From d02db913be9e79fd18fd4b661c3e62a6801d9479 Mon Sep 17 00:00:00 2001 From: Priya Date: Wed, 28 Aug 2024 14:50:42 +0530 Subject: [PATCH] updated charts --- cis-k8s-job/values.yaml | 12 ------ k8s-jobs/Chart.yaml | 43 +++++++++++++++++++ .../charts/cis-k8s-job}/.helmignore | 0 .../charts/cis-k8s-job}/Chart.yaml | 0 .../charts/cis-k8s-job}/README.md | 0 .../cis-k8s-job}/templates/_helpers.tpl | 0 .../cis-k8s-job}/templates/cis-corn-job.yaml | 17 +++++--- .../cis-k8s-job}/templates/cis-job.yaml | 16 ++++--- k8s-jobs/charts/cis-k8s-job/values.yaml | 7 +++ .../k8s-risk-assessment-job}/.helmignore | 0 .../k8s-risk-assessment-job}/Chart.yaml | 0 .../charts/k8s-risk-assessment-job}/README.md | 0 .../templates/clusterrole.yaml | 3 ++ .../templates/clusterrolebinding.yaml | 2 + .../templates/configmap.yaml | 3 ++ .../templates/cronjob.yaml | 17 +++++--- .../templates/job.yaml | 14 +++--- .../templates/secret.yaml | 2 +- .../templates/serviceaccount.yaml | 2 + .../k8s-risk-assessment-job}/values.yaml | 9 +--- .../charts/k8tls-job}/.helmignore | 0 .../charts/k8tls-job}/Chart.yaml | 0 .../charts/k8tls-job}/README.md | 0 .../charts/k8tls-job}/templates/_helpers.tpl | 0 .../k8tls-job}/templates/k8tls-cronjob.yaml | 15 ++++--- .../k8tls-job}/templates/k8tls-job.yaml | 12 +++--- .../charts/k8tls-job}/values.yaml | 8 +--- .../charts/kiem-job}/.helmignore | 0 .../charts/kiem-job}/Chart.yaml | 0 .../charts/kiem-job}/templates/_helpers.tpl | 0 .../kiem-job}/templates/deployment.yaml | 18 ++++---- .../charts/kiem-job}/templates/job.yaml | 16 ++++--- .../charts/kiem-job}/templates/role.yaml | 2 + .../kiem-job}/templates/rolebinding.yaml | 4 +- .../kiem-job/templates/serviceaccount.yaml | 7 +++ .../charts/kiem-job}/values.yaml | 8 +--- k8s-jobs/values.yaml | 24 +++++++++++ kiem-job/templates/serviceaccount.yaml | 5 --- 38 files changed, 174 insertions(+), 92 deletions(-) delete mode 100644 cis-k8s-job/values.yaml create mode 100644 k8s-jobs/Chart.yaml rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/.helmignore (100%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/Chart.yaml (100%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/README.md (100%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/templates/_helpers.tpl (100%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/templates/cis-corn-job.yaml (90%) rename {cis-k8s-job => k8s-jobs/charts/cis-k8s-job}/templates/cis-job.yaml (89%) create mode 100644 k8s-jobs/charts/cis-k8s-job/values.yaml rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/.helmignore (100%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/Chart.yaml (100%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/README.md (100%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/clusterrole.yaml (97%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/clusterrolebinding.yaml (85%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/configmap.yaml (95%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/cronjob.yaml (82%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/job.yaml (82%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/secret.yaml (81%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/templates/serviceaccount.yaml (68%) rename {k8s-risk-assessment-job => k8s-jobs/charts/k8s-risk-assessment-job}/values.yaml (64%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/.helmignore (100%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/Chart.yaml (100%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/README.md (100%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/templates/_helpers.tpl (100%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/templates/k8tls-cronjob.yaml (79%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/templates/k8tls-job.yaml (73%) rename {k8tls-job => k8s-jobs/charts/k8tls-job}/values.yaml (50%) rename {kiem-job => k8s-jobs/charts/kiem-job}/.helmignore (100%) rename {kiem-job => k8s-jobs/charts/kiem-job}/Chart.yaml (100%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/_helpers.tpl (100%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/deployment.yaml (77%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/job.yaml (74%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/role.yaml (93%) rename {kiem-job => k8s-jobs/charts/kiem-job}/templates/rolebinding.yaml (78%) create mode 100644 k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml rename {kiem-job => k8s-jobs/charts/kiem-job}/values.yaml (53%) create mode 100644 k8s-jobs/values.yaml delete mode 100644 kiem-job/templates/serviceaccount.yaml diff --git a/cis-k8s-job/values.yaml b/cis-k8s-job/values.yaml deleted file mode 100644 index 032aa18..0000000 --- a/cis-k8s-job/values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Default values for cis-k8s-job. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -accuknox: - authToken: "NO-TOKEN-SET" - cronTab: "30 9 * * *" - clusterName: "" - label: "" - clusterId: "" - tenantId: "" - url: "cspm.demo.accuknox.com" diff --git a/k8s-jobs/Chart.yaml b/k8s-jobs/Chart.yaml new file mode 100644 index 0000000..e26d30d --- /dev/null +++ b/k8s-jobs/Chart.yaml @@ -0,0 +1,43 @@ +apiVersion: v2 +name: k8s-jobs +description: A Helm chart for managing Kubernetes jobs including CIS compliance checks, risk assessment jobs, TLS management jobs, and more. + + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +dependencies: + - name: cis-k8s-job + version: "0.1.0" + repository: "file://charts/cis-k8s-job" + condition: accuknox.cis.enabled + - name: k8s-risk-assessment-job + version: "0.1.0" + repository: "file://charts/k8s-risk-assessment-job" + condition: accuknox.riskassessment.enabled + - name: k8tls-job + version: "0.1.0" + repository: "file://charts/k8tls-job" + condition: accuknox.k8tls.enabled + - name: kiem-job + version: "0.1.0" + repository: "file://charts/kiem-job" + condition: accuknox.kiem.enabled diff --git a/cis-k8s-job/.helmignore b/k8s-jobs/charts/cis-k8s-job/.helmignore similarity index 100% rename from cis-k8s-job/.helmignore rename to k8s-jobs/charts/cis-k8s-job/.helmignore diff --git a/cis-k8s-job/Chart.yaml b/k8s-jobs/charts/cis-k8s-job/Chart.yaml similarity index 100% rename from cis-k8s-job/Chart.yaml rename to k8s-jobs/charts/cis-k8s-job/Chart.yaml diff --git a/cis-k8s-job/README.md b/k8s-jobs/charts/cis-k8s-job/README.md similarity index 100% rename from cis-k8s-job/README.md rename to k8s-jobs/charts/cis-k8s-job/README.md diff --git a/cis-k8s-job/templates/_helpers.tpl b/k8s-jobs/charts/cis-k8s-job/templates/_helpers.tpl similarity index 100% rename from cis-k8s-job/templates/_helpers.tpl rename to k8s-jobs/charts/cis-k8s-job/templates/_helpers.tpl diff --git a/cis-k8s-job/templates/cis-corn-job.yaml b/k8s-jobs/charts/cis-k8s-job/templates/cis-corn-job.yaml similarity index 90% rename from cis-k8s-job/templates/cis-corn-job.yaml rename to k8s-jobs/charts/cis-k8s-job/templates/cis-corn-job.yaml index 7faa87d..c2fae7b 100644 --- a/cis-k8s-job/templates/cis-corn-job.yaml +++ b/k8s-jobs/charts/cis-k8s-job/templates/cis-corn-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.cis.enabled }} apiVersion: batch/v1 kind: CronJob metadata: @@ -18,17 +19,17 @@ spec: resources: {} env: - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.label }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterId }} + value: {{ .Values.global.clusterId }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantId | quote}} + value: {{ .Values.global.tenantId | quote}} - name: URL - value: {{ .Values.accuknox.url }} + value: {{ .Values.global.url }} volumeMounts: - mountPath: /data name: datapath @@ -112,8 +113,10 @@ spec: path: /opt/cni/bin/ name: opt-cni-bin - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 status: {} + +{{- end }} \ No newline at end of file diff --git a/cis-k8s-job/templates/cis-job.yaml b/k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml similarity index 89% rename from cis-k8s-job/templates/cis-job.yaml rename to k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml index 54edf0d..6ce3f26 100644 --- a/cis-k8s-job/templates/cis-job.yaml +++ b/k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.cis.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -18,17 +19,17 @@ spec: resources: {} env: - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.label }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterId }} + value: {{ .Values.global.clusterId }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantId | quote}} + value: {{ .Values.global.tenantId | quote}} - name: URL - value: {{ .Values.accuknox.url }} + value: {{ .Values.global.url }} volumeMounts: - mountPath: /data name: datapath @@ -110,4 +111,5 @@ spec: name: etc-cni-netd - hostPath: path: /opt/cni/bin/ - name: opt-cni-bin \ No newline at end of file + name: opt-cni-bin +{{- end }} \ No newline at end of file diff --git a/k8s-jobs/charts/cis-k8s-job/values.yaml b/k8s-jobs/charts/cis-k8s-job/values.yaml new file mode 100644 index 0000000..4da05bb --- /dev/null +++ b/k8s-jobs/charts/cis-k8s-job/values.yaml @@ -0,0 +1,7 @@ +# Default values for cis-k8s-job. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +accuknox: + cis: + enabled: "false" diff --git a/k8s-risk-assessment-job/.helmignore b/k8s-jobs/charts/k8s-risk-assessment-job/.helmignore similarity index 100% rename from k8s-risk-assessment-job/.helmignore rename to k8s-jobs/charts/k8s-risk-assessment-job/.helmignore diff --git a/k8s-risk-assessment-job/Chart.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/Chart.yaml similarity index 100% rename from k8s-risk-assessment-job/Chart.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/Chart.yaml diff --git a/k8s-risk-assessment-job/README.md b/k8s-jobs/charts/k8s-risk-assessment-job/README.md similarity index 100% rename from k8s-risk-assessment-job/README.md rename to k8s-jobs/charts/k8s-risk-assessment-job/README.md diff --git a/k8s-risk-assessment-job/templates/clusterrole.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml similarity index 97% rename from k8s-risk-assessment-job/templates/clusterrole.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml index 73564d6..b64f2bb 100644 --- a/k8s-risk-assessment-job/templates/clusterrole.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -170,3 +171,5 @@ rules: - namespaces verbs: - update + +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/clusterrolebinding.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml similarity index 85% rename from k8s-risk-assessment-job/templates/clusterrolebinding.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml index 7009a19..8a092a9 100644 --- a/k8s-risk-assessment-job/templates/clusterrolebinding.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -10,3 +11,4 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: k8s-risk-assessment-job-clusterrole +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/configmap.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml similarity index 95% rename from k8s-risk-assessment-job/templates/configmap.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml index 54b913c..e7aa1da 100644 --- a/k8s-risk-assessment-job/templates/configmap.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -38,3 +39,5 @@ data: --header "Tenant-Id: ${TENANT_ID}" \ --form "file=@\"/data/report.json\"" \ "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=false&label_id=${LABEL_NAME}" + +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/cronjob.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml similarity index 82% rename from k8s-risk-assessment-job/templates/cronjob.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml index b603dc2..49235bf 100644 --- a/k8s-risk-assessment-job/templates/cronjob.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml @@ -1,10 +1,11 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: batch/v1 kind: CronJob metadata: name: k8s-risk-assessment-job namespace: {{ .Release.Namespace }} spec: - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 @@ -21,7 +22,7 @@ spec: args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -42,15 +43,15 @@ spec: name: {{ .Values.accuknox.secretName }} {{- end }} - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterID | quote }} + value: {{ .Values.global.clusterId | quote }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.label }} volumeMounts: - mountPath: /data name: datapath @@ -64,3 +65,5 @@ spec: name: k8s-risk-assessment-job-script-configmap restartPolicy: OnFailure serviceAccount: k8s-risk-assessment-job-service-account + +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/job.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/job.yaml similarity index 82% rename from k8s-risk-assessment-job/templates/job.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/job.yaml index aaacd12..6c01ff4 100644 --- a/k8s-risk-assessment-job/templates/job.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -15,7 +16,7 @@ spec: args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -36,15 +37,15 @@ spec: name: {{ .Values.accuknox.secretName }} {{- end }} - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: CLUSTER_ID - value: {{ .Values.accuknox.clusterID | quote }} + value: {{ .Values.global.clusterID | quote }} - name: LABEL_NAME - value: {{ .Values.accuknox.label }} + value: {{ .Values.global.label }} volumeMounts: - mountPath: /data name: datapath @@ -58,3 +59,4 @@ spec: name: k8s-risk-assessment-job-script-configmap restartPolicy: OnFailure serviceAccount: k8s-risk-assessment-job-service-account +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/templates/secret.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/secret.yaml similarity index 81% rename from k8s-risk-assessment-job/templates/secret.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/secret.yaml index 1cf76c9..fa0f051 100644 --- a/k8s-risk-assessment-job/templates/secret.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/secret.yaml @@ -6,5 +6,5 @@ metadata: name: k8s-risk-assessment-job-auth-token namespace: {{ .Release.Namespace }} data: - AUTH_TOKEN: {{ .Values.accuknox.authToken | b64enc }} + AUTH_TOKEN: {{ .Values.global.authToken | b64enc }} {{- end }} diff --git a/k8s-risk-assessment-job/templates/serviceaccount.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml similarity index 68% rename from k8s-risk-assessment-job/templates/serviceaccount.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml index f9d0a7a..fa4b7bb 100644 --- a/k8s-risk-assessment-job/templates/serviceaccount.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml @@ -1,5 +1,7 @@ +{{- if .Values.accuknox.riskassessment.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: k8s-risk-assessment-job-service-account namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/k8s-risk-assessment-job/values.yaml b/k8s-jobs/charts/k8s-risk-assessment-job/values.yaml similarity index 64% rename from k8s-risk-assessment-job/values.yaml rename to k8s-jobs/charts/k8s-risk-assessment-job/values.yaml index 9b669bf..7865a45 100644 --- a/k8s-risk-assessment-job/values.yaml +++ b/k8s-jobs/charts/k8s-risk-assessment-job/values.yaml @@ -10,11 +10,6 @@ kubescape: replicaCount: 1 accuknox: - authToken: "NO-TOKEN-SET" - URL: "cspm.demo.accuknox.com" - tenantID: "" - cronTab: "30 9 * * *" - clusterName: "" - clusterID: 0 - label: "" + riskassessment: + enabled: "false" secretName: "" diff --git a/k8tls-job/.helmignore b/k8s-jobs/charts/k8tls-job/.helmignore similarity index 100% rename from k8tls-job/.helmignore rename to k8s-jobs/charts/k8tls-job/.helmignore diff --git a/k8tls-job/Chart.yaml b/k8s-jobs/charts/k8tls-job/Chart.yaml similarity index 100% rename from k8tls-job/Chart.yaml rename to k8s-jobs/charts/k8tls-job/Chart.yaml diff --git a/k8tls-job/README.md b/k8s-jobs/charts/k8tls-job/README.md similarity index 100% rename from k8tls-job/README.md rename to k8s-jobs/charts/k8tls-job/README.md diff --git a/k8tls-job/templates/_helpers.tpl b/k8s-jobs/charts/k8tls-job/templates/_helpers.tpl similarity index 100% rename from k8tls-job/templates/_helpers.tpl rename to k8s-jobs/charts/k8tls-job/templates/_helpers.tpl diff --git a/k8tls-job/templates/k8tls-cronjob.yaml b/k8s-jobs/charts/k8tls-job/templates/k8tls-cronjob.yaml similarity index 79% rename from k8tls-job/templates/k8tls-cronjob.yaml rename to k8s-jobs/charts/k8tls-job/templates/k8tls-cronjob.yaml index 951c54d..5ff85d9 100644 --- a/k8tls-job/templates/k8tls-cronjob.yaml +++ b/k8s-jobs/charts/k8tls-job/templates/k8tls-cronjob.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.k8tls.enabled }} apiVersion: v1 kind: ServiceAccount metadata: @@ -47,15 +48,15 @@ spec: resources: {} env: - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }} + value: {{ if ne .Values.global.clusterName "" }}{{ .Values.global.clusterName }}{{ else }}{{ "default" }}{{ end }} - name: LABEL_NAME - value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }} + value: {{ if ne .Values.global.label "" }}{{ .Values.global.label }}{{ else }}{{ "default" }}{{ end }} volumeMounts: - mountPath: /data name: datapath @@ -75,6 +76,8 @@ spec: - name: datapath emptyDir: {} - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 + +{{- end }} \ No newline at end of file diff --git a/k8tls-job/templates/k8tls-job.yaml b/k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml similarity index 73% rename from k8tls-job/templates/k8tls-job.yaml rename to k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml index 3018a0a..3c32376 100644 --- a/k8tls-job/templates/k8tls-job.yaml +++ b/k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.k8tls.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -17,15 +18,15 @@ spec: resources: {} env: - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }} + value: {{ if ne .Values.global.clusterName "" }}{{ .Values.global.clusterName }}{{ else }}{{ "default" }}{{ end }} - name: LABEL_NAME - value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }} + value: {{ if ne .Values.global.label "" }}{{ .Values.global.label }}{{ else }}{{ "default" }}{{ end }} volumeMounts: - mountPath: /data name: datapath @@ -45,3 +46,4 @@ spec: - name: datapath emptyDir: {} +{{- end }} \ No newline at end of file diff --git a/k8tls-job/values.yaml b/k8s-jobs/charts/k8tls-job/values.yaml similarity index 50% rename from k8tls-job/values.yaml rename to k8s-jobs/charts/k8tls-job/values.yaml index 720722e..edada77 100644 --- a/k8tls-job/values.yaml +++ b/k8s-jobs/charts/k8tls-job/values.yaml @@ -3,9 +3,5 @@ # Declare variables to be passed into your templates. accuknox: - authToken: "NO-TOKEN-SET" - cronTab: "30 9 * * *" - tenantID: "" - clusterName: "" - label: "" - URL: "cspm.demo.accuknox.com" + k8tls: + enabled: "false" diff --git a/kiem-job/.helmignore b/k8s-jobs/charts/kiem-job/.helmignore similarity index 100% rename from kiem-job/.helmignore rename to k8s-jobs/charts/kiem-job/.helmignore diff --git a/kiem-job/Chart.yaml b/k8s-jobs/charts/kiem-job/Chart.yaml similarity index 100% rename from kiem-job/Chart.yaml rename to k8s-jobs/charts/kiem-job/Chart.yaml diff --git a/kiem-job/templates/_helpers.tpl b/k8s-jobs/charts/kiem-job/templates/_helpers.tpl similarity index 100% rename from kiem-job/templates/_helpers.tpl rename to k8s-jobs/charts/kiem-job/templates/_helpers.tpl diff --git a/kiem-job/templates/deployment.yaml b/k8s-jobs/charts/kiem-job/templates/deployment.yaml similarity index 77% rename from kiem-job/templates/deployment.yaml rename to k8s-jobs/charts/kiem-job/templates/deployment.yaml index 0737708..2eab8a4 100644 --- a/kiem-job/templates/deployment.yaml +++ b/k8s-jobs/charts/kiem-job/templates/deployment.yaml @@ -1,10 +1,11 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: batch/v1 kind: CronJob metadata: name: kiem-job namespace: {{ .Release.Namespace }} spec: - schedule: "{{ .Values.accuknox.cronTab }}" + schedule: "{{ .Values.global.cronTab }}" successfulJobsHistoryLimit: 1 failedJobsHistoryLimit: 1 jobTemplate: @@ -20,7 +21,7 @@ spec: args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -31,15 +32,15 @@ spec: resources: {} env: - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label | quote}} + value: {{ .Values.global.label | quote}} volumeMounts: - mountPath: /data name: datapath @@ -48,5 +49,4 @@ spec: emptyDir: {} restartPolicy: OnFailure serviceAccount: kiem-service-account - - +{{- end }} \ No newline at end of file diff --git a/kiem-job/templates/job.yaml b/k8s-jobs/charts/kiem-job/templates/job.yaml similarity index 74% rename from kiem-job/templates/job.yaml rename to k8s-jobs/charts/kiem-job/templates/job.yaml index 19906ac..526ae97 100644 --- a/kiem-job/templates/job.yaml +++ b/k8s-jobs/charts/kiem-job/templates/job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -15,7 +16,7 @@ spec: args: ["./kiem", "run", "--mode", "k8s", "--output", "/data/report.json"] env: - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} volumeMounts: - name: datapath mountPath: /data @@ -26,15 +27,15 @@ spec: resources: {} env: - name: URL - value: {{ .Values.accuknox.URL }} + value: {{ .Values.global.url }} - name: TENANT_ID - value: {{ .Values.accuknox.tenantID | quote }} + value: {{ .Values.global.tenantId | quote }} - name: AUTH_TOKEN - value: {{ .Values.accuknox.authToken }} + value: {{ .Values.global.authToken }} - name: CLUSTER_NAME - value: {{ .Values.accuknox.clusterName }} + value: {{ .Values.global.clusterName }} - name: LABEL_NAME - value: {{ .Values.accuknox.label | quote}} + value: {{ .Values.global.label | quote}} volumeMounts: - mountPath: /data name: datapath @@ -42,4 +43,5 @@ spec: - name: datapath emptyDir: {} restartPolicy: OnFailure - serviceAccount: kiem-service-account \ No newline at end of file + serviceAccount: kiem-service-account +{{- end }} \ No newline at end of file diff --git a/kiem-job/templates/role.yaml b/k8s-jobs/charts/kiem-job/templates/role.yaml similarity index 93% rename from kiem-job/templates/role.yaml rename to k8s-jobs/charts/kiem-job/templates/role.yaml index bc21f2e..20f7481 100644 --- a/kiem-job/templates/role.yaml +++ b/k8s-jobs/charts/kiem-job/templates/role.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -31,3 +32,4 @@ rules: - get - list - watch +{{- end }} \ No newline at end of file diff --git a/kiem-job/templates/rolebinding.yaml b/k8s-jobs/charts/kiem-job/templates/rolebinding.yaml similarity index 78% rename from kiem-job/templates/rolebinding.yaml rename to k8s-jobs/charts/kiem-job/templates/rolebinding.yaml index a0ea35b..0138da7 100644 --- a/kiem-job/templates/rolebinding.yaml +++ b/k8s-jobs/charts/kiem-job/templates/rolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.accuknox.kiem.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -9,4 +10,5 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: kiem-cluster-role \ No newline at end of file + name: kiem-cluster-role +{{- end }} \ No newline at end of file diff --git a/k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml b/k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml new file mode 100644 index 0000000..e3deab8 --- /dev/null +++ b/k8s-jobs/charts/kiem-job/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if .Values.accuknox.kiem.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kiem-service-account + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/kiem-job/values.yaml b/k8s-jobs/charts/kiem-job/values.yaml similarity index 53% rename from kiem-job/values.yaml rename to k8s-jobs/charts/kiem-job/values.yaml index e979326..91d592b 100644 --- a/kiem-job/values.yaml +++ b/k8s-jobs/charts/kiem-job/values.yaml @@ -5,9 +5,5 @@ replicaCount: 1 accuknox: - authToken: "NO-TOKEN-SET" - URL: "cspm.demo.accuknox.com" - tenantID: "" - cronTab: "30 9 * * *" - clusterName: "" - label: "" + kiem: + enabled: "false" diff --git a/k8s-jobs/values.yaml b/k8s-jobs/values.yaml new file mode 100644 index 0000000..f9141dc --- /dev/null +++ b/k8s-jobs/values.yaml @@ -0,0 +1,24 @@ +# Global parameters applicable to all jobs +global: + url: "cspm.demo.accuknox.com" + tenantId: "" + authToken: "NO-TOKEN-SET" + cronTab: "30 9 * * *" + clusterName: "" + clusterId: "" + label: "" + +# Job-specific configurations +accuknox: + cis: + enabled: "false" + # Add specific configurations for CIS job if needed + riskassessment: + enabled: "false" + # Add specific configurations for risk assessment job if needed + k8tls: + enabled: "false" + # Add specific configurations for k8tls job if needed + kiem: + enabled: "false" + # Add specific configurations for kiem job if needed \ No newline at end of file diff --git a/kiem-job/templates/serviceaccount.yaml b/kiem-job/templates/serviceaccount.yaml deleted file mode 100644 index 53ad66e..0000000 --- a/kiem-job/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kiem-service-account - namespace: {{ .Release.Namespace }} \ No newline at end of file