From b031b4d693e8e500d97fe8accd574a40714cf78f Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Wed, 14 Aug 2024 11:49:49 +0000 Subject: [PATCH 1/6] Removing ld_preload rule from the deafult rules Signed-off-by: Amit Schendel --- .../templates/node-agent/default-rule-binding-namespaced.yaml | 1 - .../templates/node-agent/default-rule-binding.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml b/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml index 1cc821fd..47daddda 100644 --- a/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml +++ b/charts/kubescape-operator/templates/node-agent/default-rule-binding-namespaced.yaml @@ -29,7 +29,6 @@ spec: - ruleName: "eBPF Program Load" - ruleName: "Symlink Created Over Sensitive File" - ruleName: "Unexpected Sensitive File Access" - - ruleName: "LD_PRELOAD Hook" - ruleName: "Hardlink Created Over Sensitive File" - ruleName: "Exec to pod" - ruleName: "Port forward" diff --git a/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml b/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml index f9fd2664..c107d404 100644 --- a/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml +++ b/charts/kubescape-operator/templates/node-agent/default-rule-binding.yaml @@ -47,7 +47,6 @@ spec: - ruleName: "eBPF Program Load" - ruleName: "Symlink Created Over Sensitive File" - ruleName: "Unexpected Sensitive File Access" - - ruleName: "LD_PRELOAD Hook" - ruleName: "Hardlink Created Over Sensitive File" - ruleName: "Exec to pod" - ruleName: "Port forward" From 1e59c00a244f80331f5a565301d413d74e162df0 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Wed, 14 Aug 2024 11:50:36 +0000 Subject: [PATCH 2/6] Updating tests Signed-off-by: Amit Schendel --- .../tests/__snapshot__/snapshot_test.yaml.snap | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index 67d987d0..52c6d62c 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -2446,7 +2446,6 @@ all capabilities: - ruleName: eBPF Program Load - ruleName: Symlink Created Over Sensitive File - ruleName: Unexpected Sensitive File Access - - ruleName: LD_PRELOAD Hook - ruleName: Hardlink Created Over Sensitive File - ruleName: Exec to pod - ruleName: Port forward @@ -6668,7 +6667,6 @@ default capabilities: - ruleName: eBPF Program Load - ruleName: Symlink Created Over Sensitive File - ruleName: Unexpected Sensitive File Access - - ruleName: LD_PRELOAD Hook - ruleName: Hardlink Created Over Sensitive File - ruleName: Exec to pod - ruleName: Port forward From e6216089f365971af4309b21dd030fab0ab9b2e0 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Thu, 15 Aug 2024 11:16:03 +0000 Subject: [PATCH 3/6] Bumping node-agent Signed-off-by: Amit Schendel --- .../tests/__snapshot__/snapshot_test.yaml.snap | 8 ++++---- charts/kubescape-operator/values.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index 52c6d62c..95e2598c 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -2271,7 +2271,7 @@ all capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.109 + image: quay.io/kubescape/node-agent:v0.2.112 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6494,7 +6494,7 @@ default capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.109 + image: quay.io/kubescape/node-agent:v0.2.112 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -9960,7 +9960,7 @@ disable otel: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.109 + image: quay.io/kubescape/node-agent:v0.2.112 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -12627,7 +12627,7 @@ minimal capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.109 + image: quay.io/kubescape/node-agent:v0.2.112 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml index 727142e1..56a515ff 100644 --- a/charts/kubescape-operator/values.yaml +++ b/charts/kubescape-operator/values.yaml @@ -486,7 +486,7 @@ nodeAgent: image: # -- source code: https://github.com/kubescape/node-agent repository: quay.io/kubescape/node-agent - tag: v0.2.109 + tag: v0.2.112 pullPolicy: IfNotPresent config: From b0df36cffc52b274047e0afe9bbca3eb70746536 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sun, 18 Aug 2024 09:32:24 +0000 Subject: [PATCH 4/6] Bumping node-agent Signed-off-by: Amit Schendel --- .../tests/__snapshot__/snapshot_test.yaml.snap | 8 ++++---- charts/kubescape-operator/values.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index a584b690..b880a054 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -2271,7 +2271,7 @@ all capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.112 + image: quay.io/kubescape/node-agent:v0.2.114 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6494,7 +6494,7 @@ default capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.112 + image: quay.io/kubescape/node-agent:v0.2.114 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -9960,7 +9960,7 @@ disable otel: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.112 + image: quay.io/kubescape/node-agent:v0.2.114 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -12627,7 +12627,7 @@ minimal capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.112 + image: quay.io/kubescape/node-agent:v0.2.114 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml index 56562463..cc1658ce 100644 --- a/charts/kubescape-operator/values.yaml +++ b/charts/kubescape-operator/values.yaml @@ -491,7 +491,7 @@ nodeAgent: image: # -- source code: https://github.com/kubescape/node-agent repository: quay.io/kubescape/node-agent - tag: v0.2.112 + tag: v0.2.114 pullPolicy: IfNotPresent config: From b5c0ba8591a46633526b8ffd46bc14491c1f1e7b Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sun, 18 Aug 2024 09:41:30 +0000 Subject: [PATCH 5/6] Bumping chart version Signed-off-by: Amit Schendel --- charts/kubescape-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kubescape-operator/Chart.yaml b/charts/kubescape-operator/Chart.yaml index cd6a8d9b..d55af7bc 100644 --- a/charts/kubescape-operator/Chart.yaml +++ b/charts/kubescape-operator/Chart.yaml @@ -9,14 +9,14 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.20.4 +version: 1.20.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.20.4 +appVersion: 1.20.5 maintainers: - name: Ben Hirschberg From 485eff7c24a3ba63f28abfbe5a17164ae0208c70 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sun, 18 Aug 2024 09:42:00 +0000 Subject: [PATCH 6/6] Updating tests Signed-off-by: Amit Schendel --- .../__snapshot__/snapshot_test.yaml.snap | 146 +++++++++--------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index b880a054..1511e934 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -1,6 +1,6 @@ all capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.20.4.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries:\n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available:\n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.5.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries:\n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available:\n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: batch/v1 kind: CronJob @@ -60,7 +60,7 @@ all capabilities: metadata: labels: app: helm-release-upgrader - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: helm-release-upgrader namespace: kubescape @@ -263,7 +263,7 @@ all capabilities: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -404,7 +404,7 @@ all capabilities: metadata: labels: app: gateway - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: gateway namespace: kubescape @@ -508,7 +508,7 @@ all capabilities: app: grype-offline-db app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: grype-offline-db - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core tier: ks-control-plane spec: @@ -641,7 +641,7 @@ all capabilities: metadata: labels: app: kollector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kollector namespace: kubescape @@ -727,7 +727,7 @@ all capabilities: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -917,7 +917,7 @@ all capabilities: metadata: labels: app: kubescape-scheduler - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubescape-scheduler namespace: kubescape @@ -1177,7 +1177,7 @@ all capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -1207,7 +1207,7 @@ all capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -1455,7 +1455,7 @@ all capabilities: metadata: labels: app: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubescape namespace: kubescape @@ -1693,7 +1693,7 @@ all capabilities: metadata: labels: app: kubevuln-scheduler - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubevuln-scheduler namespace: kubescape @@ -1807,7 +1807,7 @@ all capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -1927,7 +1927,7 @@ all capabilities: metadata: labels: app: kubevuln - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubevuln namespace: kubescape @@ -2198,7 +2198,7 @@ all capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -2455,7 +2455,7 @@ all capabilities: metadata: labels: app: node-agent - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: node-agent namespace: kubescape @@ -2726,7 +2726,7 @@ all capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -2740,7 +2740,7 @@ all capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.20.4 + value: kubescape-operator-1.20.5 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -2905,7 +2905,7 @@ all capabilities: metadata: labels: app: operator - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: operator namespace: kubescape @@ -3100,7 +3100,7 @@ all capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -3201,7 +3201,7 @@ all capabilities: metadata: labels: app: otel-collector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: otel-collector namespace: kubescape @@ -3396,7 +3396,7 @@ all capabilities: metadata: labels: app: prometheus-exporter - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: prometheus-exporter namespace: kubescape @@ -3494,7 +3494,7 @@ all capabilities: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -3856,7 +3856,7 @@ all capabilities: metadata: labels: app: storage - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: storage namespace: kubescape @@ -4351,7 +4351,7 @@ all capabilities: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -4363,7 +4363,7 @@ all capabilities: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.20.4 + value: kubescape-operator-1.20.5 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -4462,7 +4462,7 @@ all capabilities: metadata: labels: app: synchronizer - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: synchronizer namespace: kubescape @@ -4541,7 +4541,7 @@ all capabilities: namespace: kubescape default capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.20.4.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.5.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -4652,7 +4652,7 @@ default capabilities: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -4781,7 +4781,7 @@ default capabilities: metadata: labels: app: gateway - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: gateway namespace: kubescape @@ -4879,7 +4879,7 @@ default capabilities: app: grype-offline-db app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: grype-offline-db - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core tier: ks-control-plane spec: @@ -5010,7 +5010,7 @@ default capabilities: metadata: labels: app: kollector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kollector namespace: kubescape @@ -5090,7 +5090,7 @@ default capabilities: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -5266,7 +5266,7 @@ default capabilities: metadata: labels: app: kubescape-scheduler - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubescape-scheduler namespace: kubescape @@ -5520,7 +5520,7 @@ default capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -5550,7 +5550,7 @@ default capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -5784,7 +5784,7 @@ default capabilities: metadata: labels: app: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubescape namespace: kubescape @@ -6009,7 +6009,7 @@ default capabilities: metadata: labels: app: kubevuln-scheduler - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubevuln-scheduler namespace: kubescape @@ -6117,7 +6117,7 @@ default capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6225,7 +6225,7 @@ default capabilities: metadata: labels: app: kubevuln - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: kubevuln namespace: kubescape @@ -6454,7 +6454,7 @@ default capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6676,7 +6676,7 @@ default capabilities: metadata: labels: app: node-agent - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: node-agent namespace: kubescape @@ -6879,7 +6879,7 @@ default capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6893,7 +6893,7 @@ default capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.20.4 + value: kubescape-operator-1.20.5 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -7037,7 +7037,7 @@ default capabilities: metadata: labels: app: operator - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: operator namespace: kubescape @@ -7226,7 +7226,7 @@ default capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -7321,7 +7321,7 @@ default capabilities: metadata: labels: app: otel-collector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: otel-collector namespace: kubescape @@ -7427,7 +7427,7 @@ default capabilities: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -7781,7 +7781,7 @@ default capabilities: metadata: labels: app: storage - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: storage namespace: kubescape @@ -8265,7 +8265,7 @@ default capabilities: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -8277,7 +8277,7 @@ default capabilities: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.20.4 + value: kubescape-operator-1.20.5 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -8364,7 +8364,7 @@ default capabilities: metadata: labels: app: synchronizer - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 tier: ks-control-plane name: synchronizer namespace: kubescape @@ -8437,7 +8437,7 @@ default capabilities: namespace: kubescape disable otel: 1: | - raw: "Thank you for installing kubescape-operator version 1.20.4.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.5.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -8547,7 +8547,7 @@ disable otel: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -8782,7 +8782,7 @@ disable otel: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9170,7 +9170,7 @@ disable otel: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -9199,7 +9199,7 @@ disable otel: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9640,7 +9640,7 @@ disable otel: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9920,7 +9920,7 @@ disable otel: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -10253,7 +10253,7 @@ disable otel: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -10267,7 +10267,7 @@ disable otel: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.20.4 + value: kubescape-operator-1.20.5 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -10569,7 +10569,7 @@ disable otel: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -10698,7 +10698,7 @@ disable otel: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -11487,7 +11487,7 @@ disable otel: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -11499,7 +11499,7 @@ disable otel: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.20.4 + value: kubescape-operator-1.20.5 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -11603,7 +11603,7 @@ disable otel: namespace: kubescape minimal capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.20.4.\n\n\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.5.\n\n\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -11921,7 +11921,7 @@ minimal capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -11950,7 +11950,7 @@ minimal capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12310,7 +12310,7 @@ minimal capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12587,7 +12587,7 @@ minimal capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12917,7 +12917,7 @@ minimal capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12931,7 +12931,7 @@ minimal capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.20.4 + value: kubescape-operator-1.20.5 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -13168,7 +13168,7 @@ minimal capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.20.4 + helm.sh/chart: kubescape-operator-1.20.5 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane