Open rhmdnd opened 2 years ago
I have two proposals up for review. Both fall inline with the third solution:
https://github.com/ComplianceAsCode/content/pull/8189 https://github.com/ComplianceAsCode/content/pull/8195
The second PR is simpler since it's just a rename.
Description of problem:
OpenShift was the first kubernetes distribution with content in this repository. As a result, many of the rules and rule groups in
applications/openshift
are OpenShift-specific.Now that we are adding content for other distributions, we should find a way to organize the content so it's platform agnostic. This makes it easier to use the content for EKS, ASK, OpenShift, and vanilla kubernetes.
Ideally, it would be great to:
1.) Reuse as many existing rules as we can 2.) Have content to be specific to the benchmark in question (content shouldn’t bleed details about irrelevant distributions when in use) 3.) Easily navigate content
Potential solutions:
Group rules by distribution
The layout would adhere to the following convention, where groups could be nested as needed:
applications/kubernetes/{distribution}/{group}/{rule}
Examples of the directory structure, omitting rules and only focusing on layout:
applications/kubernetes/
- contains all common rules for kubernetesapplications/kubernetes/eks/
- contains rules specific to EKSapplications/kubernetes/aks/
- contains rules specific to AKSapplications/kubernetes/openshift/
- contains rules specific to OpenShiftapplications/kubernetes/eks/logging/
- contains rules specific to EKS loggingapplications/kubernetes/openshift/logging/
- contains rules specific to OpenShift loggingBenefits
Drawbacks
logging/
for one distribution and not anotherGroup rules by component subsystem
The layout would adhere to the following convention:
applications/kubernetes/{group}/{distribution}/{rule}
Examples of the directory structure, omitting rules and only focusing on layout:
applications/kubernetes/
- contains all common rules for kubernetesapplications/kubernetes/logging/
- contains rules specific to loggingapplications/kubernetes/worker/
- contains rules specific to worker nodesapplications/kubernetes/logging/eks/
- contains rules specific to EKS loggingapplications/kubernetes/logging/openshift/
- contains rules specific to OpenShift loggingapplications/kubernetes/worker/openshift/
- contains rules specific to OpenShift workersBenefits
linux_os
Drawbacks
Parameterize rules
The layout would adhere to the following convention, where groups are optional:
applications/kubernetes/{group}/{rule}
Examples of the directory structure, omitting rules and only focusing on layout:
applications/kubernetes/
- contains all common rules for kubernetesapplications/kubernetes/logging/
- contains rules specific to loggingapplications/kubernetes/worker/
- contains rules specific to worker nodesBenefits
openshift
forkubernetes
in the application pathDrawbacks