This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Install JQ and YQ | |
| #./get_netpol.sh | oc apply -f - | |
| if [[ -z "${ROX_ENDPOINT}" ]]; then | |
| echo >&2 "ROX_ENDPOINT must be set" | |
| exit 1 | |
| fi | |
| if [[ -z "${ROX_API_TOKEN}" ]]; then |
ralvares
/ gist:8c94f65d0d8324ceb8dfc8bb984bcbe2
Created
February 7, 2024 06:25
secured-cluster.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: SecuredCluster | |
| metadata: | |
| name: stackrox-secured-cluster-services | |
| namespace: stackrox | |
| spec: | |
| monitoring: | |
| openshift: | |
| enabled: true | |
| auditLogs: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # haproxy.cfg | |
| defaults | |
| mode http | |
| log global | |
| option httplog | |
| option dontlognull | |
| option forwardfor except 127.0.0.0/8 | |
| option redispatch | |
| retries 3 | |
| timeout http-request 10s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: Central | |
| metadata: | |
| name: stackrox-central-services | |
| namespace: stackrox | |
| spec: | |
| central: | |
| db: | |
| isEnabled: Default | |
| persistence: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DOCKER_CONFIG_JSON=`oc extract secret/pull-secret -n openshift-config --to=-` | |
| oc create secret generic multiclusterhub-operator-pull-secret \ | |
| -n open-cluster-management-observability \ | |
| --from-literal=.dockerconfigjson="$DOCKER_CONFIG_JSON" \ | |
| --type=kubernetes.io/dockerconfigjson | |
| ACCESS_KEY="" | |
| SECRET_KEY="" |
ralvares
/ generate_netpol.sh
Last active
March 9, 2023 13:42
Generate Network Policies using roxctl (npguard) from running deployments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ $# -eq 0 ] | |
| then | |
| echo "try: $0 payments-v2 frontend backend" | |
| exit 1 | |
| fi | |
| > netpols.yaml | |
| for namespace in $@ | |
| do |
ralvares
/ secured-cluster.yaml
Created
February 17, 2023 09:17
rhacs yaml definition adding proxy configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: platform.stackrox.io/v1alpha1 | |
| kind: SecuredCluster | |
| metadata: | |
| name: stackrox-secured-cluster-services | |
| namespace: stackrox | |
| spec: | |
| admissionControl: | |
| bypass: BreakGlassAnnotation | |
| contactImageScanners: DoNotScanInline | |
| listenOnCreates: true |
ralvares
/ rhacs-image-puller-serviceaccount.yaml
Created
February 17, 2023 09:06
Integrating RHACS scanner with the internal ocp registry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| namespace: stackrox | |
| name: stackrox-image-puller | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: stackrox-image-puller-clusterrolebinding |
ralvares
/ disable_default_policies.sh
Created
February 6, 2023 13:17
Disable all the default policies from RHACS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ -z "${ROX_ENDPOINT}" ]]; then | |
| echo >&2 "ROX_ENDPOINT must be set" | |
| exit 1 | |
| fi | |
| if [[ -z "${ROX_API_TOKEN}" ]]; then | |
| echo >&2 "ROX_API_TOKEN must be set" | |
| exit 1 |
ralvares
/ Deploy ACS on non-ocp.txt
Last active
April 5, 2023 09:50
adding kubernetes ask/esk instance to acs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 4 simple steps | |
| - Create namespace | |
| - Create secret ( it is required ) | |
| - Generate cluster-init-bundle. | |
| - Install secured-cluster using helm. | |
| # Create namespace and Pull-Secret from cloud.redhat.com | |
| kubectl create namespace stackrox |
NewerOlder