forked from aquasecurity/starboard
-
Notifications
You must be signed in to change notification settings - Fork 0
/
clustercompliancereports.crd.yaml
137 lines (137 loc) · 5.04 KB
/
clustercompliancereports.crd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clustercompliancereports.aquasecurity.github.io
labels:
app.kubernetes.io/managed-by: starboard
app.kubernetes.io/version: "0.15.4"
spec:
group: aquasecurity.github.io
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
type: date
name: Age
description: The age of the report
- jsonPath: .status.summary.failCount
type: integer
name: Fail
priority: 1
description: The number of checks that failed with Danger status
- jsonPath: .status.summary.passCount
type: integer
name: Pass
priority: 1
description: The number of checks that passed
schema:
openAPIV3Schema:
type: object
required:
- apiVersion
- kind
- metadata
- spec
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
required:
- name
- description
- version
- cron
- controls
properties:
name:
type: string
description:
type: string
version:
type: string
cron:
type: string
pattern: '^(((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec)) ((([\*]{1}){1})|((\*\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$'
description: 'cron define the intervals for report generation'
controls:
type: array
items:
type: object
required:
- name
- id
- kinds
- mapping
- severity
properties:
name:
type: string
description:
type: string
id:
type: string
description: 'id define the control check id'
kinds:
type: array
items:
type: string
description: 'kinds define the list of kinds control check apply on , example: Node,Workload '
mapping:
type: object
required:
- scanner
- checks
properties:
scanner:
type: string
pattern: '^config-audit$|^kube-bench$'
description: 'scanner define the name of the scanner which produce data, currently only config-audit and kube-bench are supported'
checks:
type: array
items:
type: object
required:
- id
properties:
id:
type: string
description: 'id define the check id as produced by scanner'
severity:
type: string
description: 'define the severity of the control'
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
- UNKNOWN
defaultStatus:
type: string
description: 'define the default value for check status in case resource not found'
enum:
- PASS
- WARN
- FAIL
status:
x-kubernetes-preserve-unknown-fields: true
type: object
subresources:
# status enables the status subresource.
status: { }
names:
singular: clustercompliancereport
plural: clustercompliancereports
kind: ClusterComplianceReport
listKind: ClusterComplianceReportList
categories: [ ]
shortNames:
- compliance