feat: new template "rancher-bench-security" (#188)
This commit is contained in:
parent
008cf13d19
commit
3d3355ce0d
20
templates/rancher-bench-security/0/README.md
Normal file
20
templates/rancher-bench-security/0/README.md
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# rancher-security-bench
|
||||||
|
|
||||||
|
### Info:
|
||||||
|
|
||||||
|
This template provides information about security issues in your rancher environment. It follow the recomendations of of https://dockerbench.com/
|
||||||
|
|
||||||
|
It has a logic to run in every docker host of your rancher enironment and a web interface to see the results
|
||||||
|
|
||||||
|
|
||||||
|
### Usage:
|
||||||
|
|
||||||
|
The web interface runs on the port 80 of "web-server" service.
|
||||||
|
|
||||||
|
You can access to it by adding a rancher load balancer or using traefik proxy.
|
||||||
|
|
||||||
|
If you want to use traefik proxy just configure the domain parameter. The web will be accesible at http://rancher-security-bench.<YOUR DOMAIN>
|
||||||
|
|
||||||
|
If you do not want to use traefik proxy just ignore the domain parameter
|
||||||
|
|
||||||
|
You can customize the time interval in wich the automatic tests will be run. Just tune the "Refresh Interval" option.
|
34
templates/rancher-bench-security/0/docker-compose.yml
Normal file
34
templates/rancher-bench-security/0/docker-compose.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
rancher-bench-security:
|
||||||
|
image: germanramos/rancher-bench-security:1.11.0
|
||||||
|
labels:
|
||||||
|
io.rancher.container.pull_image: always
|
||||||
|
io.rancher.scheduler.global: 'true'
|
||||||
|
io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
|
||||||
|
io.rancher.container.hostname_override: container_name
|
||||||
|
net: host
|
||||||
|
pid: host
|
||||||
|
stdin_open: true
|
||||||
|
tty: true
|
||||||
|
volumes:
|
||||||
|
- /var/lib:/var/lib
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- /usr/lib/systemd:/usr/lib/systemd
|
||||||
|
- /etc:/etc
|
||||||
|
- /tmp:/tmp
|
||||||
|
environment:
|
||||||
|
- INTERVAL=${INTERVAL}
|
||||||
|
|
||||||
|
web-server:
|
||||||
|
image: germanramos/nginx-php-fpm:v5.6.21
|
||||||
|
stdin_open: true
|
||||||
|
tty: true
|
||||||
|
labels:
|
||||||
|
traefik.enable: stack
|
||||||
|
traefik.domain: ${TRAEFIK_DOMAIN}
|
||||||
|
traefik.port: 80
|
||||||
|
io.rancher.container.pull_image: always
|
||||||
|
io.rancher.scheduler.global: 'true'
|
||||||
|
io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
|
||||||
|
io.rancher.container.hostname_override: container_name
|
||||||
|
volumes:
|
||||||
|
- /tmp/cis:/var/www/html
|
27
templates/rancher-bench-security/0/rancher-compose.yml
Normal file
27
templates/rancher-bench-security/0/rancher-compose.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
.catalog:
|
||||||
|
name: "rancher-bench-security"
|
||||||
|
version: "1.11.0"
|
||||||
|
minimum_rancher_version: "v0.46.0"
|
||||||
|
questions:
|
||||||
|
# Traefik parameters
|
||||||
|
- variable: "TRAEFIK_DOMAIN"
|
||||||
|
description: "Domain name to route rule. Ignore if you do not use traefik proxy"
|
||||||
|
label: "Traefik domain:"
|
||||||
|
required: true
|
||||||
|
default: "ml.innotechapp.com"
|
||||||
|
type: string
|
||||||
|
# Service parameters
|
||||||
|
- variable: "INTERVAL"
|
||||||
|
description: "Interval to repeat all the tests"
|
||||||
|
label: "Refresh Interval:"
|
||||||
|
required: true
|
||||||
|
default: 600
|
||||||
|
type: int
|
||||||
|
|
||||||
|
web-server:
|
||||||
|
health_check:
|
||||||
|
port: 80
|
||||||
|
interval: 2000
|
||||||
|
unhealthy_threshold: 3
|
||||||
|
healthy_threshold: 1
|
||||||
|
response_timeout: 2000
|
BIN
templates/rancher-bench-security/catalogIcon.png
Normal file
BIN
templates/rancher-bench-security/catalogIcon.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 316 KiB |
5
templates/rancher-bench-security/config.yml
Normal file
5
templates/rancher-bench-security/config.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
name: rancher-bench-security
|
||||||
|
description: |
|
||||||
|
Generate report about docker specific security recommendations.
|
||||||
|
version: 1.11.0
|
||||||
|
maintainer: "German Ramos Garcia <german.ramos@gmail.com>"
|
Loading…
x
Reference in New Issue
Block a user