-
Notifications
You must be signed in to change notification settings - Fork 36
/
actions.yaml
98 lines (96 loc) · 3.21 KB
/
actions.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
cis-benchmark:
description: |-
Run the CIS Kubernetes Benchmark against snap-based components.
params:
apply:
type: string
default: none
description: |-
Apply remedies to address benchmark failures. The default, 'none',
will not attempt to fix any reported failures. Set to 'conservative'
to resolve simple failures. Set to 'dangerous' to attempt to resolve
all failures.
Note: Applying any remediation may result in an unusable cluster.
config:
type: string
default: https://github.com/charmed-kubernetes/kube-bench-config/archive/cis-1.23.zip#sha1=3cda2fc68b4ca36f69f5913bfc0b02576e7a3b3d
description: |-
Archive containing configuration files to use when running kube-bench.
The default value is known to be compatible with snap components. When
using a custom URL, append '#<hash_type>=<checksum>' to verify the
archive integrity when downloaded.
release:
type: string
default: https://github.com/aquasecurity/kube-bench/releases/download/v0.6.8/kube-bench_0.6.8_linux_amd64.tar.gz#sha256=5f9c5231949bd022a6993f5297cc05bb80a1b7c36a43cefed0a8c8af26778863
description: |-
Archive containing the 'kube-bench' binary to run. The default value
points to a stable upstream release. When using a custom URL, append
'#<hash_type>=<checksum>' to verify the archive integrity when
downloaded.
This may also be set to the special keyword 'upstream'. In this case,
the action will compile and use a local kube-bench binary built from
the default branch of the upstream repository:
https://github.com/aquasecurity/kube-bench
get-kubeconfig:
description: Retrieve Kubernetes cluster config, including credentials
upgrade:
description: Upgrade the Kubernetes snaps
user-create:
description: Create a new user
params:
name:
type: string
description: |
Username for the new user. This value must only contain alphanumeric
characters, ':', '@', '-' or '.'.
minLength: 2
groups:
type: string
description: |
Optional comma-separated list of groups eg. 'system:masters,managers'
required:
- name
user-delete:
description: Delete an existing user
params:
name:
type: string
description: Username of the user to delete
minLength: 2
required:
- name
user-list:
description: List existing users
restart:
description: Restart the Kubernetes control-plane services on demand.
namespace-list:
description: List existing k8s namespaces
namespace-create:
description: Create new namespace
params:
name:
type: string
description: Namespace name eg. staging
minLength: 2
required:
- name
namespace-delete:
description: Delete namespace
params:
name:
type: string
description: Namespace name eg. staging
minLength: 2
required:
- name
apply-manifest:
description: |
Apply JSON formatted Kubernetes manifest to cluster.
juju run this action using `--string-args`
params:
json:
type: string
description: The content of the manifest to deploy in JSON format
minLength: 2
required:
- json