Add security docker for functest-kubernetes

run kube-hunter and kube-bench cases dealing with security in kubernetes (check
vulnerabilities) [1][2]

It's the first step only printing the output.

[1]: https://github.com/aquasecurity/kube-bench
[2]: https://github.com/aquasecurity/kube-hunter

Co-Authored-By: Cédric Ollivier <cedric.ollivier@orange.com>
Change-Id: I3bd9bda80046ef7a0c494d51dfb0b8cbfea02bb0
Signed-off-by: mrichomme <morgan.richomme@orange.com>
(cherry picked from commit 98d9f93337ab514fa9aafc1cd1e87473de68b364)

2 files changed, 32 insertions, 0 deletions

diff --git a/docker/security/Dockerfile b/docker/security/Dockerfile
new file mode 100644
index 00000000..9bf6383b
--- /dev/null
+++ b/docker/security/Dockerfile
@@ -0,0 +1,3 @@
+FROM opnfv/functest-kubernetes-core:jerma
+
+COPY testcases.yaml /usr/lib/python3.7/site-packages/xtesting/ci/testcases.yaml
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
new file mode 100644
index 00000000..55c0b3be
--- /dev/null
+++ b/docker/security/testcases.yaml
@@ -0,0 +1,29 @@
+---
+tiers:
+    -
+        name: security
+        order: 1
+        ci_loop: '(daily)|(weekly)'
+        description: >-
+            Set of basic security tests.
+        testcases:
+            -
+                case_name: kube_hunter
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check that the kubernetes cluster has no known
+                    vulnerabilities
+                run:
+                    name: 'kube_hunter'
+            -
+                case_name: kube_bench
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check that the kubernetes cluster has no known
+                    vulnerabilities
+                run:
+                    name: 'kube_bench'