diff --git a/charts/kubescape-operator/README.md b/charts/kubescape-operator/README.md index 97c186fd..890118b8 100644 --- a/charts/kubescape-operator/README.md +++ b/charts/kubescape-operator/README.md @@ -13,7 +13,7 @@ We cannot guarantee compatibility or provide support for deployments that are in Run the install command: ``` -helm repo add kubescape https://kubescape.github.io/helm-charts/ ; helm repo update ; helm upgrade --install kubescape kubescape/kubescape-operator -n kubescape --create-namespace --set clusterName=`kubectl config current-context` --set capabilities.continuousScan=enable +helm repo add kubescape https://kubescape.github.io/helm-charts/ ; helm repo update ; helm upgrade --install kubescape kubescape/kubescape-operator -n kubescape --create-namespace --set clusterName=`kubectl config current-context` ``` Verify that the installation was successful: diff --git a/charts/kubescape-operator/templates/NOTES.txt b/charts/kubescape-operator/templates/NOTES.txt index 5148e050..1eaa473b 100644 --- a/charts/kubescape-operator/templates/NOTES.txt +++ b/charts/kubescape-operator/templates/NOTES.txt @@ -2,29 +2,21 @@ Thank you for installing {{ .Chart.Name }} version {{ .Chart.Version }}. {{ $components := fromYaml (include "components" .) -}} {{ if $components.kubescapeScheduler.enabled -}} -View your cluster's configuration scanning schedule: +View your cluster's configuration scanning schedule: > kubectl -n {{ .Values.ksNamespace }} get cj {{ .Values.kubescapeScheduler.name }} -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' -To change the schedule, set `.spec.schedule`: +To change the schedule, set `.spec.schedule`: > kubectl -n {{ .Values.ksNamespace }} edit cj {{ .Values.kubescapeScheduler.name }} {{- end }} {{ if $components.kubevulnScheduler.enabled -}} -View your cluster's image scanning schedule: -> kubectl -n {{ .Values.ksNamespace }} get cj {{ .Values.kubevulnScheduler.name }} -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' +View your cluster's image scanning schedule: +> kubectl -n {{ .Values.ksNamespace }} get cj {{ .Values.kubevulnScheduler.name }} -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' -To change the schedule, edit `.spec.schedule`: -> kubectl -n {{ .Values.ksNamespace }} edit cj {{ .Values.kubevulnScheduler.name }} +To change the schedule, edit `.spec.schedule`: +> kubectl -n {{ .Values.ksNamespace }} edit cj {{ .Values.kubevulnScheduler.name }} -{{- end }} -{{ if eq .Values.capabilities.continuousScan "enable" -}} - -View your configuration scan summaries: -> kubectl get workloadconfigurationscansummaries -A - -Detailed reports are also available: -> kubectl get workloadconfigurationscans -A {{- end }} {{ if eq .Values.capabilities.vulnerabilityScan "enable" -}} @@ -38,7 +30,6 @@ Detailed reports are also available: {{ if eq .Values.capabilities.networkPolicyService "enable" -}} -{{ .Chart.Name }} generates suggested network policies. To view them: -> kubectl get generatednetworkpolicies -n +{{ .Chart.Name }} generates suggested network policies. To view them: +> kubectl get generatednetworkpolicies -n {{- end }} - diff --git a/charts/kubescape-operator/templates/_common.tpl b/charts/kubescape-operator/templates/_common.tpl index 634c2fe7..113b4c0b 100644 --- a/charts/kubescape-operator/templates/_common.tpl +++ b/charts/kubescape-operator/templates/_common.tpl @@ -21,7 +21,6 @@ synchronizerConfig: {{ include (printf "%s/synchronizer/configmap.yaml" $.Templa {{- $ksOtel := empty .Values.otelCollector.disable -}} {{- $otel := not (empty .Values.configurations.otelUrl) -}} {{- $submit := not (empty .Values.server) -}} -continuousScan: {{ and (eq .Values.capabilities.continuousScan "enable") (not $submit) }} createCloudSecret: {{ $createCloudSecret }} ksOtel: {{ and $ksOtel $submit }} otel: {{ $otel }} @@ -50,7 +49,7 @@ hostScanner: kollector: enabled: {{ $configurations.submit }} kubescape: - enabled: {{ or (eq .Values.capabilities.configurationScan "enable") (eq .Values.capabilities.continuousScan "enable") }} + enabled: {{ eq .Values.capabilities.configurationScan "enable" }} kubescapeScheduler: enabled: {{ and $configurations.submit (eq .Values.capabilities.configurationScan "enable") }} kubevuln: diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index fcf67e75..87a178d3 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -1,6 +1,26 @@ all capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.21.1.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: | + Thank you for installing kubescape-operator version 1.21.1. + View your cluster's configuration scanning schedule: + > kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' + + To change the schedule, set `.spec.schedule`: + > kubectl -n kubescape edit cj kubescape-scheduler + View your cluster's image scanning schedule: + > kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' + + To change the schedule, edit `.spec.schedule`: + > kubectl -n kubescape edit cj kubevuln-scheduler + + View your image vulnerabilities scan summaries: + > kubectl get vulnerabilitymanifestsummaries -A + + Detailed reports are also available: + > kubectl get vulnerabilitymanifests -A + + kubescape-operator generates suggested network policies. To view them: + > kubectl get generatednetworkpolicies -n 2: | apiVersion: batch/v1 kind: CronJob @@ -5000,7 +5020,7 @@ all capabilities: name: cloud-secret - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 - image: quay.io/kubescape/storage:v0.0.109 + image: quay.io/kubescape/storage:v0.0.111 imagePullPolicy: IfNotPresent livenessProbe: tcpSocket: @@ -5878,7 +5898,27 @@ all capabilities: namespace: kubescape default capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.21.1.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: | + Thank you for installing kubescape-operator version 1.21.1. + View your cluster's configuration scanning schedule: + > kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' + + To change the schedule, set `.spec.schedule`: + > kubectl -n kubescape edit cj kubescape-scheduler + View your cluster's image scanning schedule: + > kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' + + To change the schedule, edit `.spec.schedule`: + > kubectl -n kubescape edit cj kubevuln-scheduler + + View your image vulnerabilities scan summaries: + > kubectl get vulnerabilitymanifestsummaries -A + + Detailed reports are also available: + > kubectl get vulnerabilitymanifests -A + + kubescape-operator generates suggested network policies. To view them: + > kubectl get generatednetworkpolicies -n 2: | apiVersion: v1 data: @@ -9945,7 +9985,7 @@ default capabilities: name: cloud-secret - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 - image: quay.io/kubescape/storage:v0.0.109 + image: quay.io/kubescape/storage:v0.0.111 imagePullPolicy: IfNotPresent livenessProbe: tcpSocket: @@ -10744,7 +10784,27 @@ default capabilities: namespace: kubescape disable otel: 1: | - raw: "Thank you for installing kubescape-operator version 1.21.1.\nView your cluster's configuration scanning schedule: \n> kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}'\n\nTo change the schedule, set `.spec.schedule`: \n> kubectl -n kubescape edit cj kubescape-scheduler\nView your cluster's image scanning schedule: \n> kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{\"\\t\"}{.spec.schedule}{\"\\n\"}' \n\nTo change the schedule, edit `.spec.schedule`: \n> kubectl -n kubescape edit cj kubevuln-scheduler\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: | + Thank you for installing kubescape-operator version 1.21.1. + View your cluster's configuration scanning schedule: + > kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' + + To change the schedule, set `.spec.schedule`: + > kubectl -n kubescape edit cj kubescape-scheduler + View your cluster's image scanning schedule: + > kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath='{.metadata.name}{"\t"}{.spec.schedule}{"\n"}' + + To change the schedule, edit `.spec.schedule`: + > kubectl -n kubescape edit cj kubevuln-scheduler + + View your image vulnerabilities scan summaries: + > kubectl get vulnerabilitymanifestsummaries -A + + Detailed reports are also available: + > kubectl get vulnerabilitymanifests -A + + kubescape-operator generates suggested network policies. To view them: + > kubectl get generatednetworkpolicies -n 2: | apiVersion: v1 data: @@ -14074,7 +14134,7 @@ disable otel: name: cloud-secret - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 - image: quay.io/kubescape/storage:v0.0.109 + image: quay.io/kubescape/storage:v0.0.111 imagePullPolicy: IfNotPresent livenessProbe: tcpSocket: @@ -14762,7 +14822,19 @@ disable otel: namespace: kubescape minimal capabilities: 1: | - raw: "Thank you for installing kubescape-operator version 1.21.1.\n\n\n\n\nView your image vulnerabilities scan summaries:\n> kubectl get vulnerabilitymanifestsummaries -A\n\nDetailed reports are also available:\n> kubectl get vulnerabilitymanifests -A\n\nkubescape-operator generates suggested network policies. To view them: \n> kubectl get generatednetworkpolicies -n \n\n" + raw: | + Thank you for installing kubescape-operator version 1.21.1. + + + + View your image vulnerabilities scan summaries: + > kubectl get vulnerabilitymanifestsummaries -A + + Detailed reports are also available: + > kubectl get vulnerabilitymanifests -A + + kubescape-operator generates suggested network policies. To view them: + > kubectl get generatednetworkpolicies -n 2: | apiVersion: v1 data: @@ -17247,7 +17319,7 @@ minimal capabilities: name: cloud-secret - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 - image: quay.io/kubescape/storage:v0.0.109 + image: quay.io/kubescape/storage:v0.0.111 imagePullPolicy: IfNotPresent livenessProbe: tcpSocket: diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml index 0354e592..35a51f19 100644 --- a/charts/kubescape-operator/values.yaml +++ b/charts/kubescape-operator/values.yaml @@ -479,7 +479,7 @@ storage: image: # -- source code: https://github.com/kubescape/storage repository: quay.io/kubescape/storage - tag: v0.0.109 + tag: v0.0.111 pullPolicy: IfNotPresent # cleanup interval is a duration string