Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-1173

Stackrox (Red Hat Advanced Cluster Security for Kubernetes) Collection for Ansible

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • 0
    • 0% 0%

      Security is becoming a bigger concern in the marketing especially in the area of container-native where experience and best practices are lacking. Further, the acquisition of Stackrox by Red Hat was highly touted and an integral part of the OpenShift plus offering as the Advanced Cluster Security for Kubernetes (ACS). Ansible automation support would be desirable if not strategic.

      Proposed Solution

      Create the means for automating the management and workflow of stackrox/ACS container security operations in Ansible that are analogous to roxctl, the stackrox CLI.

      Requirements

      This collection should provide an Ansible-native solution equivalent of roxctl, the stackrox CLI. These roxctl commands include:

      • central backup
      • central db restore
      • sensor generate k8s|openshift
      • sensor get-bundle
      • cluster delete
      • deployment check
      • image check
      • image scan
      • central debug log
      • central debug dump

      This collection should have authentication options built-in to its interface in a way that can be utilized by the AAP controller.

      This collection should include documentation for viewing logs using the k8s_log module.

      User Experience 

      This solution should conform to the standard recommended Ansible practices. It should reduce the knowledge and time necessary to automate these use cases by abstracting implementation details and error handling and avoiding programming constructs at the play level with a concise declarative style interface. It should provide user conveniences such as reasonable parameter defaults and support of module defaults. The solution should also integrate with the Ansible Platform controller services such as its integrated credential management.

      Documentation

      The integrations and functionality described will require new documentation for each piece of content.

      Use Cases

      • Backup and Restore of the Central Database
      • Generating Sensor Deployment files for K8s and OCP
      • Downloading Sensor bundle for existing clusters
      • Deleting cluster integration
      • Checking policy compliance of deployment YAML files, images and image scan results
      • Managing stackrox log levels
      • Producing stackrox debugging dumps

       

            mferrari@redhat.com Massimo Ferrari
            rht-tima Timothy Appnel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: