1、Docker、Docker-Compose安装
https://www.cnblogs.com/a120608yby/p/9883175.html https://www.cnblogs.com/a120608yby/p/14582853.html
2、基于Docker-Compose部署NeuVector
# vim docker-compose.yml
version: "3.8"
services:
allinone:
pid: host
image: neuvector/allinone:latest
container_name: neuvector.allinone
restart: always
cap_add:
- SYS_ADMIN
- NET_ADMIN
- SYS_PTRACE
- IPC_LOCK
security_opt:
- apparmor=unconfined
- seccomp=unconfined
- label=disable
environment:
- CLUSTER_JOIN_ADDR=部署主机的IP
- NV_PLATFORM_INFO=platform=Docker
ports:
- 18300:18300
- 18301:18301
- 18400:18400
- 18401:18401
- 18301:18301/udp
- 8443:8443
networks:
- ops_default
volumes:
- /lib/modules:/lib/modules:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /proc:/host/proc:ro
- /sys/fs/cgroup:/host/cgroup:ro
- /var/neuvector:/var/neuvector
scanner:
image: neuvector/scanner:latest
container_name: scanner
restart: always
environment:
- CLUSTER_JOIN_ADDR=部署主机的IP
ports:
- 18402:18402
networks:
- ops_default
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
ops_default:
external: true
3、基于Docker-Compose部署主机端Enforcer
# vim docker-compose.yml
version: "3.8"
services:
enforcer:
pid: host
image: neuvector/enforcer:latest
container_name: neuvector.enforcer
restart: always
cap_add:
- SYS_ADMIN
- NET_ADMIN
- SYS_PTRACE
- IPC_LOCK
security_opt:
- apparmor=unconfined
- seccomp=unconfined
- label=disable
environment:
- CLUSTER_JOIN_ADDR=NeuVector部署主机的IP
- NV_PLATFORM_INFO=platform=Docker
ports:
- 18301:18301
- 18401:18401
- 18301:18301/udp
networks:
- ops_default
volumes:
- /lib/modules:/lib/modules:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /proc:/host/proc:ro
- /sys/fs/cgroup/:/host/cgroup/:ro
networks:
ops_default:
external: true
4、启动服务
docker compose up -d
5、查看服务启动状态
docker compose ps
6、访问
访问地址:https://部署主机的IP:8443/ 默认账号:admin 默认密码:admin
参考:
https://github.com/neuvector/neuvector https://open-docs.neuvector.com/deploying/docker
