Merge pull request #410 from kubescape/smart

prepare smart remediation GA

charts/kubescape-operator/Chart.yaml

@@ -9,14 +9,14 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.18.7
+version: 1.18.8
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 
-appVersion: 1.18.7
+appVersion: 1.18.8
 
 maintainers:
 - name: Ben Hirschberg

charts/kubescape-operator/README.md

@@ -1,6 +1,6 @@
 # Kubescape Operator
 
-![Version: 1.18.7](https://img.shields.io/badge/Version-1.18.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.18.7](https://img.shields.io/badge/AppVersion-v1.18.7-informational?style=flat-square)
+![Version: 1.18.8](https://img.shields.io/badge/Version-1.18.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.18.8](https://img.shields.io/badge/AppVersion-v1.18.8-informational?style=flat-square)
 
 [Kubescape operator documentation](https://kubescape.io/docs/install-operator/)
 [Troubleshooting guide](https://hub.armosec.io/docs/installation-troubleshooting#3-the-kubescape-pod-restarted)

charts/kubescape-operator/templates/NOTES.txt

@@ -20,19 +20,19 @@ To change the schedule, edit `.spec.schedule`:
 {{- end }}
 {{ if eq .Values.capabilities.continuousScan "enable" -}}
 
-View your configuration scan summaries:  
+View your configuration scan summaries:
 > kubectl get workloadconfigurationscansummaries -A
 
-Detailed reports are also available:  
+Detailed reports are also available:
 > kubectl get workloadconfigurationscans -A
 {{- end }}
 
 {{ if eq .Values.capabilities.vulnerabilityScan "enable" -}}
 
-View your image vulnerabilities scan summaries:  
+View your image vulnerabilities scan summaries:
 > kubectl get vulnerabilitymanifestsummaries -A
 
-Detailed reports are also available:  
+Detailed reports are also available:
 > kubectl get vulnerabilitymanifests -A
 {{- end }}
 

charts/kubescape-operator/templates/kubescape-scheduler/cronjob.yaml

@@ -50,7 +50,7 @@ spec:
               - -scheme=http
               - -host={{ .Values.operator.name }}:{{ .Values.operator.service.port }}
               - -path=v1/triggerAction
-              - -headers="Content-Type:application/json"
+              - -headers=Content-Type:application/json
               - -path-body=/home/ks/request-body.json
             volumeMounts:
               - name: {{ .Values.kubescapeScheduler.name }}

charts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yaml

@@ -50,7 +50,7 @@ spec:
               - -scheme=http
               - -host={{ .Values.operator.name }}:{{ .Values.operator.service.port }}
               - -path=v1/triggerAction
-              - -headers="Content-Type:application/json"
+              - -headers=Content-Type:application/json
               - -path-body=/home/ks/request-body.json
             volumeMounts:
               - name: {{ .Values.kubevulnScheduler.name }}

charts/kubescape-operator/templates/kubevuln/clusterrole.yaml

@@ -8,9 +8,9 @@ metadata:
     kubescape.io/ignore: "true"
 rules:
   - apiGroups: ["spdx.softwarecomposition.kubescape.io"]
-    resources: ["vulnerabilitymanifests", "vulnerabilitymanifestsummaries", "sbomsummaries", "sbomspdxv2p3s","openvulnerabilityexchangecontainers", "sbomsyftfiltereds", "sbomsyfts"]
+    resources: ["vulnerabilitymanifests", "vulnerabilitymanifestsummaries", "openvulnerabilityexchangecontainers", "sbomsyfts"]
     verbs: ["create", "get", "update", "watch", "list", "patch"]
   - apiGroups: ["spdx.softwarecomposition.kubescape.io"]
-    resources: ["sbomspdxv2p3filtereds"]
+    resources: ["sbomsyftfiltereds"]
     verbs: ["get", "watch", "list"]
 {{- end }}

charts/kubescape-operator/templates/node-agent/clusterrole.yaml

@@ -20,9 +20,9 @@ rules:
   resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
   verbs: ["get", "watch", "list"]
 - apiGroups: ["spdx.softwarecomposition.kubescape.io"]
-  resources: ["sbomspdxv2p3s", "sbomsummaries", "sbomsyfts"]  
+  resources: ["sbomsyfts"]
   verbs: ["get", "watch", "list"]
 - apiGroups: ["spdx.softwarecomposition.kubescape.io"]
-  resources: ["sbomspdxv2p3filtereds", "applicationactivities", "applicationprofiles", "applicationprofilesummaries", "networkneighborses", "sbomsyftfiltereds"]
+  resources: ["applicationactivities", "applicationprofiles", "networkneighborses", "sbomsyftfiltereds"]
   verbs: ["create", "get", "update", "watch", "list", "patch"]
 {{- end }}

charts/kubescape-operator/templates/operator/clusterrole.yaml

@@ -17,6 +17,6 @@ rules:
     resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
     verbs: ["get", "watch", "list"]
   - apiGroups: ["spdx.softwarecomposition.kubescape.io"]
-    resources: ["sbomspdxv2p3s", "sbomspdxv2p3filtereds", "vulnerabilitymanifests", "sbomsummaries", "vulnerabilitymanifestsummaries", "workloadconfigurationscans", "workloadconfigurationscansummaries","openvulnerabilityexchangecontainers", "sbomsyftfiltereds", "sbomsyfts"]
+    resources: ["vulnerabilitymanifests", "vulnerabilitymanifestsummaries", "workloadconfigurationscans", "workloadconfigurationscansummaries", "openvulnerabilityexchangecontainers", "sbomsyftfiltereds", "sbomsyfts"]
     verbs: ["get", "watch", "list", "delete"]
 {{- end }}