From dbe1e90f4c14e9e528e3f229758745870f1b50f0 Mon Sep 17 00:00:00 2001 From: Zuriel Levi Date: Thu, 11 Dec 2025 09:13:49 +0200 Subject: [PATCH 1/7] add registry_scan_url optional env --- charts/konnector/Chart.yaml | 2 +- charts/konnector/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/konnector/Chart.yaml b/charts/konnector/Chart.yaml index 12af6b1..491a557 100644 --- a/charts/konnector/Chart.yaml +++ b/charts/konnector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: konnector description: Deploys Palo Alto Networks' Cortex KSPM connector for advanced Kubernetes security posture management. type: application -version: 1.0.23 +version: 1.0.24 appVersion: "1.0.0" maintainers: - name: Palo Alto Networks - Cortex KSPM team diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml index 58be2ac..706b0b9 100644 --- a/charts/konnector/values.yaml +++ b/charts/konnector/values.yaml @@ -28,6 +28,7 @@ optionalValues: CLUSTER_URI: "" # Cluster URI should be set when metadata service is not reachable from the cluster UPLOAD_LOG_LEVEL: "ERROR" # Log level for uploading logs ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC") CONSOLE_LOG_LEVEL: "INFO" # Log level for console output ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC") + REGISTRY_SCAN_URL: "" # OpenShift registry scan URL — set by the user if a custom registry URL was configured proxyValues: httpProxy: "" # Optional proxy URL for external network access From 2118b47dbfa19b7eff035cda3ff73d649f65c018 Mon Sep 17 00:00:00 2001 From: Zuriel Levi Date: Thu, 11 Dec 2025 09:38:23 +0200 Subject: [PATCH 2/7] add openshift registry permissions --- .github/workflows/lint-test.yaml | 2 +- charts/konnector/values.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 88c446c..478b570 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -21,7 +21,7 @@ jobs: - name: Set up Python uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: - python-version: 3.x + python-version: '3.12' - name: Set up chart-testing uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml index 706b0b9..0de7d82 100644 --- a/charts/konnector/values.yaml +++ b/charts/konnector/values.yaml @@ -199,6 +199,10 @@ system: roleRef: apiGroup: security.openshift.io/v1 name: system:openshift:scc:privileged + konnector-openshift-registry: + roleRef: + apiGroup: rbac.authorization.k8s.io/v1 + name: system:image-puller # ========================== # Secrets Resources From a0be8894f8a1ced0a36faba79352d08dbee1b1c0 Mon Sep 17 00:00:00 2001 From: Zuriel Levi Date: Thu, 11 Dec 2025 09:48:23 +0200 Subject: [PATCH 3/7] remove openshift registry permissions --- charts/konnector/values.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml index 0de7d82..706b0b9 100644 --- a/charts/konnector/values.yaml +++ b/charts/konnector/values.yaml @@ -199,10 +199,6 @@ system: roleRef: apiGroup: security.openshift.io/v1 name: system:openshift:scc:privileged - konnector-openshift-registry: - roleRef: - apiGroup: rbac.authorization.k8s.io/v1 - name: system:image-puller # ========================== # Secrets Resources From d563ef33a3e23ce77c76c1af5ab2de28e21d5928 Mon Sep 17 00:00:00 2001 From: Zuriel Levi Date: Thu, 11 Dec 2025 09:52:57 +0200 Subject: [PATCH 4/7] add openshift registry permissions --- charts/konnector/values.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml index 706b0b9..1473b13 100644 --- a/charts/konnector/values.yaml +++ b/charts/konnector/values.yaml @@ -28,7 +28,7 @@ optionalValues: CLUSTER_URI: "" # Cluster URI should be set when metadata service is not reachable from the cluster UPLOAD_LOG_LEVEL: "ERROR" # Log level for uploading logs ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC") CONSOLE_LOG_LEVEL: "INFO" # Log level for console output ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC") - REGISTRY_SCAN_URL: "" # OpenShift registry scan URL — set by the user if a custom registry URL was configured + REGISTRY_SCAN_URL: "" # OpenShift registry scan URL - set by the user if a custom registry URL was configured proxyValues: httpProxy: "" # Optional proxy URL for external network access @@ -199,6 +199,10 @@ system: roleRef: apiGroup: security.openshift.io/v1 name: system:openshift:scc:privileged + konnector-openshift-registry: + roleRef: + apiGroup: rbac.authorization.k8s.io/v1 + name: system:image-puller # ========================== # Secrets Resources From cfda66602eb4720ed42747bce8838aca68377ac8 Mon Sep 17 00:00:00 2001 From: Zuriel Levi Date: Sun, 14 Dec 2025 18:50:13 +0200 Subject: [PATCH 5/7] change env name --- charts/konnector/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml index 1473b13..1ff1276 100644 --- a/charts/konnector/values.yaml +++ b/charts/konnector/values.yaml @@ -28,7 +28,7 @@ optionalValues: CLUSTER_URI: "" # Cluster URI should be set when metadata service is not reachable from the cluster UPLOAD_LOG_LEVEL: "ERROR" # Log level for uploading logs ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC") CONSOLE_LOG_LEVEL: "INFO" # Log level for console output ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC") - REGISTRY_SCAN_URL: "" # OpenShift registry scan URL - set by the user if a custom registry URL was configured + IN_CLUSTER_REGISTRY_SCAN_URL: "" # OpenShift registry scan URL - set by the user if a custom registry URL was configured proxyValues: httpProxy: "" # Optional proxy URL for external network access From 4f0a8c1f50ab65fb3680bf0e4f09e096170c7e5f Mon Sep 17 00:00:00 2001 From: Zuriel Levi Date: Wed, 17 Dec 2025 00:29:18 +0200 Subject: [PATCH 6/7] restore chart version --- .github/workflows/lint-test.yaml | 2 +- charts/konnector/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 478b570..88c446c 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -21,7 +21,7 @@ jobs: - name: Set up Python uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: - python-version: '3.12' + python-version: 3.x - name: Set up chart-testing uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 diff --git a/charts/konnector/Chart.yaml b/charts/konnector/Chart.yaml index 491a557..12af6b1 100644 --- a/charts/konnector/Chart.yaml +++ b/charts/konnector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: konnector description: Deploys Palo Alto Networks' Cortex KSPM connector for advanced Kubernetes security posture management. type: application -version: 1.0.24 +version: 1.0.23 appVersion: "1.0.0" maintainers: - name: Palo Alto Networks - Cortex KSPM team From 9a3bc4fed7fe920806abacca9ec9bfe84227c1af Mon Sep 17 00:00:00 2001 From: Yishay Nadav Date: Thu, 18 Dec 2025 10:16:51 +0200 Subject: [PATCH 7/7] bump version --- charts/konnector/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/konnector/Chart.yaml b/charts/konnector/Chart.yaml index 357da7e..1090ba3 100644 --- a/charts/konnector/Chart.yaml +++ b/charts/konnector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: konnector description: Deploys Palo Alto Networks' Cortex KSPM connector for advanced Kubernetes security posture management. type: application -version: 1.0.24-rc.1 +version: 1.0.24-rc.2 appVersion: "1.0.0" maintainers: - name: Palo Alto Networks - Cortex KSPM team