Skip to main content
Version: 2.8.1

πŸ“œ Script Usage

⚠️ This script is outdated (currently using v2.6.10). It will be updated soon.

Usage​

./setup-k8s.sh [OPTIONS]
OptionDescription
--namespace=NAMEKubernetes namespace. Default: security
--image=IMAGEJibril container image. Default: garnetlabs/jibril:v2.6.10
--log-level=LEVELLog level (quiet, fatal, error, warn, info, debug). Default: info
--config=FILEPath to custom Jibril config.yaml file. Default: built-in
--memory-request=SIZEMemory request. Default: 256Mi
--memory-limit=SIZEMemory limit. Default: 512Mi
--cpu-request=AMOUNTCPU request. Default: 100m
--cpu-limit=AMOUNTCPU limit. Default: 500m
--node-selector=EXPRNode selector expression (e.g. 'role=security')
--toleration=KEY:VAL:EFFECTAdd toleration (can be used multiple times)
--output=FILEOutput YAML to file. Default: jibril-k8s.yaml
--dry-runPrint configuration without applying
--cleanupRemove existing Jibril resources from the cluster
--helpShow help

Examples​

  1. Basic deployment with defaults

    ./setup-k8s.sh

  2. Deploy to a custom namespace

    ./setup-k8s.sh --namespace=monitoring

  3. Add node toleration

    ./setup-k8s.sh --toleration=security-agent:true:NoSchedule

  4. Set custom memory limits

    ./setup-k8s.sh --memory-limit=1Gi --memory-request=512Mi

  5. Target specific nodes with a node selector

    ./setup-k8s.sh --node-selector=role=security

  6. Deploy on GPU nodes with higher CPU limits

    ./setup-k8s.sh --node-selector=gpu=true --cpu-limit=2 --cpu-request=500m

  7. Configure multiple tolerations

    ./setup-k8s.sh --toleration=security:true:NoSchedule --toleration=critical:true:NoExecute

  8. Use a custom Jibril configuration file

    ./setup-k8s.sh --config=/path/to/my-jibril-config.yaml

  9. Preview configuration without applying

    ./setup-k8s.sh --dry-run

  10. Save configuration to a custom file

    ./setup-k8s.sh --output=jibril-prod.yaml

  11. Clean up existing deployment

    ./setup-k8s.sh --cleanup --namespace=security

  12. Complete production deployment example

    ./setup-k8s.sh --namespace=security-prod \
      --image=garnetlabs/jibril:latest \
      --config=/etc/jibril/prod-config.yaml \
      --memory-limit=2Gi \
      --memory-request=1Gi \
      --cpu-limit=1 \
      --toleration=security-monitoring:true:NoSchedule \
      --node-selector=security-tier=high

Notes​

  • Jibril requires privileged access to run eBPF programs.
  • The script mounts necessary paths from the host:
    • /sys/fs/bpf
    • /sys/kernel/debug
    • /sys
    • /proc
    • /var/log/jibril
  • Log files are stored in /var/log/jibril on the host.
  • Configuration is supplied via a ConfigMap.