diff --git a/charts/kubescape-operator/Chart.yaml b/charts/kubescape-operator/Chart.yaml index dc0df27f..8aee761a 100644 --- a/charts/kubescape-operator/Chart.yaml +++ b/charts/kubescape-operator/Chart.yaml @@ -9,14 +9,14 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.18.17 +version: 1.18.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.18.17 +appVersion: 1.18.18 maintainers: - name: Ben Hirschberg diff --git a/charts/kubescape-operator/templates/node-agent/clusterrole.yaml b/charts/kubescape-operator/templates/node-agent/clusterrole.yaml index 5413a35a..64190ca5 100644 --- a/charts/kubescape-operator/templates/node-agent/clusterrole.yaml +++ b/charts/kubescape-operator/templates/node-agent/clusterrole.yaml @@ -20,7 +20,7 @@ rules: resources: ["deployments", "daemonsets", "statefulsets", "replicasets"] verbs: ["get", "watch", "list"] - apiGroups: ["spdx.softwarecomposition.kubescape.io"] - resources: ["sbomsyfts"] + resources: ["sbomsyfts", "seccompprofiles"] verbs: ["get", "watch", "list"] - apiGroups: ["spdx.softwarecomposition.kubescape.io"] resources: ["applicationactivities", "applicationprofiles", "networkneighborses", "networkneighborhoods", "sbomsyftfiltereds"] diff --git a/charts/kubescape-operator/templates/node-agent/configmap.yaml b/charts/kubescape-operator/templates/node-agent/configmap.yaml index b4f08b86..59a4bbbc 100644 --- a/charts/kubescape-operator/templates/node-agent/configmap.yaml +++ b/charts/kubescape-operator/templates/node-agent/configmap.yaml @@ -25,6 +25,7 @@ data: "networkServiceEnabled": {{ eq .Values.capabilities.networkPolicyService "enable" }}, "malwareDetectionEnabled": {{ eq .Values.capabilities.malwareDetection "enable" }}, "nodeProfileServiceEnabled": {{ eq .Values.capabilities.nodeProfileService "enable" }}, + "seccompServiceEnabled": {{ eq .Values.capabilities.seccompProfileService "enable" }}, "initialDelay": "{{ .Values.nodeAgent.config.learningPeriod }}", "updateDataPeriod": "{{ .Values.nodeAgent.config.updatePeriod }}", "nodeProfileInterval": "{{ .Values.nodeAgent.config.nodeProfileInterval }}", diff --git a/charts/kubescape-operator/templates/node-agent/daemonset.yaml b/charts/kubescape-operator/templates/node-agent/daemonset.yaml index d2e2a334..429f325c 100644 --- a/charts/kubescape-operator/templates/node-agent/daemonset.yaml +++ b/charts/kubescape-operator/templates/node-agent/daemonset.yaml @@ -118,7 +118,7 @@ spec: httpGet: path: /livez port: 7888 - initialDelaySeconds: 3 + initialDelaySeconds: 60 periodSeconds: 3 readinessProbe: httpGet: diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index 8ea33bb5..1bd848ef 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -1,6 +1,6 @@ all capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.18.17.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries:\n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available:\n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.18.18.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries:\n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available:\n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: batch/v1 kind: CronJob @@ -60,7 +60,7 @@ all capabilities: metadata: labels: app: helm-release-upgrader - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: helm-release-upgrader namespace: kubescape @@ -205,7 +205,7 @@ all capabilities: data: capabilities: | { - "capabilities":{"autoUpgrading":"enable","configurationScan":"enable","continuousScan":"enable","enableServiceScanResult":false,"malwareDetection":"enable","networkPolicyService":"enable","nodeProfileService":"enable","nodeScan":"enable","prometheusExporter":"enable","relevancy":"enable","runtimeDetection":"enable","runtimeObservability":"enable","vexGeneration":"enable","vulnerabilityScan":"enable"}, + "capabilities":{"autoUpgrading":"enable","configurationScan":"enable","continuousScan":"enable","enableServiceScanResult":false,"malwareDetection":"enable","networkPolicyService":"enable","nodeProfileService":"enable","nodeScan":"enable","prometheusExporter":"enable","relevancy":"enable","runtimeDetection":"enable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"enable","vulnerabilityScan":"enable"}, "components":{"autoUpdater":{"enabled":true},"clamAV":{"enabled":true},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":true},"hostScanner":{"enabled":true},"kollector":{"enabled":true},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":true},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":true},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":true},"serviceDiscovery":{"enabled":true},"storage":{"enabled":true},"synchronizer":{"enabled":true}}, "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} } @@ -262,7 +262,7 @@ all capabilities: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -401,7 +401,7 @@ all capabilities: metadata: labels: app: gateway - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: gateway namespace: kubescape @@ -505,7 +505,7 @@ all capabilities: app: grype-offline-db app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: grype-offline-db - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core tier: ks-control-plane spec: @@ -635,7 +635,7 @@ all capabilities: metadata: labels: app: kollector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kollector namespace: kubescape @@ -721,7 +721,7 @@ all capabilities: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -907,7 +907,7 @@ all capabilities: metadata: labels: app: kubescape-scheduler - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubescape-scheduler namespace: kubescape @@ -1167,7 +1167,7 @@ all capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -1197,7 +1197,7 @@ all capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -1439,7 +1439,7 @@ all capabilities: metadata: labels: app: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubescape namespace: kubescape @@ -1675,7 +1675,7 @@ all capabilities: metadata: labels: app: kubevuln-scheduler - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubevuln-scheduler namespace: kubescape @@ -1789,7 +1789,7 @@ all capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -1907,7 +1907,7 @@ all capabilities: metadata: labels: app: kubevuln - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubevuln namespace: kubescape @@ -2036,6 +2036,7 @@ all capabilities: - spdx.softwarecomposition.kubescape.io resources: - sbomsyfts + - seccompprofiles verbs: - get - watch @@ -2089,6 +2090,7 @@ all capabilities: "networkServiceEnabled": true, "malwareDetectionEnabled": true, "nodeProfileServiceEnabled": true, + "seccompServiceEnabled": true, "initialDelay": "2m", "updateDataPeriod": "10m", "nodeProfileInterval": "10m", @@ -2167,7 +2169,7 @@ all capabilities: annotations: checksum/cloud-config: c4dc912bbe62b0d5fd4734206c3cae52f56d766cbc20024182a2bcef09c0ae8e checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99 - checksum/node-agent-config: 9364a39e3684fb9d8972733a7d1cfdec0b821d7f04a824e52bdb45551474feeb + checksum/node-agent-config: d612b1b8ca381500ab751bb9e8ffdd9b57c2cda22714720f7caacaa6d45bd117 checksum/proxy-config: 30e81a4193016803b4b7985b92028c4797c1e84d317a4b6b3e3a5406139f8847 container.apparmor.security.beta.kubernetes.io/node-agent: unconfined labels: @@ -2175,7 +2177,7 @@ all capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -2246,13 +2248,13 @@ all capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.85 + image: quay.io/kubescape/node-agent:v0.2.87 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /livez port: 7888 - initialDelaySeconds: 3 + initialDelaySeconds: 60 periodSeconds: 3 name: node-agent readinessProbe: @@ -2385,7 +2387,7 @@ all capabilities: metadata: labels: app: node-agent - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: node-agent namespace: kubescape @@ -2573,7 +2575,7 @@ all capabilities: template: metadata: annotations: - checksum/capabilities-config: ab449458437ca2d45e9d42e2b42edae0bb545a5195e065b5322310e3629f91bd + checksum/capabilities-config: 62a907df782569d2efd2b69369d0f2c33b514d80640b3d6bd15d9cc10dfc255b checksum/cloud-config: c4dc912bbe62b0d5fd4734206c3cae52f56d766cbc20024182a2bcef09c0ae8e checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99 checksum/matching-rules-config: 9282b3916f506ac98eccbdfe686271420ff520374de611f7efce8235dcdf8809 @@ -2583,7 +2585,7 @@ all capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -2597,7 +2599,7 @@ all capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.18.17 + value: kubescape-operator-1.18.18 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -2751,7 +2753,7 @@ all capabilities: metadata: labels: app: operator - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: operator namespace: kubescape @@ -2946,7 +2948,7 @@ all capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -3045,7 +3047,7 @@ all capabilities: metadata: labels: app: otel-collector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: otel-collector namespace: kubescape @@ -3189,7 +3191,7 @@ all capabilities: value: info - name: KS_LOGGER_NAME value: zap - image: quay.io/kubescape/prometheus-exporter:v0.0.7 + image: quay.io/kubescape/prometheus-exporter:v0.0.135 imagePullPolicy: IfNotPresent livenessProbe: initialDelaySeconds: 3 @@ -3238,7 +3240,7 @@ all capabilities: metadata: labels: app: prometheus-exporter - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: prometheus-exporter namespace: kubescape @@ -3336,7 +3338,7 @@ all capabilities: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -3694,7 +3696,7 @@ all capabilities: metadata: labels: app: storage - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: storage namespace: kubescape @@ -4188,7 +4190,7 @@ all capabilities: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -4200,7 +4202,7 @@ all capabilities: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.18.17 + value: kubescape-operator-1.18.18 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -4296,7 +4298,7 @@ all capabilities: metadata: labels: app: synchronizer - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: synchronizer namespace: kubescape @@ -4375,7 +4377,7 @@ all capabilities: namespace: kubescape default capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.18.17.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.18.18.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -4442,7 +4444,7 @@ default capabilities: data: capabilities: | { - "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","enableServiceScanResult":false,"malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"}, + "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","enableServiceScanResult":false,"malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"}, "components":{"autoUpdater":{"enabled":false},"clamAV":{"enabled":false},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":true},"hostScanner":{"enabled":true},"kollector":{"enabled":true},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":true},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":true},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":false},"serviceDiscovery":{"enabled":true},"storage":{"enabled":true},"synchronizer":{"enabled":true}}, "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} } @@ -4485,7 +4487,7 @@ default capabilities: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -4614,7 +4616,7 @@ default capabilities: metadata: labels: app: gateway - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: gateway namespace: kubescape @@ -4712,7 +4714,7 @@ default capabilities: app: grype-offline-db app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: grype-offline-db - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core tier: ks-control-plane spec: @@ -4842,7 +4844,7 @@ default capabilities: metadata: labels: app: kollector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kollector namespace: kubescape @@ -4922,7 +4924,7 @@ default capabilities: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -5098,7 +5100,7 @@ default capabilities: metadata: labels: app: kubescape-scheduler - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubescape-scheduler namespace: kubescape @@ -5352,7 +5354,7 @@ default capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -5382,7 +5384,7 @@ default capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -5614,7 +5616,7 @@ default capabilities: metadata: labels: app: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubescape namespace: kubescape @@ -5839,7 +5841,7 @@ default capabilities: metadata: labels: app: kubevuln-scheduler - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubevuln-scheduler namespace: kubescape @@ -5947,7 +5949,7 @@ default capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6055,7 +6057,7 @@ default capabilities: metadata: labels: app: kubevuln - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: kubevuln namespace: kubescape @@ -6178,6 +6180,7 @@ default capabilities: - spdx.softwarecomposition.kubescape.io resources: - sbomsyfts + - seccompprofiles verbs: - get - watch @@ -6231,6 +6234,7 @@ default capabilities: "networkServiceEnabled": true, "malwareDetectionEnabled": false, "nodeProfileServiceEnabled": false, + "seccompServiceEnabled": true, "initialDelay": "2m", "updateDataPeriod": "10m", "nodeProfileInterval": "10m", @@ -6273,7 +6277,7 @@ default capabilities: annotations: checksum/cloud-config: 98e72a3a1a24264d2cdebc86b61829ee5b941fb590d6ca717ebaa880922046c6 checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99 - checksum/node-agent-config: 3ccfb3467579f1c6849389829a0d66deab8589e05e2e05dfdbc4c2b6d64ff16a + checksum/node-agent-config: e3a2365c759a38052b86830b55e01e2d3e6196bd10cfff63abf00d87e9211168 checksum/proxy-config: 30e81a4193016803b4b7985b92028c4797c1e84d317a4b6b3e3a5406139f8847 container.apparmor.security.beta.kubernetes.io/node-agent: unconfined labels: @@ -6281,7 +6285,7 @@ default capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6321,13 +6325,13 @@ default capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.85 + image: quay.io/kubescape/node-agent:v0.2.87 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /livez port: 7888 - initialDelaySeconds: 3 + initialDelaySeconds: 60 periodSeconds: 3 name: node-agent readinessProbe: @@ -6454,7 +6458,7 @@ default capabilities: metadata: labels: app: node-agent - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: node-agent namespace: kubescape @@ -6636,7 +6640,7 @@ default capabilities: template: metadata: annotations: - checksum/capabilities-config: 105064c9b94c92f3911281b551a69c7d6d9ab7f601b56a7338e22870d21570ee + checksum/capabilities-config: d69abd2ecc3a5f1d41c8203167caaf887baa350730532f8115635e0c435e6578 checksum/cloud-config: 98e72a3a1a24264d2cdebc86b61829ee5b941fb590d6ca717ebaa880922046c6 checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99 checksum/matching-rules-config: 9282b3916f506ac98eccbdfe686271420ff520374de611f7efce8235dcdf8809 @@ -6646,7 +6650,7 @@ default capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6660,7 +6664,7 @@ default capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.18.17 + value: kubescape-operator-1.18.18 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -6804,7 +6808,7 @@ default capabilities: metadata: labels: app: operator - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: operator namespace: kubescape @@ -6993,7 +6997,7 @@ default capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -7088,7 +7092,7 @@ default capabilities: metadata: labels: app: otel-collector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: otel-collector namespace: kubescape @@ -7194,7 +7198,7 @@ default capabilities: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -7548,7 +7552,7 @@ default capabilities: metadata: labels: app: storage - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: storage namespace: kubescape @@ -8031,7 +8035,7 @@ default capabilities: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -8043,7 +8047,7 @@ default capabilities: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.18.17 + value: kubescape-operator-1.18.18 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -8129,7 +8133,7 @@ default capabilities: metadata: labels: app: synchronizer - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 tier: ks-control-plane name: synchronizer namespace: kubescape @@ -8202,7 +8206,7 @@ default capabilities: namespace: kubescape minimal capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.18.17.\n\n\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.18.18.\n\n\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -8260,7 +8264,7 @@ minimal capabilities: data: capabilities: | { - "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","enableServiceScanResult":false,"malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"}, + "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","enableServiceScanResult":false,"malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"}, "components":{"autoUpdater":{"enabled":false},"clamAV":{"enabled":false},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":false},"hostScanner":{"enabled":true},"kollector":{"enabled":false},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":false},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":false},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":false},"serviceDiscovery":{"enabled":false},"storage":{"enabled":true},"synchronizer":{"enabled":false}}, "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} } @@ -8519,7 +8523,7 @@ minimal capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -8548,7 +8552,7 @@ minimal capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -8908,7 +8912,7 @@ minimal capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9081,6 +9085,7 @@ minimal capabilities: - spdx.softwarecomposition.kubescape.io resources: - sbomsyfts + - seccompprofiles verbs: - get - watch @@ -9134,6 +9139,7 @@ minimal capabilities: "networkServiceEnabled": true, "malwareDetectionEnabled": false, "nodeProfileServiceEnabled": false, + "seccompServiceEnabled": true, "initialDelay": "2m", "updateDataPeriod": "10m", "nodeProfileInterval": "10m", @@ -9176,14 +9182,14 @@ minimal capabilities: annotations: checksum/cloud-config: c8580dbb81fa1c832dc787a966fc068feacfb2ee7f67fdd928c256f4094ad656 checksum/cloud-secret: baefa7c2a6f06e1afdaffb0829d1caf36ff7428773197f1e5ca4731c132ecb78 - checksum/node-agent-config: 3ccfb3467579f1c6849389829a0d66deab8589e05e2e05dfdbc4c2b6d64ff16a + checksum/node-agent-config: e3a2365c759a38052b86830b55e01e2d3e6196bd10cfff63abf00d87e9211168 container.apparmor.security.beta.kubernetes.io/node-agent: unconfined labels: alt-name: node-agent app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9223,13 +9229,13 @@ minimal capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.85 + image: quay.io/kubescape/node-agent:v0.2.87 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /livez port: 7888 - initialDelaySeconds: 3 + initialDelaySeconds: 60 periodSeconds: 3 name: node-agent readinessProbe: @@ -9494,7 +9500,7 @@ minimal capabilities: template: metadata: annotations: - checksum/capabilities-config: f3a9c35fcb5d8b7292ce877e49416ebdc0fab30b444d3c385b19d3110c845d9d + checksum/capabilities-config: 04d6d6480df627d00551d3d69dd86c64e9d808cd105aaefe487fa3091ee41019 checksum/cloud-config: c8580dbb81fa1c832dc787a966fc068feacfb2ee7f67fdd928c256f4094ad656 checksum/cloud-secret: baefa7c2a6f06e1afdaffb0829d1caf36ff7428773197f1e5ca4731c132ecb78 checksum/matching-rules-config: 9282b3916f506ac98eccbdfe686271420ff520374de611f7efce8235dcdf8809 @@ -9503,7 +9509,7 @@ minimal capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9517,7 +9523,7 @@ minimal capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.18.17 + value: kubescape-operator-1.18.18 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -9754,7 +9760,7 @@ minimal capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.18.17 + helm.sh/chart: kubescape-operator-1.18.18 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane diff --git a/charts/kubescape-operator/tests/snapshot_test.yaml b/charts/kubescape-operator/tests/snapshot_test.yaml index b2620a6a..be095bab 100644 --- a/charts/kubescape-operator/tests/snapshot_test.yaml +++ b/charts/kubescape-operator/tests/snapshot_test.yaml @@ -21,6 +21,7 @@ tests: runtimeDetection: enable malwareDetection: enable nodeProfileService: enable + seccompProfileService: enable autoUpgrading: enable prometheusExporter: enable server: api.armosec.io diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml index 6445fcaf..27b276d2 100644 --- a/charts/kubescape-operator/values.yaml +++ b/charts/kubescape-operator/values.yaml @@ -81,6 +81,7 @@ capabilities: runtimeDetection: disable malwareDetection: disable nodeProfileService: disable + seccompProfileService: enable # ====== Other capabilities ====== # @@ -477,7 +478,7 @@ nodeAgent: image: # -- source code: https://github.com/kubescape/node-agent repository: quay.io/kubescape/node-agent - tag: v0.2.85 + tag: v0.2.87 pullPolicy: IfNotPresent config: @@ -752,7 +753,7 @@ prometheusExporter: name: "prometheus-exporter" image: repository: quay.io/kubescape/prometheus-exporter - tag: v0.0.7 + tag: v0.0.135 pullPolicy: IfNotPresent resources: