Pulling dev branch into main - Automated PR by CICD (#238)

* Automated commit - update node-agent image tag with: v0.1.78 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * restore TRIGGER_SECURITY_FRAMEWORK Signed-off-by: kooomix <[email protected]> * Automated commit - update node-agent image tag with: v0.1.81 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Automated commit - update node-agent image tag with: v0.1.83 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Automated commit - update node-agent image tag with: v0.1.85 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * update node-agent Signed-off-by: David Wertenteil <[email protected]> * revert chart tag Signed-off-by: David Wertenteil <[email protected]> * Automated commit - update node-agent image tag with: v0.1.86 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * bump node-agent version Signed-off-by: David Wertenteil <[email protected]> * after merge Signed-off-by: David Wertenteil <[email protected]> * Automated commit - update node-agent image tag with: v0.1.87 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * bump node-agent version Signed-off-by: David Wertenteil <[email protected]> * remove kubevuln pv Signed-off-by: David Wertenteil <[email protected]> * adding cr to ks Signed-off-by: David Wertenteil <[email protected]> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: kooomix <[email protected]> Signed-off-by: David Wertenteil <[email protected]> Co-authored-by: kubescapebot <[email protected]> Co-authored-by: kooomix <[email protected]> Co-authored-by: David Wertenteil <[email protected]>
kubescape · Jul 26, 2023 · b84e86d · b84e86d
1 parent 53b19e3
commit b84e86d
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 66 deletions.
diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml
@@ -9,14 +9,14 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.14.1
+version: 1.14.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 
-appVersion: 1.14.1
+appVersion: 1.14.2
 
 maintainers:
 - name: Ben Hirschberg

diff --git a/charts/kubescape-cloud-operator/templates/kubescape/clusterrole.yaml b/charts/kubescape-cloud-operator/templates/kubescape/clusterrole.yaml
@@ -45,6 +45,12 @@ rules:
 - apiGroups: ["storage.k8s.io"]
   resources: ["csistoragecapacities"]
   verbs: ["get", "watch", "list"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["extensions"]
+  resources: ["Ingress"]
+  verbs: ["get", "watch", "list"]
 - apiGroups: [""]
   resources: ["namespaces"]
   verbs: ["update"]
diff --git a/charts/kubescape-cloud-operator/templates/kubevuln/deployment.yaml b/charts/kubescape-cloud-operator/templates/kubevuln/deployment.yaml
@@ -134,12 +134,7 @@ spec:
             - key: "clusterData"
               path: "clusterData.json"
         - name: "grype-db"
-          {{- if .Values.persistence.enabled }}
-          persistentVolumeClaim:
-            claimName: "{{ .Values.kubevuln.name }}"
-          {{- else }}
           emptyDir: {}
-          {{- end }}
 {{- if .Values.volumes }}
 {{ toYaml .Values.volumes | indent 8 }}
 {{- end }}

diff --git a/charts/kubescape-cloud-operator/templates/kubevuln/pvc.yaml b/charts/kubescape-cloud-operator/templates/kubevuln/pvc.yaml
diff --git a/charts/kubescape-cloud-operator/templates/node-agent/daemonset.yaml b/charts/kubescape-cloud-operator/templates/node-agent/daemonset.yaml
@@ -41,8 +41,6 @@ spec:
                 operator: In
                 values:
                 - amd64
-                # - ppc64le
-                # - s390x
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
@@ -88,14 +86,14 @@ spec:
             secretName: {{ .Values.global.proxySecretName }}
         {{- end }}
       containers:
-        - name: {{ .Values.nodeAgent.containers.nodeAgent.name }}
-          image: "{{ .Values.nodeAgent.containers.nodeAgent.image.repository }}:{{ .Values.nodeAgent.containers.nodeAgent.image.tag }}"
-          imagePullPolicy: {{ .Values.nodeAgent.containers.nodeAgent.image.pullPolicy }}
+        - name: {{ .Values.nodeAgent.name }}
+          image: "{{ .Values.nodeAgent.image.repository }}:{{ .Values.nodeAgent.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeAgent.image.pullPolicy }}
           resources:
 {{ toYaml .Values.nodeAgent.resources | indent 12 }}
           env:
             - name: GOMEMLIMIT
-              value: "{{ .Values.nodeAgent.resources.requests.memory }}B"
+              value: "600MiB"
             - name: KS_LOGGER_LEVEL
               value: "{{ .Values.logger.level }}"
             - name: KS_LOGGER_NAME
@@ -120,7 +118,7 @@ spec:
                   fieldPath: metadata.name
             - name: HOST_ROOT
               value: "/host"
-            {{- range .Values.nodeAgent.containers.nodeAgent.env }}
+            {{- range .Values.nodeAgent.env }}
             - name: {{ .name }}
             {{- if .value }}
               value: "{{ .value }}"
@@ -141,7 +139,7 @@ spec:
             mountPath: /etc/config/config.json
             readOnly: true
             subPath: "config.json"
-          {{- range .Values.nodeAgent.containers.nodeAgent.volumeMounts }}
+          {{- range .Values.nodeAgent.volumeMounts }}
           - mountPath: {{ .mountPath }}
             name: {{ .name }}
           {{- end }}

diff --git a/charts/kubescape-cloud-operator/templates/operator/deployment.yaml b/charts/kubescape-cloud-operator/templates/operator/deployment.yaml
@@ -100,7 +100,7 @@ spec:
               value: "{{ $no_proxy_envar_list }}"
             {{- end }}
             - name: TRIGGER_SECURITY_FRAMEWORK
-              value: "false"
+              value: "{{ .Values.operator.triggerSecurityFramework }}"
           args:
             - -alsologtostderr
             - -v=4

diff --git a/charts/kubescape-cloud-operator/values.yaml b/charts/kubescape-cloud-operator/values.yaml
@@ -7,7 +7,7 @@ ksLabel: kubescape
 createKubescapeServiceAccount: true # TODO: move to kubescape
 
 capabilities:
-  relevancy: disable # enable/disable/detect
+  relevancy: detect # enable/disable/detect
 
 # KS cloud BE URLs
 environment: "prod"
@@ -161,7 +161,7 @@ kubescape:
   image:
     # -- source code: https://github.com/kubescape/kubescape/tree/master/httphandler (public repo)
     repository: quay.io/kubescape/kubescape
-    tag: v2.3.7
+    tag: v2.3.8
     pullPolicy: IfNotPresent
 
   resources:
@@ -566,7 +566,11 @@ grypeOfflineDB:
        memory: 200Mi
 
 nodeAgent:
-  name: "node-agent"
+  name: node-agent
+  image:
+    repository: quay.io/kubescape/node-agent
+    tag: v0.1.87
+    pullPolicy: IfNotPresent
 
   config: 
     maxLearningPeriod: 3h # duration string
@@ -575,11 +579,33 @@ nodeAgent:
   resources:
     requests:
        cpu: 100m
-       memory: 150Mi
+       memory: 180Mi
     limits:
        cpu: 500m
        memory: 700Mi
 
+  env:
+    - name: NodeName
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.nodeName
+
+  volumeMounts:
+    - mountPath: /host
+      name: host
+    - mountPath: /run
+      name: run
+    - mountPath: /lib/modules
+      name: modules
+    - mountPath: /sys/kernel/debug
+      name: debugfs
+    - mountPath: /sys/fs/cgroup
+      name: cgroup
+    - mountPath: /sys/fs/bpf
+      name: bpffs
+    - mountPath: /data
+      name: data
+
   volumes:
     - hostPath:
         path: /
@@ -601,31 +627,6 @@ nodeAgent:
       name: debugfs
     - emptyDir:
       name: data
-
-  containers:  
-    nodeAgent:
-      name: node-agent
-      image:
-        repository: quay.io/kubescape/node-agent
-        tag: v0.1.77
-        pullPolicy: IfNotPresent
-      env:
-        - name: NodeName
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-      volumeMounts:
-        - mountPath: /host
-          name: host
-        - mountPath: /run
-          name: run
-        - mountPath: /lib/modules
-          name: modules
-        - mountPath: /sys/kernel/debug
-          name: debugfs
-        - mountPath: /sys/fs/cgroup
-          name: cgroup
-        - mountPath: /sys/fs/bpf
-          name: bpffs
-        - mountPath: /data
-          name: data
+node-agent:
+  image:
+    tag: v0.1.87