Acunetix360 Scanner on Kubernetes with Terraform

This project deploys an Acunetix360 scanner agent on Azure Kubernetes Service (AKS) using Terraform and GitHub Actions.

Architecture

• Azure Kubernetes Service (AKS): Hosts the Acunetix360 scanner agent
• Azure Container Registry (ACR): Stores the Docker image for the scanner agent
• Terraform: Manages the Azure infrastructure
• GitHub Actions: Automates the deployment process

Prerequisites

• An Azure subscription
• An Acunetix360 account
• GitHub repository with GitHub Actions enabled

Setup

1. Azure Service Principal

Create an Azure Service Principal for GitHub Actions:

az ad sp create-for-rbac --name "acunetix360-github-actions" --role contributor \
                          --scopes /subscriptions/{subscription-id}/resourceGroups/ONRR-ISS \
                          --sdk-auth

Save the output JSON for the next step.

2. GitHub Secrets

Add the following secrets to your GitHub repository:

• AZURE_CREDENTIALS: The JSON output from the Azure Service Principal creation
• ACUNETIX_EMAIL: Your Acunetix360 account email
• ACUNETIX_PASSWORD: Your Acunetix360 account password
• ACUNETIX_API_URL (optional): Custom API URL if not using the default

3. Deployment

The deployment will be triggered automatically on push to the main branch, or you can manually trigger it from the GitHub Actions tab.

Manual Deployment

If you need to deploy manually:

1. Install the required tools:

   • Terraform
   • Azure CLI
   • kubectl

2. Log in to Azure:

   az login

3. Initialize and apply Terraform:

   cd terraform
   terraform init
   terraform apply

4. Build and push the Docker image:

   ACR_LOGIN_SERVER=$(terraform output -raw acr_login_server)
   az acr login --name $(echo $ACR_LOGIN_SERVER | cut -d'.' -f1)
   docker build -t $ACR_LOGIN_SERVER/acunetix360-scanner:latest .
   docker push $ACR_LOGIN_SERVER/acunetix360-scanner:latest

5. Deploy to Kubernetes:

   az aks get-credentials --resource-group ONRR-ISS --name acunetix360-aks
   kubectl apply -f kubernetes/configmap.yaml
   kubectl apply -f kubernetes/service.yaml
   
   # Replace ACR_LOGIN_SERVER in deployment.yaml
   sed -i 's|\${ACR_LOGIN_SERVER}|'$ACR_LOGIN_SERVER'|g' kubernetes/deployment.yaml
   kubectl apply -f kubernetes/deployment.yaml
   
   # Create secrets
   kubectl create secret generic acunetix360-credentials \
     --from-literal=email=your-email@example.com \
     --from-literal=password=your-password

Customization

Terraform Variables

You can customize the deployment by modifying the variables in terraform/variables.tf:

• prefix: Prefix for all resources (default: "acunetix360")
• kubernetes_version: Kubernetes version (default: "1.27.3")
• node_count: Initial number of nodes (default: 2)
• min_node_count: Minimum number of nodes for auto-scaling (default: 1)
• max_node_count: Maximum number of nodes for auto-scaling (default: 5)
• vm_size: VM size for AKS nodes (default: "Standard_D2s_v3")

Kubernetes Configuration

You can customize the Kubernetes deployment by modifying the files in the kubernetes/ directory:

• deployment.yaml: Deployment configuration (replicas, resources, etc.)
• service.yaml: Service configuration
• configmap.yaml: ConfigMap for non-sensitive configuration

Maintenance

Updating the Scanner Agent

To update the scanner agent:

1. Update the Dockerfile or scanner-agent-installer.sh as needed
2. Push the changes to the main branch
3. GitHub Actions will automatically rebuild and deploy the updated scanner

Scaling

To scale the number of scanner agents:

kubectl scale deployment acunetix360-scanner --replicas=3

Troubleshooting

Checking Logs

kubectl get pods
kubectl logs -f <pod-name>

Checking Deployment Status

kubectl get deployments
kubectl describe deployment acunetix360-scanner

Security Considerations

• All sensitive information is stored in Kubernetes secrets
• The scanner agent runs as a non-root user
• Network policies are applied to restrict traffic
• The container has minimal permissions