Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add local deployment instructions #118

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add local deployment instructions #118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
*.tgz
Chart.lock

private.yaml
71 changes: 71 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,74 @@ Before committing changes execute the following commands:
# Review the updated files and add to the repository.
git add .
```

## Running in a local cluster

Follow this instructions to deploy vulcan in your local cluster.
The service will be available at <https://www.localhost.direct/>.
We use <https://k3d.io> but `Kind` should work, the requirement is to expose the ingress on 127.0.0.1:80/443 ports.

- Start your cluster.

```sh
# Start the cluster on standard ports
k3d cluster create --port 80:80@Loadbalancer --port 443:443@Loadbalancer
```

- Create your SAML application with this callback URL <https://www.localhost.direct/api/v1/login/callback>.
- Set the configuration (i.e. in `private.yaml`).

```yaml
api:
conf:
saml:
metadata: https://example.okta.com/app/myclientid/sso/saml/metadata
issuer: http://www.okta.com/myclientid
````

- Install the application.

```sh
# Install vulcan.
helm upgrade --install vulcan stable/vulcan -f examples/local.yaml -f private.yaml

# Wait for the pods to be in a RUNNING state
kubectl get pods
```

- Access the UI <https://www.localhost.direct/>
- Create your team/s.
- Add your asset/s.
- Generate your token in <https://www.localhost.direct/api/v1/home>.

- Load the checks.

```sh
# Load the default checks from https://github.com/adevinta/vulcan-checks
tools/load-checks.sh
```

- Create a scan for your team.

```sh
TOKEN=your-token

# Find your team_id and set $TEAM_ID
curl -H "Authorization: Bearer $TOKEN" -s https://www.localhost.direct/api/v1/teams

TEAM_ID=your-team_id

# Launch a scan
curl -H "Authorization: Bearer $TOKEN" -H 'Accept: scan' -H 'Content-Type: application/json' -s \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

403 as the user is not admin and not allowed to start a scan 👎🏽

--data '{"program_id": "periodic-full-scan"}' \
https://www.localhost.direct/api/v1/teams/$TEAM_ID/scans
```

- Start the agent to process the checks

```sh
# Start the agent
tools/agent.sh
````

- See the findings in <https://www.localhost.direct/> --> `Security` --> `Live report`.
Loading