diff --git a/enforcer/CHANGELOG.md b/enforcer/CHANGELOG.md index 3f979639..fad6e80c 100644 --- a/enforcer/CHANGELOG.md +++ b/enforcer/CHANGELOG.md @@ -2,3 +2,8 @@ Improvements: * Adding Changelog + +# 5.3.2 (May 4th 2021) + +Improvements: +* Updated Readme diff --git a/enforcer/Chart.yaml b/enforcer/Chart.yaml index c818fdd2..556e0a9e 100644 --- a/enforcer/Chart.yaml +++ b/enforcer/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "5.3" description: A Helm chart for the Aqua Enforcer name: enforcer -version: 5.3.1 +version: 5.3.2 icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4 home: https://www.aquasec.com/ maintainers: diff --git a/enforcer/README.md b/enforcer/README.md index 6be9f944..41760481 100644 --- a/enforcer/README.md +++ b/enforcer/README.md @@ -24,24 +24,38 @@ These are Helm charts for installation and maintenance of Aqua Container Securit ## Installing the Chart Follow the steps in this section for production grade deployments. You can either clone aqua-helm git repo or you can add our helm private repository ([https://helm.aquasec.com](https://helm.aquasec.com)) +### Installing Aqua Enforcer from Github Repo + * Clone the GitHub repository with the charts ```bash -git clone https://github.com/aquasecurity/aqua-helm.git +git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git cd aqua-helm/ ``` +* Install Aqua Enforcer +```bash +helm upgrade --install --namespace aqua aqua-enforcer ./enforcer --set imageCredentials.username=<>,imageCredentials.password=<>,enforcerToken= +``` + +### Installing Aqua Enforcer from Helm Private Repository + * Add Aqua Helm Repository ```bash $ helm repo add aqua-helm https://helm.aquasec.com ``` -* Install Aqua Enforcer +* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command +```bash +$ helm search repo aqua-helm/enforcer --versions +``` +* Install Aqua Enforcer ```bash -helm upgrade --install --namespace aqua aqua-enforcer ./enforcer --set imageCredentials.username=<>,imageCredentials.password=<>,enforcerToken= +$ helm upgrade --install --namespace aqua aqua-enforcer aqua-helm/enforcer --set imageCredentials.username=<>,imageCredentials.password=<>,enforcerToken= --version <> ``` + ## Advanced Configuration In order to support L7 / gRPC communication between enforcer and envoy it is recommended to follow the detailed steps to enable and deploy a enforcer. diff --git a/kube-enforcer/CHANGELOG.md b/kube-enforcer/CHANGELOG.md index 3f979639..4ec5128d 100644 --- a/kube-enforcer/CHANGELOG.md +++ b/kube-enforcer/CHANGELOG.md @@ -2,3 +2,9 @@ Improvements: * Adding Changelog + +# 5.3.2 (May 4th 2021) + +Improvements: +* Updated Readme +* Added timeouts for KE webhooks #[246](https://github.com/aquasecurity/aqua-helm/pull/246) \ No newline at end of file diff --git a/kube-enforcer/Chart.yaml b/kube-enforcer/Chart.yaml index 09024979..7791f7f2 100644 --- a/kube-enforcer/Chart.yaml +++ b/kube-enforcer/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "5.3" description: A Helm chart for the Aqua KubeEnforcer name: kube-enforcer -version: 5.3.1 +version: 5.3.2 icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4 keywords: - scanning diff --git a/kube-enforcer/README.md b/kube-enforcer/README.md index 547494b7..9bff2642 100644 --- a/kube-enforcer/README.md +++ b/kube-enforcer/README.md @@ -71,10 +71,12 @@ Optionally, you can provide these certificates in base64 encoded format as flags ## Deploying the HELM chart +### Installing Aqua Kube-Enforcer from Github Repo + 1. Clone the GitHub repository with the charts: ```bash - git clone https://github.com/aquasecurity/kube-enforcer-helm.git + $ git clone -b 5.3 https://github.com/aquasecurity/kube-enforcer-helm.git ``` 2. (Optional) Update the Helm charts `values.yaml` file with your environment's custom values, registry secret, Aqua Server (console) credentials, and TLS certificates. This eliminates the need to pass the parameters to the HELM command. Then run one of the following commands to deploy the relevant services. @@ -84,19 +86,54 @@ Optionally, you can provide these certificates in base64 encoded format as flags 3a. To deploy the KubeEnforcer on the same cluster as the Aqua Server (console), run this command on that cluster: ```shell - helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer + $ helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer ``` 3b. Multi-cluster: To deploy the KubeEnforcer in a different cluster: First, create a namespace on that cluster named `aqua`: ```bash - kubectl create namespace aqua + $ kubectl create namespace aqua ``` Next, run the following command: ```shell - helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer --set envs.gatewayAddress="",imageCredentials.username=,imageCredentials.password= + $ helm upgrade --install --namespace aqua kube-enforcer ./kube-enforcer --set envs.gatewayAddress="",imageCredentials.username=,imageCredentials.password= + ``` + +### Installing Aqua Kube-Enforcer from Helm Private Repository + +1. Add Aqua Helm Repository + + ```bash + $ helm repo add aqua-helm https://helm.aquasec.com + ``` + +2. (Optional) Update the Helm charts `values.yaml` file with your environment's custom values, registry secret, Aqua Server (console) credentials, and TLS certificates. This eliminates the need to pass the parameters to the HELM command. Then run one of the following commands to deploy the relevant services. + +3. Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command +```bash +$ helm search repo aqua-helm/kube-enforcer --versions +``` + +4. Choose **either** 4a **or** 4b: + + 4a. To deploy the KubeEnforcer on the same cluster as the Aqua Server (console), run this command on that cluster: + + ```shell + $ helm upgrade --install --namespace aqua kube-enforcer aqua-helm/kube-enforcer --version <> + ``` + + 4b. Multi-cluster: To deploy the KubeEnforcer in a different cluster: + + First, create a namespace on that cluster named `aqua`: + ```bash + $ kubectl create namespace aqua + ``` + Next, copy the values.yaml content from [Values.yaml](./values.yaml) and make the respective changes then run the following command: + + ```shell + $ helm upgrade --install --namespace aqua kube-enforcer aqua-helm/kube-enforcer --values values.yaml --version <> ``` Optional flags: diff --git a/scanner/CHANGELOG.md b/scanner/CHANGELOG.md index 3f979639..833b1b5d 100644 --- a/scanner/CHANGELOG.md +++ b/scanner/CHANGELOG.md @@ -2,3 +2,8 @@ Improvements: * Adding Changelog + +# 5.3.2 (May 4th 2021) + +Improvements: +* Updated Readme \ No newline at end of file diff --git a/scanner/Chart.yaml b/scanner/Chart.yaml index d5c98e2c..fa28de2d 100644 --- a/scanner/Chart.yaml +++ b/scanner/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "5.3" description: A Helm chart for the Aqua Scanner CLI component name: scanner -version: 5.3.1 +version: 5.3.2 icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4 home: https://www.aquasec.com/ maintainers: diff --git a/scanner/README.md b/scanner/README.md index de3da333..1baf888c 100644 --- a/scanner/README.md +++ b/scanner/README.md @@ -24,24 +24,41 @@ These are Helm charts for installation and maintenance of Aqua Container Securit ## Installing the Chart Follow the steps in this section for production grade deployments. You can either clone aqua-helm git repo or you can add our helm private repository ([https://helm.aquasec.com](https://helm.aquasec.com)) +### Installing Aqua Scanner from Github Repo + * Clone the GitHub repository with the charts ```bash -git clone https://github.com/aquasecurity/aqua-helm.git -cd aqua-helm/ +$ git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git +$ cd aqua-helm/ +``` + + +* Install Aqua + +```bash +$ helm upgrade --install --namespace aqua scanner ./scanner --set imageCredentials.username=<>,imageCredentials.password=<> ``` +### Installing Aqua Scanner from Helm Private Repository + * Add Aqua Helm Repository ```bash $ helm repo add aqua-helm https://helm.aquasec.com ``` -* Install Aqua Scanner +* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command +```bash +$ helm search repo aqua-helm/scanner --versions +``` + +* Install Aqua ```bash -helm upgrade --install --namespace aqua scanner ./scanner --set imageCredentials.username=<>,imageCredentials.password=<>,user=<>,password=<> +$ helm upgrade --install --namespace aqua scanner aqua-helm/scanner --set imageCredentials.username=<>,imageCredentials.password=<> --version <> ``` + Before installing scanner chart the recommendation is to create user with scanning permissions, [Link to documentations](https://docs.aquasec.com/docs/add-scanners#section-add-a-scanner-user) ## Configurable Variables diff --git a/server/CHANGELOG.md b/server/CHANGELOG.md index 3f979639..d97e8350 100644 --- a/server/CHANGELOG.md +++ b/server/CHANGELOG.md @@ -2,3 +2,10 @@ Improvements: * Adding Changelog + +# 5.3.2 (May 4th 2021) + +Improvements: +* Updated Readme +* Added Maintenance Db support #[246](https://github.com/aquasecurity/aqua-helm/pull/246) +* added annotations support for SA creation #[249](https://github.com/aquasecurity/aqua-helm/pull/249) diff --git a/server/Chart.yaml b/server/Chart.yaml index b0ce3189..c8d9fb5c 100644 --- a/server/Chart.yaml +++ b/server/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "5.3" description: A Helm chart for the Aqua Console components name: server -version: 5.3.1 +version: 5.3.2 icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4 home: https://www.aquasec.com/ maintainers: diff --git a/server/README.md b/server/README.md index 35705525..94a3e978 100644 --- a/server/README.md +++ b/server/README.md @@ -37,23 +37,39 @@ db: ## Installing the Chart Follow the steps in this section for production grade deployments. You can either clone aqua-helm git repo or you can add our helm private repository ([https://helm.aquasec.com](https://helm.aquasec.com)) +### Installing Aqua Web from Github Repo + * Clone the GitHub repository with the charts ```bash -git clone https://github.com/aquasecurity/aqua-helm.git -cd aqua-helm/ +$ git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git +$ cd aqua-helm/ +``` + +* Install Aqua + +```bash +$ helm upgrade --install --namespace aqua aqua ./server --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> ``` +### Installing Aqua Web from Helm Private Repository + * Add Aqua Helm Repository ```bash $ helm repo add aqua-helm https://helm.aquasec.com ``` +* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command +```bash +$ helm search repo aqua-helm/server --versions +``` + * Install Aqua ```bash -helm upgrade --install --namespace aqua aqua ./server --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> +$ helm upgrade --install --namespace aqua aqua aqua-helm/server --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> --version <> ``` + ## Advanced Configuration 1. Envoy @@ -92,8 +108,9 @@ helm upgrade --install --namespace aqua aqua ./server --set imageCredentials.use 2. Create TLS cert secret ```bash - # Please be notified that tls.key and tls.crt in the below command are same - # as mydomain.com.key and mydomain.com.crt in the above openssl commands + # Please be notified that tls.key and tls.crt in the below command are default filenames + # and same as mydomain.com.key and mydomain.com.crt in the above openssl commands + # If tls.crt and tls.key filenames are changed then it should be changed in values.yaml envoy config $ kubectl create secret tls aqua-lb-tls --key tls.key --cert tls.crt -n aqua ``` diff --git a/server/values.yaml b/server/values.yaml index 41b6183b..d11d1d05 100644 --- a/server/values.yaml +++ b/server/values.yaml @@ -134,7 +134,7 @@ gate: tag: "5.3" pullPolicy: IfNotPresent service: - type: ClusterIP + type: ClusterIP #for OCP/OSD environments Can enable gateway to external by changing type to "LoadBalancer" annotations: {} ports: - name: aqua-gate diff --git a/tenant-manager/CHANGELOG.md b/tenant-manager/CHANGELOG.md index 3f979639..83a1163d 100644 --- a/tenant-manager/CHANGELOG.md +++ b/tenant-manager/CHANGELOG.md @@ -2,3 +2,9 @@ Improvements: * Adding Changelog + +# 5.3.2 (May 4th 2021) + +Improvements: +* Updated Readme +* Added Maintenance Db support #[253](https://github.com/aquasecurity/aqua-helm/pull/253) \ No newline at end of file diff --git a/tenant-manager/Chart.yaml b/tenant-manager/Chart.yaml index 7084641c..1a356f53 100644 --- a/tenant-manager/Chart.yaml +++ b/tenant-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "5.3" description: A Helm chart for the Aqua Tenant Manager name: tenant-manger -version: 5.3.1 +version: 5.3.2 icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4 home: https://www.aquasec.com/ maintainers: diff --git a/tenant-manager/README.md b/tenant-manager/README.md index 773dece3..d199c7d1 100644 --- a/tenant-manager/README.md +++ b/tenant-manager/README.md @@ -39,31 +39,39 @@ db: ## Installing the Chart Follow the steps in this section for production-grade deployments. You can either clone the aqua-helm GitHub repo or you can add our private Helm repository ([https://helm.aquasec.com](https://helm.aquasec.com)). -* Using the GitHub repo +### Installing Aqua Tenant Manager from Github Repo - a. Clone the GitHub repository with the charts: +* Clone the GitHub repository with the charts: - ```bash - git clone https://github.com/aquasecurity/aqua-helm.git - cd aqua-helm/ - ``` - b. Deploy the Aqua Tenant Manager +```bash +$ git clone -b 5.3 https://github.com/aquasecurity/aqua-helm.git +$ cd aqua-helm/ +``` + +* Deploy the Aqua Tenant Manager - ```bash - helm upgrade --install --namespace aqua aqua ./tenant-manger --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> - ``` +```bash +$ helm upgrade --install --namespace aqua tenant-manager ./tenant-manger --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> +``` -* Using the Helm Repo +### Installing Aqua Tenant Manager from Helm Private Repository - a. Add the Aqua Helm repository +* Add the Aqua Helm repository + +```bash +$ helm repo add aqua-helm https://helm.aquasec.com +``` + +* Check for the available chart versions either from [Changelog](./CHANGELOG.md) or by running the below command +```bash +$ helm search repo aqua-helm/tenant-manager --versions +``` - ```bash - $ helm repo add aqua-helm https://helm.aquasec.com - ``` - b. Deploy the Aqua Tenant Manager +* Deploy the Aqua Tenant Manager - ```bash - helm upgrade --install --namespace aqua aqua-helm/tenant-manager --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> +```bash +$ helm upgrade --install --namespace aqua tenant-manager aqua-helm/tenant-manager --set imageCredentials.username=<>,imageCredentials.password=<>,platform=<> --version <> +``` ## Database