You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 lines
2.8 KiB
116 lines
2.8 KiB
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
openshift.io/description: ""
|
|
openshift.io/display-name: ""
|
|
labels:
|
|
kubernetes.io/metadata.name: stackrox
|
|
name: stackrox
|
|
spec:
|
|
finalizers:
|
|
- kubernetes
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
# The secret needs to be created before the creation of the "Central" Custom Resource.
|
|
# Otherwise, a race condition is possible and the installation of the Central might get stuck.
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
name: central-admin
|
|
namespace: stackrox
|
|
type: Opaque
|
|
data:
|
|
password: {{ include "acs-admin-password" . | b64enc | quote }}
|
|
---
|
|
apiVersion: platform.stackrox.io/v1alpha1
|
|
kind: Central
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "15"
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
name: stackrox-central-services
|
|
namespace: stackrox
|
|
spec:
|
|
central:
|
|
exposure:
|
|
loadBalancer:
|
|
enabled: false
|
|
port: 443
|
|
nodePort:
|
|
enabled: false
|
|
route:
|
|
enabled: true
|
|
adminPasswordSecret:
|
|
name: central-admin
|
|
db:
|
|
isEnabled: Default
|
|
persistence:
|
|
persistentVolumeClaim:
|
|
claimName: central-db
|
|
persistence:
|
|
persistentVolumeClaim:
|
|
claimName: stackrox-db
|
|
egress:
|
|
connectivityPolicy: Online
|
|
scanner:
|
|
analyzer:
|
|
scaling:
|
|
autoScaling: Disabled
|
|
replicas: 3
|
|
scannerComponent: Enabled
|
|
# Listen on pain HTTP so that we can expose the central through a Route
|
|
customize:
|
|
envVars:
|
|
- name: ROX_PLAINTEXT_ENDPOINTS
|
|
value: http@8080
|
|
---
|
|
apiVersion: platform.stackrox.io/v1alpha1
|
|
kind: SecuredCluster
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "30"
|
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
|
name: stackrox-secured-cluster-services
|
|
namespace: stackrox
|
|
spec:
|
|
auditLogs:
|
|
collection: Auto
|
|
admissionControl:
|
|
listenOnUpdates: true
|
|
bypass: BreakGlassAnnotation
|
|
contactImageScanners: ScanIfMissing
|
|
listenOnCreates: true
|
|
timeoutSeconds: 20
|
|
listenOnEvents: true
|
|
scanner:
|
|
analyzer:
|
|
scaling:
|
|
autoScaling: Enabled
|
|
maxReplicas: 5
|
|
minReplicas: 2
|
|
replicas: 3
|
|
scannerComponent: AutoSense
|
|
perNode:
|
|
collector:
|
|
collection: EBPF
|
|
imageFlavor: Regular
|
|
taintToleration: TolerateTaints
|
|
clusterName: local-cluster
|
|
---
|
|
apiVersion: console.openshift.io/v1
|
|
kind: ConsoleLink
|
|
metadata:
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "20"
|
|
name: rhacs-menu
|
|
spec:
|
|
applicationMenu:
|
|
imageURL: >-
|
|
/static/assets/redhat.svg
|
|
section: RHACS Section
|
|
href: 'https://central.{{ .Values.openshiftDnsZone }}/'
|
|
location: ApplicationMenu
|
|
text: Red Hat Advanced Cluster Security
|
|
|