From 0eff2dfb68ce583186a449601b519d69ecf92c7c Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Mon, 2 Sep 2024 22:14:06 +0200 Subject: [PATCH] set podScanGuardTime from values.yaml Signed-off-by: Matthias Bertschy --- .../templates/operator/configmap.yaml | 11 ++--- .../__snapshot__/snapshot_test.yaml.snap | 42 ++++++++++--------- charts/kubescape-operator/values.yaml | 2 + 3 files changed, 31 insertions(+), 24 deletions(-) diff --git a/charts/kubescape-operator/templates/operator/configmap.yaml b/charts/kubescape-operator/templates/operator/configmap.yaml index c1eca9d3..9be238fa 100644 --- a/charts/kubescape-operator/templates/operator/configmap.yaml +++ b/charts/kubescape-operator/templates/operator/configmap.yaml @@ -12,12 +12,13 @@ data: config.json: | { {{- if ne .Values.includeNamespaces "" }} - "includeNamespaces": "{{ .Values.includeNamespaces }}", + "includeNamespaces": "{{ .Values.includeNamespaces }}", {{- else if ne .Values.excludeNamespaces "" }} - "excludeNamespaces": "{{ .Values.excludeNamespaces }}", + "excludeNamespaces": "{{ .Values.excludeNamespaces }}", {{- end }} - "namespace": "{{ .Values.ksNamespace }}", - "triggersecurityframework": {{ .Values.operator.triggerSecurityFramework }}, - "httpExporterConfig": {{- .Values.nodeAgent.config.httpExporterConfig | toJson }} + "namespace": "{{ .Values.ksNamespace }}", + "triggersecurityframework": {{ .Values.operator.triggerSecurityFramework }}, + "podScanGuardTime": {{ .Values.operator.podScanGuardTime }}, + "httpExporterConfig": {{- .Values.nodeAgent.config.httpExporterConfig | toJson }} } {{- end }} diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index d843a27c..46d0b1f6 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -3368,10 +3368,11 @@ all capabilities: data: config.json: | { - "includeNamespaces": "my-namespace", - "namespace": "kubescape", - "triggersecurityframework": true, - "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} + "includeNamespaces": "my-namespace", + "namespace": "kubescape", + "triggersecurityframework": true, + "podScanGuardTime": 1h, + "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} } kind: ConfigMap metadata: @@ -3424,7 +3425,7 @@ all capabilities: checksum/capabilities-config: fa7190c082c2d56351544e0f8c01b51a8986a9a93c341d92e5025a007e6a85f3 checksum/cloud-config: 79c8c87b639c9496583eb2c66b206d712653da0eaf776f7c8dc644174bf69dd2 checksum/cloud-secret: c39d26ecee499ee553fa0767c28f78da239d6a16470ba63e162a3b362fb1eded - checksum/operator-config: 5f9e6a07c4fa698bd5993a243fa1a4df2e8966d3c56aa54831d75fd74f15f738 + checksum/operator-config: 941a1c448721748a119b0575ffaeb437f28c2b3c52824401d10531802935ca08 checksum/proxy-config: c367ddb7695a9b6eb5e90566e3887b7420f49c4585a76d1fa698153f7d3f9922 labels: app: operator @@ -8653,10 +8654,11 @@ default capabilities: data: config.json: | { - "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public", - "namespace": "kubescape", - "triggersecurityframework": true, - "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} + "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public", + "namespace": "kubescape", + "triggersecurityframework": true, + "podScanGuardTime": 1h, + "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} } kind: ConfigMap metadata: @@ -8709,7 +8711,7 @@ default capabilities: checksum/capabilities-config: 49ca00a3af0f578270312ad273728cf954a4c7cc16ff73923502e90b06c07bb2 checksum/cloud-config: 3d7a9c54ae3d9944f5964ba5cc76956dd1f3c575dd012dea33197e1c29e2a8f0 checksum/cloud-secret: c39d26ecee499ee553fa0767c28f78da239d6a16470ba63e162a3b362fb1eded - checksum/operator-config: d497643db6024c0633ab4d46ae4593536c850cef0db6ae302f34e8e2eb8faf4f + checksum/operator-config: 91d7a3cf22c5a268133e48009ef1bd948f0ecc2cbb93cb34fe838999c26062ab checksum/proxy-config: c367ddb7695a9b6eb5e90566e3887b7420f49c4585a76d1fa698153f7d3f9922 labels: app: operator @@ -12911,10 +12913,11 @@ disable otel: data: config.json: | { - "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public", - "namespace": "kubescape", - "triggersecurityframework": true, - "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} + "excludeNamespaces": "kubescape,kube-system,kube-public,kube-node-lease,kubeconfig,gmp-system,gmp-public", + "namespace": "kubescape", + "triggersecurityframework": true, + "podScanGuardTime": 1h, + "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} } kind: ConfigMap metadata: @@ -12967,7 +12970,7 @@ disable otel: checksum/capabilities-config: 85ad1b1222650aa270e4da754e2bcc4e7fe10e09162d71767f750e80ec8e01d7 checksum/cloud-config: 08f3c6a31ec6c201d577ca1c199ffd49b36c830037185a053f4256df303c589b checksum/cloud-secret: c39d26ecee499ee553fa0767c28f78da239d6a16470ba63e162a3b362fb1eded - checksum/operator-config: d497643db6024c0633ab4d46ae4593536c850cef0db6ae302f34e8e2eb8faf4f + checksum/operator-config: 91d7a3cf22c5a268133e48009ef1bd948f0ecc2cbb93cb34fe838999c26062ab labels: app: operator app.kubernetes.io/component: operator @@ -16314,9 +16317,10 @@ minimal capabilities: data: config.json: | { - "namespace": "kubescape", - "triggersecurityframework": true, - "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} + "namespace": "kubescape", + "triggersecurityframework": true, + "podScanGuardTime": 1h, + "httpExporterConfig":{"maxAlertsPerMinute":1000,"method":"POST","url":"http://synchronizer:8089/apis/v1/kubescape.io"} } kind: ConfigMap metadata: @@ -16369,7 +16373,7 @@ minimal capabilities: checksum/capabilities-config: a54cb7cc8db539022f3d26eaa888dd7c3931400af821b7ac5eee74dd43b8dc7c checksum/cloud-config: 8fdd753c2f8400f44bca96445b3a414eef8ff68868c4b4ed9f95666adeb123a0 checksum/cloud-secret: 6c555ef5c4f236fb2752b49016bd78c9ea8c61d934271ae76e89759f7eb1a9dc - checksum/operator-config: f19a44b9483f5f021b0e9c94a3f00a5762357ee2f6d50b7c4e6499c74b9d35d6 + checksum/operator-config: 414000dffe29e37438248dcc8468f73c43647036018a9859dfd4600624bd39b4 labels: app: operator app.kubernetes.io/component: operator diff --git a/charts/kubescape-operator/values.yaml b/charts/kubescape-operator/values.yaml index 7083bebc..d7461d40 100644 --- a/charts/kubescape-operator/values.yaml +++ b/charts/kubescape-operator/values.yaml @@ -290,6 +290,8 @@ operator: env: { } labels: { } + podScanGuardTime: "1h" + # Additional volumes to be mounted on the websocket volumes: [ ]