Skip to content

Instantly share code, notes, and snippets.

@judavi

judavi/Readme.md

Last active January 23, 2020 15:11
Show Gist options
  • Save judavi/ab4f7ed8fa7911ccd3597cfe9ad554da to your computer and use it in GitHub Desktop.
Save judavi/ab4f7ed8fa7911ccd3597cfe9ad554da to your computer and use it in GitHub Desktop.
Download ZIP
Kritis Katakoda quick setup
Raw
Readme.md

curl -LO https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz tar -xvf helm-v3.0.2-linux-amd64.tar.gz mv linux-amd64/helm /usr/local/bin/

mkdir test cd test git clone https://github.com/grafeas/kritis.git cd kritis/docs/standalone

Create gac.json

vi gac.json kubectl create secret generic gac-ca-admin --from-file=gac.json

Remove --name from setup_grafeas setup_kritis

curl -k --cert grafeas.pem --key grafeas.key -X GET
https://grafeas-server:443/v1beta1/projects

Remember to add to the documentation --key

ImageSignaturePolicy

No Grafeas Server Available

When there is no Grafeas Server available Kritis succesfully block the deployment of a new pod

➜  standalone git:(helmv3-standalone) ✗ kubectl apply -f pod.yaml
Error from server: error when creating "pod.yaml": admission webhook "kritis-validation-hook.grafeas.io" denied the request: error validating image security policy rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: Error while dialing dial tcp: lookup grafeas-server on 10.0.0.10:53: no such host"

Image with vulneratibily

➜  standalone git:(helmv3-standalone) ✗ kubectl apply -f pod.yaml 
Error from server: error when creating "pod.yaml": admission webhook "kritis-validation-hook.grafeas.io" denied the request: found violations in gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment