Helm¶
Helm, which is de facto standard package manager for Kubernetes, allows installing applications from parameterized YAML manifests called Helm charts.
To address shortcomings of static YAML manifests we provide the Helm chart to deploy the Starboard operator. The Helm chart supports all install modes.
As an example, let's install the operator in the starboard-operator
namespace and
configure it to watch the default
namespaces:
- Clone the chart directory:
Or add Aqua chart repository:
git clone --depth 1 --branch v0.12.0 https://github.com/aquasecurity/starboard.git cd starboard
helm repo add aqua https://aquasecurity.github.io/helm-charts/ helm repo update
- Install the chart from local directory:
Or install the chart from Aqua chart repository:
helm install starboard-operator ./deploy/helm \ -n starboard-operator --create-namespace \ --set="targetNamespaces=default" \ --set="trivy.ignoreUnfixed=true"
There are many values in the chart that can be set to configure Starboard.helm install starboard-operator aqua/starboard-operator \ -n starboard-operator --create-namespace \ --set="targetNamespaces=default" \ --set="trivy.ignoreUnfixed=true" \ --version 0.7.0
- Check that the
starboard-operator
Helm release is created in thestarboard-operator
namespace:To confirm that the operator is running, check the number of replicas created by the$ helm list -n starboard-operator NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION starboard-operator starboard-operator 1 2021-01-27 20:09:53.158961 +0100 CET deployed starboard-operator-0.7.0 0.12.0
starboard-operator
Deployment in thestarboard-operator
namespace:If for some reason it's not ready yet, check the logs of the Deployment for errors:$ kubectl get deployment -n starboard-operator NAME READY UP-TO-DATE AVAILABLE AGE starboard-operator 1/1 1 1 11m
kubectl logs deployment/starboard-operator -n starboard-operator
Uninstall¶
You can uninstall the operator with the following command:
helm uninstall starboard-operator -n starboard-operator
You have to manually delete custom resource definitions created by the helm install
command:
Danger
Deleting custom resource definitions will also delete all security reports generated by the operator.
kubectl delete crd vulnerabilityreports.aquasecurity.github.io
kubectl delete crd configauditreports.aquasecurity.github.io
kubectl delete crd ciskubebenchreports.aquasecurity.github.io
kubectl delete crd kubehunterreports.aquasecurity.github.io
kubectl delete crd clusterconfigauditreports.aquasecurity.github.io