From 7ae6002e73e541c7d89f563aa53a97b6babea0a3 Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 10:33:38 -0400 Subject: [PATCH 01/11] Create GettingImages This file addition can be used prior to initial deployment when the user needs to pull the images and push them to their local registry. This is suggested for continuous deployment rather than referencing the Aquasec registry. --- automation/shell/GettingImages | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 automation/shell/GettingImages diff --git a/automation/shell/GettingImages b/automation/shell/GettingImages new file mode 100644 index 000000000..eb3b7592a --- /dev/null +++ b/automation/shell/GettingImages @@ -0,0 +1,33 @@ +#!/bin/sh + +##----------------MODIFY BETWEEN THESE LINES IF NECESSARY----------------------- +##Version, used for the specific release of the product +version=$1 +##tag_name, used to identify the string for the tag_name +##usage $tag_name/aqua-component:$version +tag_name=$2 +##------------------------------------------------------------------------------ + #Docker pull, to pull the iamges based on version +docker pull registry.aquasec.com/enforcer:$version +docker pull registry.aquasec.com/console:$version +docker pull registry.aquasec.com/gateway:$version +docker pull registry.aquasec.com/scanner:$version +docker pull registry.aquasec.com/database:$version + +#tag +docker tag registry.aquasec.com/console:$version $tag_name/aqua-console:$version +docker tag registry.aquasec.com/gateway:$version $tag_name/aqua-gateway:$version +docker tag registry.aquasec.com/scanner:$version $tag_name/aqua-scanner:$version +docker tag registry.aquasec.com/enforcer:$version $tag_name/aqua-enforcer:$version +docker tag registry.aquasec.com/database:$version $tag_name/database:$version + +#push +docker push $tag_name/aqua-console:$version +docker push $tag_name/aqua-gateway:$version +docker push $tag_name/aqua-scanner:$version +docker push $tag_name/aqua-enforcer:$version +docker push $tag_name/database:$version + +echo "" +echo "Done pulling, tagging, and pushing" +echo "" From f3bc9c45aea9487290d0fe8456de76a397fad415 Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 10:34:29 -0400 Subject: [PATCH 02/11] Rename GettingImages to aquasec-ptp.sh --- automation/shell/{GettingImages => aquasec-ptp.sh} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename automation/shell/{GettingImages => aquasec-ptp.sh} (100%) diff --git a/automation/shell/GettingImages b/automation/shell/aquasec-ptp.sh similarity index 100% rename from automation/shell/GettingImages rename to automation/shell/aquasec-ptp.sh From c728cf2a8d6b4828f0d5b04e8ec268733f1431bb Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 10:43:09 -0400 Subject: [PATCH 03/11] Create aquaimages-ptp.sh --- .../shell/Pull,Tag,Push/aquaimages-ptp.sh | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 automation/shell/Pull,Tag,Push/aquaimages-ptp.sh diff --git a/automation/shell/Pull,Tag,Push/aquaimages-ptp.sh b/automation/shell/Pull,Tag,Push/aquaimages-ptp.sh new file mode 100644 index 000000000..eb3b7592a --- /dev/null +++ b/automation/shell/Pull,Tag,Push/aquaimages-ptp.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +##----------------MODIFY BETWEEN THESE LINES IF NECESSARY----------------------- +##Version, used for the specific release of the product +version=$1 +##tag_name, used to identify the string for the tag_name +##usage $tag_name/aqua-component:$version +tag_name=$2 +##------------------------------------------------------------------------------ + #Docker pull, to pull the iamges based on version +docker pull registry.aquasec.com/enforcer:$version +docker pull registry.aquasec.com/console:$version +docker pull registry.aquasec.com/gateway:$version +docker pull registry.aquasec.com/scanner:$version +docker pull registry.aquasec.com/database:$version + +#tag +docker tag registry.aquasec.com/console:$version $tag_name/aqua-console:$version +docker tag registry.aquasec.com/gateway:$version $tag_name/aqua-gateway:$version +docker tag registry.aquasec.com/scanner:$version $tag_name/aqua-scanner:$version +docker tag registry.aquasec.com/enforcer:$version $tag_name/aqua-enforcer:$version +docker tag registry.aquasec.com/database:$version $tag_name/database:$version + +#push +docker push $tag_name/aqua-console:$version +docker push $tag_name/aqua-gateway:$version +docker push $tag_name/aqua-scanner:$version +docker push $tag_name/aqua-enforcer:$version +docker push $tag_name/database:$version + +echo "" +echo "Done pulling, tagging, and pushing" +echo "" From 4dc9af54edf6b5f7f8d012edfe4fa0e672561b32 Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 10:43:30 -0400 Subject: [PATCH 04/11] Delete aquasec-ptp.sh migration --- automation/shell/aquasec-ptp.sh | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 automation/shell/aquasec-ptp.sh diff --git a/automation/shell/aquasec-ptp.sh b/automation/shell/aquasec-ptp.sh deleted file mode 100644 index eb3b7592a..000000000 --- a/automation/shell/aquasec-ptp.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh - -##----------------MODIFY BETWEEN THESE LINES IF NECESSARY----------------------- -##Version, used for the specific release of the product -version=$1 -##tag_name, used to identify the string for the tag_name -##usage $tag_name/aqua-component:$version -tag_name=$2 -##------------------------------------------------------------------------------ - #Docker pull, to pull the iamges based on version -docker pull registry.aquasec.com/enforcer:$version -docker pull registry.aquasec.com/console:$version -docker pull registry.aquasec.com/gateway:$version -docker pull registry.aquasec.com/scanner:$version -docker pull registry.aquasec.com/database:$version - -#tag -docker tag registry.aquasec.com/console:$version $tag_name/aqua-console:$version -docker tag registry.aquasec.com/gateway:$version $tag_name/aqua-gateway:$version -docker tag registry.aquasec.com/scanner:$version $tag_name/aqua-scanner:$version -docker tag registry.aquasec.com/enforcer:$version $tag_name/aqua-enforcer:$version -docker tag registry.aquasec.com/database:$version $tag_name/database:$version - -#push -docker push $tag_name/aqua-console:$version -docker push $tag_name/aqua-gateway:$version -docker push $tag_name/aqua-scanner:$version -docker push $tag_name/aqua-enforcer:$version -docker push $tag_name/database:$version - -echo "" -echo "Done pulling, tagging, and pushing" -echo "" From f52a6fd3350a53307a4e7e0aa62915a37c3c91ec Mon Sep 17 00:00:00 2001 From: pthomson Date: Wed, 9 Oct 2019 10:47:08 -0400 Subject: [PATCH 05/11] directory change. directory change. --- .DS_Store | Bin 0 -> 6148 bytes automation/.DS_Store | Bin 0 -> 6148 bytes .../aquaimages-ptp.sh | 0 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 .DS_Store create mode 100644 automation/.DS_Store rename automation/shell/{Pull,Tag,Push => Pull-Tag-Push}/aquaimages-ptp.sh (100%) diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..bb264c376d8cd1ca78136cd9ef0f995cc48856b4 GIT binary patch literal 6148 zcmeHKyH3L}6uoX!R23l=2_y!Fhz~$?0x_jk_=5fbv_UN>AyprHc7B45uVCO0m|40b z(E-8ExwZ?jnieKN=w8V_&V9tkM~WR2k!nq%22q`es%VT}4PAk8oZEtxtY;Ib_#JVt z(e9?nU?Ec+qJSvy7Zu=d*Q0&v(FKj2@3-_a%g2&53_Ee!fvGhlXk~oR z&+QG~4N9p-XEdQPrIcVa27{EYqER>Qq-l%|r8vPMSw4DRmX{}d{d)McWe68enxvoP zzshwMQaRv-RH#ca$WJJ8*ire;jpjK$&W`7ta`ky8#Tm~06!82Tn0p8geLANRgdA!) z**9|eyiHeU=lM<7nsa_D-k<0Dy$Xka<$?K&{fYwoiNUJt2BjATL;+FYLjm3&d^Ej s?G%lT^D=|F1f4yO^?;A!9W-r-`8)sy7BhqJz~o0j%OIU7@S_U618pCotpET3 literal 0 HcmV?d00001 diff --git a/automation/.DS_Store b/automation/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..07ee07e5056fbe2a5ee76b4d00dc79c5f72cf836 GIT binary patch literal 6148 zcmeHKu};H44E41^1hI5r=th2_6B1LX!WZ-hAPJ(wMJZ~#G2|1N`2i+Ag5P1_7vTBq zmP82>6GD|O`QF86-#IU*yO@aFd|S?lCPWlN8Am5*28731doofB$GI>^K^yY^ezqv; zp0^qPBLn>Hj_H;jXp6S>{i>Cud;Z+_sOl`seVt<@{(QZ7KYMw*8uBWC;k8=wZrQE& z#ETx$nwE4&o_x73d|uZc+pBGsEv7-^>0@`ao!-aha+h9f+N%CeZP=reRut0W)J%*4 zW55_V2nP62g~X?V)*1uGfHAOVfX{~n%9tuPg5l^u6G{MJ1alDdxt8FVL@`xt1Tg|} z5(<=1rzM7yaM%;|OBEYI2`8t;htrjvRwyp4j`@?|PA(O+))+7bx(tlval-fi_0RQx zH^`oh0b}5x7;sUx$mVz@y<2-P$9HW4y@9f@Un95=K_^_r@a3y`3Jn5#!X03$*a*S` Pu^)jzgEhv$pEB?TBxY0@ literal 0 HcmV?d00001 diff --git a/automation/shell/Pull,Tag,Push/aquaimages-ptp.sh b/automation/shell/Pull-Tag-Push/aquaimages-ptp.sh similarity index 100% rename from automation/shell/Pull,Tag,Push/aquaimages-ptp.sh rename to automation/shell/Pull-Tag-Push/aquaimages-ptp.sh From 70743c6edd583b51c536421d6de3b2cc2cbeb239 Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 10:49:09 -0400 Subject: [PATCH 06/11] Create README.md --- automation/shell/Pull-Tag-Push/README.md | 38 ++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 automation/shell/Pull-Tag-Push/README.md diff --git a/automation/shell/Pull-Tag-Push/README.md b/automation/shell/Pull-Tag-Push/README.md new file mode 100644 index 000000000..248184f12 --- /dev/null +++ b/automation/shell/Pull-Tag-Push/README.md @@ -0,0 +1,38 @@ + + +# Aqua Security Deployment Integrations + +[Aqua Security](https://www.aquasec.com) deployment repository. + +## Pull - Tag - Push + +* [**Automation**](automation/) - Contains deployment code for Aqua Container Security Platform (CSP) + * [**Shell**](automation/shell/) - Shell scripts to deploy Aqua Container Security Platform (CSP) on your servers. + * [**Aquactl**](automation/aquactl/) - Aqua Command line for deploy aqua components and manage aqua +* [**Cloud**](cloud/) - Aqua Container Security Platform (CSP) templates and deployments in public clouds. + * [**AWS**](cloud/aws/) - AWS deployment with CloudFormation templates, Terraform, etc. + * [**Azure**](cloud/azure/) - Microsoft Azure deployment with templates, etc. + * [**GCP**](cloud/gcp/) - Google GCP deployment with Marketplace, Helm, etc. +* [**Orchestrators**](orchestrators/) - Deploy Aqua Container Security Platform (CSP) on Docker orchestrators + * [**Kubernetes**](orchestrators/kubernetes/) - Deploy Aqua Container Security Platform (CSP) on Kubernetes with Helm, templates, etc. + * [**Mesosphere DC/OS**](orchestrators/dcos/) - Deploy Aqua Container Security Platform (CSP) on Mesosphere DC/OS. + * [**OpenShift**](orchestrators/openshift/) - Deploy Aqua Container Security Platform (CSP) on OpenShift with templates. + +## CI Plugins + +* **Jenkins** - [*Aqua Security Scanner Plugin*](https://github.com/jenkinsci/aqua-security-scanner-plugin) - Adds a Build Step for scanning Docker images, local or hosted on registries, for security vulnerabilities, using the API provided by Aqua Security. +* **Bamboo** - [*Aqua Security Scanner Bamboo*](https://marketplace.atlassian.com/apps/1216895/container-security?hosting=server&tab=overview) - Vulnerability scanner for container images for Atlassian Bamboo. +* **CircleCI** - [*CircleCI Orb MicroScanner*](https://github.com/aquasecurity/circleci-orb-microscanner) - Enables scanning of Docker builds in CircleCi for OS package vulnerabilities. +* **VSTS** - [*Container Security For VSTS*](https://marketplace.visualstudio.com/items?itemName=aquasec.aquasec) - Microsoft VSTS users can integrate with Aqua’s continuous image assurance, which is the most comprehensive, automated solution on the market for scanning and locking down container images, with deep scanning of container layers for vulnerabilities, and persistent controls to assure image integrity throughout its lifecycle. + +##### Aqua Security CI/CD Blogs + +* [*10 Essential Container CI/CD Tools*](https://blog.aquasec.com/10-essential-container-ci/cd-tools) + +## Open Source Tools +* [**kube-bench**](https://github.com/aquasecurity/kube-bench) - The Kubernetes Bench for Security is a Go application that checks whether Kubernetes is deployed according to security best practices. +* [**kube-hunter**](https://github.com/aquasecurity/kube-hunter) - Hunts for security weaknesses in Kubernetes clusters. +* [**MicroScanner**](https://github.com/aquasecurity/microscanner) - Scans your container images for package vulnerabilities. + +## Issues and feedback +If you encounter any problems or would like to give us feedback on deployments, we encourage you to raise issues here on GitHub. From 86f50ea3bbbac6f00961feb2ff447e320e71b668 Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 10:59:23 -0400 Subject: [PATCH 07/11] Update README.md --- automation/shell/Pull-Tag-Push/README.md | 34 +++--------------------- 1 file changed, 4 insertions(+), 30 deletions(-) diff --git a/automation/shell/Pull-Tag-Push/README.md b/automation/shell/Pull-Tag-Push/README.md index 248184f12..7edd5af5b 100644 --- a/automation/shell/Pull-Tag-Push/README.md +++ b/automation/shell/Pull-Tag-Push/README.md @@ -1,38 +1,12 @@ -# Aqua Security Deployment Integrations +# Aqua Security Pre-Deployment Task [Aqua Security](https://www.aquasec.com) deployment repository. ## Pull - Tag - Push -* [**Automation**](automation/) - Contains deployment code for Aqua Container Security Platform (CSP) - * [**Shell**](automation/shell/) - Shell scripts to deploy Aqua Container Security Platform (CSP) on your servers. - * [**Aquactl**](automation/aquactl/) - Aqua Command line for deploy aqua components and manage aqua -* [**Cloud**](cloud/) - Aqua Container Security Platform (CSP) templates and deployments in public clouds. - * [**AWS**](cloud/aws/) - AWS deployment with CloudFormation templates, Terraform, etc. - * [**Azure**](cloud/azure/) - Microsoft Azure deployment with templates, etc. - * [**GCP**](cloud/gcp/) - Google GCP deployment with Marketplace, Helm, etc. -* [**Orchestrators**](orchestrators/) - Deploy Aqua Container Security Platform (CSP) on Docker orchestrators - * [**Kubernetes**](orchestrators/kubernetes/) - Deploy Aqua Container Security Platform (CSP) on Kubernetes with Helm, templates, etc. - * [**Mesosphere DC/OS**](orchestrators/dcos/) - Deploy Aqua Container Security Platform (CSP) on Mesosphere DC/OS. - * [**OpenShift**](orchestrators/openshift/) - Deploy Aqua Container Security Platform (CSP) on OpenShift with templates. +* **Usage** ./aquaimages-ptp.sh + +* [**Example**] ./aquaimages-ptp.sh 4.5 myregistry.internal.com -## CI Plugins - -* **Jenkins** - [*Aqua Security Scanner Plugin*](https://github.com/jenkinsci/aqua-security-scanner-plugin) - Adds a Build Step for scanning Docker images, local or hosted on registries, for security vulnerabilities, using the API provided by Aqua Security. -* **Bamboo** - [*Aqua Security Scanner Bamboo*](https://marketplace.atlassian.com/apps/1216895/container-security?hosting=server&tab=overview) - Vulnerability scanner for container images for Atlassian Bamboo. -* **CircleCI** - [*CircleCI Orb MicroScanner*](https://github.com/aquasecurity/circleci-orb-microscanner) - Enables scanning of Docker builds in CircleCi for OS package vulnerabilities. -* **VSTS** - [*Container Security For VSTS*](https://marketplace.visualstudio.com/items?itemName=aquasec.aquasec) - Microsoft VSTS users can integrate with Aqua’s continuous image assurance, which is the most comprehensive, automated solution on the market for scanning and locking down container images, with deep scanning of container layers for vulnerabilities, and persistent controls to assure image integrity throughout its lifecycle. - -##### Aqua Security CI/CD Blogs - -* [*10 Essential Container CI/CD Tools*](https://blog.aquasec.com/10-essential-container-ci/cd-tools) - -## Open Source Tools -* [**kube-bench**](https://github.com/aquasecurity/kube-bench) - The Kubernetes Bench for Security is a Go application that checks whether Kubernetes is deployed according to security best practices. -* [**kube-hunter**](https://github.com/aquasecurity/kube-hunter) - Hunts for security weaknesses in Kubernetes clusters. -* [**MicroScanner**](https://github.com/aquasecurity/microscanner) - Scans your container images for package vulnerabilities. - -## Issues and feedback -If you encounter any problems or would like to give us feedback on deployments, we encourage you to raise issues here on GitHub. From 54d88a7dcb1ffe8700d38d5a29f33e07a4003a62 Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 11:00:39 -0400 Subject: [PATCH 08/11] Update README.md --- automation/shell/Pull-Tag-Push/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/shell/Pull-Tag-Push/README.md b/automation/shell/Pull-Tag-Push/README.md index 7edd5af5b..7a13e01b1 100644 --- a/automation/shell/Pull-Tag-Push/README.md +++ b/automation/shell/Pull-Tag-Push/README.md @@ -6,7 +6,7 @@ ## Pull - Tag - Push -* **Usage** ./aquaimages-ptp.sh +* **Usage** ./aquaimages-ptp.sh "" "" * [**Example**] ./aquaimages-ptp.sh 4.5 myregistry.internal.com From 3fd210a1b3095bae8775b6d78586c1124fcc9c65 Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 11:01:34 -0400 Subject: [PATCH 09/11] Update README.md --- automation/shell/Pull-Tag-Push/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/shell/Pull-Tag-Push/README.md b/automation/shell/Pull-Tag-Push/README.md index 7a13e01b1..829ece584 100644 --- a/automation/shell/Pull-Tag-Push/README.md +++ b/automation/shell/Pull-Tag-Push/README.md @@ -6,7 +6,7 @@ ## Pull - Tag - Push -* **Usage** ./aquaimages-ptp.sh "" "" +* **Usage** ./aquaimages-ptp.sh [version] [registry prefix] * [**Example**] ./aquaimages-ptp.sh 4.5 myregistry.internal.com From eb1ec079829adfdcc5d4792bd66d279b2bff337a Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Wed, 9 Oct 2019 10:34:29 -0400 Subject: [PATCH 10/11] squash Rename GettingImages to aquasec-ptp.sh squash Create aquaimages-ptp.sh squash Delete aquasec-ptp.sh squash migration squash directory change. squash directory change. squash Create README.md squash Update README.md squash Update README.md squash Update README.md squash Rename GettingImages to aquasec-ptp.sh squash Create aquaimages-ptp.sh squash Delete aquasec-ptp.sh squash migration squash directory change. squash directory change. pick Create README.md pick Rename GettingImages to aquasec-ptp.sh squash Create aquaimages-ptp.sh squash Delete aquasec-ptp.sh squash migration squash directory change. squash directory change. squash Create README.md squash Update README.md squash Update README.md squash Update README.md squash Rename GettingImages to aquasec-ptp.sh squash Create aquaimages-ptp.sh squash Delete aquasec-ptp.sh squash migration squash directory change. squash directory change. squash Create README.md squash Update README.md squash Update README.md Update README.md --- automation/shell/Pull-Tag-Push/README.md | 75 ++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/automation/shell/Pull-Tag-Push/README.md b/automation/shell/Pull-Tag-Push/README.md index 829ece584..9af8494c0 100644 --- a/automation/shell/Pull-Tag-Push/README.md +++ b/automation/shell/Pull-Tag-Push/README.md @@ -1,12 +1,87 @@ +<<<<<<< HEAD +<<<<<<< HEAD # Aqua Security Pre-Deployment Task +======= +<<<<<<< HEAD +# Aqua Security Pre-Deployment Task +======= +# Aqua Security Deployment Integrations +>>>>>>> 70743c6... Create README.md +<<<<<<< HEAD +>>>>>>> ba26701... Rename GettingImages to aquasec-ptp.sh +======= +======= +# Aqua Security Pre-Deployment Task +>>>>>>> 86f50ea... Update README.md +>>>>>>> bb53c1a... pick Rename GettingImages to aquasec-ptp.sh [Aqua Security](https://www.aquasec.com) deployment repository. ## Pull - Tag - Push +<<<<<<< HEAD +<<<<<<< HEAD +======= +<<<<<<< HEAD +>>>>>>> ba26701... Rename GettingImages to aquasec-ptp.sh +======= +<<<<<<< HEAD +<<<<<<< HEAD +<<<<<<< HEAD +>>>>>>> bb53c1a... pick Rename GettingImages to aquasec-ptp.sh +* **Usage** ./aquaimages-ptp.sh [version] [registry prefix] + +* [**Example**] ./aquaimages-ptp.sh 4.5 myregistry.internal.com + +<<<<<<< HEAD +======= +======= +* [**Automation**](automation/) - Contains deployment code for Aqua Container Security Platform (CSP) + * [**Shell**](automation/shell/) - Shell scripts to deploy Aqua Container Security Platform (CSP) on your servers. + * [**Aquactl**](automation/aquactl/) - Aqua Command line for deploy aqua components and manage aqua +* [**Cloud**](cloud/) - Aqua Container Security Platform (CSP) templates and deployments in public clouds. + * [**AWS**](cloud/aws/) - AWS deployment with CloudFormation templates, Terraform, etc. + * [**Azure**](cloud/azure/) - Microsoft Azure deployment with templates, etc. + * [**GCP**](cloud/gcp/) - Google GCP deployment with Marketplace, Helm, etc. +* [**Orchestrators**](orchestrators/) - Deploy Aqua Container Security Platform (CSP) on Docker orchestrators + * [**Kubernetes**](orchestrators/kubernetes/) - Deploy Aqua Container Security Platform (CSP) on Kubernetes with Helm, templates, etc. + * [**Mesosphere DC/OS**](orchestrators/dcos/) - Deploy Aqua Container Security Platform (CSP) on Mesosphere DC/OS. + * [**OpenShift**](orchestrators/openshift/) - Deploy Aqua Container Security Platform (CSP) on OpenShift with templates. + +## CI Plugins + +* **Jenkins** - [*Aqua Security Scanner Plugin*](https://github.com/jenkinsci/aqua-security-scanner-plugin) - Adds a Build Step for scanning Docker images, local or hosted on registries, for security vulnerabilities, using the API provided by Aqua Security. +* **Bamboo** - [*Aqua Security Scanner Bamboo*](https://marketplace.atlassian.com/apps/1216895/container-security?hosting=server&tab=overview) - Vulnerability scanner for container images for Atlassian Bamboo. +* **CircleCI** - [*CircleCI Orb MicroScanner*](https://github.com/aquasecurity/circleci-orb-microscanner) - Enables scanning of Docker builds in CircleCi for OS package vulnerabilities. +* **VSTS** - [*Container Security For VSTS*](https://marketplace.visualstudio.com/items?itemName=aquasec.aquasec) - Microsoft VSTS users can integrate with Aqua’s continuous image assurance, which is the most comprehensive, automated solution on the market for scanning and locking down container images, with deep scanning of container layers for vulnerabilities, and persistent controls to assure image integrity throughout its lifecycle. + +##### Aqua Security CI/CD Blogs + +* [*10 Essential Container CI/CD Tools*](https://blog.aquasec.com/10-essential-container-ci/cd-tools) + +## Open Source Tools +* [**kube-bench**](https://github.com/aquasecurity/kube-bench) - The Kubernetes Bench for Security is a Go application that checks whether Kubernetes is deployed according to security best practices. +* [**kube-hunter**](https://github.com/aquasecurity/kube-hunter) - Hunts for security weaknesses in Kubernetes clusters. +* [**MicroScanner**](https://github.com/aquasecurity/microscanner) - Scans your container images for package vulnerabilities. + +## Issues and feedback +If you encounter any problems or would like to give us feedback on deployments, we encourage you to raise issues here on GitHub. +>>>>>>> 70743c6... Create README.md +<<<<<<< HEAD +>>>>>>> ba26701... Rename GettingImages to aquasec-ptp.sh +======= +======= +* **Usage** ./aquaimages-ptp.sh +======= +* **Usage** ./aquaimages-ptp.sh "" "" +>>>>>>> 54d88a7... Update README.md +======= * **Usage** ./aquaimages-ptp.sh [version] [registry prefix] +>>>>>>> 3fd210a... Update README.md * [**Example**] ./aquaimages-ptp.sh 4.5 myregistry.internal.com +>>>>>>> 86f50ea... Update README.md +>>>>>>> bb53c1a... pick Rename GettingImages to aquasec-ptp.sh From 5de39dcda9c3bc2a41c9c999a9f23049a4c45fbd Mon Sep 17 00:00:00 2001 From: cpt-redbeard Date: Thu, 26 Mar 2020 11:07:31 -0400 Subject: [PATCH 11/11] gateway-ingress-service --- .../server/gateway-ingress-service.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 orchestrators/kubernetes/templates/server/gateway-ingress-service.yaml diff --git a/orchestrators/kubernetes/templates/server/gateway-ingress-service.yaml b/orchestrators/kubernetes/templates/server/gateway-ingress-service.yaml new file mode 100644 index 000000000..7907b6ec0 --- /dev/null +++ b/orchestrators/kubernetes/templates/server/gateway-ingress-service.yaml @@ -0,0 +1,24 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: aqua-gateway-grpc + namespace: aqua + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/client-body-buffer-size: 10m + nginx.ingress.kubernetes.io/proxy-body-size: 10m + nginx.ingress.kubernetes.io/server-snippet: | + grpc_read_timeout 3600s; + grpc_send_timeout 3600s; + client_body_timeout 3600s; +spec: + rules: + #- host: aqua.lab.com + - http: + paths: + - path: / + backend: + serviceName: aqua-gateway + servicePort: 8443