Skip to content

ROX-34390: Add file activity to berserker load in long running clusters #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JoukoVirtanen wants to merge 12 commits into
base: main
Choose a base branch
from
Open

ROX-34390: Add file activity to berserker load in long running clusters #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
b1811f8
X-Smart-Branch-Parent: main
JoukoVirtanen Apr 22, 2026
7ea0587
Fact should be deployed
JoukoVirtanen Apr 22, 2026
db0dcc8
Patching fact to monitor /tmp/data
JoukoVirtanen Apr 22, 2026
1ad4bea
Set run length to 5h temporarily
JoukoVirtanen Apr 22, 2026
dffc558
Using set env instead of patch
JoukoVirtanen Apr 23, 2026
20e0b8c
Using SENSOR_HELM_DEPLOY
JoukoVirtanen Apr 23, 2026
bd96551
Set SENSOR_HELM_MANAGED to false
JoukoVirtanen Apr 23, 2026
3398aa7
Not setting SENSOR_HELM_MANAGED to false. Setting ROX_DEPLOY_SENSOR_W…
JoukoVirtanen Apr 23, 2026
b441426
Trying to create image pull secret
JoukoVirtanen Apr 24, 2026
539b3d1
Reduced long running cluster time to 3h
JoukoVirtanen Apr 24, 2026
3037952
FACT_LOGLEVEL set to info
JoukoVirtanen Apr 26, 2026
8beb1e8
Set lifespan back to 168h
JoukoVirtanen Apr 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions release/start-secured-cluster/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ runs:
STACKROX_DIR: ${{ github.workspace }}
COMMON_DIR: ${{ github.workspace }}/deploy/common
SECURED_CLUSTER_AUTO_LOCK_PROCESS_BASELINES: "true"
SFA_AGENT: "true"
SENSOR_HELM_DEPLOY: "true"
Copy link
Copy Markdown
Contributor Author

@JoukoVirtanen JoukoVirtanen Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SFA_AGENT only works with helm deploy, so we are switching to that.

ROX_DEPLOY_SENSOR_WITH_CRS: "false"
ROX_NETFLOW_BATCHING: "true"
ROX_NETFLOW_CACHE_LIMITING: "true"
run: |
Expand Down
22 changes: 22 additions & 0 deletions release/start-secured-cluster/start-secured-cluster.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,26 @@ else
echo "Using ACS pre-4.11 secured cluster setup (version: ${version_major_minor})"
fi

# Create namespace and image pull secrets BEFORE running sensor.sh
kubectl create namespace stackrox || true

kubectl -n stackrox create secret docker-registry stackrox \
Copy link
Copy Markdown
Contributor Author

@JoukoVirtanen JoukoVirtanen Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With helm deploy the secrets will not get created in the same way that they were before.

--docker-server=quay.io \
--docker-username="${REGISTRY_USERNAME}" \
--docker-password="${REGISTRY_PASSWORD}" || true

kubectl -n stackrox create secret docker-registry secured-cluster-services-main \
--docker-server=quay.io \
--docker-username="${REGISTRY_USERNAME}" \
--docker-password="${REGISTRY_PASSWORD}" || true

kubectl -n stackrox create secret docker-registry secured-cluster-services-collector \
--docker-server=quay.io \
--docker-username="${REGISTRY_USERNAME}" \
--docker-password="${REGISTRY_PASSWORD}" || true

"${STACKROX_DIR}/deploy/k8s/sensor.sh"

kubectl -n stackrox create secret generic access-rhacs \
--from-literal="username=${ROX_ADMIN_USERNAME}" \
--from-literal="password=${ROX_ADMIN_PASSWORD}" \
Expand All @@ -28,6 +47,9 @@ kubectl -n stackrox create secret generic access-rhacs \
# Create the collector-config ConfigMap in order to enable external IPs
kubectl create -f "${SCRIPT_DIR}/collector-config.yaml"

# Patch the collector DaemonSet to configure fact container
kubectl -n stackrox set env daemonset/collector FACT_PATHS="/tmp/data/**/*" FACT_LOGLEVEL="info" -c fact

echo "Deploying Monitoring..."
monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml"

Expand Down
Loading