feat(kubernetes): add option to specify kubeconfig file path (#2576)

docs/docs/kubernetes/cli/scanning.md

@@ -41,6 +41,12 @@ Scan a specific namespace:
 $ trivy k8s -n kube-system --report=summary all
 ```
 
+Use a specific kubeconfig file:
+
+```
+$ trivy k8s --kubeconfig ~/.kube/config2 -n kube-system --report=summary all
+```
+
 Scan a specific resource and get all the output:
 
 ```

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/aquasecurity/table v1.6.0
 	github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516
 	github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63
-	github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20220726110855-4b77ea2631f0
+	github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20220727123250-2cfd49c5b6c3
 	github.com/caarlos0/env/v6 v6.9.3
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/cheggaaa/pb/v3 v3.1.0

go.sum

@@ -225,8 +225,8 @@ github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbp
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
 github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63 h1:hgGD7zqlNe6sWJZPFFv1Z6T1EuYW8XD/hqx/dxjNp3Q=
 github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63/go.mod h1:/nULgnDeq/JMPMVwE1dmf4kWlYn++7VrM3O2naj4BHA=
-github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20220726110855-4b77ea2631f0 h1:Ouw0tn8YUpacCDXVouHBgrlQ3DlrDPQ7fqR1BRdEOBQ=
-github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20220726110855-4b77ea2631f0/go.mod h1:ZHtpUrBrJ6gZ8Gd4IaXbZwTNOg5KW2m7ClC33qnSlY8=
+github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20220727123250-2cfd49c5b6c3 h1:qhWeovRDnbjC1kdyzRhrJNMJtJwNWicQrXjCnuF64JU=
+github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20220727123250-2cfd49c5b6c3/go.mod h1:ZHtpUrBrJ6gZ8Gd4IaXbZwTNOg5KW2m7ClC33qnSlY8=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=

pkg/flag/kubernetes_flags.go

@@ -14,22 +14,31 @@ var (
 		Value:      "",
 		Usage:      "specify a namespace to scan",
 	}
+	KubeConfigFlag = Flag{
+		Name:       "kubeconfig",
+		ConfigName: "kubernetes.kubeconfig",
+		Value:      "",
+		Usage:      "specify the kubeconfig file path to use",
+	}
 )
 
 type K8sFlagGroup struct {
 	ClusterContext *Flag
 	Namespace      *Flag
+	KubeConfig     *Flag
 }
 
 type K8sOptions struct {
 	ClusterContext string
 	Namespace      string
+	KubeConfig     string
 }
 
 func NewK8sFlagGroup() *K8sFlagGroup {
 	return &K8sFlagGroup{
 		ClusterContext: &ClusterContextFlag,
 		Namespace:      &K8sNamespaceFlag,
+		KubeConfig:     &KubeConfigFlag,
 	}
 }
 
@@ -38,12 +47,13 @@ func (f *K8sFlagGroup) Name() string {
 }
 
 func (f *K8sFlagGroup) Flags() []*Flag {
-	return []*Flag{f.ClusterContext, f.Namespace}
+	return []*Flag{f.ClusterContext, f.Namespace, f.KubeConfig}
 }
 
 func (f *K8sFlagGroup) ToOptions() K8sOptions {
 	return K8sOptions{
 		ClusterContext: getString(f.ClusterContext),
 		Namespace:      getString(f.Namespace),
+		KubeConfig:     getString(f.KubeConfig),
 	}
 }

pkg/k8s/commands/run.go

@@ -26,7 +26,10 @@ const (
 
 // Run runs a k8s scan
 func Run(ctx context.Context, args []string, opts flag.Options) error {
-	cluster, err := k8s.GetCluster(opts.K8sOptions.ClusterContext)
+	cluster, err := k8s.GetCluster(
+		k8s.WithContext(opts.K8sOptions.ClusterContext),
+		k8s.WithKubeConfig(opts.K8sOptions.KubeConfig),
+	)
 	if err != nil {
 		return xerrors.Errorf("failed getting k8s cluster: %w", err)
 	}