Skip to content

Latest commit

 

History

History
58 lines (43 loc) · 1.8 KB

development.md

File metadata and controls

58 lines (43 loc) · 1.8 KB

Developing gatekeeper-securitycenter

  1. Install these command-line tools:

  2. Create a development GKE cluster with Workload Identity, and install Policy Controller or Gatekeeper. If you like, you can use the provided dev-cluster.sh shell script:

    ./scripts/dev-cluster.sh
  3. Create your Security Command Center source (SOURCE_NAME) and set up your findings editor Google service account (FINDINGS_EDITOR_SA) with the required permissions:

    ./scripts/iam-setup.sh

    The script prints out values for SOURCE_NAME and FINDINGS_EDITOR_SA. Set these as environment variables for use in later steps.

  4. Set the name of your Security Command Center source:

    kustomize fn run manifests \
        --image gcr.io/kpt-fn/apply-setters:v0.2 -- \
        "source=$SOURCE_NAME" 
  5. If you use a GKE cluster with Workload Identity, add the Workload Identity annotation to the Kubernetes service account used by the controller:

    kustomize cfg annotate manifests/ \
        --kind ServiceAccount \
        --name gatekeeper-securitycenter-controller \
        --namespace gatekeeper-securitycenter \
        --kv iam.gke.io/gcp-service-account="$FINDINGS_EDITOR_SA"
  6. Define the base image registry path for Skaffold:

    export SKAFFOLD_DEFAULT_REPO=gcr.io/$(gcloud config get-value core/project)
  7. Deploy the resources and start the Skaffold development mode watch loop:

    skaffold dev