Skip to content

Commit

Permalink
include kubearmor installation via helm
Browse files Browse the repository at this point in the history
With this PR KubeArmor will be installed with default configurations
with the operator by a single helm install command.

Signed-off-by: Ankur Kothiwal <[email protected]>
  • Loading branch information
Ankurk99 committed Aug 19, 2023
1 parent 5476d3a commit 1ddd56f
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 13 deletions.
28 changes: 17 additions & 11 deletions deployments/helm/KubeArmorOperator/README.md
Original file line number Diff line number Diff line change
@@ -1,28 +1,33 @@
## Install KubeArmorOperator
Install KubeArmorOperator using the official `kubearmor` Helm chart repo.Also see [values](#Values) for your respective environment.
```
# Install KubeArmorOperator

Install KubeArmorOperator using the official `kubearmor` Helm chart repo. Also see [values](#values) for your respective environment.

```bash
helm repo add kubearmor https://kubearmor.github.io/charts
helm repo update kubearmor
helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator -n kube-system
helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator -n kubearmor --create-namespace
```

Install KubeArmorOperator using Helm charts locally (for testing)
```

```bash
cd deployments/helm/KubeArmorOperator
helm upgrade --install kubearmor-operator . -n kube-system
helm upgrade --install kubearmor-operator . -n kubearmor --create-namespace
```

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| kubearmorOperator.name | string | kubearmor-operator | name of the operator's deployment |
| kubearmorOperator.image.repository | string | kubearmor/kubearmor-operator | image repository to pull KubeArmorOperator from |
| kubearmorOperator.image.tag | string | latest | KubeArmorOperator image tag |
| kubearmorOperator.imagePullPolicy | string | IfNotPresent | pull policy for operator image |

Once installed, the operator waits for the user to create a `KubeArmorConfig` object.
Once installed, the operator uses [sample configuration](../../../pkg/KubeArmorOperator/config/samples/sample-config.yml) to create `KubeArmorConfig` object.

## KubeArmorConfig specification

```yaml
apiVersion: operator.kubearmor.com/v1
kind: KubeArmorConfig
Expand Down Expand Up @@ -56,7 +61,7 @@ spec:

# KubeArmor relay image and pull policy
kubearmorRelayImage:
image: [image-repo:tag] # DEFAULT - kubearmor/kubearmor-relay:latest
image: [image-repo:tag] # DEFAULT - kubearmor/kubearmor-relay-server:latest
imagePullPolicy: [image pull policy] # DEFAULT - Always

# KubeArmor controller image and pull policy
Expand All @@ -69,14 +74,13 @@ spec:
image: [image-repo:tag] # DEFAULT - gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0
imagePullPolicy: [image pull policy] # DEFAULT - Always
```
**A [sample configuration](../../../pkg/KubeArmorOperator/config/samples/sample-config.yml) is also available for reference.**
## Verify if all the resources are up and running
If a valid configuration is received, the operator will deploy jobs to your nodes to get the environment information and then start installing KubeArmor components.
Once done, the following resources related to KubeArmor will exist in your cluster:
```
$ kubectl get all -n kube-system -l kubearmor-app
$ kubectl get all -n kubearmor -l kubearmor-app
NAME READY STATUS RESTARTS AGE
pod/kubearmor-operator-66fbff5559-qb7dh 1/1 Running 0 11m
pod/kubearmor-relay-557dfcc57b-c8t55 1/1 Running 0 2m53s
Expand Down Expand Up @@ -105,8 +109,10 @@ NAME COMPLETIONS DURATION AGE
job.batch/kubearmor-snitch-lglbd 1/1 3s 11m
```

## Uninstall The Operator
## Uninstall the Operator

Uninstalling the Operator will also uninstall KubeArmor from all your nodes. To uninstall, just run:

```bash
helm uninstall kubearmor -n kube-system
```
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.kubearmorOperator.name }}
namespace: {{ .Release.Namespace }}
namespace: {{ .Values.namespace | default "kubearmor" }}
labels:
kubearmor-app: {{ .Values.kubearmorOperator.name }}
spec:
Expand Down
15 changes: 15 additions & 0 deletions deployments/helm/KubeArmorOperator/templates/ka-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: operator.kubearmor.com/v1
kind: KubeArmorConfig
metadata:
annotations:
"helm.sh/hook": post-install,post-upgrade
labels:
app.kubernetes.io/name: kubearmorconfig
app.kubernetes.io/instance: kubearmorconfig-sample
app.kubernetes.io/part-of: kubearmoroperator
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: kubearmoroperator
name: kubearmor
namespace: {{ .Values.namespace | default "kubearmor" }}
spec:
{{- toYaml .Values.kubearmorOperator.configSpec | nindent 4}}
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.kubearmorOperator.name }}
namespace: {{ .Release.Namespace }}
namespace: {{ .Values.namespace | default "kubearmor" }}
23 changes: 23 additions & 0 deletions deployments/helm/KubeArmorOperator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,26 @@ kubearmorOperator:
repository: kubearmor/kubearmor-operator
tag: latest
imagePullPolicy: IfNotPresent

configSpec:
defaultCapabilitiesPosture: audit
defaultFilePosture: audit
defaultNetworkPosture: audit

defaultVisibility: process,file,network

kubearmorImage:
image: kubearmor/kubearmor:stable
imagePullPolicy: Always

kubearmorInitImage:
image: kubearmor/kubearmor-init:stable
imagePullPolicy: Always

kubearmorRelayImage:
image: kubearmor/kubearmor-relay-server:latest
imagePullPolicy: Always

kubearmorControllerImage:
image: kubearmor/kubearmor-controller:latest
imagePullPolicy: Always

0 comments on commit 1ddd56f

Please sign in to comment.