Set up Agent Operator with Helm charts
Helm is a package manager for Kubernetes that helps manage Kubernetes applications. Helm uses charts to configure, install, and upgrade Kubernetes Operators. This is the recommended method of installation.
Before you begin
Make sure you have everything you need before you start:
Steps
Run these Helm commands:
helm repo add contrast https://contrastsecurity.dev/helm-charts helm repo update contrast helm show values contrast/contrast-agent-operator > contrast-agent-operator.yaml
Add agent keys to the
clusterDefaults
section of the YAML file. You will also need to set theenabled:
property totrue
.clusterDefaults: enabled: true url: YOUR_CONTRAST_URL apiKeyValue: YOUR_API_KEY serviceKeyValue: YOUR_AGENT_SERVICE_KEY userNameValue: YOUR_AGENT_USERNAME yaml: |- enable: true
Run this Helm command:
helm upgrade --install -f contrast-agent-operator.yaml contrast-agent-operator contrast/contrast-agent-operator
The Helm notes include details on the labels to apply to your workloads, as shown in this example:
Release "contrast-agent-operator" has been upgraded. Happy Helming! NAME: contrast-agent-operator LAST DEPLOYED: Tue Jul 2 12:04:40 2024 NAMESPACE: default STATUS: deployed REVISION: 4 TEST SUITE: None NOTES: contrast-agent-operator version 1.4.0 deployed! ✅ 6 injectors have been deployed to namespace: default To use with your workloads: contrast-java-injector (java): ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=java contrast-dotnet-core-injector (dotnet-core): ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=dotnet-core contrast-nodejs-injector (nodejs): ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=nodejs contrast-nodejs-esm-injector (nodejs-esm): ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=nodejs-esm contrast-php-injector (php): ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=php contrast-python-injector (python): ⎈ kubectl label deployment/<your_deployment_name> contrast-agent=python ✅ Cluster agent defaults deployed 👀 To watch the operator logs: ⎈ kubectl logs -f -l app.kubernetes.io/part-of=contrast-agent-operator --namespace contrast-agent-operator 📄 More documentation: https://docs.contrastsecurity.com/en/agent-operator.html 🙋 Get support: https://support.contrastsecurity.com / support@contrastsecurity.com
Label your deployments by using the values from the table.
Tip
Run the
kubectl get deployments
command to also find the deployment names.Example commands for labeling a deployment:
Run:
kubectl get deployments
Get an output (for example):
NAME READY UP-TO-DATE AVAILABLE AGE app1-deployment 0/3 0 0 1s
Then run the following command:
kubectl label deployment app1-deployment contrast-agent=java