The Probr Kubernetes Service pack provides a variety of provider-agnostic compliance checks.
Get the latest stable version here.
Click here to see the current state of the probes in this pack.
The following will build a binary named "kubernetes":
git clone https://github.com/probr/probr-pack-kubernetes.git
cd probr-pack-kubernetes
make binary
Move the kubernetes
binary into your probr service pack location (default is ${HOME}/probr/binaries
)
You will need:
- Probr Core to execute this service pack.
- A Kubernetes Cluster
- An active kubeconfig against the cluster, that can deploy into the probe namespace (see config below. Default is probr-general-test-ns)
The minimum required additions to your Probr runtime configuration is as follows:
Run:
- "kubernetes"
ServicePacks:
Kubernetes:
AuthorisedContainerImage: "yourprivateregistry.io/citihub/probr-probe"
If you don't want to use the defaults you can add the following to your Probr config.yml:
Run:
- "aks"
ServicePacks:
Kubernetes:
KubeConfig: "location of your kubeconfig if not the default"
KubeContext: "specific kubecontext if not the current context"
AuthorisedContainerImage: "yourprivateregistry.io/citihub/probr-probe"
ProbeNamespace: "namespace Probr deploys into. Defaults to 'probr-general-test-ns'"
CloudProviders:
Azure:
TenantID: "UUID of your tenant"
SubscriptionID: "UUID of your subscription"
ClientID: "Client ID UUID of your service principle"
ClientSecret: "Recommend leaving this blank and using envvar"
If all of the instructions above have been followed, then you should be able to run ./probr
and the service pack will run.