From a18b18e530438921c306631d0080629ef38fd7d0 Mon Sep 17 00:00:00 2001
From: Charles Josiah Rusch Alandt <charles.alandt@edu.sc.senai.br>
Date: Mon, 16 May 2022 05:58:50 -0300
Subject: [PATCH] K8s cronjob sample files (#1140)

---
 util/k8s/README.md   | 11 +++++++++++
 util/k8s/cronjob.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 util/k8s/secret.yml  | 10 ++++++++++
 3 files changed, 61 insertions(+)
 create mode 100644 util/k8s/README.md
 create mode 100644 util/k8s/cronjob.yml
 create mode 100644 util/k8s/secret.yml

diff --git a/util/k8s/README.md b/util/k8s/README.md
new file mode 100644
index 00000000..1531d326
--- /dev/null
+++ b/util/k8s/README.md
@@ -0,0 +1,11 @@
+Simple instructions to add a cronjob on K8S to execute a prowler and save the results on AWS S3.
+
+Files: 
+cronjob.yml  -> is a cronjob for K8S, you must set the frequency and probes from yours scans.
+secret.yml   -> is a secret file with AWS ID/Secret and the name of bucket
+
+To apply:
+
+kubectl -f cronjob.yml
+kubectl -f secret.yml
+ 
diff --git a/util/k8s/cronjob.yml b/util/k8s/cronjob.yml
new file mode 100644
index 00000000..9705deb1
--- /dev/null
+++ b/util/k8s/cronjob.yml
@@ -0,0 +1,40 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: devsecops-prowler-cronjob-secret
+  namespace: defectdojo
+spec:
+#Cron Time is set according to server time, ensure server time zone and set accordingly.
+  successfulJobsHistoryLimit: 2
+  failedJobsHistoryLimit: 1
+  schedule: "5 3 * * 0,2,4"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: prowler
+            image: toniblyx/prowler:latest
+            imagePullPolicy: Always
+            command: 
+            - "./prowler"
+            args: [ "-g", "hipaa", "-M", "csv,json,html", "-B", "$(awsS3Bucket)" ]
+            env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name:  devsecops-prowler-cronjob-secret
+                  key: awsId
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name:  devsecops-prowler-cronjob-secret
+                  key: awsSecretKey
+            - name: awsS3Bucket 
+              valueFrom:
+                secretKeyRef:
+                  name:  devsecops-prowler-cronjob-secret
+                  key: awsS3Bucket 
+            imagePullPolicy: IfNotPresent
+          restartPolicy: OnFailure
+      backoffLimit: 3
diff --git a/util/k8s/secret.yml b/util/k8s/secret.yml
new file mode 100644
index 00000000..5a558ec4
--- /dev/null
+++ b/util/k8s/secret.yml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: devsecops-prowler-cronjob-secret
+  namespace: defectdojo
+type: Opaque
+stringData:
+  awsId: myAWSSecretID
+  awsSecretKey: myAWSSecretKey
+  awsS3Bucket: myAWSS3Bucket