Requirements
Build up infrastructure that allows a large matrix test.
OpenSource projects can submit an issue, listing which tests they have (both negative and positive), and we can run the tracers across all the matrix, then generalize the results, superset them into a SBoB . And retest that both anomaly-detection as well as (future) enforcement, actually work (or which parts of the matrix, they dont work)
bobctl --flag <flag_value||flag_default>
| cmd | flag | flag_value | flag_default |
|---|---|---|---|
| verify | --namespace, -n | kubernetes namespace for application | default |
| --agent | which agent (kubescape, neuvector, apparmour, seccomp) | kubescape | |
| --agentvalues | use supplied kubescape helm values | ||
| --remove, -rm | remove everything you did afterwards | false | |
| --help, -h | print help dialogue | ||
| configure | |||
| alert | |||
| enforce |
I drafting all of the functionality via Makefile, not cli. This is much faster and I can see where the UX would break.
make storage : some clusters dont have any storageclasses, so thats patched in
make kubescape: reads from ./kubescape/values.yaml and deploys that -> this can be overwritten by a user
make wipe: remove everything that was installed
make helm-install --no-bob: installs app without a bob
need make dependency-crd -> we need to implemenet the otpions:
- new kubecsape
- modify existin kubescape
- warn about missing crds , probably misconfig
Options:
helmfile TBC
helm of helm or umbrella helm -> Select as Default
Flux or Argo -> implement once helm works