76 lines
3.0 KiB
YAML
76 lines
3.0 KiB
YAML
"debug":
|
|
"description": "Collect debug data"
|
|
"cis-benchmark":
|
|
"description": |
|
|
Run the CIS Kubernetes Benchmark against snap-based components.
|
|
"params":
|
|
"apply":
|
|
"type": "string"
|
|
"default": "none"
|
|
"description": |
|
|
Apply remediations to address benchmark failures. The default, 'none',
|
|
will not attempt to fix any reported failures. Set to 'conservative'
|
|
to resolve simple failures. Set to 'dangerous' to attempt to resolve
|
|
all failures.
|
|
|
|
Note: Applying any remediation may result in an unusable cluster.
|
|
"config":
|
|
"type": "string"
|
|
"default": "https://github.com/charmed-kubernetes/kube-bench-config/archive/cis-1.5.zip#sha1=811f21dbf6c841bafdbfbd8a21f912ad67582f46"
|
|
"description": |
|
|
Archive containing configuration files to use when running kube-bench.
|
|
The default value is known to be compatible with snap components. When
|
|
using a custom URL, append '#<hash_type>=<checksum>' to verify the
|
|
archive integrity when downloaded.
|
|
"release":
|
|
"type": "string"
|
|
"default": "https://github.com/aquasecurity/kube-bench/releases/download/v0.3.1/kube-bench_0.3.1_linux_amd64.tar.gz#sha256=6616f1373987259285e2f676a225d4a3885cd62b7e7a116102ff2fb445724281"
|
|
"description": |
|
|
Archive containing the 'kube-bench' binary to run. The default value
|
|
points to a stable upstream release. When using a custom URL, append
|
|
'#<hash_type>=<checksum>' to verify the archive integrity when
|
|
downloaded.
|
|
|
|
This may also be set to the special keyword 'upstream'. In this case,
|
|
the action will compile and use a local kube-bench binary built from
|
|
the master branch of the upstream repository:
|
|
https://github.com/aquasecurity/kube-bench
|
|
|
|
"pause":
|
|
"description": |
|
|
Mark the node as unschedulable to prevent new pods from arriving, and
|
|
evict existing pods.
|
|
"params":
|
|
"delete-local-data":
|
|
"type": "boolean"
|
|
"description": |
|
|
Continue even if there are pods using emptyDir (local data that will
|
|
be deleted when the node is drained).
|
|
"default": !!bool "false"
|
|
"force":
|
|
"type": "boolean"
|
|
"description": |
|
|
Continue even if there are pods not managed by a
|
|
ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet.
|
|
"default": !!bool "false"
|
|
"resume":
|
|
"description": |
|
|
Mark node as schedulable.
|
|
"microbot":
|
|
"description": "Launch microbot containers"
|
|
"params":
|
|
"delete":
|
|
"type": "boolean"
|
|
"default": !!bool "false"
|
|
"description": "Remove a microbots deployment, service, and ingress if True."
|
|
"registry":
|
|
"type": "string"
|
|
"default": "rocks.canonical.com:443/cdk"
|
|
"description": "Registry to use for the microbot image."
|
|
"replicas":
|
|
"type": "integer"
|
|
"default": !!int "3"
|
|
"description": "Number of microbots to launch in Kubernetes."
|
|
"upgrade":
|
|
"description": "Upgrade the kubernetes snaps"
|