Skip to content

Instantly share code, notes, and snippets.

@vrabbi

vrabbi/INSTRUCTIONS.md

Created April 23, 2023 15:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save vrabbi/72b5e4c6973a9d645769296a4917983d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save vrabbi/72b5e4c6973a9d645769296a4917983d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
INSTRUCTIONS.md

Step 1 - create the secret

kubectl apply -f PRISMA_OVERLAY_FIX.yaml

Step 2 - Add the following annotation to the package install resource in the prisma doc in gitlab

annotations:
  ext.packaging.carvel.dev/ytt-paths-from-secret-name.0: grype-prisma-sec-context-overlay

Step 3 - run the following command to fix the lala prisma installation

kubectl annotate pkgi -n tap-install prisma ext.packaging.carvel.dev/ytt-paths-from-secret-name.0=grype-prisma-sec-context-overlay

Step 4 - unpause the current prisma package install for lala

kubectl patch pkgi prisma -n tap-install --patch '{"spec":{"paused":false}}' --type=merge

Step 5 - reconcile all additional package installs of prisma for each namespace

kctrl package installed kick -n tap-install <NAME OF PACKAGE INSTALL> -y
Raw
PRISMA_OVERLAY_FIX.yaml
apiVersion: v1
kind: Secret
metadata:
name: grype-prisma-sec-context-overlay
namespace: tap-install
type: Opaque
stringData:
prisma-sec-context-overlay.yaml: |
#@ load("@ytt:overlay","overlay")
---
#@ def st_matcher():
apiVersion: scanning.apps.tanzu.vmware.com/v1beta1
kind: ScanTemplate
#@ end
#@overlay/match by=overlay.subset(st_matcher()), expects="1+"
---
spec:
template:
#@overlay/match missing_ok=True
#@overlay/remove
securityContext:
runAsNonRoot: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment