-
Notifications
You must be signed in to change notification settings - Fork 25
64 lines (62 loc) · 2.03 KB
/
minikube-security-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: Minikube Security CI
on:
push:
branches:
- master
paths:
- "application/**"
- "kubernetes/**"
- ".github/workflows/minikube-security-ci.yml"
pull_request:
paths:
- ".github/workflows/minikube-security-ci.yml"
jobs:
security-ci:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/[email protected]
- name: start minikube
uses: medyagh/[email protected]
with:
minikube-version: 1.30.1
kubernetes-version: 1.27.3
driver: docker
container-runtime: docker
cpus: 2
memory: 6144
addons: ingress
- name: minikube settings
run: |
minikube addons list
# https://minikube.sigs.k8s.io/docs/drivers/docker/#troubleshooting
sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
- name: wait for set up ingress
run: |
kubectl wait --all-namespaces=true --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=10m
- name: add hosts
run: echo `minikube ip` k8s.3tier.webapp | sudo tee -a /etc/hosts
- name: apply minimal service
run: |
kubectl apply -f kubernetes/nginx/nginx-ingress.yaml
kubectl apply -f kubernetes/nginx/nginx-deployment.yaml
kubectl apply -f kubernetes/nginx/nginx-service.yaml
sleep 10
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
target: "http://k8s.3tier.webapp/"
- name: check status
if: always()
run: |
kubectl get po --all-namespaces=true
kubectl get nodes
kubectl get pv
kubectl get pvc
kubectl get all
kubectl get all -n monitoring
kubectl get ingress
df -h /