probr-pack-aks

command module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

README

Probr AKS Service Pack

The Probr AKS Service pack compliments the Kubernetes service pack with Azure Kubernetes Service (AKS)-specific compliance checks.

To Build

The following will build a binary named "aks":

git clone https://github.com/probr/probr-pack-aks.git
cd probr-pack-aks
make binary

Move the aks binary into your probr service pack location (default is ${HOME}/probr/binaries)

Pre-Requisites

You will need

  1. Probr Core (https://github.com/probr/probr-core)
  2. An AKS Cluster
  3. An active kubeconfig against the cluster, that can deploy into the probe namespace (see config below. Default is probr-general-test-ns)
  4. A service principle that has the "Reader" Azure role on the cluster
  5. For the IAM probes, you will need:
  • Managed Pod Identity to be configured in your cluster
  • An AzureIdentity called probr-ai and an AzureIdentityBinding called probr-aib to be deployed in the default namespace (or the namespace configured in the runtime config, see below).

Configuration

Minimum configuration

The minimum required additions to your Probr runtime configuration is as follows:

Run:
  - "aks"
ServicePacks:
  Kubernetes:
    AuthorisedContainerImage: "yourprivateregistry.io/probr/probr-probe"
  AKS:
    ClusterName: "your-clustername-here"
    ResourceGroupName: "your-resource-group-name-here"      
    CloudProviders:
      Azure:
        TenantID: "UUID of your tenant"
        SubscriptionID: "UUID of your subscription"
        ClientID: "Client ID UUID of your service principle"
        ClientSecret: "Recommend leaving this blank and using envvar"

We recommend not storing the ClientSecret in the config.yml, instead use the PROBR_AZURE_CLIENT_SECRET environment variable.

Full configuration

If you don't want to use the defaults you can add the following to your Probr config.yml:

Run:
  - "aks"
ServicePacks:
  Kubernetes:
    KubeConfig: "location of your kubeconfig if not the default"
    KubeContext: "specific kubecontext if not the current context"
    AuthorisedContainerImage: "yourprivateregistry.io/probr/probr-probe"
    ProbeNamespace: "namespace Probr deploys into. Defaults to 'probr-general-test-ns'"
  AKS:
    ClusterName: "your-clustername-here"
    ResourceGroupName: "your-resource-group-name-here"
    ManagedPodIdentity:
      DefaultAzureIdentityNamespace: "Namespace where the probr-ai and probr-aib live for cross-namespace identity tests. Defaults to 'default'"
      IdentityPodNamespace: "namespace where the MIC and NMI pods live. Defaults to 'kube-system'"
CloudProviders:
  Azure:
    TenantID: "UUID of your tenant"
    SubscriptionID: "UUID of your subscription"
    ClientID: "Client ID UUID of your service principle"
    ClientSecret: "Recommend leaving this blank and using envvar"

Running the Service Pack

If all of the instructions above have been followed, then you should be able to run ./probr and the service pack will run.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
azure/aks
azure/kubernetes/encryption-at-rest
azure/kubernetes/iam
Package iam provides the implementation required to execute the BDD tests described in iam.feature file
 Package iam provides the implementation required to execute the BDD tests described in iam.feature file
azure/networking
common
config
summary

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.