search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.65k stars 578 forks source link

pin image version #504

Closed rhtenhove closed 2 years ago

rhtenhove commented 2 years ago

Description

This pins the image version in the job manifest. Using this manifest directly (for example kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-hunter/v0.6.7/job.yaml) on a pinned version, will allow using that manifest without having to maintain your own, and allowing changes to this repo without breaking a pipeline.

For example, using the job manifest now will fail because of #502 , and there's no previous manifest to refer to.

Version tag discrepancy

I've also upped the semver tagging in the GitHub actions to coincide with the kube-bench format (as well as the format in the tags of this repo). Using the job manifest now will fail, as it first needs to publish with the new tag format.

This shouldn't impact any existing setups, as latest will stay as it is, and older tags will remain as they are.

Other

Also added label for the pod, and removed backofflimit to just use the default of 6. Cleaner and the same as kube-bench.

Contribution Guidelines

Please Read through the Contribution Guidelines.

Fixed Issues

Did not make an issue.

"BEFORE" and "AFTER" output

No terminal output changes

Contribution checklist

Notes

Please mention if you have not checked any of the above boxes.

CLAassistant commented 2 years ago

CLA assistant check
All committers have signed the CLA.

codecov[bot] commented 2 years ago

Codecov Report

Merging #504 (d4c040e) into main (9ce385a) will decrease coverage by 0.04%. The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #504      +/-   ##
==========================================
- Coverage   65.32%   65.28%   -0.05%     
==========================================
  Files          44       44              
  Lines        2457     2457              
==========================================
- Hits         1605     1604       -1     
- Misses        852      853       +1
Impacted Files Coverage Δ
kube_hunter/core/events/handler.py 86.66% <0.00%> (-0.61%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 9ce385a...d4c040e. Read the comment docs.

danielsagi commented 2 years ago

Hi @rhtenhove, That is a great and neat addition! Thanks