Deploy with Docker on Ubuntu

Generic instructions for running an Insight Point as a Docker container on Debian / Ubuntu.

This guide provides instructions for running an Insight Point within your environment, using a Docker container. To follow these instructions for Linux, Veza recommends provisioning a dedicated Linux VM running Docker (minimum: 2 CPU x 4GB RAM), or deploying the Insight Point within a shared K8s cluster.

For Windows-based environments, you might prefer to run the Insight Point from an VM image. Or, you can install Docker for your Windows environment, and use the docker-compose.yaml file in this guide to pull and configure the Insight Point.

Prerequisites

Ensure that your network allows the required connectivity between the Insight Point host and the services to discover, and your Veza tenant:

Required Destination Protocol Port

Required	Destination	Protocol	Port
yes	Veza Tenant	TCP	443
yes	`public.ecr.aws`	TCP	443
for AD	AD Domain Controller	TCP/UDP	636
for SQL	SQL Server	TCP	1433

yes

Veza Tenant

TCP

443

yes

public.ecr.aws

TCP

443

for AD

AD Domain Controller

TCP/UDP

636

for SQL

SQL Server

TCP

1433

Install Docker

A Docker container packages application code and dependencies for consistent deployment on most computing platforms. To download and run the Insight Point image, you will need to install Docker engine for your operating system.

To install the latest version of Docker on Ubuntu 18:

Update the system package list & install prerequisite packages:

sudo apt update;
sudo apt install apt-transport-https ca-certificates software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Add the repository to your sources:

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"

Refresh packages and install Docker as well as the Docker Compose plugin to use the file provided in the next section:

sudo apt update;
sudo apt install docker-ce

Confirm the service is running:

sudo systemctl status docker

If you receive an permission denied error, change the permissions of docker socket to be able to connect to the docker daemon

sudo chmod 666 /var/run/docker.sock

To run Docker as a non-admin (without sudo), add your user account to the "docker" group:

sudo usermod -aG docker $<username>

Log out and back in to apply the new group membership, or run:

su - $<username>

Add environment variables

Save the Insight Point registration key as an environment variable for Docker to access:

export VEZA_IP_REGISTER_KEY=<Key retrieved from Veza Insight Point page>

Back up a copy the Insight Point key to a secure location - lost keys are not recoverable. You can also use a secrets manager or keep the credentials within the docker compose file, assuming the file is treated as a secret.

Create Docker compose file

Save the Insight Point configuration provided below as a Docker compose file:

Create a file docker-compose.yml and open it in a text editor
Copy and Paste the following contents:

version: '3.8'
services:
    veza_insight_point:
        restart: always
        logging:
            driver: local
            options:
                max-size: 50m
                max-file: 5
        environment:
            DP_REGISTER_KEY: $VEZA_IP_REGISTER_KEY
        image: 'public.ecr.aws/veza/insight_point:latest'
        pull_policy: always

restart: always will enable the Docker service to restart the Insight Point container if it stops for any reason
setting logging limits prevents logs from exhausting all available storage.

Using a proxy server or custom certificates

If you need to use a proxy server, add the HTTP_PROXY, HTTPS_PROXY and NO_PROXY lines to the docker-compose YAML. Include any required custom certificates under volumes, demonstrated in the following example:

version: '3.8'
services:
    veza_insight_point:
        restart: always
        logging:
            driver: local
            options:
                max-size: 50m
                max-file: 5
        environment:
            DP_REGISTER_KEY: $VEZA_IP_REGISTER_KEY
            HTTP_PROXY: 'http://proxy.local:8080'
            HTTPS_PROXY: 'http://proxy.local:8080'
            NO_PROXY: '*.domain.local, *.domain2.local'
        volumes:
          - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/cert.pem
          - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
        image: 'public.ecr.aws/veza/insight_point:latest'
        pull_policy: always

Start the container

Run: docker compose up --detach
Confirm docker is running correctly: docker ps -a

You should see the running container and its ID. You can use the Container ID to view Insight Point logs:

docker logs -f <CONTAINER_ID>

Once the image downloads and the container starts, the Insight Point should connect to your Veza tenant and upgrade if needed.

You can now configure an integration to use the new "external" Insight Point instead of the default "internal" one.

PreviousDeploying an Insight Point using the install script NextDeploy with Docker on RHEL

Last updated 2 months ago