Skip to content

Commit

Permalink
updated chart with imagepullsecret (#45)
Browse files Browse the repository at this point in the history
  • Loading branch information
sanjay-ba authored Sep 22, 2024
1 parent 7f76c9e commit aba3ba9
Show file tree
Hide file tree
Showing 16 changed files with 156 additions and 12 deletions.
8 changes: 6 additions & 2 deletions cis-k8s-job/templates/cis-cron-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,12 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['/bin/sh entrypoint.sh && curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KB&label_id=${LABEL_NAME}&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"./data/report.json\"" && cat /data/report.json']
name: cis-k8s-cronjob
Expand Down Expand Up @@ -40,7 +44,7 @@ spec:
- mountPath: /data
name: datapath
initContainers:
- image: docker.io/aquasec/kube-bench:v0.6.19
- image: "{{ .Values.kubeBench.image.repository }}:{{ .Values.kubeBench.image.tag }}"
command: ["/bin/sh", "-c"]
args: ["kube-bench run --json > /data/report.json"]
name: kube-bench
Expand Down
8 changes: 6 additions & 2 deletions cis-k8s-job/templates/cis-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,12 @@ spec:
labels:
app: cis-k8s-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['/bin/sh entrypoint.sh && curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KB&label_id=${LABEL_NAME}&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"./data/report.json\"" && cat /data/report.json']
name: cis-k8s-cronjob
Expand Down Expand Up @@ -40,7 +44,7 @@ spec:
- mountPath: /data
name: datapath
initContainers:
- image: docker.io/aquasec/kube-bench:v0.6.19
- image: "{{ .Values.kubeBench.image.repository }}:{{ .Values.kubeBench.image.tag }}"
command: ["/bin/sh", "-c"]
args: ["kube-bench run --json > /data/report.json"]
name: kube-bench
Expand Down
11 changes: 11 additions & 0 deletions cis-k8s-job/templates/imagepullsecret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
19 changes: 19 additions & 0 deletions cis-k8s-job/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,25 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.


accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"

kubeBench:
image:
repository: docker.io/aquasec/kube-bench
tag: "v0.6.19"

# To use existing secret updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""


accuknox:
authToken: "NO-TOKEN-SET"
cronTab: "30 9 * * *"
Expand Down
6 changes: 5 additions & 1 deletion k8s-risk-assessment-job/templates/cronjob.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: job-init-container
image: "{{ .Values.kubescape.image.repository }}:{{ .Values.kubescape.image.tag }}"
Expand All @@ -26,7 +30,7 @@ spec:
- name: datapath
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
name: artifact-api-container
command:
- '/bin/sh'
Expand Down
11 changes: 11 additions & 0 deletions k8s-risk-assessment-job/templates/imagepullsecret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
6 changes: 5 additions & 1 deletion k8s-risk-assessment-job/templates/job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ spec:
labels:
app: k8s-risk-assessment-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: job-init-container
image: "{{ .Values.kubescape.image.repository }}:{{ .Values.kubescape.image.tag }}"
Expand All @@ -20,7 +24,7 @@ spec:
- name: datapath
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
name: artifact-api-container
command:
- '/bin/sh'
Expand Down
13 changes: 13 additions & 0 deletions k8s-risk-assessment-job/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@ kubescape:
repository: quay.io/kubescape/kubescape-cli
tag: "v3.0.8"

accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"


# To use existing secret updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""

replicaCount: 1

accuknox:
Expand Down
11 changes: 11 additions & 0 deletions k8tls-job/templates/imagepullsecret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
8 changes: 6 additions & 2 deletions k8tls-job/templates/k8tls-cronjob.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,13 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
serviceAccountName: k8tls-serviceact
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
name: k8tls-job
Expand Down Expand Up @@ -69,7 +73,7 @@ spec:
initContainers:
- command: ["/bin/sh", "-c"]
args: ["./k8s_tlsscan"]
image: kubearmor/k8tls:latest
image: "{{ .Values.k8tls.image.repository }}:{{ .Values.k8tls.image.tag }}"
name: k8tls
env:
- name: JSON
Expand Down
8 changes: 6 additions & 2 deletions k8tls-job/templates/k8tls-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,13 @@ spec:
metadata:
name: k8tls-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
serviceAccountName: k8tls-serviceact
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ["/bin/sh", "-c"]
args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
name: k8tls-job
Expand Down Expand Up @@ -39,7 +43,7 @@ spec:
initContainers:
- command: ["/bin/sh", "-c"]
args: ["./k8s_tlsscan"]
image: kubearmor/k8tls:latest
image: "{{ .Values.k8tls.image.repository }}:{{ .Values.k8tls.image.tag }}"
name: k8tls
env:
- name: JSON
Expand Down
17 changes: 17 additions & 0 deletions k8tls-job/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,23 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

k8tls:
image:
repository: kubearmor/k8tls
tag: "latest"

accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"

# To use existing secret updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""

accuknox:
authToken: "NO-TOKEN-SET"
cronTab: "30 9 * * *"
Expand Down
8 changes: 6 additions & 2 deletions kiem-job/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,13 @@ spec:
spec:
template:
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: kiem-init
image: accuknox/kiem:latest
image: "{{ .Values.kiem.image.repository }}:{{ .Values.kiem.image.tag }}"
args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"]
env:
- name: CLUSTER_NAME
Expand All @@ -25,7 +29,7 @@ spec:
- name: datapath
mountPath: /data
containers:
- image: accuknox/accuknox-job:latest
- image: "{{ .Values.accuknoxJob.image.repository }}:{{ .Values.accuknoxJob.image.tag }}"
command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=true&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
name: accuknox-kiem-cronjob
resources: {}
Expand Down
11 changes: 11 additions & 0 deletions kiem-job/templates/imagepullsecret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.imagePullSecrets.registry }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecrets.name }}
namespace: {{ .Release.Namespace }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.registry .Values.imagePullSecrets.username .Values.imagePullSecrets.password (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }}
{{- end }}
4 changes: 4 additions & 0 deletions kiem-job/templates/job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ spec:
labels:
app: kiem-job
spec:
{{- if .Values.imagePullSecrets.name }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets.name }}
{{- end }}
initContainers:
- name: kiem-init
image: accuknox/kiem:latest
Expand Down
19 changes: 19 additions & 0 deletions kiem-job/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,25 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.


kiem:
image:
repository: accuknox/kiem
tag: "latest"

accuknoxJob:
image:
repository: accuknox/accuknox-job
tag: "latest"

# To use existing secret, updated {imagePullSecrets.name} with your secret name.
imagePullSecrets:
name: ""
registry: ""
username: ""
password: ""


replicaCount: 1

accuknox:
Expand Down

0 comments on commit aba3ba9

Please sign in to comment.