Skip to content

Commit

Permalink
adding kube-system exceptions (#579)
Browse files Browse the repository at this point in the history 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
  • Loading branch information
@dwertent
dwertent committed Feb 18, 2024
1 parent bc7b626 commit 84627a0
Show file tree
Hide file tree
Showing 4 changed files with 196 additions and 2 deletions.
126 changes: 125 additions & 1 deletion exceptions/gke.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1006,6 +1006,20 @@
"name": "validation-webhook.snapshot.storage.gke.io"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ValidatingWebhookConfiguration",
"name": "gmp-operator.gmp-system.monitoring.googleapis.com"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ValidatingWebhookConfiguration",
"name": "warden-validating.config.common-webhooks.networking.gke.io"
}
},
{
"designatorType": "Attributes",
"attributes": {
Expand Down Expand Up @@ -1103,6 +1117,20 @@
"kind": "Namespace",
"name": "kube-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "Namespace",
"name": "gmp-public"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "Namespace",
"name": "gmp-system"
}
}
],
"posturePolicies": [
Expand Down Expand Up @@ -1142,11 +1170,107 @@
"name": "route-controller",
"namespace": "kube-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "superadmin",
"namespace": "kube-system"
}

},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "pkgextract-service",
"namespace": "kube-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "pkgextract-service",
"namespace": "kube-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "default",
"namespace": "gmp-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "collector",
"namespace": "gmp-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "operator",
"namespace": "gmp-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "collector",
"namespace": "gmp-public"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "StatefulSet",
"name": "alertmanager",
"namespace": "gmp-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "DaemonSet",
"name": "collector",
"namespace": "gmp-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "Deployment",
"name": "rule-evaluator",
"namespace": "gmp-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "Deployment",
"name": "gmp-operator",
"namespace": "gmp-system"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ConfigMap",
"name": "gke-metrics-agent-conf",
"namespace": "kube-system"
}
}
],
"posturePolicies": [
{
"controlID": "c-0053"
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion exceptions/kube-apiserver.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"controlID": "c-0017"
},
{
"controlID": "c-0013 "
"controlID": "c-0013"
},
{
"controlID": "c-0020"
Expand Down
38 changes: 38 additions & 0 deletions exceptions/kubescape.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,14 @@
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "Deployment",
"name": "synchronizer",
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
Expand Down Expand Up @@ -497,6 +505,14 @@
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "synchronizer",
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
Expand Down Expand Up @@ -720,5 +736,27 @@
"controlID": "c-0076"
}
]
},
{
"name": "exclude-ns",
"policyType": "postureExceptionPolicy",
"actions": [
"alertOnly"
],
"attributes": {
"systemException": true
},
"resources": [
{
"designatorType": "Attributes",
"attributes": {
"kind": "Namespace",
"name": "kubescape"
}
}
],
"posturePolicies": [
{}
]
}
]
32 changes: 32 additions & 0 deletions exceptions/minikube.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,38 @@
"name": "coredns"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "Deployment",
"namespace": "kube-system",
"name": "sealed-secrets-controller"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "DaemonSet",
"namespace": "kube-system",
"name": "tpu-device-plugin"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "DaemonSet",
"namespace": "kube-system",
"name": "runsc-metric-server"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "DaemonSet",
"namespace": "kube-system",
"name": "nvidia-gpu-.*"
}
},
{
"designatorType": "Attributes",
"attributes": {
Expand Down

0 comments on commit 84627a0

Please sign in to comment.