Coder Social home page Coder Social logo

felipecosta09 / cloudone-admission-controller-helm Goto Github PK

View Code? Open in Web Editor NEW

This project forked from trendmicro/cloudone-container-security-helm

0.0 1.0 0.0 13 KB

Helm chart to deploy Trend Micro Cloud One Admission Controller.

Shell 61.82% Smarty 38.18%

cloudone-admission-controller-helm's Introduction

Trend Micro Cloud One Admission Controller

Getting started

Installing Helm

Trend Micro Cloud One Admission Controller uses the helm package manager for Kubernetes.

Helm 3

We recommend using Helm 3 (version 3.0.1 or later) to install the Trend Micro Cloud One Admission Controller if this is possible for you.

There is a handy guide that will help you get started. In most cases installing Helm 3 involves running a single command.

If you have already installed the Trend Micro Cloud One Admission Controller using Helm 2, you will need to migrate your install. The Helm folks have a helpful blog post that details this process.

Helm 2

If you have to use Helm 2, you will need helm version v2.14.1 or later. Expand this section for details.

There's a handy quickstart that will help you get started, or if you like living dangerously:

curl -L https://git.io/get_helm.sh | bash

Helm has a cluster-side component called tiller that needs to be installed as well.

Make sure that your kubectl context is set correctly to point to your cluster:

kubectl config current-context

If your kubectl context is not pointing to your cluster, use kubectl config get-contexts and kubectl config use-context to set it, or if you are using Google Cloud Platform follow the instructions in the Connect to the cluster dialog available by clicking the Connect button beside your cluster information in the console.

Configure a service account for tiller and install:

kubectl create serviceaccount \
  --namespace kube-system \
  tiller

kubectl create clusterrolebinding tiller-cluster-role \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:tiller

helm init --service-account tiller

Use helm version to confirm that you have at least version v2.14.1 of the client and server installed.

Note: the commands above will give tiller full cluster administrator privileges. Review Securing your Helm Installation for help on what to consider when setting up Helm in your cluster.

Getting a Cloud One API Key

To use the Admission Controller with your Kubernetes cluster an API key is required to be able to communicate with Trend Micro Cloud One Container Security.

To obtain an API key:

  1. Navigate to the Trend Micro Cloud One Container Security console using https://cloudone.trendmicro.com.

  2. Proceed to the clusters page.

  3. Add a cluster giving it a unique name which can identify your Kubernetes cluster for which the Admission Controller will be used. Upon registering the cluster, an API key will be provided for use in the installation process.

Installing the Admission Controller

  1. Create a file called overrides.yaml that will contain your cluster-specific settings.

    cloudOne:
      ## API key to be used with Trend Micro Cloud One Container Security
      apiKey: YOUR-API-KEY-HERE
  2. Use helm to install Trend Micro Cloud One Admission Controller with your cluster-specific settings:

    helm install \
      --values overrides.yaml \
      trendmicro \
      https://github.com/trendmicro/cloudone-admission-controller-helm/archive/master.tar.gz

Upgrading the Admission Controller

To upgrade an existing installation of Cloud One Admission Controller in the default Kubernetes namespace to the latest version:

helm upgrade \
  --values overrides.yaml \
  trendmicro \
  https://github.com/trendmicro/cloudone-admission-controller-helm/archive/master.tar.gz

Uninstalling the Admission Controller

You can delete all of the resources created for the Admission Controller by running helm delete:

helm delete trendmicro

Use the helm list command to list installed releases.

helm delete is a destructive command and will delete all of the associated resources. Use with care.

Documentation

Advanced topics

Installing a specific version of the Admission Controller

If you want to install a specific version of the Admission Controller, you can use the archive link for the tagged release. For example, to install Trend Micro Cloud One Admission Controller 0.0.1, you can run:

helm install \
  --values overrides.yaml \
  trendmicro \
  https://github.com/trendmicro/cloudone-admission-controller-helm/archive/0.0.1.tar.gz

Using an alternate Kubernetes namespace

To install the Admission Controller into an existing Kubernetes namespace that's different from the current namespace, use the --namespace parameter in the helm install command:

helm install \
  --namespace {namespace} \
  --values overrides.yaml \
  trendmicro \
  https://github.com/trendmicro/cloudone-admission-controller-helm/archive/master.tar.gz

Overriding configuration defaults

Helm uses a file called values.yaml to set configuration defaults. You can find detailed documentation for each of the configuration options in this file.

As described above, you can override the defaults in this file by creating an overrides.yaml file and providing the location of this file on the command line:

helm install \
  --values overrides.yaml \
  trendmicro \
  https://github.com/trendmicro/cloudone-admission-controller-helm/archive/master.tar.gz

If you create a file to override the values, make sure to copy the structure from the chart's values.yaml file. You only need to provide the values that you are overriding.

Troubleshooting

Basic issues

Most issues can be investigated using the Admission Controller logs. The Admission Controller logs can be accessed using Kubectl with the following command:

kubectl logs deployment/trendmicro-admission-controller

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.