- Create an Access Tokens with the api scope, the name will show up in the UI
- Add the Token as an environment variable named
CI_SAST_TOKEN
- Extend your
gitlab-ci.yaml
with the followingsast: stage: scanning dependencies: [] after_script: - wget -O jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
# Cloud-Init for the Rancher+Harvester deploying Cilium (no kube-proxy, egress gateway, wireguard encryption) | |
# Tested on CentOS Stream 9 and openSUSE Leap 15.4 | |
user: rancher | |
package_update: true | |
package_upgrade: true | |
packages: | |
- qemu-guest-agent | |
- wireguard-tools | |
write_files: |
!! Make sure that the CIDRs dont overlap !!
- Read the following Cilium prerequisites
- Create or adapt the first clusters Cilium using the following HelmChartConfig
apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-cilium
namespace: kube-system
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
users: | |
- name: rancher | |
sudo: ALL=(ALL) NOPASSWD:ALL | |
groups: users, sudo | |
ssh_authorized_keys: | |
- ssh-ed25519 [...] | |
zypper: | |
repos: | |
- id: rancher-k3s-common-stable |
With the discontinuation of k3os, there is no minimal Linux available that bundles the OS with k3s, but with Elemental one can create custom images that can be extended.
- Build the Operating System
FROM registry.opensuse.org/isv/rancher/elemental/stable/teal53/15.4/rancher/elemental-teal/5.3:latest as os
RUN zypper in htop && zypper clean --all
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
user: sles | |
package_update: true | |
package_upgrade: true | |
package_reboot_if_required: true | |
bootcmd: | |
- '[ -f /usr/bin/SUSEConnect ] && SUSEConnect -r <ActivationCode> -e <EmailAddress>' | |
packages: | |
- htop | |
- ncdu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
# Tested with SL Micro 6.0 and OpenSUSE Leap Micro 6.0 | |
### System | |
locale: en_US.UTF-8 | |
timezone: Europe/Berlin | |
### Users | |
user: suse | |
ssh_authorized_keys: | |
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY5nEt0qssNTouZzN4LPg8M3OyDAwGDDvreTUMA6hQ5 | |
users: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module selinux-policy-iptables 1.0; | |
require { | |
type cgroup_t; | |
type iptables_t; | |
class dir ioctl; | |
} | |
#============= iptables_t ============== | |
allow iptables_t cgroup_t:dir ioctl; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM registry.suse.com/rancher/elemental-teal/5.4:1.2.3 AS build | |
RUN zypper --non-interactive rm --clean-deps \ | |
bash-completion jq k9s podman vim-small \ | |
kernel-firmware* | |
# IMPORTANT: /etc/os-release is used for versioning/upgrade. The | |
# values here should reflect the tag of the image currently being built | |
ARG IMAGE_REPO=norepo | |
ARG IMAGE_TAG=latest |
OlderNewer