A collection of helm charts for Host-Attestation Usecase
Below steps guide in the process for installing isecl-helm charts on a kubernetes cluster.
-
Non Managed Kubernetes Cluster up and running
-
Helm 3 installed
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh
-
For building container images Refer here for instructions
-
Setup NFS, Refer instructions for setting up and configuring NFS Server
| Kubernetes | Details |
|---|---|
| Cluster OS | RedHat Enterprise Linux 8.x Ubuntu 20.04 |
| Distributions | Any non-managed K8s cluster |
| Versions | v1.23 |
| Storage | NFS |
| Container Runtime | CRI-O |
| Use case | Helm Charts |
|---|---|
| Host Attestation - Containers | cms aas hvs ta nats(optional) |
- Add the chart repository
helm repo add isecl-helm https://intel-secl.github.io/helm-charts
helm repo update- To find list of available charts
helm search repo --versionsSome assumptions before updating the values.yaml are as follows:
- The images are built on the build machine and images are pushed to a registry tagged with
release_version(e.g:v5.1.0) as version for each image - The NFS server setup is done either using sample script instructions or by the user itself
- The K8s non-managed cluster is up and running
- Helm 3 is installed
The helm chart support Nodeports for services to support ingress model, enable the ingress by setting the value ingress enabled to true in values.yaml file.
Update the hvsUrl, cmsUrl and aasUrl under global section according to the configured model.
e.g For ingress. hvsUrl: https://hvs.isecl.com/hvs/v2
For Nodeport, hvsUrl: https://<controlplane-hostname/IP>:30443/hvs/v2
export VERSION=5.1.0
helm pull isecl-helm/Host-Attestation --version $VERSION && tar -xzf Host-Attestation-$VERSION.tgz Host-Attestation/values.yaml
helm install <helm release name> isecl-helm/Host-Attestation --version $VERSION -f Host-Attestation/values.yaml --create-namespace -n <namespace>Note: If using a separate .kubeconfig file, ensure to provide the path using
--kubeconfig <.kubeconfig path>
- Refer instructions for running service specific setup tasks
To uninstall a chart
helm uninstall <release-name> -n <namespace>To list all the helm chart deployments
helm list -ACleanup steps that needs to be done for a fresh deployment
- Uninstall all the chart deployments.
- Cleanup the data at NFS mount and trustagent data mount on each nodes (/etc/trustagent, /var/log/trustagent)
- Remove all objects(secrets, rbac, clusterrole, service account) related namespace related to deployment
kubectl delete ns <namespace>.
Note:
Before redeploying any of the chart please check the pv and pvc of corresponding deployments are removed. Suppose
if you want to redeploy aas, make sure that aas-logs-pv, aas-logs-pvc, aas-config-pv, aas-config-pvc, aas-db-pv, aas-db-pvc, aas-base-pvc are removed successfully.
Command: ```kubectl get pvc -n <namespace>``` && ```kubectl get pv -n <namespace>```