In fleet/ directory
make fleet
In fleet/ parent directory
cp fleet/Makefile .
make ctrl_image
make enf_image
make ctrlenf_image
CTRL_PATH_DEBUG
Enable control path debug. Default
0
DISABLE_PACKET_CAPTURE
Disable packet capture
CTRL_PERSIST_CONFIG
Enable save and restore persisted configuratons.
FED_SERVER_PORT
Federation master server port
TAP_INTERFACES
Comma seperated interfaces to be tapped.
NV_PLATFORM_INFO
Allow user to special container port information E.g. NV_PLATFORM_INFO=platform=tuniu;if-eth0=global E.g. NV_PLATFORM_INFO=platform=Docker -- bypass the container-based platform detection E.g. NV_PLATFORM_INFO=platform=Kubernetes:GKE -- specify platform and flavor at the same time
CONTAINER_NET_TYPE
Options are 'default' and 'macvlan'
ENFORCER_SKIP_NV_PROTECT
Not enable protection for NeuVector containers
NV_SYSTEM_GROUPS
Specify the services that match the filters as system contaienr. Only for docker platform (NVSHAS-4394) NV_SYSTEM_GROUPS=ucp-*;node
SCANNER_DOCKER_URL
Special the docker socket. Used to scan images that are not in the registry. Eg. unix:///var/run/docker.sock, tcp://10.1.2.3:2376
MANAGER_SSL
Expose HTTP instead of HTTPS for client connection. MANAGER_SSL=off
docker run -itd --privileged --name neuvector.allinone -e CLUSTER_JOIN_ADDR=$controller_ip --pid=host -p 18301:18301 -p 18301:18301/udp -p 18300:18300 -p 18400:18400 -p 18401:18401 -p 8443:8443 -v /var/neuvector:/var/neuvector -v /var/run/docker.sock:/var/run/docker.sock -v /proc:/host/proc:ro -v /sys/fs/cgroup/:/host/cgroup/:ro neuvector/allinone
docker run -itd --privileged --name neuvector.controller -e CLUSTER_JOIN_ADDR=$controller_ip -p 18301:18301 -p 18301:18301/udp -p 18300:18300 -p 18400:18400 -p 10443:10443 -v /var/neuvector:/var/neuvector -v /var/run/docker.sock:/var/run/docker.sock -v /proc:/host/proc:ro -v /sys/fs/cgroup/:/host/cgroup/:ro neuvector/controller
docker run -itd --privileged --name neuvector.enforcer -e CLUSTER_JOIN_ADDR=$controller_ip --pid=host -p 18301:18301 -p 18301:18301/udp -p 18401:18401 -v /var/neuvector:/var/neuvector -v /var/run/docker.sock:/var/run/docker.sock -v /proc:/host/proc:ro -v /sys/fs/cgroup/:/host/cgroup/:ro neuvector/enforcer
docker run -itd --name neuvector.manager -e CTRL_SERVER_IP=$controller_ip -p 8443:8443 neuvector/manager
docker run --name neuvector.updater --rm -e CLUSTER_JOIN_ADDR=$controller_ip neuvector/updater
docker run --name neuvector.scanner --rm -e CLUSTER_JOIN_ADDR=$controller_ip neuvector/scanner
docker run --name neuvector.scanner --rm -e SCANNER_REPOSITORY=ubuntu -e SCANNER_TAG=16.04 -e SCANNER_LICENSE=license -v /var/run/docker.sock:/var/run/docker.sock -v /var/neuvector:/var/neuvector neuvector/scanner
docker run -itd --net=host --name=dp --privileged neuvector/dp dp -i eth0 -s