Ocular Installation Guide

This guide provides detailed instructions for getting Ocular installed and running on a Kubernetes cluster. You can either install via Helm, via a Kubernetes manfiest file, or as described below or build from source as described by the docs/DEVELOPMENT.md file in the GitHub repository.

Installation via Helm

NOTE: Ocular container images support Linux amd64, arm64, s390x, and ppc64le. Please raise an issue if you require support for another.

Crash Override maintains a Helm Chart that can be used to install Ocular. View the values.yaml for all the options available.

1. Add the Crash Override helm chart repository

helm repo add crashoverride https://crashappsec.github.io/helm-charts

2. via helm

# NOTE: This will install via `kubectl`,
# so please ensure you've selected the right
# context. 
helm install ocular crashoverride/ocular \
    --namespace ocular-system \ 
    --create-namespace

🎉 3. Profit

kubectl api-resources --api-group=ocular.crashoverride.run
# NAME           SHORTNAMES   APIVERSION                         NAMESPACED   KIND
# crawlers                    ocular.crashoverride.run/v1beta1   true         Crawler
# ...

[OPTIONAL] 4. Install default integrations

The default integrations provide Uploaders, Downloaders, and Crawlers that handle common scanning use cases like downloading git or docker images, crawling Github/Gitlab or uploading to S3. It’s recommended to install these but not required.

# This should be the namespace you want to perform scan in.
# It should probably be different than the 'ocular-system' namespace
# where the ocular controller runs. 
export NAMESPACE=default 

helm install ocular-default-integrations \
	crashoverride/ocular-default-integrations \
	--namespace $NAMESPACE

Next Steps

Navigate to the quick start guide to learn how to start pipelines and searches.