|
| 1 | +# Top-level fields identifying the specification |
| 2 | +api_version: v1 |
| 3 | +type: plugin # Specifies this is a plugin specification |
| 4 | + |
| 5 | +# --- Plugin-specific details (now at the top level) --- |
| 6 | +name: "plugin-kubernetes" # Name of the plugin |
| 7 | +version: "1.2.0" # Semantic version of the plugin |
| 8 | +supported_platform_versions: # Platform versions this plugin is compatible with |
| 9 | + - ">=2.1.0, <3.0.0" |
| 10 | + - "~1.5.0" # Example: Compatible with 1.5.x |
| 11 | +metadata: |
| 12 | + author: "clearcompass Engineering Team" |
| 13 | + |
| 14 | + published-date: "2025-04-27" # Must be YYYY-MM-DD format |
| 15 | + license: "Apache-2.0" # Must be a valid SPDX identifier |
| 16 | + description: "Kubernetes Integration to opensecurity" # Optional |
| 17 | + website: "https://clearcompass.so" # Optional |
| 18 | + |
| 19 | +# --- Components required by the plugin (now at the top level) --- |
| 20 | +components: |
| 21 | + # --- Discovery Component --- |
| 22 | + # Use 'task-spec' to embed the full task details. |
| 23 | + # Alternatively, use 'task-id: "some-task-id"' to reference an existing task. |
| 24 | + discovery: |
| 25 | + task_spec: # Embed the full spec under this key |
| 26 | + # id, name, description, type are optional here and will default based on plugin name |
| 27 | + is_enabled: true # Required: Whether the task runs by default |
| 28 | + image_url: "ghcr.io/opengovern/og-describer-kubernetes@sha256:5c0d50bc790ef0d9a890578f22ead26ff3f92e075af01941b804f7930a90e88b" # Required: Image URL with digest |
| 29 | + command: ["/og-describer-kubernetes"] # Required: Command and args (exec form) |
| 30 | + timeout: "90m" # Required: Max execution time (< 24h) |
| 31 | + scale_config: # Required: Scaling parameters |
| 32 | + lag_threshold: "1" # Required: Positive integer string |
| 33 | + min_replica: 0 # Required: >= 0 |
| 34 | + max_replica: 5 # Required: >= min_replica |
| 35 | + params: ["integrations_query", "resource_types_query"] # Required: List of expected parameters (can be empty []) |
| 36 | + configs: [] # Required: List of configurations (can be empty []) |
| 37 | + run_schedule: # Required: List of run schedules (min 1) |
| 38 | + - id: "describe-all" # Required: Must have 'default' or 'describe-all' if params exist |
| 39 | + params: |
| 40 | + # Use literal block scalar style for multi-line SQL |
| 41 | + integrations_query: | |
| 42 | + SELECT i.*, c.secret FROM platform_integrations AS i LEFT JOIN platform_integrations_credentials AS c ON i.integration_id = c.integration_id WHERE i.integration_type = 'kubernetes' AND c.secret IS NOT NULL; |
| 43 | + resource_types_query: | |
| 44 | + SELECT * FROM platform_integration_resource_types WHERE integration_type = 'kubernetes'; |
| 45 | + frequency: "6h" # Required: How often to run |
| 46 | + # api-version, metadata, supported-platform-versions MUST NOT be present here |
| 47 | + |
| 48 | + # --- Downloadable Components --- |
| 49 | + platform_binary: |
| 50 | + uri: "https://github.com/opengovern/plugin-kubernetes/releases/download/v0.6.37/kubernetes-plugin.zip" |
| 51 | + path_in_archive: "integration-plugin" |
| 52 | + # checksum: "sha256:..." # Optional but recommended |
| 53 | + cloudql_binary: |
| 54 | + uri: "https://github.com/opengovern/plugin-kubernetes/releases/download/v0.6.37/kubernetes-plugin.zip" |
| 55 | + path_in_archive: "cloudql-plugin" |
| 56 | + # checksum: "sha256:..." # Optional but recommended |
| 57 | + |
| 58 | +# --- Optional Sample Data (now at the top level) --- |
| 59 | +# sample-data: |
| 60 | +# uri: "https://example.com/releases/v1.2.0/sample-data.tar.gz" |
| 61 | +# checksum: "sha256:..." # Optional |
0 commit comments