diff --git a/pkgs/tools/security/kubernetes-polaris/default.nix b/pkgs/tools/security/kubernetes-polaris/default.nix new file mode 100644 index 000000000000..26180e219f22 --- /dev/null +++ b/pkgs/tools/security/kubernetes-polaris/default.nix @@ -0,0 +1,52 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles, packr, ... }: + +buildGoModule rec { + pname = "kubernetes-polaris"; + version = "7.3.2"; + + src = fetchFromGitHub { + owner = "FairwindsOps"; + repo = "polaris"; + rev = version; + sha256 = "sha256-LteclhYNMFNuGjFSuhPuY9ZA1Vlq4DPdcCGAQaujwh8="; + }; + + vendorSha256 = "sha256-3htwwRkUOf8jLyLfRlhcWhftBImmcUglc/PP/Yk2oF0="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X main.Version=${version}" + "-X main.Commit=${version}" + ]; + + preBuild = '' + ${packr}/bin/packr2 -v --ignore-imports + ''; + + postInstall = '' + installShellCompletion --cmd polaris \ + --bash <($out/bin/polaris completion bash) \ + --fish <($out/bin/polaris completion fish) \ + --zsh <($out/bin/polaris completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + $out/bin/polaris help + $out/bin/polaris version | grep 'Polaris version:${version}' + + runHook postInstallCheck + ''; + + meta = with lib; { + description = "Validate and remediate Kubernetes resources to ensure configuration best practices are followed"; + homepage = "https://www.fairwinds.com/polaris"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ longer ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 55c95d7f9005..a0141e3e6e92 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18267,6 +18267,8 @@ with pkgs; kubeprompt = callPackage ../development/tools/kubeprompt { }; + kubernetes-polaris = callPackage ../tools/security/kubernetes-polaris { }; + kubescape = callPackage ../tools/security/kubescape { }; kubesec = callPackage ../tools/security/kubesec { };