Merge pull request #493 from kubescape/podScanGuardTime

set podScanGuardTime from values.yaml
kubescape · Sep 3, 2024 · d44d2cd · d44d2cd
2 parents bfaf3bb + 0eff2df
commit d44d2cd
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 24 deletions.
diff --git a/charts/kubescape-operator/templates/operator/configmap.yaml b/charts/kubescape-operator/templates/operator/configmap.yaml
@@ -12,12 +12,13 @@ data:
  config.json: |
  {
  {{- if ne .Values.includeNamespaces "" }}
-  "includeNamespaces": "{{ .Values.includeNamespaces }}",
+ "includeNamespaces": "{{ .Values.includeNamespaces }}",
  {{- else if ne .Values.excludeNamespaces "" }}
-  "excludeNamespaces": "{{ .Values.excludeNamespaces }}",
+ "excludeNamespaces": "{{ .Values.excludeNamespaces }}",
  {{- end }}
- "namespace": "{{ .Values.ksNamespace }}",
- "triggersecurityframework": {{ .Values.operator.triggerSecurityFramework }},
- "httpExporterConfig": {{- .Values.nodeAgent.config.httpExporterConfig | toJson }}
+ "namespace": "{{ .Values.ksNamespace }}",
+ "triggersecurityframework": {{ .Values.operator.triggerSecurityFramework }},
+ "podScanGuardTime": {{ .Values.operator.podScanGuardTime }},
+ "httpExporterConfig": {{- .Values.nodeAgent.config.httpExporterConfig | toJson }}
  }
 {{- end }}
diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
@@ -3368,10 +3368,11 @@ all capabilities:
  data:
  config.json: |
  {
- "includeNamespaces": "my-namespace",
- "namespace": "kubescape",
- "triggersecurityframework": true,
- "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
+ "includeNamespaces": "my-namespace",
+ "namespace": "kubescape",
+ "triggersecurityframework": true,
+ "podScanGuardTime": 1h,
+ "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
  }
  kind: ConfigMap
  metadata:
@@ -3424,7 +3425,7 @@ all capabilities:
  checksum/capabilities-config: fa7190c082c2d56351544e0f8c01b51a8986a9a93c341d92e5025a007e6a85f3
  checksum/cloud-config: 79c8c87b639c9496583eb2c66b206d712653da0eaf776f7c8dc644174bf69dd2
  checksum/cloud-secret: c39d26ecee499ee553fa0767c28f78da239d6a16470ba63e162a3b362fb1eded
- checksum/operator-config: 5f9e6a07c4fa698bd5993a243fa1a4df2e8966d3c56aa54831d75fd74f15f738
+ checksum/operator-config: 941a1c448721748a119b0575ffaeb437f28c2b3c52824401d10531802935ca08
  checksum/proxy-config: c367ddb7695a9b6eb5e90566e3887b7420f49c4585a76d1fa698153f7d3f9922
  labels:
  app: operator
@@ -8653,10 +8654,11 @@ default capabilities:
  data:
  config.json: |
  {
- "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public",
- "namespace": "kubescape",
- "triggersecurityframework": true,
- "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
+ "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public",
+ "namespace": "kubescape",
+ "triggersecurityframework": true,
+ "podScanGuardTime": 1h,
+ "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
  }
  kind: ConfigMap
  metadata:
@@ -8709,7 +8711,7 @@ default capabilities:
  checksum/capabilities-config: 49ca00a3af0f578270312ad273728cf954a4c7cc16ff73923502e90b06c07bb2
  checksum/cloud-config: 3d7a9c54ae3d9944f5964ba5cc76956dd1f3c575dd012dea33197e1c29e2a8f0
  checksum/cloud-secret: c39d26ecee499ee553fa0767c28f78da239d6a16470ba63e162a3b362fb1eded
- checksum/operator-config: d497643db6024c0633ab4d46ae4593536c850cef0db6ae302f34e8e2eb8faf4f
+ checksum/operator-config: 91d7a3cf22c5a268133e48009ef1bd948f0ecc2cbb93cb34fe838999c26062ab
  checksum/proxy-config: c367ddb7695a9b6eb5e90566e3887b7420f49c4585a76d1fa698153f7d3f9922
  labels:
  app: operator
@@ -12911,10 +12913,11 @@ disable otel:
  data:
  config.json: |
  {
- "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public",
- "namespace": "kubescape",
- "triggersecurityframework": true,
- "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
+ "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public",
+ "namespace": "kubescape",
+ "triggersecurityframework": true,
+ "podScanGuardTime": 1h,
+ "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
  }
  kind: ConfigMap
  metadata:
@@ -12967,7 +12970,7 @@ disable otel:
  checksum/capabilities-config: 85ad1b1222650aa270e4da754e2bcc4e7fe10e09162d71767f750e80ec8e01d7
  checksum/cloud-config: 08f3c6a31ec6c201d577ca1c199ffd49b36c830037185a053f4256df303c589b
  checksum/cloud-secret: c39d26ecee499ee553fa0767c28f78da239d6a16470ba63e162a3b362fb1eded
- checksum/operator-config: d497643db6024c0633ab4d46ae4593536c850cef0db6ae302f34e8e2eb8faf4f
+ checksum/operator-config: 91d7a3cf22c5a268133e48009ef1bd948f0ecc2cbb93cb34fe838999c26062ab
  labels:
  app: operator
  app.kubernetes.io/component: operator
@@ -16314,9 +16317,10 @@ minimal capabilities:
  data:
  config.json: |
  {
- "namespace": "kubescape",
- "triggersecurityframework": true,
- "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
+ "namespace": "kubescape",
+ "triggersecurityframework": true,
+ "podScanGuardTime": 1h,
+ "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"}
  }
  kind: ConfigMap
  metadata:
@@ -16369,7 +16373,7 @@ minimal capabilities:
  checksum/capabilities-config: a54cb7cc8db539022f3d26eaa888dd7c3931400af821b7ac5eee74dd43b8dc7c
  checksum/cloud-config: 8fdd753c2f8400f44bca96445b3a414eef8ff68868c4b4ed9f95666adeb123a0
  checksum/cloud-secret: 6c555ef5c4f236fb2752b49016bd78c9ea8c61d934271ae76e89759f7eb1a9dc
- checksum/operator-config: f19a44b9483f5f021b0e9c94a3f00a5762357ee2f6d50b7c4e6499c74b9d35d6
+ checksum/operator-config: 414000dffe29e37438248dcc8468f73c43647036018a9859dfd4600624bd39b4
  labels:
  app: operator
  app.kubernetes.io/component: operator

diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml
@@ -290,6 +290,8 @@ operator:
  env: { }
  labels: { }
 
+ podScanGuardTime: "1h"
+
  # Additional volumes to be mounted on the websocket
  volumes: [ ]