Run the Edera installer

This guide walks you through installing Edera on a Linux instance. It’s designed for users who are comfortable working in a terminal and want to get up and running fast.

You’ll start by preparing your local system with the required tools, then use the provided scripts to install Edera.

This guide is intentionally light—just the essentials to get Edera deployed and operational.

Prerequisites

Before you get started:

You’ll need a Google Artifact Registry (GAR) key from us. Don’t have one? Contact support@edera.dev.
SSH access to your target node.

Step 1: Prepare Your install machine

Create a directory and two scripts:

mkdir edera && cd edera

install.sh

#! /bin/bash

# Check that the $INSTALLER_IP is set
if [ -z "$INSTALLER_IP" ]; then
  echo "INSTALLER_IP is not set"
  exit 1
fi

scp ./key.json root@$INSTALLER_IP:/tmp/
scp ./edera-install.sh root@$INSTALLER_IP:~
ssh "root@$INSTALLER_IP" 'chmod +x ~/edera-install.sh && ~/edera-install.sh'

edera-install.sh

#!/bin/bash

CLIENT=""
for cmd in docker nerdctl; do
  if which $cmd &>/dev/null; then
    CLIENT=$(which $cmd)
  fi
done

if [ -z $CLIENT ]; then
  echo "no client found"
  exit 1
fi

echo "using $CLIENT"

TAG="v1.5.1"

$CLIENT login us-central1-docker.pkg.dev -u _json_key --password-stdin </tmp/key.json
$CLIENT pull us-central1-docker.pkg.dev/edera-protect/staging/protect-installer:${TAG}

$CLIENT run   --privileged   --env 'TARGET_DIR=/host'   --volume '/:/host'   --volume "$HOME/.docker/config.json:/root/.docker/config.json"   --pid host   --net host   us-central1-docker.pkg.dev/edera-protect/staging/protect-installer:${TAG}

Make them executable:

chmod +x *.sh

Save your GAR key as key.json.

Step 2: Run the installer on each node

Run the installer script against your node:

INSTALLER_IP={node_ip} ./install.sh

Step 3: Verify installation (if you are using Kubernetes)

Confirm nodes are back online

watch kubectl get nodes

Apply the Edera RuntimeClass

kubectl apply -f https://public.edera.dev/kubernetes/runtime-class.yaml

Check:

kubectl get runtimeclass

Expected output:

NAME    HANDLER   AGE
edera   edera     1d

Label nodes for Edera workloads

The Edera RuntimeClass includes a nodeSelector that requires nodes to be labeled with runtime=edera. This ensures that pods using the Edera runtime are scheduled only on nodes where Edera is installed.

Label each node where Edera is installed:

kubectl label nodes <node-name> runtime=edera

To label all nodes at once:

kubectl label nodes --all runtime=edera

Verify the labels:

kubectl get nodes --show-labels | grep runtime=edera

Test with a Pod

kubectl apply -f edera-protect-pod.yaml

edera-protect-pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: edera-protect-pod
  namespace: edera-protect
spec:
  runtimeClassName: edera
  containers:
    - name: nginx
      image: nginx:1.25.3

Check pod status:

kubectl get pods -n edera-protect

Troubleshooting

Check pod details:

kubectl describe pod edera-protect-pod -n edera-protect

Look at logs:

kubectl logs edera-protect-pod -n edera-protect

Verify RuntimeClass:

kubectl get pod edera-protect-pod -n edera-protect -o=jsonpath="{.spec.runtimeClassName}"

You should see:

edera

Want More?

Full documentation: docs.edera.dev
Still stuck? Email support@edera.dev—we like solving problems.

Last updated on 2025-12-16

Installing Edera with AWS EKS