docs(operator): Install with Helm

Signed-off-by: Daniel Pacak <[email protected]>
jorgyp · Dec 9, 2020 · 45d4e47 · 45d4e47
1 parent 258d487
commit 45d4e47
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 3 deletions.
diff --git a/deploy/helm/templates/NOTES.txt b/deploy/helm/templates/NOTES.txt
@@ -1,10 +1,10 @@
-You have installed starboard-operator in the namespace "{{ .Release.Namespace }}"
-and it is configured to operate in the namespaces: '{{ tpl .Values.targetNamespaces . | default "(all namespaces)" }}'.
+You have installed Starboard Operator in the "{{ .Release.Namespace }}" namespace.
+It is configured to discover Kubernetes workloads in the namespaces: '{{ tpl .Values.targetNamespaces . | default "(all namespaces)" }}'.
 
 Inspect created VulnerabilityReports by:
 
     kubectl get vulnerabilityreports --all-namespaces
 
 Inspect the work log of starboard-operator by:
 
-    kubectl logs -n {{ .Release.Namespace }} deploy/{{ include "starboard-operator.fullname" . }}
+    kubectl logs -n {{ .Release.Namespace }} deployment/{{ include "starboard-operator.fullname" . }}
diff --git a/docs/operator.md b/docs/operator.md
@@ -68,6 +68,75 @@ errors:
 
 In case of any error consult our [Troubleshooting](troubleshooting.md) guidelines.
 
+### Helm
+
+[Helm][helm], which is de facto standard package manager for Kubernetes, allows
+installing applications from parameterized YAML manifests called Helm [charts][helm-charts].
+
+To address shortcomings of static YAML manifests we provide the Helm chart to
+deploy the Starboard operator. The Helm chart supports all [install modes](#install-modes).
+
+As an example, let's install the operator in the `starboard-operator` namespace and
+configure it to watch the `default` namespaces:
+
+1. Clone the chart repository:
+
+        git clone https://github.com/aquasecurity/starboard.git
+        cd starboard
+
+2. (Optional) Configure the operator by creating the `starboard` ConfigMap in
+   the `starboard-operator` namespace. If you skip this step, the operator will
+   ensure the ConfigMap on startup with the default configuration values.
+
+        kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/master/deploy/static/05-starboard-operator.cm.yaml
+   Review the default values and makes sure the operator is configured properly:
+
+        kubectl describe cm starboard -n starboard-operator
+
+3. Install the chart:
+
+        helm install starboard-operator ./deploy/helm \
+          -n starboard-operator \
+          --create-namespace \
+          --set="targetNamespaces=default"
+
+Check that the `starboard-operator` Helm release is created in the `starboard-operator`
+namespace:
+
+```
+helm list -n starboard-operator
+```
+
+```text
+NAME              	NAMESPACE         	REVISION	UPDATED                             	STATUS  	CHART                   	APP VERSION
+starboard-operator	starboard-operator	1       	2020-12-09 16:15:51.070673 +0100 CET	deployed	starboard-operator-0.2.1	0.7.1
+```
+
+To confirm that the operator is running, check the number of replicas created by
+the `starboard-operator` Deployment in the `starboard-operator` namespace:
+
+    kubectl get deployment -n starboard-operator
+
+You should see the output similar to the following:
+
+    NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
+    starboard-operator   1/1     1            1           11m
+
+If for some reason it's not ready yet, check the logs of the Deployment for
+errors:
+
+    kubectl logs -n starboard-operator deployment/starboard-operator
+
+In case of any error consult our [Troubleshooting](troubleshooting.md) guidelines.
+
+You can uninstall the operator with the following command:
+
+    helm uninstall starboard-operator -n starboard-operator
+
+> **NOTE** You have to manually delete CRDs created by the `helm install` command:
+>
+>     kubectl delete crd vulnerabilityreports.aquasecurity.github.io
+
 ## Getting Started
 
 Assuming that you installed the operator in the `starboard-operator` namespace,
@@ -133,3 +202,6 @@ the install mode, which in turn determines the multitenancy support of the opera
 | SingleNamespace | `operators`        | `foo`                      | The operator can be configured to watch for events in a single namespace that the operator is not deployed in. |
 | MultiNamespace  | `operators`        | `foo,bar,baz`              | The operator can be configured to watch for events in more than one namespace. |
 | AllNamespaces   | `operators`        |                            | The operator can be configured to watch for events in all namespaces. |
+
+[helm]: https://helm.sh/
+[helm-charts]: https://helm.sh/docs/topics/charts/