Skip to content

Commit

Permalink
Merge pull request #260 from KoppulaRajender/5.3
Browse files Browse the repository at this point in the history
5.3 | Updating Readme files & Changelog
  • Loading branch information
KoppulaRajender authored May 6, 2021
2 parents 365f4b7 + 20a5267 commit fcf843b
Show file tree
Hide file tree
Showing 16 changed files with 162 additions and 40 deletions.
5 changes: 5 additions & 0 deletions enforcer/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,8 @@

Improvements:
* Adding Changelog

# 5.3.2 (May 4th 2021)

Improvements:
* Updated Readme
2 changes: 1 addition & 1 deletion enforcer/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "5.3"
description: A Helm chart for the Aqua Enforcer
name: enforcer
version: 5.3.1
version: 5.3.2
icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4
home: https://www.aquasec.com/
maintainers:
Expand Down
20 changes: 17 additions & 3 deletions enforcer/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,24 +24,38 @@ These are Helm charts for installation and maintenance of Aqua Container Securit
## Installing the Chart
Follow the steps in this section for production grade deployments. You can either clone aqua-helm git repo or you can add our helm private repository ([https://helm.aquasec.com](https://helm.aquasec.com))

### Installing Aqua Enforcer from Github Repo

* Clone the GitHub repository with the charts

```bash
git clone https://github.com/aquasecurity/aqua-helm.git
git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git
cd aqua-helm/
```

* Install Aqua Enforcer
```bash
helm upgrade --install --namespace aqua aqua-enforcer ./enforcer --set imageCredentials.username=<>,imageCredentials.password=<>,enforcerToken=<aquasec-token>
```

### Installing Aqua Enforcer from Helm Private Repository

* Add Aqua Helm Repository
```bash
$ helm repo add aqua-helm https://helm.aquasec.com
```

* Install Aqua Enforcer
* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command
```bash
$ helm search repo aqua-helm/enforcer --versions
```

* Install Aqua Enforcer
```bash
helm upgrade --install --namespace aqua aqua-enforcer ./enforcer --set imageCredentials.username=<>,imageCredentials.password=<>,enforcerToken=<aquasec-token>
$ helm upgrade --install --namespace aqua aqua-enforcer aqua-helm/enforcer --set imageCredentials.username=<>,imageCredentials.password=<>,enforcerToken=<aquasec-token> --version <>
```


## Advanced Configuration

In order to support L7 / gRPC communication between enforcer and envoy it is recommended to follow the detailed steps to enable and deploy a enforcer.
Expand Down
6 changes: 6 additions & 0 deletions kube-enforcer/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,9 @@

Improvements:
* Adding Changelog

# 5.3.2 (May 4th 2021)

Improvements:
* Updated Readme
* Added timeouts for KE webhooks #[246](https://github.com/aquasecurity/aqua-helm/pull/246)
2 changes: 1 addition & 1 deletion kube-enforcer/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "5.3"
description: A Helm chart for the Aqua KubeEnforcer
name: kube-enforcer
version: 5.3.1
version: 5.3.2
icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4
keywords:
- scanning
Expand Down
45 changes: 41 additions & 4 deletions kube-enforcer/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,10 +71,12 @@ Optionally, you can provide these certificates in base64 encoded format as flags

## Deploying the HELM chart

### Installing Aqua Kube-Enforcer from Github Repo

1. Clone the GitHub repository with the charts:

```bash
git clone https://github.com/aquasecurity/kube-enforcer-helm.git
$ git clone -b 5.3 https://github.com/aquasecurity/kube-enforcer-helm.git
```

2. (Optional) Update the Helm charts `values.yaml` file with your environment's custom values, registry secret, Aqua Server (console) credentials, and TLS certificates. This eliminates the need to pass the parameters to the HELM command. Then run one of the following commands to deploy the relevant services.
Expand All @@ -84,19 +86,54 @@ Optionally, you can provide these certificates in base64 encoded format as flags
3a. To deploy the KubeEnforcer on the same cluster as the Aqua Server (console), run this command on that cluster:
```shell
helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer
$ helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer
```
3b. Multi-cluster: To deploy the KubeEnforcer in a different cluster:
First, create a namespace on that cluster named `aqua`:
```bash
kubectl create namespace aqua
$ kubectl create namespace aqua
```
Next, run the following command:
```shell
helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer --set envs.gatewayAddress="<Aqua_Remote_Gateway_IP/URL>",imageCredentials.username=<registry-username>,imageCredentials.password=<registry-password>
$ helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer --set envs.gatewayAddress="<Aqua_Remote_Gateway_IP/URL>",imageCredentials.username=<registry-username>,imageCredentials.password=<registry-password>
```
### Installing Aqua Kube-Enforcer from Helm Private Repository
1. Add Aqua Helm Repository
```bash
$ helm repo add aqua-helm https://helm.aquasec.com
```
2. (Optional) Update the Helm charts `values.yaml` file with your environment's custom values, registry secret, Aqua Server (console) credentials, and TLS certificates. This eliminates the need to pass the parameters to the HELM command. Then run one of the following commands to deploy the relevant services.

3. Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command
```bash
$ helm search repo aqua-helm/kube-enforcer --versions
```

4. Choose **either** 4a **or** 4b:

4a. To deploy the KubeEnforcer on the same cluster as the Aqua Server (console), run this command on that cluster:

```shell
$ helm upgrade --install --namespace aqua kube-enforcer aqua-helm/kube-enforcer --version <>
```

4b. Multi-cluster: To deploy the KubeEnforcer in a different cluster:

First, create a namespace on that cluster named `aqua`:
```bash
$ kubectl create namespace aqua
```
Next, copy the values.yaml content from [Values.yaml](./values.yaml) and make the respective changes then run the following command:

```shell
$ helm upgrade --install --namespace aqua kube-enforcer aqua-helm/kube-enforcer --values values.yaml --version <>
```

Optional flags:
Expand Down
5 changes: 5 additions & 0 deletions scanner/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,8 @@

Improvements:
* Adding Changelog

# 5.3.2 (May 4th 2021)

Improvements:
* Updated Readme
2 changes: 1 addition & 1 deletion scanner/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "5.3"
description: A Helm chart for the Aqua Scanner CLI component
name: scanner
version: 5.3.1
version: 5.3.2
icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4
home: https://www.aquasec.com/
maintainers:
Expand Down
25 changes: 21 additions & 4 deletions scanner/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,24 +24,41 @@ These are Helm charts for installation and maintenance of Aqua Container Securit
## Installing the Chart
Follow the steps in this section for production grade deployments. You can either clone aqua-helm git repo or you can add our helm private repository ([https://helm.aquasec.com](https://helm.aquasec.com))

### Installing Aqua Scanner from Github Repo

* Clone the GitHub repository with the charts

```bash
git clone https://github.com/aquasecurity/aqua-helm.git
cd aqua-helm/
$ git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git
$ cd aqua-helm/
```


* Install Aqua

```bash
$ helm upgrade --install --namespace aqua scanner ./scanner --set imageCredentials.username=<>,imageCredentials.password=<>
```

### Installing Aqua Scanner from Helm Private Repository

* Add Aqua Helm Repository
```bash
$ helm repo add aqua-helm https://helm.aquasec.com
```

* Install Aqua Scanner
* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command
```bash
$ helm search repo aqua-helm/scanner --versions
```

* Install Aqua

```bash
helm upgrade --install --namespace aqua scanner ./scanner --set imageCredentials.username=<>,imageCredentials.password=<>,user=<>,password=<>
$ helm upgrade --install --namespace aqua scanner aqua-helm/scanner --set imageCredentials.username=<>,imageCredentials.password=<> --version <>
```


Before installing scanner chart the recommendation is to create user with scanning permissions, [Link to documentations](https://docs.aquasec.com/docs/add-scanners#section-add-a-scanner-user)

## Configurable Variables
Expand Down
7 changes: 7 additions & 0 deletions server/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,10 @@

Improvements:
* Adding Changelog

# 5.3.2 (May 4th 2021)

Improvements:
* Updated Readme
* Added Maintenance Db support #[246](https://github.com/aquasecurity/aqua-helm/pull/246)
* added annotations support for SA creation #[249](https://github.com/aquasecurity/aqua-helm/pull/249)
2 changes: 1 addition & 1 deletion server/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "5.3"
description: A Helm chart for the Aqua Console components
name: server
version: 5.3.1
version: 5.3.2
icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4
home: https://www.aquasec.com/
maintainers:
Expand Down
27 changes: 22 additions & 5 deletions server/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,23 +37,39 @@ db:
## Installing the Chart
Follow the steps in this section for production grade deployments. You can either clone aqua-helm git repo or you can add our helm private repository ([https://helm.aquasec.com](https://helm.aquasec.com))
### Installing Aqua Web from Github Repo
* Clone the GitHub repository with the charts
```bash
git clone https://github.com/aquasecurity/aqua-helm.git
cd aqua-helm/
$ git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git
$ cd aqua-helm/
```

* Install Aqua

```bash
$ helm upgrade --install --namespace aqua aqua ./server --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<>
```

### Installing Aqua Web from Helm Private Repository

* Add Aqua Helm Repository
```bash
$ helm repo add aqua-helm https://helm.aquasec.com
```

* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command
```bash
$ helm search repo aqua-helm/server --versions
```

* Install Aqua

```bash
helm upgrade --install --namespace aqua aqua ./server --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<>
$ helm upgrade --install --namespace aqua aqua aqua-helm/server --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> --version <>
```

## Advanced Configuration

1. Envoy
Expand Down Expand Up @@ -92,8 +108,9 @@ helm upgrade --install --namespace aqua aqua ./server --set imageCredentials.use
2. Create TLS cert secret

```bash
# Please be notified that tls.key and tls.crt in the below command are same
# as mydomain.com.key and mydomain.com.crt in the above openssl commands
# Please be notified that tls.key and tls.crt in the below command are default filenames
# and same as mydomain.com.key and mydomain.com.crt in the above openssl commands
# If tls.crt and tls.key filenames are changed then it should be changed in values.yaml envoy config
$ kubectl create secret tls aqua-lb-tls --key tls.key --cert tls.crt -n aqua
```

Expand Down
2 changes: 1 addition & 1 deletion server/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ gate:
tag: "5.3"
pullPolicy: IfNotPresent
service:
type: ClusterIP
type: ClusterIP #for OCP/OSD environments Can enable gateway to external by changing type to "LoadBalancer"
annotations: {}
ports:
- name: aqua-gate
Expand Down
6 changes: 6 additions & 0 deletions tenant-manager/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,9 @@

Improvements:
* Adding Changelog

# 5.3.2 (May 4th 2021)

Improvements:
* Updated Readme
* Added Maintenance Db support #[253](https://github.com/aquasecurity/aqua-helm/pull/253)
2 changes: 1 addition & 1 deletion tenant-manager/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "5.3"
description: A Helm chart for the Aqua Tenant Manager
name: tenant-manger
version: 5.3.1
version: 5.3.2
icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4
home: https://www.aquasec.com/
maintainers:
Expand Down
44 changes: 26 additions & 18 deletions tenant-manager/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,31 +39,39 @@ db:
## Installing the Chart
Follow the steps in this section for production-grade deployments. You can either clone the aqua-helm GitHub repo or you can add our private Helm repository ([https://helm.aquasec.com](https://helm.aquasec.com)).
* Using the GitHub repo
### Installing Aqua Tenant Manager from Github Repo
a. Clone the GitHub repository with the charts:
* Clone the GitHub repository with the charts:
```bash
git clone https://github.com/aquasecurity/aqua-helm.git
cd aqua-helm/
```
b. Deploy the Aqua Tenant Manager
```bash
$ git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git
$ cd aqua-helm/
```

* Deploy the Aqua Tenant Manager

```bash
helm upgrade --install --namespace aqua aqua ./tenant-manger --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<>
```
```bash
$ helm upgrade --install --namespace aqua tenant-manager ./tenant-manger --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<>
```

* Using the Helm Repo
### Installing Aqua Tenant Manager from Helm Private Repository

a. Add the Aqua Helm repository
* Add the Aqua Helm repository

```bash
$ helm repo add aqua-helm https://helm.aquasec.com
```

* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command
```bash
$ helm search repo aqua-helm/tenant-manager --versions
```

```bash
$ helm repo add aqua-helm https://helm.aquasec.com
```
b. Deploy the Aqua Tenant Manager
* Deploy the Aqua Tenant Manager

```bash
helm upgrade --install --namespace aqua <release_name> aqua-helm/tenant-manager --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<>
```bash
$ helm upgrade --install --namespace aqua tenant-manager aqua-helm/tenant-manager --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> --version <>
```

## Database

Expand Down

0 comments on commit fcf843b

Please sign in to comment.