Time to install. Replace tenant.goskope.com, the Publisher name, and
1. Create the namespace and API credential Secret The default starter path uses a static API token:
1 2 3 4 5 kubectl create namespace npa-publisher kubectl create secret generic npa-api-token \ --namespace npa-publisher \ --from-literal=api-token='PASTE_NETSKOPE_API_TOKEN_HERE'
If you use OAuth2 client credentials instead, create this Secret:
1 2 3 4 5 6 kubectl create namespace npa-publisher kubectl create secret generic npa-api-oauth \ --namespace npa-publisher \ --from-literal=client-id='PASTE_CLIENT_ID_HERE' \ --from-literal=client-secret='PASTE_CLIENT_SECRET_HERE'
2. Write my-values.yaml For a static API token:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 image: repository: netskopeprivateaccess/publisher_u22 pullPolicy: IfNotPresent tag: latest workload: type: daemonset replicas: 1 networking: mode: pod disableIPv6: true tunDevice: enabled: true hostPath: /dev/net/tun mountPath: /dev/net/tun persistence: enabled: false enrollment: mode: api commonName: prod-k8s-publisher api: baseUrl: https://tenant.goskope.com existingSecret: npa-api-token tokenKey: api-token
For OAuth2 client credentials, use the same file but replace theenrollment.api block with:
1 2 3 4 5 6 7 8 9 10 11 enrollment: mode: api commonName: prod-k8s-publisher api: baseUrl: https://tenant.goskope.com authMode: oauth2 oauth2: tokenUrl: https://tenant.goskope.com/oauth2/token existingSecret: npa-api-oauth clientIdKey: client-id clientSecretKey: client-secret
The default chart values use networking.mode: pod. It avoids hostpod-vs-host network .
3. Install 1 2 3 helm install kubernetes-netskope-publisher npa/kubernetes-netskope-publisher \ --namespace npa-publisher \ -f my-values.yaml
You’ll see Helm print the rendered NOTES.txt with the next-stepverify it’s online .
