K
Q

block kubeconfig file from commit to GitHub

6/4/2019

We are looking for a Pre-receive script for GitHub, which can block the users from committing kube config file.

https://github.com/github/platform-samples/blob/master/pre-receive-hooks/block_confidentials.sh

We already have a pre-receive hook got from the below location, but its not blocking a kube config information file .

What is the best option of regex to find the file of kube config..

-- saran
github
kubernetes
regex

Similar Questions

How to disable some metrics from prometheus to stackdriver?
How to configure Basic Authentication Configuration in Kubernetes Dashboard
Kubernetes limit and request of resource would be better to be closer
Keeping pod volume mount configurable in Kubernetes

1 Answer

6/5/2019

This definitely works:

regex_list=(
  # block any private key file
  '(\-){5}BEGIN\s?(RSA|OPENSSH|DSA|EC|PGP)?\s?PRIVATE KEY\s?(BLOCK)?(\-){5}.*'
  # block AWS API Keys
  'AKIA[0-9A-Z]{16}'
  # block AWS Secret Access Key (TODO: adjust to not find validd Git SHA1s; false positives)
  # '([^A-Za-z0-9/+=])?([A-Za-z0-9/+=]{40})([^A-Za-z0-9/+=])?'
  # block confidential content
  'CONFIDENTIAL'
  # block kube config file
  'apiVersion: v1\sclusters:\s- cluster:\s'
)
-- A_Suh
Source: StackOverflow