Merge pull request #43 from nyrahul/main

allowing jobs to be deployed in different namespaces, save to s3
accuknox · Sep 19, 2024 · 7f76c9e · 7f76c9e
2 parents 9498d47 + c665bf1
commit 7f76c9e
Show file tree

Hide file tree

Showing 10 changed files with 15 additions and 15 deletions.
diff --git a/cis-k8s-job/README.md b/cis-k8s-job/README.md
@@ -64,7 +64,7 @@ cat <<<$(jq '. += {
 
  - Sending output file to AccuKnox SaaS
 ```sh
-curl --location --request POST 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=$tenantId&data_type=KB&save_to_s3=false' --header 'Tenant-Id: $tenantId' --header "Authorization: Bearer $token" --form 'file=@"./results.json"'
+curl --location --request POST 'https://cspm.demo.accuknox.com/api/v1/artifact/?tenant_id=$tenantId&data_type=KB&save_to_s3=true' --header 'Tenant-Id: $tenantId' --header "Authorization: Bearer $token" --form 'file=@"./results.json"'
 ```
 > Replace value of `$tenantId` from AccuKnox Tenant ID & `$token` from AccuKnox Token
 

diff --git a/k8s-risk-assessment-job/templates/clusterrole.yaml b/k8s-risk-assessment-job/templates/clusterrole.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: k8s-risk-assessment-job-clusterrole
+  name: {{ .Release.Namespace }}-k8s-assessment-crole
 rules:
   - apiGroups:
       - ''

diff --git a/k8s-risk-assessment-job/templates/clusterrolebinding.yaml b/k8s-risk-assessment-job/templates/clusterrolebinding.yaml
@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: k8s-risk-assessment-job-clusterrole-binding
+  name: {{ .Release.Namespace }}-k8s-assessment-crb
 subjects:
 - namespace: {{ .Release.Namespace }}
   kind: ServiceAccount
   name: k8s-risk-assessment-job-service-account
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: k8s-risk-assessment-job-clusterrole
+  name: {{ .Release.Namespace }}-k8s-assessment-crole
diff --git a/k8s-risk-assessment-job/templates/configmap.yaml b/k8s-risk-assessment-job/templates/configmap.yaml
@@ -37,4 +37,4 @@ data:
     --header "Authorization: Bearer ${AUTH_TOKEN}" \
     --header "Tenant-Id: ${TENANT_ID}" \
     --form "file=@\"/data/report.json\"" \
-    "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=false&label_id=${LABEL_NAME}"
+    "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KS&save_to_s3=true&label_id=${LABEL_NAME}"
diff --git a/k8tls-job/templates/k8tls-cronjob.yaml b/k8tls-job/templates/k8tls-cronjob.yaml
@@ -7,7 +7,7 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: k8tls-cr
+  name: {{ .Release.Namespace }}-k8tls-cr
 rules:
 - apiGroups: [""]
   resources: ["services"]
@@ -16,11 +16,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: k8tls-crb
+  name: {{ .Release.Namespace }}-k8tls-crb
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: k8tls-cr
+  name: {{ .Release.Namespace }}-k8tls-cr
 subjects:
 - kind: ServiceAccount
   name: k8tls-serviceact
@@ -42,7 +42,7 @@ spec:
           containers:
           - image: accuknox/accuknox-job:latest
             command: ["/bin/sh", "-c"]
-            args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
+            args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
             name: k8tls-job
             resources: {}
             env:

diff --git a/k8tls-job/templates/k8tls-job.yaml b/k8tls-job/templates/k8tls-job.yaml
@@ -12,7 +12,7 @@ spec:
       containers:
       - image: accuknox/accuknox-job:latest
         command: ["/bin/sh", "-c"]
-        args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=false" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
+        args: ['curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=K8TLS&save_to_s3=true" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\"" && cat /data/report.json']
         name: k8tls-job
         resources: {}
         env:

diff --git a/kiem-job/templates/deployment.yaml b/kiem-job/templates/deployment.yaml
@@ -26,7 +26,7 @@ spec:
                   mountPath: /data
           containers:
             - image: accuknox/accuknox-job:latest
-              command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
+              command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=true&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
               name: accuknox-kiem-cronjob
               resources: {}
               env:

diff --git a/kiem-job/templates/job.yaml b/kiem-job/templates/job.yaml
@@ -21,7 +21,7 @@ spec:
               mountPath: /data
       containers:
         - image: accuknox/accuknox-job:latest
-          command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=false&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
+          command: ['sh', '-c', 'curl --location --request POST "https://${URL}/api/v1/artifact/?tenant_id=${TENANT_ID}&data_type=KIEM&save_to_s3=true&label_id=${LABEL_NAME}" --header "Tenant-Id: ${TENANT_ID}" --header "Authorization: Bearer ${AUTH_TOKEN}" --form "file=@\"/data/report.json\""']
           name: accuknox-kiem-job
           resources: {}
           env:

diff --git a/kiem-job/templates/role.yaml b/kiem-job/templates/role.yaml
@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: kiem-cluster-role
+  name: {{ .Release.Namespace }}-kiem-cluster-role
 rules:
   - apiGroups:
         - ""

diff --git a/kiem-job/templates/rolebinding.yaml b/kiem-job/templates/rolebinding.yaml
@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: api-cluster-role-binding
+  name: {{ .Release.Namespace }}-api-cluster-role-binding
 subjects:
 - namespace: {{ .Release.Namespace }} 
   kind: ServiceAccount
   name: kiem-service-account 
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: kiem-cluster-role
+  name: {{ .Release.Namespace }}-kiem-cluster-role