Installation
Quick install
Section titled “Quick install”helm install sidereal oci://ghcr.io/primaris-tech/charts/sidereal \ --namespace sidereal-system \ --create-namespace \ --set global.impactLevel=moderate \ --set global.executionMode=dryRunLocal development (kind)
Section titled “Local development (kind)”If you are working from a local checkout of the repository:
# Create a kind clusterkind create cluster --name sidereal-test
# Install CRDskubectl apply -f config/crd/bases/
# Build images locallymake docker-build-all
# Load images into kindkind load docker-image ghcr.io/primaris-tech/sidereal-controller:latest --name sidereal-testkind load docker-image ghcr.io/primaris-tech/sidereal-probe-rbac:latest --name sidereal-testkind load docker-image ghcr.io/primaris-tech/sidereal-probe-secret:latest --name sidereal-testkind load docker-image ghcr.io/primaris-tech/sidereal-probe-admission:latest --name sidereal-testkind load docker-image ghcr.io/primaris-tech/sidereal-probe-netpol:latest --name sidereal-testkind load docker-image ghcr.io/primaris-tech/sidereal-bootstrap:latest --name sidereal-test
# Install via Helm (override image tags to match local builds)helm install sidereal deploy/helm/sidereal/ \ --namespace sidereal-system \ --create-namespace \ --set global.impactLevel=low \ --set global.executionMode=observe \ --set global.fips=false \ --set global.requireAdmissionController=false \ --set controller.image.tag=latest \ --set probe.goImage.tag=latest \ --set probe.detectionImage.tag=latest \ --set probe.bootstrapImage.tag=latestVerify the installation
Section titled “Verify the installation”# Check the controller is runningkubectl get pods -n sidereal-system
# Check for bootstrap alertskubectl get siderealsystemalerts -n sidereal-system
# Check CRDs are installedkubectl get crd | grep siderealYou should see the controller pod running and 7 Sidereal CRDs registered.
Configuration
Section titled “Configuration”Impact level
Section titled “Impact level”Setting global.impactLevel cascades operational defaults:
| Setting | High | Moderate | Low |
|---|---|---|---|
| Default probe interval | 6 hours | 12 hours | 24 hours |
| Result retention | 365 days | 365 days | 180 days |
| Fail-closed on export failure | Yes | No | No |
| Discovery interval | 6 hours | 12 hours | 24 hours |
Deployment profiles
Section titled “Deployment profiles”Select a profile matching your cluster’s stack:
| Profile | Admission | Detection | CNI | Platform |
|---|---|---|---|---|
kyverno-cilium-falco | Kyverno | Falco | Hubble | Cilium clusters |
opa-calico-tetragon | OPA | Tetragon | Calico | Calico clusters |
kyverno-eks | Kyverno | Falco | tcp-inference | Amazon EKS |
opa-aks | OPA | Falco | tcp-inference | Azure AKS |
kyverno-gke | Kyverno | Falco | tcp-inference | Google GKE |
opa-rke2 | OPA | Tetragon | tcp-inference | RKE2/k3s |
helm install sidereal oci://ghcr.io/primaris-tech/charts/sidereal \ --set profile.name=kyverno-cilium-falco