100 lines
3.7 KiB
YAML
100 lines
3.7 KiB
YAML
"cis-benchmark":
|
|
"description": |
|
|
Run the CIS Kubernetes Benchmark against snap-based components.
|
|
"params":
|
|
"apply":
|
|
"type": "string"
|
|
"default": "none"
|
|
"description": |
|
|
Apply remediations to address benchmark failures. The default, 'none',
|
|
will not attempt to fix any reported failures. Set to 'conservative'
|
|
to resolve simple failures. Set to 'dangerous' to attempt to resolve
|
|
all failures.
|
|
|
|
Note: Applying any remediation may result in an unusable cluster.
|
|
"config":
|
|
"type": "string"
|
|
"default": "https://github.com/charmed-kubernetes/kube-bench-config/archive/cis-1.5.zip#sha1=811f21dbf6c841bafdbfbd8a21f912ad67582f46"
|
|
"description": |
|
|
Archive containing configuration files to use when running kube-bench.
|
|
The default value is known to be compatible with snap components. When
|
|
using a custom URL, append '#<hash_type>=<checksum>' to verify the
|
|
archive integrity when downloaded.
|
|
"release":
|
|
"type": "string"
|
|
"default": "https://github.com/aquasecurity/kube-bench/releases/download/v0.3.1/kube-bench_0.3.1_linux_amd64.tar.gz#sha256=6616f1373987259285e2f676a225d4a3885cd62b7e7a116102ff2fb445724281"
|
|
"description": |
|
|
Archive containing the 'kube-bench' binary to run. The default value
|
|
points to a stable upstream release. When using a custom URL, append
|
|
'#<hash_type>=<checksum>' to verify the archive integrity when
|
|
downloaded.
|
|
|
|
This may also be set to the special keyword 'upstream'. In this case,
|
|
the action will compile and use a local kube-bench binary built from
|
|
the master branch of the upstream repository:
|
|
https://github.com/aquasecurity/kube-bench
|
|
|
|
"debug":
|
|
"description": "Collect debug data"
|
|
"alarm-disarm":
|
|
"description": |
|
|
Disarm all alarms.
|
|
"alarm-list":
|
|
"description": |
|
|
List all alarms.
|
|
"compact":
|
|
"description": |
|
|
Compact etcd event history.
|
|
"params":
|
|
"revision":
|
|
"type": "string"
|
|
"default": ""
|
|
"description": |
|
|
Revision to compact to. Leave blank to compact to the latest revision.
|
|
"physical":
|
|
"type": "boolean"
|
|
"default": !!bool "false"
|
|
"description": |
|
|
Setting to True will cause the compaction process to exit only after
|
|
all revisions have been physically removed from the database.
|
|
"defrag":
|
|
"description": |
|
|
Defragment the storage of the local etcd member.
|
|
"health":
|
|
"description": "Report the health of the cluster."
|
|
"package-client-credentials":
|
|
"description": |
|
|
Generate a tarball of the client certificates to connect to the cluster
|
|
remotely.
|
|
"snap-upgrade":
|
|
"description": |
|
|
Execute a migration from the apt package to a snap package format.
|
|
"params":
|
|
"use-resource":
|
|
"type": "boolean"
|
|
"default": !!bool "false"
|
|
"description": "Default to using the resource (offline environments)"
|
|
"snapshot":
|
|
"description": "Export and compress a backup of the data in the Etcd cluster."
|
|
"params":
|
|
"target":
|
|
"type": "string"
|
|
"default": "/home/ubuntu/etcd-snapshots"
|
|
"description": "Location to save the etcd snapshot."
|
|
"keys-version":
|
|
"type": "string"
|
|
"default": "v3"
|
|
"description": "Version of keys to snapshoot. Allowed values 'v3' or 'v2'."
|
|
"restore":
|
|
"description": "Restore an etcd cluster's data from a snapshot tarball."
|
|
"params":
|
|
"target":
|
|
"type": "string"
|
|
"default": "/home/ubuntu"
|
|
"description": "Path on disk to save any pre-existing data."
|
|
"skip-backup":
|
|
"type": "boolean"
|
|
"default": !!bool "true"
|
|
"description": |
|
|
Dont backup any existing data, and skip directly to data restoration.
|