Skip to content

Latest commit

 

History

History
51 lines (46 loc) · 2.85 KB

README.md

File metadata and controls

51 lines (46 loc) · 2.85 KB
Raw

Cloud Native Security Inspector (Project Narrows) Helm Chart

Cloud Native Security Inspector is an open source cloud native runtime security tool. It allows end users to assess the security posture of Kubernetes clusters at runtime. This project will add dynamic scanning giving Security Auditors greater awareness and control of running workloads.

Requirements

  • Kubernetes >= 1.24
  • Helm >= 2.17.0
  • We recommend you to have 8 GiB of memory available for this deployment, or at least 4 GiB for the minimum requirement. Else, the deployment is expected to fail.
  • You need to have the full access of the K8s cluster, because clusterRoleBinding will be created by the chart.

Installing

$ helm install [release-name] oci://projects.registry.vmware.com/cnsi/cnsi --version 0.3.0 -n [namespace] --create-namespace

# Alternatively, you can install CNSI using the Helm chart in local directory as well
$ helm install [release-name] src/tools/deployments/charts/cnsi -n [namespace] --create-namespace

Uninstalling

$ helm uninstall [release-name] -n [namespace]

This will not delete CRD generated by narrows on the fly. You can get and delete CRD manually using below commands:

$ kubectl get crd
$ kubectl delete crd inspectionpolicies.goharbor.goharbor.io settings.goharbor.goharbor.io

Also you need to delete the cronJobs and daemonSets generated in the workspace you defined in the policy. The quickest way is to delete the workspace directly:

kubectl delete ns <the_workspace_in_policy>

Configuration

You can specify your own image registry and image tag to install.

$ helm install [release-name] src/tools/deployments/charts/cnsi/ --set image.repository="your-own-repository" --set image.tag="latest"

If you'd like to install Cloud Native Security Inspector without OpenSearch:

$ helm install [release-name] src/tools/deployments/charts/cnsi/ --set opensearch.enabled=false
Parameter Description Default
image.repository The repository to pull images projects.registry.vmware.com/cnsi
image.tag The tags of the images 0.3
image.pullPolicy The image pull policy in Kubernetes IfNotPresent
opensearch.enabled Flag to indicate if OpenSearch will be installed along with Cloud Native Security Inspector true