Aporeto provides a close integration with Kubernetes and OpenShift to make it easy to control and monitor your clusters. It includes an Aporeto Operator component and extends the Kubernetes API with custom resource definitions (CRDs). It maps Kubernetes namespaces, network policies, and services into Aporeto.
You can use any of the following methods to install Aporeto on Kubernetes or OpenShift.
Quickstart: uses Helm and Tiller and installs the Aporeto enforcer as a DaemonSet for a very fast and easy deployment. As long as you are comfortable with the elevated privileges that Tiller requires, don't run services under different user accounts on the host, and don't need to use Aporeto's SSH controls, this is the way to go.
Installing the Aporeto enforcer as a
systemdservice: takes more time, but provides increased security and more features. It does not use Tiller to install the enforcer component. In addition, you'll be able to manage services that run under different user accounts and use Aporeto's SSH controls.
Installing the Aporeto enforcer for multi-tenancy (beta): allows you to deploy multiple Aporeto Operators to watch different namespaces.