From 0626f54b8686134515eab3b9014c5b538405d84f Mon Sep 17 00:00:00 2001 From: mrichomme Date: Mon, 10 Feb 2020 17:49:43 +0100 Subject: Add security docker for functest-kubernetes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit run kube-hunter and kube-bench cases dealing with security in kubernetes (check vulnerabilities) [1][2] It's the first step only printing the output. [1]: https://github.com/aquasecurity/kube-bench [2]: https://github.com/aquasecurity/kube-hunter Co-Authored-By: Cédric Ollivier Change-Id: I3bd9bda80046ef7a0c494d51dfb0b8cbfea02bb0 Signed-off-by: mrichomme (cherry picked from commit 98d9f93337ab514fa9aafc1cd1e87473de68b364) --- docker/security/Dockerfile | 3 +++ docker/security/testcases.yaml | 29 +++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 docker/security/Dockerfile create mode 100644 docker/security/testcases.yaml (limited to 'docker') diff --git a/docker/security/Dockerfile b/docker/security/Dockerfile new file mode 100644 index 00000000..9bf6383b --- /dev/null +++ b/docker/security/Dockerfile @@ -0,0 +1,3 @@ +FROM opnfv/functest-kubernetes-core:jerma + +COPY testcases.yaml /usr/lib/python3.7/site-packages/xtesting/ci/testcases.yaml diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml new file mode 100644 index 00000000..55c0b3be --- /dev/null +++ b/docker/security/testcases.yaml @@ -0,0 +1,29 @@ +--- +tiers: + - + name: security + order: 1 + ci_loop: '(daily)|(weekly)' + description: >- + Set of basic security tests. + testcases: + - + case_name: kube_hunter + project_name: security + criteria: 100 + blocking: false + description: >- + Check that the kubernetes cluster has no known + vulnerabilities + run: + name: 'kube_hunter' + - + case_name: kube_bench + project_name: security + criteria: 100 + blocking: false + description: >- + Check that the kubernetes cluster has no known + vulnerabilities + run: + name: 'kube_bench' -- cgit 1.2.3-korg