Merge pull request #504 from kubescape/bump

Prepare new release
kubescape · Sep 16, 2024 · a00d434 · a00d434
2 parents 92f69ed + 244c902
commit a00d434
Show file tree

Hide file tree

Showing 9 changed files with 1,320 additions and 1,563 deletions.
diff --git a/charts/kubescape-operator/Chart.yaml b/charts/kubescape-operator/Chart.yaml
@@ -9,14 +9,14 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 1.21.2
+version: 1.22.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 
-appVersion: 1.21.2
+appVersion: 1.22.0
 
 maintainers:
 - name: Ben Hirschberg

diff --git a/charts/kubescape-operator/templates/_common.tpl b/charts/kubescape-operator/templates/_common.tpl
@@ -8,6 +8,7 @@ capabilitiesConfig: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.g
 cloudConfig: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.global.configMapsDirectory "cloudapi-configmap.yaml") . | sha256sum }}
 cloudSecret: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.global.configMapsDirectory "cloud-secret.yaml" ) . | sha256sum }}
 hostScannerConfig: {{ include (printf "%s/kubescape/host-scanner-definition-configmap.yaml" $.Template.BasePath ) . | sha256sum }}
+matchingRulesConfig: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.global.configMapsDirectory "matchingRules-configmap.yaml") . | sha256sum }}
 nodeAgentConfig: {{ include (printf "%s/node-agent/configmap.yaml" $.Template.BasePath) . | sha256sum }}
 operatorConfig: {{ include (printf "%s/operator/configmap.yaml" $.Template.BasePath) . | sha256sum }}
 otelConfig: {{ include (printf "%s/otel-collector/configmap.yaml" $.Template.BasePath) . | sha256sum }}
@@ -21,6 +22,7 @@ synchronizerConfig: {{ include (printf "%s/synchronizer/configmap.yaml" $.Templa
 {{- $ksOtel := empty .Values.otelCollector.disable -}}
 {{- $otel := not (empty .Values.configurations.otelUrl) -}}
 {{- $submit := not (empty .Values.server) -}}
+continuousScan: {{ and (eq .Values.capabilities.continuousScan "enable") (not $submit) }}
 createCloudSecret: {{ $createCloudSecret }}
 ksOtel: {{ and $ksOtel $submit }}
 otel: {{ $otel }}

diff --git a/charts/kubescape-operator/templates/configs/cloudapi-configmap.yaml b/charts/kubescape-operator/templates/configs/cloudapi-configmap.yaml
@@ -43,6 +43,7 @@ data:
  "keepLocal": {{ not $components.serviceDiscovery.enabled }},
  "scanTimeout": "{{ .Values.kubevuln.config.scanTimeout }}",
  "vexGeneration": {{ eq .Values.capabilities.vexGeneration "enable" }},
+ "continuousPostureScan": {{ $configurations.continuousScan }},
 {{- if not (empty .Values.kubevuln.config.grypeDbListingURL) }}
  "listingURL": "{{ .Values.kubevuln.config.grypeDbListingURL }}",
 {{- end }}

diff --git a/charts/kubescape-operator/templates/configs/matchingRules-configmap.yaml b/charts/kubescape-operator/templates/configs/matchingRules-configmap.yaml
@@ -0,0 +1,11 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: {{ .Values.continuousScanning.configMapName }}
+ namespace: {{ .Values.ksNamespace }}
+ labels:
+ {{- include "kubescape-operator.labels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.ksLabel "tier" .Values.global.namespaceTier) | nindent 4 }}
+ kubescape.io/tier: "core"
+data:
+ matchingRules.json: |
+ {{ mustToJson .Values.continuousScanning.matchingRules }}
diff --git a/charts/kubescape-operator/templates/hooks/hook-delete-before-upgrade.yaml b/charts/kubescape-operator/templates/hooks/hook-delete-before-upgrade.yaml
diff --git a/charts/kubescape-operator/templates/operator/deployment.yaml b/charts/kubescape-operator/templates/operator/deployment.yaml
@@ -29,6 +29,7 @@ spec:
  checksum/cloud-secret: {{ $checksums.cloudSecret }}
  checksum/cloud-config: {{ $checksums.cloudConfig }}
  checksum/capabilities-config: {{ $checksums.capabilitiesConfig }}
+ checksum/matching-rules-config: {{ $checksums.matchingRulesConfig }}
  {{- if ne .Values.global.proxySecretFile "" }}
  checksum/proxy-config: {{ $checksums.proxySecret }}
  {{- end }}
@@ -133,6 +134,10 @@ spec:
  mountPath: /etc/config/capabilities.json
  readOnly: true
  subPath: "capabilities.json"
+ - name: {{ .Values.continuousScanning.configMapName }}
+ mountPath: /etc/config/matchingRules.json
+ readOnly: true
+ subPath: "matchingRules.json"
  - name: config
  mountPath: /etc/config/config.json
  readOnly: true
@@ -201,6 +206,12 @@ spec:
  items:
  - key: "config.json"
  path: "config.json"
+ - name: {{ .Values.continuousScanning.configMapName }}
+ configMap:
+ name: {{ .Values.continuousScanning.configMapName }}
+ items:
+ - key: "matchingRules.json"
+ path: "matchingRules.json"
 {{- if .Values.volumes }}
 {{ toYaml .Values.volumes | indent 8 }}
 {{- end }}