From 41ce51adb588f260b5b9f097bdda4e347b167963 Mon Sep 17 00:00:00 2001 From: Rudraksh Pareek Date: Fri, 26 Apr 2024 13:06:15 +0530 Subject: [PATCH 1/6] chore: accuknox-kubescape-job -> k8s-risk-assessment-job Signed-off-by: Rudraksh Pareek --- .../.helmignore | 0 .../Chart.yaml | 4 +-- k8s-risk-assessment-job/README.md | 32 +++++++++++++++++++ .../templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 6 ++-- .../templates/configmap.yaml | 6 ++-- .../templates/cronjob.yaml | 12 +++---- .../templates/serviceaccount.yaml | 2 +- .../values.yaml | 2 +- 9 files changed, 50 insertions(+), 16 deletions(-) rename {accuknox-kubescape-job => k8s-risk-assessment-job}/.helmignore (100%) rename {accuknox-kubescape-job => k8s-risk-assessment-job}/Chart.yaml (54%) create mode 100644 k8s-risk-assessment-job/README.md rename {accuknox-kubescape-job => k8s-risk-assessment-job}/templates/clusterrole.yaml (89%) rename {accuknox-kubescape-job => k8s-risk-assessment-job}/templates/clusterrolebinding.yaml (59%) rename {accuknox-kubescape-job => k8s-risk-assessment-job}/templates/configmap.yaml (91%) rename {accuknox-kubescape-job => k8s-risk-assessment-job}/templates/cronjob.yaml (88%) rename {accuknox-kubescape-job => k8s-risk-assessment-job}/templates/serviceaccount.yaml (63%) rename {accuknox-kubescape-job => k8s-risk-assessment-job}/values.yaml (88%) diff --git a/accuknox-kubescape-job/.helmignore b/k8s-risk-assessment-job/.helmignore similarity index 100% rename from accuknox-kubescape-job/.helmignore rename to k8s-risk-assessment-job/.helmignore diff --git a/accuknox-kubescape-job/Chart.yaml b/k8s-risk-assessment-job/Chart.yaml similarity index 54% rename from accuknox-kubescape-job/Chart.yaml rename to k8s-risk-assessment-job/Chart.yaml index 6963b6f..88bb263 100644 --- a/accuknox-kubescape-job/Chart.yaml +++ b/k8s-risk-assessment-job/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: accuknox-kubescape-job -description: A Helm chart for creating AccuKnox kubescape job +name: k8s-risk-assesment-job +description: A Helm chart for creating AccuKnox k8s-risk-assessment job type: application version: 0.1.0 diff --git a/k8s-risk-assessment-job/README.md b/k8s-risk-assessment-job/README.md new file mode 100644 index 0000000..9304f9c --- /dev/null +++ b/k8s-risk-assessment-job/README.md @@ -0,0 +1,32 @@ +# AccuKnox k8s-risk-asessment Job + +A job for scanning cluster misconfiguration through kubescape + +## Helm install + +### Local + +``` +helm upgrade --install k8s-risk-assessment-job -n k8s-risk-assessment --create-namespace --set accuknox.authToken="TOKEN" . +``` + +### Published + +``` +helm upgrade --install k8s-risk-assessment-job oci://public.ecr.aws/k9v9d5v2/k8s-risk-assessment-job -n k8s-risk-assessment --create-namespace --set accuknox.authToken="TOKEN" . +``` + +where TOKEN is issued from AccuKnox SaaS. + +### Configuration + +| Helm key | Default Value | Description | Required | +|----------|---------------|-------------| -------- | +| accuknox.authToken | "NO-TOKEN-SET" | Auth token from AccuKnox SaaS | YES | +| accuknox.URL | "cspm.dev.accuknox.com" | URL of the environment | YES | +| accuknox.clusterName | "default" | name of the cluster | YES (auto-populated by SaaS) | +| accuknox.tenantID | "" | ID of AccuKnox tenant | YES (auto-populated by SaaS) | +| accuknox.cronTab | "0 */6 * * *" | cron tab for the job - timezone: UTC | NO | +| accunkox.label | "default" | label of the cluster | NO | +| kubescape.image.repository | "quay.io/kubescape/kubescape-cli" | kubescape image repo | NO | +| kubescape.image.tag | v3.0.8 | kubescape version - taken from appVersion by default | NO | diff --git a/accuknox-kubescape-job/templates/clusterrole.yaml b/k8s-risk-assessment-job/templates/clusterrole.yaml similarity index 89% rename from accuknox-kubescape-job/templates/clusterrole.yaml rename to k8s-risk-assessment-job/templates/clusterrole.yaml index a6847b3..80e36e4 100644 --- a/accuknox-kubescape-job/templates/clusterrole.yaml +++ b/k8s-risk-assessment-job/templates/clusterrole.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kubescape-clusterrole + name: k8s-risk-assessment-job-clusterrole rules: - apiGroups: - "" diff --git a/accuknox-kubescape-job/templates/clusterrolebinding.yaml b/k8s-risk-assessment-job/templates/clusterrolebinding.yaml similarity index 59% rename from accuknox-kubescape-job/templates/clusterrolebinding.yaml rename to k8s-risk-assessment-job/templates/clusterrolebinding.yaml index 7ee64ad..7009a19 100644 --- a/accuknox-kubescape-job/templates/clusterrolebinding.yaml +++ b/k8s-risk-assessment-job/templates/clusterrolebinding.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: kubescape-clusterrole-binding + name: k8s-risk-assessment-job-clusterrole-binding subjects: - namespace: {{ .Release.Namespace }} kind: ServiceAccount - name: kubescape-service-account + name: k8s-risk-assessment-job-service-account roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: kubescape-clusterrole + name: k8s-risk-assessment-job-clusterrole diff --git a/accuknox-kubescape-job/templates/configmap.yaml b/k8s-risk-assessment-job/templates/configmap.yaml similarity index 91% rename from accuknox-kubescape-job/templates/configmap.yaml rename to k8s-risk-assessment-job/templates/configmap.yaml index b31b20f..f0120e4 100644 --- a/accuknox-kubescape-job/templates/configmap.yaml +++ b/k8s-risk-assessment-job/templates/configmap.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: accuknox-kubescape-cronjob-script-configmap + name: k8s-risk-assessment-job-script-configmap namespace: {{ .Release.Namespace }} data: augment-and-push-results.sh: | @@ -27,9 +27,11 @@ data: } }" /data/report.json --slurpfile controllist /data/controllist.json) > /data/report.json + cat /data/report.json + # push curl --location --request POST \ --header "Authorization: Bearer ${AUTH_TOKEN}" \ --header "Tenant-Id: ${TENANT_ID}" \ --form "file=@\"/data/report.json\"" \ - "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=kubescape&save_to_s3=false" + "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=false" diff --git a/accuknox-kubescape-job/templates/cronjob.yaml b/k8s-risk-assessment-job/templates/cronjob.yaml similarity index 88% rename from accuknox-kubescape-job/templates/cronjob.yaml rename to k8s-risk-assessment-job/templates/cronjob.yaml index 3632e79..c33a0db 100644 --- a/accuknox-kubescape-job/templates/cronjob.yaml +++ b/k8s-risk-assessment-job/templates/cronjob.yaml @@ -1,7 +1,7 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: accuknox-kubescape-job + name: k8s-risk-assessment-job namespace: {{ .Release.Namespace }} spec: schedule: "{{ .Values.accuknox.cronTab }}" @@ -11,12 +11,12 @@ spec: jobTemplate: metadata: labels: - app: accuknox-kubescape-job + app: k8s-risk-assessment-job spec: template: spec: initContainers: - - name: kubescape-init + - name: job-init-container image: "{{ .Values.kubescape.image.repository }}:{{ if ne .Values.kubescape.image.tag "" }}{{ .Values.kubescape.image.tag }}{{ else }}v{{ .Chart.AppVersion }}{{ end }}" args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"] env: @@ -27,7 +27,7 @@ spec: mountPath: /data containers: - image: accuknox/accuknox-job:latest - name: accuknox-kubescape-cronjob + name: artifact-api-container command: - '/bin/bash' - '/script/augment-and-push-results.sh' @@ -52,6 +52,6 @@ spec: emptyDir: {} - name: scriptpath configMap: - name: accuknox-kubescape-cronjob-script-configmap + name: k8s-risk-assessment-job-script-configmap restartPolicy: OnFailure - serviceAccount: kubescape-service-account + serviceAccount: k8s-risk-assessment-job-service-account diff --git a/accuknox-kubescape-job/templates/serviceaccount.yaml b/k8s-risk-assessment-job/templates/serviceaccount.yaml similarity index 63% rename from accuknox-kubescape-job/templates/serviceaccount.yaml rename to k8s-risk-assessment-job/templates/serviceaccount.yaml index a64c4e1..f9d0a7a 100644 --- a/accuknox-kubescape-job/templates/serviceaccount.yaml +++ b/k8s-risk-assessment-job/templates/serviceaccount.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: kubescape-service-account + name: k8s-risk-assessment-job-service-account namespace: {{ .Release.Namespace }} diff --git a/accuknox-kubescape-job/values.yaml b/k8s-risk-assessment-job/values.yaml similarity index 88% rename from accuknox-kubescape-job/values.yaml rename to k8s-risk-assessment-job/values.yaml index b8333e7..2ee2dc0 100644 --- a/accuknox-kubescape-job/values.yaml +++ b/k8s-risk-assessment-job/values.yaml @@ -1,4 +1,4 @@ -# Default values for accuknox-kubescape-job. +# Default values for k8s-risk-assessment-job. # This is a YAML-formatted file. # Declare variables to be passed into your templates. From eac4b58986f7ecf3d4a52bc6c3ea8f1b4e91c9bd Mon Sep 17 00:00:00 2001 From: Rudraksh Pareek Date: Fri, 26 Apr 2024 13:13:01 +0530 Subject: [PATCH 2/6] chore: accuknox-cis-k8s-job -> cis-k8s-job Signed-off-by: Rudraksh Pareek --- {accuknox-cis-k8s => cis-k8s-job}/.helmignore | 0 {accuknox-cis-k8s => cis-k8s-job}/Chart.yaml | 2 +- {accuknox-cis-k8s => cis-k8s-job}/README.md | 4 ++-- .../templates/_helpers.tpl | 20 +++++++++---------- .../templates/cis-job.yaml | 6 +++--- {accuknox-cis-k8s => cis-k8s-job}/values.yaml | 0 6 files changed, 16 insertions(+), 16 deletions(-) rename {accuknox-cis-k8s => cis-k8s-job}/.helmignore (100%) rename {accuknox-cis-k8s => cis-k8s-job}/Chart.yaml (98%) rename {accuknox-cis-k8s => cis-k8s-job}/README.md (68%) rename {accuknox-cis-k8s => cis-k8s-job}/templates/_helpers.tpl (72%) rename {accuknox-cis-k8s => cis-k8s-job}/templates/cis-job.yaml (97%) rename {accuknox-cis-k8s => cis-k8s-job}/values.yaml (100%) diff --git a/accuknox-cis-k8s/.helmignore b/cis-k8s-job/.helmignore similarity index 100% rename from accuknox-cis-k8s/.helmignore rename to cis-k8s-job/.helmignore diff --git a/accuknox-cis-k8s/Chart.yaml b/cis-k8s-job/Chart.yaml similarity index 98% rename from accuknox-cis-k8s/Chart.yaml rename to cis-k8s-job/Chart.yaml index 2838f8e..4f9991c 100644 --- a/accuknox-cis-k8s/Chart.yaml +++ b/cis-k8s-job/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: accuknox-cis-k8s +name: cis-k8s-job description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. diff --git a/accuknox-cis-k8s/README.md b/cis-k8s-job/README.md similarity index 68% rename from accuknox-cis-k8s/README.md rename to cis-k8s-job/README.md index 8277d83..7c74dd2 100644 --- a/accuknox-cis-k8s/README.md +++ b/cis-k8s-job/README.md @@ -1,9 +1,9 @@ -# AccuKnox CIS Job +# AccuKnox CIS K8s Job ## Helm install ``` -helm upgrade --install accuknox-cis-job . --set accuknox.authToken="TOKEN" +helm upgrade --install cis-k8s-job . --set accuknox.authToken="TOKEN" ``` where TOKEN is issued from AccuKnox SaaS. diff --git a/accuknox-cis-k8s/templates/_helpers.tpl b/cis-k8s-job/templates/_helpers.tpl similarity index 72% rename from accuknox-cis-k8s/templates/_helpers.tpl rename to cis-k8s-job/templates/_helpers.tpl index 39e9eb6..5eaf546 100644 --- a/accuknox-cis-k8s/templates/_helpers.tpl +++ b/cis-k8s-job/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "accuknox-cis-job.name" -}} +{{- define "cis-k8s-job.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "accuknox-cis-job.fullname" -}} +{{- define "cis-k8s-job.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "accuknox-cis-job.chart" -}} +{{- define "cis-k8s-job.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "accuknox-cis-job.labels" -}} -helm.sh/chart: {{ include "accuknox-cis-job.chart" . }} -{{ include "accuknox-cis-job.selectorLabels" . }} +{{- define "cis-k8s-job.labels" -}} +helm.sh/chart: {{ include "cis-k8s-job.chart" . }} +{{ include "cis-k8s-job.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "accuknox-cis-job.selectorLabels" -}} -app.kubernetes.io/name: {{ include "accuknox-cis-job.name" . }} +{{- define "cis-k8s-job.selectorLabels" -}} +app.kubernetes.io/name: {{ include "cis-k8s-job.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "accuknox-cis-job.serviceAccountName" -}} +{{- define "cis-k8s-job.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "accuknox-cis-job.fullname" .) .Values.serviceAccount.name }} +{{- default (include "cis-k8s-job.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/accuknox-cis-k8s/templates/cis-job.yaml b/cis-k8s-job/templates/cis-job.yaml similarity index 97% rename from accuknox-cis-k8s/templates/cis-job.yaml rename to cis-k8s-job/templates/cis-job.yaml index e3ff4da..9f71068 100644 --- a/accuknox-cis-k8s/templates/cis-job.yaml +++ b/cis-k8s-job/templates/cis-job.yaml @@ -1,12 +1,12 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: accuknox-cis-cronjob + name: cis-k8s-cronjob namespace: {{ .Release.Namespace }} spec: jobTemplate: metadata: - name: accuknox-cis-cronjob + name: cis-k8s-cronjob spec: template: spec: @@ -14,7 +14,7 @@ spec: - image: accuknox/accuknox-job:latest command: ["/bin/sh", "-c"] args: ['curl --location --request POST "https://cspm.$ENV_URL.accuknox.com/api/v1/artifact/?tenant_id=$TENANT_ID&data_type=KB&save_to_s3=true" --header "Authorization: Bearer $AUTH_TOKEN" --form "file=@\"./data/report.json\""'] - name: accuknox-cis-cronjob + name: cis-k8s-cronjob resources: {} env: - name: AUTH_TOKEN diff --git a/accuknox-cis-k8s/values.yaml b/cis-k8s-job/values.yaml similarity index 100% rename from accuknox-cis-k8s/values.yaml rename to cis-k8s-job/values.yaml From 4be0140753876cbba565fefe432e54e6c1897e60 Mon Sep 17 00:00:00 2001 From: Rudraksh Pareek Date: Fri, 26 Apr 2024 13:19:38 +0530 Subject: [PATCH 3/6] chore: accuknox-k8tls-job -> k8tls-job Signed-off-by: Rudraksh Pareek --- {accuknox-k8tls-job => k8tls-job}/.helmignore | 0 {accuknox-k8tls-job => k8tls-job}/Chart.yaml | 2 +- {accuknox-k8tls-job => k8tls-job}/README.md | 2 +- .../templates/_helpers.tpl | 20 +++++++++---------- .../templates/k8tls-job.yaml | 6 +++--- {accuknox-k8tls-job => k8tls-job}/values.yaml | 4 ++-- 6 files changed, 17 insertions(+), 17 deletions(-) rename {accuknox-k8tls-job => k8tls-job}/.helmignore (100%) rename {accuknox-k8tls-job => k8tls-job}/Chart.yaml (97%) rename {accuknox-k8tls-job => k8tls-job}/README.md (74%) rename {accuknox-k8tls-job => k8tls-job}/templates/_helpers.tpl (71%) rename {accuknox-k8tls-job => k8tls-job}/templates/k8tls-job.yaml (94%) rename {accuknox-k8tls-job => k8tls-job}/values.yaml (77%) diff --git a/accuknox-k8tls-job/.helmignore b/k8tls-job/.helmignore similarity index 100% rename from accuknox-k8tls-job/.helmignore rename to k8tls-job/.helmignore diff --git a/accuknox-k8tls-job/Chart.yaml b/k8tls-job/Chart.yaml similarity index 97% rename from accuknox-k8tls-job/Chart.yaml rename to k8tls-job/Chart.yaml index 0c5b94a..75dc333 100644 --- a/accuknox-k8tls-job/Chart.yaml +++ b/k8tls-job/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: accuknox-k8tls-job +name: k8tls-job description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. diff --git a/accuknox-k8tls-job/README.md b/k8tls-job/README.md similarity index 74% rename from accuknox-k8tls-job/README.md rename to k8tls-job/README.md index 6cbd3ab..c9c01dc 100644 --- a/accuknox-k8tls-job/README.md +++ b/k8tls-job/README.md @@ -3,7 +3,7 @@ ## Helm install ``` -helm upgrade --install accuknox-k8tls-job . --set accuknox.authToken="TOKEN" +helm upgrade --install k8tls-job . --set accuknox.authToken="TOKEN" ``` where TOKEN is issued from AccuKnox SaaS. diff --git a/accuknox-k8tls-job/templates/_helpers.tpl b/k8tls-job/templates/_helpers.tpl similarity index 71% rename from accuknox-k8tls-job/templates/_helpers.tpl rename to k8tls-job/templates/_helpers.tpl index ddece0a..f0dd130 100644 --- a/accuknox-k8tls-job/templates/_helpers.tpl +++ b/k8tls-job/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "accuknox-k8tls-job.name" -}} +{{- define "k8tls-job.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "accuknox-k8tls-job.fullname" -}} +{{- define "k8tls-job.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "accuknox-k8tls-job.chart" -}} +{{- define "k8tls-job.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "accuknox-k8tls-job.labels" -}} -helm.sh/chart: {{ include "accuknox-k8tls-job.chart" . }} -{{ include "accuknox-k8tls-job.selectorLabels" . }} +{{- define "k8tls-job.labels" -}} +helm.sh/chart: {{ include "k8tls-job.chart" . }} +{{ include "k8tls-job.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "accuknox-k8tls-job.selectorLabels" -}} -app.kubernetes.io/name: {{ include "accuknox-k8tls-job.name" . }} +{{- define "k8tls-job.selectorLabels" -}} +app.kubernetes.io/name: {{ include "k8tls-job.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "accuknox-k8tls-job.serviceAccountName" -}} +{{- define "k8tls-job.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "accuknox-k8tls-job.fullname" .) .Values.serviceAccount.name }} +{{- default (include "k8tls-job.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/accuknox-k8tls-job/templates/k8tls-job.yaml b/k8tls-job/templates/k8tls-job.yaml similarity index 94% rename from accuknox-k8tls-job/templates/k8tls-job.yaml rename to k8tls-job/templates/k8tls-job.yaml index e3bcba9..6ff5bb8 100644 --- a/accuknox-k8tls-job/templates/k8tls-job.yaml +++ b/k8tls-job/templates/k8tls-job.yaml @@ -29,12 +29,12 @@ subjects: apiVersion: batch/v1 kind: CronJob metadata: - name: accuknox-k8tls-job + name: k8tls-job namespace: {{ .Release.Namespace }} spec: jobTemplate: metadata: - name: accuknox-k8tls-job + name: k8tls-job spec: template: spec: @@ -43,7 +43,7 @@ spec: - image: accuknox/accuknox-job:latest command: ["/bin/sh", "-c"] args: ["curl www.google.com && echo $AUTH_TOKEN && cat /data/report.json"] - name: accuknox-k8tls-job + name: k8tls-job resources: {} env: - name: AUTH_TOKEN diff --git a/accuknox-k8tls-job/values.yaml b/k8tls-job/values.yaml similarity index 77% rename from accuknox-k8tls-job/values.yaml rename to k8tls-job/values.yaml index a744358..a792e0f 100644 --- a/accuknox-k8tls-job/values.yaml +++ b/k8tls-job/values.yaml @@ -1,4 +1,4 @@ -# Default values for accuknox-k8tls-job. +# Default values for AccuKnox k8tls-job. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -7,4 +7,4 @@ accuknox: cronTab: "0 */4 * * *" clusterName: "" label: "" - URL: "dev" \ No newline at end of file + URL: "dev" From d5e919786a0bdb242f2d055e67da544402db6c65 Mon Sep 17 00:00:00 2001 From: Rudraksh Pareek Date: Fri, 26 Apr 2024 13:22:33 +0530 Subject: [PATCH 4/6] chore: accuknox-kiem-job -> kiem-job Signed-off-by: Rudraksh Pareek --- {accuknox-kiem-job => kiem-job}/.helmignore | 0 {accuknox-kiem-job => kiem-job}/Chart.yaml | 4 ++-- .../templates/_helpers.tpl | 20 +++++++++---------- .../templates/deployment.yaml | 4 ++-- .../templates/role.yaml | 0 .../templates/rolebinding.yaml | 0 .../templates/serviceaccount.yaml | 0 {accuknox-kiem-job => kiem-job}/values.yaml | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) rename {accuknox-kiem-job => kiem-job}/.helmignore (100%) rename {accuknox-kiem-job => kiem-job}/Chart.yaml (94%) rename {accuknox-kiem-job => kiem-job}/templates/_helpers.tpl (71%) rename {accuknox-kiem-job => kiem-job}/templates/deployment.yaml (97%) rename {accuknox-kiem-job => kiem-job}/templates/role.yaml (100%) rename {accuknox-kiem-job => kiem-job}/templates/rolebinding.yaml (100%) rename {accuknox-kiem-job => kiem-job}/templates/serviceaccount.yaml (100%) rename {accuknox-kiem-job => kiem-job}/values.yaml (85%) diff --git a/accuknox-kiem-job/.helmignore b/kiem-job/.helmignore similarity index 100% rename from accuknox-kiem-job/.helmignore rename to kiem-job/.helmignore diff --git a/accuknox-kiem-job/Chart.yaml b/kiem-job/Chart.yaml similarity index 94% rename from accuknox-kiem-job/Chart.yaml rename to kiem-job/Chart.yaml index 432242b..d8fe04e 100644 --- a/accuknox-kiem-job/Chart.yaml +++ b/kiem-job/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: accuknox-kiem-job -description: A Helm chart for Accukinx Kiem +name: kiem-job +description: A Helm chart for Accuknox KIEM # A chart can be either an 'application' or a 'library' chart. # diff --git a/accuknox-kiem-job/templates/_helpers.tpl b/kiem-job/templates/_helpers.tpl similarity index 71% rename from accuknox-kiem-job/templates/_helpers.tpl rename to kiem-job/templates/_helpers.tpl index 624610b..63fec72 100644 --- a/accuknox-kiem-job/templates/_helpers.tpl +++ b/kiem-job/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "accuknox-kiem-job.name" -}} +{{- define "kiem-job.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "accuknox-kiem-job.fullname" -}} +{{- define "kiem-job.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "accuknox-kiem-job.chart" -}} +{{- define "kiem-job.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "accuknox-kiem-job.labels" -}} -helm.sh/chart: {{ include "accuknox-kiem-job.chart" . }} -{{ include "accuknox-kiem-job.selectorLabels" . }} +{{- define "kiem-job.labels" -}} +helm.sh/chart: {{ include "kiem-job.chart" . }} +{{ include "kiem-job.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "accuknox-kiem-job.selectorLabels" -}} -app.kubernetes.io/name: {{ include "accuknox-kiem-job.name" . }} +{{- define "kiem-job.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiem-job.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "accuknox-kiem-job.serviceAccountName" -}} +{{- define "kiem-job.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "accuknox-kiem-job.fullname" .) .Values.serviceAccount.name }} +{{- default (include "kiem-job.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/accuknox-kiem-job/templates/deployment.yaml b/kiem-job/templates/deployment.yaml similarity index 97% rename from accuknox-kiem-job/templates/deployment.yaml rename to kiem-job/templates/deployment.yaml index 1b94365..1f42f78 100644 --- a/accuknox-kiem-job/templates/deployment.yaml +++ b/kiem-job/templates/deployment.yaml @@ -1,7 +1,7 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: accuknox-kiem-job + name: kiem-job namespace: {{ .Release.Namespace }} spec: schedule: "{{ .Values.accuknox.cronTab }}" @@ -11,7 +11,7 @@ spec: jobTemplate: metadata: labels: - app: accuknox-kiem-job + app: kiem-job spec: template: spec: diff --git a/accuknox-kiem-job/templates/role.yaml b/kiem-job/templates/role.yaml similarity index 100% rename from accuknox-kiem-job/templates/role.yaml rename to kiem-job/templates/role.yaml diff --git a/accuknox-kiem-job/templates/rolebinding.yaml b/kiem-job/templates/rolebinding.yaml similarity index 100% rename from accuknox-kiem-job/templates/rolebinding.yaml rename to kiem-job/templates/rolebinding.yaml diff --git a/accuknox-kiem-job/templates/serviceaccount.yaml b/kiem-job/templates/serviceaccount.yaml similarity index 100% rename from accuknox-kiem-job/templates/serviceaccount.yaml rename to kiem-job/templates/serviceaccount.yaml diff --git a/accuknox-kiem-job/values.yaml b/kiem-job/values.yaml similarity index 85% rename from accuknox-kiem-job/values.yaml rename to kiem-job/values.yaml index e10d3cd..b540958 100644 --- a/accuknox-kiem-job/values.yaml +++ b/kiem-job/values.yaml @@ -1,4 +1,4 @@ -# Default values for accuknox-kiem-job. +# Default values for kiem-job. # This is a YAML-formatted file. # Declare variables to be passed into your templates. From c7acaf0011562ff276289f44b5090520bbfd0efa Mon Sep 17 00:00:00 2001 From: Rudraksh Pareek Date: Fri, 26 Apr 2024 13:46:35 +0530 Subject: [PATCH 5/6] chore: update refs in CI Signed-off-by: Rudraksh Pareek --- .github/workflows/action.yaml | 36 +++++++++++++++++------------------ README.md | 12 ++++++++++-- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml index 23d800e..3dce1e1 100644 --- a/.github/workflows/action.yaml +++ b/.github/workflows/action.yaml @@ -11,18 +11,18 @@ on: env: REPO: public.ecr.aws/k9v9d5v2 - CHART_NAME_K8S: accuknox-cis-k8s - CHART_PATH_K8S: ./accuknox-cis-k8s - CHART_REVISION_NAME_K8S: accuknox-cis-k8s - CHART_NAME_K8TLS: accuknox-k8tls-job - CHART_PATH_K8TLS: ./accuknox-k8tls-job - CHART_REVISION_NAME_K8TLS: accuknox-k8tls-job - CHART_NAME_KIEM: accuknox-kiem-job - CHART_PATH_KIEM: ./accuknox-kiem-job - CHART_REVISION_NAME_KIEM: accuknox-kiem-job - CHART_NAME_KUBESCAPE: accuknox-kubescape-job - CHART_PATH_KUBESCAPE: ./accuknox-kubescape-job - CHART_REVISION_NAME_KUBESCAPE: accuknox-kubescape-job + CHART_NAME_K8S: cis-k8s-job + CHART_PATH_K8S: ./cis-k8s-job + CHART_REVISION_NAME_K8S: cis-k8s-job + CHART_NAME_K8TLS: k8tls-job + CHART_PATH_K8TLS: ./k8tls-job + CHART_REVISION_NAME_K8TLS: k8tls-job + CHART_NAME_KIEM: kiem-job + CHART_PATH_KIEM: ./kiem-job + CHART_REVISION_NAME_KIEM: kiem-job + CHART_NAME_RISK_ASSESSMENT: k8s-risk-assessment-job + CHART_PATH_RISK_ASSESSMENT: ./k8s-risk-assessment-job + CHART_REVISION_NAME_RISK_ASSESSMENT: k8s-risk-assessment-job AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} AWS_REGION: us-east-1 @@ -77,7 +77,7 @@ jobs: chart-path: ${{ env.CHART_PATH_KIEM }} revision-name: ${{ env.CHART_REVISION_NAME_KIEM}} - chart-validate-kubescape: + chart-validate-risk-assessment: runs-on: ubuntu-latest if: always() && !contains(needs.tag-validate.result, 'failure') needs: [tag-validate] @@ -87,8 +87,8 @@ jobs: - name: Validate helm chart uses: accuknox/common-gh-actions/actions/helm-check@main with: - chart-path: ${{ env.CHART_PATH_KUBESCAPE }} - revision-name: ${{ env.CHART_REVISION_NAME_KUBESCAPE}} + chart-path: ${{ env.CHART_PATH_RISK_ASSESSMENT }} + revision-name: ${{ env.CHART_REVISION_NAME_RISK_ASSESSMENT}} chart-push-k8s: runs-on: ubuntu-latest @@ -138,9 +138,9 @@ jobs: ecr-repo: ${{ env.REPO }} type: public - chart-push-kubescape: + chart-push-risk-assessment: runs-on: ubuntu-latest - needs: [chart-validate-kubescape] + needs: [chart-validate-risk-assessment] if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout source @@ -148,7 +148,7 @@ jobs: - name: Push helm chart to ECR uses: accuknox/common-gh-actions/actions/helm-push@main with: - chart-path: ${{ env.CHART_PATH_KUBESCAPE }} + chart-path: ${{ env.CHART_PATH_RISK_ASSESSMENT }} version: ${{ github.ref_name }} ecr-region: ${{ env.AWS_REGION }} ecr-repo: ${{ env.REPO }} diff --git a/README.md b/README.md index a4e7cae..2e6bbdf 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,16 @@ Set of jobs that integrate with AccuKnox SaaS to provide reporting/assessment. ## K8s CIS Scanning job -[accuknox-cis-job](accuknox-cis-job) +[cis-k8s-job](cis-k8s-job) ## K8s Service Endpoint scanning job -[accuknox-k8tls-job](accuknox-k8tls-job) +[k8tls-job](k8tls-job) + +## Kubernetes Identity and Entitlement Management (KIEM) job + +[kiem-job](kiem-job) + +## Kubernetes Risk Assessment job + +[k8s-risk-assessment-job](k8s-risk-assessment-job) From 7033a7bd7eb786a417207906148ffda23a27de2b Mon Sep 17 00:00:00 2001 From: Rudraksh Pareek Date: Fri, 26 Apr 2024 15:57:12 +0530 Subject: [PATCH 6/6] misc: address review comments Signed-off-by: Rudraksh Pareek --- .github/workflows/action.yaml | 18 +++++++++--------- cis-k8s-job/templates/cis-job.yaml | 2 +- cis-k8s-job/values.yaml | 6 +++--- k8s-risk-assessment-job/Chart.yaml | 2 +- k8s-risk-assessment-job/README.md | 8 ++++---- k8s-risk-assessment-job/values.yaml | 4 ++-- k8tls-job/Chart.yaml | 2 +- k8tls-job/templates/k8tls-job.yaml | 10 +++++++++- k8tls-job/values.yaml | 7 ++++--- kiem-job/templates/deployment.yaml | 2 +- kiem-job/values.yaml | 6 ++---- 11 files changed, 37 insertions(+), 30 deletions(-) diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml index 3dce1e1..d93d6a9 100644 --- a/.github/workflows/action.yaml +++ b/.github/workflows/action.yaml @@ -20,9 +20,9 @@ env: CHART_NAME_KIEM: kiem-job CHART_PATH_KIEM: ./kiem-job CHART_REVISION_NAME_KIEM: kiem-job - CHART_NAME_RISK_ASSESSMENT: k8s-risk-assessment-job - CHART_PATH_RISK_ASSESSMENT: ./k8s-risk-assessment-job - CHART_REVISION_NAME_RISK_ASSESSMENT: k8s-risk-assessment-job + CHART_NAME_K8S_RISK_ASSESSMENT: k8s-risk-assessment-job + CHART_PATH_K8S_RISK_ASSESSMENT: ./k8s-risk-assessment-job + CHART_REVISION_NAME_K8S_RISK_ASSESSMENT: k8s-risk-assessment-job AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} AWS_REGION: us-east-1 @@ -77,7 +77,7 @@ jobs: chart-path: ${{ env.CHART_PATH_KIEM }} revision-name: ${{ env.CHART_REVISION_NAME_KIEM}} - chart-validate-risk-assessment: + chart-validate-k8s-risk-assessment: runs-on: ubuntu-latest if: always() && !contains(needs.tag-validate.result, 'failure') needs: [tag-validate] @@ -87,8 +87,8 @@ jobs: - name: Validate helm chart uses: accuknox/common-gh-actions/actions/helm-check@main with: - chart-path: ${{ env.CHART_PATH_RISK_ASSESSMENT }} - revision-name: ${{ env.CHART_REVISION_NAME_RISK_ASSESSMENT}} + chart-path: ${{ env.CHART_PATH_K8S_RISK_ASSESSMENT }} + revision-name: ${{ env.CHART_REVISION_NAME_K8S_RISK_ASSESSMENT}} chart-push-k8s: runs-on: ubuntu-latest @@ -138,9 +138,9 @@ jobs: ecr-repo: ${{ env.REPO }} type: public - chart-push-risk-assessment: + chart-push-k8s-risk-assessment: runs-on: ubuntu-latest - needs: [chart-validate-risk-assessment] + needs: [chart-validate-k8s-risk-assessment] if: startsWith(github.ref, 'refs/tags/v') steps: - name: Checkout source @@ -148,7 +148,7 @@ jobs: - name: Push helm chart to ECR uses: accuknox/common-gh-actions/actions/helm-push@main with: - chart-path: ${{ env.CHART_PATH_RISK_ASSESSMENT }} + chart-path: ${{ env.CHART_PATH_K8S_RISK_ASSESSMENT }} version: ${{ github.ref_name }} ecr-region: ${{ env.AWS_REGION }} ecr-repo: ${{ env.REPO }} diff --git a/cis-k8s-job/templates/cis-job.yaml b/cis-k8s-job/templates/cis-job.yaml index 9f71068..20868f0 100644 --- a/cis-k8s-job/templates/cis-job.yaml +++ b/cis-k8s-job/templates/cis-job.yaml @@ -13,7 +13,7 @@ spec: containers: - image: accuknox/accuknox-job:latest command: ["/bin/sh", "-c"] - args: ['curl --location --request POST "https://cspm.$ENV_URL.accuknox.com/api/v1/artifact/?tenant_id=$TENANT_ID&data_type=KB&save_to_s3=true" --header "Authorization: Bearer $AUTH_TOKEN" --form "file=@\"./data/report.json\""'] + args: ['curl --location --request POST "https://$ENV_URL/api/v1/artifact/?tenant_id=$TENANT_ID&data_type=KB&save_to_s3=true" --header "Authorization: Bearer $AUTH_TOKEN" --form "file=@\"./data/report.json\""'] name: cis-k8s-cronjob resources: {} env: diff --git a/cis-k8s-job/values.yaml b/cis-k8s-job/values.yaml index 959481e..b2b5da2 100644 --- a/cis-k8s-job/values.yaml +++ b/cis-k8s-job/values.yaml @@ -1,12 +1,12 @@ -# Default values for accuknox-cis-job. +# Default values for cis-k8s-job. # This is a YAML-formatted file. # Declare variables to be passed into your templates. accuknox: authToken: "NO-TOKEN-SET" - cronTab: "0 */4 * * *" + cronTab: "30 9 * * *" clusterName: "" label: "" clusterId: "" tenantId: "" - URL: "dev" \ No newline at end of file + URL: "cspm.demo.accuknox.com" diff --git a/k8s-risk-assessment-job/Chart.yaml b/k8s-risk-assessment-job/Chart.yaml index 88bb263..e5e01db 100644 --- a/k8s-risk-assessment-job/Chart.yaml +++ b/k8s-risk-assessment-job/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: k8s-risk-assesment-job +name: k8s-risk-assessment-job description: A Helm chart for creating AccuKnox k8s-risk-assessment job type: application version: 0.1.0 diff --git a/k8s-risk-assessment-job/README.md b/k8s-risk-assessment-job/README.md index 9304f9c..9252d59 100644 --- a/k8s-risk-assessment-job/README.md +++ b/k8s-risk-assessment-job/README.md @@ -1,4 +1,4 @@ -# AccuKnox k8s-risk-asessment Job +# AccuKnox k8s-risk-assessment Job A job for scanning cluster misconfiguration through kubescape @@ -13,7 +13,7 @@ helm upgrade --install k8s-risk-assessment-job -n k8s-risk-assessment --create-n ### Published ``` -helm upgrade --install k8s-risk-assessment-job oci://public.ecr.aws/k9v9d5v2/k8s-risk-assessment-job -n k8s-risk-assessment --create-namespace --set accuknox.authToken="TOKEN" . +helm upgrade --install k8s-risk-assessment-job oci://public.ecr.aws/k9v9d5v2/k8s-risk-assessment-job -n k8s-risk-assessment --create-namespace --set accuknox.authToken="TOKEN" ``` where TOKEN is issued from AccuKnox SaaS. @@ -22,8 +22,8 @@ where TOKEN is issued from AccuKnox SaaS. | Helm key | Default Value | Description | Required | |----------|---------------|-------------| -------- | -| accuknox.authToken | "NO-TOKEN-SET" | Auth token from AccuKnox SaaS | YES | -| accuknox.URL | "cspm.dev.accuknox.com" | URL of the environment | YES | +| accuknox.authToken | "NO-TOKEN-SET" | Auth token from AccuKnox SaaS | YES (auto-populated by SaaS) | +| accuknox.URL | "cspm.dev.accuknox.com" | URL of the environment | YES (auto-populated by SaaS) | | accuknox.clusterName | "default" | name of the cluster | YES (auto-populated by SaaS) | | accuknox.tenantID | "" | ID of AccuKnox tenant | YES (auto-populated by SaaS) | | accuknox.cronTab | "0 */6 * * *" | cron tab for the job - timezone: UTC | NO | diff --git a/k8s-risk-assessment-job/values.yaml b/k8s-risk-assessment-job/values.yaml index 2ee2dc0..94b9d39 100644 --- a/k8s-risk-assessment-job/values.yaml +++ b/k8s-risk-assessment-job/values.yaml @@ -12,8 +12,8 @@ replicaCount: 1 accuknox: authToken: "NO-TOKEN-SET" - URL: "cspm.dev.accuknox.com" + URL: "cspm.demo.accuknox.com" tenantID: "" - cronTab: "0 */6 * * *" + cronTab: "30 9 * * *" clusterName: "" label: "" diff --git a/k8tls-job/Chart.yaml b/k8tls-job/Chart.yaml index 75dc333..2ed4335 100644 --- a/k8tls-job/Chart.yaml +++ b/k8tls-job/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: k8tls-job -description: A Helm chart for Kubernetes +description: A Helm chart for running k8tls # A chart can be either an 'application' or a 'library' chart. # diff --git a/k8tls-job/templates/k8tls-job.yaml b/k8tls-job/templates/k8tls-job.yaml index 6ff5bb8..951c54d 100644 --- a/k8tls-job/templates/k8tls-job.yaml +++ b/k8tls-job/templates/k8tls-job.yaml @@ -42,12 +42,20 @@ spec: containers: - image: accuknox/accuknox-job:latest command: ["/bin/sh", "-c"] - args: ["curl www.google.com && echo $AUTH_TOKEN && cat /data/report.json"] + args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json'] name: k8tls-job resources: {} env: + - name: URL + value: {{ .Values.accuknox.URL }} + - name: TENANT_ID + value: {{ .Values.accuknox.tenantID | quote }} - name: AUTH_TOKEN value: {{ .Values.accuknox.authToken }} + - name: CLUSTER_NAME + value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }} + - name: LABEL_NAME + value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }} volumeMounts: - mountPath: /data name: datapath diff --git a/k8tls-job/values.yaml b/k8tls-job/values.yaml index a792e0f..720722e 100644 --- a/k8tls-job/values.yaml +++ b/k8tls-job/values.yaml @@ -1,10 +1,11 @@ -# Default values for AccuKnox k8tls-job. +# Default values for k8tls-job. # This is a YAML-formatted file. # Declare variables to be passed into your templates. accuknox: authToken: "NO-TOKEN-SET" - cronTab: "0 */4 * * *" + cronTab: "30 9 * * *" + tenantID: "" clusterName: "" label: "" - URL: "dev" + URL: "cspm.demo.accuknox.com" diff --git a/kiem-job/templates/deployment.yaml b/kiem-job/templates/deployment.yaml index 1f42f78..673cdd3 100644 --- a/kiem-job/templates/deployment.yaml +++ b/kiem-job/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: mountPath: /data containers: - image: accuknox/accuknox-job:latest - command: ['sh', '-c', 'curl --location --request POST "https://cspm.${URL}.accuknox.com/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""'] + command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""'] name: accuknox-kiem-cronjob resources: {} env: diff --git a/kiem-job/values.yaml b/kiem-job/values.yaml index b540958..e979326 100644 --- a/kiem-job/values.yaml +++ b/kiem-job/values.yaml @@ -6,10 +6,8 @@ replicaCount: 1 accuknox: authToken: "NO-TOKEN-SET" - URL: "dev" + URL: "cspm.demo.accuknox.com" tenantID: "" - cronTab: "0 */6 * * *" + cronTab: "30 9 * * *" clusterName: "" label: "" - -