This project aims to contenairize the Spinalcom Building operating system to improve the appliation portability and security.
- Overview of Cloud Native Security
- Pod security policy standards
- CIS Kubernetes Security Benchmark
- Dockerfile Best Practices
- Building a trusted software supply chain
Git submodules are only referenced to track the various SpinalCom repository, they are not actively used in container builds.
The following guide describes the steps to acheive the Spinal-Core deployment in Azure Kubernetes Service.
- Run the following commands to create the Kubernetes namespace and populate shared persitent volumes with the example dataset.
# Namespace
kubectl apply -f deploy/aks/00_spinalcom-ns.yaml
# Persistent volumes
kubectl apply -f deploy/aks/01_azurefile-csi-nfs-sc.yaml
kubectl apply -f deploy/aks/01_azurefile-csi-smb-sc.yaml
kubectl apply -f deploy/aks/02_spinal-core-hub-pvc.yaml
# Dataset provisionner
kubectl apply -f deploy/aks/dataset-provisioner-sec.yaml
kubectl apply -f deploy/aks/dataset-provisioner-job.yaml
kubectl -n spinalcom wait --for=condition=complete --timeout=5m job/dataset-provisioner
- One the dataset provisioning completed, run the following command to deploy Spinal-Core's application services.
kubectl apply -f deploy/aks/
In certain failure conditions, the memory/dump.db
file can get deleted by the core-hub
pod.
Run the following command to restart the dataset-provisioner
job.
kubectl -n spinalcom get job "dataset-provisioner" -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f -
To remove a submodule you need to:
- Remove the relevant section from the
.gitmodules
file. - Stage the
.gitmodules
changesgit add .gitmodules
- Delete the relevant section from
.git/config
. - Run
git rm --cached path_to_submodule
(no trailing slash). - Run
rm -rf .git/modules/path_to_submodule
(no trailing slash). - Commit
git commit -m "Removed submodule"
- Delete the now untracked submodule files
rm -rf path_to_submodule