-
Install these command-line tools:
-
Create a development GKE cluster with Workload Identity, and install Policy Controller or Gatekeeper. If you like, you can use the provided
dev-cluster.sh
shell script:./scripts/dev-cluster.sh
-
Create your Security Command Center source (
SOURCE_NAME
) and set up your findings editor Google service account (FINDINGS_EDITOR_SA
) with the required permissions:./scripts/iam-setup.sh
The script prints out values for
SOURCE_NAME
andFINDINGS_EDITOR_SA
. Set these as environment variables for use in later steps. -
Set the name of your Security Command Center source:
kustomize fn run manifests \ --image gcr.io/kpt-fn/apply-setters:v0.2 -- \ "source=$SOURCE_NAME"
-
If you use a GKE cluster with Workload Identity, add the Workload Identity annotation to the Kubernetes service account used by the controller:
kustomize cfg annotate manifests/ \ --kind ServiceAccount \ --name gatekeeper-securitycenter-controller \ --namespace gatekeeper-securitycenter \ --kv iam.gke.io/gcp-service-account="$FINDINGS_EDITOR_SA"
-
Define the base image registry path for Skaffold:
export SKAFFOLD_DEFAULT_REPO=gcr.io/$(gcloud config get-value core/project)
-
Deploy the resources and start the Skaffold development mode watch loop:
skaffold dev