Helm¶
Helm, which is de facto standard package manager for Kubernetes, allows installing applications from parameterized YAML manifests called Helm charts.
To address shortcomings of static YAML manifests we provide the Helm chart to deploy the Starboard Operator. The Helm chart supports all Install Modes.
As an example, let's install the operator in the starboard-system
namespace and configure it to select all namespaces,
except kube-system
and starboard-system
:
- Clone the chart directory:
Or add Aqua chart repository:
git clone --depth 1 --branch v0.15.23 https://github.com/aquasecurity/starboard.git cd starboard
helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update
- Install the chart from a local directory:
Or install the chart from the Aqua chart repository:
helm install starboard-operator ./deploy/helm \ --namespace starboard-system \ --create-namespace \ --set="trivy.ignoreUnfixed=true"
There are many values in the chart that can be set to configure Starboard.helm install starboard-operator aqua/starboard-operator \ --namespace starboard-system \ --create-namespace \ --set="trivy.ignoreUnfixed=true" \ --version 0.10.22
- Check that the
starboard-operator
Helm release is created in thestarboard-system
namespace, and it has statusdeployed
:To confirm that the operator is running, check that the$ helm list -n starboard-system NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION starboard-operator starboard-system 1 2021-01-27 20:09:53.158961 +0100 CET deployed starboard-operator-0.10.22 0.15.23
starboard-operator
Deployment in thestarboard-system
namespace is available and all its containers are ready:If for some reason it's not ready yet, check the logs of the Deployment for errors:$ kubectl get deployment -n starboard-system NAME READY UP-TO-DATE AVAILABLE AGE starboard-operator 1/1 1 1 11m
kubectl logs deployment/starboard-operator -n starboard-system
Uninstall¶
You can uninstall the operator with the following command:
helm uninstall starboard-operator -n starboard-system
You have to manually delete custom resource definitions created by the helm install
command:
Danger
Deleting custom resource definitions will also delete all security reports generated by the operator.
kubectl delete crd vulnerabilityreports.aquasecurity.github.io
kubectl delete crd clustervulnerabilityreports.aquasecurity.github.io
kubectl delete crd configauditreports.aquasecurity.github.io
kubectl delete crd ciskubebenchreports.aquasecurity.github.io
kubectl delete crd kubehunterreports.aquasecurity.github.io
kubectl delete crd clusterconfigauditreports.aquasecurity.github.io
kubectl delete crd clustercompliancereports.aquasecurity.github.io
kubectl delete crd clustercompliancedetailreports.aquasecurity.github.io