kubectl¶
You can install the operator with provided static YAML manifests with fixed values. However, this approach has its shortcomings. For example, if you want to change the container image or modify default configuration settings, you have to edit existing manifests or customize them with tools such as Kustomize.
As an example, let's install the operator in the starboard-operator
namespace and configure it to
watch the default
namespace:
- Send custom resource definitions to the Kubernetes API:
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/vulnerabilityreports.crd.yaml \ -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/configauditreports.crd.yaml \ -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/clusterconfigauditreports.crd.yaml \ -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/ciskubebenchreports.crd.yaml
- Send the following Kubernetes objects definitions to the Kubernetes API:
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/01-starboard-operator.ns.yaml \ -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/02-starboard-operator.sa.yaml \ -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/03-starboard-operator.clusterrole.yaml \ -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/04-starboard-operator.clusterrolebinding.yaml
- (Optional) Configure Starboard by creating the
starboard
ConfigMap and thestarboard
secret in thestarboard-operator
namespace. For example, you can use Trivy in ClientServer mode or Aqua Enterprise as an active vulnerability scanner. If you skip this step, the operator will ensure configuration objects on startup with the default settings:Review the default values and makes sure the operator is configured properly:kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/05-starboard-operator.config.yaml
kubectl describe cm starboard starboard-trivy-config starboard-polaris-config -n starboard-operator
- Finally, create the
starboard-operator
Deployment in thestarboard-operator
namespace to start the operator's pod:kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/06-starboard-operator.deployment.yaml
- To confirm that the operator is running, check the number of replicas created by
the
starboard-operator
Deployment in thestarboard-operator
namespace:If for some reason it's not ready yet, check the logs of the Deployment for errors:$ kubectl get deployment -n starboard-operator NAME READY UP-TO-DATE AVAILABLE AGE starboard-operator 1/1 1 1 11m
kubectl logs deployment/starboard-operator -n starboard-operator
Uninstall¶
You can uninstall the operator with the following command:
kubectl delete -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/06-starboard-operator.deployment.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/05-starboard-operator.config.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/04-starboard-operator.clusterrolebinding.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/03-starboard-operator.clusterrole.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/02-starboard-operator.sa.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/static/01-starboard-operator.ns.yaml
Delete custom resources definitions:
Danger
Deleting custom resource definitions will also delete all security reports generated by the operator.
kubectl delete -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/vulnerabilityreports.crd.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/configauditreports.crd.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/clusterconfigauditreports.crd.yaml \
-f https://raw.githubusercontent.com/aquasecurity/starboard/v0.12.0/deploy/crd/ciskubebenchreports.crd.yaml