diff --git a/cis-k8s-job/templates/cis-cron-job.yaml b/cis-k8s-job/templates/cis-cron-job.yaml index cd7a81f..e2baca2 100644 --- a/cis-k8s-job/templates/cis-cron-job.yaml +++ b/cis-k8s-job/templates/cis-cron-job.yaml @@ -28,21 +28,21 @@ spec: valueFrom: secretKeyRef: key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} + {{- if (.Values.global.accuknox.secretName | empty) }} name: cis-k8s-job-auth-token {{- else }} - name: {{ .Values.accuknox.secretName }} + name: {{ .Values.global.accuknox.secretName }} {{- end }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.accuknox.label }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterId }} + value: {{ .Values.global.accuknox.clusterId }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantId | quote}} + value: {{ .Values.global.accuknox.tenantId | quote}} - name: URL - value: {{ .Values.accuknox.url }} + value: {{ .Values.global.accuknox.url }} volumeMounts: - mountPath: /data name: datapath @@ -58,7 +58,7 @@ spec: volumes: {{- include "volumes" .Values.toolConfig | trim | nindent 11 }} - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.accuknox.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 diff --git a/cis-k8s-job/templates/cis-job.yaml b/cis-k8s-job/templates/cis-job.yaml index bef5c29..22789f2 100644 --- a/cis-k8s-job/templates/cis-job.yaml +++ b/cis-k8s-job/templates/cis-job.yaml @@ -31,21 +31,21 @@ spec: valueFrom: secretKeyRef: key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} + {{- if (.Values.global.accuknox.secretName | empty) }} name: cis-k8s-job-auth-token {{- else }} - name: {{ .Values.accuknox.secretName }} + name: {{ .Values.global.accuknox.secretName }} {{- end }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.accuknox.label }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterId }} + value: {{ .Values.global.accuknox.clusterId }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantId | quote}} + value: {{ .Values.global.accuknox.tenantId | quote}} - name: URL - value: {{ .Values.accuknox.url }} + value: {{ .Values.global.accuknox.url }} volumeMounts: - mountPath: /data name: datapath diff --git a/cis-k8s-job/templates/secret.yaml b/cis-k8s-job/templates/secret.yaml index 93e9bb5..ea2b2f9 100644 --- a/cis-k8s-job/templates/secret.yaml +++ b/cis-k8s-job/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if (.Values.accuknox.secretName | empty) }} +{{- if (.Values.global.accuknox.secretName | empty) }} # if user didn't specify a secretName, use the default apiVersion: v1 kind: Secret @@ -6,5 +6,5 @@ metadata: name: cis-k8s-job-auth-token namespace: {{ .Release.Namespace }} data: - AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }} + AUTH_TOKEN: {{ .Values.global.accuknox.authToken | b64enc }} {{- end }} diff --git a/cis-k8s-job/values.yaml b/cis-k8s-job/values.yaml index 371e374..354146d 100644 --- a/cis-k8s-job/values.yaml +++ b/cis-k8s-job/values.yaml @@ -29,11 +29,10 @@ toolConfig: skip: "" accuknox: - authToken: "NO-TOKEN-SET" - cronTab: "30 9 * * *" - clusterName: "" - label: "" - clusterId: "" - tenantId: "" - url: "cspm.demo.accuknox.com" - secretName: "" + authToken: "{{ .Values.global.accuknox.authToken }}" + URL: "{{ .Values.global.accuknox.url }}" + tenantID: "{{ .Values.global.accuknox.tenantId }}" + cronTab: "{{ .Values.global.accuknox.cronTab }}" + clusterName: "{{ .Values.global.accuknox.clusterName }}" + label: "{{ .Values.global.accuknox.label }}" + secretName: "{{ .Values.global.accuknox.secretName }}" diff --git a/k8s-risk-assessment-job/templates/cronjob.yaml b/k8s-risk-assessment-job/templates/cronjob.yaml index cc074d9..1a413c1 100644 --- a/k8s-risk-assessment-job/templates/cronjob.yaml +++ b/k8s-risk-assessment-job/templates/cronjob.yaml @@ -4,7 +4,7 @@ metadata: name: k8s-risk-assessment-job namespace: {{ .Release.Namespace }} spec: - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.accuknox.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -25,7 +25,7 @@ spec: args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -40,21 +40,21 @@ spec: valueFrom: secretKeyRef: key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} + {{- if (.Values.global.accuknox.secretName | empty) }} name: k8s-risk-assessment-job-auth-token {{- else }} - name: {{ .Values.accuknox.secretName }} + name: {{ .Values.global.accuknox.secretName }} {{- end }} - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.accuknox.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.accuknox.tenantId | quote }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterID | quote }} + value: {{ .Values.global.accuknox.clusterID | quote }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.accuknox.label }} volumeMounts: - mountPath: /data name: datapath diff --git a/k8s-risk-assessment-job/templates/job.yaml b/k8s-risk-assessment-job/templates/job.yaml index f5d43a7..98bf85f 100644 --- a/k8s-risk-assessment-job/templates/job.yaml +++ b/k8s-risk-assessment-job/templates/job.yaml @@ -21,7 +21,7 @@ spec: args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -36,21 +36,21 @@ spec: valueFrom: secretKeyRef: key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} + {{- if (.Values.global.accuknox.secretName | empty) }} name: k8s-risk-assessment-job-auth-token {{- else }} - name: {{ .Values.accuknox.secretName }} + name: {{ .Values.global.accuknox.secretName }} {{- end }} - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.accuknox.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.accuknox.tenantId | quote }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterID | quote }} + value: {{ .Values.global.accuknox.clusterID | quote }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.accuknox.label }} volumeMounts: - mountPath: /data name: datapath diff --git a/k8s-risk-assessment-job/templates/secret.yaml b/k8s-risk-assessment-job/templates/secret.yaml index 1cf76c9..858a5cf 100644 --- a/k8s-risk-assessment-job/templates/secret.yaml +++ b/k8s-risk-assessment-job/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if (.Values.accuknox.secretName | empty) }} +{{- if (.Values.global.accuknox.secretName | empty) }} # if user didn't specify a secretName, use the default apiVersion: v1 kind: Secret @@ -6,5 +6,5 @@ metadata: name: k8s-risk-assessment-job-auth-token namespace: {{ .Release.Namespace }} data: - AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }} + AUTH_TOKEN: {{ .Values.global.accuknox.authToken | b64enc }} {{- end }} diff --git a/k8s-risk-assessment-job/values.yaml b/k8s-risk-assessment-job/values.yaml index 0c087ab..8aea7f2 100644 --- a/k8s-risk-assessment-job/values.yaml +++ b/k8s-risk-assessment-job/values.yaml @@ -23,11 +23,10 @@ imagePullSecrets: replicaCount: 1 accuknox: - authToken: "NO-TOKEN-SET" - URL: "cspm.demo.accuknox.com" - tenantID: "" - cronTab: "30 9 * * *" - clusterName: "" - clusterID: 0 - label: "" - secretName: "" + authToken: "{{ .Values.global.accuknox.authToken }}" + URL: "{{ .Values.global.accuknox.url }}" + tenantID: "{{ .Values.global.accuknox.tenantId }}" + cronTab: "{{ .Values.global.accuknox.cronTab }}" + clusterName: "{{ .Values.global.accuknox.clusterName }}" + label: "{{ .Values.global.accuknox.label }}" + secretName: "{{ .Values.global.accuknox.secretName }}" diff --git a/kiem-job/templates/deployment.yaml b/kiem-job/templates/deployment.yaml index 9262af0..f23c1c0 100644 --- a/kiem-job/templates/deployment.yaml +++ b/kiem-job/templates/deployment.yaml @@ -4,7 +4,7 @@ metadata: name: kiem-job namespace: {{ .Release.Namespace }} spec: - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.accuknox.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: @@ -24,7 +24,7 @@ spec: args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -38,19 +38,19 @@ spec: valueFrom: secretKeyRef: key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} + {{- if (.Values.global.accuknox.secretName | empty) }} name: kiem-job-auth-token {{- else }} - name: {{ .Values.accuknox.secretName }} + name: {{ .Values.global.accuknox.secretName }} {{- end }} - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.accuknox.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.accuknox.tenantId | quote }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label | quote}} + value: {{ .Values.global.accuknox.label | quote}} volumeMounts: - mountPath: /data name: datapath diff --git a/kiem-job/templates/job.yaml b/kiem-job/templates/job.yaml index 0ad2eec..07bd961 100644 --- a/kiem-job/templates/job.yaml +++ b/kiem-job/templates/job.yaml @@ -21,7 +21,7 @@ spec: args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -35,19 +35,19 @@ spec: valueFrom: secretKeyRef: key: AUTH_TOKEN - {{- if (.Values.accuknox.secretName | empty) }} + {{- if (.Values.global.accuknox.secretName | empty) }} name: kiem-job-auth-token {{- else }} - name: {{ .Values.accuknox.secretName }} + name: {{ .Values.global.accuknox.secretName }} {{- end }} - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.accuknox.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.accuknox.tenantId | quote }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.accuknox.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label | quote}} + value: {{ .Values.global.accuknox.label | quote}} volumeMounts: - mountPath: /data name: datapath diff --git a/kiem-job/templates/secret.yaml b/kiem-job/templates/secret.yaml index 9ab9681..f8798bb 100644 --- a/kiem-job/templates/secret.yaml +++ b/kiem-job/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if (.Values.accuknox.secretName | empty) }} +{{- if (.Values.global.accuknox.secretName | empty) }} # if user didn't specify a secretName, use the default apiVersion: v1 kind: Secret @@ -6,5 +6,5 @@ metadata: name: kiem-job-auth-token namespace: {{ .Release.Namespace }} data: - AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }} + AUTH_TOKEN: {{ .Values.global.accuknox.authToken | b64enc }} {{- end }} diff --git a/kiem-job/values.yaml b/kiem-job/values.yaml index 4e7a48f..3372882 100644 --- a/kiem-job/values.yaml +++ b/kiem-job/values.yaml @@ -20,14 +20,13 @@ imagePullSecrets: username: "" password: "" - replicaCount: 1 accuknox: - authToken: "NO-TOKEN-SET" - URL: "cspm.demo.accuknox.com" - tenantID: "" - cronTab: "30 9 * * *" - clusterName: "" - label: "" - secretName: "" + authToken: "{{ .Values.global.accuknox.authToken }}" + URL: "{{ .Values.global.accuknox.url }}" + tenantID: "{{ .Values.global.accuknox.tenantId }}" + cronTab: "{{ .Values.global.accuknox.cronTab }}" + clusterName: "{{ .Values.global.accuknox.clusterName }}" + label: "{{ .Values.global.accuknox.label }}" + secretName: "{{ .Values.global.accuknox.secretName }}"