Install StackRox on k3s

Tested on k3s 1.22.5.

StackRox has been open sourced a couple of days ago! StackRox has been acquired in February 2021 by Red Hat (my employer) and we stick to our promise to Open Source communities so we finally contributed the code back to the community.

The project is documented to install on k8s or OpenShift.

I wanted to give the StackRox project a try on my own VPS (running this very blog) but I run k3s on Ubuntu 21.04.

I managed to install without too much troubles, here are the steps:

SSH to your VPS, as root. All the steps below are performed as root.

First of all make sure to install some packages:

apt-get install wget unzip

Download roxctl:

cd /usr/local/bin
wget https://mirror.openshift.com/pub/rhacs/assets/3.69.0/bin/Linux/roxctl
chmod +x roxctl

Check the tags available at https://quay.io/repository/stackrox-io/main?tab=tags

Clone the project:

git clone https://github.com/stackrox/stackrox
cd stackrox

Edit the script

vim deploy/common/k8sbased.sh

Edit line 101 and change from use_docker=1 to use_docker=0.

Start the installer with the tag you want to deploy

MAIN_IMAGE_TAG=3.69.x-nightly-20220402 ./deploy/k8s/deploy-local.sh

After a couple of minutes, it should tell you that everything is installed.

You can create your ingress now:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: stackrox-ingress
  namespace: stackrox
  annotations:
  kubernetes.io/ingress.class: traefik
  cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
  - secretName: stackrox-tls
    hosts:
    - stackrox.example.org
  rules:
  - host: stackrox.example.org
  http:
    paths:
    - path: /
      pathType: Prefix
      backend:
      service:
        name: central
        port:
          number: 443

Apply:

kubectl apply -f ingress.yaml

Head over to https://stackrox.example.org

You would find the admin password under ./deploy/k8s/central-deploy/password

Success!

If you want to uninstall:

kubectl delete podsecuritypolicy stackrox-central
kubectl delete podsecuritypolicy stackrox-scanner
kubectl delete clusterrole stackrox-central-psp
kubectl delete clusterrole stackrox-scanner-psp
kubectl delete ns stackrox


Thanks for reading this post!


Did you find an issue in this article?

- click on the following Github link
- log into Github with your account
- click on the line number containing the error
- click on the "..." button
- choose "Reference in new issue"
- add a title and your comment
- click "Submit new issue"

Your feedback is much appreciated! πŸ€œπŸΌπŸ€›πŸΌ

You can also drop me a line below!