From 8868028dace08b6b53e3cd00f7a8d7412cf58551 Mon Sep 17 00:00:00 2001 From: stefin <112696367+stefin9898@users.noreply.github.com> Date: Mon, 4 Dec 2023 19:51:37 +0530 Subject: [PATCH 1/3] Added Extra Metadata to the generated JSON --- Dockerfile | 9 +++++++++ accuknox-cis-job/templates/cis-job.yaml | 4 ++++ entrypoint.sh | 5 +++++ 3 files changed, 18 insertions(+) create mode 100644 Dockerfile create mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9a079ac --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +FROM docker.io/nginx + +RUN apt update -y \ + && apt upgrade -y \ + && apt install -y curl jq + +COPY entrypoint.sh . + +ENTRYPOINT ["/bin/bash", "entrypoint.sh"] \ No newline at end of file diff --git a/accuknox-cis-job/templates/cis-job.yaml b/accuknox-cis-job/templates/cis-job.yaml index 588e2fc..4562460 100644 --- a/accuknox-cis-job/templates/cis-job.yaml +++ b/accuknox-cis-job/templates/cis-job.yaml @@ -19,6 +19,10 @@ spec: env: - name: AUTH_TOKEN value: {{ .Values.accuknox.authToken }} + - name: CLUSTER_NAME + value: {{ .Values.accuknox.clusterName }} + - name: LABEL_NAME + value: {{ .Values.accuknox.label }} volumeMounts: - mountPath: /data name: datapath diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..cd30585 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,5 @@ +cat <<<$(jq '. += { + "Metadata": { + "cluster_name":$ENV.CLUSTER_NAME, + "label_name":$ENV.LABEL_NAME}} + ' /data/report.json) >/data/report.json From 28c92a3275edff761e8e9d6f5f465e48f4509e82 Mon Sep 17 00:00:00 2001 From: stefin <112696367+stefin9898@users.noreply.github.com> Date: Mon, 4 Dec 2023 23:01:54 +0530 Subject: [PATCH 2/3] Added GH Action to build and push docker image --- .github/workflows/action.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/action.yaml diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml new file mode 100644 index 0000000..8d0090c --- /dev/null +++ b/.github/workflows/action.yaml @@ -0,0 +1,26 @@ +name: accuknox-jobs Workflow + +on: + push: + branches: + - main + +jobs: + push_to_registry: + name: Build and push Docker image to Docker Hub + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v4 + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: accuknox/accuknox-job:latest \ No newline at end of file From 7d7e2f9d128928e8be40bca2d2beb23a16c231a1 Mon Sep 17 00:00:00 2001 From: stefin <112696367+stefin9898@users.noreply.github.com> Date: Tue, 5 Dec 2023 07:10:47 +0530 Subject: [PATCH 3/3] Use accuknox/accuknox-job:latest instead of nginx --- accuknox-cis-job/templates/cis-job.yaml | 4 ++-- accuknox-k8tls-job/templates/k8tls-job.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/accuknox-cis-job/templates/cis-job.yaml b/accuknox-cis-job/templates/cis-job.yaml index 4562460..1be43f2 100644 --- a/accuknox-cis-job/templates/cis-job.yaml +++ b/accuknox-cis-job/templates/cis-job.yaml @@ -11,9 +11,9 @@ spec: template: spec: containers: - - image: nginx + - image: accuknox/accuknox-job:latest command: ["/bin/sh", "-c"] - args: ["apt update && apt install -y curl && curl www.google.com && echo $AUTH_TOKEN"] + args: ["curl www.google.com && echo $AUTH_TOKEN"] name: accuknox-cis-cronjob resources: {} env: diff --git a/accuknox-k8tls-job/templates/k8tls-job.yaml b/accuknox-k8tls-job/templates/k8tls-job.yaml index 71d5e1a..e3bcba9 100644 --- a/accuknox-k8tls-job/templates/k8tls-job.yaml +++ b/accuknox-k8tls-job/templates/k8tls-job.yaml @@ -40,9 +40,9 @@ spec: spec: serviceAccountName: k8tls-serviceact containers: - - image: nginx + - image: accuknox/accuknox-job:latest command: ["/bin/sh", "-c"] - args: ["apt update && apt install -y curl && curl www.google.com && echo $AUTH_TOKEN && cat /data/report.json"] + args: ["curl www.google.com && echo $AUTH_TOKEN && cat /data/report.json"] name: accuknox-k8tls-job resources: {} env: