Welcome to the Linux Foundation Forum!

How to deploy OWASP Dependency Track on GCP (prod ready)

Hey colleagues,

I found that the guide in the course was insufficient.

There is a very well written guide by a Goolge employee about how to deploy it: https://cloud.google.com/community/tutorials/deploy-dependency-track

It is based on endpoints (no need to reserve a domain name), secure database connection and other good stuff!

TIPS

I had to verify some of the commands which are not explained in that guide:

  • https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#gsa
    gcloud iam service-accounts add-iam-policy-binding \
    --role="roles/iam.workloadIdentityUser" \
    --member="serviceAccount:YOUR-GOOGLE-CLOUD-PROJECT.svc.id.goog[YOUR-K8S-NAMESPACE/YOUR-KSA-NAME]" \
    YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com

  • gcloud compute addresses create google-managed-services-dependency-track --global --purpose VPC_PEERING --prefix-length=20 --network dependency-track (the google-managed-services prefix is required to be present)

I had some issues with Kustomize because it appends a hash to the name of the configmaps/secrets. This results in containers not being able to find them and erroring with "CreateContainerConfigError". The containers expect a static name. So, I disabled this feature and the containers started.

Kind regards

Categories

Upcoming Training