vuls
vuls copied to clipboard
future-architect
Make it easy to deploy to kubernetes
o/
I am deploying Vuls production, and I'm still learning. In progress work for me is to:
- Create pod definitions (and associated bits) to run Vuls in Kubernetes.
- Create helm chart to facilitate easily deploying to cluster(s).
When complete (shouldn't be too long) I would like to contribute these back. The helm chart will land at helm/charts, but documentation and example pod configuration would ideally land here.
This issue is created to track this work. Please redirect me to appropriate place if this (github issue) is not the correct place. I'm new to project and community.
Thanks!
@halcyondude Thanks a lot! That's just fine to track your work in this issue. I am looking forward to completing your chart.
@halcyondude Take care that there are two approaches to consider:
- Each k8s node self local scan with privileged container
- One deployment remote scans other k8s nodes
My personal opinion is that's best to setup the deployment inside kube-system namespace.
Some random thoughts on my side:
Users should be noted to user k8s with docker container runtime as Vuls support only docker container scanner to avoid trivial issues.
For automatic scans k8s CronJob object type would be great.
I really pleased to see this, thanks for your time on implementing charts :)
Some other priorities took attention, but would still like to (eventually) revisit this.
The goal would be to run vuls scanning from k8s --> outside cluster to machines/instances. In our case we would want to scan instances in EC2 for example, vs. scanning other k8s pods.
