From 7a973f176d5051666b6027a97fdfaba7a9e56e4c Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Wed, 24 Jul 2024 07:32:59 +0200 Subject: [PATCH 1/3] add skipKernelVersionCheck feature to node-agent Signed-off-by: Matthias Bertschy --- .../templates/node-agent/daemonset.yaml | 4 ++++ .../tests/__snapshot__/snapshot_test.yaml.snap | 10 ++++++---- charts/kubescape-operator/tests/snapshot_test.yaml | 1 + charts/kubescape-operator/values.yaml | 3 ++- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/charts/kubescape-operator/templates/node-agent/daemonset.yaml b/charts/kubescape-operator/templates/node-agent/daemonset.yaml index 25a59449..a77a804a 100644 --- a/charts/kubescape-operator/templates/node-agent/daemonset.yaml +++ b/charts/kubescape-operator/templates/node-agent/daemonset.yaml @@ -159,6 +159,10 @@ spec: - name : no_proxy value: "{{ $no_proxy_envar_list }}" {{- end }} + {{- if .Values.nodeAgent.skipKernelVersionCheck }} + - name: SKIP_KERNEL_VERSION_CHECK + value: "true" + {{- end }} - name: NODE_NAME valueFrom: fieldRef: diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index b99f7431..e0c47e48 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -2256,6 +2256,8 @@ all capabilities: value: https://foo:bar@baz:1234 - name: no_proxy value: gateway,kubescape,kubevuln,node-agent,operator,otel-collector,kubernetes.default.svc.*,127.0.0.1 + - name: SKIP_KERNEL_VERSION_CHECK + value: "true" - name: NODE_NAME valueFrom: fieldRef: @@ -2269,7 +2271,7 @@ all capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.103 + image: quay.io/kubescape/node-agent:v0.2.105 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6492,7 +6494,7 @@ default capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.103 + image: quay.io/kubescape/node-agent:v0.2.105 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -9958,7 +9960,7 @@ disable otel: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.103 + image: quay.io/kubescape/node-agent:v0.2.105 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -12624,7 +12626,7 @@ minimal capabilities: fieldRef: fieldPath: metadata.namespace - name: NodeName - image: quay.io/kubescape/node-agent:v0.2.103 + image: quay.io/kubescape/node-agent:v0.2.105 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/charts/kubescape-operator/tests/snapshot_test.yaml b/charts/kubescape-operator/tests/snapshot_test.yaml index e475d737..b1c1d725 100644 --- a/charts/kubescape-operator/tests/snapshot_test.yaml +++ b/charts/kubescape-operator/tests/snapshot_test.yaml @@ -49,6 +49,7 @@ tests: kubescape.serviceMonitor.enabled: true kubescapeScheduler.scanSchedule: "1 2 3 4 5" kubevulnScheduler.scanSchedule: "1 2 3 4 5" + nodeAgent.skipKernelVersionCheck: true - it: minimal capabilities asserts: - matchSnapshot: {} diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml index c4ce72e2..b3277faa 100644 --- a/charts/kubescape-operator/values.yaml +++ b/charts/kubescape-operator/values.yaml @@ -485,7 +485,7 @@ nodeAgent: image: # -- source code: https://github.com/kubescape/node-agent repository: quay.io/kubescape/node-agent - tag: v0.2.103 + tag: v0.2.105 pullPolicy: IfNotPresent config: @@ -501,6 +501,7 @@ nodeAgent: alertManagerExporterUrls: [] stdoutExporter: true syslogExporterURL: "" + skipKernelVersionCheck: false # prometheus (operator) service monitor serviceMonitor: From f1e536b158db1b67763577d769fab982191f5ba1 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Wed, 24 Jul 2024 07:34:33 +0200 Subject: [PATCH 2/3] fix include/exclude ns feature Signed-off-by: Matthias Bertschy --- .../templates/synchronizer/configmap.yaml | 5 +++ .../__snapshot__/snapshot_test.yaml.snap | 31 ++++++++++--------- charts/kubescape-operator/values.yaml | 6 ++-- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/charts/kubescape-operator/templates/synchronizer/configmap.yaml b/charts/kubescape-operator/templates/synchronizer/configmap.yaml index ceb784fd..55ede716 100644 --- a/charts/kubescape-operator/templates/synchronizer/configmap.yaml +++ b/charts/kubescape-operator/templates/synchronizer/configmap.yaml @@ -13,6 +13,11 @@ data: config.json: | { "inCluster": { + {{- if ne .Values.includeNamespaces "" }} + "includeNamespaces": "{{ .Values.includeNamespaces }}", + {{- else if ne .Values.excludeNamespaces "" }} + "excludeNamespaces": "{{ .Values.excludeNamespaces }}", + {{- end }} "resources": [ { "group": "", diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index e0c47e48..b9c9b5d3 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -1259,7 +1259,7 @@ all capabilities: value: gateway,kubescape,kubevuln,node-agent,operator,otel-collector,kubernetes.default.svc.*,127.0.0.1 - name: KS_INCLUDE_NAMESPACES value: my-namespace - image: quay.io/kubescape/kubescape:v3.0.14 + image: quay.io/kubescape/kubescape:v3.0.15 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -2754,7 +2754,7 @@ all capabilities: value: https://foo:bar@baz:1234 - name: no_proxy value: gateway,kubescape,kubevuln,node-agent,operator,otel-collector,kubernetes.default.svc.*,127.0.0.1 - image: quay.io/kubescape/operator:v0.2.18 + image: quay.io/kubescape/operator:v0.2.20 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4115,6 +4115,7 @@ all capabilities: config.json: | { "inCluster": { + "includeNamespaces": "my-namespace", "resources": [ { "group": "", @@ -4346,7 +4347,7 @@ all capabilities: checksum/cloud-config: c4dc912bbe62b0d5fd4734206c3cae52f56d766cbc20024182a2bcef09c0ae8e checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99 checksum/proxy-config: 30e81a4193016803b4b7985b92028c4797c1e84d317a4b6b3e3a5406139f8847 - checksum/synchronizer-configmap: 725f053a0de73319752a57b688b9c47c0064792ed51605ad44404d991b5a1768 + checksum/synchronizer-configmap: 082d6606e825d54674410738f2880587b17cf0ca22b724cac4c1d66b6482fdfc labels: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME @@ -4381,7 +4382,7 @@ all capabilities: value: https://foo:bar@baz:1234 - name: no_proxy value: gateway,kubescape,kubevuln,node-agent,operator,otel-collector,kubernetes.default.svc.*,127.0.0.1 - image: quay.io/kubescape/synchronizer:v0.0.74 + image: quay.io/kubescape/synchronizer:v0.0.75 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -5598,7 +5599,7 @@ default capabilities: value: otel-collector:4317 - name: KS_EXCLUDE_NAMESPACES value: kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public - image: quay.io/kubescape/kubescape:v3.0.14 + image: quay.io/kubescape/kubescape:v3.0.15 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -6903,7 +6904,7 @@ default capabilities: value: zap - name: OTEL_COLLECTOR_SVC value: otel-collector:4318 - image: quay.io/kubescape/operator:v0.2.18 + image: quay.io/kubescape/operator:v0.2.20 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -8029,6 +8030,7 @@ default capabilities: config.json: | { "inCluster": { + "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public", "resources": [ { "group": "", @@ -8260,7 +8262,7 @@ default capabilities: checksum/cloud-config: 98e72a3a1a24264d2cdebc86b61829ee5b941fb590d6ca717ebaa880922046c6 checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99 checksum/proxy-config: 30e81a4193016803b4b7985b92028c4797c1e84d317a4b6b3e3a5406139f8847 - checksum/synchronizer-configmap: 725f053a0de73319752a57b688b9c47c0064792ed51605ad44404d991b5a1768 + checksum/synchronizer-configmap: 8e2c7bae94eaf5a9bbb22e976ebe1441cef79f5613bc48a74acf93525ea27ba1 labels: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME @@ -8291,7 +8293,7 @@ default capabilities: name: cloud-secret - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 - image: quay.io/kubescape/synchronizer:v0.0.74 + image: quay.io/kubescape/synchronizer:v0.0.75 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -9247,7 +9249,7 @@ disable otel: value: otel-collector:4317 - name: KS_EXCLUDE_NAMESPACES value: kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public - image: quay.io/kubescape/kubescape:v3.0.14 + image: quay.io/kubescape/kubescape:v3.0.15 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -10276,7 +10278,7 @@ disable otel: value: zap - name: OTEL_COLLECTOR_SVC value: otel-collector:4318 - image: quay.io/kubescape/operator:v0.2.18 + image: quay.io/kubescape/operator:v0.2.20 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -11251,6 +11253,7 @@ disable otel: config.json: | { "inCluster": { + "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public", "resources": [ { "group": "", @@ -11481,7 +11484,7 @@ disable otel: annotations: checksum/cloud-config: d86e4cf3e23bd0c1f8294391eb1cf93ab4eb95040706cb65e18dd8e41570bfb6 checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99 - checksum/synchronizer-configmap: 725f053a0de73319752a57b688b9c47c0064792ed51605ad44404d991b5a1768 + checksum/synchronizer-configmap: 8e2c7bae94eaf5a9bbb22e976ebe1441cef79f5613bc48a74acf93525ea27ba1 labels: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME @@ -11512,7 +11515,7 @@ disable otel: name: cloud-secret - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 - image: quay.io/kubescape/synchronizer:v0.0.74 + image: quay.io/kubescape/synchronizer:v0.0.75 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -11995,7 +11998,7 @@ minimal capabilities: name: cloud-secret - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 - image: quay.io/kubescape/kubescape:v3.0.14 + image: quay.io/kubescape/kubescape:v3.0.15 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -12939,7 +12942,7 @@ minimal capabilities: value: zap - name: OTEL_COLLECTOR_SVC value: otel-collector:4318 - image: quay.io/kubescape/operator:v0.2.18 + image: quay.io/kubescape/operator:v0.2.20 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml index b3277faa..40bdbf0e 100644 --- a/charts/kubescape-operator/values.yaml +++ b/charts/kubescape-operator/values.yaml @@ -211,7 +211,7 @@ kubescape: image: # -- source code: https://github.com/kubescape/kubescape/tree/master/httphandler (public repo) repository: quay.io/kubescape/kubescape - tag: v3.0.14 + tag: v3.0.15 pullPolicy: IfNotPresent resources: @@ -261,7 +261,7 @@ operator: image: # -- source code: https://github.com/kubescape/operator repository: quay.io/kubescape/operator - tag: v0.2.18 + tag: v0.2.20 pullPolicy: IfNotPresent service: @@ -647,7 +647,7 @@ synchronizer: image: # -- source code: https://github.com/kubescape/synchronizer repository: quay.io/kubescape/synchronizer - tag: v0.0.74 + tag: v0.0.75 pullPolicy: IfNotPresent resources: requests: From b2cbb3b44ef4a589b8995706b7651c34fd6ca2be Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Wed, 24 Jul 2024 14:19:58 +0200 Subject: [PATCH 3/3] prepare for 1.20.1 release Signed-off-by: Matthias Bertschy --- charts/kubescape-operator/Chart.yaml | 4 +- .../__snapshot__/snapshot_test.yaml.snap | 146 +++++++++--------- 2 files changed, 75 insertions(+), 75 deletions(-) diff --git a/charts/kubescape-operator/Chart.yaml b/charts/kubescape-operator/Chart.yaml index d1269246..b3d75945 100644 --- a/charts/kubescape-operator/Chart.yaml +++ b/charts/kubescape-operator/Chart.yaml @@ -9,14 +9,14 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.19.5 +version: 1.20.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.19.5 +appVersion: 1.20.1 maintainers: - name: Ben Hirschberg diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index b9c9b5d3..b3b0d3f4 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -1,6 +1,6 @@ all capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.19.5.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries:\n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available:\n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.1.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\nView your configuration scan summaries:\n> kubectl get workloadconfigurationscansummaries -A\n\nDetailed reports are also available:\n> kubectl get workloadconfigurationscans -A\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: batch/v1 kind: CronJob @@ -60,7 +60,7 @@ all capabilities: metadata: labels: app: helm-release-upgrader - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: helm-release-upgrader namespace: kubescape @@ -263,7 +263,7 @@ all capabilities: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -404,7 +404,7 @@ all capabilities: metadata: labels: app: gateway - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: gateway namespace: kubescape @@ -508,7 +508,7 @@ all capabilities: app: grype-offline-db app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: grype-offline-db - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core tier: ks-control-plane spec: @@ -641,7 +641,7 @@ all capabilities: metadata: labels: app: kollector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kollector namespace: kubescape @@ -727,7 +727,7 @@ all capabilities: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -917,7 +917,7 @@ all capabilities: metadata: labels: app: kubescape-scheduler - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubescape-scheduler namespace: kubescape @@ -1177,7 +1177,7 @@ all capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -1207,7 +1207,7 @@ all capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -1455,7 +1455,7 @@ all capabilities: metadata: labels: app: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubescape namespace: kubescape @@ -1693,7 +1693,7 @@ all capabilities: metadata: labels: app: kubevuln-scheduler - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubevuln-scheduler namespace: kubescape @@ -1807,7 +1807,7 @@ all capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -1927,7 +1927,7 @@ all capabilities: metadata: labels: app: kubevuln - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubevuln namespace: kubescape @@ -2198,7 +2198,7 @@ all capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -2456,7 +2456,7 @@ all capabilities: metadata: labels: app: node-agent - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: node-agent namespace: kubescape @@ -2727,7 +2727,7 @@ all capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -2741,7 +2741,7 @@ all capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.19.5 + value: kubescape-operator-1.20.1 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -2906,7 +2906,7 @@ all capabilities: metadata: labels: app: operator - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: operator namespace: kubescape @@ -3101,7 +3101,7 @@ all capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -3202,7 +3202,7 @@ all capabilities: metadata: labels: app: otel-collector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: otel-collector namespace: kubescape @@ -3397,7 +3397,7 @@ all capabilities: metadata: labels: app: prometheus-exporter - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: prometheus-exporter namespace: kubescape @@ -3495,7 +3495,7 @@ all capabilities: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -3857,7 +3857,7 @@ all capabilities: metadata: labels: app: storage - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: storage namespace: kubescape @@ -4352,7 +4352,7 @@ all capabilities: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -4364,7 +4364,7 @@ all capabilities: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.19.5 + value: kubescape-operator-1.20.1 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -4463,7 +4463,7 @@ all capabilities: metadata: labels: app: synchronizer - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: synchronizer namespace: kubescape @@ -4542,7 +4542,7 @@ all capabilities: namespace: kubescape default capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.19.5.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.1.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -4653,7 +4653,7 @@ default capabilities: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -4782,7 +4782,7 @@ default capabilities: metadata: labels: app: gateway - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: gateway namespace: kubescape @@ -4880,7 +4880,7 @@ default capabilities: app: grype-offline-db app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: grype-offline-db - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core tier: ks-control-plane spec: @@ -5011,7 +5011,7 @@ default capabilities: metadata: labels: app: kollector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kollector namespace: kubescape @@ -5091,7 +5091,7 @@ default capabilities: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -5267,7 +5267,7 @@ default capabilities: metadata: labels: app: kubescape-scheduler - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubescape-scheduler namespace: kubescape @@ -5521,7 +5521,7 @@ default capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -5551,7 +5551,7 @@ default capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -5785,7 +5785,7 @@ default capabilities: metadata: labels: app: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubescape namespace: kubescape @@ -6010,7 +6010,7 @@ default capabilities: metadata: labels: app: kubevuln-scheduler - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubevuln-scheduler namespace: kubescape @@ -6118,7 +6118,7 @@ default capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6226,7 +6226,7 @@ default capabilities: metadata: labels: app: kubevuln - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: kubevuln namespace: kubescape @@ -6455,7 +6455,7 @@ default capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6678,7 +6678,7 @@ default capabilities: metadata: labels: app: node-agent - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: node-agent namespace: kubescape @@ -6881,7 +6881,7 @@ default capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -6895,7 +6895,7 @@ default capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.19.5 + value: kubescape-operator-1.20.1 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -7039,7 +7039,7 @@ default capabilities: metadata: labels: app: operator - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: operator namespace: kubescape @@ -7228,7 +7228,7 @@ default capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -7323,7 +7323,7 @@ default capabilities: metadata: labels: app: otel-collector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: otel-collector namespace: kubescape @@ -7429,7 +7429,7 @@ default capabilities: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -7783,7 +7783,7 @@ default capabilities: metadata: labels: app: storage - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: storage namespace: kubescape @@ -8267,7 +8267,7 @@ default capabilities: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -8279,7 +8279,7 @@ default capabilities: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.19.5 + value: kubescape-operator-1.20.1 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -8366,7 +8366,7 @@ default capabilities: metadata: labels: app: synchronizer - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 tier: ks-control-plane name: synchronizer namespace: kubescape @@ -8439,7 +8439,7 @@ default capabilities: namespace: kubescape disable otel: 1: | - raw: "Thank you for installing kubescape-operator version 1.19.5.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.1.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -8549,7 +8549,7 @@ disable otel: app: gateway app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: gateway - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -8784,7 +8784,7 @@ disable otel: app: kollector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kollector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9172,7 +9172,7 @@ disable otel: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -9201,7 +9201,7 @@ disable otel: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9642,7 +9642,7 @@ disable otel: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -9922,7 +9922,7 @@ disable otel: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -10255,7 +10255,7 @@ disable otel: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -10269,7 +10269,7 @@ disable otel: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.19.5 + value: kubescape-operator-1.20.1 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -10571,7 +10571,7 @@ disable otel: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -10700,7 +10700,7 @@ disable otel: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: service-discovery - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 otel: enabled tier: ks-control-plane name: RELEASE-NAME @@ -11489,7 +11489,7 @@ disable otel: app: synchronizer app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: synchronizer - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -11501,7 +11501,7 @@ disable otel: - /usr/bin/client env: - name: HELM_RELEASE - value: kubescape-operator-1.19.5 + value: kubescape-operator-1.20.1 - name: GOMEMLIMIT value: 250MiB - name: KS_LOGGER_LEVEL @@ -11605,7 +11605,7 @@ disable otel: namespace: kubescape minimal capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.19.5.\n\n\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: "Thank you for installing kubescape-operator version 1.20.1.\n\n\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" 2: | apiVersion: v1 data: @@ -11923,7 +11923,7 @@ minimal capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane @@ -11952,7 +11952,7 @@ minimal capabilities: app: kubescape app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubescape - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12312,7 +12312,7 @@ minimal capabilities: app: kubevuln app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: kubevuln - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12589,7 +12589,7 @@ minimal capabilities: app: node-agent app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: node-agent - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12919,7 +12919,7 @@ minimal capabilities: app: operator app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: operator - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/tier: core otel: enabled tier: ks-control-plane @@ -12933,7 +12933,7 @@ minimal capabilities: - 2>&1 env: - name: HELM_RELEASE - value: kubescape-operator-1.19.5 + value: kubescape-operator-1.20.1 - name: GOMEMLIMIT value: 100MiB - name: KS_LOGGER_LEVEL @@ -13170,7 +13170,7 @@ minimal capabilities: app: otel-collector app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/name: otel-collector - helm.sh/chart: kubescape-operator-1.19.5 + helm.sh/chart: kubescape-operator-1.20.1 kubescape.io/ignore: "true" kubescape.io/tier: core tier: ks-control-plane