Giter Site home page Giter Site logo

devopstoday11 / starboard-security-operator Goto Github PK

View Code? Open in Web Editor NEW

This project forked from aquasecurity/starboard-operator

0.0 2.0 0.0 61 KB

Keep Starboard resources updated

Home Page: https://github.com/aquasecurity/starboard

License: Apache License 2.0

Dockerfile 0.58% Makefile 1.78% Go 97.64%

starboard-security-operator's Introduction

starboard-security-operator

build

Getting Started

  1. Define custom security resources used by Starboard: 
    $ kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/master/kube/crd/vulnerabilities-crd.yaml \
  -f https://raw.githubusercontent.com/aquasecurity/starboard/master/kube/crd/configauditreports-crd.yaml \
  -f https://raw.githubusercontent.com/aquasecurity/starboard/master/kube/crd/ciskubebenchreports-crd.yaml \
  -f https://raw.githubusercontent.com/aquasecurity/starboard/master/kube/crd/kubehunterreports-crd.yaml
  2. Create a Secret that holds configuration of the Aqua CSP scanner: 
    $ kubectl create secret generic aqua-csp-vulnerability-scanner \
  --namespace starboard \
  --from-literal OPERATOR_SCANNER_AQUA_CSP_USER=$AQUA_CONSOLE_USERNAME \
  --from-literal OPERATOR_SCANNER_AQUA_CSP_PASSWORD=$AQUA_CONSOLE_PASSWORD \
  --from-literal OPERATOR_SCANNER_AQUA_CSP_VERSION=$AQUA_VERSION \
  --from-literal OPERATOR_SCANNER_AQUA_CSP_HOST=http://csp-console-svc.aqua:8080 \
  --from-literal OPERATOR_SCANNER_AQUA_CSP_REGISTRY_SERVER=$AQUA_REGISTRY_SERVER
  3. Create a Docker pull Secret to pull scannercli container image from the Aqua registry: 
    $ kubectl create secret docker-registry aqua-csp-registry-credentials \
  --namespace starboard \
  --docker-server=$AQUA_REGISTRY_SERVER \
  --docker-username=$AQUA_REGISTRY_USERNAME \
  --docker-password=$AQUA_REGISTRY_PASSWORD
  4. Create a Service Account used to run Aqua CSP scan Jobs: 
    $ kubectl apply -f kube/aqua-csp-vulnerability-scanner.yaml
  5. Create a Deployment for the Starboard Security Operator: 
    $ kubectl apply -f kube/starboard-security-operator.yaml

Configuration

Name Default Description
OPERATOR_STARBOARD_NAMESPACE starboard The default namespace for Starboard
OPERATOR_STARBOARD_DEFAULT_RESYNC 10m The default resync period for shared informers used by the operator
OPERATOR_SCANNER_TRIVY_ENABLED true The flag to enable Trivy vulnerability scanner
OPERATOR_SCANNER_TRIVY_VERSION 0.9.1 The version of Trivy to be used
OPERATOR_SCANNER_AQUA_CSP_ENABLED false The flag to enable Aqua CSP vulnerability scanner
OPERATOR_SCANNER_AQUA_CSP_VERSION 4.6 The version of Aqua CSP scannercli container image to be used
OPERATOR_SCANNER_AQUA_REGISTRY_SERVER aquasec.azurecr.io The name of Aqua registry server to pull the scannercli container image from

starboard-security-operator's People

Contributors

danielpacak avatar lizrice avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.