Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allowing jobs to be deployed in different namespaces, save to s3 #43

Merged
merged 1 commit into from
Sep 19, 2024
Merged

allowing jobs to be deployed in different namespaces, save to s3 #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cis-k8s-job/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ cat <<<$(jq '. += {

- Sending output file to AccuKnox SaaS
```sh
curl --location --request POST 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=$tenantId&data_type=KB&save_to_s3=false' --header 'Tenant-Id: $tenantId' --header "Authorization: Bearer $token" --form 'file=@"./results.json"'
curl --location --request POST 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=$tenantId&data_type=KB&save_to_s3=true' --header 'Tenant-Id: $tenantId' --header "Authorization: Bearer $token" --form 'file=@"./results.json"'
```
> Replace value of `$tenantId` from AccuKnox Tenant ID & `$token` from AccuKnox Token

Expand Down
2 changes: 1 addition & 1 deletion k8s-risk-assessment-job/templates/clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: k8s-risk-assessment-job-clusterrole
name: {{ .Release.Namespace }}-k8s-assessment-crole
rules:
- apiGroups:
- ''
Expand Down
4 changes: 2 additions & 2 deletions k8s-risk-assessment-job/templates/clusterrolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k8s-risk-assessment-job-clusterrole-binding
name: {{ .Release.Namespace }}-k8s-assessment-crb
subjects:
- namespace: {{ .Release.Namespace }}
kind: ServiceAccount
name: k8s-risk-assessment-job-service-account
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k8s-risk-assessment-job-clusterrole
name: {{ .Release.Namespace }}-k8s-assessment-crole
2 changes: 1 addition & 1 deletion k8s-risk-assessment-job/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,4 +37,4 @@ data:
--header "Authorization: Bearer ${AUTH_TOKEN}" \
--header "Tenant-Id: ${TENANT_ID}" \
--form "file=@\"/data/report.json\"" \
"https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=false&label_id=${LABEL_NAME}"
"https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=true&label_id=${LABEL_NAME}"
8 changes: 4 additions & 4 deletions k8tls-job/templates/k8tls-cronjob.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: k8tls-cr
name: {{ .Release.Namespace }}-k8tls-cr
rules:
- apiGroups: [""]
resources: ["services"]
Expand All @@ -16,11 +16,11 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k8tls-crb
name: {{ .Release.Namespace }}-k8tls-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k8tls-cr
name: {{ .Release.Namespace }}-k8tls-cr
subjects:
- kind: ServiceAccount
name: k8tls-serviceact
Expand All @@ -42,7 +42,7 @@ spec:
containers:
- image: accuknox/accuknox-job:latest
command: ["/bin/sh", "-c"]
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
name: k8tls-job
resources: {}
env:
Expand Down
2 changes: 1 addition & 1 deletion k8tls-job/templates/k8tls-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ spec:
containers:
- image: accuknox/accuknox-job:latest
command: ["/bin/sh", "-c"]
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
name: k8tls-job
resources: {}
env:
Expand Down
2 changes: 1 addition & 1 deletion kiem-job/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=true&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
name: accuknox-kiem-cronjob
resources: {}
env:
Expand Down
2 changes: 1 addition & 1 deletion kiem-job/templates/job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=true&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
name: accuknox-kiem-job
resources: {}
env:
Expand Down
2 changes: 1 addition & 1 deletion kiem-job/templates/role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kiem-cluster-role
name: {{ .Release.Namespace }}-kiem-cluster-role
rules:
- apiGroups:
- ""
Expand Down
4 changes: 2 additions & 2 deletions kiem-job/templates/rolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: api-cluster-role-binding
name: {{ .Release.Namespace }}-api-cluster-role-binding
subjects:
- namespace: {{ .Release.Namespace }}
kind: ServiceAccount
name: kiem-service-account
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kiem-cluster-role
name: {{ .Release.Namespace }}-kiem-cluster-role
Loading