Add local deployment instructions

adevinta · Jun 2, 2023 · 8d53484 · 8d53484
1 parent 365d6c1
commit 8d53484
Show file tree

Hide file tree

Showing 7 changed files with 636 additions and 1,023 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,3 @@
 *.tgz
 Chart.lock
-
+private.yaml
diff --git a/README.md b/README.md
@@ -43,3 +43,74 @@ Before committing changes execute the following commands:
 # Review the updated files and add to the repository.
 git add .
 ```
+
+## Running in a local cluster
+
+Follow this instructions to deploy vulcan in your local cluster.
+The service will be available at <https://www.localhost.direct/>.
+We use <https://k3d.io> but `Kind` should work, the requirement is to expose the ingress on 127.0.0.1:80/443 ports.
+
+- Start your cluster.
+
+  ```sh
+  # Start the cluster on standard ports
+  k3d cluster create --port 80:80@Loadbalancer --port 443:443@Loadbalancer
+  ```
+
+- Create your SAML application with this callback URL <https://www.localhost.direct/api/v1/login/callback>.
+- Set the configuration (i.e. in `private.yaml`).
+
+  ```yaml
+  api:
+    conf:
+      saml:
+        metadata: https://example.okta.com/app/myclientid/sso/saml/metadata
+        issuer: http://www.okta.com/myclientid
+  ````
+
+- Install the application.
+
+  ```sh
+  # Install vulcan.
+  helm upgrade --install vulcan stable/vulcan -f examples/local.yaml -f private.yaml
+
+  # Wait for the pods to be in a RUNNING state
+  kubectl get pods
+  ```
+
+- Access the UI <https://www.localhost.direct/>
+  - Create your team/s.
+  - Add your asset/s.
+  - Generate your token in <https://www.localhost.direct/api/v1/home>.
+
+- Load the checks.
+
+  ```sh
+  # Load the default checks from https://github.com/adevinta/vulcan-checks
+  tools/load-checks.sh
+  ```
+
+- Create a scan for your team.
+
+  ```sh
+  TOKEN=your-token
+
+  # Find your team_id and set $TEAM_ID
+  curl -H "Authorization: Bearer $TOKEN" -s https://www.localhost.direct/api/v1/teams
+
+  TEAM_ID=your-team_id
+
+  # Launch a scan
+  curl -H "Authorization: Bearer $TOKEN"  -H 'Accept: scan' -H 'Content-Type: application/json' -s \
+    --data '{"program_id": "periodic-full-scan"}' \
+    https://www.localhost.direct/api/v1/teams/$TEAN_ID/scans
+  ```
+
+- Start the agent to process the checks
+
+  ```sh
+  # Start the agent
+  tools/agent.sh
+  ````
+
+- See the findings in <https://www.localhost.direct/> --> `Security` --> `Live report`.