Add security docker for functest-kubernetes

run kube-hunter and kube-bench cases dealing with security in kubernetes (check vulnerabilities) [1][2] It's the first step only printing the output. [1]: https://github.com/aquasecurity/kube-bench [2]: https://github.com/aquasecurity/kube-hunter Co-Authored-By: Cédric Ollivier <cedric.ollivier@orange.com> Change-Id: I3bd9bda80046ef7a0c494d51dfb0b8cbfea02bb0 Signed-off-by: mrichomme <morgan.richomme@orange.com> (cherry picked from commit 98d9f93337ab514fa9aafc1cd1e87473de68b364) (cherry picked from commit 0626f54b8686134515eab3b9014c5b538405d84f) (cherry picked from commit a7191389900b58f50e428af47e6819f30ba07d8f)
author: mrichomme <morgan.richomme@orange.com> 2020-02-10 17:49:43 +0100
committer: Cédric Ollivier <cedric.ollivier@orange.com> 2020-07-01 23:05:41 +0200
commit: 5d10d8e987e102a84699b8d8c16fbd7d6c04272f (patch)
tree: ac04f84ddfd596b65ebdddcb01d4e0026d2be988 /docker
parent: 39f68c9425a806cbfef863db29d8cb1a0cefed84 (diff)
3 files changed, 34 insertions, 2 deletions
diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile
index 760d6148..f51d8901 100644
--- a/docker/core/Dockerfile
+++ b/docker/core/Dockerfile
@@ -4,9 +4,9 @@ ARG BRANCH=stable/hunter
 ARG OPENSTACK_TAG=stable/rocky
 ARG OPNFV_TAG=stable/hunter
 
-RUN apk --no-cache add --update python py-pip bash git grep mailcap && \
+RUN apk --no-cache add --update python py-pip bash git grep libffi openssl mailcap && \
     apk --no-cache add --virtual .build-deps --update \
-        python-dev build-base && \
+        python-dev build-base libffi-dev openssl-dev && \
     git init /src/functest-kubernetes && \
     (cd /src/functest-kubernetes && \
         git fetch --tags https://gerrit.opnfv.org/gerrit/functest-kubernetes $BRANCH && \
diff --git a/docker/security/Dockerfile b/docker/security/Dockerfile
new file mode 100644
index 00000000..92953e07
--- /dev/null
+++ b/docker/security/Dockerfile
@@ -0,0 +1,3 @@
+FROM opnfv/functest-kubernetes-core:hunter
+
+COPY testcases.yaml /usr/lib/python2.7/site-packages/xtesting/ci/testcases.yaml
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
new file mode 100644
index 00000000..55c0b3be
--- /dev/null
+++ b/docker/security/testcases.yaml
@@ -0,0 +1,29 @@
+---
+tiers:
+    -
+        name: security
+        order: 1
+        ci_loop: '(daily)|(weekly)'
+        description: >-
+            Set of basic security tests.
+        testcases:
+            -
+                case_name: kube_hunter
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check that the kubernetes cluster has no known
+                    vulnerabilities
+                run:
+                    name: 'kube_hunter'
+            -
+                case_name: kube_bench
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check that the kubernetes cluster has no known
+                    vulnerabilities
+                run:
+                    name: 'kube_bench'
author	mrichomme <morgan.richomme@orange.com>	2020-02-10 17:49:43 +0100
committer	Cédric Ollivier <cedric.ollivier@orange.com>	2020-07-01 23:05:41 +0200
commit	5d10d8e987e102a84699b8d8c16fbd7d6c04272f (patch)
tree	ac04f84ddfd596b65ebdddcb01d4e0026d2be988 /docker
parent	39f68c9425a806cbfef863db29d8cb1a0cefed84 (diff)