Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test-pr #44

Closed
wants to merge 3 commits into from
Closed

test-pr #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
55f0176
added imagepullsecret for jobs
sanjay-ba Sep 3, 2024
528ea10
added imagepullsecret for jobs
sanjay-ba Sep 3, 2024
68fdcb9
Update cis-job.yaml
sanjay-ba Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions cis-k8s-job/templates/cis-corn-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,12 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['/bin/sh entrypoint.sh && curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KB&label_id=${LABEL_NAME}&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"./data/report.json\"" && cat /data/report.json']
name: cis-k8s-cronjob
Expand All @@ -33,7 +37,7 @@ spec:
- mountPath: /data
name: datapath
initContainers:
- image: docker.io/aquasec/kube-bench:v0.6.19
- image: "{{ .Values.kubeBench.image.repository }}:{{ .Values.kubeBench.image.tag }}"
command: ["/bin/sh", "-c"]
args: ["kube-bench run --json > /data/report.json"]
name: kube-bench
Expand Down
10 changes: 7 additions & 3 deletions cis-k8s-job/templates/cis-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,12 @@ spec:
labels:
app: cis-k8s-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['/bin/sh entrypoint.sh && curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KB&label_id=${LABEL_NAME}&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"./data/report.json\"" && cat /data/report.json']
name: cis-k8s-cronjob
Expand All @@ -33,7 +37,7 @@ spec:
- mountPath: /data
name: datapath
initContainers:
- image: docker.io/aquasec/kube-bench:v0.6.19
- image: "{{ .Values.kubeBench.image.repository }}:{{ .Values.kubeBench.image.tag }}"
command: ["/bin/sh", "-c"]
args: ["kube-bench run --json > /data/report.json"]
name: kube-bench
Expand Down Expand Up @@ -110,4 +114,4 @@ spec:
name: etc-cni-netd
- hostPath:
path: /opt/cni/bin/
name: opt-cni-bin
name: opt-cni-bin
11 changes: 11 additions & 0 deletions cis-k8s-job/templates/imagepullsecret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
19 changes: 19 additions & 0 deletions cis-k8s-job/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,25 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.


accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"

kubeBench:
image:
repository: docker.io/aquasec/kube-bench
tag: "v0.6.19"

# To use existing secret updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""


accuknox:
authToken: "NO-TOKEN-SET"
cronTab: "30 9 * * *"
Expand Down
6 changes: 5 additions & 1 deletion k8s-risk-assessment-job/templates/cronjob.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: job-init-container
image: "{{ .Values.kubescape.image.repository }}:{{ .Values.kubescape.image.tag }}"
Expand All @@ -26,7 +30,7 @@ spec:
- name: datapath
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
name: artifact-api-container
command:
- '/bin/sh'
Expand Down
11 changes: 11 additions & 0 deletions k8s-risk-assessment-job/templates/imagepullsecret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
6 changes: 5 additions & 1 deletion k8s-risk-assessment-job/templates/job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ spec:
labels:
app: k8s-risk-assessment-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: job-init-container
image: "{{ .Values.kubescape.image.repository }}:{{ .Values.kubescape.image.tag }}"
Expand All @@ -20,7 +24,7 @@ spec:
- name: datapath
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
name: artifact-api-container
command:
- '/bin/sh'
Expand Down
13 changes: 13 additions & 0 deletions k8s-risk-assessment-job/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@ kubescape:
repository: quay.io/kubescape/kubescape-cli
tag: "v3.0.8"

accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"


# To use existing secret updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""

replicaCount: 1

accuknox:
Expand Down
11 changes: 11 additions & 0 deletions k8tls-job/templates/imagepullsecret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
8 changes: 6 additions & 2 deletions k8tls-job/templates/k8tls-cronjob.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,13 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
serviceAccountName: k8tls-serviceact
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
name: k8tls-job
Expand All @@ -62,7 +66,7 @@ spec:
initContainers:
- command: ["/bin/sh", "-c"]
args: ["./k8s_tlsscan"]
image: kubearmor/k8tls:latest
image: "{{ .Values.k8tls.image.repository }}:{{ .Values.k8tls.image.tag }}"
name: k8tls
env:
- name: JSON
Expand Down
8 changes: 6 additions & 2 deletions k8tls-job/templates/k8tls-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,13 @@ spec:
metadata:
name: k8tls-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
serviceAccountName: k8tls-serviceact
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
name: k8tls-job
Expand All @@ -32,7 +36,7 @@ spec:
initContainers:
- command: ["/bin/sh", "-c"]
args: ["./k8s_tlsscan"]
image: kubearmor/k8tls:latest
image: "{{ .Values.k8tls.image.repository }}:{{ .Values.k8tls.image.tag }}"
name: k8tls
env:
- name: JSON
Expand Down
17 changes: 17 additions & 0 deletions k8tls-job/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,23 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

k8tls:
image:
repository: kubearmor/k8tls
tag: "latest"

accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"

# To use existing secret updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""

accuknox:
authToken: "NO-TOKEN-SET"
cronTab: "30 9 * * *"
Expand Down
8 changes: 6 additions & 2 deletions kiem-job/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,13 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: kiem-init
image: accuknox/kiem:latest
image: "{{ .Values.kiem.image.repository }}:{{ .Values.kiem.image.tag }}"
args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"]
env:
- name: CLUSTER_NAME
Expand All @@ -25,7 +29,7 @@ spec:
- name: datapath
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
name: accuknox-kiem-cronjob
resources: {}
Expand Down
11 changes: 11 additions & 0 deletions kiem-job/templates/imagepullsecret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
4 changes: 4 additions & 0 deletions kiem-job/templates/job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ spec:
labels:
app: kiem-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: kiem-init
image: accuknox/kiem:latest
Expand Down
19 changes: 19 additions & 0 deletions kiem-job/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,25 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.


kiem:
image:
repository: accuknox/kiem
tag: "latest"

accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"

# To use existing secret, updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""


replicaCount: 1

accuknox:
Expand Down
Loading