eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/how-to/operations
History
Erich Blume d021b3534f
All checks were successful
Build Container / detect (push) Successful in 4s
Details
Build Container / build-dockerfile (prowler) (push) Successful in 10s
Details
Deploy Prowler CIS scanner (#310) 
## Summary
- Deploy Prowler 5 as a weekly CronJob on minikube-indri for CIS Kubernetes Benchmark v1.11 scanning
- Custom slim container build (strips PowerShell, Trivy, and non-K8s providers from upstream)
- Reports (HTML, CSV, JSON-OCSF) written to NFS share on sifaka at `/volume1/reports/prowler/`
- Read-only ClusterRole for pod, RBAC, and control plane inspection
- Host path mounts + hostPID for kubelet file permission checks

## Follow-ups
- Mirror prowler-cloud/prowler on forge for supply chain control
- Build and push container image, update kustomization.yaml newTag
- Consider adding k3s-ringtail scanning (core + RBAC checks only)

## Test plan
- [ ] Build container: `mise run container-release prowler v5.22.0`
- [ ] Update `argocd/manifests/prowler/kustomization.yaml` newTag to built image tag
- [ ] Sync ArgoCD: `argocd app sync apps && argocd app set prowler --revision deploy-prowler && argocd app sync prowler`
- [ ] Trigger manual job: `kubectl create job --from=cronjob/prowler prowler-manual -n prowler --context=minikube-indri`
- [ ] Verify reports appear on sifaka NFS share
- [ ] `mise run services-check`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #310
2026-03-24 16:08:09 -07:00
..
connect-to-postgres.md Review gandi-operations doc and reorganize how-to guides (#200) 2026-02-17 07:29:33 -08:00
deploy-prowler.md Deploy Prowler CIS scanner (#310) 2026-03-24 16:08:09 -07:00
manage-flyio-proxy.md Review manage-flyio-proxy.md — no issues found 2026-03-07 09:03:46 -08:00
read-compliance-reports.md Deploy Prowler CIS scanner (#310) 2026-03-24 16:08:09 -07:00
restart-indri.md Review restart-indri doc: fix Caddy/Jellyfin service management, fix docs-preview path handling 2026-03-14 10:09:38 -07:00
restore-1password-backup.md Review restore-1password-backup doc: fix offsite TBD, clarify archive name, add BorgBase to backups 2026-03-15 10:13:07 -07:00
run-1password-backup.md Review operations docs: add last-reviewed dates and improve troubleshooting 2026-03-16 07:38:02 -07:00
troubleshooting.md Review operations docs: add last-reviewed dates and improve troubleshooting 2026-03-16 07:38:02 -07:00