Introduction
This document provides step by step guide to installing Deepfactor Mutating Admission Controller Webhook via helm charts.
Generate Certificate for Deepfactor Admission webhook
Generate the certificate for webhook this with the following command:
rm -rf webhook-certs
export HELM_RELEASE_NAME=df-webhook-stable
export HELM_RELEASE_NAMESPACE=df-webhook
bash -c "$(curl -L https://static.deepfactor.io/scripts/public/df-webhook/cert-gen/certgen.sh)"
On successful completion, you will find the following three files under the certs directory.
ca.crt
tls.crt
tls.key
Add Deepfactor Helm
RepositoryAdd Deepfactor Helm Repository using the commands below. If you do not have helm installed, please click here.
helm repo add deepfactor https://static.deepfactor.io/helm-charts
helm repo update
helm show values deepfactor/webhook \
| grep -A100 -e 'webhookconfig:' | tee webhook-override.yaml
You will need to enter the Deepfactor run token in the webhookconfig section of the webhook-override.yaml. You can get this token from the Deepfactor portal UI.
Create webhook-override.yaml
Create
webhook-override.yaml
or specify the config via CLI parameters for helm installation. Following is a sample webhook-override.yaml for the webhook. For detailed description pls refer to How To Configure Deepfactor Webhook Mutation Configwebhookconfig:
# Possible values are: namespace, podspec
# appNameSource: "namespace"
# httpProxy: ""
# httpsProxy: ""
dfRunToken: "ey..."
namespaces:
- name: "df1"
appName: "bmc-demo"
componentNameSource: "ImageAndTag"
componentVersionSource: "ImageID"
Example helm CLI alternative:
--set webhookconfig.dfRunToken=$(cat ~/df-run-token.jwt) \
--set webhookconfig.namespaces[0].name="df1"
Install Deepfactor Mutating Admission Webhook
Now that you have set up your webhook-override.yaml, install the Deepfactor webhook using the command below:
helm upgrade --install $HELM_RELEASE_NAME -n $HELM_RELEASE_NAMESPACE deepfactor/webhook \
--set-file=webhook.ca.crt=webhook-certs/ca.crt \
--set-file=webhook.tls.crt=webhook-certs/tls.crt \
--set-file=webhook.tls.key=webhook-certs/tls.key \
--create-namespace -f webhook-override.yaml
Update Deepfactor Webhook
The certificate need not be generated during the upgrade but if it is changed and is provided, it will be updated. You may follow the instructions provided above to generate certificates.
helm upgrade --install df-webhook-stable -n df-webhook deepfactor/webhook --reuse-values -f webhook-override.yaml
Uninstall Deepfactor Webhook
helm uninstall df-webhook-stable -n df-webhook
Comments
0 comments
Please sign in to leave a comment.