Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use application profile instead of sbomp for relevancy #509

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

use application profile instead of sbomp for relevancy #509

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/kubescape-operator/templates/kubevuln/clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@ rules:
resources: ["vulnerabilitymanifests", "vulnerabilitymanifestsummaries", "openvulnerabilityexchangecontainers", "sbomsyfts"]
verbs: ["create", "get", "update", "watch", "list", "patch"]
- apiGroups: ["spdx.softwarecomposition.kubescape.io"]
resources: ["sbomsyftfiltereds"]
resources: ["applicationprofiles"]
verbs: ["get", "watch", "list"]
{{- end }}
2 changes: 1 addition & 1 deletion charts/kubescape-operator/templates/node-agent/clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ rules:
resources: ["sbomsyfts", "seccompprofiles"]
verbs: ["get", "watch", "list"]
- apiGroups: ["spdx.softwarecomposition.kubescape.io"]
resources: ["applicationactivities", "applicationprofiles", "networkneighborses", "networkneighborhoods", "sbomsyftfiltereds"]
resources: ["applicationactivities", "applicationprofiles", "networkneighborses", "networkneighborhoods"]
verbs: ["create", "get", "update", "watch", "list", "patch"]
- apiGroups: ["kubescape.io"]
resources: ["runtimerulealertbindings"]
Expand Down
2 changes: 1 addition & 1 deletion charts/kubescape-operator/templates/operator/clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ rules:
resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
verbs: ["get", "watch", "list"]
- apiGroups: ["spdx.softwarecomposition.kubescape.io"]
resources: ["vulnerabilitymanifests", "vulnerabilitymanifestsummaries", "workloadconfigurationscans", "workloadconfigurationscansummaries", "openvulnerabilityexchangecontainers", "sbomsyftfiltereds", "sbomsyfts"]
resources: ["vulnerabilitymanifests", "vulnerabilitymanifestsummaries", "workloadconfigurationscans", "workloadconfigurationscansummaries", "openvulnerabilityexchangecontainers", "applicationprofiles", "sbomsyfts"]
verbs: ["get", "watch", "list", "delete"]
- apiGroups: ["kubescape.io"]
resources: ["runtimerulealertbindings"]
Expand Down
76 changes: 36 additions & 40 deletions charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2204,7 +2204,7 @@ all capabilities:
- apiGroups:
- spdx.softwarecomposition.kubescape.io
resources:
- sbomsyftfiltereds
- applicationprofiles
verbs:
- get
- watch
Expand Down Expand Up @@ -2313,8 +2313,8 @@ all capabilities:
value: https://foo:bar@baz:1234
- name: no_proxy
value: gateway,kubescape,kubevuln,node-agent,operator,otel-collector,kubernetes.default.svc.*,127.0.0.1,*.foo,bar.baz
image: quay.io/kubescape/kubevuln:v0.3.33
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/kubevuln:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -2592,7 +2592,6 @@ all capabilities:
- applicationprofiles
- networkneighborses
- networkneighborhoods
- sbomsyftfiltereds
verbs:
- create
- get
Expand Down Expand Up @@ -2825,8 +2824,8 @@ all capabilities:
fieldRef:
fieldPath: metadata.namespace
- name: NodeName
image: quay.io/kubescape/node-agent:v0.2.141
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/node-agent:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /livez
Expand Down Expand Up @@ -3274,7 +3273,7 @@ all capabilities:
- workloadconfigurationscans
- workloadconfigurationscansummaries
- openvulnerabilityexchangecontainers
- sbomsyftfiltereds
- applicationprofiles
- sbomsyfts
verbs:
- get
Expand Down Expand Up @@ -3430,8 +3429,8 @@ all capabilities:
value: https://foo:bar@baz:1234
- name: no_proxy
value: gateway,kubescape,kubevuln,node-agent,operator,otel-collector,kubernetes.default.svc.*,127.0.0.1,*.foo,bar.baz
image: quay.io/kubescape/operator:v0.2.32
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/operator:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -4979,7 +4978,7 @@ all capabilities:
name: cloud-secret
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4317
image: quay.io/kubescape/storage:v0.0.117
image: quay.io/kubescape/storage:v0.0.122
imagePullPolicy: IfNotPresent
livenessProbe:
tcpSocket:
Expand Down Expand Up @@ -7707,7 +7706,7 @@ default capabilities:
- apiGroups:
- spdx.softwarecomposition.kubescape.io
resources:
- sbomsyftfiltereds
- applicationprofiles
verbs:
- get
- watch
Expand Down Expand Up @@ -7812,8 +7811,8 @@ default capabilities:
name: cloud-secret
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4317
image: quay.io/kubescape/kubevuln:v0.3.33
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/kubevuln:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -8053,7 +8052,6 @@ default capabilities:
- applicationprofiles
- networkneighborses
- networkneighborhoods
- sbomsyftfiltereds
verbs:
- create
- get
Expand Down Expand Up @@ -8217,8 +8215,8 @@ default capabilities:
fieldRef:
fieldPath: metadata.namespace
- name: NodeName
image: quay.io/kubescape/node-agent:v0.2.141
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/node-agent:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /livez
Expand Down Expand Up @@ -8543,7 +8541,7 @@ default capabilities:
- workloadconfigurationscans
- workloadconfigurationscansummaries
- openvulnerabilityexchangecontainers
- sbomsyftfiltereds
- applicationprofiles
- sbomsyfts
verbs:
- get
Expand Down Expand Up @@ -8695,8 +8693,8 @@ default capabilities:
value: zap
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4318
image: quay.io/kubescape/operator:v0.2.32
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/operator:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -9903,7 +9901,7 @@ default capabilities:
name: cloud-secret
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4317
image: quay.io/kubescape/storage:v0.0.117
image: quay.io/kubescape/storage:v0.0.122
imagePullPolicy: IfNotPresent
livenessProbe:
tcpSocket:
Expand Down Expand Up @@ -12117,7 +12115,7 @@ disable otel:
- apiGroups:
- spdx.softwarecomposition.kubescape.io
resources:
- sbomsyftfiltereds
- applicationprofiles
verbs:
- get
- watch
Expand Down Expand Up @@ -12221,8 +12219,8 @@ disable otel:
name: cloud-secret
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4317
image: quay.io/kubescape/kubevuln:v0.3.33
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/kubevuln:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -12400,7 +12398,6 @@ disable otel:
- applicationprofiles
- networkneighborses
- networkneighborhoods
- sbomsyftfiltereds
verbs:
- create
- get
Expand Down Expand Up @@ -12563,8 +12560,8 @@ disable otel:
fieldRef:
fieldPath: metadata.namespace
- name: NodeName
image: quay.io/kubescape/node-agent:v0.2.141
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/node-agent:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /livez
Expand Down Expand Up @@ -12781,7 +12778,7 @@ disable otel:
- workloadconfigurationscans
- workloadconfigurationscansummaries
- openvulnerabilityexchangecontainers
- sbomsyftfiltereds
- applicationprofiles
- sbomsyfts
verbs:
- get
Expand Down Expand Up @@ -12932,8 +12929,8 @@ disable otel:
value: zap
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4318
image: quay.io/kubescape/operator:v0.2.32
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/operator:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -14011,7 +14008,7 @@ disable otel:
name: cloud-secret
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4317
image: quay.io/kubescape/storage:v0.0.117
image: quay.io/kubescape/storage:v0.0.122
imagePullPolicy: IfNotPresent
livenessProbe:
tcpSocket:
Expand Down Expand Up @@ -15497,7 +15494,7 @@ minimal capabilities:
- apiGroups:
- spdx.softwarecomposition.kubescape.io
resources:
- sbomsyftfiltereds
- applicationprofiles
verbs:
- get
- watch
Expand Down Expand Up @@ -15601,8 +15598,8 @@ minimal capabilities:
name: cloud-secret
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4317
image: quay.io/kubescape/kubevuln:v0.3.33
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/kubevuln:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -15778,7 +15775,6 @@ minimal capabilities:
- applicationprofiles
- networkneighborses
- networkneighborhoods
- sbomsyftfiltereds
verbs:
- create
- get
Expand Down Expand Up @@ -15940,8 +15936,8 @@ minimal capabilities:
fieldRef:
fieldPath: metadata.namespace
- name: NodeName
image: quay.io/kubescape/node-agent:v0.2.141
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/node-agent:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /livez
Expand Down Expand Up @@ -16156,7 +16152,7 @@ minimal capabilities:
- workloadconfigurationscans
- workloadconfigurationscansummaries
- openvulnerabilityexchangecontainers
- sbomsyftfiltereds
- applicationprofiles
- sbomsyfts
verbs:
- get
Expand Down Expand Up @@ -16306,8 +16302,8 @@ minimal capabilities:
value: zap
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4318
image: quay.io/kubescape/operator:v0.2.32
imagePullPolicy: IfNotPresent
image: quay.io/matthiasb_1/operator:appprofile
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /v1/liveness
Expand Down Expand Up @@ -17155,7 +17151,7 @@ minimal capabilities:
name: cloud-secret
- name: OTEL_COLLECTOR_SVC
value: otel-collector:4317
image: quay.io/kubescape/storage:v0.0.117
image: quay.io/kubescape/storage:v0.0.122
imagePullPolicy: IfNotPresent
livenessProbe:
tcpSocket:
Expand Down
20 changes: 10 additions & 10 deletions charts/kubescape-operator/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,9 +272,9 @@ operator:

image:
# -- source code: https://github.com/kubescape/operator
repository: quay.io/kubescape/operator
tag: v0.2.32
pullPolicy: IfNotPresent
repository: quay.io/matthiasb_1/operator
tag: appprofile
pullPolicy: Always

service:
type: ClusterIP
Expand Down Expand Up @@ -317,9 +317,9 @@ kubevuln:

image:
# -- source code: https://github.com/kubescape/kubevuln
repository: quay.io/kubescape/kubevuln
tag: v0.3.33
pullPolicy: IfNotPresent
repository: quay.io/matthiasb_1/kubevuln
tag: appprofile
pullPolicy: Always

replicaCount: 1

Expand Down Expand Up @@ -481,7 +481,7 @@ storage:
image:
# -- source code: https://github.com/kubescape/storage
repository: quay.io/kubescape/storage
tag: v0.0.117
tag: v0.0.122
pullPolicy: IfNotPresent

# cleanup interval is a duration string
Expand All @@ -504,9 +504,9 @@ nodeAgent:
name: node-agent
image:
# -- source code: https://github.com/kubescape/node-agent
repository: quay.io/kubescape/node-agent
tag: v0.2.141
pullPolicy: IfNotPresent
repository: quay.io/matthiasb_1/node-agent
tag: appprofile
pullPolicy: Always

config:
maxLearningPeriod: 24h # duration string
Expand Down
Loading