Deploy with Docker on RHEL

Generic instructions for running an Insight Point as a Docker container on RHEL.

This guide provides instructions for running an Insight Point within your environment, using a Docker container. To follow these instructions for Linux, Veza recommends provisioning a dedicated Linux VM running Docker (minimum: 2 CPU x 4GB RAM), or deploying the Insight Point within a shared K8s cluster.

For Windows-based environments, you might prefer to run the Insight Point from a VM image. Or, you can install Docker for your Windows environment, and use the docker-compose.yaml file in this guide to pull and configure the Insight Point.

Prerequisites

Ensure that your network allows the required connectivity between the Insight Point host and the services to discover, and your Veza tenant:

RequiredDestinationProtocolPort

yes

Veza Tenant

TCP

443

yes

public.ecr.aws

TCP

443

for AD

AD Domain Controller

TCP/UDP

636

for SQL

SQL Server

TCP

1433

Install Docker

A Docker container packages application code and dependencies for consistent deployment on most computing platforms. To download and run the Insight Point image, you will need to install Docker engine for your operating system.

To install the latest version of Docker on RHEL:

Update the system package list & install prerequisite packages:

sudo yum update
sudo yum install -y yum-utils

Register the Docker repository:

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Refresh packages and install Docker to use the file provided in the next section:

sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin --allowerasing

Start the Docker service:

sudo systemctl start docker

Confirm the service is running:

sudo systemctl status docker

If you receive an permission denied error, change the permissions of docker socket to be able to connect to the docker daemon

sudo chmod 666 /var/run/docker.sock

To run Docker as a non-admin (without sudo), add your user account to the "docker" group:

sudo usermod -aG docker $<username>

Log out and back in to apply the new group membership, or run:

su - $<username>

Add environment variables

Save the Insight Point registration key as an environment variable for Docker to access:

export VEZA_IP_REGISTER_KEY=<Key retrieved from Veza Insight Point page>

Back up a copy the Insight Point key to a secure location - lost keys are not recoverable. You can also use a secrets manager or keep the credentials within the docker compose file, assuming the file is treated as a secret.

Create Docker compose file

Save the Insight Point configuration provided below as a Docker compose file:

  1. Create a file docker-compose.yml and open it in a text editor

  2. Copy and Paste the following contents:

version: '3.8'
services:
    veza_insight_point:
        restart: always
        logging:
            driver: local
            options:
                max-size: 50m
                max-file: 5
        environment:
            DP_REGISTER_KEY: $VEZA_IP_REGISTER_KEY
        image: 'public.ecr.aws/veza/insight_point:latest'
        pull_policy: always
  • restart: always will enable the Docker service to restart the Insight Point container if it stops for any reason

  • setting logging limits prevents logs from exhausting all available storage.

Using a proxy server or custom certificates

If you need to use a proxy server, add the HTTP_PROXY, HTTPS_PROXY and NO_PROXY lines to the docker-compose YAML. Include any required custom certificates under volumes, demonstrated in the following example:

version: '3.8'
services:
    veza_insight_point:
        restart: always
        logging:
            driver: local
            options:
                max-size: 50m
                max-file: 5
        environment:
            DP_REGISTER_KEY: $VEZA_IP_REGISTER_KEY
            HTTP_PROXY: 'http://proxy.local:8080'
            HTTPS_PROXY: 'http://proxy.local:8080'
            NO_PROXY: '*.domain.local, *.domain2.local'
        volumes:
          - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/cert.pem
          - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
        image: 'public.ecr.aws/veza/insight_point:latest'
        pull_policy: always

Start the container

  1. Run: docker compose up --detach

  2. Confirm docker is running correctly: docker ps -a

You should see the running container and its ID. You can use the Container ID to view Insight Point logs:

docker logs -f <CONTAINER_ID>

Once the image downloads and the container starts, the Insight Point should connect to your Veza tenant and upgrade if needed.

You can now configure an integration to use the new "external" Insight Point instead of the default "internal" one.

Last updated