-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add aws releated kubernetes modules
Signed-off-by: peefy <[email protected]>
- Loading branch information
Showing
6 changed files
with
50 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| ## Introduction | ||
|
|
||
| `deamon-require-aws-node-irsa` is a KCL validation package to validate services of type LoadBalancer when deployed inside AWS have support for transport encryption if it is enabled via an annotation. This policy requires that Services of type LoadBalancer contain the annotation `service.beta.kubernetes.io/aws-load-balancer-ssl-cert` with some value. | ||
|
|
||
| ## Resource | ||
|
|
||
| The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/deamon-require-aws-node-irsa) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| [package] | ||
| name = "deamon-require-aws-node-irsa" | ||
| version = "0.1.0" | ||
| description = "`deamon-require-aws-node-irsa` is a kcl validation package" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| """Services of type LoadBalancer when deployed inside AWS have support for | ||
| transport encryption if it is enabled via an annotation. This policy requires | ||
| that Services of type LoadBalancer contain the annotation | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-cert with some value. | ||
| """ | ||
|
|
||
| # Define the validation function | ||
| validate = lambda item { | ||
| if item.kind == "DaemonSet" and item.metadata.name == "aws-node" and item.metadata.namespace == "kube-system": | ||
| assert item.spec?.template?.spec?.serviceAccountName == "!aws-node", "Update the aws-node daemonset to use IRSA." | ||
| item | ||
| } | ||
|
|
||
| # Validate All resource | ||
| items = [validate(i) for i in option("items")] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| ## Introduction | ||
|
|
||
| ## Resource | ||
|
|
||
| The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/svc-require-encryption-aws-loadbalancers) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| [package] | ||
| name = "svc-require-encryption-aws-loadbalancers" | ||
| version = "0.1.0" | ||
| description = "`svc-require-encryption-aws-loadbalancers` is a kcl validation package" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| """Services of type LoadBalancer when deployed inside AWS have support for | ||
| transport encryption if it is enabled via an annotation. This policy requires | ||
| that Services of type LoadBalancer contain the annotation | ||
| service.beta.kubernetes.io/aws-load-balancer-ssl-cert with some value. | ||
| """ | ||
|
|
||
| # Define the validation function | ||
| validate = lambda item { | ||
| if item.kind == "Service": | ||
| assert item.metadata?.annotation?["service.beta.kubernetes.io/aws-load-balancer-ssl-cert"] if item?.spec?.type == "LoadBalancer", "Service of type LoadBalancer must carry the annotation service.beta.kubernetes.io/aws-load-balancer-ssl-cert." | ||
| item | ||
| } | ||
|
|
||
| # Validate All resource | ||
| items = [validate(i) for i in option("items")] |