From 99b9b703dfc4c0191511841367611de0766d3275 Mon Sep 17 00:00:00 2001 From: Kushal Beniwal Date: Thu, 2 Mar 2023 18:10:00 +0530 Subject: [PATCH 1/2] remove helm chart related files for the aws adapter --- charts/aws-adapter/.helmignore | 23 -- charts/aws-adapter/Chart.yaml | 16 - .../crds/security.nirmata.io_awsconfigs.yaml | 351 ------------------ charts/aws-adapter/templates/_helpers.tpl | 59 --- charts/aws-adapter/templates/deployment.yaml | 69 ---- charts/aws-adapter/templates/namespace.yaml | 13 - charts/aws-adapter/templates/rbac.yaml | 61 --- charts/aws-adapter/templates/resource.yaml | 13 - charts/aws-adapter/templates/secret.yaml | 10 - .../templates/service_account.yaml | 15 - charts/aws-adapter/values.yaml | 36 -- 11 files changed, 666 deletions(-) delete mode 100644 charts/aws-adapter/.helmignore delete mode 100644 charts/aws-adapter/Chart.yaml delete mode 100644 charts/aws-adapter/crds/security.nirmata.io_awsconfigs.yaml delete mode 100644 charts/aws-adapter/templates/_helpers.tpl delete mode 100644 charts/aws-adapter/templates/deployment.yaml delete mode 100644 charts/aws-adapter/templates/namespace.yaml delete mode 100644 charts/aws-adapter/templates/rbac.yaml delete mode 100644 charts/aws-adapter/templates/resource.yaml delete mode 100644 charts/aws-adapter/templates/secret.yaml delete mode 100644 charts/aws-adapter/templates/service_account.yaml delete mode 100644 charts/aws-adapter/values.yaml diff --git a/charts/aws-adapter/.helmignore b/charts/aws-adapter/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/charts/aws-adapter/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/aws-adapter/Chart.yaml b/charts/aws-adapter/Chart.yaml deleted file mode 100644 index 34efc6a0..00000000 --- a/charts/aws-adapter/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v2 -name: nirmata-aws-adapter -description: Helm chart for the Nirmata AWS Adapter -type: application -version: 0.1.0 -appVersion: 0.1.0 -keywords: - - kubernetes - - nirmata - - kyverno - - aws - - adapter - - policy -maintainers: - - name: Nirmata - url: https://nirmata.com/ diff --git a/charts/aws-adapter/crds/security.nirmata.io_awsconfigs.yaml b/charts/aws-adapter/crds/security.nirmata.io_awsconfigs.yaml deleted file mode 100644 index 132df7b9..00000000 --- a/charts/aws-adapter/crds/security.nirmata.io_awsconfigs.yaml +++ /dev/null @@ -1,351 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: awsconfigs.security.nirmata.io -spec: - group: security.nirmata.io - names: - kind: AWSConfig - listKind: AWSConfigList - plural: awsconfigs - singular: awsconfig - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.id - name: Cluster Id - type: string - - jsonPath: .spec.name - name: Cluster Name - type: string - - jsonPath: .spec.region - name: Region - type: string - - jsonPath: .status.eksCluster.status - name: Status - type: string - - jsonPath: .status.eksCluster.kubernetesVersion - name: Kubernetes Version - type: string - - jsonPath: .status.eksCluster.platformVersion - name: Platform Version - type: string - - jsonPath: .status.lastUpdatedTimestamp - name: Last Updated - type: date - - jsonPath: .status.lastPollInfo.timestamp - name: Last Polled - type: date - - jsonPath: .status.lastPollInfo.status - name: Last Polled Status - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: AWSConfig is the Schema for the awsconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AWSConfigSpec defines the desired state of AWSConfig - properties: - name: - type: string - region: - type: string - required: - - name - - region - type: object - status: - description: AWSConfigStatus defines the observed state of AWSConfig - properties: - eksCluster: - description: Contains the EKS cluster's details - properties: - addons: - items: - type: string - type: array - arn: - type: string - certificate: - type: string - compute: - description: Contains node groups and fargate profiles of the - EKS cluster - properties: - fargateProfiles: - items: - type: string - type: array - nodeGroups: - items: - description: Contains info of the EKS cluster's node group - properties: - amiReleaseVersion: - type: string - amiType: - type: string - capacityType: - type: string - createdAt: - type: string - diskSize: - format: int32 - type: integer - healthIssues: - items: - description: Contains info of any health issue in - the EKS cluster's node group - properties: - code: - type: string - message: - type: string - resourceIDs: - items: - type: string - type: array - type: object - type: array - instanceTypes: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - launchTemplate: - description: Contains launch template info the EKS cluster's - node group - properties: - id: - type: string - name: - type: string - version: - type: string - type: object - name: - type: string - nodeGroupArn: - type: string - nodeRole: - type: string - remoteAccessConfig: - description: Contains remote access configuration of - the EKS cluster's node group - properties: - ec2SSHKey: - type: string - sourceSecurityGroups: - items: - type: string - type: array - type: object - resources: - description: Contains info of ASG and remote access - SG for node group - properties: - autoScalingGroups: - items: - type: string - type: array - remoteAccessSecurityGroup: - type: string - type: object - scalingConfig: - description: Contains scaling configuration of the - EKS cluster's node group - properties: - desiredSize: - format: int32 - type: integer - maxSize: - format: int32 - type: integer - minSize: - format: int32 - type: integer - type: object - status: - type: string - subnets: - items: - type: string - type: array - tags: - additionalProperties: - type: string - type: object - taints: - items: - description: Contains info of taints in the EKS cluster's - node group - properties: - effect: - type: string - key: - type: string - value: - type: string - type: object - type: array - updateConfig: - description: Contains number/percentage of node groups - that can be updated in parallel - properties: - maxUnavailable: - format: int32 - type: integer - maxUnavailablePercentage: - format: int32 - type: integer - type: object - type: object - type: array - type: object - createdAt: - type: string - encryptionConfig: - items: - description: Contains encryption configuration of the EKS cluster - properties: - keyARN: - type: string - resources: - items: - type: string - type: array - type: object - type: array - endpoint: - type: string - id: - type: string - identityProviderConfigs: - items: - type: string - type: array - kubernetesVersion: - type: string - logging: - description: Contains info of which logs are enabled - properties: - apiServer: - type: boolean - audit: - type: boolean - authenticator: - type: boolean - controllerManager: - type: boolean - scheduler: - type: boolean - type: object - name: - type: string - networking: - description: Contains networking configuration of the EKS cluster - properties: - ipFamily: - type: string - serviceIPv4CIDR: - type: string - serviceIPv6CIDR: - type: string - vpc: - description: Contains VPC configuration of the EKS cluster - properties: - clusterSecurityGroupID: - type: string - endpointPrivateAccess: - type: boolean - endpointPublicAccess: - type: boolean - publicAccessCIDRs: - items: - type: string - type: array - securityGroupIDs: - items: - type: string - type: array - subnetIDs: - items: - type: string - type: array - vpcID: - type: string - type: object - type: object - oidcProvider: - type: string - platformVersion: - type: string - region: - type: string - roleArn: - type: string - status: - type: string - tags: - additionalProperties: - type: string - type: object - required: - - name - - region - - status - type: object - lastPollInfo: - description: Contains Timestamp, Status and Failure info of last poll - properties: - failure: - description: Contains the Error and relevant Message if got Failure - in last poll - properties: - error: - type: string - message: - type: string - required: - - error - - message - type: object - status: - type: string - timestamp: - format: date-time - type: string - type: object - lastUpdatedTimestamp: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' - format: date-time - type: string - required: - - lastPollInfo - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/aws-adapter/templates/_helpers.tpl b/charts/aws-adapter/templates/_helpers.tpl deleted file mode 100644 index 23179f1a..00000000 --- a/charts/aws-adapter/templates/_helpers.tpl +++ /dev/null @@ -1,59 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "nirmata-aws-adapter.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nirmata-aws-adapter.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nirmata-aws-adapter.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "nirmata-aws-adapter.labels" -}} -helm.sh/chart: {{ include "nirmata-aws-adapter.chart" . }} -{{ include "nirmata-aws-adapter.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "nirmata-aws-adapter.selectorLabels" -}} -app.kubernetes.io/name: {{ include "nirmata-aws-adapter.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Generate the dockerconfigjson value -*/}} -{{- define "nirmata-aws-adapter.dockerconfigjson" -}} -{{- $user_pwd_hashed := printf "%s:%s" .Values.registryConfig.username .Values.registryConfig.password | b64enc }} -{{- printf "{\"auths\":{\"ghcr.io\":{\"auth\":\"%s\"}}}" $user_pwd_hashed | b64enc }} -{{- end }} diff --git a/charts/aws-adapter/templates/deployment.yaml b/charts/aws-adapter/templates/deployment.yaml deleted file mode 100644 index 32d1912c..00000000 --- a/charts/aws-adapter/templates/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "nirmata-aws-adapter.fullname" . }} - namespace: {{ .Values.namespace.name }} - labels: - control-plane: controller-manager - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: nirmata-aws-adapter - app.kubernetes.io/part-of: nirmata-aws-adapter -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - imagePullSecrets: - - name: {{ include "nirmata-aws-adapter.fullname" . }} - containers: - - command: - - /manager - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: manager - {{- if .Values.pollInterval }} - args: - - --sync-period={{ .Values.pollInterval }} - {{- end }} - securityContext: - runAsNonRoot: true - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: nirmata-aws-adapter-sa - terminationGracePeriodSeconds: 10 diff --git a/charts/aws-adapter/templates/namespace.yaml b/charts/aws-adapter/templates/namespace.yaml deleted file mode 100644 index 5f785fae..00000000 --- a/charts/aws-adapter/templates/namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.namespace.create }} -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: namespace - app.kubernetes.io/instance: {{ .Values.namespace.name }} - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: nirmata-aws-adapter - app.kubernetes.io/part-of: nirmata-aws-adapter - name: {{ .Values.namespace.name }} -{{- end }} diff --git a/charts/aws-adapter/templates/rbac.yaml b/charts/aws-adapter/templates/rbac.yaml deleted file mode 100644 index 4e8c683f..00000000 --- a/charts/aws-adapter/templates/rbac.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# permissions for end users to edit awsconfigs. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: awsconfig-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: nirmata-aws-adapter - app.kubernetes.io/part-of: nirmata-aws-adapter - name: awsconfig-manager-role -rules: -- apiGroups: - - security.nirmata.io - resources: - - awsconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - security.nirmata.io - resources: - - awsconfigs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - security.nirmata.io - resources: - - awsconfigs/finalizers - verbs: - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: awsconfig-manager-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: nirmata-aws-adapter - app.kubernetes.io/part-of: nirmata-aws-adapter - name: awsconfig-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: awsconfig-manager-role -subjects: -- kind: ServiceAccount - name: nirmata-aws-adapter-sa - namespace: {{ .Values.namespace.name }} diff --git a/charts/aws-adapter/templates/resource.yaml b/charts/aws-adapter/templates/resource.yaml deleted file mode 100644 index c41a0006..00000000 --- a/charts/aws-adapter/templates/resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: security.nirmata.io/v1alpha1 -kind: AWSConfig -metadata: - labels: - app.kubernetes.io/name: awsconfig - app.kubernetes.io/instance: awsconfig-resource - app.kubernetes.io/part-of: nirmata-aws-adapter - app.kubernetes.io/created-by: nirmata-aws-adapter - name: {{ .Values.eksCluster.name }}-config - namespace: {{ .Values.namespace.name }} -spec: - name: {{ .Values.eksCluster.name }} - region: {{ .Values.eksCluster.region }} diff --git a/charts/aws-adapter/templates/secret.yaml b/charts/aws-adapter/templates/secret.yaml deleted file mode 100644 index 8d35a11b..00000000 --- a/charts/aws-adapter/templates/secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -kind: Secret -type: kubernetes.io/dockerconfigjson -apiVersion: v1 -metadata: - name: {{ include "nirmata-aws-adapter.fullname" . }} - namespace: {{ .Values.namespace.name }} - labels: - app: {{ include "nirmata-aws-adapter.fullname" . }} -data: - .dockerconfigjson: {{ include "nirmata-aws-adapter.dockerconfigjson" . }} diff --git a/charts/aws-adapter/templates/service_account.yaml b/charts/aws-adapter/templates/service_account.yaml deleted file mode 100644 index da4307cf..00000000 --- a/charts/aws-adapter/templates/service_account.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - {{- if .Values.roleArn }} - eks.amazonaws.com/role-arn: {{ .Values.roleArn }} - {{- end }} - labels: - app.kubernetes.io/name: serviceaccount - app.kuberentes.io/instance: controller-manager - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: nirmata-aws-adapter - app.kubernetes.io/part-of: nirmata-aws-adapter - name: nirmata-aws-adapter-sa - namespace: {{ .Values.namespace.name }} diff --git a/charts/aws-adapter/values.yaml b/charts/aws-adapter/values.yaml deleted file mode 100644 index 7643c006..00000000 --- a/charts/aws-adapter/values.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Default values for nirmata-aws-adapter. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# REQUIRED -namespace: - # set to true for creating the namespace, false if already present - create: true - # name of the namespace to install the aws adapter - name: nirmata - -# REQUIRED To access AWS API -roleArn: - -# Interval at which the controller reconciles in minutes -# Defaults to 30 if not defined -pollInterval: 60 - -# REQUIRED To fetch cluster details -eksCluster: - name: - region: - -# REQUIRED To pull the private image (ghcr.io) -registryConfig: - username: - password: - -image: - repository: ghcr.io/nirmata/aws-adapter - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: v0.1.1 - -nameOverride: "" -fullnameOverride: "" From 913d8d3622882e4c86855a25b834545a045c34a5 Mon Sep 17 00:00:00 2001 From: Kushal Beniwal Date: Thu, 2 Mar 2023 18:42:27 +0530 Subject: [PATCH 2/2] update aws adapter readme to point to the kyverno-aws-adapter repo --- charts/aws-adapter/README.md | 95 ++---------------------------------- 1 file changed, 5 insertions(+), 90 deletions(-) diff --git a/charts/aws-adapter/README.md b/charts/aws-adapter/README.md index cdbf74d5..22f16031 100644 --- a/charts/aws-adapter/README.md +++ b/charts/aws-adapter/README.md @@ -1,96 +1,11 @@ -# nirmata-aws-adapter +# kyverno-aws-adapter ## Description -Nirmata AWS Adapter is a Kubernetes controller for the `AWSConfig` CRD. As of now, it observes the realtime state of an EKS cluster and reconciles it with the currently stored state, but can be further expanded to other AWS services later on by extending the current API with the help of [AWS SDK for Go v2](https://github.com/aws/aws-sdk-go-v2). -## Installation -You’ll need an [EKS](https://aws.amazon.com/eks/) cluster to run against. +Kyverno AWS Adapter is a Kubernetes controller for the `AWSAdapterConfig` CRD. As of now, it observes the realtime state of an EKS cluster and reconciles it with the currently stored state, but can be further expanded to other AWS services later on by extending the current API with the help of [AWS SDK for Go v2](https://github.com/aws/aws-sdk-go-v2). -### Running on the EKS cluster -1. Make sure that you have configured an [IAM role for the service account](#IAM-Role-for-Service-Account) `nirmata-aws-adapter-sa` in your desired namespace (configured in `values.yaml`) and specified the role's ARN in the `roleArn` field inside `values.yaml` file. -2. Install the Helm chart after making any necessary changes to `charts/aws-adapter/values.yaml` - ```sh - helm install nirmata-aws-adapter charts/aws-adapter - ``` -3. Check the `status` field of the `-config` custom resource in the namespace specified in `values.yaml`. For instance, if the cluster name is `eks-test` and namespace is `nirmata`, then: - ```sh - kubectl get awsconfig eks-test-config -n nirmata -o yaml - ``` +## Getting Started -## Helm Values -Currently supported values for the Helm chart are as follows: -| Value | Description | --- | --- -| `namespace` | Namespace for installing the controller and CRD | -| `eksCluster` | Configuration for EKS cluster's `name` and `region` | -| `registryConfig` | ghcr.io `username` and `password` configuration for the image secret | -| `pollInterval` | Interval for controller reconciliation | -| `image` | Configuration for image `name`, `tag` and `pullPolicy` | -| `roleArn` | IAM Role ARN with required permissions for the EKS cluster | -| `nameOverride` | Override the chart name | -| `fullnameOverride` | Override the entire generated name | - - -## IAM Role for Service Account -This adapter utilizes the ARN of a user-defined IAM Role associated with any policy that has `Full: List, Read` permissions for the `EKS` service, including the following: - -| Permission | -| --- | -| ListAddons | -| ListClusters | -| ListFargateProfiles | -| ListIdentityProviderConfigs | -| ListNodeGroups | -| ListUpdates | -| AccessKubernetesApi | -| DescribeAddon | -| DescribeAddonVersions | -| DescribeCluster | -| DescribeFargateProfile | -| DescribeIdentityProviderConfig | -| DescribeNodegroup | -| DescribeUpdate | -| ListTagsForResource | - -You can specify the Role's ARN in the `roleArn` field inside the Helm chart's `values.yaml` file. - -Please ensure that the trust relationship policy for your IAM role resembles the following format: -```json -{ - "Version": "YYYY-MM-DD", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::$account_id:oidc-provider/$oidc_provider" - }, - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "$oidc_provider:aud": "sts.amazonaws.com", - "$oidc_provider:sub": "system:serviceaccount:$namespace:$service_account" - } - } - } - ] -} -``` - -For detailed instructions on how to configure the IAM role for service account, check out the official AWS documentation on [IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html). - -## License - -Copyright 2022. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. +Check out the [getting_started.md](https://github.com/nirmata/kyverno-aws-adapter/blob/main/docs/getting_started.md) guide for installing the Nirmata Kyverno Adapter for AWS. +For more information please refer to the [kyverno-aws-adapter](https://github.com/nirmata/kyverno-aws-adapter) repository.