This chart bootstraps an Unguard deployment on a Kubernetes cluster using the Helm package manager.
Warning
Unguard is insecure by design and a careless installation will leave you exposed to severe security vulnerabilities. Make sure to restrict access and/or run it in a sandboxed environment.
Note: This chart presumes an already running MariaDB database in the cluster. The default naming requirement is
unguard-mariadb.
To install the chart with the release name unguard in a new namespace unguard with an unguard-mariadb MariaDB instance:
-
Add the bitnami repository for the MariaDB dependency
helm repo add bitnami https://charts.bitnami.com/bitnami
-
Install MariaDB
Note: The default release-name of the database installation is
unguard-mariadb. If you want to change this you also have to adopt themariaDB.serviceNamevalue.helm install unguard-mariadb bitnami/mariadb --set primary.persistence.enabled=false --wait --namespace unguard --create-namespace
Note:
The--waitflag waits for the installation to be completed
--namespace unguardspecifiers the desired namespace
--create-namespacecreates the namespace if it doesn't exist
For more details see the Helm documentation -
Install Unguard
Note:
The default configuration is for deployment on a local cluster!
To deploy to an EKS cluster append:--set localDev.enabled=false,aws.enabled=true-
Using the remote chart from GitHub
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --wait --namespace unguard --create-namespace
-
Using the local chart
helm install unguard ./chart --wait --namespace unguard --create-namespace
-
These commands deploy Unguard in the default configuration.
Tip: List all releases using
helm list
To uninstall/delete the unguard deployment:
helm uninstall unguard -n unguardTo also uninstall the MariaDB deployment:
helm uninstall unguard-mariadb -n unguardThe command removes all the Kubernetes components associated with the chart and deletes the release.
To install Unguard in a specific version provide the --version flag with the version you want to install:
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --version 0.8.1| Name | Description | Default Value |
|---|---|---|
localDev.enabled |
Creates an Ingress and configures it for local (minikube/kind) deployment | true |
aws.enabled |
Creates an Ingress and configures it for AWS EKS cluster deployment | false |
tracing.enabled |
Activates tracing in services | false |
maliciousLoadGenerator.enabled |
Deploys the malicious load generator | false |
mariaDB.serviceName |
Expected release-name of the MariaDB installation by Unguard | unguard-mariadb |
Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --set mariaDB.serviceName=mariadbThe above command changes the MariaDB installation release-name to mariadb.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
helm install unguard -f aws.yaml oci://ghcr.io/dynatrace-oss/unguard/chart/unguardThe above command applies the values from aws.yaml which creates and configures an ingress for EKS deployment.
Tip: You can use the default values.yaml
To enable tracing, provide the YAML file tracing.yaml during installation. Unguard is configured for Jaeger tracing.
To also install Jaeger tracing follow the TRACING guide.
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard -f ./chart/tracing.yamlCopyright 2023 Dynatrace LLC
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.