Set berserker config via url

.github/workflows/create-demo-clusters.yml

@@ -31,6 +31,14 @@ on:
       kube-burner-config-repo:
         description: The repository where the kube-burner config files can be found
         type: string
+      berserker-config-repo:
+        description: The repository where the berserker kube-burner config files can be found
+        type: string
+        default: JoukoVirtanen/kube-burner-ocp
+      berserker-config-ref:
+        description: Ref of where the berserker kube-burner config files can be found
+        type: string
+        default: jv-add-berserker-workload-2
       cluster-with-fake-load-name:
         description: "The name of the long running cluster where the central deployment is run with a sensor that creates its own fake workload. Must comply to the regex: [a-z][a-z0-9-]{1,26}[a-z0-9]"
         type: string
@@ -472,6 +480,12 @@ jobs:
           repository: stackrox/${{ inputs.kube-burner-config-repo }}
           path: .kube-burner-config
           ref: ${{ needs.parse-refs.outputs.burner-ref }}
+      - name: Check out berserker config repository code
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ inputs.berserker-config-repo }}
+          path: .berserker-config
+          ref: ${{ inputs.berserker-config-ref }}
       # TODO(ROX-29223): Remove once old versions don't use the benchmark-operator
       - name: Check out cloud-bulldozer/benchmark-operator code
         run: |
@@ -501,9 +515,12 @@ jobs:
           REGISTRY_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }}
           REGISTRY_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }}
           ELASTICSEARCH_URL: "https://${{ secrets.K6_ELASTICSEARCH_USER }}:${{ secrets.K6_ELASTICSEARCH_PASSWORD }}@${{ secrets.K6_ELASTICSEARCH_URL }}"
+          BERSERKER_CONFIGMAP_TEMPLATE: "https://raw.githubusercontent.com/${{ inputs.berserker-config-repo }}/${{ inputs.berserker-config-ref }}/cmd/config/berserker-load/berserker-all-configs.yml"
+          BERSERKER_DAEMONSET_TEMPLATE: "https://raw.githubusercontent.com/${{ inputs.berserker-config-repo }}/${{ inputs.berserker-config-ref }}/cmd/config/berserker-load/berserker-all-loads.yml"
+          BERSERKER_SERVICE_TEMPLATE: "https://raw.githubusercontent.com/${{ inputs.berserker-config-repo }}/${{ inputs.berserker-config-ref }}/cmd/config/berserker-load/service.yml"
         uses: ./.actions/release/start-kube-burner
         with:
-          kube-burner-config-dir: ./.kube-burner-config/scripts/release-tools/kube-burner-configs/berserker-load
+          kube-burner-config-dir: ./.berserker-config/cmd/config/berserker-load
           benchmark-operator-dir: ${{ github.workspace }}/benchmark-operator
 
   start-kube-burner-for-central:

release/start-kube-burner/kube-burner.yaml

@@ -60,6 +60,21 @@ spec:
             secretKeyRef:
               name: kube-burner-secret
               key: METRICS_TIME_STEP
+        - name: BERSERKER_CONFIGMAP_TEMPLATE
+          valueFrom:
+            secretKeyRef:
+              name: kube-burner-secret
+              key: BERSERKER_CONFIGMAP_TEMPLATE
+        - name: BERSERKER_DAEMONSET_TEMPLATE
+          valueFrom:
+            secretKeyRef:
+              name: kube-burner-secret
+              key: BERSERKER_DAEMONSET_TEMPLATE
+        - name: BERSERKER_SERVICE_TEMPLATE
+          valueFrom:
+            secretKeyRef:
+              name: kube-burner-secret
+              key: BERSERKER_SERVICE_TEMPLATE
       volumes:
       - name: config
         configMap:

release/start-kube-burner/start-kube-burner.sh

@@ -27,8 +27,10 @@ dockerconfigjson="$(kubectl -n stackrox get secret stackrox -o yaml | grep docke
 secret_template="${KUBE_BURNER_CONFIG_DIR_BASE}/secret_template.yml"
 secret_file="${KUBE_BURNER_CONFIG_DIR}/secret.yml"
 
-gh_log notice "Patching $secret_template"
-sed "s|__DOCKERCONFIGJSON__|$dockerconfigjson|" "$secret_template" > "$secret_file" 
+if [ -f "$secret_template" ]; then
+  gh_log notice "Patching $secret_template"
+  sed "s|__DOCKERCONFIGJSON__|$dockerconfigjson|" "$secret_template" > "$secret_file"
+fi
 
 kubectl create ns kube-burner
 
@@ -50,6 +52,9 @@ kubectl create secret generic kube-burner-secret \
     --from-literal=UUID="$uuid" \
     --from-literal=METRICS_COLLECTION_TIME="$METRICS_COLLECTION_TIME" \
     --from-literal=METRICS_TIME_STEP="5m" \
+    --from-literal=BERSERKER_CONFIGMAP_TEMPLATE="${BERSERKER_CONFIGMAP_TEMPLATE}" \
+    --from-literal=BERSERKER_DAEMONSET_TEMPLATE="${BERSERKER_DAEMONSET_TEMPLATE}" \
+    --from-literal=BERSERKER_SERVICE_TEMPLATE="${BERSERKER_SERVICE_TEMPLATE}" \
     --namespace=kube-burner
 
 kubectl create -f "${DIR}"/kube-burner.yaml

release/start-secured-cluster/action.yml

@@ -60,6 +60,9 @@ runs:
         STACKROX_DIR: ${{ github.workspace }}
         COMMON_DIR: ${{ github.workspace }}/deploy/common
         SECURED_CLUSTER_AUTO_LOCK_PROCESS_BASELINES: "true"
+        SFA_AGENT: "true"
+        SENSOR_HELM_DEPLOY: "true"
+        ROX_DEPLOY_SENSOR_WITH_CRS: "false"
         ROX_NETFLOW_BATCHING: "true"
         ROX_NETFLOW_CACHE_LIMITING: "true"
       run: |

release/start-secured-cluster/start-secured-cluster.sh

@@ -19,7 +19,26 @@ else
   echo "Using ACS pre-4.11 secured cluster setup (version: ${version_major_minor})"
 fi
 
+# Create namespace and image pull secrets BEFORE running sensor.sh
+kubectl create namespace stackrox || true
+
+kubectl -n stackrox create secret docker-registry stackrox \
+  --docker-server=quay.io \
+  --docker-username="${REGISTRY_USERNAME}" \
+  --docker-password="${REGISTRY_PASSWORD}" || true
+
+kubectl -n stackrox create secret docker-registry secured-cluster-services-main \
+  --docker-server=quay.io \
+  --docker-username="${REGISTRY_USERNAME}" \
+  --docker-password="${REGISTRY_PASSWORD}" || true
+
+kubectl -n stackrox create secret docker-registry secured-cluster-services-collector \
+  --docker-server=quay.io \
+  --docker-username="${REGISTRY_USERNAME}" \
+  --docker-password="${REGISTRY_PASSWORD}" || true
+
 "${STACKROX_DIR}/deploy/k8s/sensor.sh"
+
 kubectl -n stackrox create secret generic access-rhacs \
   --from-literal="username=${ROX_ADMIN_USERNAME}" \
   --from-literal="password=${ROX_ADMIN_PASSWORD}" \
@@ -28,6 +47,9 @@ kubectl -n stackrox create secret generic access-rhacs \
 # Create the collector-config ConfigMap in order to enable external IPs
 kubectl create -f "${SCRIPT_DIR}/collector-config.yaml"
 
+# Patch the collector DaemonSet to configure fact container
+kubectl -n stackrox set env daemonset/collector FACT_PATHS="/tmp/data/**/*" FACT_LOGLEVEL="info" -c fact
+
 echo "Deploying Monitoring..."
 monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml"