adampielak · December 3, 2025 11:16
diff --git a/kubefence-helm-install.sh b/kubefence-helm-install.sh
 #!/bin/bash
 # KubeFence Helm Installation Script
 # Deploys KubeFence as DaemonSet on K3s control plane nodes
 # Tested on K3s 1.28.6, Ubuntu 24.04

 set -euo pipefail

 NAMESPACE="kubefence-system"
 RELEASE_NAME="kubefence"
 CHART_VERSION="0.1.0"

 echo "==> Installing KubeFence on K3s cluster"

 # Create namespace
 kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -

 # Add KubeFence Helm repository
 helm repo add kubefence https://dessertlab.github.io/kubefence/
 helm repo update

 # Install cert-manager for certificate handling
 kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml

 # Wait for cert-manager to be ready
 echo "==> Waiting for cert-manager..."
 kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=cert-manager -n cert-manager --timeout=300s

 # Install KubeFence with custom values
 helm upgrade --install ${RELEASE_NAME} kubefence/kubefence \
  --namespace ${NAMESPACE} \
  --version ${CHART_VERSION} \
  --set mitmproxy.image.tag=10.2.2 \
  --set mitmproxy.resources.requests.cpu=100m \
  --set mitmproxy.resources.requests.memory=256Mi \
  --set mitmproxy.resources.limits.cpu=500m \
  --set mitmproxy.resources.limits.memory=512Mi \
  --set policyEngine.logLevel=info \
  --set nodeSelector."node-role\.kubernetes\.io/control-plane"="" \
  --wait \
  --timeout 10m

 # Verify deployment
 echo "==> Verifying KubeFence deployment..."
 kubectl get daemonset -n ${NAMESPACE}
 kubectl get pods -n ${NAMESPACE}

 # Create ConfigMap for policies
 kubectl create configmap kubefence-policies \
  --from-file=policies/ \
  -n ${NAMESPACE} \
  --dry-run=client -o yaml | kubectl apply -f -

 echo "==> KubeFence installation complete"
 echo "Next steps:"
 echo "1. Generate policies: python3 kubefence-policy-generator.py"
 echo "2. Apply policies: kubectl apply -f policies/"
 echo "3. Test: kubectl logs <pod> (should be blocked if policy restricts)"
	#!/bin/bash
	# KubeFence Helm Installation Script
	# Deploys KubeFence as DaemonSet on K3s control plane nodes
	# Tested on K3s 1.28.6, Ubuntu 24.04

	set -euo pipefail

	NAMESPACE="kubefence-system"
	RELEASE_NAME="kubefence"
	CHART_VERSION="0.1.0"

	echo "==> Installing KubeFence on K3s cluster"

	# Create namespace
	kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml \| kubectl apply -f -

	# Add KubeFence Helm repository
	helm repo add kubefence https://dessertlab.github.io/kubefence/
	helm repo update

	# Install cert-manager for certificate handling
	kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml

	# Wait for cert-manager to be ready
	echo "==> Waiting for cert-manager..."
	kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=cert-manager -n cert-manager --timeout=300s

	# Install KubeFence with custom values
	helm upgrade --install ${RELEASE_NAME} kubefence/kubefence \
	--namespace ${NAMESPACE} \
	--version ${CHART_VERSION} \
	--set mitmproxy.image.tag=10.2.2 \
	--set mitmproxy.resources.requests.cpu=100m \
	--set mitmproxy.resources.requests.memory=256Mi \
	--set mitmproxy.resources.limits.cpu=500m \
	--set mitmproxy.resources.limits.memory=512Mi \
	--set policyEngine.logLevel=info \
	--set nodeSelector."node-role\.kubernetes\.io/control-plane"="" \
	--wait \
	--timeout 10m

	# Verify deployment
	echo "==> Verifying KubeFence deployment..."
	kubectl get daemonset -n ${NAMESPACE}
	kubectl get pods -n ${NAMESPACE}

	# Create ConfigMap for policies
	kubectl create configmap kubefence-policies \
	--from-file=policies/ \
	-n ${NAMESPACE} \
	--dry-run=client -o yaml \| kubectl apply -f -

	echo "==> KubeFence installation complete"
	echo "Next steps:"
	echo "1. Generate policies: python3 kubefence-policy-generator.py"
	echo "2. Apply policies: kubectl apply -f policies/"
	echo "3. Test: kubectl logs <pod> (should be blocked if policy restricts)"
No results found