actions/release/start-secured-cluster/start-secured-cluster.sh at 04a2cb756a76775a2bfbf24e45098e5f88300762 · stackrox/actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/env bash
set -eou pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"

"${STACKROX_DIR}/deploy/k8s/sensor.sh"
kubectl -n stackrox create secret generic access-rhacs \
  --from-literal="username=${ROX_ADMIN_USERNAME}" \
  --from-literal="password=${ROX_ADMIN_PASSWORD}" \
  --from-literal="central_url=${CLUSTER_API_ENDPOINT}"

# Create the collector-config ConfigMap in order to enable external IPs
kubectl create -f "${SCRIPT_DIR}/collector-config.yaml"

echo "Deploying Monitoring..."
monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml"
yq -i '.resources.requests.memory = "8Gi"' "$monitoring_values_file"
yq -i '.resources.limits.memory = "8Gi"' "$monitoring_values_file"

helm_args=(
  --set persistence.type="${STORAGE}"
  --set exposure.type="${MONITORING_LOAD_BALANCER}"
)

helm dependency update "${COMMON_DIR}/../charts/monitoring"
envsubst < "$monitoring_values_file" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"
helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}"
rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"

# Replace the prometheus ConfigMap with one that doesn't scrape as much info from berserker containers
kubectl -n stackrox delete configmap prometheus
kubectl create -f "${SCRIPT_DIR}"/prometheus.yaml