☸️ Kubernetes Deployment

Deploy Jibril on Kubernetes clusters as a DaemonSet for comprehensive runtime security monitoring across all nodes.

🚀 Quick Start

🎯 Helm Chart (Recommended)

Production-ready deployment with Helm.

helm repo add jibril https://garnet-labs.github.io/jibril
helm repo update

helm install jibril jibril/jibril \
  --namespace jibril-system \
  --create-namespace

View Helm guide →

📜 Setup Script

Automated deployment script for quick setup.

./setup-k8s.sh --namespace=jibril

View script guide →

📋 Prerequisites

☸️ Kubernetes

• Version: 1.16+
• Recommended: 1.25+
• Cluster access configured

kubectl version --short

🐧 Node Requirements

• Linux kernel 5.10+
• eBPF support enabled
• x86_64 or aarch64 architecture

🔐 Permissions

• Create DaemonSets
• Privileged pods
• Host network/PID access

🎯 Deployment Methods

1️⃣ Helm Chart

Best for: Production deployments, GitOps workflows, configuration management

# Add repository
helm repo add jibril https://garnet-labs.github.io/jibril
helm repo update

# Install
helm install jibril jibril/jibril \
  --namespace jibril-system \
  --create-namespace

# Verify
kubectl get pods -n jibril-system

Features:

• ConfigMap-based configuration
• Resource limits and requests
• Node selectors and tolerations
• Rolling updates
• Easy customization with values.yaml

📖 Full Helm guide →

2️⃣ Setup Script

Best for: Quick deployments, testing, custom environments

# Download script
curl -L https://github.com/garnet-labs/jibril/raw/main/setup-k8s.sh -o setup-k8s.sh
chmod +x setup-k8s.sh

# Run with defaults
./setup-k8s.sh --namespace=jibril

# Or customize
./setup-k8s.sh \
  --namespace=jibril \
  --memory-limit=1Gi \
  --node-selector=security=enabled

Features:

• Simple shell script
• Customizable options
• Generates YAML manifests
• Dry-run mode available

📖 Full script guide →

⚙️ Configuration

📝 Via ConfigMap

apiVersion: v1
kind: ConfigMap
metadata:
  name: jibril-config
  namespace: jibril-system
data:
  config.yaml: |
    run-time:
      log-level: info
    cadences:
      file-access: 9
    # ... rest of config

🎛️ Via Helm Values

# values.yaml
config:
  logLevel: info
  cadences:
    fileAccess: 9

resources:
  limits:
    memory: 1Gi
    cpu: 500m

📖 See: Configuration Guide for detailed configuration options

🔒 Required Permissions

Jibril DaemonSet requires these privileges:

securityContext:
  privileged: true
  capabilities:
    add:
    - SYS_ADMIN
    - NET_ADMIN
    - SYS_PTRACE
    - SYS_RESOURCE
hostPID: true
hostNetwork: true
hostIPC: true

Required for:

• Loading eBPF programs
• Kernel-level monitoring
• Network traffic inspection
• Process tracking

📦 DaemonSet Architecture

🖥️ One Pod Per Node

Jibril runs as a DaemonSet-one pod on every node (or selected nodes) for comprehensive cluster monitoring.

📂 Host Mounts

Required host paths:

• /sys/fs/bpf - eBPF filesystem
• /sys/kernel/debug - Debug filesystem
• /proc - Process information
• /sys - System information

📝 Logging

Logs stored in:

• /var/log/jibril/ on host
• Pod stdout/stderr
• Optional: Forward to centralized logging

🎛️ Advanced Options

🎯 Node Selection

Target specific nodes:

nodeSelector:
  security-monitoring: "true"

Or with script:

--node-selector=security-monitoring=true

🏷️ Tolerations

Deploy on tainted nodes:

tolerations:
- key: "security"
  value: "true"
  effect: "NoSchedule"

Or with script:

--toleration=security:true:NoSchedule

📊 Resource Limits

resources:
  requests:
    memory: 512Mi
    cpu: 200m
  limits:
    memory: 1Gi
    cpu: 500m

🔍 Verification & Troubleshooting

✅ Check Deployment

# Check pods
kubectl get pods -n jibril-system

# View logs
kubectl logs -n jibril-system \
  daemonset/jibril -f

# Check node coverage
kubectl get daemonset -n jibril-system

🔧 Debug Issues

# Describe pod
kubectl describe pod -n jibril-system \
  -l app=jibril

# Check events
kubectl get events -n jibril-system \
  --sort-by='.lastTimestamp'

# Exec into pod
kubectl exec -it -n jibril-system \
  daemonset/jibril -- /bin/sh

☁️ Cloud Provider Notes

AWS EKS

• Use AL2 or Bottlerocket AMIs
• Kernel 5.10+ by default
• PSP/PSA: Allow privileged pods
• Fully supported

Google GKE

• Standard or hardened nodes
• eBPF enabled by default
• COS or Ubuntu node images
• Fully supported

Azure AKS

• All node pools compatible
• Kernel 5.4+ on Ubuntu nodes
• PSP: Allow privileged
• Fully supported

Others

• DigitalOcean DOKS ✅
• Linode LKE ✅
• Minikube ✅
• MicroK8s ✅
• Kind ⚠️ (higher resource usage)

🎓 Best Practices

✅ Recommended

• 📦 Use Helm for production deployments
• 🏷️ Pin specific image versions
• 📊 Set appropriate resource limits
• 🎯 Use node selectors for dedicated nodes
• 📝 Store configuration in version control
• 🔍 Monitor pod health and logs
• 🧪 Test in staging before production

⚠️ Avoid

• ❌ Using :latest tag in production
• ❌ Insufficient memory allocation
• ❌ Deploying without testing
• ❌ Ignoring pod restart loops
• ❌ Missing node kernel requirements
• ❌ Not monitoring resource usage
• ❌ Deploying on Kind without adjustments

🚀 Next Steps

⚓

Helm Chart

Production deployment guide

📜

Setup Script

Quick deployment automation

⚙️

Configuration

Customize Jibril behavior

🎨

Customization

Create custom detections