This package creates the following prerequisite resources for the
gatekeeper-securitycenter controller using
Config Connector:
- a Google Kubernetes Engine (GKE) cluster;
- Open Policy Agent Gatekeeper installed in the GKE cluster;
- Google service accounts with Cloud IAM policy bindings; and
- a Security Command Center source for Gatekeeper audit findings
If you have already set up the prerequisite resources and want to deploy the
gatekeeper-securitycenter controller, skip these steps and use the
manifests
package instead.
Tools required:
- Google Cloud SDK
- kubectl
- kpt v1.0.0-beta.1 or later
- kustomize
- jq
kpt pkg get https://github.com/GoogleCloudPlatform/gatekeeper-securitycenter.git/setup setupsource setup/setup.envIf you want to use an exisiting GKE cluster and/or existing Google service
accounts, edit the values in setup.env to match the names of
your existing resources before you source the file.
./setup/setup.shThis script initializes and applies the resource manifests in these directories:
When the script is done, it prints the values you need to deploy the controller
resources using the kpt package in the
manifests
directory.
The script is designed to be idempotent. This means that if you encounter issues, you can run the script again.