There are a few env variables you need to set first. Also assuming you have oc
installed and you are logged in as a cluster admin. This has been tested on OCP v4.5.36 and StackRox v3.0.58.0.
export YOUR_STACKROX_USERNAME=test@example.com
export YOUR_STACKROX_PASSWORD=whateverYourPasswordIs
export STACKROX_PASSWORD=Pa22word # used to log into your deployed stackrox instance. user is `admin` and password is this
- Download
roxctl
# replace Darwin with Linux for linux
wget --http-user=$YOUR_STACKROX_USERNAME --http-password=$YOUR_STACKROX_PASSWORD https://install.stackrox.io/3.0.58.0/bin/Darwin/roxctl
- Generate Templates
roxctl central generate openshift pvc --storage-class gp2 --size 30 --enable-telemetry=false --lb-type route -p $STACKROX_PASSWORD --openshift-version 4
- Deploy
./central-bundle/scanner/scripts/setup.sh
oc apply -R -f central-bundle/central
- Verify
watch oc get pod -n stackrox
- Set Route Var
export CENTRAL_ROUTE=$(oc get route -n stackrox -o jsonpath="{.items[0].spec.host}")
- Modify Replica Count
sed -i -e 's/replicas: 3/replicas: 1/g' ./central-bundle/scanner/02-scanner-06-deployment.yaml
sed -i -e 's/minReplicas: 2/minReplicas: 1/g' central-bundle/scanner/02-scanner-08-hpa.yaml
- Deploy
./central-bundle/scanner/scripts/setup.sh
oc apply -R -f central-bundle/scanner
- Verify
watch oc get pod -n stackrox
- Generate Templates
roxctl sensor generate openshift --openshift-version 4 --central central.stackrox:443 --insecure --insecure-skip-tls-verify --name ocp --collection-method kernel-module -p $STACKROX_PASSWORD --admission-controller-listen-on-updates --admission-controller-listen-on-creates --admission-controller-scan-inline --slim-collector=false -e $CENTRAL_ROUTE:443
- Deploy
./sensor-ocp/sensor.sh
- Verify
watch oc get pod -n stackrox
There are three major components:
- Central
- Scanner
- Sensor/Collector
- StackRox Workshop - All the instructions here basically came from @clemenko and his workshop. Big thanks to him.
You should change the template to
This will create the route object for you.
Also looks like you missed the
./central-bundle/central/scripts/setup.sh
.