Merge pull request #163 from leodotcloud/cis

cis changes

Merge pull request #163 from leodotcloud/cis
ba77c572 · Denise · GitHub · b5e3de1d · 549b4897 · ba77c572
Unverified Commit ba77c572 authored Mar 04, 2020 by Denise Committed by GitHub Mar 04, 2020
Show whitespace changes
Inline Side-by-side

Showing with 32 additions and 10 deletions

pod.yaml charts/rancher-cis-benchmark/v0.0.1/templates/pod.yaml +25 -6

values.yaml charts/rancher-cis-benchmark/v0.0.1/values.yaml +7 -4

No files found.
--- a/charts/rancher-cis-benchmark/v0.0.1/templates/pod.yaml
+++ b/charts/rancher-cis-benchmark/v0.0.1/templates/pod.yaml
@@ -14,6 +14,7 @@ metadata:
    run: sonobuoy-master
 spec:
  serviceAccountName: s-sa-{{ .Release.Name }}
+  terminationGracePeriodSeconds: 0
  volumes:
    - configMap:
        name: s-config-cm-{{ .Release.Name }}
@@ -23,10 +24,20 @@ spec:
      name: s-plugins-volume
    - emptyDir: {}
      name: output-volume
-    {{- if ne .Values.skipConfigMapName "" }}
+    {{- if ne .Values.userSkipConfigMapName "" }}
    - configMap:
-        name: {{ .Values.skipConfigMapName }}
-      name: s-skip-info-volume
+        name: {{ .Values.userSkipConfigMapName }}
+      name: user-skip-info-volume
+    {{- end }}
+    {{- if ne .Values.defaultSkipConfigMapName "" }}
+    - configMap:
+        name: {{ .Values.defaultSkipConfigMapName }}
+      name: default-skip-info-volume
+    {{- end }}
+    {{- if ne .Values.notApplicableConfigMapName "" }}
+    - configMap:
+        name: {{ .Values.notApplicableConfigMapName }}
+      name: not-applicable-info-volume
    {{- end }}
  containers:
    - name: {{ .Chart.Name }}
@@ -66,9 +77,17 @@ spec:
          name: s-plugins-volume
        - mountPath: /tmp/sonobuoy
          name: output-volume
-        {{- if ne .Values.skipConfigMapName "" }}
-        - mountPath: /etc/kbs
-          name: s-skip-info-volume
+        {{- if ne .Values.userSkipConfigMapName "" }}
+        - mountPath: /etc/kbs/userskip
+          name: user-skip-info-volume
+        {{- end }}
+        {{- if ne .Values.defaultSkipConfigMapName "" }}
+        - mountPath: /etc/kbs/defaultskip
+          name: default-skip-info-volume
+        {{- end }}
+        {{- if ne .Values.notApplicableConfigMapName "" }}
+        - mountPath: /etc/kbs/notapplicable
+          name: not-applicable-info-volume
        {{- end }}
      resources:
        {{- toYaml .Values.resources | nindent 12 }}

--- a/charts/rancher-cis-benchmark/v0.0.1/values.yaml
+++ b/charts/rancher-cis-benchmark/v0.0.1/values.yaml
@@ -6,9 +6,12 @@ replicaCount: 1

 # if owner is specified, it's used for the name of the configmap for results
 owner: ""
-# skipConfigMapName is used to specify the name of cm where the skip info is stored
-# skip has higher precedence than what's specified in the configmap
-skipConfigMapName: ""
+# userSkipConfigMapName is used to specify the name of cm where user skip info is stored
+userSkipConfigMapName: ""
+# defaultSkipConfigMapName is used to specify the name of cm where default skip info is stored
+defaultSkipConfigMapName: ""
+# notApplicableConfigMapName
+notApplicableConfigMapName: ""
 # overrideBenchmarkVersion is used to override the default benchmark version used for
 # a particular k8s version
 overrideBenchmarkVersion: ""
@@ -20,7 +23,7 @@ debugTime: "infinity"

 image:
  repository: rancher/security-scan
-  tag: v0.1.6
+  tag: v0.1.7
  pullPolicy: Always

 nameOverride: ""