Installation

Installation Guide

To start with, your local helm will need to login to the OX Registry using the credentials supplied by Open-Xchange:

helm registry login registry.open-xchange.com --username=<OX supplied username> --password-stdin

Now you're almost ready to install the chart. However, since the chart needs to pull images from the OX registry, if you try to install the chart with default values, the install will fail. Therefore, at a minimum you will need to supply a file with credentials to access the OX registry.

An example file creds.yml is shown below:

registrySecrets:
  registry: registry.open-xchange.com
  email: foo@foo.com
  username:  <username supplied by OX>
  password: <password supplied by OX>

Optional you can use existing image pull secrets that have been created in Kubernetes, to avoid putting the secrets into the YAML file, in which case creds.yml might look like:

global:
  imagePullSecretsList:
    - secretName1
    - secretName2

Note that the secrets must be created in the same namespace as the Helm Chart.

There are several ways to install the chart. To install it directly from the repo, use the following command:

helm install wforce oci://registry.open-xchange.com/abuseshield/wforce-cc --version <helm chart version> -n <namespace> --values creds.yml --create-namespace

Replace the Helm Chart Version with the latest version of the Abuse Shield Helm Chart, e.g. 2.10.0.

The --create-namespace flag is optional, but usually required if the name you are using is new.

You can also choose to download the entire chart to a local directory first, and install from there. To do this, you need to pull the chart::

helm pull oci://registry.open-xchange.com/abuseshield/wforce-cc --version <helm chart version> --untar

This will install the chart into the current directory, in this case ./wforce-cc. Then you can install the chart from that directory::

helm install wforce ./wforce-cc -n <namespace> --values creds.yml --create-namespace

In both cases, the chart will be installed with default values for the wforce configuration, which is probably not what you want, particularly for the wforce policy. The following file override.yaml overrides the number of replicas for wforce (from 1 to 2), and sets the webserver password (by default a password is chosen at random).

wforce:
  configSecrets:
    webserver:
      password: secret
  config:
    replicaCount: 2

This is installed using the following command (installing from a local directory):

helm install wforce ./wforce-cc --values creds.yml --values override.yml -n <namespace>

Another typical flag to Helm install will be to override the wforce.LuaConfig value, which is used to provide the Lua policy to wforce. Note that you should not include any configuration directives in the file that can be managed from Helm (for example siblingListener()), rather it should be used for policy management only. If you are using the wforce-policy framework, this will be the case anyway.

An example of installation specifying a configuration file for wforce:

helm install wforce abuseshield/wforce --values creds.yml --values override.yml --set-file "wforce.luaConfig=wforce.conf" -n <namespace>

Where wforce.conf is a Lua file that contains for example (this is an example that uses the built-in policy framework, initializing with the defaults):

-- Initialise the default policy with no changes
config = require("config.wforce_config")
config.initConfig({})