Posted Updated 3 minutes read (About 421 words)
Docker 部署 NeuVector
Docker 部署 NeuVector 适用于做简单的测试。
单点部署
部署 allinone 容器:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| docker run -d --name allinone \
--pid=host \
--privileged \
-e CLUSTER_JOIN_ADDR=172.16.16.142 \
-e NV_PLATFORM_INFO=platform=Docker \
-e CTRL_PERSIST_CONFIG=1 \
-p 18300:18300 \
-p 18301:18301 \
-p 18400:18400 \
-p 18401:18401 \
-p 10443:10443 \
-p 18301:18301/udp \
-p 8443:8443 \
-v /lib/modules:/lib/modules:ro \
-v /var/neuvector:/var/neuvector \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /sys/fs/cgroup:/host/cgroup:ro \
-v /proc:/host/proc:ro \
neuvector/allinone:5.4.1
|
部署 scanner 容器:
1
2
3
4
5
| docker run -td --name scanner \
-e CLUSTER_JOIN_ADDR=172.16.16.142 \
-e NV_PLATFORM_INFO=platform=Docker \
-p 18402:18402 -v /var/run/docker.sock:/var/run/docker.sock:ro \
harbor.warnerchen.com/rancher/neuvector-scanner:6
|
高可用部署
分别在多台节点上部署 allinone 容器:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| docker run -d --name allinone \
--pid=host \
--privileged \
-e CLUSTER_JOIN_ADDR=172.16.16.141,172.16.16.142,172.16.16.143 \
-e NV_PLATFORM_INFO=platform=Docker \
-e CTRL_PERSIST_CONFIG=1 \
-p 18300:18300 \
-p 18301:18301 \
-p 18400:18400 \
-p 18401:18401 \
-p 10443:10443 \
-p 18301:18301/udp \
-p 8443:8443 \
-v /lib/modules:/lib/modules:ro \
-v /var/neuvector:/var/neuvector \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /sys/fs/cgroup:/host/cgroup:ro \
-v /proc:/host/proc:ro \
neuvector/allinone:5.4.1
|
部署 enforcer 容器:
1
2
3
4
5
6
7
8
9
10
11
12
13
| docker run -d --name enforcer \
--pid=host \
--privileged \
-e CLUSTER_JOIN_ADDR=172.16.16.141,172.16.16.142,172.16.16.143 \
-e NV_PLATFORM_INFO=platform=Docker \
-p 18301:18301 \
-p 18401:18401 \
-p 18301:18301/udp \
-v /lib/modules:/lib/modules:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /sys/fs/cgroup:/host/cgroup:ro \
-v /proc:/host/proc:ro \
neuvector/enforcer:5.4.1
|
升级
升级 allinone 容器:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| docker stop allinone
docker rename allinone allinone-5.2.1
docker run -d --name allinone \
--pid=host \
--privileged \
-e CLUSTER_JOIN_ADDR=172.16.16.141,172.16.16.142,172.16.16.143 \
-e NV_PLATFORM_INFO=platform=Docker \
-e CTRL_PERSIST_CONFIG=1 \
-p 18300:18300 \
-p 18301:18301 \
-p 18400:18400 \
-p 18401:18401 \
-p 10443:10443 \
-p 18301:18301/udp \
-p 8443:8443 \
-v /lib/modules:/lib/modules:ro \
-v /var/neuvector:/var/neuvector \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /sys/fs/cgroup:/host/cgroup:ro \
-v /proc:/host/proc:ro \
neuvector/allinone:5.4.1
|
升级 enforcer 容器:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| docker stop enforcer
docker rename enforcer enforcer-5.2.1
docker run -d --name enforcer \
--pid=host \
--privileged \
-e CLUSTER_JOIN_ADDR=172.16.16.141,172.16.16.142,172.16.16.143 \
-e NV_PLATFORM_INFO=platform=Docker \
-p 18301:18301 \
-p 18401:18401 \
-p 18301:18301/udp \
-v /lib/modules:/lib/modules:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /sys/fs/cgroup:/host/cgroup:ro \
-v /proc:/host/proc:ro \
neuvector/enforcer:5.4.1
|
You need to set install_url to use ShareThis. Please set it in _config.yml.