Skip to main content

Set up Agent Operator with Helm charts

Helm is a package manager for Kubernetes that helps manage Kubernetes applications. Helm uses charts to configure, install, and upgrade Kubernetes Operators. This is the recommended method of installation.

Before you begin

Make sure you have everything you need before you start:

Steps

  1. Run these Helm commands:

    helm repo add contrast https://contrastsecurity.dev/helm-charts
helm repo update contrast
helm show values contrast/contrast-agent-operator > contrast-agent-operator.yaml

  2. Add agent keys to the clusterDefaults section of the YAML file. You will also need to set the enabled: property to true.

    clusterDefaults:
  enabled: true
  url: YOUR_CONTRAST_URL
  apiKeyValue: YOUR_API_KEY
  serviceKeyValue: YOUR_AGENT_SERVICE_KEY
  userNameValue: YOUR_AGENT_USERNAME
  yaml: |-
    enable: true

  3. Run this Helm command:

    helm upgrade --install -f contrast-agent-operator.yaml contrast-agent-operator contrast/contrast-agent-operator

    The Helm notes include details on the labels to apply to your workloads, as shown in this example:

    Release "contrast-agent-operator" has been upgraded. Happy Helming!
NAME: contrast-agent-operator
LAST DEPLOYED: Tue Jul  2 12:04:40 2024
NAMESPACE: default
STATUS: deployed
REVISION: 4
TEST SUITE: None
NOTES:
contrast-agent-operator version 1.4.0 deployed!
✅ 6 injectors have been deployed to namespace: default
  To use with your workloads:

  contrast-java-injector (java):
    ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=java

  contrast-dotnet-core-injector (dotnet-core):
    ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=dotnet-core

  contrast-nodejs-injector (nodejs):
    ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=nodejs

  contrast-nodejs-esm-injector (nodejs-esm):
    ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=nodejs-esm

  contrast-php-injector (php):
    ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=php

  contrast-python-injector (python):
    ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=python


✅ Cluster agent defaults deployed

👀 To watch the operator logs:
    ⎈ kubectl logs -f -l app.kubernetes.io/part-of=contrast-agent-operator --namespace contrast-agent-operator

📄 More documentation: https://docs.contrastsecurity.com/en/agent-operator.html

🙋 Get support: https://support.contrastsecurity.com / support@contrastsecurity.com

  4. Label your deployments by using the values from the table.

    Tip

    Run the kubectl get deployments command to also find the deployment names.

    Example commands for labeling a deployment:

    Run:

    kubectl get deployments

    Get an output (for example):

    NAME                READY   UP-TO-DATE   AVAILABLE   AGE
app1-deployment     0/3     0            0           1s

    Then run the following command:

    kubectl label deployment app1-deployment contrast-agent=java

    The default configuration from the YAML file deploys AgentInjectors only to the default namespace. If you use other namespaces, you can add them to the agentInjectors.namespaces array in the YAML file.

    The following example shows how you might configure the agentInjectors.namespaces array:

    agentInjectors:
  enabled: true
  # Required. All injectors will be created in each specified namespace.
  lookupNamespaces:
    # If enabled, Helm will lookup namespaces and deploy AgentInjectors to any accessible namespaces.
    deployToAllAccessibleNamespaces: true
    # List of namespace patterns to exclude deploying AgentInjectors to only when looking up namespaces.
    excludePatterns:
      - gatekeeper*
      - kube*
  # Required if lookupNamespaces.deployToAllAccessibleNamespaces is not enabled. All injectors will be created in each specified namespace.
  namespaces:
    - default
  injectors:
    ...
In this section: