feat: new template "rancher-bench-security" (#188)

templates/rancher-bench-security/0/README.md

@@ -0,0 +1,20 @@
+# rancher-security-bench
+
+### Info:
+
+This template provides information about security issues in your rancher environment. It follow the recomendations of of https://dockerbench.com/
+
+It has a logic to run in every docker host of your rancher enironment and a web interface to see the results
+
+
+### Usage:
+
+The web interface runs on the port 80 of "web-server" service.
+
+You can access to it by adding a rancher load balancer or using traefik proxy.
+
+If you want to use traefik proxy just configure the domain parameter. The web will be accesible at http://rancher-security-bench.<YOUR DOMAIN>
+
+If you do not want to use traefik proxy just ignore the domain parameter
+
+You can customize the time interval in wich the automatic tests will be run. Just tune the "Refresh Interval" option.

templates/rancher-bench-security/0/docker-compose.yml

@@ -0,0 +1,34 @@
+rancher-bench-security:
+  image: germanramos/rancher-bench-security:1.11.0
+  labels:
+    io.rancher.container.pull_image: always
+    io.rancher.scheduler.global: 'true'
+    io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.container.hostname_override: container_name
+  net: host
+  pid: host
+  stdin_open: true
+  tty: true
+  volumes:
+    - /var/lib:/var/lib
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /usr/lib/systemd:/usr/lib/systemd
+    - /etc:/etc
+    - /tmp:/tmp
+  environment:
+    - INTERVAL=${INTERVAL}
+
+web-server:
+  image: germanramos/nginx-php-fpm:v5.6.21
+  stdin_open: true
+  tty: true
+  labels:
+    traefik.enable: stack
+    traefik.domain: ${TRAEFIK_DOMAIN}
+    traefik.port: 80
+    io.rancher.container.pull_image: always
+    io.rancher.scheduler.global: 'true'
+    io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.container.hostname_override: container_name
+  volumes:
+    - /tmp/cis:/var/www/html

templates/rancher-bench-security/0/rancher-compose.yml

@@ -0,0 +1,27 @@
+.catalog:
+  name: "rancher-bench-security"
+  version: "1.11.0"
+  minimum_rancher_version: "v0.46.0"
+  questions:
+    # Traefik parameters
+    - variable: "TRAEFIK_DOMAIN"
+      description: "Domain name to route rule. Ignore if you do not use traefik proxy"
+      label: "Traefik domain:"
+      required: true
+      default: "ml.innotechapp.com"
+      type: string
+    #  Service parameters
+    - variable: "INTERVAL"
+      description: "Interval to repeat all the tests"
+      label: "Refresh Interval:"
+      required: true
+      default: 600
+      type: int
+
+web-server:
+  health_check:
+    port: 80
+    interval: 2000
+    unhealthy_threshold: 3
+    healthy_threshold: 1
+    response_timeout: 2000

templates/rancher-bench-security/config.yml

@@ -0,0 +1,5 @@
+name: rancher-bench-security
+description: |
+  Generate report about docker specific security recommendations.
+version: 1.11.0
+maintainer: "German Ramos Garcia <german.ramos@gmail.com>"