Skip to content

Latest commit

 

History

History
179 lines (118 loc) · 6.69 KB

README.md

File metadata and controls

179 lines (118 loc) · 6.69 KB
Raw

Unguard Helm Chart

Introduction

This chart bootstraps an Unguard deployment on a Kubernetes cluster using the Helm package manager.

Warning
Unguard is insecure by design and a careless installation will leave you exposed to severe security vulnerabilities. Make sure to restrict access and/or run it in a sandboxed environment.

Prerequisites

Installing the Chart

Note: This chart presumes an already running MariaDB database in the cluster. The default naming requirement is unguard-mariadb.

To install the chart with the release name unguard in a new namespace unguard with an unguard-mariadb MariaDB instance:

  1. Add the bitnami repository for the MariaDB dependency

     helm repo add bitnami https://charts.bitnami.com/bitnami

  2. Install MariaDB

    Note: The default release-name of the database installation is unguard-mariadb. If you want to change this you also have to adopt the mariaDB.serviceNamevalue.

    helm install unguard-mariadb bitnami/mariadb --version 11.5.7 --set primary.persistence.enabled=false --wait --namespace unguard --create-namespace

    Note:
    The --wait flag waits for the installation to be completed
    --namespace unguard specifiers the desired namespace
    --create-namespace creates the namespace if it doesn't exist
    For more details see the Helm documentation

  3. Install Unguard

    Note:
    The default configuration is for deployment on a local cluster!
    To deploy to an EKS cluster append: --set localDev.enabled=false,aws.enabled=true

    1. Using the remote chart from GitHub

      helm install unguard  oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --wait --namespace unguard --create-namespace

    2. Using the local chart

      helm install unguard ./chart --wait --namespace unguard --create-namespace

These commands deploy Unguard in the default configuration.

Tip: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the unguard deployment:

helm uninstall unguard -n unguard

To also uninstall the MariaDB deployment:

helm uninstall unguard-mariadb -n unguard

The command removes all the Kubernetes components associated with the chart and deletes the release.

Install a specific version of Unguard

To install Unguard in a specific version provide the --version flag with the version you want to install:

helm install unguard  oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --version 0.9.4

Parameters

Global parameters

Name Description Default Value
localDev.enabled Creates an Ingress and configures it for local (minikube/kind) deployment true
aws.enabled Creates an Ingress and configures it for AWS EKS cluster deployment false
tracing.enabled Activates tracing in services false
maliciousLoadGenerator.enabled Deploys the malicious load generator false
mariaDB.serviceName Expected release-name of the MariaDB installation by Unguard unguard-mariadb

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --set mariaDB.serviceName=mariadb

The above command changes the MariaDB installation release-name to mariadb.

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

helm install unguard -f aws.yaml oci://ghcr.io/dynatrace-oss/unguard/chart/unguard

The above command applies the values from aws.yaml which creates and configures an ingress for EKS deployment.

Tip: You can use the default values.yaml

Installation on an AWS EKS cluster

Warning
Unguard is insecure by design and a careless installation will leave you exposed to severe security vulnerabilities.
When installing Unguard with the aws.enabled=true value set, an ingress gets created. Please make sure to review its configuration.

Note:
These steps assume that an AWS Load Balancer Controller is installed. See https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.6/ for more information.

This Chart is prepared to install Unguard on an AWS EKS cluster.
To install Unguard on an AWS EKS cluster running an AWS load balancer, you can run the following helm command:

helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --set localDev.enabled=false,aws.enabled=true

This creates an ingress and adds the following default annotations:

kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/load-balancer-name: "unguard-lb"

These annotations can be adjusted by modifying and extending the aws.yaml values file and then passing it to the Unguard helm install command like shown bellow.

helm install unguard -f aws.yaml oci://ghcr.io/dynatrace-oss/unguard/chart/unguard

Note:
Passing the aws.yaml values file removes and overrides ALL default annotations.

Tracing and Jaeger

To enable tracing, provide the YAML file tracing.yaml during installation. Unguard is configured for Jaeger tracing.
To also install Jaeger tracing follow the TRACING guide.

helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard -f ./chart/tracing.yaml

License

Copyright 2023 Dynatrace LLC

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.