charts updated

k8s-jobs/Chart.yaml

@@ -0,0 +1,43 @@
+apiVersion: v2
+name: k8s-jobs
+description: A Helm chart for managing Kubernetes jobs including CIS compliance checks, risk assessment jobs, TLS management jobs, and more.
+
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
+
+dependencies:
+  - name: cis-k8s-job
+    version: "0.1.0"
+    repository: "file://charts/cis-k8s-job"
+    condition: accuknox.cis.enabled 
+  - name: k8s-risk-assessment-job
+    version: "0.1.0"
+    repository: "file://charts/k8s-risk-assessment-job"
+    condition: accuknox.riskassessment.enabled
+  - name: k8tls-job
+    version: "0.1.0"
+    repository: "file://charts/k8tls-job"
+    condition: accuknox.k8tls.enabled
+  - name: kiem-job
+    version: "0.1.0"
+    repository: "file://charts/kiem-job"
+    condition: accuknox.kiem.enabled

cis-k8s-job/templates/cis-corn-job.yaml → k8s-jobs/charts/cis-k8s-job/templates/cis-job.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.accuknox.cis.enabled }}
 apiVersion: batch/v1
 kind: CronJob
 metadata:
@@ -18,17 +19,17 @@ spec:
             resources: {}
             env:
               - name: AUTH_TOKEN
-                value: {{ .Values.accuknox.authToken }}
+                value: {{ .Values.global.authToken }}
               - name: CLUSTER_NAME
-                value: {{ .Values.accuknox.clusterName }}
+                value: {{ .Values.global.clusterName }}
               - name: LABEL_NAME
-                value: {{ .Values.accuknox.label }}
+                value: {{ .Values.global.label }}
               - name: CLUSTER_ID
-                value: {{ .Values.accuknox.clusterId }}
+                value: {{ .Values.global.clusterId }}
               - name: TENANT_ID
-                value: {{ .Values.accuknox.tenantId | quote}}
+                value: {{ .Values.global.tenantId | quote}}
               - name: URL
-                value: {{ .Values.accuknox.url }}
+                value: {{ .Values.global.url }}
             volumeMounts:
             - mountPath: /data
               name: datapath
@@ -112,8 +113,10 @@ spec:
                 path: /opt/cni/bin/
               name: opt-cni-bin
 
-  schedule: "{{ .Values.accuknox.cronTab }}"
+  schedule: "{{ .Values.global.cronTab }}"
   successfulJobsHistoryLimit: 1
   failedJobsHistoryLimit: 1
 
 status: {}
+
+{{- end }}  

k8s-jobs/charts/cis-k8s-job/values.yaml

@@ -0,0 +1,7 @@
+# Default values for cis-k8s-job.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+accuknox:
+  cis:
+    enabled: "false"

k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrole.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.accuknox.riskassessment.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: k8s-risk-assessment-job-clusterrole
+rules:
+  - apiGroups:
+    - ""
+    - extensions
+    - apps
+    - batch
+    - rbac.authorization.k8s.io
+    - roles.rbac.authorization.k8s.io
+    - authorization.k8s.io
+    - certificates.k8s.io
+    - apiextensions.k8s.io
+    - admissionregistration.k8s.io
+    - networking.k8s.io
+    resources: ["*"]
+    verbs:  ["*"]
+
+{{- end }}  

k8s-risk-assessment-job/templates/clusterrolebinding.yaml → k8s-jobs/charts/k8s-risk-assessment-job/templates/clusterrolebinding.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.accuknox.riskassessment.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -10,3 +11,5 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: k8s-risk-assessment-job-clusterrole
+
+{{- end }}  

k8s-risk-assessment-job/templates/configmap.yaml → k8s-jobs/charts/k8s-risk-assessment-job/templates/configmap.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.accuknox.riskassessment.enabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -38,3 +39,5 @@ data:
     --header "Tenant-Id: ${TENANT_ID}" \
     --form "file=@\"/data/report.json\"" \
     "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=false&label_id=${LABEL_NAME}"
+
+{{- end }}  

k8s-risk-assessment-job/templates/cronjob.yaml → k8s-jobs/charts/k8s-risk-assessment-job/templates/cronjob.yaml

@@ -1,10 +1,11 @@
+{{- if .Values.accuknox.riskassessment.enabled }}
 apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: k8s-risk-assessment-job
   namespace: {{ .Release.Namespace }}
 spec:
-  schedule: "{{ .Values.accuknox.cronTab }}"
+  schedule: "{{ .Values.global.cronTab }}"
   successfulJobsHistoryLimit: 1
   failedJobsHistoryLimit: 1
 
@@ -21,7 +22,7 @@ spec:
               args: ["scan", "framework", "allcontrols,clusterscan,mitre,nsa", "--format", "json", "--cache-dir", "/data/kubescape-cache", "--output", "/data/report.json", "--cluster-name=$(CLUSTER_NAME)"]
               env:
                 - name: CLUSTER_NAME
-                  value: {{ .Values.accuknox.clusterName }}
+                  value: {{ .Values.global.clusterName }}
               volumeMounts:
                 - name: datapath
                   mountPath: /data
@@ -32,25 +33,18 @@ spec:
                 - '/bin/sh'
                 - '/script/augment-and-push-results.sh'
               env:
-                - name: AUTH_TOKEN
-                  valueFrom:
-                    secretKeyRef:
-                      key: AUTH_TOKEN
-                      {{- if (.Values.accuknox.secretName | empty) }}
-                      name: k8s-risk-assessment-job-auth-token
-                      {{- else }}
-                      name: {{ .Values.accuknox.secretName }}
-                      {{- end }}
                 - name: URL
-                  value: {{ .Values.accuknox.URL }}
+                  value: {{ .Values.global.url }}
                 - name: TENANT_ID
-                  value: {{ .Values.accuknox.tenantID | quote }}
+                  value: {{ .Values.global.tenantId | quote }}
+                - name: AUTH_TOKEN
+                  value: {{ .Values.global.authToken }}
                 - name: CLUSTER_NAME
-                  value: {{ .Values.accuknox.clusterName }}
+                  value: {{ .Values.global.clusterName }}
                 - name: CLUSTER_ID
-                  value: {{ .Values.accuknox.clusterID | quote }}
+                  value: {{ .Values.global.clusterId | quote }}
                 - name: LABEL_NAME
-                  value: {{ .Values.accuknox.label }}
+                  value: {{ .Values.global.label }}
               volumeMounts:
                 - mountPath: /data
                   name: datapath
@@ -64,3 +58,4 @@ spec:
                 name: k8s-risk-assessment-job-script-configmap
           restartPolicy: OnFailure
           serviceAccount: k8s-risk-assessment-job-service-account
+{{- end }}  

k8s-risk-assessment-job/templates/serviceaccount.yaml → k8s-jobs/charts/k8s-risk-assessment-job/templates/serviceaccount.yaml

@@ -1,5 +1,7 @@
+{{- if .Values.accuknox.riskassessment.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: k8s-risk-assessment-job-service-account
   namespace: {{ .Release.Namespace }}
+{{- end }}  

k8s-risk-assessment-job/values.yaml → k8s-jobs/charts/k8s-risk-assessment-job/values.yaml

@@ -10,11 +10,5 @@ kubescape:
 replicaCount: 1
 
 accuknox:
-  authToken: "NO-TOKEN-SET"
-  URL: "cspm.demo.accuknox.com"
-  tenantID: ""
-  cronTab: "30 9 * * *"
-  clusterName: ""
-  clusterID: 0
-  label: ""
-  secretName: ""
+  riskassessment:
+    enabled: "false"

k8tls-job/templates/k8tls-cronjob.yaml → k8s-jobs/charts/k8tls-job/templates/k8tls-job.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.accuknox.k8tls.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -47,15 +48,17 @@ spec:
             resources: {}
             env:
               - name: URL
-                value: {{ .Values.accuknox.URL }}
+                value: {{ .Values.global.url }}
               - name: TENANT_ID
-                value: {{ .Values.accuknox.tenantID | quote }}
+                value: {{ .Values.global.tenantId | quote }}
               - name: AUTH_TOKEN
-                value: {{ .Values.accuknox.authToken }}
+                value: {{ .Values.global.authToken }}
               - name: CLUSTER_NAME
-                value: {{ if ne .Values.accuknox.clusterName "" }}{{ .Values.accuknox.clusterName }}{{ else }}{{ "default" }}{{ end }}
+                value: {{ if ne .Values.global.clusterName "" }}{{ .Values.global.clusterName }}{{ else }}{{ "default" }}{{ end }}
+              - name: CLUSTER_ID
+                value: {{ if ne .Values.global.clusterId "" }}{{ .Values.global.clusterId }}{{ else }}{{ "default" }}{{ end }}
               - name: LABEL_NAME
-                value: {{ if ne .Values.accuknox.label "" }}{{ .Values.accuknox.label }}{{ else }}{{ "default" }}{{ end }}
+                value: {{ if ne .Values.global.label "" }}{{ .Values.global.label }}{{ else }}{{ "default" }}{{ end }}
             volumeMounts:
               - mountPath: /data
                 name: datapath
@@ -75,6 +78,8 @@ spec:
             - name: datapath
               emptyDir: {}
 
-  schedule: "{{ .Values.accuknox.cronTab }}"
+  schedule: "{{ .Values.global.cronTab }}"
   successfulJobsHistoryLimit: 1
   failedJobsHistoryLimit: 1
+
+{{- end }}