138 lines
4.8 KiB
YAML
138 lines
4.8 KiB
YAML
"debug":
|
|
"description": "Collect debug data"
|
|
"cis-benchmark":
|
|
"description": |
|
|
Run the CIS Kubernetes Benchmark against snap-based components.
|
|
"params":
|
|
"apply":
|
|
"type": "string"
|
|
"default": "none"
|
|
"description": |
|
|
Apply remediations to address benchmark failures. The default, 'none',
|
|
will not attempt to fix any reported failures. Set to 'conservative'
|
|
to resolve simple failures. Set to 'dangerous' to attempt to resolve
|
|
all failures.
|
|
|
|
Note: Applying any remediation may result in an unusable cluster.
|
|
"config":
|
|
"type": "string"
|
|
"default": "https://github.com/charmed-kubernetes/kube-bench-config/archive/cis-1.5.zip#sha1=811f21dbf6c841bafdbfbd8a21f912ad67582f46"
|
|
"description": |
|
|
Archive containing configuration files to use when running kube-bench.
|
|
The default value is known to be compatible with snap components. When
|
|
using a custom URL, append '#<hash_type>=<checksum>' to verify the
|
|
archive integrity when downloaded.
|
|
"release":
|
|
"type": "string"
|
|
"default": "https://github.com/aquasecurity/kube-bench/releases/download/v0.3.1/kube-bench_0.3.1_linux_amd64.tar.gz#sha256=6616f1373987259285e2f676a225d4a3885cd62b7e7a116102ff2fb445724281"
|
|
"description": |
|
|
Archive containing the 'kube-bench' binary to run. The default value
|
|
points to a stable upstream release. When using a custom URL, append
|
|
'#<hash_type>=<checksum>' to verify the archive integrity when
|
|
downloaded.
|
|
|
|
This may also be set to the special keyword 'upstream'. In this case,
|
|
the action will compile and use a local kube-bench binary built from
|
|
the master branch of the upstream repository:
|
|
https://github.com/aquasecurity/kube-bench
|
|
|
|
"restart":
|
|
"description": "Restart the Kubernetes master services on demand."
|
|
"create-rbd-pv":
|
|
"description": "Create RADOS Block Device (RDB) volume in Ceph and creates PersistentVolume.\
|
|
\ Note this is deprecated on Kubernetes >= 1.10 in favor of CSI, where PersistentVolumes\
|
|
\ are created dynamically to back PersistentVolumeClaims."
|
|
"params":
|
|
"name":
|
|
"type": "string"
|
|
"description": "Name the persistent volume."
|
|
"minLength": !!int "1"
|
|
"size":
|
|
"type": "integer"
|
|
"description": "Size in MB of the RBD volume."
|
|
"minimum": !!int "1"
|
|
"mode":
|
|
"type": "string"
|
|
"default": "ReadWriteOnce"
|
|
"description": "Access mode for the persistent volume."
|
|
"filesystem":
|
|
"type": "string"
|
|
"default": "xfs"
|
|
"description": "File system type to format the volume."
|
|
"skip-size-check":
|
|
"type": "boolean"
|
|
"default": !!bool "false"
|
|
"description": "Allow creation of overprovisioned RBD."
|
|
"required":
|
|
- "name"
|
|
- "size"
|
|
"namespace-list":
|
|
"description": "List existing k8s namespaces"
|
|
"namespace-create":
|
|
"description": "Create new namespace"
|
|
"params":
|
|
"name":
|
|
"type": "string"
|
|
"description": "Namespace name eg. staging"
|
|
"minLength": !!int "2"
|
|
"required":
|
|
- "name"
|
|
"namespace-delete":
|
|
"description": "Delete namespace"
|
|
"params":
|
|
"name":
|
|
"type": "string"
|
|
"description": "Namespace name eg. staging"
|
|
"minLength": !!int "2"
|
|
"required":
|
|
- "name"
|
|
"upgrade":
|
|
"description": "Upgrade the kubernetes snaps"
|
|
"params":
|
|
"fix-cluster-name":
|
|
"type": "boolean"
|
|
"default": !!bool "true"
|
|
"description": >-
|
|
If using the OpenStack cloud provider, whether to fix the cluster
|
|
name sent to it to include the cluster tag. This fixes an issue
|
|
with load balancers conflicting with other clusters in the same
|
|
project but will cause new load balancers to be created which will
|
|
require manual intervention to resolve.
|
|
"user-create":
|
|
"description": "Create a new user"
|
|
"params":
|
|
"name":
|
|
"type": "string"
|
|
"description": |
|
|
Username for the new user. This value must only contain alphanumeric
|
|
characters, ':', '@', '-' or '.'.
|
|
"minLength": !!int "2"
|
|
"groups":
|
|
"type": "string"
|
|
"description": |
|
|
Optional comma-separated list of groups eg. 'system:masters,managers'
|
|
"required":
|
|
- "name"
|
|
"user-delete":
|
|
"description": "Delete an existing user"
|
|
"params":
|
|
"name":
|
|
"type": "string"
|
|
"description": "Username of the user to delete"
|
|
"minLength": !!int "2"
|
|
"required":
|
|
- "name"
|
|
"user-list":
|
|
"description": "List existing users"
|
|
"get-kubeconfig":
|
|
"description": "Retrieve Kubernetes cluster config, including credentials"
|
|
"apply-manifest":
|
|
"description": "Apply JSON formatted Kubernetes manifest to cluster"
|
|
"params":
|
|
"json":
|
|
"type": "string"
|
|
"description": "The content of the manifest to deploy in JSON format"
|
|
"minLength": !!int "2"
|
|
"required":
|
|
- "json"
|