gitea-bot
7a96d06727
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2259 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
167 lines
6.6 KiB
YAML
167 lines
6.6 KiB
YAML
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.14.0
|
|
name: clusterconfigauditreports.aquasecurity.github.io
|
|
spec:
|
|
group: aquasecurity.github.io
|
|
names:
|
|
kind: ClusterConfigAuditReport
|
|
listKind: ClusterConfigAuditReportList
|
|
plural: clusterconfigauditreports
|
|
shortNames:
|
|
- clusterconfigaudit
|
|
singular: clusterconfigauditreport
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The name of the config audit scanner
|
|
jsonPath: .report.scanner.name
|
|
name: Scanner
|
|
type: string
|
|
- description: The age of the report
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- description: The number of failed checks with critical severity
|
|
jsonPath: .report.summary.criticalCount
|
|
name: Critical
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of failed checks with high severity
|
|
jsonPath: .report.summary.highCount
|
|
name: High
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of failed checks with medium severity
|
|
jsonPath: .report.summary.mediumCount
|
|
name: Medium
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of failed checks with low severity
|
|
jsonPath: .report.summary.lowCount
|
|
name: Low
|
|
priority: 1
|
|
type: integer
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: ClusterConfigAuditReport is a specification for the ClusterConfigAuditReport resource.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
report:
|
|
properties:
|
|
checks:
|
|
description: Checks provides results of conducting audit steps.
|
|
items:
|
|
description: Check provides the result of conducting a single audit step.
|
|
properties:
|
|
category:
|
|
type: string
|
|
checkID:
|
|
type: string
|
|
description:
|
|
type: string
|
|
messages:
|
|
items:
|
|
type: string
|
|
type: array
|
|
remediation:
|
|
description: Remediation provides description or links to external resources to remediate failing check.
|
|
type: string
|
|
scope:
|
|
description: Scope indicates the section of config that was audited.
|
|
properties:
|
|
type:
|
|
description: Type indicates type of this scope, e.g. Container, ConfigMapKey or JSONPath.
|
|
type: string
|
|
value:
|
|
description: Value indicates value of this scope that depends on Type, e.g. container name, ConfigMap key or JSONPath expression
|
|
type: string
|
|
required:
|
|
- type
|
|
- value
|
|
type: object
|
|
severity:
|
|
description: Severity level of a vulnerability or a configuration audit check.
|
|
type: string
|
|
success:
|
|
type: boolean
|
|
title:
|
|
type: string
|
|
required:
|
|
- checkID
|
|
- severity
|
|
- success
|
|
type: object
|
|
type: array
|
|
scanner:
|
|
description: Scanner is the spec for a scanner generating a security assessment report.
|
|
properties:
|
|
name:
|
|
description: Name the name of the scanner.
|
|
type: string
|
|
vendor:
|
|
description: Vendor the name of the vendor providing the scanner.
|
|
type: string
|
|
version:
|
|
description: Version the version of the scanner.
|
|
type: string
|
|
required:
|
|
- name
|
|
- vendor
|
|
- version
|
|
type: object
|
|
summary:
|
|
description: ConfigAuditSummary counts failed checks by severity.
|
|
properties:
|
|
criticalCount:
|
|
description: CriticalCount is the number of failed checks with critical severity.
|
|
type: integer
|
|
highCount:
|
|
description: HighCount is the number of failed checks with high severity.
|
|
type: integer
|
|
lowCount:
|
|
description: LowCount is the number of failed check with low severity.
|
|
type: integer
|
|
mediumCount:
|
|
description: MediumCount is the number of failed checks with medium severity.
|
|
type: integer
|
|
required:
|
|
- criticalCount
|
|
- highCount
|
|
- lowCount
|
|
- mediumCount
|
|
type: object
|
|
updateTimestamp:
|
|
format: date-time
|
|
type: string
|
|
required:
|
|
- checks
|
|
type: object
|
|
required:
|
|
- report
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
served: true
|
|
storage: true
|
|
subresources: {}
|