Skip to content

Helm

Helm, which is de facto standard package manager for Kubernetes, allows installing applications from parameterized YAML manifests called Helm charts.

To address shortcomings of static YAML manifests we provide the Helm chart to deploy the Starboard operator. The Helm chart supports all install modes.

As an example, let's install the operator in the starboard-operator namespace and configure it to watch the default namespaces:

  1. Clone the chart directory:
    git clone --depth 1 --branch v0.12.0 https://github.com/aquasecurity/starboard.git
    cd starboard
    
    Or add Aqua chart repository:
    helm repo add aqua https://aquasecurity.github.io/helm-charts/
    helm repo update
    
  2. Install the chart from local directory:
    helm install starboard-operator ./deploy/helm \
      -n starboard-operator --create-namespace \
      --set="targetNamespaces=default" \
      --set="trivy.ignoreUnfixed=true"
    
    Or install the chart from Aqua chart repository:
    helm install starboard-operator aqua/starboard-operator \
      -n starboard-operator --create-namespace \
      --set="targetNamespaces=default" \
      --set="trivy.ignoreUnfixed=true" \
      --version 0.7.0
    
    There are many values in the chart that can be set to configure Starboard.
  3. Check that the starboard-operator Helm release is created in the starboard-operator namespace:
    $ helm list -n starboard-operator
    NAME                 NAMESPACE           REVISION    UPDATED                                 STATUS      CHART                       APP VERSION
    starboard-operator   starboard-operator  1           2021-01-27 20:09:53.158961 +0100 CET    deployed    starboard-operator-0.7.0    0.12.0
    
    To confirm that the operator is running, check the number of replicas created by the starboard-operator Deployment in the starboard-operator namespace:
    $ kubectl get deployment -n starboard-operator
    NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
    starboard-operator   1/1     1            1           11m
    
    If for some reason it's not ready yet, check the logs of the Deployment for errors:
    kubectl logs deployment/starboard-operator -n starboard-operator
    

Uninstall

You can uninstall the operator with the following command:

helm uninstall starboard-operator -n starboard-operator

You have to manually delete custom resource definitions created by the helm install command:

Danger

Deleting custom resource definitions will also delete all security reports generated by the operator.

kubectl delete crd vulnerabilityreports.aquasecurity.github.io
kubectl delete crd configauditreports.aquasecurity.github.io
kubectl delete crd ciskubebenchreports.aquasecurity.github.io
kubectl delete crd kubehunterreports.aquasecurity.github.io
kubectl delete crd clusterconfigauditreports.aquasecurity.github.io