Progress on exercise 4.

data/workshop/README.org

@@ -29,3 +29,70 @@ spec:
     customProductName: ACME Financial Services OpenShift Console
 EOF
 #+end_src
+
+* Deploy the vulnerable workload
+
+#+begin_src tmux
+cat << EOF | oc apply --filename -
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: prd-acme-payments
+
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: prd-acme-payments-processor
+  namespace: prd-acme-payments
+  labels:
+    app: payments-processor
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      deployment: prd-acme-payments-processor
+  template:
+    metadata:
+      labels:
+        deployment: prd-acme-payments-processor
+    spec:
+      containers:
+        - name: literally-log4shell
+          image: quay.io/smileyfritz/log4shell-app:v0.5
+          securityContext:
+            capabilities:
+              add:
+                - SYS_ADMIN
+                - NET_ADMIN
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: unix-socket
+              mountPath: /var/run/crio/crio.sock
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
+      volumes:
+        - name: unix-socket
+          hostPath:
+            path: /var/run/crio/crio.sock
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 25%
+      maxSurge: 25%
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
+EOF
+
+oc adm policy add-scc-to-user privileged -z default -n prd-acme-payments
+#+end_src