Helm
Helm, which is de facto standard package manager for Kubernetes, allows installing applications from parameterized YAML manifests called Helm charts.
To address shortcomings of static YAML manifests we provide the Helm chart to deploy the Starboard operator. The Helm chart supports all install modes.
As an example, let's install the operator in the starboard-operator
namespace and
configure it to watch the default
namespaces:
- Clone the chart repository:
git clone --depth 1 --branch v0.9.0 https://github.com/aquasecurity/starboard.git cd starboard
- Create the
starboard-operator
namespace:kubectl create namespace starboard-operator
- (Optional) Configure Starboard by creating the
starboard
ConfigMap and thestarboard
secret in thestarboard-operator
namespace. For example, you can use Trivy in ClientServer mode or Aqua Enterprise as an active vulnerability scanner. If you skip this step, the operator will ensure configuration objects on startup with the default settings:Review the default values and makes sure the operator is configured properly:kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/v0.9.0/deploy/static/05-starboard-operator.config.yaml
kubectl describe cm starboard -n starboard-operator kubectl describe secret starboard -n starboard-operator
- Install the chart:
helm install starboard-operator ./deploy/helm \ -n starboard-operator \ --set="targetNamespaces=default"
- Check that the
starboard-operator
Helm release is created in thestarboard-operator
namespace:To confirm that the operator is running, check the number of replicas created by the$ helm list -n starboard-operator NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION starboard-operator starboard-operator 1 2021-01-27 20:09:53.158961 +0100 CET deployed starboard-operator-0.4.0 0.9.0
starboard-operator
Deployment in thestarboard-operator
namespace:If for some reason it's not ready yet, check the logs of the Deployment for errors:$ kubectl get deployment -n starboard-operator NAME READY UP-TO-DATE AVAILABLE AGE starboard-operator 1/1 1 1 11m
kubectl logs deployment/starboard-operator -n starboard-operator
Uninstall
You can uninstall the operator with the following command:
helm uninstall starboard-operator -n starboard-operator
Note
You have to manually delete custom resource definitions created by the helm install
command:
kubectl delete crd vulnerabilityreports.aquasecurity.github.io
kubectl delete crd configauditreports.aquasecurity.github.io
Danger
Deleting custom resource definitions will also delete all security reports generated by the operator.