- Download the script in attachment, edit it as needed;
- Run this script to generate the certificates and .yaml;
- Deploy the redtail-secrets-grpc.yaml to create the secrets;
- Edit redtail_hkceagent.yaml and redtail_console.yaml in text editor, set "grpc_enable_tls" to "true" . And appended the lines below:
(also see the example in redtail_console.yaml attached)
volumeMounts:
- name: redtail-secret-volume
mountPath: /redtail/tls-grpc/
readOnly: true
volumes:
- name: redtail-secret-volume
secret:
secretName: redtail-secrets-grpc
- Redeploy redtail_hkceagent.yaml and redtail_console.yaml
For Hawkagent running on premises:
- Copy the certificates generated above to the machine where hawkagent is running
- Edit hawkagent.cfg, configure grpc properties below:
-grpc_session grpc_svc_external_url:port
-grpc_enable_tls true
-grpc_server_ca /full/path/grpc_certs/ca.crt
-grpc_server_hostname mytestgrpc
-grpc_client_certificate /full/path/grpc_certs/client.crt
-grpc_client_key /full/path/grpc_certs/client.pem
- Start the hawkagent, register this domain in HawkConsole. You should be able to see this domain from HawkConsole.