OpenShift
You will learn
How to configure ThreadFix to run on OpenShift.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: N/A
In order to run ThreadFix on OpenShift there are a few special considerations. With the default Security Context Constraints, pods must be configured to run under certain user and group IDs. The following describes how to get the default UID and GID range and apply them to the ThreadFix installation.
Determine the valid UID range for the project:
oc get project <project_name> -o yaml
The output will appear like below:apiVersion: project.openshift.io/v1 kind: Project metadata: annotations: openshift.io/description: "" openshift.io/display-name: "" openshift.io/requester: kube:admin openshift.io/sa.scc.mcs: s0:c25,c0 openshift.io/sa.scc.supplemental-groups: 1000600000/10000 openshift.io/sa.scc.uid-range: 1000600000/10000
The values
openshift.io/sa.scc.uid-range
andopenshift.io/sa.scc.supplemental-groups
will be needed for setting the appropriate<uid>
and<gid>
in the following step.Create a ‘myValues’ directory (if it does not exist).
mkdir -p myValues
Create a file named “openshift.yaml” with the following contents (replace
<uid>
and<gid>
with valid values in the above range):Finish any other tasks from the Installation Checklist , then Install with Helm.
Table of Contents
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.