Appearance
Helm Installation
Deploy Jibril to Kubernetes using the Garnet Helm chart.
First Steps
- Check the Requirements
- Obtain your API Token
Add Helm Repository
bash
helm repo add garnet https://helm.garnet.ai
helm repo updateInstall
Standalone Mode
Deploy Jibril in standalone mode without Garnet API connection for testing, evaluation, or custom integrations:
bash
helm install jibril garnet/garnet \
--namespace jibril-system \
--create-namespace \
--set standalone.enabled=trueTo specify a particular Jibril version
bash
helm install jibril garnet/garnet \
--namespace jibril-system \
--create-namespace \
--set standalone.enabled=true \
--set standalone.jibrilVersion=v2.9.1Garnet Mode
Deploy Jibril in Garnet mode with full Garnet API integration for centralized policy management:
bash
helm install jibril garnet/garnet \
--namespace jibril-system \
--create-namespace \
--set garnet.token=YOUR_GARNET_API_TOKENGarnet API
Find more information about the Garnet API.
Configure the Helm Chart
Key Helm Chart Parameters
| Parameter | Description |
|---|---|
standalone.enabled | Enable Jibril standalone mode Default: false |
standalone.jibrilVersion | Override Jibril version Default: "" |
garnet.url | Garnet API URL Default: https://api.garnet.ai |
garnet.token | Garnet API token Default: "" |
cluster.name | Name of the cluster Default: garnet-cluster |
jibril.image.repository | Repository for Jibril image Default: garnetlabs/jibril |
jibril.image.tag | Tag for Jibril image Default: v2.9.1 |
Resource Limits
bash
helm install jibril garnet/garnet \
--namespace jibril-system \
--create-namespace \
--set standalone.enabled=true \
--set jibril.resources.requests.memory=512Mi \
--set jibril.resources.requests.cpu=200m \
--set jibril.resources.limits.memory=1Gi \
--set jibril.resources.limits.cpu=500mCustom Registry
bash
helm install jibril garnet/garnet \
--namespace jibril-system \
--create-namespace \
--set standalone.enabled=true \
--set image.registry=my-registry.example.com/ \
--set image.pullSecrets[0]=my-registry-secretCustom Configuration (optional)
See Configuration for more details.
bash
helm install jibril garnet/garnet \
--namespace jibril-system \
--create-namespace \
--set standalone.enabled=true \
--set jibrilConfig.customConfig=true \
--set-file jibrilConfig.configYaml=./config.yamlNetwork Policy Support
Create a Network Policy file
yaml
# netpolicy.yaml
version: v1
policies:
- name: block-malicious
rules:
- action: drop
domains:
- malicious.com
ips:
- 10.0.0.1Deploy with Network Policy
bash
helm install jibril garnet/garnet \
--namespace jibril-system \
--create-namespace \
--set standalone.enabled=true \
--set networkPolicyConfig.enabled=true \
--set-file networkPolicyConfig.policyYaml=./netpolicy.yamlIn order to use the network policy, make sure your configuration file includes the following features and events:
yaml
features:
# Use netpolicy to detect suspicious behavior.
- netpolicyyaml
events:
# Drop IP addresses that match the network policy.
- dropipVerify Deployment
Check the deployment
bash
# Check pods
kubectl get pods -n jibril-system
# Check logs
kubectl logs -n jibril-system daemonset/jibril-jibril
# Run helm tests
helm test jibril -n jibril-systemPod Management Commands
bash
# Get detailed pod information
kubectl describe pod -n jibril-system -l app.kubernetes.io/name=jibril
# Check configuration
kubectl exec -n jibril-system daemonset/jibril-jibril -- cat /etc/jibril/config.yaml
# Check network policy (if enabled)
kubectl exec -n jibril-system daemonset/jibril-jibril -- cat /var/run/secrets/jibril/network-policy.yamlUpgrading
Upgrade the Helm chart
bash
helm repo update
helm upgrade jibril garnet/garnet \
--namespace jibril-system \
--set standalone.enabled=trueUpdate the network policy
To update network policy:
bash
helm upgrade jibril garnet/garnet \
--namespace jibril-system \
--set standalone.enabled=true \
--set networkPolicyConfig.enabled=true \
--set-file networkPolicyConfig.policyYaml=./netpolicy.yamlPods will automatically restart to apply changes.
Uninstalling
bash
helm uninstall jibril -n jibril-system