Skip to content

Commit

Permalink
CHG: Sync Artifacts - 4.3.2
Browse files Browse the repository at this point in the history
  • Loading branch information
airlockgithubci committed Aug 29, 2024
1 parent ac4087b commit de09e89
Show file tree
Hide file tree
Showing 29 changed files with 114 additions and 89 deletions.
26 changes: 13 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ Modern application security is embedded in the development workflow and follows
* Reverse proxy functionality with request routing rules, TLS termination and remote IP extraction
* Using native Envoy HTTP filters like Lua scripting, RBAC, ext_authz, JWT authentication
* Content security filters for protecting against known attacks (OWASP Top 10)
* Access control to allow only authenticated users to access the protected services
* API security features like JSON parsing or OpenAPI specification enforcement
* Access control using OpenID Connect to allow only authenticated users to access the protected services
* API security features like JSON parsing, OpenAPI specification enforcement or GraphQL schema validation

For a list of all features, view the **[comparison of the community and premium edition](https://docs.airlock.com/microgateway/latest/#data/1675772882054.html)**.
## Labs
Expand Down Expand Up @@ -69,33 +69,33 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag
> **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni).
```bash
# Standard setup
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
```
```bash
# GKE setup
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/gke-values.yaml
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/gke-values.yaml
kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
```
```bash
# OpenShift setup
helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/openshift-values.yaml
helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/openshift-values.yaml
kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
```
**Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details).

2. (Recommended) You can verify the correctness of the installation with `helm test`.
```bash
# Standard and GKE setup
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
helm test airlock-microgateway-cni -n kube-system --logs
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
```
```bash
# OpenShift setup
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
helm test airlock-microgateway-cni -n openshift-operators --logs
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
```

Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error.
Expand All @@ -113,22 +113,22 @@ helm install cert-manager jetstack/cert-manager --version '1.15.1' -n cert-manag
kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt
# Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades)
helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.1' --wait
helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.3.2' --wait
```

2. (Recommended) You can verify the correctness of the installation with `helm test`.
```bash
helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.1'
helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.2'
helm test airlock-microgateway -n airlock-microgateway-system --logs
helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.1'
helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.3.2'
```

### Upgrading CRDs

The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster.
CRDs should instead be manually upgraded before upgrading the Operator itself via the following command:
```bash
kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.1 --server-side --force-conflicts
kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.3.2 --server-side --force-conflicts
```

**Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts.
Expand Down
4 changes: 2 additions & 2 deletions deploy/charts/airlock-microgateway-cni/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ name: microgateway-cni
description: A Helm chart for deploying the Airlock Microgateway CNI plugin
type: application
home: https://www.airlock.com/en/microgateway
version: "4.3.1"
appVersion: "4.3.1"
version: "4.3.2"
appVersion: "4.3.2"
annotations:
charts.openshift.io/name: Airlock Microgateway CNI
artifacthub.io/category: security
Expand Down
26 changes: 13 additions & 13 deletions deploy/charts/airlock-microgateway-cni/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Airlock Microgateway CNI

![Version: 4.3.1](https://img.shields.io/badge/Version-4.3.1-informational?style=flat-square) ![AppVersion: 4.3.1](https://img.shields.io/badge/AppVersion-4.3.1-informational?style=flat-square)
![Version: 4.3.2](https://img.shields.io/badge/Version-4.3.2-informational?style=flat-square) ![AppVersion: 4.3.2](https://img.shields.io/badge/AppVersion-4.3.2-informational?style=flat-square)

*Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.*

Expand All @@ -13,15 +13,15 @@
</picture>

Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway is the perfect fit for these requirements. It is a lightweight alternative to the Airlock Gateway appliance, optimized for Kubernetes environments. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability.
__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.1).__
__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.3.2).__

### Features
* Kubernetes native integration with its Operator, Custom Resource Definitions, hot-reload, automatic sidecar injection.
* Reverse proxy functionality with request routing rules, TLS termination and remote IP extraction
* Using native Envoy HTTP filters like Lua scripting, RBAC, ext_authz, JWT authentication
* Content security filters for protecting against known attacks (OWASP Top 10)
* Access control to allow only authenticated users to access the protected services
* API security features like JSON parsing or OpenAPI specification enforcement
* Access control using OpenID Connect to allow only authenticated users to access the protected services
* API security features like JSON parsing, OpenAPI specification enforcement or GraphQL schema validation

For a list of all features, view the **[comparison of the community and premium edition](https://docs.airlock.com/microgateway/latest/#data/1675772882054.html)**.

Expand All @@ -47,33 +47,33 @@ The instructions below provide a quick start guide. Detailed information are pro
> **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni).
```bash
# Standard setup
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
```
```bash
# GKE setup
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/gke-values.yaml
helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/gke-values.yaml
kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
```
```bash
# OpenShift setup
helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.1/deploy/charts/airlock-microgateway-cni/openshift-values.yaml
helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.3.2/deploy/charts/airlock-microgateway-cni/openshift-values.yaml
kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni
```
**Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details).

2. (Recommended) You can verify the correctness of the installation with `helm test`.
```bash
# Standard and GKE setup
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
helm test airlock-microgateway-cni -n kube-system --logs
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
```
```bash
# OpenShift setup
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
helm test airlock-microgateway-cni -n openshift-operators --logs
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.1'
helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.3.2'
```

Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error.
Expand All @@ -98,10 +98,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a
| config.installMode | string | `"chained"` | Whether to install the CNI plugin as a `chained` plugin (default, required with most interface CNI providers), as a `standalone` plugin (required for use with Multus CNI, e.g. on OpenShift) or in `manual` mode, where no CNI network configuration is written. |
| config.logLevel | string | `"info"` | Log level for the CNI installer and plugin. |
| fullnameOverride | string | `""` | Allows overriding the name to use as full name of resources. |
| image.digest | string | `"sha256:bdd216c8a8c56a0eee0134f67772cbd75358640a0685cf5d71add653abb2c53b"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. |
| image.digest | string | `"sha256:ed5ec546a65f0ae0bc3e058aafc1d2aa4848996b9f415fe6232486934443b460"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. |
| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. |
| image.repository | string | `"quay.io/airlock/microgateway-cni"` | Image repository from which to pull the Airlock Microgateway CNI image. |
| image.tag | string | `"4.3.1"` | Image tag to pull. |
| image.tag | string | `"4.3.2"` | Image tag to pull. |
| imagePullSecrets | list | `[]` | ImagePullSecrets to use when pulling images. |
| multusNetworkAttachmentDefinition.create | bool | `false` | Whether a NetworkAttachmentDefinition CR should be created, which can be used for applying the CNI plugin to Pods. |
| multusNetworkAttachmentDefinition.namespace | string | `"default"` | Namespace in which the NetworkAttachmentDefinition is deployed. Note: If namespace is set to a custom value, referencing the created NetworkAttachmentDefinition from other namespaces may not work if Multus namespace isolation is enabled. https://github.com/k8snetworkplumbingwg/multus-cni/blob/v4.0.2/docs/configuration.md#namespace-isolation |
Expand Down
14 changes: 13 additions & 1 deletion deploy/charts/airlock-microgateway-cni/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,15 @@
Thank you for installing Airlock Microgateway CNI.

For further information, please visit our documentation at https://docs.airlock.com/microgateway/{{ include "airlock-microgateway-cni.docsVersion" .}}.
Please ensure that the helm values'.config.cniNetDir' and '.config.cniBinDir' are configured for your Kubernetes distribution.
For further information, consider our manual https://docs.airlock.com/microgateway/{{ include "airlock-microgateway-cni.docsVersion" . }}.
The chapter 'Setup > Installation' describes how to set those settings correctly.

Further information:
* Documentation: https://docs.airlock.com/microgateway/{{ include "airlock-microgateway-cni.docsVersion" . }}
* Airlock Microgateway Labs: https://play.instruqt.com/airlock/invite/hyi9fy4b4jzc?icp_referrer=helm

Next steps:
* Install Airlock Microgateway (if not done already)
https://artifacthub.io/packages/helm/airlock-microgateway/microgateway

Your release version is {{ .Chart.Version }}.
4 changes: 2 additions & 2 deletions deploy/charts/airlock-microgateway-cni/tests/notes_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ tests:
appVersion: dev
asserts: &latestDoc
- matchRegexRaw:
pattern: ".*please visit our documentation at https://docs.airlock.com/microgateway/latest\\..*"
pattern: ".*Documentation: https://docs.airlock.com/microgateway/latest.*"
- it: prerelease chart should describe latest doc links
chart:
appVersion: 4.2.0-ci
Expand All @@ -17,4 +17,4 @@ tests:
appVersion: 4.2.4
asserts:
- matchRegexRaw:
pattern: ".*please visit our documentation at https://docs.airlock.com/microgateway/4.2\\..*"
pattern: ".*Documentation: https://docs.airlock.com/microgateway/4.2.*"
4 changes: 2 additions & 2 deletions deploy/charts/airlock-microgateway-cni/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ image:
# -- Image repository from which to pull the Airlock Microgateway CNI image.
repository: "quay.io/airlock/microgateway-cni"
# -- Image tag to pull.
tag: "4.3.1"
tag: "4.3.2"
# -- SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a").
# Overrides tag when specified.
digest: "sha256:bdd216c8a8c56a0eee0134f67772cbd75358640a0685cf5d71add653abb2c53b"
digest: "sha256:ed5ec546a65f0ae0bc3e058aafc1d2aa4848996b9f415fe6232486934443b460"
# -- Pull policy for this image.
pullPolicy: IfNotPresent
# -- Annotations to add to all Pods.
Expand Down
4 changes: 2 additions & 2 deletions deploy/charts/airlock-microgateway/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ name: microgateway
description: A Helm chart for deploying the Airlock Microgateway
type: application
home: https://www.airlock.com/en/microgateway
version: "4.3.1"
appVersion: "4.3.1"
version: "4.3.2"
appVersion: "4.3.2"
annotations:
charts.openshift.io/name: Airlock Microgateway
artifacthub.io/category: security
Expand Down
Loading

0 comments on commit de09e89

Please sign in to comment.