Merge pull request #215 from kubescape/inspektor

use inspektor gadget
kubescape · Jul 12, 2023 · a0a7855 · a0a7855
2 parents fd4fd4b + 01300a5
commit a0a7855
Show file tree

Hide file tree

Showing 11 changed files with 126 additions and 274 deletions.
diff --git a/.github/workflows/02-e2e-test.yaml b/.github/workflows/02-e2e-test.yaml
@@ -1,19 +1,28 @@
 name: 02-E2E Test helm chart
 on:
- # workflow_dispatch:
- # inputs:
- # HELM_E2E_TEST:
- # required: true
- # default: true
- # type: boolean
+ workflow_dispatch:
+ inputs:
+ BRANCH:
+ description: 'helm chart branch name'
+ required: false
+ default: 'dev'
+ type: string
+ HELM_E2E_TEST:
+ required: false
+ default: true
+ type: boolean
 
  workflow_call:
  inputs:
  HELM_E2E_TEST:
  required: true
  default: true
  type: boolean
-
+ BRANCH:
+ required: false
+ default: 'dev'
+ type: string
+ description: 'helm chart branch name'
 
 jobs:
  e2e-test:
@@ -65,7 +74,6 @@ jobs:
  uses: actions/checkout@v3
  with:
  repository: armosec/system-tests
- ref: relevancy
  path: .
 
  - uses: actions/setup-python@v4
@@ -108,7 +116,7 @@ jobs:
  -b production \
  -c CyberArmorTests \
  --logger DEBUG \
- --kwargs helm_branch=dev 
+ --kwargs helm_branch=${{ inputs.BRANCH }} 
 
  deactivate
 

diff --git a/.github/workflows/inspektor-trigger-e2e-tests.yaml b/.github/workflows/inspektor-trigger-e2e-tests.yaml
@@ -0,0 +1,14 @@
+name: inspektor-e2e-tests
+
+on:
+ push:
+ branches:
+ - inspektor
+
+jobs:
+ call-e2e-tests:
+ uses: ./.github/workflows/relevancy-e2e-test.yaml
+ with:
+ BRANCH: "inspektor"
+ secrets: inherit
+
diff --git a/.github/workflows/relevancy-e2e-test.yaml b/.github/workflows/relevancy-e2e-test.yaml
@@ -1,47 +1,42 @@
-name: relevancy-tests branch E2E tests
-
+name: Relevancy E2E tests
 
 on:
+ workflow_dispatch:
+ inputs:
+ BRANCH:
+ description: 'helm chart branch name'
+ required: false
+ default: 'main'
+ type: string
+
  workflow_call:
  inputs:
  BRANCH:
- required: true
+ required: false
+ default: 'main'
  type: string
+ description: 'helm chart branch name'
 
 jobs:
  e2e-test:
  strategy:
  fail-fast: false 
  matrix:
  test: [ 
- vulnerability_scanning, 
- vulnerability_scanning_trigger_scan_on_new_image, 
- vulnerability_scanning_trigger_scan_public_registry, 
- vulnerability_scanning_trigger_scan_public_registry_excluded, 
- vulnerability_scanning_trigger_scan_private_quay_registry, 
- vulnerability_scanning_triggering_with_cron_job, 
- registry_scanning_triggering_with_cron_job, 
- ks_microservice_ns_creation,
- ks_microservice_on_demand, 
- ks_microservice_mitre_framework_on_demand, 
- ks_microservice_nsa_and_mitre_framework_demand, 
- ks_microservice_triggering_with_cron_job, 
- ks_microservice_update_cronjob_schedule, 
- ks_microservice_delete_cronjob, 
- ks_microservice_create_2_cronjob_mitre_and_nsa,
- scan_compliance_score,
- vulnerability_scanning_cve_exceptions,
- vulnerability_scanning_test_public_registry_connectivity_by_backend,
- vulnerability_scanning_test_public_registry_connectivity_excluded_by_backend,
- relevantCVEs,
- relevancy_disabled_installation,
- relevancy_enabled_stop_sniffing,
- relevant_data_is_appended,
- relevancy_large_image,
- relevancy_extra_large_image,
- relevancy_storage_disabled,
- relevancy_fix_vuln
- ]
+ relevantCVEs,
+ relevancy_disabled_installation,
+ relevancy_storage_disabled,
+ relevancy_enabled_stop_sniffing,
+ relevant_data_is_appended,
+ relevancy_large_image,
+ relevancy_extra_large_image,
+ relevancy_fix_vuln,
+ relevancy_python,
+ relevancy_golang,
+ relevancy_java,
+ relevancy_java_and_python,
+ relevancy_golang_dynamic
+ ]
 
  runs-on: ubuntu-latest
  steps:
@@ -54,7 +49,6 @@ jobs:
  uses: actions/checkout@v3
  with:
  repository: armosec/system-tests
- ref: relevancy
  path: .
 
  - uses: actions/setup-python@v4
@@ -66,7 +60,6 @@ jobs:
  - name: create env
  run: ./create_env.sh
 
-
  - name: Generate uuid
  id: uuid
  run: |

diff --git a/.github/workflows/relevancy-helm-release.yaml b/.github/workflows/relevancy-helm-release.yaml
diff --git a/.github/workflows/relevancy-push.yaml b/.github/workflows/relevancy-push.yaml
diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml
@@ -9,14 +9,14 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.13.7
+version: 1.14.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 
-appVersion: 1.13.7
+appVersion: 1.14.0
 
 maintainers:
 - name: Ben Hirschberg

diff --git a/charts/kubescape-cloud-operator/README.md b/charts/kubescape-cloud-operator/README.md
@@ -1,6 +1,6 @@
 # Kubescape Operator
 
-![Version: 1.11.0](https://img.shields.io/badge/Version-1.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.11.0](https://img.shields.io/badge/AppVersion-v1.11.0-informational?style=flat-square)
+![Version: 1.14.0](https://img.shields.io/badge/Version-1.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.14.0](https://img.shields.io/badge/AppVersion-v1.11.0-informational?style=flat-square)
 
 ## [Docs](https://hub.armosec.io/docs/installation-of-armo-in-cluster)
 

diff --git a/charts/kubescape-cloud-operator/templates/node-agent/clusterrole.yaml b/charts/kubescape-cloud-operator/templates/node-agent/clusterrole.yaml
@@ -7,6 +7,9 @@ rules:
 - apiGroups: [""]
  resources: ["pods", "nodes"]
  verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["list", "watch", "create"]
 - apiGroups: ["batch"]
  resources: ["jobs", "cronjobs"]
  verbs: ["get", "watch", "list"]

diff --git a/charts/kubescape-cloud-operator/templates/node-agent/configmap.yaml b/charts/kubescape-cloud-operator/templates/node-agent/configmap.yaml
@@ -2,30 +2,13 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: {{ .Values.nodeAgent.config.name }}
+ name: {{ .Values.nodeAgent.name }}
  namespace: {{ .Values.ksNamespace }}
 data:
- ConfigurationFile.json: |
+ config.json: |
  {
- "sniffer": {
- "services": [
- {
- "Name": "relevantCVEs"
- }
- ],
- "maxSniffingTimePerContainer": {{ .Values.nodeAgent.config.maxLearningPeriod }}
- },
- "falcoEbpfEngine": {
- "kernelObjPath": "/root/.falco/falco-bpf.o",
- "ebpfEngineLoaderPath": "/etc/node-agent/resources/ebpf/falco/userspace_app"
- },
- "node": {
- "name": ""
- },
- "db": {
- "updateDataPeriod": {{ .Values.nodeAgent.config.learningPeriod }}
- },
- "clusterName": "{{ regexReplaceAll "\\W+" .Values.clusterName "-" }}",
- "accountID": "{{ .Values.account }}"
+ "relevantCVEServiceEnabled": true,
+ "maxSniffingTimePerContainer": "{{ .Values.nodeAgent.config.maxLearningPeriod }}",
+ "updateDataPeriod": "{{ .Values.nodeAgent.config.learningPeriod }}"
  }
 {{- end }}