This document describes the steps needed to install Deepfactor mutating admission webhook in your Kubernetes cluster using Argo CD. This document assume that you have a Kubernetes cluster deployed using Argo CD. If you have not yet created one, please refer to the following article to create one
https://argo-cd.readthedocs.io/en/stable/
1. Install cert manager #
If you have already installed cert manager in your K8s cluster, you can skip this step. Create a yaml file (cert-manager.yaml) with the following contents.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
spec:
destination:
namespace: cert-manager
server: https://kubernetes.default.svc
project: default
source:
chart: cert-manager
helm:
parameters:
- name: installCRDs
value: "true"
repoURL: https://charts.jetstack.io
targetRevision: v1.8.0
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
Run the following command to install
kubectl apply -f ./cert-manager.yaml
2. Install Deepfactor mutating admission webhook #
Create a yaml file (df-webhook.yaml) with the following contents.
Note: The webhookconfig shown below is only an example. For guidance on how to create a webhookconfig for your environment, please refer to the following document
Configure Deepfactor Mutating Webhook
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: deepfactor-webhook
namespace: argocd
spec:
destination:
namespace: df-webhook
server: https://kubernetes.default.svc
project: default
source:
chart: webhook
helm:
parameters:
- name: webhook.certManager.enabled
value: "true"
- name: webhookconfig.dfRunToken
value: tokenFromMyDeepfactorPortal # retrieve from Deepfactor portal UI
- name: validation.enabled
value: "true"
- name: clusterName
value: clusterNameOfYourChoice # provide a name for your cluster
repoURL: https://static.deepfactor.io/helm-charts
targetRevision:
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
Run the following command to install Deepfactor webhook
kubectl apply -f ./df-webhook.yaml