Merge pull request #462 from kubescape/hotfix/service-discovery-crd

add patch option for Apply the crd + authenticated field can be nil

charts/dependency_chart/servicescanresult-crds/crds/service-scan-result.crd.yaml

@@ -41,3 +41,4 @@ spec:
                       type: string
                     authenticated:
                       type: boolean
+                      nullable: true

charts/kubescape-operator/Chart.yaml

@@ -49,4 +49,4 @@ dependencies:
   - name: kubescape-service-scan-crd
     version: 0.0.1
     repository: "file://../dependency_chart/servicescanresult-crds"
-    condition: capabilities.enableServiceScanResult
+    condition: serviceScanConfig.enabled

charts/kubescape-operator/templates/configs/components-configmap.yaml

@@ -13,5 +13,6 @@ data:
     {
       "capabilities": {{- .Values.capabilities | toJson }},
       "components": {{- include "components" . | fromYaml | toJson }},
-      "configurations": {{- .Values.configurations | toJson }}
+      "configurations": {{- .Values.configurations | toJson }} ,
+      "serviceScanConfig" : {{- .Values.serviceScanConfig | toJson }}
     }

charts/kubescape-operator/templates/operator/clusterrole.yaml

@@ -21,5 +21,5 @@ rules:
     verbs: ["get", "watch", "list", "delete"]
   - apiGroups: ["kubescape.io"]
     resources: ["servicesscanresults"]
-    verbs: ["get", "watch", "list", "create", "update", "delete"]
+    verbs: ["get", "watch", "list", "create", "update", "delete" ,"patch"]
   {{- end }}

charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap

@@ -205,9 +205,10 @@ all capabilities:
     data:
       capabilities: |
         {
-          "capabilities":{"autoUpgrading":"enable","configurationScan":"enable","continuousScan":"enable","enableServiceScanResult":false,"malwareDetection":"enable","networkPolicyService":"enable","nodeProfileService":"enable","nodeScan":"enable","prometheusExporter":"enable","relevancy":"enable","runtimeDetection":"enable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"enable","vulnerabilityScan":"enable"},
+          "capabilities":{"autoUpgrading":"enable","configurationScan":"enable","continuousScan":"enable","malwareDetection":"enable","networkPolicyService":"enable","nodeProfileService":"enable","nodeScan":"enable","prometheusExporter":"enable","relevancy":"enable","runtimeDetection":"enable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"enable","vulnerabilityScan":"enable"},
           "components":{"autoUpdater":{"enabled":true},"clamAV":{"enabled":true},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":true},"hostScanner":{"enabled":true},"kollector":{"enabled":true},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":true},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":true},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":true},"serviceDiscovery":{"enabled":true},"storage":{"enabled":true},"synchronizer":{"enabled":true}},
-          "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"}
+          "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} ,
+          "serviceScanConfig" :{"enabled":false,"interval":"1h"}
         }
     kind: ConfigMap
     metadata:
@@ -2581,6 +2582,7 @@ all capabilities:
           - create
           - update
           - delete
+          - patch
   56: |
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
@@ -2640,7 +2642,7 @@ all capabilities:
       template:
         metadata:
           annotations:
-            checksum/capabilities-config: 62a907df782569d2efd2b69369d0f2c33b514d80640b3d6bd15d9cc10dfc255b
+            checksum/capabilities-config: 042defc33e2d6a27904d1f5f6c69fbdea2e5ca60fe4bf58225d305a9a240b9d4
             checksum/cloud-config: c4dc912bbe62b0d5fd4734206c3cae52f56d766cbc20024182a2bcef09c0ae8e
             checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99
             checksum/matching-rules-config: 9282b3916f506ac98eccbdfe686271420ff520374de611f7efce8235dcdf8809
@@ -2677,7 +2679,7 @@ all capabilities:
                   value: https://foo:bar@baz:1234
                 - name: no_proxy
                   value: gateway,kubescape,kubevuln,node-agent,operator,otel-collector,kubernetes.default.svc.*,127.0.0.1
-              image: quay.io/kubescape/operator:v0.2.13
+              image: quay.io/kubescape/operator:v0.2.16
               imagePullPolicy: IfNotPresent
               livenessProbe:
                 httpGet:
@@ -4521,9 +4523,10 @@ default capabilities:
     data:
       capabilities: |
         {
-          "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","enableServiceScanResult":false,"malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"},
+          "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"},
           "components":{"autoUpdater":{"enabled":false},"clamAV":{"enabled":false},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":true},"hostScanner":{"enabled":true},"kollector":{"enabled":true},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":true},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":true},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":false},"serviceDiscovery":{"enabled":true},"storage":{"enabled":true},"synchronizer":{"enabled":true}},
-          "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"}
+          "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} ,
+          "serviceScanConfig" :{"enabled":false,"interval":"1h"}
         }
     kind: ConfigMap
     metadata:
@@ -6658,6 +6661,7 @@ default capabilities:
           - create
           - update
           - delete
+          - patch
   48: |
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
@@ -6717,7 +6721,7 @@ default capabilities:
       template:
         metadata:
           annotations:
-            checksum/capabilities-config: d69abd2ecc3a5f1d41c8203167caaf887baa350730532f8115635e0c435e6578
+            checksum/capabilities-config: b89694afc3644e806e80bc920675d5cb5827e1ea5a1d1f64a93414dc5b01f888
             checksum/cloud-config: 98e72a3a1a24264d2cdebc86b61829ee5b941fb590d6ca717ebaa880922046c6
             checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99
             checksum/matching-rules-config: 9282b3916f506ac98eccbdfe686271420ff520374de611f7efce8235dcdf8809
@@ -6750,7 +6754,7 @@ default capabilities:
                   value: zap
                 - name: OTEL_COLLECTOR_SVC
                   value: otel-collector:4317
-              image: quay.io/kubescape/operator:v0.2.13
+              image: quay.io/kubescape/operator:v0.2.16
               imagePullPolicy: IfNotPresent
               livenessProbe:
                 httpGet:
@@ -8341,9 +8345,10 @@ minimal capabilities:
     data:
       capabilities: |
         {
-          "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","enableServiceScanResult":false,"malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"},
+          "capabilities":{"autoUpgrading":"disable","configurationScan":"enable","continuousScan":"disable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","vexGeneration":"disable","vulnerabilityScan":"enable"},
           "components":{"autoUpdater":{"enabled":false},"clamAV":{"enabled":false},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":false},"hostScanner":{"enabled":true},"kollector":{"enabled":false},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":false},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":false},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":false},"serviceDiscovery":{"enabled":false},"storage":{"enabled":true},"synchronizer":{"enabled":false}},
-          "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"}
+          "configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} ,
+          "serviceScanConfig" :{"enabled":false,"interval":"1h"}
         }
     kind: ConfigMap
     metadata:
@@ -9518,6 +9523,7 @@ minimal capabilities:
           - create
           - update
           - delete
+          - patch
   27: |
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
@@ -9577,7 +9583,7 @@ minimal capabilities:
       template:
         metadata:
           annotations:
-            checksum/capabilities-config: 04d6d6480df627d00551d3d69dd86c64e9d808cd105aaefe487fa3091ee41019
+            checksum/capabilities-config: dfb807bb249d778f8b7a6270796c1150a66bc270a01e0338a8f46598fc430199
             checksum/cloud-config: c8580dbb81fa1c832dc787a966fc068feacfb2ee7f67fdd928c256f4094ad656
             checksum/cloud-secret: baefa7c2a6f06e1afdaffb0829d1caf36ff7428773197f1e5ca4731c132ecb78
             checksum/matching-rules-config: 9282b3916f506ac98eccbdfe686271420ff520374de611f7efce8235dcdf8809
@@ -9609,7 +9615,7 @@ minimal capabilities:
                   value: zap
                 - name: OTEL_COLLECTOR_SVC
                   value: otel-collector:4317
-              image: quay.io/kubescape/operator:v0.2.13
+              image: quay.io/kubescape/operator:v0.2.16
               imagePullPolicy: IfNotPresent
               livenessProbe:
                 httpGet:

charts/kubescape-operator/values.yaml

@@ -91,7 +91,9 @@ capabilities:
   prometheusExporter: disable
   # seccompGenerator: disable
 
-  enableServiceScanResult: false
+serviceScanConfig:
+  enabled : false
+  interval: 1h
 
 configurations:
   otelUrl: # default is empty
@@ -256,7 +258,7 @@ operator:
   image:
     # -- source code: https://github.com/kubescape/operator
     repository: quay.io/kubescape/operator
-    tag: v0.2.13
+    tag: v0.2.16
     pullPolicy: IfNotPresent
 
   service: