stackrox · JoukoVirtanen · Feb 9, 2026 · Feb 9, 2026 · Feb 13, 2026
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -eou pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+"${STACKROX_DIR}/deploy/k8s/sensor.sh"
+kubectl -n stackrox create secret generic access-rhacs \
+  --from-literal="username=${ROX_ADMIN_USERNAME}" \
+  --from-literal="password=${ROX_ADMIN_PASSWORD}" \
+  --from-literal="central_url=${CLUSTER_API_ENDPOINT}"
+
+# Create the collector-config ConfigMap in order to enable external IPs
+kubectl create -f "${SCRIPT_DIR}/collector-config.yaml"
+
+echo "Deploying Monitoring..."
+monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml"
+
+helm_args=(
+  --set persistence.type="${STORAGE}"
+  --set exposure.type="${MONITORING_LOAD_BALANCER}"
+  --set resources.requests.memory="8Gi"
+  --set resources.limits.memory="8Gi"
+  --set-json 'metricRelabelConfigs=[{"source_labels":["container"],"regex":"berserker","action":"drop"},{"source_labels":["namespace"],"regex":"berserker-.*","action":"drop"}]'
+)
+
+helm dependency update "${COMMON_DIR}/../charts/monitoring"
+envsubst < "$monitoring_values_file" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"
+helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}"
+rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+set -eou pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+"${STACKROX_DIR}/deploy/k8s/sensor.sh"
+kubectl -n stackrox create secret generic access-rhacs \
+  --from-literal="username=${ROX_ADMIN_USERNAME}" \
+  --from-literal="password=${ROX_ADMIN_PASSWORD}" \
+  --from-literal="central_url=${CLUSTER_API_ENDPOINT}"
+
+# Create the collector-config ConfigMap in order to enable external IPs
+kubectl create -f "${SCRIPT_DIR}/collector-config.yaml"
+
+echo "Deploying Monitoring..."
+monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml"
+yq -i '.resources.requests.memory = "8Gi"' "$monitoring_values_file"
+yq -i '.resources.limits.memory = "8Gi"' "$monitoring_values_file"
+
+helm_args=(
+  --set persistence.type="${STORAGE}"
+  --set exposure.type="${MONITORING_LOAD_BALANCER}"
+)
+
+helm dependency update "${COMMON_DIR}/../charts/monitoring"
+envsubst < "$monitoring_values_file" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"
+helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}"
+rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"
+
+# Replace the prometheus ConfigMap with one that doesn't scrape as much info from berserker containers
+kubectl -n stackrox delete configmap prometheus
+kubectl create -f "${SCRIPT_DIR}"/prometheus.yaml
@@ -3,30 +3,15 @@ set -eou pipefail
 
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 
-"${STACKROX_DIR}/deploy/k8s/sensor.sh"
-kubectl -n stackrox create secret generic access-rhacs \
-  --from-literal="username=${ROX_ADMIN_USERNAME}" \
-  --from-literal="password=${ROX_ADMIN_PASSWORD}" \
-  --from-literal="central_url=${CLUSTER_API_ENDPOINT}"
+# Extract version from MAIN_IMAGE_TAG (e.g., "4.11.0-rc.2" -> "4.11")
+version_major_minor=$(echo "${MAIN_IMAGE_TAG}" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
 
-# Create the collector-config ConfigMap in order to enable external IPs
-kubectl create -f "${SCRIPT_DIR}/collector-config.yaml"
-
-echo "Deploying Monitoring..."
-monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml"
-yq -i '.resources.requests.memory = "8Gi"' "$monitoring_values_file"
-yq -i '.resources.limits.memory = "8Gi"' "$monitoring_values_file"
-
-helm_args=(
-  --set persistence.type="${STORAGE}"
-  --set exposure.type="${MONITORING_LOAD_BALANCER}"
-)
-
-helm dependency update "${COMMON_DIR}/../charts/monitoring"
-envsubst < "$monitoring_values_file" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"
-helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}"
-rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml"
-
-# Replace the prometheus ConfigMap with one that doesn't scrape as much info from berserker containers
-kubectl -n stackrox delete configmap prometheus
-kubectl create -f "${SCRIPT_DIR}"/prometheus.yaml
+# Compare version to determine which script to use
+# Use bc for floating point comparison
+if (( $(echo "$version_major_minor >= 4.11" | bc -l) )); then
+  echo "Using ACS 4.11+ secured cluster setup (version: ${version_major_minor})"
+  exec "${SCRIPT_DIR}/start-secured-cluster-4.11plus.sh"
+else
+  echo "Using ACS pre-4.11 secured cluster setup (version: ${version_major_minor})"
+  exec "${SCRIPT_DIR}/start-secured-cluster-pre4.11.sh"
+fi