From ccc1df4765d216bebc63c5dc9b7930669bd728bc Mon Sep 17 00:00:00 2001 From: Priya Date: Fri, 6 Sep 2024 12:09:21 +0530 Subject: [PATCH 1/4] charts updated --- cis-k8s-job/templates/cis-job.yaml | 113 ------------ cis-k8s-job/values.yaml | 12 -- {cis-k8s-job => k8s-jobs}/.helmignore | 0 k8s-jobs/Chart.yaml | 43 +++++ .../charts/cis-k8s-job}/.helmignore | 0 .../charts/cis-k8s-job}/Chart.yaml | 0 .../charts/cis-k8s-job}/README.md | 0 .../cis-k8s-job}/templates/_helpers.tpl | 0 .../charts/cis-k8s-job/templates/cis-job.yaml | 17 +- k8s-jobs/charts/cis-k8s-job/values.yaml | 7 + .../k8s-risk-assessment-job}/.helmignore | 0 .../k8s-risk-assessment-job}/Chart.yaml | 0 .../charts/k8s-risk-assessment-job}/README.md | 0 .../templates/clusterrole.yaml | 22 +++ .../templates/clusterrolebinding.yaml | 3 + .../templates/configmap.yaml | 3 + .../templates/cronjob.yaml | 27 ++- .../templates/serviceaccount.yaml | 2 + .../k8s-risk-assessment-job}/values.yaml | 10 +- .../charts/k8tls-job}/.helmignore | 0 .../charts/k8tls-job}/Chart.yaml | 0 .../charts/k8tls-job}/README.md | 0 .../charts/k8tls-job}/templates/_helpers.tpl | 0 .../charts/k8tls-job/templates/k8tls-job.yaml | 17 +- .../charts/k8tls-job}/values.yaml | 8 +- k8s-jobs/charts/kiem-job/.helmignore | 23 +++ .../charts/kiem-job}/Chart.yaml | 0 .../charts/kiem-job}/templates/_helpers.tpl | 0 .../kiem-job}/templates/deployment.yaml | 17 +- .../charts/kiem-job}/templates/job.yaml | 17 +- .../charts/kiem-job}/templates/role.yaml | 3 + .../kiem-job}/templates/rolebinding.yaml | 5 +- .../kiem-job/templates/serviceaccount.yaml | 8 + .../charts/kiem-job}/values.yaml | 8 +- k8s-jobs/values.yaml | 24 +++ .../templates/clusterrole.yaml | 172 ------------------ k8s-risk-assessment-job/templates/job.yaml | 60 ------ k8s-risk-assessment-job/templates/secret.yaml | 10 - k8tls-job/templates/k8tls-job.yaml | 47 ----- kiem-job/templates/serviceaccount.yaml | 5 - 40 files changed, 199 insertions(+), 484 deletions(-) delete mode 100644 cis-k8s-job/templates/cis-job.yaml delete mode 100644 cis-k8s-job/values.yaml rename {cis-k8s-job => k8s-jobs}/.helmignore (100%) create mode 100644 k8s-jobs/Chart.yaml rename {k8s-risk-assessment-job => k8s-jobs/charts/cis-k8s-job}/.helmignore (100%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/Chart.yaml (100%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/README.md (100%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/templates/_helpers.tpl (100%) rename cis-k8s-job/templates/cis-corn-job.yaml => k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml (90%) create mode 100644 k8s-jobs/charts/cis-k8s-job/values.yaml rename {k8tls-job => k8s-jobs/charts/k8s-risk-assessment-job}/.helmignore (100%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/Chart.yaml (100%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/README.md (100%) create mode 100644 k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/clusterrolebinding.yaml (85%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/configmap.yaml (95%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/cronjob.yaml (69%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/serviceaccount.yaml (68%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/values.yaml (60%) rename {kiem-job => k8s-jobs/charts/k8tls-job}/.helmignore (100%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/Chart.yaml (100%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/README.md (100%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/templates/_helpers.tpl (100%) rename k8tls-job/templates/k8tls-cronjob.yaml => k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml (75%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/values.yaml (50%) create mode 100644 k8s-jobs/charts/kiem-job/.helmignore rename {kiem-job => k8s-jobs/charts/kiem-job}/Chart.yaml (100%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/_helpers.tpl (100%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/deployment.yaml (77%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/job.yaml (74%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/role.yaml (92%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/rolebinding.yaml (77%) create mode 100644 k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml rename {kiem-job => k8s-jobs/charts/kiem-job}/values.yaml (53%) create mode 100644 k8s-jobs/values.yaml delete mode 100644 k8s-risk-assessment-job/templates/clusterrole.yaml delete mode 100644 k8s-risk-assessment-job/templates/job.yaml delete mode 100644 k8s-risk-assessment-job/templates/secret.yaml delete mode 100644 k8tls-job/templates/k8tls-job.yaml delete mode 100644 kiem-job/templates/serviceaccount.yaml diff --git a/cis-k8s-job/templates/cis-job.yaml b/cis-k8s-job/templates/cis-job.yaml deleted file mode 100644 index 54edf0d..0000000 --- a/cis-k8s-job/templates/cis-job.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: cis-k8s-job - namespace: {{ .Release.Namespace }} -spec: - template: - metadata: - name: cis-k8s-job - labels: - app: cis-k8s-job - spec: - containers: - - image: accuknox/accuknox-job:latest - command: ["/bin/sh", "-c"] - args: ['/bin/sh entrypoint.sh && curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KB&label_id=${LABEL_NAME}&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"./data/report.json\"" && cat /data/report.json'] - name: cis-k8s-cronjob - resources: {} - env: - - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} - - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} - - name: LABEL_NAME - value: {{ .Values.accuknox.label }} - - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterId }} - - name: TENANT_ID - value: {{ .Values.accuknox.tenantId | quote}} - - name: URL - value: {{ .Values.accuknox.url }} - volumeMounts: - - mountPath: /data - name: datapath - initContainers: - - image: docker.io/aquasec/kube-bench:v0.6.19 - command: ["/bin/sh", "-c"] - args: ["kube-bench run --json > /data/report.json"] - name: kube-bench - volumeMounts: - - mountPath: /data - name: datapath - - mountPath: /var/lib/etcd - name: var-lib-etcd - readOnly: true - - mountPath: /var/lib/kubelet - name: var-lib-kubelet - readOnly: true - - mountPath: /var/lib/kube-scheduler - name: var-lib-kube-scheduler - readOnly: true - - mountPath: /var/lib/kube-controller-manager - name: var-lib-kube-controller-manager - readOnly: true - - mountPath: /etc/systemd - name: etc-systemd - readOnly: true - - mountPath: /lib/systemd/ - name: lib-systemd - readOnly: true - - mountPath: /srv/kubernetes/ - name: srv-kubernetes - readOnly: true - - mountPath: /etc/kubernetes - name: etc-kubernetes - readOnly: true - - mountPath: /usr/local/mount-from-host/bin - name: usr-bin - readOnly: true - - mountPath: /etc/cni/net.d/ - name: etc-cni-netd - readOnly: true - - mountPath: /opt/cni/bin/ - name: opt-cni-bin - readOnly: true - hostPID: true - restartPolicy: Never - volumes: - - name: datapath - emptyDir: {} - - hostPath: - path: /var/lib/etcd - name: var-lib-etcd - - hostPath: - path: /var/lib/kubelet - name: var-lib-kubelet - - hostPath: - path: /var/lib/kube-scheduler - name: var-lib-kube-scheduler - - hostPath: - path: /var/lib/kube-controller-manager - name: var-lib-kube-controller-manager - - hostPath: - path: /etc/systemd - name: etc-systemd - - hostPath: - path: /lib/systemd - name: lib-systemd - - hostPath: - path: /srv/kubernetes - name: srv-kubernetes - - hostPath: - path: /etc/kubernetes - name: etc-kubernetes - - hostPath: - path: /usr/bin - name: usr-bin - - hostPath: - path: /etc/cni/net.d/ - name: etc-cni-netd - - hostPath: - path: /opt/cni/bin/ - name: opt-cni-bin \ No newline at end of file diff --git a/cis-k8s-job/values.yaml b/cis-k8s-job/values.yaml deleted file mode 100644 index 032aa18..0000000 --- a/cis-k8s-job/values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Default values for cis-k8s-job. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -accuknox: - authToken: "NO-TOKEN-SET" - cronTab: "30 9 * * *" - clusterName: "" - label: "" - clusterId: "" - tenantId: "" - url: "cspm.demo.accuknox.com" diff --git a/cis-k8s-job/.helmignore b/k8s-jobs/.helmignore similarity index 100% rename from cis-k8s-job/.helmignore rename to k8s-jobs/.helmignore diff --git a/k8s-jobs/Chart.yaml b/k8s-jobs/Chart.yaml new file mode 100644 index 0000000..e26d30d --- /dev/null +++ b/k8s-jobs/Chart.yaml @@ -0,0 +1,43 @@ +apiVersion: v2 +name: k8s-jobs +description: A Helm chart for managing Kubernetes jobs including CIS compliance checks, risk assessment jobs, TLS management jobs, and more. + + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +dependencies: + - name: cis-k8s-job + version: "0.1.0" + repository: "file://charts/cis-k8s-job" + condition: accuknox.cis.enabled + - name: k8s-risk-assessment-job + version: "0.1.0" + repository: "file://charts/k8s-risk-assessment-job" + condition: accuknox.riskassessment.enabled + - name: k8tls-job + version: "0.1.0" + repository: "file://charts/k8tls-job" + condition: accuknox.k8tls.enabled + - name: kiem-job + version: "0.1.0" + repository: "file://charts/kiem-job" + condition: accuknox.kiem.enabled diff --git a/k8s-risk-assessment-job/.helmignore b/k8s-jobs/charts/cis-k8s-job/.helmignore similarity index 100% rename from k8s-risk-assessment-job/.helmignore rename to k8s-jobs/charts/cis-k8s-job/.helmignore diff --git a/cis-k8s-job/Chart.yaml b/k8s-jobs/charts/cis-k8s-job/Chart.yaml similarity index 100% rename from cis-k8s-job/Chart.yaml rename to k8s-jobs/charts/cis-k8s-job/Chart.yaml diff --git a/cis-k8s-job/README.md b/k8s-jobs/charts/cis-k8s-job/README.md similarity index 100% rename from cis-k8s-job/README.md rename to k8s-jobs/charts/cis-k8s-job/README.md diff --git a/cis-k8s-job/templates/_helpers.tpl b/k8s-jobs/charts/cis-k8s-job/templates/_helpers.tpl similarity index 100% rename from cis-k8s-job/templates/_helpers.tpl rename to k8s-jobs/charts/cis-k8s-job/templates/_helpers.tpl diff --git a/cis-k8s-job/templates/cis-corn-job.yaml b/k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml similarity index 90% rename from cis-k8s-job/templates/cis-corn-job.yaml rename to k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml index 7faa87d..c2fae7b 100644 --- a/cis-k8s-job/templates/cis-corn-job.yaml +++ b/k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.cis.enabled }} apiVersion: batch/v1 kind: CronJob metadata: @@ -18,17 +19,17 @@ spec: resources: {} env: - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.label }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterId }} + value: {{ .Values.global.clusterId }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantId | quote}} + value: {{ .Values.global.tenantId | quote}} - name: URL - value: {{ .Values.accuknox.url }} + value: {{ .Values.global.url }} volumeMounts: - mountPath: /data name: datapath @@ -112,8 +113,10 @@ spec: path: /opt/cni/bin/ name: opt-cni-bin - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 status: {} + +{{- end }} \ No newline at end of file diff --git a/k8s-jobs/charts/cis-k8s-job/values.yaml b/k8s-jobs/charts/cis-k8s-job/values.yaml new file mode 100644 index 0000000..660fb70 --- /dev/null +++ b/k8s-jobs/charts/cis-k8s-job/values.yaml @@ -0,0 +1,7 @@ +# Default values for cis-k8s-job. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +accuknox: + cis: + enabled: "false" \ No newline at end of file diff --git a/k8tls-job/.helmignore b/k8s-jobs/charts/k8s-risk-assessment-job/.helmignore similarity index 100% rename from k8tls-job/.helmignore rename to k8s-jobs/charts/k8s-risk-assessment-job/.helmignore diff --git a/k8s-risk-assessment-job/Chart.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/Chart.yaml similarity index 100% rename from k8s-risk-assessment-job/Chart.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/Chart.yaml diff --git a/k8s-risk-assessment-job/README.md b/k8s-jobs/charts/k8s-risk-assessment-job/README.md similarity index 100% rename from k8s-risk-assessment-job/README.md rename to k8s-jobs/charts/k8s-risk-assessment-job/README.md diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml new file mode 100644 index 0000000..85c4b03 --- /dev/null +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if .Values.accuknox.riskassessment.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: k8s-risk-assessment-job-clusterrole +rules: + - apiGroups: + - "" + - extensions + - apps + - batch + - rbac.authorization.k8s.io + - roles.rbac.authorization.k8s.io + - authorization.k8s.io + - certificates.k8s.io + - apiextensions.k8s.io + - admissionregistration.k8s.io + - networking.k8s.io + resources: ["*"] + verbs: ["*"] + +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/clusterrolebinding.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml similarity index 85% rename from k8s-risk-assessment-job/templates/clusterrolebinding.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml index 7009a19..fcd41ae 100644 --- a/k8s-risk-assessment-job/templates/clusterrolebinding.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -10,3 +11,5 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: k8s-risk-assessment-job-clusterrole + +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/configmap.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml similarity index 95% rename from k8s-risk-assessment-job/templates/configmap.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml index 54b913c..e7aa1da 100644 --- a/k8s-risk-assessment-job/templates/configmap.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -38,3 +39,5 @@ data: --header "Tenant-Id: ${TENANT_ID}" \ --form "file=@\"/data/report.json\"" \ "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=false&label_id=${LABEL_NAME}" + +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/cronjob.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml similarity index 69% rename from k8s-risk-assessment-job/templates/cronjob.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml index b603dc2..f41535a 100644 --- a/k8s-risk-assessment-job/templates/cronjob.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml @@ -1,10 +1,11 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: batch/v1 kind: CronJob metadata: name: k8s-risk-assessment-job namespace: {{ .Release.Namespace }} spec: - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -21,7 +22,7 @@ spec: args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -32,25 +33,18 @@ spec: - '/bin/sh' - '/script/augment-and-push-results.sh' env: - - name: AUTH_TOKEN - valueFrom: - secretKeyRef: - key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} - name: k8s-risk-assessment-job-auth-token - {{- else }} - name: {{ .Values.accuknox.secretName }} - {{- end }} - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} + - name: AUTH_TOKEN + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterID | quote }} + value: {{ .Values.global.clusterId | quote }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.label }} volumeMounts: - mountPath: /data name: datapath @@ -64,3 +58,4 @@ spec: name: k8s-risk-assessment-job-script-configmap restartPolicy: OnFailure serviceAccount: k8s-risk-assessment-job-service-account +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/serviceaccount.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml similarity index 68% rename from k8s-risk-assessment-job/templates/serviceaccount.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml index f9d0a7a..fa4b7bb 100644 --- a/k8s-risk-assessment-job/templates/serviceaccount.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml @@ -1,5 +1,7 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: k8s-risk-assessment-job-service-account namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/values.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/values.yaml similarity index 60% rename from k8s-risk-assessment-job/values.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/values.yaml index 9b669bf..3b048cb 100644 --- a/k8s-risk-assessment-job/values.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/values.yaml @@ -10,11 +10,5 @@ kubescape: replicaCount: 1 accuknox: - authToken: "NO-TOKEN-SET" - URL: "cspm.demo.accuknox.com" - tenantID: "" - cronTab: "30 9 * * *" - clusterName: "" - clusterID: 0 - label: "" - secretName: "" + riskassessment: + enabled: "false" diff --git a/kiem-job/.helmignore b/k8s-jobs/charts/k8tls-job/.helmignore similarity index 100% rename from kiem-job/.helmignore rename to k8s-jobs/charts/k8tls-job/.helmignore diff --git a/k8tls-job/Chart.yaml b/k8s-jobs/charts/k8tls-job/Chart.yaml similarity index 100% rename from k8tls-job/Chart.yaml rename to k8s-jobs/charts/k8tls-job/Chart.yaml diff --git a/k8tls-job/README.md b/k8s-jobs/charts/k8tls-job/README.md similarity index 100% rename from k8tls-job/README.md rename to k8s-jobs/charts/k8tls-job/README.md diff --git a/k8tls-job/templates/_helpers.tpl b/k8s-jobs/charts/k8tls-job/templates/_helpers.tpl similarity index 100% rename from k8tls-job/templates/_helpers.tpl rename to k8s-jobs/charts/k8tls-job/templates/_helpers.tpl diff --git a/k8tls-job/templates/k8tls-cronjob.yaml b/k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml similarity index 75% rename from k8tls-job/templates/k8tls-cronjob.yaml rename to k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml index 951c54d..338c767 100644 --- a/k8tls-job/templates/k8tls-cronjob.yaml +++ b/k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.k8tls.enabled }} apiVersion: v1 kind: ServiceAccount metadata: @@ -47,15 +48,17 @@ spec: resources: {} env: - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }} + value: {{ if ne .Values.global.clusterName "" }}{{ .Values.global.clusterName }}{{ else }}{{ "default" }}{{ end }} + - name: CLUSTER_ID + value: {{ if ne .Values.global.clusterId "" }}{{ .Values.global.clusterId }}{{ else }}{{ "default" }}{{ end }} - name: LABEL_NAME - value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }} + value: {{ if ne .Values.global.label "" }}{{ .Values.global.label }}{{ else }}{{ "default" }}{{ end }} volumeMounts: - mountPath: /data name: datapath @@ -75,6 +78,8 @@ spec: - name: datapath emptyDir: {} - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 + +{{- end }} \ No newline at end of file diff --git a/k8tls-job/values.yaml b/k8s-jobs/charts/k8tls-job/values.yaml similarity index 50% rename from k8tls-job/values.yaml rename to k8s-jobs/charts/k8tls-job/values.yaml index 720722e..edada77 100644 --- a/k8tls-job/values.yaml +++ b/k8s-jobs/charts/k8tls-job/values.yaml @@ -3,9 +3,5 @@ # Declare variables to be passed into your templates. accuknox: - authToken: "NO-TOKEN-SET" - cronTab: "30 9 * * *" - tenantID: "" - clusterName: "" - label: "" - URL: "cspm.demo.accuknox.com" + k8tls: + enabled: "false" diff --git a/k8s-jobs/charts/kiem-job/.helmignore b/k8s-jobs/charts/kiem-job/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/k8s-jobs/charts/kiem-job/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kiem-job/Chart.yaml b/k8s-jobs/charts/kiem-job/Chart.yaml similarity index 100% rename from kiem-job/Chart.yaml rename to k8s-jobs/charts/kiem-job/Chart.yaml diff --git a/kiem-job/templates/_helpers.tpl b/k8s-jobs/charts/kiem-job/templates/_helpers.tpl similarity index 100% rename from kiem-job/templates/_helpers.tpl rename to k8s-jobs/charts/kiem-job/templates/_helpers.tpl diff --git a/kiem-job/templates/deployment.yaml b/k8s-jobs/charts/kiem-job/templates/deployment.yaml similarity index 77% rename from kiem-job/templates/deployment.yaml rename to k8s-jobs/charts/kiem-job/templates/deployment.yaml index 0737708..df27eb2 100644 --- a/kiem-job/templates/deployment.yaml +++ b/k8s-jobs/charts/kiem-job/templates/deployment.yaml @@ -1,10 +1,11 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: batch/v1 kind: CronJob metadata: name: kiem-job namespace: {{ .Release.Namespace }} spec: - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: @@ -20,7 +21,7 @@ spec: args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -31,15 +32,15 @@ spec: resources: {} env: - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label | quote}} + value: {{ .Values.global.label | quote}} volumeMounts: - mountPath: /data name: datapath @@ -49,4 +50,4 @@ spec: restartPolicy: OnFailure serviceAccount: kiem-service-account - +{{- end }} \ No newline at end of file diff --git a/kiem-job/templates/job.yaml b/k8s-jobs/charts/kiem-job/templates/job.yaml similarity index 74% rename from kiem-job/templates/job.yaml rename to k8s-jobs/charts/kiem-job/templates/job.yaml index 19906ac..aee6eb1 100644 --- a/kiem-job/templates/job.yaml +++ b/k8s-jobs/charts/kiem-job/templates/job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -15,7 +16,7 @@ spec: args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -26,15 +27,15 @@ spec: resources: {} env: - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label | quote}} + value: {{ .Values.global.label | quote}} volumeMounts: - mountPath: /data name: datapath @@ -42,4 +43,6 @@ spec: - name: datapath emptyDir: {} restartPolicy: OnFailure - serviceAccount: kiem-service-account \ No newline at end of file + serviceAccount: kiem-service-account + +{{- end }} \ No newline at end of file diff --git a/kiem-job/templates/role.yaml b/k8s-jobs/charts/kiem-job/templates/role.yaml similarity index 92% rename from kiem-job/templates/role.yaml rename to k8s-jobs/charts/kiem-job/templates/role.yaml index bc21f2e..ec0ba09 100644 --- a/kiem-job/templates/role.yaml +++ b/k8s-jobs/charts/kiem-job/templates/role.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -31,3 +32,5 @@ rules: - get - list - watch + +{{- end }} \ No newline at end of file diff --git a/kiem-job/templates/rolebinding.yaml b/k8s-jobs/charts/kiem-job/templates/rolebinding.yaml similarity index 77% rename from kiem-job/templates/rolebinding.yaml rename to k8s-jobs/charts/kiem-job/templates/rolebinding.yaml index a0ea35b..6cef531 100644 --- a/kiem-job/templates/rolebinding.yaml +++ b/k8s-jobs/charts/kiem-job/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -9,4 +10,6 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: kiem-cluster-role \ No newline at end of file + name: kiem-cluster-role + +{{- end }} \ No newline at end of file diff --git a/k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml b/k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml new file mode 100644 index 0000000..9df8b3e --- /dev/null +++ b/k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.accuknox.kiem.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kiem-service-account + namespace: {{ .Release.Namespace }} + +{{- end }} \ No newline at end of file diff --git a/kiem-job/values.yaml b/k8s-jobs/charts/kiem-job/values.yaml similarity index 53% rename from kiem-job/values.yaml rename to k8s-jobs/charts/kiem-job/values.yaml index e979326..d299b3f 100644 --- a/kiem-job/values.yaml +++ b/k8s-jobs/charts/kiem-job/values.yaml @@ -5,9 +5,5 @@ replicaCount: 1 accuknox: - authToken: "NO-TOKEN-SET" - URL: "cspm.demo.accuknox.com" - tenantID: "" - cronTab: "30 9 * * *" - clusterName: "" - label: "" + kiem: + enabled: "false" \ No newline at end of file diff --git a/k8s-jobs/values.yaml b/k8s-jobs/values.yaml new file mode 100644 index 0000000..f9141dc --- /dev/null +++ b/k8s-jobs/values.yaml @@ -0,0 +1,24 @@ +# Global parameters applicable to all jobs +global: + url: "cspm.demo.accuknox.com" + tenantId: "" + authToken: "NO-TOKEN-SET" + cronTab: "30 9 * * *" + clusterName: "" + clusterId: "" + label: "" + +# Job-specific configurations +accuknox: + cis: + enabled: "false" + # Add specific configurations for CIS job if needed + riskassessment: + enabled: "false" + # Add specific configurations for risk assessment job if needed + k8tls: + enabled: "false" + # Add specific configurations for k8tls job if needed + kiem: + enabled: "false" + # Add specific configurations for kiem job if needed \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/clusterrole.yaml b/k8s-risk-assessment-job/templates/clusterrole.yaml deleted file mode 100644 index 73564d6..0000000 --- a/k8s-risk-assessment-job/templates/clusterrole.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: k8s-risk-assessment-job-clusterrole -rules: - - apiGroups: - - '' - resources: - - pods - - pods/proxy - - namespaces - - secrets - - nodes - - configmaps - - services - - serviceaccounts - - endpoints - - persistentvolumeclaims - - persistentvolumes - - limitranges - - replicationcontrollers - - podtemplates - - resourcequotas - - events - verbs: - - get - - watch - - list - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - watch - - list - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - watch - - list - - apiGroups: - - apps - resources: - - deployments - - statefulsets - - daemonsets - - replicasets - - controllerrevisions - verbs: - - get - - watch - - list - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - watch - - list - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - watch - - list - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - watch - - list - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - watch - - list - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - Ingress - verbs: - - get - - watch - - list - - apiGroups: - - policy - resources: - - poddisruptionbudgets - - podsecuritypolicies - - PodSecurityPolicy - verbs: - - get - - watch - - list - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - - roles - - rolebindings - verbs: - - get - - watch - - list - - apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - - storageclasses - verbs: - - get - - watch - - list - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - watch - - list - - apiGroups: - - extensions - resources: - - Ingress - verbs: - - get - - watch - - list - - apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - - gateways - - gatewayclasses - - tcproutes - - tlsroutes - - udproutes - verbs: - - get - - watch - - list - - apiGroups: - - '' - resources: - - namespaces - verbs: - - update diff --git a/k8s-risk-assessment-job/templates/job.yaml b/k8s-risk-assessment-job/templates/job.yaml deleted file mode 100644 index aaacd12..0000000 --- a/k8s-risk-assessment-job/templates/job.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: k8s-risk-assessment-job - namespace: {{ .Release.Namespace }} -spec: - template: - metadata: - labels: - app: k8s-risk-assessment-job - spec: - initContainers: - - name: job-init-container - image: "{{ .Values.kubescape.image.repository }}:{{ .Values.kubescape.image.tag }}" - args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"] - env: - - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} - volumeMounts: - - name: datapath - mountPath: /data - containers: - - image: accuknox/accuknox-job:latest - name: artifact-api-container - command: - - '/bin/sh' - - '/script/augment-and-push-results.sh' - env: - - name: AUTH_TOKEN - valueFrom: - secretKeyRef: - key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} - name: k8s-risk-assessment-job-auth-token - {{- else }} - name: {{ .Values.accuknox.secretName }} - {{- end }} - - name: URL - value: {{ .Values.accuknox.URL }} - - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} - - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} - - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterID | quote }} - - name: LABEL_NAME - value: {{ .Values.accuknox.label }} - volumeMounts: - - mountPath: /data - name: datapath - - mountPath: /script - name: scriptpath - volumes: - - name: datapath - emptyDir: {} - - name: scriptpath - configMap: - name: k8s-risk-assessment-job-script-configmap - restartPolicy: OnFailure - serviceAccount: k8s-risk-assessment-job-service-account diff --git a/k8s-risk-assessment-job/templates/secret.yaml b/k8s-risk-assessment-job/templates/secret.yaml deleted file mode 100644 index 1cf76c9..0000000 --- a/k8s-risk-assessment-job/templates/secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if (.Values.accuknox.secretName | empty) }} -# if user didn't specify a secretName, use the default -apiVersion: v1 -kind: Secret -metadata: - name: k8s-risk-assessment-job-auth-token - namespace: {{ .Release.Namespace }} -data: - AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }} -{{- end }} diff --git a/k8tls-job/templates/k8tls-job.yaml b/k8tls-job/templates/k8tls-job.yaml deleted file mode 100644 index 3018a0a..0000000 --- a/k8tls-job/templates/k8tls-job.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: k8tls-job - namespace: {{ .Release.Namespace }} -spec: - template: - metadata: - name: k8tls-job - spec: - serviceAccountName: k8tls-serviceact - containers: - - image: accuknox/accuknox-job:latest - command: ["/bin/sh", "-c"] - args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json'] - name: k8tls-job - resources: {} - env: - - name: URL - value: {{ .Values.accuknox.URL }} - - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} - - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} - - name: CLUSTER_NAME - value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }} - - name: LABEL_NAME - value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }} - volumeMounts: - - mountPath: /data - name: datapath - initContainers: - - command: ["/bin/sh", "-c"] - args: ["./k8s_tlsscan"] - image: kubearmor/k8tls:latest - name: k8tls - env: - - name: JSON - value: "/data/report.json" - volumeMounts: - - mountPath: /data - name: datapath - restartPolicy: Never - volumes: - - name: datapath - emptyDir: {} - diff --git a/kiem-job/templates/serviceaccount.yaml b/kiem-job/templates/serviceaccount.yaml deleted file mode 100644 index 53ad66e..0000000 --- a/kiem-job/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kiem-service-account - namespace: {{ .Release.Namespace }} \ No newline at end of file From 84ac8463df017c71183b59470bb08ba77b3f8926 Mon Sep 17 00:00:00 2001 From: Priya Date: Fri, 20 Sep 2024 13:08:51 +0530 Subject: [PATCH 2/4] updated symlinks --- {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/.helmignore | 0 {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/Chart.yaml | 0 {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/README.md | 0 .../cis-k8s-job/templates/_helpers.tpl | 0 .../cis-k8s-job/templates/cis-job.yaml | 0 {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/values.yaml | 0 .../k8s-risk-assessment-job/.helmignore | 0 .../k8s-risk-assessment-job/Chart.yaml | 0 .../k8s-risk-assessment-job/README.md | 0 .../k8s-risk-assessment-job/templates/clusterrole.yaml | 0 .../k8s-risk-assessment-job/templates/clusterrolebinding.yaml | 0 .../k8s-risk-assessment-job/templates/configmap.yaml | 0 .../k8s-risk-assessment-job/templates/cronjob.yaml | 0 .../k8s-risk-assessment-job/templates/serviceaccount.yaml | 0 .../k8s-risk-assessment-job/values.yaml | 0 {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/.helmignore | 0 {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/Chart.yaml | 0 {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/README.md | 0 .../charts => accuknox-k8s-job}/k8tls-job/templates/_helpers.tpl | 0 .../k8tls-job/templates/k8tls-job.yaml | 0 {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/values.yaml | 0 {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/.helmignore | 0 {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/Chart.yaml | 0 .../charts => accuknox-k8s-job}/kiem-job/templates/_helpers.tpl | 0 .../kiem-job/templates/deployment.yaml | 0 .../charts => accuknox-k8s-job}/kiem-job/templates/job.yaml | 0 .../charts => accuknox-k8s-job}/kiem-job/templates/role.yaml | 0 .../kiem-job/templates/rolebinding.yaml | 0 .../kiem-job/templates/serviceaccount.yaml | 0 {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/values.yaml | 0 k8s-jobs/accuknox-k8s-job | 1 + 31 files changed, 1 insertion(+) rename {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/.helmignore (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/Chart.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/README.md (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/templates/_helpers.tpl (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/templates/cis-job.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/cis-k8s-job/values.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/.helmignore (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/Chart.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/README.md (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/templates/clusterrole.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/templates/clusterrolebinding.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/templates/configmap.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/templates/cronjob.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/templates/serviceaccount.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8s-risk-assessment-job/values.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/.helmignore (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/Chart.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/README.md (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/templates/_helpers.tpl (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/templates/k8tls-job.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/k8tls-job/values.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/.helmignore (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/Chart.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/templates/_helpers.tpl (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/templates/deployment.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/templates/job.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/templates/role.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/templates/rolebinding.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/templates/serviceaccount.yaml (100%) rename {k8s-jobs/charts => accuknox-k8s-job}/kiem-job/values.yaml (100%) create mode 120000 k8s-jobs/accuknox-k8s-job diff --git a/k8s-jobs/charts/cis-k8s-job/.helmignore b/accuknox-k8s-job/cis-k8s-job/.helmignore similarity index 100% rename from k8s-jobs/charts/cis-k8s-job/.helmignore rename to accuknox-k8s-job/cis-k8s-job/.helmignore diff --git a/k8s-jobs/charts/cis-k8s-job/Chart.yaml b/accuknox-k8s-job/cis-k8s-job/Chart.yaml similarity index 100% rename from k8s-jobs/charts/cis-k8s-job/Chart.yaml rename to accuknox-k8s-job/cis-k8s-job/Chart.yaml diff --git a/k8s-jobs/charts/cis-k8s-job/README.md b/accuknox-k8s-job/cis-k8s-job/README.md similarity index 100% rename from k8s-jobs/charts/cis-k8s-job/README.md rename to accuknox-k8s-job/cis-k8s-job/README.md diff --git a/k8s-jobs/charts/cis-k8s-job/templates/_helpers.tpl b/accuknox-k8s-job/cis-k8s-job/templates/_helpers.tpl similarity index 100% rename from k8s-jobs/charts/cis-k8s-job/templates/_helpers.tpl rename to accuknox-k8s-job/cis-k8s-job/templates/_helpers.tpl diff --git a/k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml b/accuknox-k8s-job/cis-k8s-job/templates/cis-job.yaml similarity index 100% rename from k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml rename to accuknox-k8s-job/cis-k8s-job/templates/cis-job.yaml diff --git a/k8s-jobs/charts/cis-k8s-job/values.yaml b/accuknox-k8s-job/cis-k8s-job/values.yaml similarity index 100% rename from k8s-jobs/charts/cis-k8s-job/values.yaml rename to accuknox-k8s-job/cis-k8s-job/values.yaml diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/.helmignore b/accuknox-k8s-job/k8s-risk-assessment-job/.helmignore similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/.helmignore rename to accuknox-k8s-job/k8s-risk-assessment-job/.helmignore diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/Chart.yaml b/accuknox-k8s-job/k8s-risk-assessment-job/Chart.yaml similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/Chart.yaml rename to accuknox-k8s-job/k8s-risk-assessment-job/Chart.yaml diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/README.md b/accuknox-k8s-job/k8s-risk-assessment-job/README.md similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/README.md rename to accuknox-k8s-job/k8s-risk-assessment-job/README.md diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml b/accuknox-k8s-job/k8s-risk-assessment-job/templates/clusterrole.yaml similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml rename to accuknox-k8s-job/k8s-risk-assessment-job/templates/clusterrole.yaml diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml b/accuknox-k8s-job/k8s-risk-assessment-job/templates/clusterrolebinding.yaml similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml rename to accuknox-k8s-job/k8s-risk-assessment-job/templates/clusterrolebinding.yaml diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml b/accuknox-k8s-job/k8s-risk-assessment-job/templates/configmap.yaml similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml rename to accuknox-k8s-job/k8s-risk-assessment-job/templates/configmap.yaml diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml b/accuknox-k8s-job/k8s-risk-assessment-job/templates/cronjob.yaml similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml rename to accuknox-k8s-job/k8s-risk-assessment-job/templates/cronjob.yaml diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml b/accuknox-k8s-job/k8s-risk-assessment-job/templates/serviceaccount.yaml similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml rename to accuknox-k8s-job/k8s-risk-assessment-job/templates/serviceaccount.yaml diff --git a/k8s-jobs/charts/k8s-risk-assessment-job/values.yaml b/accuknox-k8s-job/k8s-risk-assessment-job/values.yaml similarity index 100% rename from k8s-jobs/charts/k8s-risk-assessment-job/values.yaml rename to accuknox-k8s-job/k8s-risk-assessment-job/values.yaml diff --git a/k8s-jobs/charts/k8tls-job/.helmignore b/accuknox-k8s-job/k8tls-job/.helmignore similarity index 100% rename from k8s-jobs/charts/k8tls-job/.helmignore rename to accuknox-k8s-job/k8tls-job/.helmignore diff --git a/k8s-jobs/charts/k8tls-job/Chart.yaml b/accuknox-k8s-job/k8tls-job/Chart.yaml similarity index 100% rename from k8s-jobs/charts/k8tls-job/Chart.yaml rename to accuknox-k8s-job/k8tls-job/Chart.yaml diff --git a/k8s-jobs/charts/k8tls-job/README.md b/accuknox-k8s-job/k8tls-job/README.md similarity index 100% rename from k8s-jobs/charts/k8tls-job/README.md rename to accuknox-k8s-job/k8tls-job/README.md diff --git a/k8s-jobs/charts/k8tls-job/templates/_helpers.tpl b/accuknox-k8s-job/k8tls-job/templates/_helpers.tpl similarity index 100% rename from k8s-jobs/charts/k8tls-job/templates/_helpers.tpl rename to accuknox-k8s-job/k8tls-job/templates/_helpers.tpl diff --git a/k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml b/accuknox-k8s-job/k8tls-job/templates/k8tls-job.yaml similarity index 100% rename from k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml rename to accuknox-k8s-job/k8tls-job/templates/k8tls-job.yaml diff --git a/k8s-jobs/charts/k8tls-job/values.yaml b/accuknox-k8s-job/k8tls-job/values.yaml similarity index 100% rename from k8s-jobs/charts/k8tls-job/values.yaml rename to accuknox-k8s-job/k8tls-job/values.yaml diff --git a/k8s-jobs/charts/kiem-job/.helmignore b/accuknox-k8s-job/kiem-job/.helmignore similarity index 100% rename from k8s-jobs/charts/kiem-job/.helmignore rename to accuknox-k8s-job/kiem-job/.helmignore diff --git a/k8s-jobs/charts/kiem-job/Chart.yaml b/accuknox-k8s-job/kiem-job/Chart.yaml similarity index 100% rename from k8s-jobs/charts/kiem-job/Chart.yaml rename to accuknox-k8s-job/kiem-job/Chart.yaml diff --git a/k8s-jobs/charts/kiem-job/templates/_helpers.tpl b/accuknox-k8s-job/kiem-job/templates/_helpers.tpl similarity index 100% rename from k8s-jobs/charts/kiem-job/templates/_helpers.tpl rename to accuknox-k8s-job/kiem-job/templates/_helpers.tpl diff --git a/k8s-jobs/charts/kiem-job/templates/deployment.yaml b/accuknox-k8s-job/kiem-job/templates/deployment.yaml similarity index 100% rename from k8s-jobs/charts/kiem-job/templates/deployment.yaml rename to accuknox-k8s-job/kiem-job/templates/deployment.yaml diff --git a/k8s-jobs/charts/kiem-job/templates/job.yaml b/accuknox-k8s-job/kiem-job/templates/job.yaml similarity index 100% rename from k8s-jobs/charts/kiem-job/templates/job.yaml rename to accuknox-k8s-job/kiem-job/templates/job.yaml diff --git a/k8s-jobs/charts/kiem-job/templates/role.yaml b/accuknox-k8s-job/kiem-job/templates/role.yaml similarity index 100% rename from k8s-jobs/charts/kiem-job/templates/role.yaml rename to accuknox-k8s-job/kiem-job/templates/role.yaml diff --git a/k8s-jobs/charts/kiem-job/templates/rolebinding.yaml b/accuknox-k8s-job/kiem-job/templates/rolebinding.yaml similarity index 100% rename from k8s-jobs/charts/kiem-job/templates/rolebinding.yaml rename to accuknox-k8s-job/kiem-job/templates/rolebinding.yaml diff --git a/k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml b/accuknox-k8s-job/kiem-job/templates/serviceaccount.yaml similarity index 100% rename from k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml rename to accuknox-k8s-job/kiem-job/templates/serviceaccount.yaml diff --git a/k8s-jobs/charts/kiem-job/values.yaml b/accuknox-k8s-job/kiem-job/values.yaml similarity index 100% rename from k8s-jobs/charts/kiem-job/values.yaml rename to accuknox-k8s-job/kiem-job/values.yaml diff --git a/k8s-jobs/accuknox-k8s-job b/k8s-jobs/accuknox-k8s-job new file mode 120000 index 0000000..d2528a9 --- /dev/null +++ b/k8s-jobs/accuknox-k8s-job @@ -0,0 +1 @@ +../accuknox-k8s-job \ No newline at end of file From 680936aaa3896527a28d6ecdefba04895a7d294a Mon Sep 17 00:00:00 2001 From: Priya Date: Fri, 20 Sep 2024 14:23:35 +0530 Subject: [PATCH 3/4] updated symlinks --- k8s-jobs/Chart.yaml | 8 ++++---- k8s-jobs/accuknox-k8s-job | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) delete mode 120000 k8s-jobs/accuknox-k8s-job diff --git a/k8s-jobs/Chart.yaml b/k8s-jobs/Chart.yaml index e26d30d..b97cbc4 100644 --- a/k8s-jobs/Chart.yaml +++ b/k8s-jobs/Chart.yaml @@ -27,17 +27,17 @@ appVersion: "1.16.0" dependencies: - name: cis-k8s-job version: "0.1.0" - repository: "file://charts/cis-k8s-job" + repository: "file:/./charts/cis-k8s-job" condition: accuknox.cis.enabled - name: k8s-risk-assessment-job version: "0.1.0" - repository: "file://charts/k8s-risk-assessment-job" + repository: "file:/./charts/k8s-risk-assessment-job" condition: accuknox.riskassessment.enabled - name: k8tls-job version: "0.1.0" - repository: "file://charts/k8tls-job" + repository: "file:/./charts/k8tls-job" condition: accuknox.k8tls.enabled - name: kiem-job version: "0.1.0" - repository: "file://charts/kiem-job" + repository: "file:/./charts/kiem-job" condition: accuknox.kiem.enabled diff --git a/k8s-jobs/accuknox-k8s-job b/k8s-jobs/accuknox-k8s-job deleted file mode 120000 index d2528a9..0000000 --- a/k8s-jobs/accuknox-k8s-job +++ /dev/null @@ -1 +0,0 @@ -../accuknox-k8s-job \ No newline at end of file From 28c882fd8d76f2f9d552c6a6905ca1f58f037d5f Mon Sep 17 00:00:00 2001 From: Priya Date: Fri, 20 Sep 2024 14:23:53 +0530 Subject: [PATCH 4/4] updated symlinks --- k8s-jobs/charts | 1 + 1 file changed, 1 insertion(+) create mode 120000 k8s-jobs/charts diff --git a/k8s-jobs/charts b/k8s-jobs/charts new file mode 120000 index 0000000..d2528a9 --- /dev/null +++ b/k8s-jobs/charts @@ -0,0 +1 @@ +../accuknox-k8s-job \ No newline at end of file