aboutsummaryrefslogtreecommitdiffstats
path: root/docker/security
diff options
context:
space:
mode:
authormrichomme <morgan.richomme@orange.com>2020-02-10 17:49:43 +0100
committerCédric Ollivier <cedric.ollivier@orange.com>2020-07-02 09:37:40 +0200
commitea4ae5de28b08d5be02425e6ef14c2c68444cbfa (patch)
tree66259ae4f98cda60cf0d0e3504ede3f7cd7d9555 /docker/security
parent5169cd72511838af0cedd9ce6b5c3baba45d8f6c (diff)
Add security docker for functest-kubernetes
run kube-hunter and kube-bench cases dealing with security in kubernetes (check vulnerabilities) [1][2] It's the first step only printing the output. [1]: https://github.com/aquasecurity/kube-bench [2]: https://github.com/aquasecurity/kube-hunter Co-Authored-By: Cédric Ollivier <cedric.ollivier@orange.com> Change-Id: I3bd9bda80046ef7a0c494d51dfb0b8cbfea02bb0 Signed-off-by: mrichomme <morgan.richomme@orange.com> (cherry picked from commit 98d9f93337ab514fa9aafc1cd1e87473de68b364) (cherry picked from commit 0626f54b8686134515eab3b9014c5b538405d84f)
Diffstat (limited to 'docker/security')
-rw-r--r--docker/security/Dockerfile3
-rw-r--r--docker/security/testcases.yaml29
2 files changed, 32 insertions, 0 deletions
diff --git a/docker/security/Dockerfile b/docker/security/Dockerfile
new file mode 100644
index 00000000..8cd30169
--- /dev/null
+++ b/docker/security/Dockerfile
@@ -0,0 +1,3 @@
+FROM opnfv/functest-kubernetes-core:iruya
+
+COPY testcases.yaml /usr/lib/python3.6/site-packages/xtesting/ci/testcases.yaml
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
new file mode 100644
index 00000000..55c0b3be
--- /dev/null
+++ b/docker/security/testcases.yaml
@@ -0,0 +1,29 @@
+---
+tiers:
+ -
+ name: security
+ order: 1
+ ci_loop: '(daily)|(weekly)'
+ description: >-
+ Set of basic security tests.
+ testcases:
+ -
+ case_name: kube_hunter
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ Check that the kubernetes cluster has no known
+ vulnerabilities
+ run:
+ name: 'kube_hunter'
+ -
+ case_name: kube_bench
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ Check that the kubernetes cluster has no known
+ vulnerabilities
+ run:
+ name: 'kube_bench'