Installation Guide
To start with, your local helm will need to login to the OX Registry using the credentials supplied by Open-Xchange:
helm registry login registry.open-xchange.com --username=<OX supplied username> --password-stdin
Now you're almost ready to install the chart. However, since the chart needs to pull images from the OX registry, if you try to install the chart with default values, the install will fail. Therefore, at a minimum you will need to supply a file with credentials to access the OX registry.
An example file creds.yml
is shown below:
registrySecrets:
registry: registry.open-xchange.com
email: foo@foo.com
username: <username supplied by OX>
password: <password supplied by OX>
Optional you can use existing image pull secrets that have been created in Kubernetes, to avoid putting the secrets
into the YAML file, in which case creds.yml
might look like:
global:
imagePullSecretsList:
- secretName1
- secretName2
Note that the secrets must be created in the same namespace as the Helm Chart.
There are several ways to install the chart. To install it directly from the repo, use the following command:
helm install wforce oci://registry.open-xchange.com/abuseshield/wforce-cc --version <helm chart version> -n <namespace> --values creds.yml --create-namespace
Replace the Helm Chart Version with the latest version of the Abuse Shield Helm Chart, e.g. 2.10.0
.
The --create-namespace
flag is optional, but usually required if the name you are using is new.
You can also choose to download the entire chart to a local directory first, and install from there. To do this, you need to pull the chart::
helm pull oci://registry.open-xchange.com/abuseshield/wforce-cc --version <helm chart version> --untar
This will install the chart into the current directory, in this case ./wforce-cc. Then you can install the chart from that directory::
helm install wforce ./wforce-cc -n <namespace> --values creds.yml --create-namespace
In both cases, the chart will be installed with default values for the wforce configuration, which is probably
not what you want, particularly for the wforce policy. The following file override.yaml
overrides the number
of replicas for wforce (from 1 to 2), and sets the webserver password (by default a password is chosen at random).
wforce:
configSecrets:
webserver:
password: secret
config:
replicaCount: 2
This is installed using the following command (installing from a local directory):
helm install wforce ./wforce-cc --values creds.yml --values override.yml -n <namespace>
Another typical flag to Helm install will be to override the wforce.LuaConfig
value, which is
used to provide the Lua policy to wforce. Note that you should not include any configuration
directives in the file that can be managed from Helm (for example siblingListener()
), rather it should be used for policy
management only. If you are using the wforce-policy framework, this will be the case anyway.
An example of installation specifying a configuration file for wforce:
helm install wforce abuseshield/wforce --values creds.yml --values override.yml --set-file "wforce.luaConfig=wforce.conf" -n <namespace>
Where wforce.conf is a Lua file that contains for example (this is an example that uses the built-in policy framework, initializing with the defaults):
-- Initialise the default policy with no changes
config = require("config.wforce_config")
config.initConfig({})