starboard-operator

module

v0.0.1-alpha.5 Latest Latest Go to latest Published: Sep 24, 2020 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/starboard-operator

README ¶

starboard-operator

This operator for Starboard automatically updates security report resources in response to workload and other changes on a Kubernetes cluster - for example, initiating a vulnerability scan when a new pod is started. Please see the main Starboard repo for more info about the Starboard project.

Configuration

Configuration of the operator is done via environment variables at startup.

NAME	DEFAULT	DESCRIPTION
`OPERATOR_NAMESPACE`	N/A	See Install modes
`OPERATOR_TARGET_NAMESPACES`	N/A	See Install modes
`OPERATOR_SCAN_JOB_TIMEOUT`	`5m`	The length of time to wait before giving up on a scan job
`OPERATOR_SCANNER_TRIVY_ENABLED`	`true`	The flag to enable Trivy vulnerability scanner
`OPERATOR_SCANNER_TRIVY_VERSION`	`0.11.0`	The version of Trivy to be used
`OPERATOR_SCANNER_AQUA_CSP_ENABLED`	`false`	The flag to enable Aqua CSP vulnerability scanner
`OPERATOR_SCANNER_AQUA_CSP_VERSION`	`5.0`	The version of Aqua CSP scannercli container image to be used

Install modes

The values of the OPERATOR_NAMESPACE and OPERATOR_TARGET_NAMESPACES determine the install mode, which in turn determines the multitenancy support of the operator.

MODE	OPERATOR_NAMESPACE	OPERATOR_TARGET_NAMESPACES	DESCRIPTION
OwnNamespace	`operators`	`operators`	The operator can be configured to watch events in the namespace it is deployed in.
SingleNamespace	`operators`	`foo`	The operator can be configured to watch for events in a single namespace that the operator is not deployed in.
MultiNamespace	`operators`	`foo,bar,baz`	The operator can be configured to watch for events in more than one namespace.
AllNamespaces	`operators`		The operator can be configured to watch for events in all namespaces.

Vulnerability scanners

To enable Aqua CSP as vulnerability scanner set the value of the OPERATOR_SCANNER_AQUA_CSP_ENABLED to true and disable the default Trivy scanner by setting OPERATOR_SCANNER_TRIVY_ENABLED to false.

To configure the Aqua CSP scanner create the starboard-operator secret in the operators namespace:

$ kubectl create secret generic starboard-operator \
 --namespace operators \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_USERNAME=$AQUA_CONSOLE_USERNAME \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_PASSWORD=$AQUA_CONSOLE_PASSWORD \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_VERSION=$AQUA_VERSION \
 --from-literal OPERATOR_SCANNER_AQUA_CSP_HOST=http://csp-console-svc.aqua:8080

Contributing

Thanks for taking the time to join our community and start contributing!

See CONTRIBUTING.md for information about setting up your development environment and deploying the operator.
Check out the open issues.

How does it work?

Directories ¶

Path	Synopsis
cmd
operator
scanner
pkg
aqua
aqua/client
aqua/scanner/api
aqua/scanner/cli
controllers
etc
logs
reports
resources
scanner
trivy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

starboard-operator

Table of Contents

Configuration

Install modes

Vulnerability scanners

Contributing

How does it work?

Directories ¶