Getting started
The fastest way to evaluate SARC is locally on k3d (no cloud cost, ~5 minutes). The fastest path to a customer-meaningful install is AWS EKS via the bootstrap scripts.
Local install (k3d)
Section titled “Local install (k3d)”Prerequisites:
- Linux or macOS workstation with Docker
nix(the repo ships a flake withdirenv-loaded toolchain)- A Kosli API token (free trial fine) — sign up at kosli.com
git clone git@gitlab.com:compliance-calitii/sarc.gitcd sarcdirenv allow # loads .envrc with all the tools
cp .envrc.example .envrc$EDITOR .envrc # populate KOSLI_API_TOKEN at minimumdirenv allow
just demo-up-k3d # cluster + ingress + cert-manager + podtato + portaljust portal-url dev # opens http://portal.karc.localtest.me:8080Login as admin@karc.local. The seeded compliance controls, demo services, sample ServiceNow records (if SN credentials are set), and demo CRs come up automatically.
AWS EKS install (production-shaped)
Section titled “AWS EKS install (production-shaped)”Aimed at customers who want to evaluate SARC running in their own cloud. Time: 30–60 min for the cluster, another 15 min for the portal.
Prerequisites:
- AWS account with admin access for the bootstrap (subsequent operation runs with scoped IAM roles)
- Kosli org + API token
- A ServiceNow instance (PDI is fine for evaluation)
export TARGET_CLOUD=awsexport AWS_REGION=eu-west-2 # or your preferred region
cd infra/awsterraform init -backend-config=backend.hclterraform apply # creates EKS cluster + IRSA + ECR + VPC
cd ../..scripts/bootstrap-secrets-aws.sh # populates Secrets Manager + ExternalSecret CRDsbash gitops/argocd/install.sh # installs ArgoCD + applies ApplicationSets
# After ArgoCD reports Synced+Healthy:just portal-url dev # opens https://portal.<elb-ip>.nip.ioFor Azure (AKS) and GCP (GKE), the same shape — see docs/clouds/ in the repo.
What to do once it’s up
Section titled “What to do once it’s up”- Verify compliance dashboard at
/t/demo/complianceshows the 7 framework cards (SOX, PCI-DSS, PSD2, DORA, ISO 27001, NIST 800-53, SOC 2). - Trigger a deployment (
just deploy-portal dev <cloud>) and watch the pipeline + CR enrichment fire end to end. - Export an evidence pack at
/t/demo/compliance/evidenceto verify PDF rendering works against your install. - Send a magic-link AUDITOR invite at
/t/demo/settings/auditorsso your auditor can log into their own read-only session. - Follow one of the demo scripts end to end.
Troubleshooting
Section titled “Troubleshooting”- Pipeline failures, runner-pool errors: see the runbook at docs/ci/gitlab/ in the repo.
- ArgoCD stuck in
Progressing: usually waiting on a Pod that won’t reachReady.kubectl describe pod -n karc-<env>tells the story. - Portal won’t load: check the karc-portal Helm release status (
helm status karc-portal -n karc-<env>) and the Pod logs. The chart historically showsfailedstatus because of a known bitnami-redis StatefulSet patch issue — actual portal Pods are still Ready; check the pods, not the release status. - Kosli or ServiceNow integration not visible: confirm
TenantConfighas the credentials populated (encrypted at rest) via/t/<tenant>/settings/kosliand/t/<tenant>/settings/servicenow.
- Architecture — what’s running and where
- Configuration — every knob explained
- Implementation playbook — what the 4–8-week engagement looks like