside your cluster.
kubectl apply -f ./yaml/factory/kubernetes.yaml
Test out configuration
If everything worked out as expected, you should now have following services in your cluster:
It should look like this.
$ kubectl get pods NAME READY STATUS RESTARTS AGE factory-6f5c877d7c-hf77p 1/1 Running 0 2d11h mongodb-55566dc65c-xgmns 2/2 Running 0 4d13h traefik-7d566ccc47-mwslb 1/1 Running 0 4d12h
Once everything is configured correctly your cluster and DNS, you should be able to setup the Factory application. By navigating to the Factory domain
factory.domain.com in your browser you will see the Factory login page showing up.