search

undistro / zora

Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks. By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.
https://getup.io/opensource/zora-oss
Apache License 2.0
284 stars 25 forks source link

warn about costly scan scheduling in Helm output #256

Closed matheusfm closed 6 months ago

matheusfm commented 6 months ago

Description

This PR includes a warning in the Helm output if a scan appears to be scheduled to run more frequently than the recommendation.

It also fixes the helm template for ClusterScans, checking the API Version before calling the lookup function.

How has this been tested?

Trying installing Zora with different schedules for each scan.

helm upgrade --install zora charts/zora/ -f /tmp/values.yaml -n zora-system --create-namespace

This is the values.yaml:

clusterName: kind
scan:
  # misconfiguration:
  vulnerability:
    # At every minute
    # schedule: "* * * * *"

    # At every minute on Wednesday
    # schedule: "* * * * 4"

    # At 00:00 on Wednesday (weekly)
    # schedule: "0 0 * * 4"

    # At 00:00 on day-of-month 1 (monthly)
    # schedule: "0 0 1 * *"

    # At every minute on day-of-month 1
    # schedule: "* * 1 * *"

    # Every hour at every 30th minute
    # schedule: "*/30 * * * *"

    # Every hour at every minute (range of values)
    # schedule: "0-59 * * * *"

    # Every hour at minute 15 and 45
    # schedule: "15,45 * * * *"

    # Every hour at minute 0
    # schedule: "0 * * * *"

    # At minute 0 past hour 12 and 18
    # schedule: "0 12,18 * * *"

    # At 10:00
    # schedule: "0 10 * * *"

    # Every hour at minute 0 on day-of-month 5
    schedule: "0 * 5 * *"

Unfortunately helm template does not render NOTES.txt (https://github.com/helm/helm/issues/6901)

Checklist