Skip to content

Commit

Permalink
Merge pull request #392 from kubescape/rbac
Browse files Browse the repository at this point in the history 
fix rbac permission for storage class
  • Loading branch information
@matthyx
matthyx authored Feb 12, 2024
2 parents bfd5e78 + b614d59 commit 311ca0a
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 44 deletions.
4 changes: 2 additions & 2 deletions charts/kubescape-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ type: application
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)

version: 1.18.2
version: 1.18.3

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.

appVersion: 1.18.2
appVersion: 1.18.3

maintainers:
- name: Ben Hirschberg
Expand Down
2 changes: 1 addition & 1 deletion charts/kubescape-operator/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubescape Operator

![Version: 1.18.2](https://img.shields.io/badge/Version-1.18.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.18.2](https://img.shields.io/badge/AppVersion-v1.18.2-informational?style=flat-square)
![Version: 1.18.3](https://img.shields.io/badge/Version-1.18.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.18.3](https://img.shields.io/badge/AppVersion-v1.18.3-informational?style=flat-square)

## Install

Expand Down
2 changes: 1 addition & 1 deletion charts/kubescape-operator/templates/kubescape/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ rules:
resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"]
verbs: ["get", "watch", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities", "StorageClass"]
resources: ["csistoragecapacities", "storageclasses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
Expand Down
80 changes: 40 additions & 40 deletions charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
all capabilities:
1: |
raw: "Thank you for installing kubescape-operator version 1.18.2.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries: \n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available: \n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries: \n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available: \n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n <namespace>\n\n"
raw: "Thank you for installing kubescape-operator version 1.18.3.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries: \n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available: \n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries: \n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available: \n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n <namespace>\n\n"
2: |
apiVersion: batch/v1
kind: CronJob
Expand Down Expand Up @@ -182,7 +182,7 @@ all capabilities:
app: gateway
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: gateway
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: gateway
namespace: kubescape
Expand Down Expand Up @@ -308,7 +308,7 @@ all capabilities:
metadata:
labels:
app: gateway
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: gateway
namespace: kubescape
Expand Down Expand Up @@ -386,7 +386,7 @@ all capabilities:
app: grype-offline-db
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: grype-offline-db
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
spec:
affinity: null
Expand Down Expand Up @@ -569,7 +569,7 @@ all capabilities:
app: kollector
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kollector
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
spec:
affinity: null
Expand Down Expand Up @@ -874,7 +874,7 @@ all capabilities:
- storage.k8s.io
resources:
- csistoragecapacities
- StorageClass
- storageclasses
verbs:
- get
- watch
Expand Down Expand Up @@ -944,7 +944,7 @@ all capabilities:
app: kubescape
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: kubescape
namespace: kubescape
Expand Down Expand Up @@ -972,7 +972,7 @@ all capabilities:
app: kubescape
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -1199,7 +1199,7 @@ all capabilities:
metadata:
labels:
app: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: kubescape
namespace: kubescape
Expand Down Expand Up @@ -1452,7 +1452,7 @@ all capabilities:
app: kubevuln
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubevuln
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -1740,7 +1740,7 @@ all capabilities:
app: node-agent
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: node-agent
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -1998,7 +1998,7 @@ all capabilities:
app: operator
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: operator
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -2283,7 +2283,7 @@ all capabilities:
app: otel-collector
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: otel-collector
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: otel-collector
namespace: kubescape
Expand Down Expand Up @@ -2366,7 +2366,7 @@ all capabilities:
metadata:
labels:
app: otel-collector
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: otel-collector
namespace: kubescape
Expand Down Expand Up @@ -2442,7 +2442,7 @@ all capabilities:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: service-discovery
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
name: RELEASE-NAME
Expand Down Expand Up @@ -3009,7 +3009,7 @@ all capabilities:
app: synchronizer
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: synchronizer
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -3131,7 +3131,7 @@ all capabilities:
namespace: kubescape
default capabilities:
1: |
raw: "Thank you for installing kubescape-operator version 1.18.2.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries: \n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available: \n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n <namespace>\n\n"
raw: "Thank you for installing kubescape-operator version 1.18.3.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries: \n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available: \n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n <namespace>\n\n"
2: |
apiVersion: v1
data:
Expand Down Expand Up @@ -3225,7 +3225,7 @@ default capabilities:
app: gateway
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: gateway
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: gateway
namespace: kubescape
Expand Down Expand Up @@ -3351,7 +3351,7 @@ default capabilities:
metadata:
labels:
app: gateway
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: gateway
namespace: kubescape
Expand Down Expand Up @@ -3429,7 +3429,7 @@ default capabilities:
app: grype-offline-db
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: grype-offline-db
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
spec:
affinity: null
Expand Down Expand Up @@ -3612,7 +3612,7 @@ default capabilities:
app: kollector
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kollector
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
spec:
affinity: null
Expand Down Expand Up @@ -3917,7 +3917,7 @@ default capabilities:
- storage.k8s.io
resources:
- csistoragecapacities
- StorageClass
- storageclasses
verbs:
- get
- watch
Expand Down Expand Up @@ -3987,7 +3987,7 @@ default capabilities:
app: kubescape
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: kubescape
namespace: kubescape
Expand Down Expand Up @@ -4015,7 +4015,7 @@ default capabilities:
app: kubescape
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -4242,7 +4242,7 @@ default capabilities:
metadata:
labels:
app: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: kubescape
namespace: kubescape
Expand Down Expand Up @@ -4495,7 +4495,7 @@ default capabilities:
app: kubevuln
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubevuln
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -4783,7 +4783,7 @@ default capabilities:
app: node-agent
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: node-agent
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -5041,7 +5041,7 @@ default capabilities:
app: operator
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: operator
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -5326,7 +5326,7 @@ default capabilities:
app: otel-collector
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: otel-collector
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: otel-collector
namespace: kubescape
Expand Down Expand Up @@ -5409,7 +5409,7 @@ default capabilities:
metadata:
labels:
app: otel-collector
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: otel-collector
namespace: kubescape
Expand Down Expand Up @@ -5485,7 +5485,7 @@ default capabilities:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: service-discovery
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
name: RELEASE-NAME
Expand Down Expand Up @@ -6052,7 +6052,7 @@ default capabilities:
app: synchronizer
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: synchronizer
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -6174,7 +6174,7 @@ default capabilities:
namespace: kubescape
minimal capabilities:
1: |
raw: "Thank you for installing kubescape-operator version 1.18.2.\n\n\n\n\nView your image vulnerabilities scan summaries: \n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available: \n> kubectl get vulnerabilitymanifests -A\n\n\n\n"
raw: "Thank you for installing kubescape-operator version 1.18.3.\n\n\n\n\nView your image vulnerabilities scan summaries: \n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available: \n> kubectl get vulnerabilitymanifests -A\n\n\n\n"
2: |
apiVersion: v1
data:
Expand Down Expand Up @@ -6393,7 +6393,7 @@ minimal capabilities:
- storage.k8s.io
resources:
- csistoragecapacities
- StorageClass
- storageclasses
verbs:
- get
- watch
Expand Down Expand Up @@ -6463,7 +6463,7 @@ minimal capabilities:
app: kubescape
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: kubescape
namespace: kubescape
Expand All @@ -6490,7 +6490,7 @@ minimal capabilities:
app: kubescape
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubescape
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -6836,7 +6836,7 @@ minimal capabilities:
app: kubevuln
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: kubevuln
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -7083,7 +7083,7 @@ minimal capabilities:
app: node-agent
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: node-agent
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -7332,7 +7332,7 @@ minimal capabilities:
app: operator
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: operator
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
otel: enabled
tier: ks-control-plane
spec:
Expand Down Expand Up @@ -7566,7 +7566,7 @@ minimal capabilities:
app: otel-collector
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: otel-collector
helm.sh/chart: kubescape-operator-1.18.2
helm.sh/chart: kubescape-operator-1.18.3
tier: ks-control-plane
name: otel-collector
namespace: kubescape
Expand Down

0 comments on commit 311ca0a

Please sign in to comment.