Skip to content

Commit

Permalink
feat: Combined KSPM jobs for Helm release
Browse files Browse the repository at this point in the history
  • Loading branch information
@Priyaccuknox
Priyaccuknox committed Dec 11, 2024
1 parent 8c0f0bb commit 534dbdd
Show file tree
Hide file tree
Showing 12 changed files with 74 additions and 77 deletions.
16 changes: 8 additions & 8 deletions cis-k8s-job/templates/cis-cron-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,21 +28,21 @@ spec:
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
name: cis-k8s-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
name: {{ .Values.global.accuknox.secretName }}
{{- end }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
- name: LABEL_NAME
value: {{ .Values.accuknox.label }}
value: {{ .Values.global.accuknox.label }}
- name: CLUSTER_ID
value: {{ .Values.accuknox.clusterId }}
value: {{ .Values.global.accuknox.clusterId }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantId | quote}}
value: {{ .Values.global.accuknox.tenantId | quote}}
- name: URL
value: {{ .Values.accuknox.url }}
value: {{ .Values.global.accuknox.url }}
volumeMounts:
- mountPath: /data
name: datapath
Expand All @@ -58,7 +58,7 @@ spec:
volumes:
{{- include "volumes" .Values.toolConfig | trim | nindent 11 }}

schedule: "{{ .Values.accuknox.cronTab }}"
schedule: "{{ .Values.global.accuknox.cronTab }}"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1

Expand Down
14 changes: 7 additions & 7 deletions cis-k8s-job/templates/cis-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,21 +31,21 @@ spec:
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
name: cis-k8s-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
name: {{ .Values.global.accuknox.secretName }}
{{- end }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
- name: LABEL_NAME
value: {{ .Values.accuknox.label }}
value: {{ .Values.global.accuknox.label }}
- name: CLUSTER_ID
value: {{ .Values.accuknox.clusterId }}
value: {{ .Values.global.accuknox.clusterId }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantId | quote}}
value: {{ .Values.global.accuknox.tenantId | quote}}
- name: URL
value: {{ .Values.accuknox.url }}
value: {{ .Values.global.accuknox.url }}
volumeMounts:
- mountPath: /data
name: datapath
Expand Down
4 changes: 2 additions & 2 deletions cis-k8s-job/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: cis-k8s-job-auth-token
namespace: {{ .Release.Namespace }}
data:
AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }}
AUTH_TOKEN: {{ .Values.global.accuknox.authToken | b64enc }}
{{- end }}
15 changes: 7 additions & 8 deletions cis-k8s-job/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,10 @@ toolConfig:
skip: ""

accuknox:
authToken: "NO-TOKEN-SET"
cronTab: "30 9 * * *"
clusterName: ""
label: ""
clusterId: ""
tenantId: ""
url: "cspm.demo.accuknox.com"
secretName: ""
authToken: "{{ .Values.global.accuknox.authToken }}"
URL: "{{ .Values.global.accuknox.url }}"
tenantID: "{{ .Values.global.accuknox.tenantId }}"
cronTab: "{{ .Values.global.accuknox.cronTab }}"
clusterName: "{{ .Values.global.accuknox.clusterName }}"
label: "{{ .Values.global.accuknox.label }}"
secretName: "{{ .Values.global.accuknox.secretName }}"
18 changes: 9 additions & 9 deletions k8s-risk-assessment-job/templates/cronjob.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: k8s-risk-assessment-job
namespace: {{ .Release.Namespace }}
spec:
schedule: "{{ .Values.accuknox.cronTab }}"
schedule: "{{ .Values.global.accuknox.cronTab }}"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1

Expand All @@ -25,7 +25,7 @@ spec:
args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"]
env:
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
volumeMounts:
- name: datapath
mountPath: /data
Expand All @@ -40,21 +40,21 @@ spec:
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
name: k8s-risk-assessment-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
name: {{ .Values.global.accuknox.secretName }}
{{- end }}
- name: URL
value: {{ .Values.accuknox.URL }}
value: {{ .Values.global.accuknox.url }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantID | quote }}
value: {{ .Values.global.accuknox.tenantId | quote }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
- name: CLUSTER_ID
value: {{ .Values.accuknox.clusterID | quote }}
value: {{ .Values.global.accuknox.clusterID | quote }}
- name: LABEL_NAME
value: {{ .Values.accuknox.label }}
value: {{ .Values.global.accuknox.label }}
volumeMounts:
- mountPath: /data
name: datapath
Expand Down
16 changes: 8 additions & 8 deletions k8s-risk-assessment-job/templates/job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"]
env:
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
volumeMounts:
- name: datapath
mountPath: /data
Expand All @@ -36,21 +36,21 @@ spec:
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
name: k8s-risk-assessment-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
name: {{ .Values.global.accuknox.secretName }}
{{- end }}
- name: URL
value: {{ .Values.accuknox.URL }}
value: {{ .Values.global.accuknox.url }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantID | quote }}
value: {{ .Values.global.accuknox.tenantId | quote }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
- name: CLUSTER_ID
value: {{ .Values.accuknox.clusterID | quote }}
value: {{ .Values.global.accuknox.clusterID | quote }}
- name: LABEL_NAME
value: {{ .Values.accuknox.label }}
value: {{ .Values.global.accuknox.label }}
volumeMounts:
- mountPath: /data
name: datapath
Expand Down
4 changes: 2 additions & 2 deletions k8s-risk-assessment-job/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: k8s-risk-assessment-job-auth-token
namespace: {{ .Release.Namespace }}
data:
AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }}
AUTH_TOKEN: {{ .Values.global.accuknox.authToken | b64enc }}
{{- end }}
15 changes: 7 additions & 8 deletions k8s-risk-assessment-job/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,10 @@ imagePullSecrets:
replicaCount: 1

accuknox:
authToken: "NO-TOKEN-SET"
URL: "cspm.demo.accuknox.com"
tenantID: ""
cronTab: "30 9 * * *"
clusterName: ""
clusterID: 0
label: ""
secretName: ""
authToken: "{{ .Values.global.accuknox.authToken }}"
URL: "{{ .Values.global.accuknox.url }}"
tenantID: "{{ .Values.global.accuknox.tenantId }}"
cronTab: "{{ .Values.global.accuknox.cronTab }}"
clusterName: "{{ .Values.global.accuknox.clusterName }}"
label: "{{ .Values.global.accuknox.label }}"
secretName: "{{ .Values.global.accuknox.secretName }}"
16 changes: 8 additions & 8 deletions kiem-job/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
name: kiem-job
namespace: {{ .Release.Namespace }}
spec:
schedule: "{{ .Values.accuknox.cronTab }}"
schedule: "{{ .Values.global.accuknox.cronTab }}"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
Expand All @@ -24,7 +24,7 @@ spec:
args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"]
env:
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
volumeMounts:
- name: datapath
mountPath: /data
Expand All @@ -38,19 +38,19 @@ spec:
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
name: kiem-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
name: {{ .Values.global.accuknox.secretName }}
{{- end }}
- name: URL
value: {{ .Values.accuknox.URL }}
value: {{ .Values.global.accuknox.url }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantID | quote }}
value: {{ .Values.global.accuknox.tenantId | quote }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
- name: LABEL_NAME
value: {{ .Values.accuknox.label | quote}}
value: {{ .Values.global.accuknox.label | quote}}
volumeMounts:
- mountPath: /data
name: datapath
Expand Down
14 changes: 7 additions & 7 deletions kiem-job/templates/job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"]
env:
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
volumeMounts:
- name: datapath
mountPath: /data
Expand All @@ -35,19 +35,19 @@ spec:
valueFrom:
secretKeyRef:
key: AUTH_TOKEN
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
name: kiem-job-auth-token
{{- else }}
name: {{ .Values.accuknox.secretName }}
name: {{ .Values.global.accuknox.secretName }}
{{- end }}
- name: URL
value: {{ .Values.accuknox.URL }}
value: {{ .Values.global.accuknox.url }}
- name: TENANT_ID
value: {{ .Values.accuknox.tenantID | quote }}
value: {{ .Values.global.accuknox.tenantId | quote }}
- name: CLUSTER_NAME
value: {{ .Values.accuknox.clusterName }}
value: {{ .Values.global.accuknox.clusterName }}
- name: LABEL_NAME
value: {{ .Values.accuknox.label | quote}}
value: {{ .Values.global.accuknox.label | quote}}
volumeMounts:
- mountPath: /data
name: datapath
Expand Down
4 changes: 2 additions & 2 deletions kiem-job/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{{- if (.Values.accuknox.secretName | empty) }}
{{- if (.Values.global.accuknox.secretName | empty) }}
# if user didn't specify a secretName, use the default
apiVersion: v1
kind: Secret
metadata:
name: kiem-job-auth-token
namespace: {{ .Release.Namespace }}
data:
AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }}
AUTH_TOKEN: {{ .Values.global.accuknox.authToken | b64enc }}
{{- end }}
15 changes: 7 additions & 8 deletions kiem-job/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,13 @@ imagePullSecrets:
username: ""
password: ""


replicaCount: 1

accuknox:
authToken: "NO-TOKEN-SET"
URL: "cspm.demo.accuknox.com"
tenantID: ""
cronTab: "30 9 * * *"
clusterName: ""
label: ""
secretName: ""
authToken: "{{ .Values.global.accuknox.authToken }}"
URL: "{{ .Values.global.accuknox.url }}"
tenantID: "{{ .Values.global.accuknox.tenantId }}"
cronTab: "{{ .Values.global.accuknox.cronTab }}"
clusterName: "{{ .Values.global.accuknox.clusterName }}"
label: "{{ .Values.global.accuknox.label }}"
secretName: "{{ .Values.global.accuknox.secretName }}"

0 comments on commit 534dbdd

Please sign in to comment.