Welcome to the Linux Foundation Forum!

How to deploy OWASP Dependency Track on GCP (prod ready)

Hey colleagues,

I found that the guide in the course was insufficient.

There is a very well written guide by a Goolge employee about how to deploy it: https://cloud.google.com/community/tutorials/deploy-dependency-track

It is based on endpoints (no need to reserve a domain name), secure database connection and other good stuff!

TIPS

I had to verify some of the commands which are not explained in that guide:

  • https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#gsa
    gcloud iam service-accounts add-iam-policy-binding \
    --role="roles/iam.workloadIdentityUser" \
    --member="serviceAccount:YOUR-GOOGLE-CLOUD-PROJECT.svc.id.goog[YOUR-K8S-NAMESPACE/YOUR-KSA-NAME]" \
    YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com

  • gcloud compute addresses create google-managed-services-dependency-track --global --purpose VPC_PEERING --prefix-length=20 --network dependency-track (the google-managed-services prefix is required to be present)

I had some issues with Kustomize because it appends a hash to the name of the configmaps/secrets. This results in containers not being able to find them and erroring with "CreateContainerConfigError". The containers expect a static name. So, I disabled this feature and the containers started.

Kind regards

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training