chore(docs): add diagram to single-k8s

Author: iru

README.md

@@ -19,28 +19,28 @@ For other Cloud providers check: [GCP](https://github.com/sysdiglabs/terraform-g
 
 There are several ways to deploy this in you AWS infrastructure:
 
-### Single-Account
+### - Single-Account
 
 Sysdig workload will be deployed in the same account where user's resources will be watched.<br/>
 More info in [`./examples/single-account`](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/single-account)
 
 ![single-account diagram](https://raw.githubusercontent.com/sysdiglabs/terraform-aws-secure-for-cloud/7d142829a701ce78f13691a4af4be373625e7ee2/examples/single-account/diagram-single.png)
 
 
-### Single-Account with a pre-existing Kubernetes Cluster
+### - Single-Account with a pre-existing Kubernetes Cluster
 
 If you already own a Kubernetes Cluster on AWS, you can use it to deploy Sysdig Secure for Cloud, instead of default ECS cluster.
 
 More info in [`./examples/single-account-k8s`](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/single-account-k8s)
 
-### Organizational
+### - Organizational
 
 Using an organizational configuration Cloudtrail.
 More info in [`./examples/organizational`](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/organizational)
 
 ![organizational diagram](https://raw.githubusercontent.com/sysdiglabs/terraform-aws-secure-for-cloud/5b7cf5e8028b3177536c9c847020ad6319342b44/examples/organizational/diagram-org.png)
 
-### Self-Baked
+### - Self-Baked
 
 If no [examples](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples) fit your use-case, be free to call desired modules directly.
 

examples/single-account-k8s/README.md

@@ -1,4 +1,4 @@
-# Sysdig Secure for Cloud in AWS :: Single-Account on Kubernetes Cluster
+# Sysdig Secure for Cloud in AWS <br/>:: Single-Account on Kubernetes Cluster
 
 Deploy Sysdig Secure for Cloud in a provided existing Kubernetes Cluster.
 
@@ -10,6 +10,8 @@ Deploy Sysdig Secure for Cloud in a provided existing Kubernetes Cluster.
 
 All the required resources and workloads will be run under the same AWS account.
 
+![single-account-k8s diagram](https://raw.githubusercontent.com/sysdiglabs/terraform-aws-secure-for-cloud/master/examples/single-account-k8s/diagram.png)
+
 ## Prerequisites
 
 Minimum requirements:

examples/single-account-k8s/diagram.png

@@ -0,0 +1,71 @@
+# diagrams as code vía https://diagrams.mingrammer.com
+from diagrams import Cluster, Diagram, Edge, Node
+from diagrams.aws.general import General
+from diagrams.aws.compute import EKS, ECR
+from diagrams.aws.devtools import Codebuild
+from diagrams.aws.integration import SNS, SQS
+from diagrams.aws.management import Cloudtrail
+from diagrams.aws.security import IAM, IAMRole
+from diagrams.aws.storage import S3
+from diagrams.custom import Custom
+
+from diagrams.k8s.group import Namespace
+from diagrams.k8s.compute import Deployment
+
+diagram_attr = {
+    "pad":"0.25"
+}
+
+role_attr = {
+   "imagescale":"false",
+   "height":"1.5",
+   "width":"3",
+   "fontsize":"9",
+}
+
+color_event="firebrick"
+color_scanning = "dark-green"
+color_permission="red"
+color_creates="darkblue"
+color_non_important="gray"
+color_sysdig="lightblue"
+
+
+
+with Diagram("Sysdig Secure for Cloud{}(single-account-k8s)".format("\n"), graph_attr=diagram_attr, filename="diagram", show=True, direction="RL"):
+
+    with Cluster("AWS account (target)"):
+
+        with Cluster("other resources", graph_attr={"bgcolor":"lightblue"}):
+            account_resources = [General("resource-1..n")]
+            ecr = ECR("container-registry")
+
+        with Cluster("sysdig-secure-for-cloud resources"):
+            management_credentials  = IAM("credentials", fontsize="10")
+
+            cloudtrail          = Cloudtrail("cloudtrail", shape="plaintext")
+            sns                 = SNS("sns")
+            sqs                 = SQS("sqs")
+            cloudtrail >> Edge(color=color_event) >> sns << sqs
+
+            with Cluster(""):
+                eks = EKS("EKS\n(pre-existing)")
+                with Cluster("namespace: sfc"):
+                    cc_deployment = Deployment("cloud-connector")
+                    cloud_scanning = Deployment("cloud-scaner")
+                    eks_deployments = [cc_deployment, cloud_scanning]
+
+
+            eks_deployments >> Edge(color=color_sysdig, style="dashed") >> sqs
+
+            # scanning
+            codebuild = Codebuild("Build-project")
+            cloud_scanning >> codebuild
+            codebuild >> Edge(color=color_non_important) >>  ecr
+
+        account_resources >> Edge(color=color_event, style="dashed", label="Events") >>  cloudtrail
+
+    with Cluster("AWS account (sysdig)"):
+        sds = Custom("Sysdig Secure", "../../resources/diag-sysdig-icon.png")
+
+    eks_deployments >> Edge(color=color_sysdig) >> sds

examples/single-account-k8s/diagram.py

@@ -59,12 +59,14 @@
             sqs = SQS("cloudtrail-sqs")
             s3_config = S3("cloud-connector-config")
             cloudwatch = Cloudwatch("cloudwatch\n(logs and alarms)")
-            codebuild = Codebuild("Build-project")
 
             sqs << Edge(color=color_event) << cloud_connector
             sqs << Edge(color=color_event) << cloud_scanning
             cloud_connector - Edge(color=color_non_important) - s3_config
             cloud_connector >> Edge(color=color_non_important) >>  cloudwatch
+
+            # scanning
+            codebuild = Codebuild("Build-project")
             cloud_scanning >> Edge(color=color_non_important) >> cloudwatch
             cloud_scanning >> codebuild
             codebuild >> Edge(color=color_non_important) >>  ecr