| Follow @lancinimarco | Subscribe to CloudSecList

Reading time ~1 minute

Automating Cartography Deployments on Kubernetes

In “Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography” I described the process I undertook to deploy Cartography in a multi-cloud environment, from inception to self-service dashboards for data consumption.

Now, I’m going to open source an automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine.


An Overview

In the original blog post, I walked through each step of the deployment and provided the most significant snippets of code useful to replicate the setup, but many people still struggled to actually replicate it successfully.

That’s why I decided to take the time to port the deployment to a vanilla Kubernetes cluster.

At a high-level, this is composed by 3 main components:

  • An HashiCorp Vault Deployment.
  • A StatefulSet for Neo4j.
  • A CronJob for Cartography itself.
Cartography Deployment
Cartography Deployment

Show Me the Code

If you’ve been following me you might have noticed that I already maintain k8s-lab-plz, a modular Kubernetes Lab which provides an easy streamlined, and repeatable way (managed via please.build) to deploy a test cluster with support for different components.

So to me it just made sense to add another module, focused on Cartography. After a few nights battling with Neo4J’s way to handle certificates and storage, I now have the module configured to deploy both Neo4J and Cartography with one single command:

❯ plz run //components/cartography:deploy [minikube|baremetal]

The module is available at:

I hope you’ll find it useful and interesting, and I’m keen to get feedback on it! If something is missing, or if you have ideas on how to improve it, please let me know on Twitter.

Subscribe to CloudSecList

If you found this article interesting, you can join thousands of security professionals getting curated security-related news focused on the cloud native landscape by subscribing to CloudSecList.com.

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I'm a Security Engineer, mainly interested in cloud native technologies and security...  [read more] 

Kubernetes Lab on Baremetal

Published on March 30, 2021