Skip to main content
1

Add Helm Repo

helm repo add garnet https://helm.garnet.ai
helm repo update
2

Install

helm install garnet garnet/garnet \
  --namespace security \
  --create-namespace \
  --set garnet.token=YOUR_API_TOKEN
Jibril requires kernel access to run eBPF. Ensure your nodes run Linux with kernel 5.8+.
3

Verify

kubectl get pods -n security
Agent appears at dashboard.garnet.ai within seconds.

Configuration

ParameterDescriptionDefault
garnet.tokenGarnet API token""
cluster.nameCluster name shown in the dashboardgarnet-cluster
networkPolicyConfig.enabledEnable network policy mountfalse
networkPolicyConfig.policyYamlPolicy YAML content (via --set-file)N/A
For deeper customization (init/heartbeat/policy refresher containers, refresh intervals, and full config overrides), see the chart’s values.yaml.

How It Works

    Helm Install


  ┌──────────────┐
  │   Chart      │  Renders DaemonSet + RBAC + Config/Secrets
  └──────────────┘


  ┌──────────────┐
  │  DaemonSet   │  Deploys a single Jibril Agent per Node
  └──────────────┘


  ┌──────────────┐
  │ Config + Key │  ConfigMap + Secret (token) + optional policy file
  └──────────────┘


  ┌──────────────┐
  │     eBPF     │  Hooks Kernel Events
  └──────────────┘


  ┌──────────────┐
  │   Register   │  Connects to Control Plane (api.garnet.ai)
  └──────────────┘


  ┌──────────────┐
  │    Policy    │  Receives rules + enforces drops at runtime
  └──────────────┘

         └───────────> [ Real-time Protection ]
The Helm chart installs Kubernetes resources (DaemonSet, RBAC, ConfigMaps, and Secrets). Each node runs one Jibril agent pod. The agent loads its configuration and API token from those resources, then connects to api.garnet.ai to register and fetch policies. eBPF enforcement happens on the node—no sidecars required.
Most behavior is controlled by Helm values (see values.yaml): which containers run (init/heartbeat/policy refresher), policy refresh settings, cluster naming, and whether a policy file is mounted.

Network Policy

To block specific traffic, provide a policy file during installation. 
helm upgrade --install garnet garnet/garnet \
  --namespace security \
  --create-namespace \
  --set networkPolicyConfig.enabled=true \
  --set-file networkPolicyConfig.policyYaml=./my-network-policy.yaml
If you update the policy YAML, run helm upgrade again. The chart will roll your DaemonSet so agents pick up the new policy.

Example Policy

version: v1
policies:
  - name: block-miners
    rules:
      - action: drop
        domains:
          - mining-pool.example.com
Learn more about policy structure in Firewall → Network Policies.

Troubleshooting

Confirm your garnet.token is valid, then check the DaemonSet is healthy: kubectl get pods -n security.
Jibril requires Linux kernel access for eBPF. Verify your nodes run Linux with kernel 5.8+ and that the DaemonSet pods are scheduled on the nodes you expect.
helm upgrade --install garnet ./helm/garnet \
  --namespace security \
  --create-namespace \
  --set garnet.token=YOUR_GARNET_API_TOKEN

helm upgrade --install garnet garnet/garnet \
  --namespace security \
  --set cluster.name=my-cluster
Confirm networkPolicyConfig.enabled=true, you passed your YAML via --set-file, and your policy syntax matches the expected structure (see Example Policy above).