Skip to content

Commit

Permalink
feat(node-analyzer): enable DB V2 by default in Host and Runtime scan…
Browse files Browse the repository at this point in the history 
…ner (#1416)
  • Loading branch information
@guidobonomi
guidobonomi authored Oct 19, 2023
1 parent ab10379 commit 02c55d8
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 5 deletions.
2 changes: 1 addition & 1 deletion charts/node-analyzer/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: node-analyzer
description: Sysdig Node Analyzer

# currently matching Sysdig's appVersion 1.14.34
version: 1.17.9
version: 1.17.10
appVersion: 12.8.0
keywords:
- monitoring
Expand Down
4 changes: 2 additions & 2 deletions charts/node-analyzer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.hostScanner.additionalDirsToScan` | Sets the optional comma-separated list of directories in addition to the default ones. | ` ` |
| `nodeAnalyzer.hostScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
| `nodeAnalyzer.hostScanner.image.repository` | Specifies the image repository to pull the Host Scanner from. | `sysdig/vuln-host-scanner` |
| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.5.2` |
| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.6.3` |
| `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` |
| `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` |
Expand All @@ -196,7 +196,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.runtimeScanner.extraMounts` | Specifies a container engine custom socket path (docker, containerd, CRI-O). | |
| `nodeAnalyzer.runtimeScanner.storageClassName` | Specifies the Runtime Scanner storage class to use instead of emptyDir for ephemeral storage. | `` |
| `nodeAnalyzer.runtimeScanner.image.repository` | Specifies the image repository to pull the Runtime Scanner from. | `sysdig/vuln-runtime-scanner` |
| `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.5.7` |
| `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.6.2` |
| `nodeAnalyzer.runtimeScanner.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.runtimeScanner.image.pullPolicy` | Specifies the image pull policy for the Runtime Scanner. | `""` |
| `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Specifies the Runtime Scanner CPU requests per node. | `150m` |
Expand Down
3 changes: 3 additions & 0 deletions charts/node-analyzer/templates/configmap-host-scanner.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,7 @@ data:
{{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
{{- end -}}
{{- if .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion }}
vuln_db_version: {{ .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion | quote }}
{{- end }}
{{- end }}
12 changes: 12 additions & 0 deletions charts/node-analyzer/templates/daemonset-node-analyzer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -643,6 +643,12 @@ spec:
name: {{ .Release.Name }}-runtime-scanner
key: max_image_size_allowed
optional: true
- name: VULNERABILITY_DB_VERSION
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-runtime-scanner
key: vuln_db_version
optional: true
- name: SYSDIG_API_URL
valueFrom:
configMapKeyRef:
Expand Down Expand Up @@ -854,6 +860,12 @@ spec:
name: {{ .Release.Name }}-host-scanner
key: analyzer.maxFileSizeAllowed
optional: true
- name: VULNERABILITY_DB_VERSION
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-host-scanner
key: vuln_db_version
optional: true
- name: TMPDIR
value: "/tmp"
- name: PROBES_PORT
Expand Down
3 changes: 3 additions & 0 deletions charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,4 +37,7 @@ data:
{{- if .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed }}
analyzer.maxFileSizeAllowed: {{ .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed | int64 | quote }}
{{- end -}}
{{- if .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion }}
vuln_db_version: {{ .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion | quote }}
{{- end -}}
{{- end }}
4 changes: 2 additions & 2 deletions charts/node-analyzer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ nodeAnalyzer:
probesPort: 7002
image:
repository: sysdig/vuln-runtime-scanner
tag: "1.5.7"
tag: "1.6.2"
digest:
pullPolicy:
storageClassName:
Expand Down Expand Up @@ -364,7 +364,7 @@ nodeAnalyzer:

image:
repository: sysdig/vuln-host-scanner
tag: "0.5.2"
tag: "0.6.3"
digest:
pullPolicy:

Expand Down

0 comments on commit 02c55d8

Please sign in to comment.