Skip to content

Commit

Permalink
feat(deployments): Add option to enable auto deployment of adpaters
Browse files Browse the repository at this point in the history 
Signed-off-by: Anurag Rajawat <[email protected]>
  • Loading branch information
Anurag Rajawat committed Jun 21, 2024
1 parent 3624ce6 commit 73ffb58
Show file tree
Hide file tree
Showing 11 changed files with 129 additions and 188 deletions.
21 changes: 10 additions & 11 deletions deployments/nimbus-kubearmor/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,23 @@
apiVersion: v2
name: nimbus-kubearmor
description: A Helm chart for KubeArmor Security Engine as an adapter for Nimbus.

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
description: KubeArmor adapter's chart for Nimbus.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.2
version: 0.1.3

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.1.2"

dependencies:
- name: kubearmor-operator
version: ">= 1.3.4"
repository: https://kubearmor.github.io/charts
condition: autoDeploy

kubeVersion: ">= 1.25"
28 changes: 3 additions & 25 deletions deployments/nimbus-kubearmor/Readme.md
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,18 @@
# Install KubeArmor adapter

> [!Note]
> The `nimbus-kubearmor` adapter leverages the [KubeArmor](https://kubearmor.io) security engine for its functionality.
> To use this adapter, you'll need KubeArmor installed. Please
> follow [this](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/deployment_guide.md) guide for
> installation.
> Creating a KubeArmorPolicy resource without KubeArmor will have no effect.
Install `nimbus-kubearmor` adapter using the official 5GSEC Helm charts.

```shell
helm repo add 5gsec https://5gsec.github.io/charts
helm repo update 5gsec
helm upgrade --install nimbus-kubearmor 5gsec/nimbus-kubearmor -n nimbus
helm upgrade --dependency-update --install nimbus-kubearmor 5gsec/nimbus-kubearmor -n nimbus
```

Install `nimbus-kubearmor` adapter using Helm charts locally (for testing)

```bash
cd deployments/nimbus-kubearmor/
helm upgrade --install nimbus-kubearmor . -n nimbus
helm upgrade --dependency-update --install nimbus-kubearmor . -n nimbus
```

## Values
Expand All @@ -29,22 +22,7 @@ helm upgrade --install nimbus-kubearmor . -n nimbus
| image.repository | string | 5gsec/nimbus-kubearmor | Image repository from which to pull the `nimbus-kubearmor` adapter's image |
| image.pullPolicy | string | Always | `nimbus-kubearmor` adapter image pull policy |
| image.tag | string | latest | `nimbus-kubearmor` adapter image tag |

## Verify if all the resources are up and running

Once done, the following resources will exist in your cluster:

```shell
$ kubectl get all -n nimbus -l app.kubernetes.io/instance=nimbus-kubearmor
NAME READY STATUS RESTARTS AGE
pod/nimbus-kubearmor-7f6854cf8f-gm7c8 1/1 Running 0 3m25s

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nimbus-kubearmor 1/1 1 1 3m25s

NAME DESIRED CURRENT READY AGE
replicaset.apps/nimbus-kubearmor-7f6854cf8f 1 1 1 3m25s
```
| autoDeploy | bool | true | Auto deploy [KubeArmor]() with default configurations |

## Uninstall the KubeArmor adapter

Expand Down
5 changes: 5 additions & 0 deletions deployments/nimbus-kubearmor/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Default values for nimbus-kubearmor.

autoDeploy: true

image:
repository: 5gsec/nimbus-kubearmor
pullPolicy: Always
Expand All @@ -21,3 +23,6 @@ serviceAccount:
securityContext:
runAsNonRoot: true
runAsUser: 65533

kubearmor-operator:
autoDeploy: true
20 changes: 9 additions & 11 deletions deployments/nimbus-kyverno/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,22 @@
apiVersion: v2
name: nimbus-kyverno
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
description: Kyverno adapter's chart for Nimbus.
type: application
kubeVersion: ">= 1.25"

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
version: 0.1.1

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.1.0"

dependencies:
- name: kyverno
version: ">= 3.2.0"
repository: https://kyverno.github.io/kyverno/
condition: autoDeploy
38 changes: 8 additions & 30 deletions deployments/nimbus-kyverno/Readme.md
View file
Original file line number Diff line number Diff line change
@@ -1,50 +1,28 @@
# Install Kyverno adapter

> [!Note]
> The `nimbus-kyverno` adapter leverages the [kyverno](https://kyverno.io/) security engine for its functionality.
> To use this adapter, you'll need kyverno installed. Please
> follow [this](https://kyverno.io/docs/installation/methods/) guide for
> installation.
> Creating a Policy and ClusterPolicy resource without Kyverno will have no effect.
Install `nimbus-kyverno` adapter using the official 5GSEC Helm charts.

```shell
helm repo add 5gsec https://5gsec.github.io/charts
helm repo update 5gsec
helm upgrade --install nimbus-kyverno 5gsec/nimbus-kyverno -n nimbus
helm upgrade --dependency-update --install nimbus-kyverno 5gsec/nimbus-kyverno -n nimbus
```

Install `nimbus-kyverno` adapter using Helm charts locally (for testing)

```bash
cd deployments/nimbus-kyverno/
helm upgrade --install nimbus-kyverno . -n nimbus
helm upgrade --dependency-update --install nimbus-kyverno . -n nimbus
```

## Values

| Key | Type | Default | Description |
|------------------|--------|------------------------|----------------------------------------------------------------------------|
| image.repository | string | 5gsec/nimbus-kyverno | Image repository from which to pull the `nimbus-kyverno` adapter's image |
| image.pullPolicy | string | Always | `nimbus-kyverno` adapter image pull policy |
| image.tag | string | latest | `nimbus-kyverno` adapter image tag |

## Verify if all the resources are up and running

Once done, the following resources will exist in your cluster:

```shell
$ kubectl get all -n nimbus -l app.kubernetes.io/instance=nimbus-kyverno
NAME READY STATUS RESTARTS AGE
pod/nimbus-kyverno-7f6854cf8f-gm7c8 1/1 Running 0 3m25s

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nimbus-kyverno 1/1 1 1 3m25s

NAME DESIRED CURRENT READY AGE
replicaset.apps/nimbus-kyverno-7f6854cf8f 1 1 1 3m25s
```
| Key | Type | Default | Description |
|------------------|--------|----------------------|---------------------------------------------------------------------------------------------------------------------------|
| image.repository | string | 5gsec/nimbus-kyverno | Image repository from which to pull the `nimbus-kyverno` adapter's image |
| image.pullPolicy | string | Always | `nimbus-kyverno` adapter image pull policy |
| image.tag | string | latest | `nimbus-kyverno` adapter image tag |
| autoDeploy | bool | true | Auto deploy [Kyverno](https://kyverno.io/) in [Standalone](https://kyverno.io/docs/installation/methods/#standalone) mode |

## Uninstall the Kyverno adapter

Expand Down
4 changes: 3 additions & 1 deletion deployments/nimbus-kyverno/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Default values for nimbus-kyverno.

autoDeploy: true

image:
repository: 5gsec/nimbus-kyverno
pullPolicy: Always
Expand All @@ -20,4 +22,4 @@ serviceAccount:

securityContext:
runAsNonRoot: true
runAsUser: 65535
runAsUser: 65535
32 changes: 20 additions & 12 deletions deployments/nimbus/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,32 @@
apiVersion: v2
name: nimbus
description: A Helm chart for Nimbus

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
description: A Helm chart for Nimbus operator.
type: application

kubeVersion: ">= 1.25"
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.1

version: "0.1.2"
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.

appVersion: "0.1.1"

dependencies:
- name: nimbus-kubearmor
version: ">= 0.1.2"
repository: https://5gsec.github.io/charts
condition: autoDeploy.kubearmor

- name: nimbus-netpol
version: ">= 0.1.2"
repository: https://5gsec.github.io/charts
condition: autoDeploy.netpol

- name: nimbus-kyverno
version: ">= 0.1.0"
repository: https://5gsec.github.io/charts
condition: autoDeploy.kyverno
33 changes: 10 additions & 23 deletions deployments/nimbus/Readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,39 +5,26 @@ Install Nimbus operator using the official 5GSEC Helm charts.
```shell
helm repo add 5gsec https://5gsec.github.io/charts
helm repo update 5gsec
helm upgrade --install nimbus-operator 5gsec/nimbus -n nimbus --create-namespace
helm upgrade --dependency-update --install nimbus-operator 5gsec/nimbus -n nimbus --create-namespace
```

Install Nimbus using Helm charts locally (for testing)

```bash
cd deployments/nimbus/
helm upgrade --install nimbus-operator . -n nimbus --create-namespace
helm upgrade --dependency-update --install nimbus-operator . -n nimbus --create-namespace
```

## Values

| Key | Type | Default | Description |
|------------------|--------|--------------|--------------------------------------------------------|
| image.repository | string | 5gsec/nimbus | Image repository from which to pull the operator image |
| image.pullPolicy | string | Always | Operator image pull policy |
| image.tag | string | latest | Operator image tag |

## Verify if all the resources are up and running

Once done, the following resources will exist in your cluster:

```shell
$ kubectl get all -n nimbus -l app.kubernetes.io/instance=nimbus-operator
NAME READY STATUS RESTARTS AGE
pod/nimbus-operator-57dc75bc4d-9gd5n 1/1 Running 0 20m

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nimbus-operator 1/1 1 1 20m

NAME DESIRED CURRENT READY AGE
replicaset.apps/nimbus-operator-57dc75bc4d 1 1 1 20m
```
| Key | Type | Default | Description |
|----------------------|--------|--------------|---------------------------------------------------------------------------------------------------------------------------|
| image.repository | string | 5gsec/nimbus | Image repository from which to pull the operator image |
| image.pullPolicy | string | Always | Operator image pull policy |
| image.tag | string | latest | Operator image tag |
| autoDeploy.kubearmor | bool | true | Auto deploy [KubeArmor](https://kubearmor.io/) adapter |
| autoDeploy.netpol | bool | true | Auto deploy [Kubernetes NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) adapter |
| autoDeploy.kyverno | bool | true | Auto deploy [Kyverno](https://kyverno.io/) adapter |

## Uninstall the Operator

Expand Down
5 changes: 5 additions & 0 deletions deployments/nimbus/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Default values for nimbus.

autoDeploy:
kubearmor: true
netpol: true
kyverno: true

replicaCount: 1

image:
Expand Down
Loading

0 comments on commit 73ffb58

Please sign in to comment.