This repository contains a demo / example of Rode's functionality.
Included in the repo is a /tf
folder that includes the necessary Terraform automation to deploy the services required to run Rode.
This demo sets up a Jenkins CI server that will have a job pointed at the Rode Demo App, which is a sample hello-world node app based on an Alpine image with two known medium vulnerabilities.
Simply change the base image in the Dockerfile to node:current-alpine3.12
, to resolve the vulnerabilities.
- Terraform >= 0.13.0
- Terragrunt
- A Kubernetes cluster (the cluster that comes with Docker Desktop for Mac is recommended)
- kubectl
For local access to Jenkins and Harbor through the created ingress, new entries need to be created inside your local hosts file.
sudo vi /etc/hosts
Copy and paste the lines below to your /etc/hosts file.
127.0.0.1 harbor.localhost
127.0.0.1 jenkins.localhost
127.0.0.1 rode-ui.localhost
127.0.0.1 sonarqube.localhost
Additionally, a rewrite may need to be added to your clusters DNS server to send Harbor traffic through the nginx controller. Automation is in place to update the CoreDNS configmap to include this rewrite, but in the event of a failed image deployment to Harbor inside the cluster, you may look to add the rewrite show below in the data block. (If your cluster is
not using CoreDNS, you can disable this automation by setting the variable update_coredns
to false. You will need to find another way to direct traffic to Harbor.)
rewrite name harbor.localhost ingress-nginx-controller.nginx.svc.cluster.local
To deploy the Rode stack locally, switch to the tf/local
directory, then run
terragrunt apply
To retrieve the Jenkins admin password for authentication use the command below to copy it to your clipboard.
kubectl get secret -n jenkins jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode | pbcopy
To retrieve the Harbor admin password for authentication use the command below to copy it to your clipboard.
kubectl get secret -n rode-demo-harbor harbor-harbor-core -o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 --decode | pbcopy
To access the SonarQube instance, retrieve the password by using the following command:
kubectl -n rode-demo-sonarqube get secret sonarqube-admin-credentials -o jsonpath="{.data.password}" | base64 --decode | pbcopy
When running locally using an auto-generated certificate for Harbor, you will need to add Harbor as an insecure Docker registry.
Before pushing an image, you will need to log in to Harbor using the Docker CLI:
$ docker login harbor.localhost -u admin -p ${admin_password}
Then, you can push an image using docker push
. We recommend pulling an existing image, tagging it, then pushing it to Harbor:
$ docker pull alpine:latest
$ docker tag alpine:latest harbor.localhost/rode-demo/alpine:latest
$ docker push harbor.localhost/rode-demo/alpine:latest