Skip to content

Commit

Permalink
feat: Generate docs from templates
Browse files Browse the repository at this point in the history
- Adds the capability to generate deployment documentation to reduce the amount of duplication
  and errors in keeping similar docs in sync.
  • Loading branch information
redhatrises committed Sep 22, 2023
1 parent c3c1b39 commit f5979fb
Show file tree
Hide file tree
Showing 50 changed files with 2,028 additions and 162 deletions.
35 changes: 35 additions & 0 deletions docs/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Kubernetes distros to include in the documentation.
DISTROS = "azure eks gke eks-fargate generic openshift"

# Create custom resource docs to include in the documentation for a specific k8s distro.
RESOURCE_DOCS = "openshift"

# Setting SHELL to bash allows bash commands to be executed by recipes.
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec

.PHONY: all
all: docs

##@ General

# The help target prints out all targets with their descriptions organized
# beneath their categories. The categories are represented by '##@' and the
# target descriptions by '##'. The awk commands is responsible for reading the
# entire set of makefiles included in this invocation, looking for lines of the
# file as xyz: ## something, and then pretty-format the target and help. Then,
# if there's a line with ##@ something, that gets pretty-printed as a category.
# More info on the usage of ANSI control characters for terminal formatting:
# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
# More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php

.PHONY: help
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

.PHONY: docs
docs: ## Build the documentation using docgen.go.
@echo "Building documentation..."
go run docgen.go -src=src/ -out=./ -include-resource-docs=$(RESOURCE_DOCS) -distros=$(DISTROS)
70 changes: 42 additions & 28 deletions docs/deployment/azure/README.md
Original file line number Diff line number Diff line change
@@ -1,33 +1,39 @@
<!--- NOTE: DO NOT EDIT! This file is auto-generated. Please update the source *.tmpl file instead --->
# Deployment Guide for Azure and AKS
This document will guide you through the installation of falcon-operator and deployment of either the:
This document will guide you through the installation of the Falcon Operator and deployment of the following resources provdied by the Falcon Operator:
- [FalconContainer](../../resources/container/README.md) custom resource to the cluster with Falcon Container image being mirrored from CrowdStrike container registry to ACR (Azure Container Registry).
- [FalconNodeSensor](../../resources/node/README.md) custom resource to the cluster.

## Prerequisites

- CrowdStrike CWP subscription
- If your are installing the CrowdStrike Sensor via the Crowdstrike API, you need to create a new CrowdStrike API key pair with the following permissions:
- Falcon Images Download: Read
- Sensor Download: Read
- CrowdStrike API Key Pair (*if installing the CrowdStrike Sensor via the CrowdStrike API*)

## Installing the operator
> If you need help creating a new API key pair, review our docs: [CrowdStrike Falcon](https://falcon.crowdstrike.com/support/api-clients-and-keys).
- Either spin up an AKS Kubernetes cluster or use one that already exists.
- Install the operator
Make sure to assign the following permissions to the key pair:
- Falcon Images Download: **Read**
- Sensor Download: **Read**

## Installing the Falcon Operator

- Set up a new Kubernetes cluster or use an existing one.

- Install the Falcon Operator by running the following command:
```sh
kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```

### Deploy the Node Sensor
### Deploying the Falcon Node Sensor

Once the operator has deployed, you can now deploy the FalconNodeSensor.
After the Falcon Operator has deployed, you can now deploy the Falcon Node Sensor:

- Deploy FalconNodeSensor through the cli using the `kubectl` command:
```sh
kubectl create -n falcon-operator -f https://raw.githubusercontent.com/crowdstrike/falcon-operator/main/config/samples/falcon_v1alpha1_falconnodesensor.yaml --edit=true
```

### Deploy the sidecar sensor
### Deploying the Falcon Container Sidecar Sensor
#### Configure ACR Registry

- Either create or use an existing ACR registry. Make sure to store the ACR registry name in an environment variable.
Expand Down Expand Up @@ -68,35 +74,43 @@ The Image push secret is used by the operator to mirror the Falcon Container sen
# TODO restore docker config from the backup
```


#### Create the FalconContainer resource

- Create new FalconContainer resource
- Create a new FalconContainer resource
```sh
kubectl create -f https://raw.githubusercontent.com/crowdstrike/falcon-operator/main/docs/deployment/azure/falconcontainer.yaml --edit=true
```



## Uninstalling

When uninstalling the operator, it is important to make sure to uninstall the deployed custom resources first *before* you uninstall the operator.
This will insure proper cleanup of the resources.
> :exclamation: It is essential to uninstall ALL of the deployed custom resources before uninstalling the Falcon Operator to ensure proper cleanup.

### Uninstall the Node Sensor
### Uninstalling the Falcon Node Sensor

- To uninstall the node sensor, simply remove the FalconNodeSensor resource.
```sh
kubectl delete falconnodesensor -A --all
```
Remove the FalconNodeSensor resource by running:

### Uninstall the Sidecar Sensor
```sh
kubectl delete falconnodesensor -A --all
```

### Uninstalling the Falcon Container Sidecar Sensor

Remove the FalconContainer resource. The operator will then uninstall the Falcon Container Sidecar Sensor from the cluster:

```sh
kubectl delete falconcontainers --all
```

### Uninstalling the Falcon Operator

Delete the Falcon Operator deployment by running:

```sh
kubectl delete -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```

- To uninstall Falcon Container, simply remove the FalconContainer resource. The operator will then uninstall the Falcon Container product from the cluster.
```sh
kubectl delete falconcontainers --all
```

### Uninstall the Operator

- To uninstall Falcon Operator, delete the deployment:
```sh
kubectl delete -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```
56 changes: 33 additions & 23 deletions docs/deployment/eks-fargate/README.md
Original file line number Diff line number Diff line change
@@ -1,31 +1,37 @@
<!--- NOTE: DO NOT EDIT! This file is auto-generated. Please update the source *.tmpl file instead --->
# Deployment Guide for EKS Fargate and ECR
This document will guide you through the installation of falcon-operator and deployment of either the:
This document will guide you through the installation of the Falcon Operator and deployment of the following resources provdied by the Falcon Operator:
- [FalconContainer](../../resources/container/README.md) custom resource to the cluster with Falcon Container image being mirrored from CrowdStrike container registry to ECR (Elastic Container Registry). A new AWS IAM Policy will be created to allow the opeator to push to ECR registry.

## Prerequisites

- CrowdStrike CWP subscription
- If your are installing the CrowdStrike Sensor via the Crowdstrike API, you need to create a new CrowdStrike API key pair with the following permissions:
- Falcon Images Download: Read
- Sensor Download: Read
- CrowdStrike API Key Pair (*if installing the CrowdStrike Sensor via the CrowdStrike API*)

## Installing the operator
> If you need help creating a new API key pair, review our docs: [CrowdStrike Falcon](https://falcon.crowdstrike.com/support/api-clients-and-keys).
- Create an EKS Fargate profile for the operator:
Make sure to assign the following permissions to the key pair:
- Falcon Images Download: **Read**
- Sensor Download: **Read**

## Installing the Falcon Operator

- Set up a new Kubernetes cluster or use an existing one.- Create an EKS Fargate profile for the operator:
```sh
eksctl create fargateprofile \
--region "$AWS_REGION" \
--cluster eks-fargate-cluster \
--name fp-falcon-operator \
--namespace falcon-operator
```
- Install the operator

- Install the Falcon Operator by running the following command:
```sh
kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```

### Deploy the sidecar sensor
### Deploying the Falcon Container Sidecar Sensor

#### Create the FalconContainer resource

- Create an EKS Fargate profile for the FalconContainer resource deployment:
Expand All @@ -41,26 +47,29 @@ This document will guide you through the installation of falcon-operator and dep
```sh
kubectl create -f https://raw.githubusercontent.com/crowdstrike/falcon-operator/main/docs/deployment/eks/falconcontainer.yaml --edit=true
```




## Uninstalling

When uninstalling the operator, it is important to make sure to uninstall the deployed custom resources first *before* you uninstall the operator.
This will insure proper cleanup of the resources.
> :exclamation: It is essential to uninstall ALL of the deployed custom resources before uninstalling the Falcon Operator to ensure proper cleanup.

### Uninstall the Sidecar Sensor
### Uninstalling the Falcon Container Sidecar Sensor

- To uninstall Falcon Container, simply remove the FalconContainer resource. The operator will then uninstall the Falcon Container product from the cluster.
```sh
kubectl delete falconcontainers --all
```
Remove the FalconContainer resource. The operator will then uninstall the Falcon Container Sidecar Sensor from the cluster:

### Uninstall the Operator
```sh
kubectl delete falconcontainers --all
```

### Uninstalling the Falcon Operator

Delete the Falcon Operator deployment by running:

```sh
kubectl delete -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```

- To uninstall Falcon Operator, delete the deployment:
```sh
kubectl delete -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```

## Configuring IAM Role to allow ECR Access on EKS Fargate

When the Falcon Container Injector is installed on EKS Fargate, the following error message may appear in the injector logs:
Expand Down Expand Up @@ -163,3 +172,4 @@ Using `aws`, `eksctl`, and `kubectl` command-line tools, perform the following s
```sh
kubectl create -f ./my-falcon-container.yaml
```
11 changes: 11 additions & 0 deletions docs/deployment/eks-fargate/falconcontainer.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: falcon.crowdstrike.com/v1alpha1
kind: FalconContainer
metadata:
name: default
spec:
falcon_api:
client_id: PLEASE_FILL_IN
client_secret: PLEASE_FILL_IN
cloud_region: autodiscover
registry:
type: ecr
69 changes: 41 additions & 28 deletions docs/deployment/eks/README.md
Original file line number Diff line number Diff line change
@@ -1,18 +1,24 @@
<!--- NOTE: DO NOT EDIT! This file is auto-generated. Please update the source *.tmpl file instead --->
# Deployment Guide for EKS and ECR
This document will guide you through the installation of falcon-operator and deployment of either the:
This document will guide you through the installation of the Falcon Operator and deployment of the following resources provdied by the Falcon Operator:
- [FalconContainer](../../resources/container/README.md) custom resource to the cluster with Falcon Container image being mirrored from CrowdStrike container registry to ECR (Elastic Container Registry). A new AWS IAM Policy will be created to allow the opeator to push to ECR registry.
- [FalconNodeSensor](../../resources/node/README.md) custom resource to the cluster.

## Prerequisites

- CrowdStrike CWP subscription
- If your are installing the CrowdStrike Sensor via the Crowdstrike API, you need to create a new CrowdStrike API key pair with the following permissions:
- Falcon Images Download: Read
- Sensor Download: Read
- CrowdStrike API Key Pair (*if installing the CrowdStrike Sensor via the CrowdStrike API*)

## Installing the operator
> If you need help creating a new API key pair, review our docs: [CrowdStrike Falcon](https://falcon.crowdstrike.com/support/api-clients-and-keys).
- Either spin up an EKS Kubernetes cluster or use one that already exists. The EKS cluster that runs Falcon Operator needs to have the [IAM OIDC provider](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) installed. The IAM OIDC provider associates AWS IAM roles with EKS workloads. Please review [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) to understand how the IAM OIDC provider works before proceeding.
Make sure to assign the following permissions to the key pair:
- Falcon Images Download: **Read**
- Sensor Download: **Read**

## Installing the Falcon Operator

- Set up a new Kubernetes cluster or use an existing one. The EKS cluster that runs Falcon Operator needs to have the [IAM OIDC provider](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) installed. The IAM OIDC provider associates AWS IAM roles with EKS workloads.
Please review [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) to understand how the IAM OIDC provider works before proceeding.

- Provide the following AWS settings as environment variables:
```sh
Expand All @@ -25,28 +31,30 @@ This document will guide you through the installation of falcon-operator and dep
eksctl utils associate-iam-oidc-provider --region "$AWS_REGION" --cluster "$EKS_CLUSTER_NAME" --approve
```

- Install the operator
- Install the Falcon Operator by running the following command:
```sh
kubectl apply -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```

### Deploy the Node Sensor
### Deploying the Falcon Node Sensor

Once the operator has deployed, you can now deploy the FalconNodeSensor.
After the Falcon Operator has deployed, you can now deploy the Falcon Node Sensor:

- Deploy FalconNodeSensor through the cli using the `kubectl` command:
```sh
kubectl create -n falcon-operator -f https://raw.githubusercontent.com/crowdstrike/falcon-operator/main/config/samples/falcon_v1alpha1_falconnodesensor.yaml --edit=true
```

### Deploy the sidecar sensor
### Deploying the Falcon Container Sidecar Sensor

#### Create the FalconContainer resource

- Create new FalconContainer resource
- Create a new FalconContainer resource
```sh
kubectl create -f https://raw.githubusercontent.com/crowdstrike/falcon-operator/main/docs/deployment/eks/falconcontainer.yaml --edit=true
```


#### Complete install using AWS Cloud Shell

- Open AWS Cloud Shell: https://console.aws.amazon.com/cloudshell/home
Expand All @@ -59,26 +67,31 @@ Once the operator has deployed, you can now deploy the FalconNodeSensor.

## Uninstalling

When uninstalling the operator, it is important to make sure to uninstall the deployed custom resources first *before* you uninstall the operator.
This will insure proper cleanup of the resources.
> :exclamation: It is essential to uninstall ALL of the deployed custom resources before uninstalling the Falcon Operator to ensure proper cleanup.

### Uninstall the Node Sensor
### Uninstalling the Falcon Node Sensor

- To uninstall the node sensor, simply remove the FalconNodeSensor resource.
```sh
kubectl delete falconnodesensor -A --all
```
Remove the FalconNodeSensor resource by running:

### Uninstall the Sidecar Sensor
```sh
kubectl delete falconnodesensor -A --all
```

### Uninstalling the Falcon Container Sidecar Sensor

Remove the FalconContainer resource. The operator will then uninstall the Falcon Container Sidecar Sensor from the cluster:

```sh
kubectl delete falconcontainers --all
```

### Uninstalling the Falcon Operator

Delete the Falcon Operator deployment by running:

```sh
kubectl delete -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```

- To uninstall Falcon Container, simply remove the FalconContainer resource. The operator will then uninstall the Falcon Container product from the cluster.
```sh
kubectl delete falconcontainers --all
```

### Uninstall the Operator

- To uninstall Falcon Operator, delete the deployment:
```sh
kubectl delete -f https://github.com/crowdstrike/falcon-operator/releases/latest/download/falcon-operator.yaml
```
Loading

0 comments on commit f5979fb

Please sign in to comment.