include kubearmor installation via helm

With this PR KubeArmor will be installed with default configurations
with the operator by a single helm install command.

Signed-off-by: Ankur Kothiwal <[email protected]>

.github/workflows/ci-test-ginkgo.yml

@@ -8,13 +8,17 @@ on:
       - "tests/**"
       - "protobuf/**"
       - ".github/workflows/ci-test-ginkgo.yml"
+      - "pkg/KubeArmorOperator/**"
+      - "deployments/helm/**"
   pull_request:
     branches: [main]
     paths:
       - "KubeArmor/**"
       - "tests/**"
       - "protobuf/**"
       - ".github/workflows/ci-test-ginkgo.yml"
+      - "pkg/KubeArmorOperator/**"
+      - "deployments/helm/**"
 
 jobs:
   build:
@@ -78,8 +82,6 @@ jobs:
           helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kubearmor --create-namespace
           kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app=kubearmor-operator
           kubectl get pods -A
-          kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
-          kubectl wait -n kubearmor --timeout=5m --for=jsonpath='{.status.phase}'=Running kubearmorconfigs/kubearmorconfig-test
           kubectl wait --timeout=5m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kubearmor
           kubectl get pods -A
 

deployments/helm/KubeArmorOperator/README.md

@@ -1,28 +1,35 @@
-## Install KubeArmorOperator
-Install KubeArmorOperator using the official `kubearmor` Helm chart repo.Also see [values](#Values) for your respective environment.
-```
+# Install KubeArmorOperator
+
+Install KubeArmorOperator using the official `kubearmor` Helm chart repo. Also see [values](#values) for your respective environment.
+
+```bash
 helm repo add kubearmor https://kubearmor.github.io/charts
 helm repo update kubearmor
 helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator -n kubearmor --create-namespace
 ```
 
 Install KubeArmorOperator using Helm charts locally (for testing)
-```
+
+```bash
 cd deployments/helm/KubeArmorOperator
 helm upgrade --install kubearmor-operator . -n kubearmor --create-namespace
 ```
 
 ## Values
+
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | kubearmorOperator.name | string | kubearmor-operator | name of the operator's deployment |
 | kubearmorOperator.image.repository | string | kubearmor/kubearmor-operator | image repository to pull KubeArmorOperator from |
 | kubearmorOperator.image.tag | string | latest | KubeArmorOperator image tag |
 | kubearmorOperator.imagePullPolicy | string | IfNotPresent | pull policy for operator image |
+| kubearmorOperator.configSpec | object | [values.yaml](values.yaml) | KubeArmor default configurations |
 
-Once installed, the operator waits for the user to create a `KubeArmorConfig` object.
+The operator needs a `KubeArmorConfig` object in order to create resources related to KubeArmor. A default config is present in Helm `values.yaml` which can be overridden during Helm install.
+It is possible to specify configuration even after KubeArmor resources have been installed by directly editing the created `KubeArmorConfig` CR.
 
 ## KubeArmorConfig specification
+
 ```yaml
 apiVersion: operator.kubearmor.com/v1
 kind: KubeArmorConfig
@@ -56,7 +63,7 @@ spec:
 
     # KubeArmor relay image and pull policy
     kubearmorRelayImage:
-        image: [image-repo:tag]                                # DEFAULT - kubearmor/kubearmor-relay:latest
+        image: [image-repo:tag]                                # DEFAULT - kubearmor/kubearmor-relay-server:latest
         imagePullPolicy: [image pull policy]                   # DEFAULT - Always
 
     # KubeArmor controller image and pull policy
@@ -69,7 +76,6 @@ spec:
         image: [image-repo:tag]                                # DEFAULT - gcr.io/kubebuilder/kube-rbac-proxy:v0.12.0
         imagePullPolicy: [image pull policy]                   # DEFAULT - Always
 ```
-**A [sample configuration](../../../pkg/KubeArmorOperator/config/samples/sample-config.yml) is also available for reference.**
 
 ## Verify if all the resources are up and running
 If a valid configuration is received, the operator will deploy jobs to your nodes to get the environment information and then start installing KubeArmor components.
@@ -105,8 +111,10 @@ NAME                               COMPLETIONS   DURATION   AGE
 job.batch/kubearmor-snitch-lglbd   1/1           3s         11m
 ```
 
-## Uninstall The Operator
+## Uninstall the Operator
+
 Uninstalling the Operator will also uninstall KubeArmor from all your nodes. To uninstall, just run:
+
 ```bash
 helm uninstall kubearmor -n kubearmor
 ```

deployments/helm/KubeArmorOperator/templates/ka-config.yaml

@@ -0,0 +1,15 @@
+apiVersion: operator.kubearmor.com/v1
+kind: KubeArmorConfig
+metadata:
+    annotations:
+        "helm.sh/hook": post-install,post-upgrade
+    labels:
+        app.kubernetes.io/name: kubearmorconfig
+        app.kubernetes.io/instance: kubearmorconfig-sample
+        app.kubernetes.io/part-of: kubearmoroperator
+        app.kubernetes.io/managed-by: kustomize
+        app.kubernetes.io/created-by: kubearmoroperator
+    name: kubearmor
+    namespace: {{ .Release.Namespace }}
+spec:
+    {{- toYaml .Values.kubearmorOperator.configSpec | nindent 4}}

deployments/helm/KubeArmorOperator/templates/serviceaccount.yaml

@@ -2,4 +2,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.kubearmorOperator.name }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}

deployments/helm/KubeArmorOperator/values.yaml

@@ -3,4 +3,4 @@ kubearmorOperator:
   image:
     repository: kubearmor/kubearmor-operator
     tag: latest
-  imagePullPolicy: IfNotPresent
+  imagePullPolicy: IfNotPresent