Skip to content
This repository has been archived by the owner on Mar 16, 2020. It is now read-only.

Use kube-bench to audit kubernetes configuration #6

Open
v1r7u opened this issue Dec 10, 2019 · 0 comments
Open

Use kube-bench to audit kubernetes configuration #6

v1r7u opened this issue Dec 10, 2019 · 0 comments
Labels
enhancement New feature or request
Milestone
Iteration 1

Comments

@v1r7u
Copy link
Contributor

v1r7u commented Dec 10, 2019
edited
Loading

The initial solution should consist of two parts:

  • scheduled job, which can run kube-bench and store raw result in configured blob-storage
  • GET /api/kube/{kube-cluster-id}/bench HTTP endpoint to get latest results from blob for particular cluster, normalize and return a summary object with array of check-results

The job should run in k8s cluster. Required scripts, code, and configuration to execute it should be located at this repo in /scanners/kube-bench folder.

Blob Storage files structure should follow:

/
|-kube-bench_{kube-cluster-id}
.   |-metadata
.   |-results
.      |-{year}_{month}_{date}_{hours}_{minutes}_{seconds}.json
.      |-...
|-kube-bench_{kube-cluster-id}
.   |-metadata
    |-...

metadata - json file, which has technical information about the task, like last_executed_at, scheduled_periodicity, and others.

For the first iteration, credentials to get access to the blob storage are provided through env-vars
@v1r7u v1r7u added the enhancement New feature or request label Dec 10, 2019
@v1r7u v1r7u added this to the Iteration 1 milestone Dec 10, 2019
@v1r7u v1r7u changed the title HTTP interfaces to control kube-bench audits Use kube-bench to audit kubernetes configuration Dec 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Iteration 1
Development

No branches or pull requests
1 participant
@v1r7u