-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Badrobot work with SDK #5798
Comments
More than happy to look at this. Regarding Bundles, I know you discussed with me rukpak Is this what you had in mind or support for CSV? I think it would also be good to understand how BadRobot will work in this instance (e.g. do you want all rulesets or a subset to start off with to encourage developers to review basic security configurations first?). |
When I say Bundles, I mean the off-cluster artifact that is produced by SDK when you package an operator for OLM, see example here. This is what is hosted on Operator Hub, and what our validators are run against. Due to rukpak it is likely the exact contents of a Bundle is going to change in the future, however. |
@ryantking is working on conversion logic from the current bundle format to the new rukpak format so he may have so additional insight as to the changes that a bundle may have in the future. |
For reference, here's the very WIP PR on that: https://github.com/operator-framework/rukpak/pull/396/files |
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
@openshift-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hey,
At Kubecon I attended a talk about operators as a threat vector to cluster security. I spoke with Kevin Ward (@wakeward), one of the maintainers on the project, about possibly integrating the tool they built, BadRobot. This issue is a place to discuss that.
Taking a look at the tool, it looks like the tool currently consumes a single yaml manifest that has been collated from the ones to provision the operator. I wonder if it would be possible to make it work on Bundles, at which point it could be packaged as a Validator, once we have External Validators working.
The text was updated successfully, but these errors were encountered: