.github/workflows/minikube-security-ci.yml
name: Minikube Security CI
on:
push:
branches:
- master
paths:
- "application/**"
- "kubernetes/**"
- ".github/workflows/minikube-security-ci.yml"
pull_request:
paths:
- ".github/workflows/minikube-security-ci.yml"
jobs:
security-ci:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4.1.7
- name: start minikube
uses: medyagh/setup-minikube@v0.0.18
with:
minikube-version: 1.31.0
kubernetes-version: 1.31.1
driver: docker
container-runtime: docker
cpus: 2
memory: 6144
addons: ingress
- name: minikube settings
run: |
minikube addons list
# https://minikube.sigs.k8s.io/docs/drivers/docker/#troubleshooting
sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
- name: wait for set up ingress
run: |
kubectl wait --all-namespaces=true --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=10m
- name: add hosts
run: echo `minikube ip` k8s.3tier.webapp | sudo tee -a /etc/hosts
- name: apply minimal service
run: |
kubectl apply -f kubernetes/nginx/nginx-ingress.yaml
kubectl apply -f kubernetes/nginx/nginx-deployment.yaml
kubectl apply -f kubernetes/nginx/nginx-service.yaml
sleep 10
- name: ZAP Scan
uses: zaproxy/action-baseline@v0.12.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
target: "http://k8s.3tier.webapp/"
- name: check status
if: always()
run: |
kubectl get po --all-namespaces=true
kubectl get nodes
kubectl get pv
kubectl get pvc
kubectl get all
kubectl get all -n monitoring
kubectl get ingress
df -h /