Merge remote-tracking branch 'upstream/master'

.github/workflows/build.yaml

@@ -20,8 +20,8 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag_name: betav1.0.${{ github.run_number }}
-          release_name: Release betav1.0.${{ github.run_number }}
+          tag_name: v1.0.${{ github.run_number }}-beta
+          release_name: Release v1.0.${{ github.run_number }}-beta
           draft: false
           prerelease: false
   build:

README.md

@@ -1,5 +1,9 @@
 <img src="docs/kubescape.png" width="300" alt="logo" align="center">
 
+[![build](https://github.com/armosec/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/armosec/kubescape/actions/workflows/build.yaml)
+[![Github All Releases](https://img.shields.io/github/downloads/armosec/kubescape/total.svg)]()
+[![Go Report Card](https://goreportcard.com/badge/github.com/armosec/kubescape)](https://goreportcard.com/report/github.com/armosec/kubescape)
+
 Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in [Kubernetes Hardening Guidance by to NSA and CISA](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
 Tests are configured with YAML files, making this tool easy to update as test specifications evolve.
 
@@ -26,11 +30,6 @@ If you wish to scan all namespaces in your cluster, remove the `--exclude-namesp
 
 <img src="docs/summery.PNG">
 
-
-# Status
-[![build](https://github.com/armosec/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/armosec/kubescape/actions/workflows/build.yaml)
-[![Github All Releases](https://img.shields.io/github/downloads/armosec/kubescape/total.svg)]()
-
 # How to build 
 
 1. Clone Project
@@ -81,3 +80,5 @@ The tools retrieves Kubernetes objects from the API server and runs a set of [re
 The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.
 
 Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests themselves more robust and complete as Kubernetes develops.
+
+

cautils/k8sinterface/k8sconfig.go

@@ -4,15 +4,14 @@ import (
 	"context"
 	"fmt"
 	"os"
-	"path/filepath"
 
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	restclient "k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
 
 	// DO NOT REMOVE - load cloud providers auth
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
+	"sigs.k8s.io/controller-runtime/pkg/client/config"
 )
 
 // K8SConfig pointer to k8s config
@@ -46,20 +45,17 @@ func NewKubernetesApi() *KubernetesApi {
 	}
 }
 
-var ConfigPath = filepath.Join(os.Getenv("HOME"), ".kube", "config")
+// RunningIncluster whether running in cluster
 var RunningIncluster bool
 
 // LoadK8sConfig load config from local file or from cluster
 func LoadK8sConfig() error {
-	kubeconfig, err := clientcmd.BuildConfigFromFlags("", ConfigPath)
+	kubeconfig, err := config.GetConfig()
 	if err != nil {
-		// kubeconfig, err = restclient.InClusterConfig()
-		// if err != nil {
-		return fmt.Errorf("Failed to load kubernetes config from file: '%s'.\n", ConfigPath)
-		// }
-		// RunningIncluster = true
-	} else {
-		RunningIncluster = false
+		return fmt.Errorf("Failed to load kubernetes config: %s\n", err)
+	}
+	if _, err := restclient.InClusterConfig(); err == nil {
+		RunningIncluster = true
 	}
 	K8SConfig = kubeconfig
 	return nil

go.mod

@@ -23,8 +23,8 @@ require (
 	github.com/satori/go.uuid v1.2.0
 	golang.org/x/oauth2 v0.0.0-20210810183815-faf39c7919d5
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
-	gotest.tools/v3 v3.0.3 // indirect
 	k8s.io/api v0.22.0
 	k8s.io/apimachinery v0.22.0
 	k8s.io/client-go v0.22.0
+	sigs.k8s.io/controller-runtime v0.9.6
 )