-
Notifications
You must be signed in to change notification settings - Fork 197
/
Copy pathinit.go
77 lines (71 loc) · 2.47 KB
/
init.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package cmd
import (
"context"
"fmt"
"os"
"github.com/aquasecurity/starboard/pkg/starboard"
"github.com/spf13/cobra"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
"k8s.io/cli-runtime/pkg/genericclioptions"
"k8s.io/client-go/kubernetes"
"sigs.k8s.io/controller-runtime/pkg/client"
)
func NewInitCmd(buildInfo starboard.BuildInfo, cf *genericclioptions.ConfigFlags) *cobra.Command {
cmd := &cobra.Command{
Use: "install",
Aliases: []string{"init"},
Short: "Create Kubernetes resources used by Starboard",
Long: `Create all the resources used by Starboard. It will create the following in your
Kubernetes cluster:
- CustomResourceDefinition objects:
- "vulnerabilityreports.aquasecurity.github.io"
- "clustervulnerabilityreports.aquasecurity.github.io"
- "configauditreports.aquasecurity.github.io"
- "clusterconfigauditreports.aquasecurity.github.io"
- "ciskubebenchreports.aquasecurity.github.io"
- "kubehunterreports.aquasecurity.github.io"
- RBAC objects:
- The "starboard" ClusterRole
- The "starboard" ClusterRoleBinding
- The "starboard" namespace with the following objects:
- The "starboard" service account
- The "starboard" ConfigMap
- The "starboard" secret
- The "starboard-trivy-config" ConfigMap
- The "starboard-polaris-config" ConfigMap
The "starboard" ConfigMap and the "starboard" secret contain the default
config parameters. However this can be modified to change the behaviour
of the scanners.
All resources created by this command can be removed from the cluster using
the "uninstall" command.`,
RunE: func(cmd *cobra.Command, args []string) error {
kubeConfig, err := cf.ToRESTConfig()
if err != nil {
return err
}
kubeClientset, err := kubernetes.NewForConfig(kubeConfig)
if err != nil {
return err
}
apiExtensionsClientset, err := apiextensionsv1.NewForConfig(kubeConfig)
if err != nil {
return err
}
scheme := starboard.NewScheme()
kubeClient, err := client.New(kubeConfig, client.Options{Scheme: scheme})
if err != nil {
return err
}
configManager := starboard.NewConfigManager(kubeClientset, starboard.NamespaceName)
installer := NewInstaller(buildInfo, kubeClientset, apiExtensionsClientset, kubeClient, configManager)
err = installer.Install(context.Background())
if err != nil {
return err
}
fmt.Fprintln(os.Stdout)
fmt.Fprintf(os.Stdout, starboard.Banner)
return nil
},
}
return cmd
}