probr-pack-kubernetes

Probr Kubernetes Service Pack

The Probr Kubernetes Service pack provides a variety of provider-agnostic compliance checks.

Get the latest stable version here.

Click here to see the current state of the probes in this pack.

To Build from Source

The following will build a binary named "kubernetes":

git clone https://github.com/probr/probr-pack-kubernetes.git
cd probr-pack-kubernetes
make binary

Move the kubernetes binary into your probr service pack location (default is ${HOME}/probr/binaries)

Pre-Requisites

You will need:

1. Probr Core to execute this service pack.
2. A Kubernetes Cluster
3. An active kubeconfig against the cluster, that can deploy into the probe namespace (see config below. Default is probr-general-test-ns)

Configuration

Minimum configuration

The minimum required additions to your Probr runtime configuration is as follows:

Run:
  - "kubernetes"
ServicePacks:
  Kubernetes:
    AuthorisedContainerImage: "yourprivateregistry.io/citihub/probr-probe"

Full configuration

If you don't want to use the defaults you can add the following to your Probr config.yml:

Run:
  - "aks"
ServicePacks:
  Kubernetes:
    KubeConfig: "location of your kubeconfig if not the default"
    KubeContext: "specific kubecontext if not the current context"
    AuthorisedContainerImage: "yourprivateregistry.io/citihub/probr-probe"
    ProbeNamespace: "namespace Probr deploys into. Defaults to 'probr-general-test-ns'"
CloudProviders:
  Azure:
    TenantID: "UUID of your tenant"
    SubscriptionID: "UUID of your subscription"
    ClientID: "Client ID UUID of your service principle"
    ClientSecret: "Recommend leaving this blank and using envvar"

Running the Service Pack

If all of the instructions above have been followed, then you should be able to run ./probr and the service pack will run.