Date: Mon, 16 Oct 2023 07:26:09 +0000
Subject: [PATCH 22/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.24.3
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index c27af6d27..550973990 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.24.3
+### Bug Fixes
+* **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
# v1.24.2
### Chores
* **sysdig-deploy** [cec55804](https://github.com/sysdiglabs/charts/commit/cec55804dd45827f316d6f9e5c85fe9ff1eca11f): Automatic version bump due to updated dependencies ([#1397](https://github.com/sysdiglabs/charts/issues/1397))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 82b93dad0..95692f5b0 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Chores
-- **sysdig-deploy** [cec55804](https://github.com/sysdiglabs/charts/commit/cec55804dd45827f316d6f9e5c85fe9ff1eca11f): Automatic version bump due to updated dependencies ([#1397](https://github.com/sysdiglabs/charts/issues/1397))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.1...sysdig-deploy-1.24.2
+### Bug Fixes
+- **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.2...sysdig-deploy-1.24.3
From 660e610d475cdac3b9d2c51da4af0a01abce31f6 Mon Sep 17 00:00:00 2001
From: zohar-arad <135209599+zohar-arad@users.noreply.github.com>
Date: Mon, 16 Oct 2023 17:34:25 +0300
Subject: [PATCH 23/68] feat(kspm-collector,node-analyzer): add support for
NATS_MAX_RECONNECT variable (#1400)
---
charts/kspm-collector/CHANGELOG.md | 2 +-
charts/kspm-collector/Chart.yaml | 2 +-
charts/kspm-collector/README.md | 111 ++++----
.../kspm-collector/templates/configmap.yaml | 1 +
.../kspm-collector/templates/deployment.yaml | 6 +
charts/kspm-collector/values.yaml | 3 +-
charts/node-analyzer/Chart.yaml | 2 +-
charts/node-analyzer/README.md | 267 +++++++++---------
.../templates/configmap-kspm-analyzer.yaml | 1 +
.../templates/daemonset-node-analyzer.yaml | 6 +
charts/node-analyzer/values.yaml | 4 +-
charts/sysdig-deploy/Chart.yaml | 6 +-
12 files changed, 215 insertions(+), 196 deletions(-)
diff --git a/charts/kspm-collector/CHANGELOG.md b/charts/kspm-collector/CHANGELOG.md
index 00ce36b00..bbbd7aa25 100644
--- a/charts/kspm-collector/CHANGELOG.md
+++ b/charts/kspm-collector/CHANGELOG.md
@@ -105,7 +105,7 @@ exclusively to fix incorrect entries and not to add new ones.
# v0.1.35
### New Features
* **kspm-collector** [d1328c0](https://github.com/sysdiglabs/charts/commit/d1328c02976901a64d91f4e86a2a26035045496c): bumped KSPM Collector to latest version ([#921](https://github.com/sysdiglabs/charts/issues/921))
-# v0.1.34
+# v0.1.33
### Bug Fixes
* **node-analyzer,kspm-collector** [59543e8](https://github.com/sysdiglabs/charts/commit/59543e8da45e1e61f21b2489500fe5452906bca0): Fix security context permission for KSPM components ([#907](https://github.com/sysdiglabs/charts/issues/907))
# v0.1.33
diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml
index 387012cb2..a5ab95414 100644
--- a/charts/kspm-collector/Chart.yaml
+++ b/charts/kspm-collector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: kspm-collector
description: Sysdig KSPM collector
-version: 0.8.3
+version: 0.8.4
appVersion: 1.30.0
keywords:
diff --git a/charts/kspm-collector/README.md b/charts/kspm-collector/README.md
index 8f2b74cdb..408368a91 100644
--- a/charts/kspm-collector/README.md
+++ b/charts/kspm-collector/README.md
@@ -27,58 +27,59 @@ To check the integrity and the origin of the charts you can now append the `--ve
The following table lists the configurable parameters of the Sysdig KSPM Collector chart and their default values.
-| Parameter | Description | Default |
-| ------------------------------------------ | ------------------------------------------------------------ |-------------------------------------------------------------|
-| `global.proxy.httpProxy` | Sets `HTTP_PROXY` on the KSPM collector containers. | `""` |
-| `global.proxy.httpsProxy` | Sets `HTTPS_PROXY` on the KSPM collector containers. | `""` |
-| `global.proxy.noProxy` | Sets `NO_PROXY` on the KSPM collector containers. | `""` |
-| `global.sslVerifyCertificate` | Sets `NATS_INSECURE` environment variable on the KSPM collector containers. | |
-| `global.kspm.deploy` | Enables Sysdig KSPM node analyzer & KSPM collector. | `true` |
-| `global.image.pullSecrets` | Specifies the global pull secrets. | [] |
-| `global.image.pullPolicy` | Specifies the global pull policy. | `Always` |
-| `global.sysdig.tags` | The list of custom tags to be assigned to the components. | `{}` |
-| `sysdig.accessKey` | Specifies your Sysdig Access Key. | ` ` Either accessKey or existingAccessKeySecret is required |
-| `sysdig.existingAccessKeySecret` | Specifies the name of a Kubernetes secret containing an `access-key` entry. Alternative to using Sysdig Access Key. | ` ` Either accessKey or existingAccessKeySecret is required |
-| `rbac.create` | If sets to true, RBAC resources will be created and used. | `true` |
-| `serviceAccount.create` | Creates serviceAccount. | `true` |
-| `serviceAccount.name` | The value you specify will be used as `serviceAccountName`. | `kspm-collector` |
-| `clusterName` | Sets a unique cluster name. This name will be used to identify events using the `kubernetes.cluster.name` tag. | ` ` |
-| `image.registry` | Specifies the KSPM collector image registry. | `quay.io` |
-| `image.repository` | Specifies the image repository to pull from. | `sysdig/kspm-collector` |
-| `image.tag` | Specifies the image tag to pull from the image repository. | `1.32.0` |
-| `image.digest` | Specifies the image digest to pull from the image repository. | ` ` |
-| `image.pullPolicy` | Specifies theImage pull policy. | `""` |
-| `imagePullSecrets` | Specifies the Image pull secret. | `[]` |
-| `replicas` | Specifies the KSPM collector deployment replicas. | `1` |
-| `namespaces.included` | Specifies the namespaces to include in the KSPM collector scans. If left empty, all the namesapces will be scanned. | `` |
-| `namespaces.excluded` | Specifies the namespaces to exclude in the KSPM collector scans. | `` |
-| `nodeSelector` | Specifies the Node Selector. | `{}` |
-| `workloads.included` | Specifies the workloads to include in the KSPM collector scans. If left empty, all the workloads will be scanned. | `` |
-| `workloads.excluded` | Specifies the workloads to exclude in the KSPM collector scans. If left empty, all the workloads will be scanned. | `` |
-| `healthIntervalMin` | Specifies the minutes interval for KSPM collector health status messages. | `5` |
-| `resources.requests.cpu` | Specifies the KSPM collector CPU requests. | `150m` |
-| `resources.requests.memory` | Specifies the KSPM collector memory requests. | `256Mi` |
-| `resources.limits.cpu` | Specifies the KSPM collector CPU limits. | `500m` |
-| `resources.limits.memory` | Specifies the KSPM collector memory limits | `1536Mi` |
-| `priorityClassName` | Specifies the name of an existing PriorityClass for the KSPM collector to use. | `{}` |
-| `apiEndpoint` | Specifies the API end point of the KSPM collector. | `""` |
-| `httpProxy` | Specifies the proxy configuration variables. | |
-| `httpsProxy` | Specifies the proxy configuration variables. | |
-| `noProxy` | Specifies the proxy configuration variables. | |
-| `sslVerifyCertificate` | Sets `NATS_INSECURE` env variable on the KSPM collector containers. | |
-| `arch` | Specifies the allowed architectures for scheduling. | `[ amd64, arm64 ]` |
-| `os` | Specifies the allowed operating systems for scheduling. | `[ linux ]` |
-| `affinity` | Specifies the node affinities. Overrides `arch` and `os` values. | `{}` |
-| `labels` | Specifies the KSPM collector specific labels as a multi-line templated string map or as YAML. | `{}` |
-| `port` | Specifies the KSPM collector port for health checks. | `8080` |
-| `psp.create` | Creates Pod Security Policy to allow the KSPM collector running in PSP-enabled clusters. | `true` |
-| `readinessProbe.enabled` | Specifies whether KSPM collector readinessProbe is enabled or not. | `true` |
-| `livenessProbe.enabled` | Specifies whether KSPM collector livenessProbe is enabled or not. | `true` |
-| `scc.create` | Creates OpenShift's Security Context constraint. | `true` |
-| `securityContext.runAsNonRoot` | Makes KSPM collector run as a non-root container. | `true` |
-| `securityContext.runAsUser` | The user ID you specify will be used to run the KSPM collector. | `10001` |
-| `securityContext.runAsGroup` | The group ID you specify will be used to run the KSPM collector. | `10001` |
-| `securityContext.readOnlyRootFilesystem` | Changes the root file system of the KSPM collector to read only | `true` |
-| `securityContext.allowPrivilegeEscalation` | Allows KSPM collector apps to gain priviledges stronger than their parent process. | `false` |
-| `securityContext.capabilities.drop` | Specifies the Linux capabilities to be taken from KSPM collector. | `['all']` |
-| `tolerations` | Specifies the tolerations for scheduling. | `kubernetes.io/arch=arm64:NoSchedule` |
+| Parameter | Description | Default |
+| ------------------------------------------ |--------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------|
+| `global.proxy.httpProxy` | Sets `HTTP_PROXY` on the KSPM collector containers. | `""` |
+| `global.proxy.httpsProxy` | Sets `HTTPS_PROXY` on the KSPM collector containers. | `""` |
+| `global.proxy.noProxy` | Sets `NO_PROXY` on the KSPM collector containers. | `""` |
+| `global.sslVerifyCertificate` | Sets `NATS_INSECURE` environment variable on the KSPM collector containers. | |
+| `global.kspm.deploy` | Enables Sysdig KSPM node analyzer & KSPM collector. | `true` |
+| `global.image.pullSecrets` | Specifies the global pull secrets. | [] |
+| `global.image.pullPolicy` | Specifies the global pull policy. | `Always` |
+| `global.sysdig.tags` | The list of custom tags to be assigned to the components. | `{}` |
+| `sysdig.accessKey` | Specifies your Sysdig Access Key. | ` ` Either accessKey or existingAccessKeySecret is required |
+| `sysdig.existingAccessKeySecret` | Specifies the name of a Kubernetes secret containing an `access-key` entry. Alternative to using Sysdig Access Key. | ` ` Either accessKey or existingAccessKeySecret is required |
+| `rbac.create` | If sets to true, RBAC resources will be created and used. | `true` |
+| `serviceAccount.create` | Creates serviceAccount. | `true` |
+| `serviceAccount.name` | The value you specify will be used as `serviceAccountName`. | `kspm-collector` |
+| `clusterName` | Sets a unique cluster name. This name will be used to identify events using the `kubernetes.cluster.name` tag. | ` ` |
+| `image.registry` | Specifies the KSPM collector image registry. | `quay.io` |
+| `image.repository` | Specifies the image repository to pull from. | `sysdig/kspm-collector` |
+| `image.tag` | Specifies the image tag to pull from the image repository. | `1.33.0` |
+| `image.digest` | Specifies the image digest to pull from the image repository. | ` ` |
+| `image.pullPolicy` | Specifies theImage pull policy. | `""` |
+| `imagePullSecrets` | Specifies the Image pull secret. | `[]` |
+| `replicas` | Specifies the KSPM collector deployment replicas. | `1` |
+| `namespaces.included` | Specifies the namespaces to include in the KSPM collector scans. If left empty, all the namesapces will be scanned. | `` |
+| `namespaces.excluded` | Specifies the namespaces to exclude in the KSPM collector scans. | `` |
+| `nodeSelector` | Specifies the Node Selector. | `{}` |
+| `workloads.included` | Specifies the workloads to include in the KSPM collector scans. If left empty, all the workloads will be scanned. | `` |
+| `workloads.excluded` | Specifies the workloads to exclude in the KSPM collector scans. If left empty, all the workloads will be scanned. | `` |
+| `healthIntervalMin` | Specifies the minutes interval for KSPM collector health status messages. | `5` |
+| `resources.requests.cpu` | Specifies the KSPM collector CPU requests. | `150m` |
+| `resources.requests.memory` | Specifies the KSPM collector memory requests. | `256Mi` |
+| `resources.limits.cpu` | Specifies the KSPM collector CPU limits. | `500m` |
+| `resources.limits.memory` | Specifies the KSPM collector memory limits | `1536Mi` |
+| `priorityClassName` | Specifies the name of an existing PriorityClass for the KSPM collector to use. | `{}` |
+| `apiEndpoint` | Specifies the API end point of the KSPM collector. | `""` |
+| `httpProxy` | Specifies the proxy configuration variables. | |
+| `httpsProxy` | Specifies the proxy configuration variables. | |
+| `noProxy` | Specifies the proxy configuration variables. | |
+| `natsMaxReconnect` | Sets `natsMaxReconnect ` configuration variables. Set to '-1' for unlimited reconnect attempts to NATS, or leave empty for default (60 attempts).| `0` |
+| `sslVerifyCertificate` | Sets `NATS_INSECURE` env variable on the KSPM collector containers. | |
+| `arch` | Specifies the allowed architectures for scheduling. | `[ amd64, arm64 ]` |
+| `os` | Specifies the allowed operating systems for scheduling. | `[ linux ]` |
+| `affinity` | Specifies the node affinities. Overrides `arch` and `os` values. | `{}` |
+| `labels` | Specifies the KSPM collector specific labels as a multi-line templated string map or as YAML. | `{}` |
+| `port` | Specifies the KSPM collector port for health checks. | `8080` |
+| `psp.create` | Creates Pod Security Policy to allow the KSPM collector running in PSP-enabled clusters. | `true` |
+| `readinessProbe.enabled` | Specifies whether KSPM collector readinessProbe is enabled or not. | `true` |
+| `livenessProbe.enabled` | Specifies whether KSPM collector livenessProbe is enabled or not. | `true` |
+| `scc.create` | Creates OpenShift's Security Context constraint. | `true` |
+| `securityContext.runAsNonRoot` | Makes KSPM collector run as a non-root container. | `true` |
+| `securityContext.runAsUser` | The user ID you specify will be used to run the KSPM collector. | `10001` |
+| `securityContext.runAsGroup` | The group ID you specify will be used to run the KSPM collector. | `10001` |
+| `securityContext.readOnlyRootFilesystem` | Changes the root file system of the KSPM collector to read only | `true` |
+| `securityContext.allowPrivilegeEscalation` | Allows KSPM collector apps to gain priviledges stronger than their parent process. | `false` |
+| `securityContext.capabilities.drop` | Specifies the Linux capabilities to be taken from KSPM collector. | `['all']` |
+| `tolerations` | Specifies the tolerations for scheduling. | `kubernetes.io/arch=arm64:NoSchedule` |
diff --git a/charts/kspm-collector/templates/configmap.yaml b/charts/kspm-collector/templates/configmap.yaml
index f7fcfb99f..4f2b15034 100644
--- a/charts/kspm-collector/templates/configmap.yaml
+++ b/charts/kspm-collector/templates/configmap.yaml
@@ -17,6 +17,7 @@ data:
excluded_workloads: {{ .Values.workloads.excluded | quote }}
health_interval_minutes: {{ .Values.healthIntervalMin | default 5 | quote }}
external_nats_url: {{ include "kspmCollector.natsUrl" . }}
+ nats_max_reconnect: {{ .Values.natsMaxReconnect | default 0 | quote }}
cluster_name: {{ required "A valid clusterName is required" (include "kspmCollector.clusterName" .) }}
nats_insecure: {{ include "kspmCollector.natsInsecure" . }}
{{- if (.Values.httpProxy | default .Values.global.proxy.httpProxy) }}
diff --git a/charts/kspm-collector/templates/deployment.yaml b/charts/kspm-collector/templates/deployment.yaml
index 485bc9a48..979206e58 100644
--- a/charts/kspm-collector/templates/deployment.yaml
+++ b/charts/kspm-collector/templates/deployment.yaml
@@ -159,6 +159,12 @@ spec:
key: nats_insecure
name: {{ template "kspmCollector.fullname" . }}
optional: true
+ - name: NATS_MAX_RECONNECT
+ valueFrom:
+ configMapKeyRef:
+ key: nats_max_reconnect
+ name: {{ template "kspmCollector.fullname" . }}
+ optional: true
- name: AGENT_PORT
valueFrom:
configMapKeyRef:
diff --git a/charts/kspm-collector/values.yaml b/charts/kspm-collector/values.yaml
index 463433c46..2c1caacde 100644
--- a/charts/kspm-collector/values.yaml
+++ b/charts/kspm-collector/values.yaml
@@ -5,6 +5,7 @@ httpProxy:
httpsProxy:
noProxy:
sslVerifyCertificate:
+natsMaxReconnect: 0
# Namespace to deploy to (Optional: Will default to release namespace)
namespace:
@@ -76,7 +77,7 @@ clusterName: ""
image:
repository: sysdig/kspm-collector
- tag: 1.32.0
+ tag: 1.33.0
digest:
registry: quay.io
pullPolicy:
diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
index 7bb2242b2..df914531d 100644
--- a/charts/node-analyzer/Chart.yaml
+++ b/charts/node-analyzer/Chart.yaml
@@ -3,7 +3,7 @@ name: node-analyzer
description: Sysdig Node Analyzer
# currently matching Sysdig's appVersion 1.14.34
-version: 1.17.7
+version: 1.17.8
appVersion: 12.8.0
keywords:
- monitoring
diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
index 14d1dfadc..dbeaaee6f 100644
--- a/charts/node-analyzer/README.md
+++ b/charts/node-analyzer/README.md
@@ -98,136 +98,137 @@ To check the integrity and the origin of the charts, append the `--verify` flag
The following table lists the configurable parameters of the Sysdig Node Analyzer chart and their default values.
-| Parameter | Description | Default |
-|----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `global.sysdig.region` | The region where Sysdig Secure is deployed. Valid options are`us1`, `us2`, `us3`, `us4`, `eu1`, `au1`, `custom`. | `us1` |
-| `global.sysdig.tags` | The list of custom tags to be assigned to the components. | `{}` |
-| `global.proxy.httpProxy` | Sets `HTTP_PROXY` on the Node Analyzer containers. | `""` |
-| `global.proxy.httpsProxy` | Sets `HTTPS_PROXY` on the Node Analyzer containers. | `""` |
-| `global.proxy.noProxy` | Sets `NO_PROXY` on the Node Analyzer containers. | `""` |
-| `global.kspm.deploy` | Enables Sysdig KSPM node analyzer and KSPM collector. | `false` |
-| `global.gke.autopilot` | If true,the agent configuration will be overridden to run on GKE Autopilot clusters. | `false` |
-| `global.image.pullSecrets` | Sets the global pull secrets. | [] |
-| `global.image.pullPolicy` | Sets the global pull policy. | `IfNotPresent` |
-| `image.registry` | Sets the Sysdig Agent image registry. | `quay.io` |
-| `gke.autopilot` | If true, the agent configuration will be overridden to run on GKE Autopilot clusters. | `false` |
-| `rbac.create` | If true, RBAC resources will be created and used. | `true` |
-| `scc.create` | Creates OpenShift's Security Context constraint. | `true` |
-| `psp.create` | Creates Pod Security Policy to allow the agent running in clusters with PSP enabled. | `true` |
-| `clusterName` | Sets a unique cluster name which is used to identify events with the `kubernetes.cluster.name` tag. | ` ` |
-| `namespace` | Overrides the global namespace setting and release namespace for components. | ` ` |
-| `sysdig.accessKey` | Sets your Sysdig Agent Access Key. Either `accessKey` or `existingAccessKeySecret` is required. | |
-| `sysdig.existingAccessKeySecret` | An alternative to using the Sysdig Agent access key. Specify the name of a Kubernetes secret containing an `access-key` entry. Either `accessKey` or `existingAccessKeySecret` is required. | |
-| `secure.enabled` | Enables Sysdig Secure. | `true` |
-| `secure.vulnerabilityManagement.newEngineOnly` | Enables only the new vulnerability management engine. | `false` |
-| `daemonset.annotations` | Sets custom annotations for the DaemonSet. | `{}` |
-| `daemonset.labels` | Sets NodeAnalyzer-specific labels as a multi-line templated string map or as YAML. | `{}` |
-| `daemonset.updateStrategy.type` | Sets the updateStrategy for updating the DaemonSet. | RollingUpdate |
-| `daemonset.updateStrategy.rollingUpdate.maxUnavailable` | Sets the maximum number of pods that can be unavailable during the update process. | 1 |
-| `daemonset.updateStrategy.rollingUpdate.maxSurge` | Sets the maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during an update. | `` |
-| `nodeAnalyzer.deploy` | Deploys the Node Analyzer. | `true` |
-| `nodeAnalyzer.apiEndpoint` | Specifies the Sysdig secure API endpoint, without the protocol. `secure.sysdig.com` | ` ` |
-| `nodeAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | |
-| `nodeAnalyzer.debug` | Set to `true` to show debug logging, which is useful for troubleshooting. | |
-| `nodeAnalyzer.createPriorityClass` | Specify whether or not to create a priority class for the node analyzer components | `false` |
-| `nodeAnalyzer.priorityClassName` | Sets the priority class name variable. | `` |
-| `nodeAnalyzer.priorityClassValue` | Sets the priority class value for the node analyzer daemonset. | `` |
-| `nodeAnalyzer.httpProxy` | Sets the HTTP proxy configuration variables. | |
-| `nodeAnalyzer.httpsProxy` | Sets the HTTPS proxy configuration variables. | |
-| `nodeAnalyzer.noProxy` | Sets `noProxy ` configuration variables. | |
-| `nodeAnalyzer.pullSecrets` | Sets the image pull secrets for the Node Analyzer containers. | `nil` |
-| `nodeAnalyzer.extraVolumes.volumes` | Specifies additional volumes to mount in the Node Analyzer. For example, docker socket. | `[]` |
-| `nodeAnalyzer.imageAnalyzer.deploy` | Deploys the Image Analyzer. | `true` |
-| `nodeAnalyzer.imageAnalyzer.image.repository` | Sets the image repository to pull the Node Image Analyzer from. | `sysdig/node-image-analyzer` |
-| `nodeAnalyzer.imageAnalyzer.image.tag` | Sets the image tag for the Node Image Analyzer to be pulled. | `0.1.28` |
-| `nodeAnalyzer.imageAnalyzer.image.digest` | Sets the image digest to pull. | ` ` |
-| `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | Sets the Image pull policy for the Node Image Analyzer. | `""` |
-| `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | Specifies the Docker socket path. | |
-| `nodeAnalyzer.imageAnalyzer.criSocketPath` | Specifies the socket path to a CRI compatible runtime, such as CRI-O. | |
-| `nodeAnalyzer.imageAnalyzer.containerdSocketPath` | Specifies the socket path to a CRI-Containerd daemon. | |
-| `nodeAnalyzer.imageAnalyzer.extraVolumes.volumes` (Deprecated) | Specifies additional volumes to mount in the Node Image Analyzer. For example, docker socket. | `[]` |
-| `nodeAnalyzer.imageAnalyzer.extraVolumes.mounts` | Specifies the mount points for additional volumes. | `[]` |
-| `nodeAnalyzer.imageAnalyzer.resources.requests.cpu` | Specifies the Node Image Analyzer CPU requests per node. | `150m` |
-| `nodeAnalyzer.imageAnalyzer.resources.requests.memory` | Specifies the Node Image Analyzer Memory requests per node. | `512Mi` |
-| `nodeAnalyzer.imageAnalyzer.resources.limits.cpu` | Specifies the Node Image Analyzer CPU limit per node. | `500m` |
-| `nodeAnalyzer.imageAnalyzer.resources.limits.memory` | Specifies the Node Image Analyzer Memory limit per node. | `1536Mi` |
-| `nodeAnalyzer.imageAnalyzer.env` | Specifies the Extra environment variables that will be passed onto pods. | `{}` |
-| `nodeAnalyzer.hostAnalyzer.deploy` | Deploys the Host Analyzer. | `true` |
-| `nodeAnalyzer.hostAnalyzer.image.repository` | Specifies the image repository to pull the Host Analyzer from. | `sysdig/host-analyzer` |
-| `nodeAnalyzer.hostAnalyzer.image.tag` | Set the image tag to pull the Host Analyzer. | `0.1.16` |
-| `nodeAnalyzer.hostAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` |
-| `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | Specifies the Image pull policy for the Host Analyzer. | `""` |
-| `nodeAnalyzer.hostAnalyzer.schedule` | Specifies the scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault` |
-| `nodeAnalyzer.hostAnalyzer.dirsToScan` | Specifies the list of directories to inspect during the scan. | `/etc,/var/lib/dpkg,/usr/local,/usr/lib/sysimage/rpm,/var/lib/rpm,/lib/apk/db` |
-| `nodeAnalyzer.hostAnalyzer.maxSendAttempts` | Specifies the number of times the analysis collector is allowed to retry sending results. | `3` |
-| `nodeAnalyzer.hostAnalyzer.resources.requests.cpu` | Specifies the Host Analyzer CPU requests per node. | `150m` |
-| `nodeAnalyzer.hostAnalyzer.resources.requests.memory` | Specifies the Host Analyzer Memory requests per node. | `512Mi` |
-| `nodeAnalyzer.hostAnalyzer.resources.limits.cpu` | Specifies the Host Analyzer CPU limit per node. | `500m` |
-| `nodeAnalyzer.hostAnalyzer.resources.limits.memory` | Specifies the Host Analyzer memory limit per node. | `1536Mi` |
-| `nodeAnalyzer.hostAnalyzer.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
-| `nodeAnalyzer.benchmarkRunner.deploy` | Deploys the Benchmark Runner. | `true` |
-| `nodeAnalyzer.benchmarkRunner.image.repository` | Specifies the image repository to pull the Benchmark Runner from. | `sysdig/compliance-benchmark-runner` |
-| `nodeAnalyzer.benchmarkRunner.image.tag` | Specifies the image tag for the Benchmark Runner to be pulled. | `1.1.0.9` |
-| `nodeAnalyzer.benchmarkRunner.image.digest` | Specifies the image digest to pull. | ` ` |
-| `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | Specifies the image pull policy for the Benchmark Runner. | `""` |
-| `nodeAnalyzer.benchmarkRunner.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4. | `false` |
-| `nodeAnalyzer.benchmarkRunner.resources.requests.cpu` | Specifies the Benchmark Runner CPU requests per node. | `150m` |
-| `nodeAnalyzer.benchmarkRunner.resources.requests.memory` | Specifies the Benchmark Runner memory requests per node. | `128Mi` |
-| `nodeAnalyzer.benchmarkRunner.resources.limits.cpu` | Specifies the Benchmark Runner CPU limit per node. | `500m` |
-| `nodeAnalyzer.benchmarkRunner.resources.limits.memory` | Specifies the Benchmark Runner memory limit per node. | `256Mi` |
-| `nodeAnalyzer.benchmarkRunner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
-| `nodeAnalyzer.hostScanner.deploy` | Deploys the Host Scanner. | unset |
-| `nodeAnalyzer.hostScanner.dirsToScan` | Specifies the list of directories to inspect during the scan. | `/etc,/var/lib/dpkg,/var/lib/rpm,/lib/apk/db,/bin,/sbin,/usr/bin,/usr/sbin,/usr/share,/usr/local,/usr/lib,/usr/lib64,/var/lib/google,/var/lib/toolbox,/var/lib/cloud` |
-| `nodeAnalyzer.hostScanner.additionalDirsToScan` | Sets the optional comma-separated list of directories in addition to the default ones. | ` ` |
-| `nodeAnalyzer.hostScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
-| `nodeAnalyzer.hostScanner.image.repository` | Specifies the image repository to pull the Host Scanner from. | `sysdig/vuln-host-scanner` |
-| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.5.2` |
-| `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` |
-| `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` |
-| `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` |
-| `nodeAnalyzer.hostScanner.resources.requests.memory` | Specifies the Host Scanner memory requests per node. | `512Mi` |
-| `nodeAnalyzer.hostScanner.resources.requests.ephemeral-storage` | Specifies the Host Scanner Storage requests per node. | `512Mi` |
-| `nodeAnalyzer.hostScanner.resources.limits.cpu` | Specifies the Host Scanner CPU limit per node. | `500m` |
-| `nodeAnalyzer.hostScanner.resources.limits.memory` | Specifies the Host Scanner memory limit per node. | `1Gi` |
-| `nodeAnalyzer.hostScanner.resources.limits.ephemeral-storage` | Specifies the Host Scanner Storage limit per node. | `1Gi` |
-| `nodeAnalyzer.hostScanner.probesPort` | Specifies the port where readiness and liveness probes are exposed. | `7001` |
-| `nodeAnalyzer.runtimeScanner.deploy` | Deploys the Runtime Scanner. | `false` |
-| `nodeAnalyzer.runtimeScanner.extraMounts` | Specifies a container engine custom socket path (docker, containerd, CRI-O). | |
-| `nodeAnalyzer.runtimeScanner.storageClassName` | Specifies the Runtime Scanner storage class to use instead of emptyDir for ephemeral storage. | `` |
-| `nodeAnalyzer.runtimeScanner.image.repository` | Specifies the image repository to pull the Runtime Scanner from. | `sysdig/vuln-runtime-scanner` |
-| `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.5.7` |
-| `nodeAnalyzer.runtimeScanner.image.digest` | Specifies the image digest to pull. | ` ` |
-| `nodeAnalyzer.runtimeScanner.image.pullPolicy` | Specifies the image pull policy for the Runtime Scanner. | `""` |
-| `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Specifies the Runtime Scanner CPU requests per node. | `150m` |
-| `nodeAnalyzer.runtimeScanner.resources.requests.memory` | Specifies the Runtime Scanner Memory requests per node. | `512Mi` |
-| `nodeAnalyzer.runtimeScanner.resources.requests.ephemeral-storage` | Specifies the Runtime Scanner Storage requests per node. | `2Gi` |
-| `nodeAnalyzer.runtimeScanner.resources.limits.cpu` | Specifies the Runtime Scanner CPU limit per node. | `1000m` |
-| `nodeAnalyzer.runtimeScanner.resources.limits.memory` | Specifies the Runtime Scanner memory limit per node. | `2Gi` |
-| `nodeAnalyzer.runtimeScanner.resources.limits.ephemeral-storage` | Specifies the Runtime Scanner Storage limit per node. | `4Gi` |
-| `nodeAnalyzer.runtimeScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
-| `nodeAnalyzer.runtimeScanner.settings.eveEnabled` | Enables Sysdig Eve | `false` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.image.repository` | Specifies the image repository to pull the Eve Connector from. | `sysdig/eveclient-api` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.image.tag` | Specifies the image tag for the Eve Connector to be pulled. | `1.1.0` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.deploy` | Enables Sysdig Eve Connector for third-party integrations. | `false` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.resources.requests.cpu` | Specifies the Eve Connector CPU requests per node. | `100m` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.resources.requests.memory` | Specifies the Eve Connector memory requests per node. | `128Mi` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.resources.limits.cpu` | Specifies the Eve Connector CPU limits per node. | `1000m` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.resources.limits.memory` | Specifies the Eve Connector Memory limits per node. | `512Mi` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.settings.replicas` | Specifies the Eve Connector deployment replicas. | `1` |
-| `nodeAnalyzer.runtimeScanner.eveConnector.priorityClassName` | Specifies the name of an existing PriorityClass to use for the Eve Connector Deployment. | `{}` |
-| `nodeAnalyzer.tolerations` | Specifies the tolerations for scheduling. | node-role.kubernetes.io/master:NoSchedule,
node-role.kubernetes.io/control-plane:NoSchedule
|
-| `nodeAnalyzer.kspmAnalyzer.debug` | Set to true to show KSPM node analyzer debug logging, which is useful for troubleshooting. | `false` |
-| `nodeAnalyzer.kspmAnalyzer.image.repository` | Specifies the image repository to pull the KSPM node analyzer from. | `sysdig/kspm-analyzer` |
-| `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.33.0` |
-| `nodeAnalyzer.kspmAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` |
-| `nodeAnalyzer.kspmAnalyzer.image.pullPolicy` | Specifies the The image pull policy for the KSPM node analyzer. | `""` |
-| `nodeAnalyzer.kspmAnalyzer.resources.requests.cpu` | Specifies the KSPM node analyzer CPU requests per node. | `150m` |
-| `nodeAnalyzer.kspmAnalyzer.resources.requests.memory` | Specifies the KSPM node analyzer memory requests per node. | `256Mi` |
-| `nodeAnalyzer.kspmAnalyzer.resources.limits.cpu` | Specifies the KSPM node analyzer CPU limits per node. | `500m` |
-| `nodeAnalyzer.kspmAnalyzer.resources.limits.memory` | Specifies the KSPM node analyzer memory limits per node. | `1536Mi` |
-| `nodeAnalyzer.kspmAnalyzer.port` | Specifies the KSPM node analyzer port for health checks and results API. | `12000` |
-| `nodeAnalyzer.kspmAnalyzer.readinessProbe.enabled` | Specifies whether KSPM node analyzer readinessProbe is enabled or not. | `true` |
-| `nodeAnalyzer.kspmAnalyzer.livenessProbe.enabled` | Specifies whether the KSPM node analyzer livenessProbe is enabled or not. | `true` |
-| `nodeAnalyzer.kspmAnalyzer.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
-| `nodeAnalyzer.nodeSelector` | Specifies the Node Selector. | `{}` |
-| `nodeAnalyzer.affinity` | Specifies the Node affinities. | `schedule on amd64 and linux` |
+| Parameter | Description | Default |
+|----------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `global.sysdig.region` | The region where Sysdig Secure is deployed. Valid options are`us1`, `us2`, `us3`, `us4`, `eu1`, `au1`, `custom`. | `us1` |
+| `global.sysdig.tags` | The list of custom tags to be assigned to the components. | `{}` |
+| `global.proxy.httpProxy` | Sets `HTTP_PROXY` on the Node Analyzer containers. | `""` |
+| `global.proxy.httpsProxy` | Sets `HTTPS_PROXY` on the Node Analyzer containers. | `""` |
+| `global.proxy.noProxy` | Sets `NO_PROXY` on the Node Analyzer containers. | `""` |
+| `global.kspm.deploy` | Enables Sysdig KSPM node analyzer and KSPM collector. | `false` |
+| `global.gke.autopilot` | If true,the agent configuration will be overridden to run on GKE Autopilot clusters. | `false` |
+| `global.image.pullSecrets` | Sets the global pull secrets. | [] |
+| `global.image.pullPolicy` | Sets the global pull policy. | `IfNotPresent` |
+| `image.registry` | Sets the Sysdig Agent image registry. | `quay.io` |
+| `gke.autopilot` | If true, the agent configuration will be overridden to run on GKE Autopilot clusters. | `false` |
+| `rbac.create` | If true, RBAC resources will be created and used. | `true` |
+| `scc.create` | Creates OpenShift's Security Context constraint. | `true` |
+| `psp.create` | Creates Pod Security Policy to allow the agent running in clusters with PSP enabled. | `true` |
+| `clusterName` | Sets a unique cluster name which is used to identify events with the `kubernetes.cluster.name` tag. | ` ` |
+| `namespace` | Overrides the global namespace setting and release namespace for components. | ` ` |
+| `sysdig.accessKey` | Sets your Sysdig Agent Access Key. Either `accessKey` or `existingAccessKeySecret` is required. | |
+| `sysdig.existingAccessKeySecret` | An alternative to using the Sysdig Agent access key. Specify the name of a Kubernetes secret containing an `access-key` entry. Either `accessKey` or `existingAccessKeySecret` is required. | |
+| `secure.enabled` | Enables Sysdig Secure. | `true` |
+| `secure.vulnerabilityManagement.newEngineOnly` | Enables only the new vulnerability management engine. | `false` |
+| `daemonset.annotations` | Sets custom annotations for the DaemonSet. | `{}` |
+| `daemonset.labels` | Sets NodeAnalyzer-specific labels as a multi-line templated string map or as YAML. | `{}` |
+| `daemonset.updateStrategy.type` | Sets the updateStrategy for updating the DaemonSet. | RollingUpdate |
+| `daemonset.updateStrategy.rollingUpdate.maxUnavailable` | Sets the maximum number of pods that can be unavailable during the update process. | 1 |
+| `daemonset.updateStrategy.rollingUpdate.maxSurge` | Sets the maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during an update. | `` |
+| `nodeAnalyzer.deploy` | Deploys the Node Analyzer. | `true` |
+| `nodeAnalyzer.apiEndpoint` | Specifies the Sysdig secure API endpoint, without the protocol. `secure.sysdig.com` | ` ` |
+| `nodeAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | |
+| `nodeAnalyzer.debug` | Set to `true` to show debug logging, which is useful for troubleshooting. | |
+| `nodeAnalyzer.createPriorityClass` | Specify whether or not to create a priority class for the node analyzer components | `false` |
+| `nodeAnalyzer.priorityClassName` | Sets the priority class name variable. | `` |
+| `nodeAnalyzer.priorityClassValue` | Sets the priority class value for the node analyzer daemonset. | `` |
+| `nodeAnalyzer.httpProxy` | Sets the HTTP proxy configuration variables. | |
+| `nodeAnalyzer.httpsProxy` | Sets the HTTPS proxy configuration variables. | |
+| `nodeAnalyzer.noProxy` | Sets `noProxy ` configuration variables. | |
+| `nodeAnalyzer.natsMaxReconnect` | Sets `natsMaxReconnect ` configuration variables. Set to `-1` for unlimited reconnect attempts to NATS, or leave empty for default (60 attempts). | `0` |
+| `nodeAnalyzer.pullSecrets` | Sets the image pull secrets for the Node Analyzer containers. | `nil` |
+| `nodeAnalyzer.extraVolumes.volumes` | Specifies additional volumes to mount in the Node Analyzer. For example, docker socket. | `[]` |
+| `nodeAnalyzer.imageAnalyzer.deploy` | Deploys the Image Analyzer. | `true` |
+| `nodeAnalyzer.imageAnalyzer.image.repository` | Sets the image repository to pull the Node Image Analyzer from. | `sysdig/node-image-analyzer` |
+| `nodeAnalyzer.imageAnalyzer.image.tag` | Sets the image tag for the Node Image Analyzer to be pulled. | `0.1.28` |
+| `nodeAnalyzer.imageAnalyzer.image.digest` | Sets the image digest to pull. | ` ` |
+| `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | Sets the Image pull policy for the Node Image Analyzer. | `""` |
+| `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | Specifies the Docker socket path. | |
+| `nodeAnalyzer.imageAnalyzer.criSocketPath` | Specifies the socket path to a CRI compatible runtime, such as CRI-O. | |
+| `nodeAnalyzer.imageAnalyzer.containerdSocketPath` | Specifies the socket path to a CRI-Containerd daemon. | |
+| `nodeAnalyzer.imageAnalyzer.extraVolumes.volumes` (Deprecated) | Specifies additional volumes to mount in the Node Image Analyzer. For example, docker socket. | `[]` |
+| `nodeAnalyzer.imageAnalyzer.extraVolumes.mounts` | Specifies the mount points for additional volumes. | `[]` |
+| `nodeAnalyzer.imageAnalyzer.resources.requests.cpu` | Specifies the Node Image Analyzer CPU requests per node. | `150m` |
+| `nodeAnalyzer.imageAnalyzer.resources.requests.memory` | Specifies the Node Image Analyzer Memory requests per node. | `512Mi` |
+| `nodeAnalyzer.imageAnalyzer.resources.limits.cpu` | Specifies the Node Image Analyzer CPU limit per node. | `500m` |
+| `nodeAnalyzer.imageAnalyzer.resources.limits.memory` | Specifies the Node Image Analyzer Memory limit per node. | `1536Mi` |
+| `nodeAnalyzer.imageAnalyzer.env` | Specifies the Extra environment variables that will be passed onto pods. | `{}` |
+| `nodeAnalyzer.hostAnalyzer.deploy` | Deploys the Host Analyzer. | `true` |
+| `nodeAnalyzer.hostAnalyzer.image.repository` | Specifies the image repository to pull the Host Analyzer from. | `sysdig/host-analyzer` |
+| `nodeAnalyzer.hostAnalyzer.image.tag` | Set the image tag to pull the Host Analyzer. | `0.1.16` |
+| `nodeAnalyzer.hostAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` |
+| `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | Specifies the Image pull policy for the Host Analyzer. | `""` |
+| `nodeAnalyzer.hostAnalyzer.schedule` | Specifies the scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault` |
+| `nodeAnalyzer.hostAnalyzer.dirsToScan` | Specifies the list of directories to inspect during the scan. | `/etc,/var/lib/dpkg,/usr/local,/usr/lib/sysimage/rpm,/var/lib/rpm,/lib/apk/db` |
+| `nodeAnalyzer.hostAnalyzer.maxSendAttempts` | Specifies the number of times the analysis collector is allowed to retry sending results. | `3` |
+| `nodeAnalyzer.hostAnalyzer.resources.requests.cpu` | Specifies the Host Analyzer CPU requests per node. | `150m` |
+| `nodeAnalyzer.hostAnalyzer.resources.requests.memory` | Specifies the Host Analyzer Memory requests per node. | `512Mi` |
+| `nodeAnalyzer.hostAnalyzer.resources.limits.cpu` | Specifies the Host Analyzer CPU limit per node. | `500m` |
+| `nodeAnalyzer.hostAnalyzer.resources.limits.memory` | Specifies the Host Analyzer memory limit per node. | `1536Mi` |
+| `nodeAnalyzer.hostAnalyzer.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
+| `nodeAnalyzer.benchmarkRunner.deploy` | Deploys the Benchmark Runner. | `true` |
+| `nodeAnalyzer.benchmarkRunner.image.repository` | Specifies the image repository to pull the Benchmark Runner from. | `sysdig/compliance-benchmark-runner` |
+| `nodeAnalyzer.benchmarkRunner.image.tag` | Specifies the image tag for the Benchmark Runner to be pulled. | `1.1.0.9` |
+| `nodeAnalyzer.benchmarkRunner.image.digest` | Specifies the image digest to pull. | ` ` |
+| `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | Specifies the image pull policy for the Benchmark Runner. | `""` |
+| `nodeAnalyzer.benchmarkRunner.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4. | `false` |
+| `nodeAnalyzer.benchmarkRunner.resources.requests.cpu` | Specifies the Benchmark Runner CPU requests per node. | `150m` |
+| `nodeAnalyzer.benchmarkRunner.resources.requests.memory` | Specifies the Benchmark Runner memory requests per node. | `128Mi` |
+| `nodeAnalyzer.benchmarkRunner.resources.limits.cpu` | Specifies the Benchmark Runner CPU limit per node. | `500m` |
+| `nodeAnalyzer.benchmarkRunner.resources.limits.memory` | Specifies the Benchmark Runner memory limit per node. | `256Mi` |
+| `nodeAnalyzer.benchmarkRunner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
+| `nodeAnalyzer.hostScanner.deploy` | Deploys the Host Scanner. | unset |
+| `nodeAnalyzer.hostScanner.dirsToScan` | Specifies the list of directories to inspect during the scan. | `/etc,/var/lib/dpkg,/var/lib/rpm,/lib/apk/db,/bin,/sbin,/usr/bin,/usr/sbin,/usr/share,/usr/local,/usr/lib,/usr/lib64,/var/lib/google,/var/lib/toolbox,/var/lib/cloud` |
+| `nodeAnalyzer.hostScanner.additionalDirsToScan` | Sets the optional comma-separated list of directories in addition to the default ones. | ` ` |
+| `nodeAnalyzer.hostScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
+| `nodeAnalyzer.hostScanner.image.repository` | Specifies the image repository to pull the Host Scanner from. | `sysdig/vuln-host-scanner` |
+| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.5.2` |
+| `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` |
+| `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` |
+| `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` |
+| `nodeAnalyzer.hostScanner.resources.requests.memory` | Specifies the Host Scanner memory requests per node. | `512Mi` |
+| `nodeAnalyzer.hostScanner.resources.requests.ephemeral-storage` | Specifies the Host Scanner Storage requests per node. | `512Mi` |
+| `nodeAnalyzer.hostScanner.resources.limits.cpu` | Specifies the Host Scanner CPU limit per node. | `500m` |
+| `nodeAnalyzer.hostScanner.resources.limits.memory` | Specifies the Host Scanner memory limit per node. | `1Gi` |
+| `nodeAnalyzer.hostScanner.resources.limits.ephemeral-storage` | Specifies the Host Scanner Storage limit per node. | `1Gi` |
+| `nodeAnalyzer.hostScanner.probesPort` | Specifies the port where readiness and liveness probes are exposed. | `7001` |
+| `nodeAnalyzer.runtimeScanner.deploy` | Deploys the Runtime Scanner. | `false` |
+| `nodeAnalyzer.runtimeScanner.extraMounts` | Specifies a container engine custom socket path (docker, containerd, CRI-O). | |
+| `nodeAnalyzer.runtimeScanner.storageClassName` | Specifies the Runtime Scanner storage class to use instead of emptyDir for ephemeral storage. | `` |
+| `nodeAnalyzer.runtimeScanner.image.repository` | Specifies the image repository to pull the Runtime Scanner from. | `sysdig/vuln-runtime-scanner` |
+| `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.5.7` |
+| `nodeAnalyzer.runtimeScanner.image.digest` | Specifies the image digest to pull. | ` ` |
+| `nodeAnalyzer.runtimeScanner.image.pullPolicy` | Specifies the image pull policy for the Runtime Scanner. | `""` |
+| `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Specifies the Runtime Scanner CPU requests per node. | `150m` |
+| `nodeAnalyzer.runtimeScanner.resources.requests.memory` | Specifies the Runtime Scanner Memory requests per node. | `512Mi` |
+| `nodeAnalyzer.runtimeScanner.resources.requests.ephemeral-storage` | Specifies the Runtime Scanner Storage requests per node. | `2Gi` |
+| `nodeAnalyzer.runtimeScanner.resources.limits.cpu` | Specifies the Runtime Scanner CPU limit per node. | `1000m` |
+| `nodeAnalyzer.runtimeScanner.resources.limits.memory` | Specifies the Runtime Scanner memory limit per node. | `2Gi` |
+| `nodeAnalyzer.runtimeScanner.resources.limits.ephemeral-storage` | Specifies the Runtime Scanner Storage limit per node. | `4Gi` |
+| `nodeAnalyzer.runtimeScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
+| `nodeAnalyzer.runtimeScanner.settings.eveEnabled` | Enables Sysdig Eve | `false` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.image.repository` | Specifies the image repository to pull the Eve Connector from. | `sysdig/eveclient-api` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.image.tag` | Specifies the image tag for the Eve Connector to be pulled. | `1.1.0` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.deploy` | Enables Sysdig Eve Connector for third-party integrations. | `false` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.resources.requests.cpu` | Specifies the Eve Connector CPU requests per node. | `100m` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.resources.requests.memory` | Specifies the Eve Connector memory requests per node. | `128Mi` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.resources.limits.cpu` | Specifies the Eve Connector CPU limits per node. | `1000m` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.resources.limits.memory` | Specifies the Eve Connector Memory limits per node. | `512Mi` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.settings.replicas` | Specifies the Eve Connector deployment replicas. | `1` |
+| `nodeAnalyzer.runtimeScanner.eveConnector.priorityClassName` | Specifies the name of an existing PriorityClass to use for the Eve Connector Deployment. | `{}` |
+| `nodeAnalyzer.tolerations` | Specifies the tolerations for scheduling. | node-role.kubernetes.io/master:NoSchedule,
node-role.kubernetes.io/control-plane:NoSchedule
|
+| `nodeAnalyzer.kspmAnalyzer.debug` | Set to true to show KSPM node analyzer debug logging, which is useful for troubleshooting. | `false` |
+| `nodeAnalyzer.kspmAnalyzer.image.repository` | Specifies the image repository to pull the KSPM node analyzer from. | `sysdig/kspm-analyzer` |
+| `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.34.0` |
+| `nodeAnalyzer.kspmAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` |
+| `nodeAnalyzer.kspmAnalyzer.image.pullPolicy` | Specifies the The image pull policy for the KSPM node analyzer. | `""` |
+| `nodeAnalyzer.kspmAnalyzer.resources.requests.cpu` | Specifies the KSPM node analyzer CPU requests per node. | `150m` |
+| `nodeAnalyzer.kspmAnalyzer.resources.requests.memory` | Specifies the KSPM node analyzer memory requests per node. | `256Mi` |
+| `nodeAnalyzer.kspmAnalyzer.resources.limits.cpu` | Specifies the KSPM node analyzer CPU limits per node. | `500m` |
+| `nodeAnalyzer.kspmAnalyzer.resources.limits.memory` | Specifies the KSPM node analyzer memory limits per node. | `1536Mi` |
+| `nodeAnalyzer.kspmAnalyzer.port` | Specifies the KSPM node analyzer port for health checks and results API. | `12000` |
+| `nodeAnalyzer.kspmAnalyzer.readinessProbe.enabled` | Specifies whether KSPM node analyzer readinessProbe is enabled or not. | `true` |
+| `nodeAnalyzer.kspmAnalyzer.livenessProbe.enabled` | Specifies whether the KSPM node analyzer livenessProbe is enabled or not. | `true` |
+| `nodeAnalyzer.kspmAnalyzer.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
+| `nodeAnalyzer.nodeSelector` | Specifies the Node Selector. | `{}` |
+| `nodeAnalyzer.affinity` | Specifies the Node affinities. | `schedule on amd64 and linux` |
diff --git a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml
index b7c3c1779..e07d06b0d 100644
--- a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml
+++ b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml
@@ -14,6 +14,7 @@ data:
{{ end}}
environment: {{ $env }}
external_nats_url: {{ include "nodeAnalyzer.natsUrl" . }}
+ nats_max_reconnect: {{ .Values.nodeAnalyzer.natsMaxReconnect | default 0 | quote }}
cluster_name: {{ required "A valid clusterName is required" (include "nodeAnalyzer.clusterName" .) }}
agent_app_name: {{ include "nodeAnalyzer.name" . }}
{{- if hasKey .Values.nodeAnalyzer "sslVerifyCertificate" }}
diff --git a/charts/node-analyzer/templates/daemonset-node-analyzer.yaml b/charts/node-analyzer/templates/daemonset-node-analyzer.yaml
index b15944123..31028878e 100644
--- a/charts/node-analyzer/templates/daemonset-node-analyzer.yaml
+++ b/charts/node-analyzer/templates/daemonset-node-analyzer.yaml
@@ -237,6 +237,12 @@ spec:
name: {{ .Release.Name }}-kspm-analyzer
key: agent_port
optional: true
+ - name: NATS_MAX_RECONNECT
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-kspm-analyzer
+ key: nats_max_reconnect
+ optional: true
{{- if .Values.global.sysdig.tags }}
- name: TAGS
value: {{ include "agent.tags" . }}
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
index ea1c81ef4..99bf29639 100644
--- a/charts/node-analyzer/values.yaml
+++ b/charts/node-analyzer/values.yaml
@@ -137,6 +137,8 @@ nodeAnalyzer:
httpProxy:
httpsProxy:
noProxy:
+ # NATS max reconnect attempts
+ natsMaxReconnect: 0
# Allow sysdig Node Image Analyzer to run on Kubernetes 1.6 masters
tolerations:
@@ -385,7 +387,7 @@ nodeAnalyzer:
debug: false
image:
repository: sysdig/kspm-analyzer
- tag: 1.33.0
+ tag: 1.34.0
digest:
pullPolicy:
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index 099cc90ff..dade55447 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.24.3
+version: 1.24.4
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -36,7 +36,7 @@ dependencies:
- name: node-analyzer
# repository: https://charts.sysdig.com
repository: file://../node-analyzer
- version: ~1.17.7
+ version: ~1.17.8
alias: nodeAnalyzer
condition: nodeAnalyzer.enabled
- name: cluster-scanner
@@ -48,7 +48,7 @@ dependencies:
- name: kspm-collector
# repository: https://charts.sysdig.com
repository: file://../kspm-collector
- version: ~0.8.3
+ version: ~0.8.4
alias: kspmCollector
condition: global.kspm.deploy
- name: rapid-response
From 47f6d437469c9aa5b3caa1ed91197af8c2662328 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Mon, 16 Oct 2023 14:36:08 +0000
Subject: [PATCH 24/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for kspm-collector-0.8.4
---
charts/kspm-collector/CHANGELOG.md | 3 +++
charts/kspm-collector/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/kspm-collector/CHANGELOG.md b/charts/kspm-collector/CHANGELOG.md
index bbbd7aa25..146e8054b 100644
--- a/charts/kspm-collector/CHANGELOG.md
+++ b/charts/kspm-collector/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v0.8.4
+### New Features
+* **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
# v0.8.3
### Bug Fixes
* **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
diff --git a/charts/kspm-collector/RELEASE-NOTES.md b/charts/kspm-collector/RELEASE-NOTES.md
index 59bba0330..501f97b15 100644
--- a/charts/kspm-collector/RELEASE-NOTES.md
+++ b/charts/kspm-collector/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Bug Fixes
-- **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/kspm-collector-0.8.2...kspm-collector-0.8.3
+### New Features
+- **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/kspm-collector-0.8.3...kspm-collector-0.8.4
From 58a81117da091703b317f2170bf147328220f656 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Mon, 16 Oct 2023 14:36:08 +0000
Subject: [PATCH 25/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for node-analyzer-1.17.8
---
charts/node-analyzer/CHANGELOG.md | 3 +++
charts/node-analyzer/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
index 32cac5859..037adcc2a 100644
--- a/charts/node-analyzer/CHANGELOG.md
+++ b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.17.8
+### New Features
+* **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
# v1.17.7
### Bug Fixes
* **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
index 7129dbf2e..0d725d12c 100644
--- a/charts/node-analyzer/RELEASE-NOTES.md
+++ b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Bug Fixes
-- **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.6...node-analyzer-1.17.7
+### New Features
+- **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.7...node-analyzer-1.17.8
From f6cabe9c2e0401d643016e55f82ab5abe3481607 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Mon, 16 Oct 2023 14:36:08 +0000
Subject: [PATCH 26/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.24.4
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index 550973990..963c0281b 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.24.4
+### New Features
+* **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
# v1.24.3
### Bug Fixes
* **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 95692f5b0..efc950af0 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Bug Fixes
-- **kspm-collector,node-analyzer** [67f042fd](https://github.com/sysdiglabs/charts/commit/67f042fd9ebb72cd121751d46fb96f7c3ad539ba): add debug logs to cloud platform metadata loading ([#1398](https://github.com/sysdiglabs/charts/issues/1398))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.2...sysdig-deploy-1.24.3
+### New Features
+- **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.3...sysdig-deploy-1.24.4
From 9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7 Mon Sep 17 00:00:00 2001
From: Michele Mangili <83061719+michele-mangili@users.noreply.github.com>
Date: Tue, 17 Oct 2023 09:07:48 +0200
Subject: [PATCH 27/68] fix(cluster-scanner): removed unneeded version
compatibility checks (#1404)
---
charts/cluster-scanner/Chart.yaml | 2 +-
charts/cluster-scanner/README.md | 8 +-
charts/cluster-scanner/templates/_helpers.tpl | 27 ---
.../cluster-scanner/tests/configmap_test.yaml | 26 +++
.../tests/deployment_test.yaml | 212 ------------------
charts/sysdig-deploy/Chart.yaml | 4 +-
6 files changed, 33 insertions(+), 246 deletions(-)
diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml
index c0c77c697..5b6a0b43c 100644
--- a/charts/cluster-scanner/Chart.yaml
+++ b/charts/cluster-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner
type: application
-version: 0.7.1
+version: 0.7.2
appVersion: "0.1.0"
home: https://www.sysdig.com/
diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md
index 33b90961a..b4136848b 100644
--- a/charts/cluster-scanner/README.md
+++ b/charts/cluster-scanner/README.md
@@ -25,7 +25,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.1 \
+ --create-namespace -n sysdig --version=0.7.2 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.1 \
+ --create-namespace -n sysdig --version=0.7.2 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -161,7 +161,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.1 \
+ --create-namespace -n sysdig --version=0.7.2 \
--set global.sysdig.region="us1"
```
@@ -170,7 +170,7 @@ installing the chart. For example:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.1 \
+ --create-namespace -n sysdig --version=0.7.2 \
--values values.yaml
```
diff --git a/charts/cluster-scanner/templates/_helpers.tpl b/charts/cluster-scanner/templates/_helpers.tpl
index 661b9aaaa..a26d4e5da 100644
--- a/charts/cluster-scanner/templates/_helpers.tpl
+++ b/charts/cluster-scanner/templates/_helpers.tpl
@@ -205,31 +205,6 @@ Define the proper imageRegistry to use for imageSbomExtractor
{{- end -}}
{{- end -}}
-{{/*
-Cluster scanner version compatibility check.
-
-If .Values.onPremCompatibilityVersion is set to a version below 6.6.0, it checks whether
-the provided tag is < 0.5.0 .
-
-Otherwise, it checks if the provided tag is >= 0.5.0 .
-
-Version tags must be semver2-compatible otherwise no check will be performed.
-*/}}
-{{- define "cluster-scanner.checkVersionCompatibility" -}}
-{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+.*" .Tag -}}
- {{- $version := .Tag -}}
- {{- if ( semverCompare "< 6.6.0" ( .Values.onPremCompatibilityVersion | default "6.6.0" )) -}}
- {{- if not ( semverCompare "< 0.5.0" $version ) -}}
- {{- fail (printf "incompatible version for %s, set %s expected < 0.5.0" .Component .Tag) -}}
- {{- end -}}
- {{- else -}}
- {{- if not ( semverCompare ">= 0.5.0" $version ) -}}
- {{- fail (printf "incompatible version for %s, set %s expected >= 0.5.0" .Component .Tag) -}}
- {{- end -}}
- {{- end -}}
-{{- end -}}
-{{- end -}}
-
{{/*
Generates configmap data to enable platform services if onPremCompatibility version is not set, or it is greater than 6.6.0
*/}}
@@ -244,7 +219,6 @@ Return the proper image name for the Runtime Status Integrator
*/}}
{{- define "cluster-scanner.runtimeStatusIntegrator.image" -}}
{{- $data := dict "Values" .Values "Tag" .Values.runtimeStatusIntegrator.image.tag "Component" "runtimeStatusIntegrator.image.tag" -}}
- {{- include "cluster-scanner.checkVersionCompatibility" $data -}}
{{- include "cluster-scanner.runtimeStatusIntegrator.imageRegistry" . -}} / {{- .Values.runtimeStatusIntegrator.image.repository -}} : {{- .Values.runtimeStatusIntegrator.image.tag -}}
{{- end -}}
@@ -254,7 +228,6 @@ Return the proper image name for the Image Sbom Extractor
{{- define "cluster-scanner.imageSbomExtractor.image" -}}
{{- $data := dict "Values" .Values "Tag" .Values.imageSbomExtractor.image.tag -}}
{{- $data := dict "Values" .Values "Tag" .Values.imageSbomExtractor.image.tag "Component" "imageSbomExtractor.image.tag" -}}
- {{- include "cluster-scanner.checkVersionCompatibility" $data -}}
{{- include "cluster-scanner.imageSbomExtractor.imageRegistry" . -}} / {{- .Values.imageSbomExtractor.image.repository -}} : {{- .Values.imageSbomExtractor.image.tag -}}
{{- end -}}
diff --git a/charts/cluster-scanner/tests/configmap_test.yaml b/charts/cluster-scanner/tests/configmap_test.yaml
index 4f6a98f62..31ca041ad 100644
--- a/charts/cluster-scanner/tests/configmap_test.yaml
+++ b/charts/cluster-scanner/tests/configmap_test.yaml
@@ -358,6 +358,14 @@ tests:
- isNull:
path: data.enable_platform_services
+ - it: "has correct platform services value when onPremCompatibilityVersion is = 6.5"
+ set:
+ global.sysdig.apiHost: "http://test.com"
+ onPremCompatibilityVersion: "6.5"
+ asserts:
+ - isNull:
+ path: data.enable_platform_services
+
- it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0"
set:
global.sysdig.apiHost: "http://test.com"
@@ -367,6 +375,15 @@ tests:
path: data.enable_platform_services
value: "true"
+ - it: "has correct platform services value when onPremCompatibilityVersion is just a major.minor version"
+ set:
+ global.sysdig.apiHost: "http://test.com"
+ onPremCompatibilityVersion: "6.6"
+ asserts:
+ - equal:
+ path: data.enable_platform_services
+ value: "true"
+
- it: "has correct platform services value when onPremCompatibilityVersion is > 6.6.0"
set:
global.sysdig.apiHost: "http://test.com"
@@ -375,3 +392,12 @@ tests:
- equal:
path: data.enable_platform_services
value: "true"
+
+
+ - it: "fails if onPremCompatibilityVersion is not a valid semver"
+ set:
+ global.sysdig.apiHost: "http://test.com"
+ onPremCompatibilityVersion: "gigimarzullo"
+ asserts:
+ - failedTemplate:
+ errorMessage: "Invalid Semantic Version"
diff --git a/charts/cluster-scanner/tests/deployment_test.yaml b/charts/cluster-scanner/tests/deployment_test.yaml
index 2eab8b338..edb4179dc 100644
--- a/charts/cluster-scanner/tests/deployment_test.yaml
+++ b/charts/cluster-scanner/tests/deployment_test.yaml
@@ -181,218 +181,6 @@ tests:
name: test-release-cluster-scanner
optional: true
- - it: "fails if the onPremCompatibilityVersion is not set and the runtimeStatusIntegrator version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- runtimeStatusIntegrator.image.tag: "0.3.4"
- imageSbomExtractor.image.tag: "1.3.4"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for runtimeStatusIntegrator.image.tag, set 0.3.4 expected >= 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is not set and the imageSbomExtractor version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- runtimeStatusIntegrator.image.tag: "1.3.4"
- imageSbomExtractor.image.tag: "0.1.0"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for imageSbomExtractor.image.tag, set 0.1.0 expected >= 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.2 and the runtimeStatusIntegrator version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.2"
- runtimeStatusIntegrator.image.tag: "4.3.4"
- imageSbomExtractor.image.tag: "0.3.4"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for runtimeStatusIntegrator.image.tag, set 4.3.4 expected < 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.2 and the imageSbomExtractor version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.2"
- runtimeStatusIntegrator.image.tag: "0.0.1"
- imageSbomExtractor.image.tag: "6.1.0"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for imageSbomExtractor.image.tag, set 6.1.0 expected < 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.3 and the runtimeStatusIntegrator version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.3"
- runtimeStatusIntegrator.image.tag: "4.3.4"
- imageSbomExtractor.image.tag: "0.3.4"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for runtimeStatusIntegrator.image.tag, set 4.3.4 expected < 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.3 and the imageSbomExtractor version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.3"
- runtimeStatusIntegrator.image.tag: "0.0.1"
- imageSbomExtractor.image.tag: "6.1.0"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for imageSbomExtractor.image.tag, set 6.1.0 expected < 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.6 and the runtimeStatusIntegrator version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.6"
- runtimeStatusIntegrator.image.tag: "0.3.4"
- imageSbomExtractor.image.tag: "1.3.4"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for runtimeStatusIntegrator.image.tag, set 0.3.4 expected >= 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.6 and the imageSbomExtractor version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.6"
- runtimeStatusIntegrator.image.tag: "1.3.4"
- imageSbomExtractor.image.tag: "0.1.0"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for imageSbomExtractor.image.tag, set 0.1.0 expected >= 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.7 and the runtimeStatusIntegrator version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.7"
- runtimeStatusIntegrator.image.tag: "0.3.4"
- imageSbomExtractor.image.tag: "1.3.4"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for runtimeStatusIntegrator.image.tag, set 0.3.4 expected >= 0.5.0"
-
- - it: "fails if the onPremCompatibilityVersion is set to 6.7 and the imageSbomExtractor version is incorrect"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.7"
- runtimeStatusIntegrator.image.tag: "1.3.4"
- imageSbomExtractor.image.tag: "0.1.0"
- asserts:
- - failedTemplate:
- errorMessage: "incompatible version for imageSbomExtractor.image.tag, set 0.1.0 expected >= 0.5.0"
-
- - it: "succeeds if the onPremCompatibilityVersion is not set and the runtimeStatusIntegrator and imageSbomExtractor versions are correct"
- templates:
- - ../templates/deployment.yaml
- set:
- runtimeStatusIntegrator.image.tag: "2.3.4"
- imageSbomExtractor.image.tag: "0.5.0"
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: quay.io/sysdig/runtime-status-integrator:2.3.4
- - equal:
- path: spec.template.spec.containers[1].image
- value: quay.io/sysdig/image-sbom-extractor:0.5.0
-
- - it: "succeeds if the onPremCompatibilityVersion is set to 6.2 and the runtimeStatusIntegrator and imageSbomExtractor versions are correct"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.2"
- runtimeStatusIntegrator.image.tag: "0.3.4"
- imageSbomExtractor.image.tag: "0.4.10"
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: quay.io/sysdig/runtime-status-integrator:0.3.4
- - equal:
- path: spec.template.spec.containers[1].image
- value: quay.io/sysdig/image-sbom-extractor:0.4.10
-
- - it: "succeeds if the onPremCompatibilityVersion is set to 6.3 and the runtimeStatusIntegrator and imageSbomExtractor versions are correct"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.3"
- runtimeStatusIntegrator.image.tag: "0.3.4"
- imageSbomExtractor.image.tag: "0.4.10"
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: quay.io/sysdig/runtime-status-integrator:0.3.4
- - equal:
- path: spec.template.spec.containers[1].image
- value: quay.io/sysdig/image-sbom-extractor:0.4.10
-
- - it: "succeeds if the onPremCompatibilityVersion is set to 6.6 and the runtimeStatusIntegrator and imageSbomExtractor versions are correct"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.6"
- runtimeStatusIntegrator.image.tag: "2.3.4"
- imageSbomExtractor.image.tag: "0.5.0"
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: quay.io/sysdig/runtime-status-integrator:2.3.4
- - equal:
- path: spec.template.spec.containers[1].image
- value: quay.io/sysdig/image-sbom-extractor:0.5.0
-
- - it: "succeeds if the onPremCompatibilityVersion is set to 6.7 and the runtimeStatusIntegrator and imageSbomExtractor versions are correct"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.7"
- runtimeStatusIntegrator.image.tag: "2.3.4"
- imageSbomExtractor.image.tag: "0.5.0"
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: quay.io/sysdig/runtime-status-integrator:2.3.4
- - equal:
- path: spec.template.spec.containers[1].image
- value: quay.io/sysdig/image-sbom-extractor:0.5.0
-
- - it: "succeeds if the runtimeStatusIntegrator version is not a semver and the onPremCompatibilityVersion is 6.4"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.4"
- runtimeStatusIntegrator.image.tag: "unstable-rc"
- imageSbomExtractor.image.tag: "0.4.9"
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: quay.io/sysdig/runtime-status-integrator:unstable-rc
- - equal:
- path: spec.template.spec.containers[1].image
- value: quay.io/sysdig/image-sbom-extractor:0.4.9
-
- - it: "succeeds if the imageSbomExtractor version is not a semver and the onPremCompatibilityVersion is 6.6"
- templates:
- - ../templates/deployment.yaml
- set:
- onPremCompatibilityVersion: "6.6"
- runtimeStatusIntegrator.image.tag: "1.3.5"
- imageSbomExtractor.image.tag: "3bc59a4958d15dfa6afed20dfd2459e268b4cda8"
- asserts:
- - equal:
- path: spec.template.spec.containers[0].image
- value: quay.io/sysdig/runtime-status-integrator:1.3.5
- - equal:
- path: spec.template.spec.containers[1].image
- value: quay.io/sysdig/image-sbom-extractor:3bc59a4958d15dfa6afed20dfd2459e268b4cda8
-
- it: "correctly sets the CLUSTERSCANNER_PLATFORM_ENABLED env var"
templates:
- ../templates/deployment.yaml
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index dade55447..8e772bfeb 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.24.4
+version: 1.24.5
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -42,7 +42,7 @@ dependencies:
- name: cluster-scanner
# repository: https://charts.sysdig.com
repository: file://../cluster-scanner
- version: ~0.7.1
+ version: ~0.7.2
alias: clusterScanner
condition: clusterScanner.enabled
- name: kspm-collector
From 5e2df4e9f6a5a117eab7d86d0886f7f9e2ef9721 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 07:09:24 +0000
Subject: [PATCH 28/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for cluster-scanner-0.7.2
---
charts/cluster-scanner/CHANGELOG.md | 3 +++
charts/cluster-scanner/RELEASE-NOTES.md | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/charts/cluster-scanner/CHANGELOG.md b/charts/cluster-scanner/CHANGELOG.md
index 202e970f5..3caf8c713 100644
--- a/charts/cluster-scanner/CHANGELOG.md
+++ b/charts/cluster-scanner/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v0.7.2
+### Bug Fixes
+* **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
# v0.7.1
### Bug Fixes
* **common,agent,admission-controller,cluster-scanner,kspm-collector,node-analyzer,rapid-response** [e76f1c17](https://github.com/sysdiglabs/charts/commit/e76f1c17e48491dd8ea21293ec1fed2619eed204): Update Sysdig CA ([#1393](https://github.com/sysdiglabs/charts/issues/1393))
diff --git a/charts/cluster-scanner/RELEASE-NOTES.md b/charts/cluster-scanner/RELEASE-NOTES.md
index d0080a1dd..d4c815304 100644
--- a/charts/cluster-scanner/RELEASE-NOTES.md
+++ b/charts/cluster-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
### Bug Fixes
-- **common,agent,admission-controller,cluster-scanner,kspm-collector,node-analyzer,rapid-response** [e76f1c17](https://github.com/sysdiglabs/charts/commit/e76f1c17e48491dd8ea21293ec1fed2619eed204): Update Sysdig CA ([#1393](https://github.com/sysdiglabs/charts/issues/1393))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.7.0...cluster-scanner-0.7.1
+- **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.7.1...cluster-scanner-0.7.2
From 7e4ab663c625aec3f425510a3617d881e024cf87 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 07:09:24 +0000
Subject: [PATCH 29/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.24.5
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index 963c0281b..2a9622270 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.24.5
+### Bug Fixes
+* **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
# v1.24.4
### New Features
* **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index efc950af0..d8e630928 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### New Features
-- **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.3...sysdig-deploy-1.24.4
+### Bug Fixes
+- **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.4...sysdig-deploy-1.24.5
From 84cfe9a5e6f989a9a42b14b3d16597436f23b4b1 Mon Sep 17 00:00:00 2001
From: Matteo Avellina <7295856+mech-pig@users.noreply.github.com>
Date: Tue, 17 Oct 2023 12:50:06 +0000
Subject: [PATCH 30/68] chore(sysdig, node-analyzer): update legacy
nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) (#1407)
---
charts/node-analyzer/Chart.yaml | 2 +-
charts/node-analyzer/README.md | 4 ++--
charts/node-analyzer/values.yaml | 4 ++--
charts/sysdig/Chart.yaml | 2 +-
charts/sysdig/README.md | 6 +++---
charts/sysdig/values.yaml | 6 +++---
6 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
index df914531d..a1823dc22 100644
--- a/charts/node-analyzer/Chart.yaml
+++ b/charts/node-analyzer/Chart.yaml
@@ -3,7 +3,7 @@ name: node-analyzer
description: Sysdig Node Analyzer
# currently matching Sysdig's appVersion 1.14.34
-version: 1.17.8
+version: 1.17.9
appVersion: 12.8.0
keywords:
- monitoring
diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
index dbeaaee6f..f95298d6e 100644
--- a/charts/node-analyzer/README.md
+++ b/charts/node-analyzer/README.md
@@ -140,7 +140,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.extraVolumes.volumes` | Specifies additional volumes to mount in the Node Analyzer. For example, docker socket. | `[]` |
| `nodeAnalyzer.imageAnalyzer.deploy` | Deploys the Image Analyzer. | `true` |
| `nodeAnalyzer.imageAnalyzer.image.repository` | Sets the image repository to pull the Node Image Analyzer from. | `sysdig/node-image-analyzer` |
-| `nodeAnalyzer.imageAnalyzer.image.tag` | Sets the image tag for the Node Image Analyzer to be pulled. | `0.1.28` |
+| `nodeAnalyzer.imageAnalyzer.image.tag` | Sets the image tag for the Node Image Analyzer to be pulled. | `0.1.29` |
| `nodeAnalyzer.imageAnalyzer.image.digest` | Sets the image digest to pull. | ` ` |
| `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | Sets the Image pull policy for the Node Image Analyzer. | `""` |
| `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | Specifies the Docker socket path. | |
@@ -155,7 +155,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.imageAnalyzer.env` | Specifies the Extra environment variables that will be passed onto pods. | `{}` |
| `nodeAnalyzer.hostAnalyzer.deploy` | Deploys the Host Analyzer. | `true` |
| `nodeAnalyzer.hostAnalyzer.image.repository` | Specifies the image repository to pull the Host Analyzer from. | `sysdig/host-analyzer` |
-| `nodeAnalyzer.hostAnalyzer.image.tag` | Set the image tag to pull the Host Analyzer. | `0.1.16` |
+| `nodeAnalyzer.hostAnalyzer.image.tag` | Set the image tag to pull the Host Analyzer. | `0.1.17` |
| `nodeAnalyzer.hostAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | Specifies the Image pull policy for the Host Analyzer. | `""` |
| `nodeAnalyzer.hostAnalyzer.schedule` | Specifies the scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault` |
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
index 99bf29639..9967b0a78 100644
--- a/charts/node-analyzer/values.yaml
+++ b/charts/node-analyzer/values.yaml
@@ -184,7 +184,7 @@ nodeAnalyzer:
deploy: true
image:
repository: sysdig/node-image-analyzer
- tag: 0.1.28
+ tag: 0.1.29
digest:
pullPolicy:
@@ -237,7 +237,7 @@ nodeAnalyzer:
deploy: true
image:
repository: sysdig/host-analyzer
- tag: 0.1.16
+ tag: 0.1.17
digest:
pullPolicy:
diff --git a/charts/sysdig/Chart.yaml b/charts/sysdig/Chart.yaml
index 4d18af6cd..ba30f2595 100644
--- a/charts/sysdig/Chart.yaml
+++ b/charts/sysdig/Chart.yaml
@@ -15,4 +15,4 @@ name: sysdig
sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
-version: 1.16.15
+version: 1.16.16
diff --git a/charts/sysdig/README.md b/charts/sysdig/README.md
index b9ad96373..a3a1220fa 100644
--- a/charts/sysdig/README.md
+++ b/charts/sysdig/README.md
@@ -222,7 +222,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `nodeAnalyzer.pullSecrets` | The image pull secrets for the Node Analyzer containers. | `nil` |
| `nodeAnalyzer.imageAnalyzer.deploy` | Deploys the Image Analyzer. | `true ` |
| `nodeAnalyzer.imageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from. | `sysdig/node-image-analyzer` |
-| `nodeAnalyzer.imageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.28` |
+| `nodeAnalyzer.imageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.29` |
| `nodeAnalyzer.imageAnalyzer.image.digest` | The image digest to pull. | ` ` |
| `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer. | `IfNotPresent` |
| `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | The Docker socket path. | |
@@ -237,7 +237,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `nodeAnalyzer.imageAnalyzer.env` | The extra environment variables that will be passed onto pods. | `{}` |
| `nodeAnalyzer.hostAnalyzer.deploy` | Deploys the Host Analyzer. | `true ` |
| `nodeAnalyzer.hostAnalyzer.image.repository` | The image repository to pull the Host Analyzer from. | `sysdig/host-analyzer` |
-| `nodeAnalyzer.hostAnalyzer.image.tag` | The image tag to pull the Host Analyzer. | `0.1.16` |
+| `nodeAnalyzer.hostAnalyzer.image.tag` | The image tag to pull the Host Analyzer. | `0.1.17` |
| `nodeAnalyzer.hostAnalyzer.image.digest` | The image digest to pull. | ` ` |
| `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | The Image pull policy for the Host Analyzer. | `IfNotPresent` |
| `nodeAnalyzer.hostAnalyzer.schedule` | The scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault` |
@@ -323,7 +323,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `nodeImageAnalyzer.settings.httpsProxy` | The secure proxy configuration variables. | |
| `nodeImageAnalyzer.settings.noProxy` | The no proxy configuration variables. | |
| `nodeImageAnalyzer.image.repository` | The image repository to pull the Node Image Analyzer from. | `sysdig/node-image-analyzer` |
-| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.28` |
+| `nodeImageAnalyzer.image.tag` | The image tag to pull the Node Image Analyzer. | `0.1.29` |
| `nodeImageAnalyzer.imagedigest` | The image digest to pull. | ` ` |
| `nodeImageAnalyzer.image.pullPolicy` | The Image pull policy for the Node Image Analyzer. | `IfNotPresent` |
| `nodeImageAnalyzer.image.pullSecrets` | Image pull secrets for the Node Image Analyzer. | `nil` |
diff --git a/charts/sysdig/values.yaml b/charts/sysdig/values.yaml
index c0dd4a173..13563a4e8 100644
--- a/charts/sysdig/values.yaml
+++ b/charts/sysdig/values.yaml
@@ -193,7 +193,7 @@ nodeImageAnalyzer:
deploy: false
image:
repository: sysdig/node-image-analyzer
- tag: 0.1.28
+ tag: 0.1.29
digest: null
pullPolicy: IfNotPresent
# pullSecrets:
@@ -351,7 +351,7 @@ nodeAnalyzer:
deploy: true
image:
repository: sysdig/node-image-analyzer
- tag: 0.1.28
+ tag: 0.1.29
digest: null
pullPolicy: IfNotPresent
# The Docker socket path.
@@ -393,7 +393,7 @@ nodeAnalyzer:
deploy: true
image:
repository: sysdig/host-analyzer
- tag: 0.1.16
+ tag: 0.1.17
digest: null
pullPolicy: IfNotPresent
# The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”.
From 03864a7f3e58a365b4e7b3e285ce6fbaa703e22f Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 12:51:39 +0000
Subject: [PATCH 31/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for node-analyzer-1.17.9
---
charts/node-analyzer/CHANGELOG.md | 3 +++
charts/node-analyzer/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
index 037adcc2a..fe3572563 100644
--- a/charts/node-analyzer/CHANGELOG.md
+++ b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.17.9
+### Chores
+* **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
# v1.17.8
### New Features
* **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
index 0d725d12c..c27e46af1 100644
--- a/charts/node-analyzer/RELEASE-NOTES.md
+++ b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### New Features
-- **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.7...node-analyzer-1.17.8
+### Chores
+- **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.8...node-analyzer-1.17.9
From adf70c9f585f8e7bde19856c815079e79ddbaf73 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 12:51:39 +0000
Subject: [PATCH 32/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-1.16.16
---
charts/sysdig/CHANGELOG.md | 3 +++
charts/sysdig/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig/CHANGELOG.md b/charts/sysdig/CHANGELOG.md
index e357fd316..59995846a 100644
--- a/charts/sysdig/CHANGELOG.md
+++ b/charts/sysdig/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.16.16
+### Chores
+* **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
# v1.16.15
### New Features
* [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
diff --git a/charts/sysdig/RELEASE-NOTES.md b/charts/sysdig/RELEASE-NOTES.md
index 57dc6a58d..98d376ad9 100644
--- a/charts/sysdig/RELEASE-NOTES.md
+++ b/charts/sysdig/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### New Features
-- [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.1...sysdig-1.16.15
+### Chores
+- **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.5...sysdig-1.16.16
From 7544fc18f6067d191023cb58f218d93f3e3de7f7 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 15:23:55 +0200
Subject: [PATCH 33/68] chore(sysdig-deploy): Automatic version bump due to
updated dependencies (#1408)
Co-authored-by: mech-pig
Co-authored-by: Matteo Avellina <7295856+mech-pig@users.noreply.github.com>
---
charts/sysdig-deploy/Chart.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index 8e772bfeb..66eeecf9b 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.24.5
+version: 1.24.6
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -36,7 +36,7 @@ dependencies:
- name: node-analyzer
# repository: https://charts.sysdig.com
repository: file://../node-analyzer
- version: ~1.17.8
+ version: ~1.17.9
alias: nodeAnalyzer
condition: nodeAnalyzer.enabled
- name: cluster-scanner
From 10f5e27ccbe7a8c2597202724359724cf4532b31 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 13:25:20 +0000
Subject: [PATCH 34/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.24.6
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index 2a9622270..b3f011f9d 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.24.6
+### Chores
+* **sysdig-deploy** [7544fc18](https://github.com/sysdiglabs/charts/commit/7544fc18f6067d191023cb58f218d93f3e3de7f7): Automatic version bump due to updated dependencies ([#1408](https://github.com/sysdiglabs/charts/issues/1408))
# v1.24.5
### Bug Fixes
* **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index d8e630928..85fda4fe4 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Bug Fixes
-- **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.4...sysdig-deploy-1.24.5
+### Chores
+- **sysdig-deploy** [7544fc18](https://github.com/sysdiglabs/charts/commit/7544fc18f6067d191023cb58f218d93f3e3de7f7): Automatic version bump due to updated dependencies ([#1408](https://github.com/sysdiglabs/charts/issues/1408))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.5...sysdig-deploy-1.24.6
From eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 17:33:09 +0200
Subject: [PATCH 35/68] feat: release agent 12.17.0 (#1410)
Co-authored-by: updatecli
---
charts/agent/Chart.yaml | 4 ++--
charts/agent/values.yaml | 2 +-
charts/sysdig/Chart.yaml | 4 ++--
charts/sysdig/values.yaml | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
index c34b2ea05..fd8586e5c 100644
--- a/charts/agent/Chart.yaml
+++ b/charts/agent/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v2
-appVersion: 12.16.3
+appVersion: 12.17.0
dependencies:
- name: common
repository: file://../common
@@ -30,4 +30,4 @@ sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
type: application
-version: 1.13.14
+version: 1.13.15
diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
index 0cfe85bd5..88ba80d60 100644
--- a/charts/agent/values.yaml
+++ b/charts/agent/values.yaml
@@ -51,7 +51,7 @@ image:
overrideValue: null
registry: quay.io
repository: sysdig/agent
- tag: 12.16.3
+ tag: 12.17.0
# Specify a imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/charts/sysdig/Chart.yaml b/charts/sysdig/Chart.yaml
index ba30f2595..c3315d9f3 100644
--- a/charts/sysdig/Chart.yaml
+++ b/charts/sysdig/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v1
-appVersion: 12.16.3
+appVersion: 12.17.0
deprecated: true
description: Sysdig Monitor and Secure agent
home: https://www.sysdig.com/
@@ -15,4 +15,4 @@ name: sysdig
sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
-version: 1.16.16
+version: 1.16.17
diff --git a/charts/sysdig/values.yaml b/charts/sysdig/values.yaml
index 13563a4e8..5d5380efe 100644
--- a/charts/sysdig/values.yaml
+++ b/charts/sysdig/values.yaml
@@ -7,7 +7,7 @@ image:
overrideValue: null
registry: quay.io
repository: sysdig/agent
- tag: 12.16.3
+ tag: 12.17.0
# Specify a imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
From ee717cda3f1056e49180b21d1f9f922cf202c24b Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 15:34:40 +0000
Subject: [PATCH 36/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for agent-1.13.15
---
charts/agent/CHANGELOG.md | 3 +++
charts/agent/RELEASE-NOTES.md | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/charts/agent/CHANGELOG.md b/charts/agent/CHANGELOG.md
index f66233abc..7a7055eb8 100644
--- a/charts/agent/CHANGELOG.md
+++ b/charts/agent/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.13.15
+### New Features
+* [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
# v1.13.14
### New Features
* [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
diff --git a/charts/agent/RELEASE-NOTES.md b/charts/agent/RELEASE-NOTES.md
index fa523f293..3e950bf4d 100644
--- a/charts/agent/RELEASE-NOTES.md
+++ b/charts/agent/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
### New Features
-- [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.13.13...agent-1.13.14
+- [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.13.14...agent-1.13.15
From 34fd7f1a0deb75925fcda61f5f8f9370ff196655 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 15:34:40 +0000
Subject: [PATCH 37/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-1.16.17
---
charts/sysdig/CHANGELOG.md | 3 +++
charts/sysdig/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig/CHANGELOG.md b/charts/sysdig/CHANGELOG.md
index 59995846a..546be860d 100644
--- a/charts/sysdig/CHANGELOG.md
+++ b/charts/sysdig/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.16.17
+### New Features
+* [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
# v1.16.16
### Chores
* **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
diff --git a/charts/sysdig/RELEASE-NOTES.md b/charts/sysdig/RELEASE-NOTES.md
index 98d376ad9..bb57c917f 100644
--- a/charts/sysdig/RELEASE-NOTES.md
+++ b/charts/sysdig/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Chores
-- **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.5...sysdig-1.16.16
+### New Features
+- [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.6...sysdig-1.16.17
From b40e8e79dade9bbcada01f406298bb411fd241c0 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 17:55:17 +0200
Subject: [PATCH 38/68] chore(sysdig-deploy): Automatic version bump due to
updated dependencies (#1411)
---
charts/sysdig-deploy/Chart.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index 66eeecf9b..199c7a848 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.24.6
+version: 1.24.7
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -26,7 +26,7 @@ dependencies:
- name: agent
# repository: https://charts.sysdig.com
repository: file://../agent
- version: ~1.13.14
+ version: ~1.13.15
alias: agent
condition: agent.enabled
- name: common
From 3329a0d2a47d7cd44c339e80b3dd1877c8fcf54b Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Tue, 17 Oct 2023 15:56:59 +0000
Subject: [PATCH 39/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.24.7
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index b3f011f9d..9b9f8027b 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.24.7
+### Chores
+* **sysdig-deploy** [b40e8e79](https://github.com/sysdiglabs/charts/commit/b40e8e79dade9bbcada01f406298bb411fd241c0): Automatic version bump due to updated dependencies ([#1411](https://github.com/sysdiglabs/charts/issues/1411))
# v1.24.6
### Chores
* **sysdig-deploy** [7544fc18](https://github.com/sysdiglabs/charts/commit/7544fc18f6067d191023cb58f218d93f3e3de7f7): Automatic version bump due to updated dependencies ([#1408](https://github.com/sysdiglabs/charts/issues/1408))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 85fda4fe4..9162ee0f4 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
### Chores
-- **sysdig-deploy** [7544fc18](https://github.com/sysdiglabs/charts/commit/7544fc18f6067d191023cb58f218d93f3e3de7f7): Automatic version bump due to updated dependencies ([#1408](https://github.com/sysdiglabs/charts/issues/1408))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.5...sysdig-deploy-1.24.6
+- **sysdig-deploy** [b40e8e79](https://github.com/sysdiglabs/charts/commit/b40e8e79dade9bbcada01f406298bb411fd241c0): Automatic version bump due to updated dependencies ([#1411](https://github.com/sysdiglabs/charts/issues/1411))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.6...sysdig-deploy-1.24.7
From fd27a06bce7d782197b85664b7a445b5fb9ede8b Mon Sep 17 00:00:00 2001
From: Marco Vito Moscaritolo
Date: Wed, 18 Oct 2023 12:46:34 +0200
Subject: [PATCH 40/68] feature(agent): add support for Universal eBPF - CA
(#1270)
Co-authored-by: Adam Roberts
---
charts/agent/Chart.yaml | 2 +-
charts/agent/README.md | 7 +-
charts/agent/templates/_helpers.tpl | 18 +++-
charts/agent/templates/daemonset.yaml | 16 ++-
charts/agent/tests/universal_ebpf_test.yaml | 103 ++++++++++++++++++++
charts/agent/values.schema.json | 28 ++++++
charts/agent/values.yaml | 4 +
charts/sysdig-deploy/Chart.yaml | 4 +-
8 files changed, 173 insertions(+), 9 deletions(-)
create mode 100644 charts/agent/tests/universal_ebpf_test.yaml
create mode 100644 charts/agent/values.schema.json
diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
index fd8586e5c..28147894a 100644
--- a/charts/agent/Chart.yaml
+++ b/charts/agent/Chart.yaml
@@ -30,4 +30,4 @@ sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
type: application
-version: 1.13.15
+version: 1.14.0
diff --git a/charts/agent/README.md b/charts/agent/README.md
index 7801298d9..2cdd8ae9a 100644
--- a/charts/agent/README.md
+++ b/charts/agent/README.md
@@ -88,8 +88,8 @@ The following table lists the configurable parameters of the Sysdig chart and th
| Parameter | Description | Default |
|---------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------|
| `global.clusterConfig.name` | Sets a unique name to the cluster. You can then use the cluster name to identify events using the `kubernetes.cluster.name` tag. | `quay.io` |
-| `global.sysdig.accessKey` | Specify your Sysdig Agent Access Key. | Either `accessKey` or `accessKeySecret` is required |
-| `global.sysdig.accessKeySecret` | An alternative to using the Sysdig Agent access key. Specify the name of a Kubernetes secret containing an `access-key` entry. | Either `accessKey` or `accessKeySecret` is required |
+| `global.sysdig.accessKey` | Specify your Sysdig Agent Access Key. | Either `accessKey` or `accessKeySecret` is required |
+| `global.sysdig.accessKeySecret` | An alternative to using the Sysdig Agent access key. Specify the name of a Kubernetes secret containing an `access-key` entry. | Either `accessKey` or `accessKeySecret` is required |
| `global.sysdig.region` | The SaaS region for these agents. Possible values: `"us1"`, `"us2"`, `"us3"`, `"us4"`, `"eu1"`, `"au1"`, and `"custom"` | `"us1"` |
| `global.proxy.httpProxy` | Sets `http_proxy` on the `agent` container. | `""` |
| `global.proxy.httpsProxy` | Sets `https_proxy` on the `agent` container. | `""` |
@@ -146,6 +146,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `slim.resources.limits.cpu` | Specifies the CPU limit for building the kernel module | `1000m` |
| `slim.resources.limits.memory` | Specifies the memory limit for building the kernel module. | `512Mi` |
| `ebpf.enabled` | Enables eBPF support for Sysdig instead of `sysdig-probe` kernel module. | `false` |
+| `ebpf.kind` | Define which eBPF driver to use, can be `legacy_ebpf` or `universal_ebpf` | `legacy_ebpf` |
| `clusterName` | Sets a unique cluster name which is used to identify events with the `kubernetes.cluster.name` tag. Overrides `global.clusterConfig.name`. | ` ` |
| `sysdig.accessKey` | Your Sysdig Agent Access Key. Overrides `global.sysdig.accessKey` | Either `accessKey` or `existingAccessKeySecret` is required |
| `sysdig.existingAccessKeySecret` | Specifies the name of a Kubernetes secret containing an `access-key ` entry. Overrides `global.sysdig.existingAccessKeySecret` | Either `accessKey` or `existingAccessKeySecret` is required |
@@ -158,7 +159,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `auditLog.auditServerUrl` | Specifies the URL where Sysdig Agent listens for the Kubernetes audit log events. | `0.0.0.0` |
| `auditLog.auditServerPort` | Specifies the port where Sysdig Agent listens for the Kubernetes audit log events. | `7765` |
| `auditLog.dynamicBackend.enabled` | Deploys the Audit Sink where Sysdig listens for Kubernetes audit log events. | `false` |
-| `tolerations` | Specifies the tolerations for scheduling. | node-role.kubernetes.io/master:NoSchedule,
node-role.kubernetes.io/control-plane:NoSchedule
| |
+| `tolerations` | Specifies the tolerations for scheduling. | node-role.kubernetes.io/master:NoSchedule,
node-role.kubernetes.io/control-plane:NoSchedule
|
| `leaderelection.enable` | Enables the agent leader election algorithm. | `false` |
| `prometheus.file` | Specifies the file to configure promscrape. | `false` |
| `prometheus.yaml` | Configures the Prometheus metric collection. Performs relabelling and filtering. | ` ` |
diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
index 880fd3c16..8eda6b069 100644
--- a/charts/agent/templates/_helpers.tpl
+++ b/charts/agent/templates/_helpers.tpl
@@ -54,11 +54,15 @@ Define the proper imageRegistry to use for agent and kmodule image
{{- end -}}
{{/*
-Return the proper Sysdig Agent image name
+Return the proper Sysdig Agent repository name
+
+Force the slim version if customer specify enable the slim mode or if the Universal eBPF driver is enforced
*/}}
{{- define "agent.repositoryName" -}}
{{- if .Values.slim.enabled -}}
{{- .Values.slim.image.repository -}}
+{{- else if (include "agent.universalEbpfEnforced" . ) -}}
+ {{- .Values.slim.image.repository -}}
{{- else -}}
{{- .Values.image.repository -}}
{{- end -}}
@@ -219,6 +223,18 @@ it can act like a boolean
{{- end -}}
{{- end -}}
+{{- define "agent.universalEbpfEnforced" -}}
+ {{- if (and (eq "true" (include "agent.ebpfEnabled" .)) (eq "universal_ebpf" .Values.ebpf.kind )) -}}
+ true
+ {{- end -}}
+{{- end -}}
+
+{{- define "agent.legacyEbpfEnforced" -}}
+ {{- if (and (eq "true" (include "agent.ebpfEnabled" .)) (eq "legacy_ebpf" .Values.ebpf.kind )) -}}
+ true
+ {{- end -}}
+{{- end -}}
+
{{/*
to help the maxUnavailable pick a reasonable value depending on the cluster size
*/}}
diff --git a/charts/agent/templates/daemonset.yaml b/charts/agent/templates/daemonset.yaml
index d2ff2ee23..91eccf6cc 100644
--- a/charts/agent/templates/daemonset.yaml
+++ b/charts/agent/templates/daemonset.yaml
@@ -77,7 +77,8 @@ spec:
imagePullSecrets:
{{ toYaml .Values.global.image.pullSecrets | nindent 8 }}
{{- end }}
- {{- if .Values.slim.enabled }}
+ {{/* When the Universal eBPF is enforced by customer choice there is no reason to start the init container to build the driver */}}
+ {{- if and .Values.slim.enabled (not (include "agent.universalEbpfEnforced" . )) }}
initContainers:
- name: sysdig-agent-kmodule
image: {{ template "agent.image.kmodule" . }}
@@ -95,6 +96,10 @@ spec:
- name: SYSDIG_BPF_PROBE
value:
{{- end }}
+ {{- if (include "agent.legacyEbpfEnforced" .) }}
+ - name: SYSDIG_AGENT_DRIVER
+ value: legacy_ebpf
+ {{- end }}
{{- range $key, $value := .Values.daemonset.kmodule.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
@@ -178,10 +183,17 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- {{- if or (include "agent.ebpfEnabled" .) (include "agent.gke.autopilot" .)}}
+ {{- if and (or (include "agent.ebpfEnabled" .) (include "agent.gke.autopilot" .)) (not (include "agent.universalEbpfEnforced" . )) }}
- name: SYSDIG_BPF_PROBE
value:
{{- end }}
+ {{- if (include "agent.universalEbpfEnforced" .) }}
+ - name: SYSDIG_AGENT_DRIVER
+ value: universal_ebpf
+ {{- else if (include "agent.legacyEbpfEnforced" .) }}
+ - name: SYSDIG_AGENT_DRIVER
+ value: legacy_ebpf
+ {{- end }}
{{- if (.Values.proxy.httpProxy | default .Values.global.proxy.httpProxy) }}
- name: http_proxy
value: {{ .Values.proxy.httpProxy | default .Values.global.proxy.httpProxy }}
diff --git a/charts/agent/tests/universal_ebpf_test.yaml b/charts/agent/tests/universal_ebpf_test.yaml
new file mode 100644
index 000000000..0fe156718
--- /dev/null
+++ b/charts/agent/tests/universal_ebpf_test.yaml
@@ -0,0 +1,103 @@
+suite: Universal eBPF tests
+templates:
+ - templates/daemonset.yaml
+tests:
+ - it: Ensure that when the eBPF is disabled we create the sysdig container without SYSDIG_BPF_PROBE and SYSDIG_AGENT_DRIVER environment variables
+ set:
+ ebpf:
+ enabled: false
+ asserts:
+ - isNull:
+ path: spec.template.spec.initContainers[*].env[?(@.name == "SYSDIG_BPF_PROBE")]
+ - isNull:
+ path: spec.template.spec.initContainers[*].env[?(@.name == "SYSDIG_AGENT_DRIVER")]
+ - isNull:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_BPF_PROBE")]
+ - isNull:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_AGENT_DRIVER")]
+
+ - it: Ensure that when the eBPF is enabled the default driver is "legacy_ebpf" we create the sysdig container with the SYSDIG_BPF_PROBE and SYSDIG_AGENT_DRIVER=legacy_ebpf environment variables
+ set:
+ ebpf:
+ enabled: true
+ asserts:
+ - isEmpty:
+ path: spec.template.spec.initContainers[*].env[?(@.name == "SYSDIG_BPF_PROBE")].value
+ - equal:
+ path: spec.template.spec.initContainers[*].env[?(@.name == "SYSDIG_AGENT_DRIVER")].value
+ value: legacy_ebpf
+ - isEmpty:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_BPF_PROBE")].value
+ - equal:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_AGENT_DRIVER")].value
+ value: legacy_ebpf
+
+ - it: Ensure that when the eBPF is enabled and we specify to use the "legacy_ebpf" driver we create the sysdig container with the SYSDIG_BPF_PROBE and with SYSDIG_AGENT_DRIVER environment variables
+ set:
+ ebpf:
+ enabled: true
+ kind: legacy_ebpf
+ asserts:
+ - isEmpty:
+ path: spec.template.spec.initContainers[*].env[?(@.name == "SYSDIG_BPF_PROBE")].value
+ - equal:
+ path: spec.template.spec.initContainers[*].env[?(@.name == "SYSDIG_AGENT_DRIVER")].value
+ value: legacy_ebpf
+ - isEmpty:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_BPF_PROBE")].value
+ - equal:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_AGENT_DRIVER")].value
+ value: legacy_ebpf
+
+ - it: Ensure that when the eBPF is enabled and we specify to use the "universal_ebpf" driver we create the sysdig container without the SYSDIG_BPF_PROBE and with the SYSDIG_AGENT_DRIVER environment variables
+ set:
+ ebpf:
+ enabled: true
+ kind: universal_ebpf
+ asserts:
+ - isNull:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_BPF_PROBE")]
+ - equal:
+ path: spec.template.spec.containers[*].env[?(@.name == "SYSDIG_AGENT_DRIVER")].value
+ value: universal_ebpf
+
+ - it: Ensure that when the eBPF is enabled and we specify to use the "universal_ebpf" driver we don't create the init container
+ set:
+ ebpf:
+ enabled: true
+ kind: universal_ebpf
+ asserts:
+ - isNull:
+ path: spec.template.spec.initContainers
+
+ - it: Ensure that when the eBPF is enabled and we specify to use the "legacy_ebpf" driver we create the init container
+ set:
+ ebpf:
+ enabled: true
+ kind: legacy_ebpf
+ asserts:
+ - matchRegex:
+ path: spec.template.spec.initContainers[*].image
+ pattern: quay.io/sysdig/agent-kmodule:.*
+
+ - it: Ensure that when the eBPF is enabled and we specify to use the "universal_ebpf" driver we use the slim container
+ set:
+ ebpf:
+ enabled: true
+ kind: universal_ebpf
+ asserts:
+ - matchRegex:
+ path: spec.template.spec.containers[*].image
+ pattern: quay.io/sysdig/agent-slim:.*
+
+ - it: Ensure that when the eBPF is enabled and we specify to use the "universal_ebpf" driver we use the slim container also if is slim container is not enabled
+ set:
+ slim:
+ enabled: false
+ ebpf:
+ enabled: true
+ kind: universal_ebpf
+ asserts:
+ - matchRegex:
+ path: spec.template.spec.containers[*].image
+ pattern: quay.io/sysdig/agent-slim:.*
diff --git a/charts/agent/values.schema.json b/charts/agent/values.schema.json
new file mode 100644
index 000000000..65eeb0df9
--- /dev/null
+++ b/charts/agent/values.schema.json
@@ -0,0 +1,28 @@
+{
+ "$schema": "http://json-schema.org/schema#",
+ "type": "object",
+ "required": [
+ "ebpf"
+ ],
+ "properties": {
+ "ebpf": {
+ "type": "object",
+ "required": [
+ "enabled",
+ "kind"
+ ],
+ "properties": {
+ "enabled": {
+ "type": "boolean"
+ },
+ "kind": {
+ "type": "string",
+ "enum": [
+ "legacy_ebpf",
+ "universal_ebpf"
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
index 88ba80d60..d507e8bee 100644
--- a/charts/agent/values.yaml
+++ b/charts/agent/values.yaml
@@ -169,6 +169,10 @@ priorityClassValue: 10
ebpf:
# Enable eBPF support for Sysdig Agent
enabled: false
+
+ # Define the kind of eBPF driver that will be used by the agent. Can be `legacy_ebpf` or `universal_ebpf`
+ kind: legacy_ebpf
+
slim:
# Uses a slim version of the Sysdig Agent
enabled: true
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index 199c7a848..d318f3e36 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.24.7
+version: 1.25.0
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -26,7 +26,7 @@ dependencies:
- name: agent
# repository: https://charts.sysdig.com
repository: file://../agent
- version: ~1.13.15
+ version: ~1.14.0
alias: agent
condition: agent.enabled
- name: common
From 980a7a70d1af8f2d4e6b0c5c1f089cbe6c68a306 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Wed, 18 Oct 2023 10:48:12 +0000
Subject: [PATCH 41/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for agent-1.14.0
---
charts/agent/CHANGELOG.md | 1 +
charts/agent/RELEASE-NOTES.md | 4 +---
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/charts/agent/CHANGELOG.md b/charts/agent/CHANGELOG.md
index 7a7055eb8..9f1904bef 100644
--- a/charts/agent/CHANGELOG.md
+++ b/charts/agent/CHANGELOG.md
@@ -10,6 +10,7 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.14.0
# v1.13.15
### New Features
* [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
diff --git a/charts/agent/RELEASE-NOTES.md b/charts/agent/RELEASE-NOTES.md
index 3e950bf4d..87f128146 100644
--- a/charts/agent/RELEASE-NOTES.md
+++ b/charts/agent/RELEASE-NOTES.md
@@ -1,5 +1,3 @@
# What's Changed
-### New Features
-- [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.13.14...agent-1.13.15
+#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.13.15...agent-1.14.0
From 64bd12bdf8d18b32617036cef31c87ab5858bb1b Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Wed, 18 Oct 2023 10:48:12 +0000
Subject: [PATCH 42/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.25.0
---
charts/sysdig-deploy/CHANGELOG.md | 1 +
charts/sysdig-deploy/RELEASE-NOTES.md | 4 +---
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index 9b9f8027b..1c353f01d 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,7 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.25.0
# v1.24.7
### Chores
* **sysdig-deploy** [b40e8e79](https://github.com/sysdiglabs/charts/commit/b40e8e79dade9bbcada01f406298bb411fd241c0): Automatic version bump due to updated dependencies ([#1411](https://github.com/sysdiglabs/charts/issues/1411))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 9162ee0f4..316fe187f 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,3 @@
# What's Changed
-### Chores
-- **sysdig-deploy** [b40e8e79](https://github.com/sysdiglabs/charts/commit/b40e8e79dade9bbcada01f406298bb411fd241c0): Automatic version bump due to updated dependencies ([#1411](https://github.com/sysdiglabs/charts/issues/1411))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.6...sysdig-deploy-1.24.7
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.7...sysdig-deploy-1.25.0
From 23b421c60dafe24c2e777f38c490e7f88c2c42a4 Mon Sep 17 00:00:00 2001
From: FedericoFeresini <65897118+FedericoFeresini@users.noreply.github.com>
Date: Wed, 18 Oct 2023 16:34:39 +0200
Subject: [PATCH 43/68] feat(cluster-scanner): Enable platform services only in
regions which support them (#1413)
---
charts/cluster-scanner/Chart.yaml | 2 +-
charts/cluster-scanner/README.md | 8 +--
charts/cluster-scanner/templates/_helpers.tpl | 4 ++
.../cluster-scanner/tests/configmap_test.yaml | 49 +++++++++++++++++--
charts/sysdig-deploy/Chart.yaml | 4 +-
5 files changed, 55 insertions(+), 12 deletions(-)
diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml
index 5b6a0b43c..8b481bcc4 100644
--- a/charts/cluster-scanner/Chart.yaml
+++ b/charts/cluster-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner
type: application
-version: 0.7.2
+version: 0.8.0
appVersion: "0.1.0"
home: https://www.sysdig.com/
diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md
index b4136848b..0c6bc58fd 100644
--- a/charts/cluster-scanner/README.md
+++ b/charts/cluster-scanner/README.md
@@ -25,7 +25,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.2 \
+ --create-namespace -n sysdig --version=0.8.0 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.2 \
+ --create-namespace -n sysdig --version=0.8.0 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -161,7 +161,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.2 \
+ --create-namespace -n sysdig --version=0.8.0 \
--set global.sysdig.region="us1"
```
@@ -170,7 +170,7 @@ installing the chart. For example:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.7.2 \
+ --create-namespace -n sysdig --version=0.8.0 \
--values values.yaml
```
diff --git a/charts/cluster-scanner/templates/_helpers.tpl b/charts/cluster-scanner/templates/_helpers.tpl
index a26d4e5da..abe723e34 100644
--- a/charts/cluster-scanner/templates/_helpers.tpl
+++ b/charts/cluster-scanner/templates/_helpers.tpl
@@ -207,10 +207,14 @@ Define the proper imageRegistry to use for imageSbomExtractor
{{/*
Generates configmap data to enable platform services if onPremCompatibility version is not set, or it is greater than 6.6.0
+It also makes sure that the platform services are enabled in regions which support them when onPremCompatibility is not defined.
*/}}
{{- define "cluster-scanner.enablePlatformServicesConfig" -}}
{{- if ( semverCompare ">= 6.6.0" (.Values.onPremCompatibilityVersion | default "6.6.0" )) -}}
+ {{- $regionsPlatformEnabled := list "us1" "us2" "us3" "au1" "eu1" -}}
+ {{- if or (has .Values.global.sysdig.region $regionsPlatformEnabled) .Values.onPremCompatibilityVersion -}}
enable_platform_services: "true"
+ {{- end -}}
{{- end -}}
{{- end -}}
diff --git a/charts/cluster-scanner/tests/configmap_test.yaml b/charts/cluster-scanner/tests/configmap_test.yaml
index 31ca041ad..865da59ef 100644
--- a/charts/cluster-scanner/tests/configmap_test.yaml
+++ b/charts/cluster-scanner/tests/configmap_test.yaml
@@ -342,34 +342,74 @@ tests:
path: data.no_proxy
value: "fake-no-proxy"
- - it: "has correct platform services value when onPremCompatibilityVersion is NOT provided"
+ - it: "has correct platform services value when onPremCompatibilityVersion is NOT provided and region does NOT support platform services"
set:
global.sysdig.apiHost: "http://test.com"
+ global.sysdig.region: ""
+ asserts:
+ - isNull:
+ path: data.enable_platform_services
+
+ - it: "has correct platform services value when onPremCompatibilityVersion is NOT provided and region supports platform services"
+ set:
+ global.sysdig.apiHost: "http://test.com"
+ global.sysdig.region: "us1"
asserts:
- equal:
path: data.enable_platform_services
value: "true"
- - it: "has correct platform services value when onPremCompatibilityVersion is < 6.6"
+ - it: "has correct platform services value when onPremCompatibilityVersion is < 6.6 and region does NOT support platform services"
set:
global.sysdig.apiHost: "http://test.com"
onPremCompatibilityVersion: "6.5.99"
+ global.sysdig.region: ""
asserts:
- isNull:
path: data.enable_platform_services
- - it: "has correct platform services value when onPremCompatibilityVersion is = 6.5"
+ - it: "has correct platform services value when onPremCompatibilityVersion is < 6.6 and region supports platform services"
+ set:
+ global.sysdig.apiHost: "http://test.com"
+ onPremCompatibilityVersion: "6.5.99"
+ global.sysdig.region: "us1"
+ asserts:
+ - isNull:
+ path: data.enable_platform_services
+
+ - it: "has correct platform services value when onPremCompatibilityVersion is = 6.5 and region does NOT support platform services"
set:
global.sysdig.apiHost: "http://test.com"
onPremCompatibilityVersion: "6.5"
+ global.sysdig.region: ""
asserts:
- isNull:
path: data.enable_platform_services
- - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0"
+ - it: "has correct platform services value when onPremCompatibilityVersion is = 6.5 and region supports platform services"
+ set:
+ global.sysdig.apiHost: "http://test.com"
+ onPremCompatibilityVersion: "6.5"
+ global.sysdig.region: "us1"
+ asserts:
+ - isNull:
+ path: data.enable_platform_services
+
+ - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0 and region does NOT support platform services"
+ set:
+ global.sysdig.apiHost: "http://test.com"
+ onPremCompatibilityVersion: "6.6.0"
+ global.sysdig.region: ""
+ asserts:
+ - equal:
+ path: data.enable_platform_services
+ value: "true"
+
+ - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0 and region supports platform services"
set:
global.sysdig.apiHost: "http://test.com"
onPremCompatibilityVersion: "6.6.0"
+ global.sysdig.region: "us1"
asserts:
- equal:
path: data.enable_platform_services
@@ -393,7 +433,6 @@ tests:
path: data.enable_platform_services
value: "true"
-
- it: "fails if onPremCompatibilityVersion is not a valid semver"
set:
global.sysdig.apiHost: "http://test.com"
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index d318f3e36..c01b7a7a7 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.25.0
+version: 1.26.0
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -42,7 +42,7 @@ dependencies:
- name: cluster-scanner
# repository: https://charts.sysdig.com
repository: file://../cluster-scanner
- version: ~0.7.2
+ version: ~0.8.0
alias: clusterScanner
condition: clusterScanner.enabled
- name: kspm-collector
From b2f9f5214e8d1f24a2659f6a8b41b8629d122888 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Wed, 18 Oct 2023 14:36:13 +0000
Subject: [PATCH 44/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for cluster-scanner-0.8.0
---
charts/cluster-scanner/CHANGELOG.md | 3 +++
charts/cluster-scanner/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/cluster-scanner/CHANGELOG.md b/charts/cluster-scanner/CHANGELOG.md
index 3caf8c713..5a2e76cc0 100644
--- a/charts/cluster-scanner/CHANGELOG.md
+++ b/charts/cluster-scanner/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v0.8.0
+### New Features
+* **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
# v0.7.2
### Bug Fixes
* **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
diff --git a/charts/cluster-scanner/RELEASE-NOTES.md b/charts/cluster-scanner/RELEASE-NOTES.md
index d4c815304..bbb192a0f 100644
--- a/charts/cluster-scanner/RELEASE-NOTES.md
+++ b/charts/cluster-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Bug Fixes
-- **cluster-scanner** [9b3864ff](https://github.com/sysdiglabs/charts/commit/9b3864fffdc9e8b7e8fdc96f8ed4902f945c34c7): removed unneeded version compatibility checks ([#1404](https://github.com/sysdiglabs/charts/issues/1404))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.7.1...cluster-scanner-0.7.2
+### New Features
+- **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.7.2...cluster-scanner-0.8.0
From ce2dad6a6e589b71df43a0af28a9664c11eb987f Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Wed, 18 Oct 2023 14:36:13 +0000
Subject: [PATCH 45/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.26.0
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 4 +++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index 1c353f01d..4dfd8e0d8 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.26.0
+### New Features
+* **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
# v1.25.0
# v1.24.7
### Chores
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 316fe187f..0fa61b28e 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,3 +1,5 @@
# What's Changed
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.7...sysdig-deploy-1.25.0
+### New Features
+- **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.25.0...sysdig-deploy-1.26.0
From 7a271e46e3c6a4c6cf400957257905e00b61d177 Mon Sep 17 00:00:00 2001
From: Hayk Kocharyan
Date: Wed, 18 Oct 2023 18:49:22 +0200
Subject: [PATCH 46/68] Feat(registry-scanner): set group limit as env var
(#1414)
Co-authored-by: Alvaro Iradier
---
charts/registry-scanner/Chart.yaml | 4 ++--
charts/registry-scanner/README.md | 1 +
...ml.template => test-aws-org-values.yaml.template.disabled} | 0
...t-jfrog-saas-values-with-custom-ca.yaml.template.disabled} | 0
charts/registry-scanner/templates/_job.tpl | 4 ++++
charts/registry-scanner/values.yaml | 2 ++
6 files changed, 9 insertions(+), 2 deletions(-)
rename charts/registry-scanner/ci/{test-jfrog-saas-values.yaml.template => test-aws-org-values.yaml.template.disabled} (100%)
rename charts/registry-scanner/ci/{test-jfrog-saas-values-with-custom-ca.yaml.template => test-jfrog-saas-values-with-custom-ca.yaml.template.disabled} (100%)
diff --git a/charts/registry-scanner/Chart.yaml b/charts/registry-scanner/Chart.yaml
index 0f6e1a1e7..85e78db6c 100644
--- a/charts/registry-scanner/Chart.yaml
+++ b/charts/registry-scanner/Chart.yaml
@@ -4,8 +4,8 @@ description: Sysdig Registry Scanner
type: application
home: https://sysdiglabs.github.io/registry-scanner/
icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
-version: 1.1.9
-appVersion: 0.2.48
+version: 1.1.10
+appVersion: 0.2.50
maintainers:
- name: giuse-sysdig
email: giuseppe.esposito@sysdig.com
diff --git a/charts/registry-scanner/README.md b/charts/registry-scanner/README.md
index 12ba603c2..e423f2818 100644
--- a/charts/registry-scanner/README.md
+++ b/charts/registry-scanner/README.md
@@ -91,6 +91,7 @@ The following table lists the configurable parameters of the Sysdig Registry Sca
| config.scan.jobs.resources.limits.memory | The memory limit for the scanner job. | 2Gi |
| config.scan.jobs.temporaryVolumeSizeLimit | The size limit for the emptyDir volume used by the scanner job.
This volume is used to store both the vulnerability database and the image to scan. | 2Gi |
| config.useMainDbV2 | Enable vulnerability MainDB V2 | false |
+| config.parallelGoRoutines | Number of goroutines running in parallel in metadata phase for ECR Org setup. | 100 |
| ssl.ca.certs | For outbound connections.
List of PEM-encoded x509 certificate authority. | [] |
| customLabels | The additional labels to add to CronJob and Scanning Jobs. The custom labels to be added to kubernetes manifests of all the resources created. | {} |
| proxy.httpProxy | The URL of the proxy for HTTP connections. Leave it empty if not using proxy, which sets the `http_proxy` environment variable. | true |
| runtimeStatusIntegrator.image.registry | The image registry to use for the Runtime Status Integrator component of Cluster Scanner | quay.io |
| runtimeStatusIntegrator.image.repository | The image repository to use for pulling the Runtime Status Integrator image | sysdig/runtime-status-integrator |
-| runtimeStatusIntegrator.image.tag | | "0.5.0" |
+| runtimeStatusIntegrator.image.tag | | "0.5.1" |
| runtimeStatusIntegrator.multiCluster | When the Cluster Scanner is running in `multi` mode, set the secret name to be used to retrieve the kubeconfig configuration to connect to the clusters to inspect. | 25000 |
@@ -122,7 +122,7 @@ The following table lists the configurable parameters of the `cluster-scanner` c
| runtimeStatusIntegrator.natsJS.user | The username to be used in the NATS JetStream instance the Runtime Status Integrator is going to start | "default-user" |
| imageSbomExtractor.image.registry | The image registry to use for the Image SBOM Extractor component of Cluster Scanner | quay.io |
| imageSbomExtractor.image.repository | The image repository to use for pulling the Image SBOM Extractor image | sysdig/image-sbom-extractor |
-| imageSbomExtractor.image.tag | | "0.5.0" |
+| imageSbomExtractor.image.tag | | "0.5.1" |
| imageSbomExtractor.ports.metrics | The port to be used to expose prometheus metrics for the Image SBOM Extractor | 25001 |
| imageSbomExtractor.ports.probes | The port to be used for healthcheck probes for the Image SBOM Extractor | 7001 |
| imageSbomExtractor.resources.limits.cpu | Image SBOM Extractor CPU limit per replica | "1" |
@@ -161,7 +161,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.8.0 \
+ --create-namespace -n sysdig --version=0.8.1 \
--set global.sysdig.region="us1"
```
@@ -170,7 +170,7 @@ installing the chart. For example:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.8.0 \
+ --create-namespace -n sysdig --version=0.8.1 \
--values values.yaml
```
diff --git a/charts/cluster-scanner/values.yaml b/charts/cluster-scanner/values.yaml
index 14b520bf9..5e8a2186d 100644
--- a/charts/cluster-scanner/values.yaml
+++ b/charts/cluster-scanner/values.yaml
@@ -104,7 +104,7 @@ runtimeStatusIntegrator:
# The image repository to use for pulling the Runtime Status Integrator
# image
repository: sysdig/runtime-status-integrator
- tag: "0.5.0"
+ tag: "0.5.1"
# Params to manage leader election
# Leader election is implemented leveraging the native capabilities of
# Kubernetes see: https://kubernetes.io/blog/2016/01/simple-leader-election-with-kubernetes/
@@ -166,7 +166,7 @@ imageSbomExtractor:
registry: quay.io
# The image repository to use for pulling the Image SBOM Extractor image
repository: sysdig/image-sbom-extractor
- tag: "0.5.0"
+ tag: "0.5.1"
ports:
# The port to be used to expose prometheus metrics for the Image SBOM
# Extractor
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index c01b7a7a7..3001db1d1 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.26.0
+version: 1.26.1
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -42,7 +42,7 @@ dependencies:
- name: cluster-scanner
# repository: https://charts.sysdig.com
repository: file://../cluster-scanner
- version: ~0.8.0
+ version: ~0.8.1
alias: clusterScanner
condition: clusterScanner.enabled
- name: kspm-collector
From 8067c3d3a3d9efbf1b025356e1de1fd237a63edd Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Wed, 18 Oct 2023 23:17:55 +0000
Subject: [PATCH 49/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for cluster-scanner-0.8.1
---
charts/cluster-scanner/CHANGELOG.md | 3 +++
charts/cluster-scanner/RELEASE-NOTES.md | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/charts/cluster-scanner/CHANGELOG.md b/charts/cluster-scanner/CHANGELOG.md
index 5a2e76cc0..0d162b68c 100644
--- a/charts/cluster-scanner/CHANGELOG.md
+++ b/charts/cluster-scanner/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v0.8.1
+### New Features
+* **cluster-scanner** [8f19ed47](https://github.com/sysdiglabs/charts/commit/8f19ed47df2be280d2c432d1a182f6235a8e2231): bumped cluster-scanner images to 0.5.1 ([#1412](https://github.com/sysdiglabs/charts/issues/1412))
# v0.8.0
### New Features
* **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
diff --git a/charts/cluster-scanner/RELEASE-NOTES.md b/charts/cluster-scanner/RELEASE-NOTES.md
index bbb192a0f..fbae7b07d 100644
--- a/charts/cluster-scanner/RELEASE-NOTES.md
+++ b/charts/cluster-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
### New Features
-- **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.7.2...cluster-scanner-0.8.0
+- **cluster-scanner** [8f19ed47](https://github.com/sysdiglabs/charts/commit/8f19ed47df2be280d2c432d1a182f6235a8e2231): bumped cluster-scanner images to 0.5.1 ([#1412](https://github.com/sysdiglabs/charts/issues/1412))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.8.0...cluster-scanner-0.8.1
From a80903a00e1c80304b6533b5b0a0282a753e24db Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Wed, 18 Oct 2023 23:17:55 +0000
Subject: [PATCH 50/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.26.1
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index 4dfd8e0d8..32071ab1c 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.26.1
+### New Features
+* **cluster-scanner** [8f19ed47](https://github.com/sysdiglabs/charts/commit/8f19ed47df2be280d2c432d1a182f6235a8e2231): bumped cluster-scanner images to 0.5.1 ([#1412](https://github.com/sysdiglabs/charts/issues/1412))
# v1.26.0
### New Features
* **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 0fa61b28e..63d8db485 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
### New Features
-- **cluster-scanner** [23b421c6](https://github.com/sysdiglabs/charts/commit/23b421c60dafe24c2e777f38c490e7f88c2c42a4): Enable platform services only in regions which support them ([#1413](https://github.com/sysdiglabs/charts/issues/1413))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.25.0...sysdig-deploy-1.26.0
+- **cluster-scanner** [8f19ed47](https://github.com/sysdiglabs/charts/commit/8f19ed47df2be280d2c432d1a182f6235a8e2231): bumped cluster-scanner images to 0.5.1 ([#1412](https://github.com/sysdiglabs/charts/issues/1412))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.26.0...sysdig-deploy-1.26.1
From e948b71d4a222a5559306b728e6832af2901d4a2 Mon Sep 17 00:00:00 2001
From: maratsal <33134602+maratsal@users.noreply.github.com>
Date: Thu, 19 Oct 2023 03:59:16 -0400
Subject: [PATCH 51/68] feat(registry-scanner): add gar, gcr and nexus support
(#1354)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Javi Prieto <25323294+jprieto92@users.noreply.github.com>
Co-authored-by: Hayk Kocharyan
Co-authored-by: Álvaro Iradier
---
charts/registry-scanner/Chart.yaml | 2 +-
charts/registry-scanner/README.md | 3 ++-
charts/registry-scanner/README.tpl | 1 +
.../test-jfrog-saas-values.yaml.template.disabled | 13 +++++++++++++
charts/registry-scanner/templates/job.yaml | 2 +-
charts/registry-scanner/templates/secret.yaml | 6 ++++++
charts/registry-scanner/values.yaml | 2 +-
7 files changed, 25 insertions(+), 4 deletions(-)
create mode 100644 charts/registry-scanner/ci/test-jfrog-saas-values.yaml.template.disabled
diff --git a/charts/registry-scanner/Chart.yaml b/charts/registry-scanner/Chart.yaml
index 85e78db6c..7d23e51ee 100644
--- a/charts/registry-scanner/Chart.yaml
+++ b/charts/registry-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Registry Scanner
type: application
home: https://sysdiglabs.github.io/registry-scanner/
icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
-version: 1.1.10
+version: 1.1.11
appVersion: 0.2.50
maintainers:
- name: giuse-sysdig
diff --git a/charts/registry-scanner/README.md b/charts/registry-scanner/README.md
index e423f2818..bf18f023c 100644
--- a/charts/registry-scanner/README.md
+++ b/charts/registry-scanner/README.md
@@ -33,6 +33,7 @@ Follow the instructions in [Install Registry Scanner](https://docs.sysdig.com/en
- Quay IO
- IBM ICR
- Azure ACR
+- Google GAR
Once installed, you can view the scan results in the [Vulnerabilities UI](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/registry/) of Sysdig Secure.
@@ -60,7 +61,7 @@ The following table lists the configurable parameters of the Sysdig Registry Sca
| config.registryApiUrl | The API URL of the registry to scan. This is required if your registry type is Artifactory. | "" |
| config.registryUser | The username for registry authentication. | "" |
| config.registryPassword | The password for registry authentication. | "" |
-| config.registryType | Mandatory.
The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, and dockerv2. | "" |
+| config.registryType | Mandatory.
The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, gar, nexus and dockerv2. | "" |
| config.registryAccountId | The account ID. Applicable only for ICR registry type. | "" |
| config.icrIamApi | The ICR IAM API. Applicable only for ICR registry type. | "" |
| config.icrIamApiSkipTLS | Ignore TLS certificate for IAM API. Applicable only for ICR registry type. | false |
diff --git a/charts/registry-scanner/README.tpl b/charts/registry-scanner/README.tpl
index 143e6e3b2..6bfe90693 100644
--- a/charts/registry-scanner/README.tpl
+++ b/charts/registry-scanner/README.tpl
@@ -33,6 +33,7 @@ Follow the instructions in [Install Registry Scanner](https://docs.sysdig.com/en
- Quay IO
- IBM ICR
- Azure ACR
+- Google GAR
Once installed, you can view the scan results in the [Vulnerabilities UI](https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/registry/) of Sysdig Secure.
diff --git a/charts/registry-scanner/ci/test-jfrog-saas-values.yaml.template.disabled b/charts/registry-scanner/ci/test-jfrog-saas-values.yaml.template.disabled
new file mode 100644
index 000000000..c9e7fd4d9
--- /dev/null
+++ b/charts/registry-scanner/ci/test-jfrog-saas-values.yaml.template.disabled
@@ -0,0 +1,13 @@
+config:
+ secureAPIToken: ${SECURE_API_TOKEN}
+ registryType: artifactory
+ registryURL: ${SYSDIG_JFROG_SAAS_QA_URL}
+ registryApiUrl: ${SYSDIG_JFROG_SAAS_QA_API_URL}
+ registryUser: ${SYSDIG_JFROG_SAAS_QA_USER}
+ registryPassword: ${SYSDIG_JFROG_SAAS_QA_TOKEN}
+ filter:
+ include: 'alpine:3.1'
+ exclude: '.*'
+scanOnStart:
+ enabled: true
+ asPostInstallHook: true
diff --git a/charts/registry-scanner/templates/job.yaml b/charts/registry-scanner/templates/job.yaml
index c71c3d547..951aaf738 100644
--- a/charts/registry-scanner/templates/job.yaml
+++ b/charts/registry-scanner/templates/job.yaml
@@ -12,4 +12,4 @@ metadata:
{{- end }}
spec:
{{- include "registry-scanner.jobTemplate" . | indent 2}}
-{{- end}}
+{{- end }}
diff --git a/charts/registry-scanner/templates/secret.yaml b/charts/registry-scanner/templates/secret.yaml
index 107f4b0c2..8c1ae3368 100644
--- a/charts/registry-scanner/templates/secret.yaml
+++ b/charts/registry-scanner/templates/secret.yaml
@@ -12,6 +12,12 @@ data:
aws_access_key_id: {{ .Values.config.aws.accessKeyId | b64enc | quote }}
aws_secret_access_key: {{ .Values.config.aws.secretAccessKey | b64enc | quote }}
aws_region: {{ required "A valid .Values.config.aws.region is required" .Values.config.aws.region | b64enc | quote }}
+ {{- else if eq .Values.config.registryType "gar" }}
+ registryUser: {{ "_json_key_base64" | b64enc | quote }}
+ registryPassword: {{ required "A valid .Values.config.registryPassword is required" .Values.config.registryPassword | b64enc | quote }}
+ {{- else if eq .Values.config.registryType "gcr" }}
+ registryUser: {{ "_json_key" | b64enc | quote }}
+ registryPassword: {{ required "A valid .Values.config.registryPassword is required" .Values.config.registryPassword | b64enc | quote }}
{{- else }}
registryUser: {{ required "A valid .Values.config.registryUser is required" .Values.config.registryUser | b64enc | quote }}
registryPassword: {{ required "A valid .Values.config.registryPassword is required" .Values.config.registryPassword | b64enc | quote }}
diff --git a/charts/registry-scanner/values.yaml b/charts/registry-scanner/values.yaml
index f05cf06c6..4b5026eb5 100644
--- a/charts/registry-scanner/values.yaml
+++ b/charts/registry-scanner/values.yaml
@@ -26,7 +26,7 @@ config:
registryUser: ""
# The password for registry authentication.
registryPassword: ""
- # Mandatory.
The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, and dockerv2.
+ # Mandatory.
The registry Type. Supported types: artifactory, ecr, icr, acr, quay, harbor, gar, nexus and dockerv2.
registryType: ""
# The account ID. Applicable only for ICR registry type.
registryAccountId: ""
From c66a6ab7225badab27d539477cdc563de7e5e795 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Thu, 19 Oct 2023 08:00:55 +0000
Subject: [PATCH 52/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for registry-scanner-1.1.11
---
charts/registry-scanner/CHANGELOG.md | 3 +++
charts/registry-scanner/RELEASE-NOTES.md | 4 +++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/charts/registry-scanner/CHANGELOG.md b/charts/registry-scanner/CHANGELOG.md
index c9c65c664..e3484c97f 100644
--- a/charts/registry-scanner/CHANGELOG.md
+++ b/charts/registry-scanner/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.1.11
+### New Features
+* **registry-scanner** [e948b71d](https://github.com/sysdiglabs/charts/commit/e948b71d4a222a5559306b728e6832af2901d4a2): add gar, gcr and nexus support ([#1354](https://github.com/sysdiglabs/charts/issues/1354))
# v1.1.10
# v1.1.9
### Chores
diff --git a/charts/registry-scanner/RELEASE-NOTES.md b/charts/registry-scanner/RELEASE-NOTES.md
index 6c4df6192..84f81ea56 100644
--- a/charts/registry-scanner/RELEASE-NOTES.md
+++ b/charts/registry-scanner/RELEASE-NOTES.md
@@ -1,3 +1,5 @@
# What's Changed
-#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.9...registry-scanner-1.1.10
+### New Features
+- **registry-scanner** [e948b71d](https://github.com/sysdiglabs/charts/commit/e948b71d4a222a5559306b728e6832af2901d4a2): add gar, gcr and nexus support ([#1354](https://github.com/sysdiglabs/charts/issues/1354))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.10...registry-scanner-1.1.11
From 95340f9b730ce58de5e3ec18b190f0e97634c597 Mon Sep 17 00:00:00 2001
From: guidobonomi
Date: Thu, 19 Oct 2023 15:52:03 +0200
Subject: [PATCH 53/68] fix(registry-scanner): properly set vulnerability DB
config (#1417)
---
charts/registry-scanner/Chart.yaml | 2 +-
charts/registry-scanner/README.md | 1 -
charts/registry-scanner/templates/configmap.yaml | 2 +-
charts/registry-scanner/values.yaml | 2 --
4 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/charts/registry-scanner/Chart.yaml b/charts/registry-scanner/Chart.yaml
index 7d23e51ee..43799cc04 100644
--- a/charts/registry-scanner/Chart.yaml
+++ b/charts/registry-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Registry Scanner
type: application
home: https://sysdiglabs.github.io/registry-scanner/
icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
-version: 1.1.11
+version: 1.1.12
appVersion: 0.2.50
maintainers:
- name: giuse-sysdig
diff --git a/charts/registry-scanner/README.md b/charts/registry-scanner/README.md
index bf18f023c..dec3d31e0 100644
--- a/charts/registry-scanner/README.md
+++ b/charts/registry-scanner/README.md
@@ -91,7 +91,6 @@ The following table lists the configurable parameters of the Sysdig Registry Sca
| config.scan.jobs.resources.requests.cpu | The CPU request for the scanner job. | 500m |
| config.scan.jobs.resources.limits.memory | The memory limit for the scanner job. | 2Gi |
| config.scan.jobs.temporaryVolumeSizeLimit | The size limit for the emptyDir volume used by the scanner job.
This volume is used to store both the vulnerability database and the image to scan. | 2Gi |
-| config.useMainDbV2 | Enable vulnerability MainDB V2 | false |
| config.parallelGoRoutines | Number of goroutines running in parallel in metadata phase for ECR Org setup. | 100 |
| ssl.ca.certs | For outbound connections.
List of PEM-encoded x509 certificate authority. | [] |
| customLabels | The additional labels to add to CronJob and Scanning Jobs. The custom labels to be added to kubernetes manifests of all the resources created. | {} |
diff --git a/charts/registry-scanner/templates/configmap.yaml b/charts/registry-scanner/templates/configmap.yaml
index 9d80db88b..7d460aa25 100644
--- a/charts/registry-scanner/templates/configmap.yaml
+++ b/charts/registry-scanner/templates/configmap.yaml
@@ -102,4 +102,4 @@ data:
reportPath: /output/registry-scanner-{DATE}.json
{{- end }}
- useMainDbV2: {{ .Values.config.useMainDbV2 }}
+ vulnerabilityDBVersion: {{ .Values.config.vulnerabilityDBVersion | default "v2" | quote }}
diff --git a/charts/registry-scanner/values.yaml b/charts/registry-scanner/values.yaml
index 4b5026eb5..8053d2696 100644
--- a/charts/registry-scanner/values.yaml
+++ b/charts/registry-scanner/values.yaml
@@ -103,8 +103,6 @@ config:
# The size limit for the emptyDir volume used by the scanner job.
# This volume is used to store both the vulnerability database and the image to scan.
temporaryVolumeSizeLimit: 2Gi
- # Enable vulnerability MainDB V2
- useMainDbV2: false
# Number of goroutines running in parallel in metadata phase for ECR Org setup.
parallelGoRoutines: 100
ssl:
From ab103790033b96a1cfab03c785bd31b137b16f6d Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Thu, 19 Oct 2023 13:53:40 +0000
Subject: [PATCH 54/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for registry-scanner-1.1.12
---
charts/registry-scanner/CHANGELOG.md | 3 +++
charts/registry-scanner/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/registry-scanner/CHANGELOG.md b/charts/registry-scanner/CHANGELOG.md
index e3484c97f..35cddeb91 100644
--- a/charts/registry-scanner/CHANGELOG.md
+++ b/charts/registry-scanner/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.1.12
+### Bug Fixes
+* **registry-scanner** [95340f9b](https://github.com/sysdiglabs/charts/commit/95340f9b730ce58de5e3ec18b190f0e97634c597): properly set vulnerability DB config ([#1417](https://github.com/sysdiglabs/charts/issues/1417))
# v1.1.11
### New Features
* **registry-scanner** [e948b71d](https://github.com/sysdiglabs/charts/commit/e948b71d4a222a5559306b728e6832af2901d4a2): add gar, gcr and nexus support ([#1354](https://github.com/sysdiglabs/charts/issues/1354))
diff --git a/charts/registry-scanner/RELEASE-NOTES.md b/charts/registry-scanner/RELEASE-NOTES.md
index 84f81ea56..481259f08 100644
--- a/charts/registry-scanner/RELEASE-NOTES.md
+++ b/charts/registry-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### New Features
-- **registry-scanner** [e948b71d](https://github.com/sysdiglabs/charts/commit/e948b71d4a222a5559306b728e6832af2901d4a2): add gar, gcr and nexus support ([#1354](https://github.com/sysdiglabs/charts/issues/1354))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.10...registry-scanner-1.1.11
+### Bug Fixes
+- **registry-scanner** [95340f9b](https://github.com/sysdiglabs/charts/commit/95340f9b730ce58de5e3ec18b190f0e97634c597): properly set vulnerability DB config ([#1417](https://github.com/sysdiglabs/charts/issues/1417))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.11...registry-scanner-1.1.12
From 02c55d84b746c0d136b0818d4d29df077c5576e5 Mon Sep 17 00:00:00 2001
From: guidobonomi
Date: Thu, 19 Oct 2023 16:35:16 +0200
Subject: [PATCH 55/68] feat(node-analyzer): enable DB V2 by default in Host
and Runtime scanner (#1416)
---
charts/node-analyzer/Chart.yaml | 2 +-
charts/node-analyzer/README.md | 4 ++--
.../templates/configmap-host-scanner.yaml | 3 +++
.../templates/daemonset-node-analyzer.yaml | 12 ++++++++++++
.../runtimeScanner/runtime-scanner-configmap.yaml | 3 +++
charts/node-analyzer/values.yaml | 4 ++--
6 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
index a1823dc22..637fda99a 100644
--- a/charts/node-analyzer/Chart.yaml
+++ b/charts/node-analyzer/Chart.yaml
@@ -3,7 +3,7 @@ name: node-analyzer
description: Sysdig Node Analyzer
# currently matching Sysdig's appVersion 1.14.34
-version: 1.17.9
+version: 1.17.10
appVersion: 12.8.0
keywords:
- monitoring
diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
index f95298d6e..e9acca9c4 100644
--- a/charts/node-analyzer/README.md
+++ b/charts/node-analyzer/README.md
@@ -182,7 +182,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.hostScanner.additionalDirsToScan` | Sets the optional comma-separated list of directories in addition to the default ones. | ` ` |
| `nodeAnalyzer.hostScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
| `nodeAnalyzer.hostScanner.image.repository` | Specifies the image repository to pull the Host Scanner from. | `sysdig/vuln-host-scanner` |
-| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.5.2` |
+| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.6.3` |
| `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` |
| `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` |
@@ -196,7 +196,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.runtimeScanner.extraMounts` | Specifies a container engine custom socket path (docker, containerd, CRI-O). | |
| `nodeAnalyzer.runtimeScanner.storageClassName` | Specifies the Runtime Scanner storage class to use instead of emptyDir for ephemeral storage. | `` |
| `nodeAnalyzer.runtimeScanner.image.repository` | Specifies the image repository to pull the Runtime Scanner from. | `sysdig/vuln-runtime-scanner` |
-| `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.5.7` |
+| `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.6.2` |
| `nodeAnalyzer.runtimeScanner.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.runtimeScanner.image.pullPolicy` | Specifies the image pull policy for the Runtime Scanner. | `""` |
| `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Specifies the Runtime Scanner CPU requests per node. | `150m` |
diff --git a/charts/node-analyzer/templates/configmap-host-scanner.yaml b/charts/node-analyzer/templates/configmap-host-scanner.yaml
index cb0046123..374eae283 100644
--- a/charts/node-analyzer/templates/configmap-host-scanner.yaml
+++ b/charts/node-analyzer/templates/configmap-host-scanner.yaml
@@ -36,4 +36,7 @@ data:
{{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
{{- end -}}
+ {{- if .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion }}
+ vuln_db_version: {{ .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion | quote }}
+ {{- end }}
{{- end }}
diff --git a/charts/node-analyzer/templates/daemonset-node-analyzer.yaml b/charts/node-analyzer/templates/daemonset-node-analyzer.yaml
index 31028878e..0f6ac844e 100644
--- a/charts/node-analyzer/templates/daemonset-node-analyzer.yaml
+++ b/charts/node-analyzer/templates/daemonset-node-analyzer.yaml
@@ -643,6 +643,12 @@ spec:
name: {{ .Release.Name }}-runtime-scanner
key: max_image_size_allowed
optional: true
+ - name: VULNERABILITY_DB_VERSION
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-runtime-scanner
+ key: vuln_db_version
+ optional: true
- name: SYSDIG_API_URL
valueFrom:
configMapKeyRef:
@@ -854,6 +860,12 @@ spec:
name: {{ .Release.Name }}-host-scanner
key: analyzer.maxFileSizeAllowed
optional: true
+ - name: VULNERABILITY_DB_VERSION
+ valueFrom:
+ configMapKeyRef:
+ name: {{ .Release.Name }}-host-scanner
+ key: vuln_db_version
+ optional: true
- name: TMPDIR
value: "/tmp"
- name: PROBES_PORT
diff --git a/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml b/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml
index 928809609..38db49651 100644
--- a/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml
+++ b/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml
@@ -37,4 +37,7 @@ data:
{{- if .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed }}
analyzer.maxFileSizeAllowed: {{ .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed | int64 | quote }}
{{- end -}}
+ {{- if .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion }}
+ vuln_db_version: {{ .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion | quote }}
+ {{- end -}}
{{- end }}
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
index 9967b0a78..c13504870 100644
--- a/charts/node-analyzer/values.yaml
+++ b/charts/node-analyzer/values.yaml
@@ -289,7 +289,7 @@ nodeAnalyzer:
probesPort: 7002
image:
repository: sysdig/vuln-runtime-scanner
- tag: "1.5.7"
+ tag: "1.6.2"
digest:
pullPolicy:
storageClassName:
@@ -364,7 +364,7 @@ nodeAnalyzer:
image:
repository: sysdig/vuln-host-scanner
- tag: "0.5.2"
+ tag: "0.6.3"
digest:
pullPolicy:
From bc660bb78bfbcb472751bb94e581472dc462eb22 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Thu, 19 Oct 2023 14:36:50 +0000
Subject: [PATCH 56/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for node-analyzer-1.17.10
---
charts/node-analyzer/CHANGELOG.md | 3 +++
charts/node-analyzer/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
index fe3572563..ecd21cdc0 100644
--- a/charts/node-analyzer/CHANGELOG.md
+++ b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.17.10
+### New Features
+* **node-analyzer** [02c55d84](https://github.com/sysdiglabs/charts/commit/02c55d84b746c0d136b0818d4d29df077c5576e5): enable DB V2 by default in Host and Runtime scanner ([#1416](https://github.com/sysdiglabs/charts/issues/1416))
# v1.17.9
### Chores
* **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
index c27e46af1..cbf87600e 100644
--- a/charts/node-analyzer/RELEASE-NOTES.md
+++ b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Chores
-- **sysdig, node-analyzer** [84cfe9a5](https://github.com/sysdiglabs/charts/commit/84cfe9a5e6f989a9a42b14b3d16597436f23b4b1): update legacy nodeImageAnalyzer (0.1.29) and hostImageAnalyzer (0.1.17) ([#1407](https://github.com/sysdiglabs/charts/issues/1407))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.8...node-analyzer-1.17.9
+### New Features
+- **node-analyzer** [02c55d84](https://github.com/sysdiglabs/charts/commit/02c55d84b746c0d136b0818d4d29df077c5576e5): enable DB V2 by default in Host and Runtime scanner ([#1416](https://github.com/sysdiglabs/charts/issues/1416))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.9...node-analyzer-1.17.10
From 2ad42f2f3f1319bbaf3dc93b63cf7eec1d14bc86 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Thu, 19 Oct 2023 16:57:27 +0200
Subject: [PATCH 57/68] chore(sysdig-deploy): Automatic version bump due to
updated dependencies (#1418)
---
charts/sysdig-deploy/Chart.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index 3001db1d1..5bbf4694a 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.26.1
+version: 1.26.2
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -36,7 +36,7 @@ dependencies:
- name: node-analyzer
# repository: https://charts.sysdig.com
repository: file://../node-analyzer
- version: ~1.17.9
+ version: ~1.17.10
alias: nodeAnalyzer
condition: nodeAnalyzer.enabled
- name: cluster-scanner
From 560ebe6cf1409e7ceee49e3c361c8c02c49454fb Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Thu, 19 Oct 2023 14:58:52 +0000
Subject: [PATCH 58/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.26.2
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index 32071ab1c..c809e75a7 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.26.2
+### Chores
+* **sysdig-deploy** [2ad42f2f](https://github.com/sysdiglabs/charts/commit/2ad42f2f3f1319bbaf3dc93b63cf7eec1d14bc86): Automatic version bump due to updated dependencies ([#1418](https://github.com/sysdiglabs/charts/issues/1418))
# v1.26.1
### New Features
* **cluster-scanner** [8f19ed47](https://github.com/sysdiglabs/charts/commit/8f19ed47df2be280d2c432d1a182f6235a8e2231): bumped cluster-scanner images to 0.5.1 ([#1412](https://github.com/sysdiglabs/charts/issues/1412))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 63d8db485..acc9451fd 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### New Features
-- **cluster-scanner** [8f19ed47](https://github.com/sysdiglabs/charts/commit/8f19ed47df2be280d2c432d1a182f6235a8e2231): bumped cluster-scanner images to 0.5.1 ([#1412](https://github.com/sysdiglabs/charts/issues/1412))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.26.0...sysdig-deploy-1.26.1
+### Chores
+- **sysdig-deploy** [2ad42f2f](https://github.com/sysdiglabs/charts/commit/2ad42f2f3f1319bbaf3dc93b63cf7eec1d14bc86): Automatic version bump due to updated dependencies ([#1418](https://github.com/sysdiglabs/charts/issues/1418))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.26.1...sysdig-deploy-1.26.2
From 9f3aee7d85bd420fa61239b965d528be9a583aef Mon Sep 17 00:00:00 2001
From: Fede Barcelona
Date: Fri, 20 Oct 2023 12:20:55 +0200
Subject: [PATCH 59/68] chore(registry-scanner): Update to v0.2.51 (#1419)
Co-authored-by: hayk99
---
charts/registry-scanner/Chart.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/charts/registry-scanner/Chart.yaml b/charts/registry-scanner/Chart.yaml
index 43799cc04..429b68f62 100644
--- a/charts/registry-scanner/Chart.yaml
+++ b/charts/registry-scanner/Chart.yaml
@@ -4,8 +4,8 @@ description: Sysdig Registry Scanner
type: application
home: https://sysdiglabs.github.io/registry-scanner/
icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
-version: 1.1.12
-appVersion: 0.2.50
+version: 1.1.13
+appVersion: 0.2.51
maintainers:
- name: giuse-sysdig
email: giuseppe.esposito@sysdig.com
From 89f70f44c20f50633f2fe2c77d26dd0a92751f55 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Fri, 20 Oct 2023 10:22:25 +0000
Subject: [PATCH 60/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for registry-scanner-1.1.13
---
charts/registry-scanner/CHANGELOG.md | 3 +++
charts/registry-scanner/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/registry-scanner/CHANGELOG.md b/charts/registry-scanner/CHANGELOG.md
index 35cddeb91..2a8da0760 100644
--- a/charts/registry-scanner/CHANGELOG.md
+++ b/charts/registry-scanner/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.1.13
+### Chores
+* **registry-scanner** [9f3aee7d](https://github.com/sysdiglabs/charts/commit/9f3aee7d85bd420fa61239b965d528be9a583aef): Update to v0.2.51 ([#1419](https://github.com/sysdiglabs/charts/issues/1419))
# v1.1.12
### Bug Fixes
* **registry-scanner** [95340f9b](https://github.com/sysdiglabs/charts/commit/95340f9b730ce58de5e3ec18b190f0e97634c597): properly set vulnerability DB config ([#1417](https://github.com/sysdiglabs/charts/issues/1417))
diff --git a/charts/registry-scanner/RELEASE-NOTES.md b/charts/registry-scanner/RELEASE-NOTES.md
index 481259f08..d06a564ab 100644
--- a/charts/registry-scanner/RELEASE-NOTES.md
+++ b/charts/registry-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### Bug Fixes
-- **registry-scanner** [95340f9b](https://github.com/sysdiglabs/charts/commit/95340f9b730ce58de5e3ec18b190f0e97634c597): properly set vulnerability DB config ([#1417](https://github.com/sysdiglabs/charts/issues/1417))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.11...registry-scanner-1.1.12
+### Chores
+- **registry-scanner** [9f3aee7d](https://github.com/sysdiglabs/charts/commit/9f3aee7d85bd420fa61239b965d528be9a583aef): Update to v0.2.51 ([#1419](https://github.com/sysdiglabs/charts/issues/1419))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.12...registry-scanner-1.1.13
From a589d16767394384bbc50eac4049b96d82d99355 Mon Sep 17 00:00:00 2001
From: Michele Mangili <83061719+michele-mangili@users.noreply.github.com>
Date: Fri, 20 Oct 2023 15:54:07 +0200
Subject: [PATCH 61/68] chore(node-analyzer): bump sysdig/vuln-host-scanner to
v0.6.5 (#1420)
Extended Changelog:
* Hostscanner bumped to 0.6.5
* Fixed a bug that could cause the host-scanner go in crash loop backoff due to a missing timeout when retrieving AWS labels
---
charts/node-analyzer/Chart.yaml | 2 +-
charts/node-analyzer/README.md | 2 +-
charts/node-analyzer/values.yaml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
index 637fda99a..287931b30 100644
--- a/charts/node-analyzer/Chart.yaml
+++ b/charts/node-analyzer/Chart.yaml
@@ -3,7 +3,7 @@ name: node-analyzer
description: Sysdig Node Analyzer
# currently matching Sysdig's appVersion 1.14.34
-version: 1.17.10
+version: 1.17.11
appVersion: 12.8.0
keywords:
- monitoring
diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
index e9acca9c4..f25c30cf2 100644
--- a/charts/node-analyzer/README.md
+++ b/charts/node-analyzer/README.md
@@ -182,7 +182,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.hostScanner.additionalDirsToScan` | Sets the optional comma-separated list of directories in addition to the default ones. | ` ` |
| `nodeAnalyzer.hostScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
| `nodeAnalyzer.hostScanner.image.repository` | Specifies the image repository to pull the Host Scanner from. | `sysdig/vuln-host-scanner` |
-| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.6.3` |
+| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.6.5` |
| `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` |
| `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` |
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
index c13504870..d25ecf032 100644
--- a/charts/node-analyzer/values.yaml
+++ b/charts/node-analyzer/values.yaml
@@ -364,7 +364,7 @@ nodeAnalyzer:
image:
repository: sysdig/vuln-host-scanner
- tag: "0.6.3"
+ tag: "0.6.5"
digest:
pullPolicy:
From 215f78120da2d1235ccd45829505434802ab2550 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Fri, 20 Oct 2023 13:55:41 +0000
Subject: [PATCH 62/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for node-analyzer-1.17.11
---
charts/node-analyzer/CHANGELOG.md | 6 ++++++
charts/node-analyzer/RELEASE-NOTES.md | 9 ++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
index ecd21cdc0..1db8d1edc 100644
--- a/charts/node-analyzer/CHANGELOG.md
+++ b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.17.11
+### Chores
+* **node-analyzer** [a589d167](https://github.com/sysdiglabs/charts/commit/a589d16767394384bbc50eac4049b96d82d99355): bump sysdig/vuln-host-scanner to v0.6.5 ([#1420](https://github.com/sysdiglabs/charts/issues/1420))
+
+ * * Hostscanner bumped to 0.6.5
+ * Fixed a bug that could cause the host-scanner go in crash loop backoff due to a missing timeout when retrieving AWS labels
# v1.17.10
### New Features
* **node-analyzer** [02c55d84](https://github.com/sysdiglabs/charts/commit/02c55d84b746c0d136b0818d4d29df077c5576e5): enable DB V2 by default in Host and Runtime scanner ([#1416](https://github.com/sysdiglabs/charts/issues/1416))
diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
index cbf87600e..01cc6854f 100644
--- a/charts/node-analyzer/RELEASE-NOTES.md
+++ b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,5 +1,8 @@
# What's Changed
-### New Features
-- **node-analyzer** [02c55d84](https://github.com/sysdiglabs/charts/commit/02c55d84b746c0d136b0818d4d29df077c5576e5): enable DB V2 by default in Host and Runtime scanner ([#1416](https://github.com/sysdiglabs/charts/issues/1416))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.9...node-analyzer-1.17.10
+### Chores
+- **node-analyzer** [a589d167](https://github.com/sysdiglabs/charts/commit/a589d16767394384bbc50eac4049b96d82d99355): bump sysdig/vuln-host-scanner to v0.6.5 ([#1420](https://github.com/sysdiglabs/charts/issues/1420))
+
+ * * Hostscanner bumped to 0.6.5
+ * Fixed a bug that could cause the host-scanner go in crash loop backoff due to a missing timeout when retrieving AWS labels
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.10...node-analyzer-1.17.11
From 99ad329da1c4af6a01ed512c78b6e05ecb3a82fc Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Fri, 20 Oct 2023 16:49:58 +0200
Subject: [PATCH 63/68] chore(sysdig-deploy): Automatic version bump due to
updated dependencies (#1421)
---
charts/sysdig-deploy/Chart.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index 5bbf4694a..1975749ed 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.26.2
+version: 1.26.3
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -36,7 +36,7 @@ dependencies:
- name: node-analyzer
# repository: https://charts.sysdig.com
repository: file://../node-analyzer
- version: ~1.17.10
+ version: ~1.17.11
alias: nodeAnalyzer
condition: nodeAnalyzer.enabled
- name: cluster-scanner
From 057a008e50a4065930ae1a354712ef43612ac731 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Fri, 20 Oct 2023 14:51:36 +0000
Subject: [PATCH 64/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.26.3
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index c809e75a7..f493b046f 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.26.3
+### Chores
+* **sysdig-deploy** [99ad329d](https://github.com/sysdiglabs/charts/commit/99ad329da1c4af6a01ed512c78b6e05ecb3a82fc): Automatic version bump due to updated dependencies ([#1421](https://github.com/sysdiglabs/charts/issues/1421))
# v1.26.2
### Chores
* **sysdig-deploy** [2ad42f2f](https://github.com/sysdiglabs/charts/commit/2ad42f2f3f1319bbaf3dc93b63cf7eec1d14bc86): Automatic version bump due to updated dependencies ([#1418](https://github.com/sysdiglabs/charts/issues/1418))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index acc9451fd..9a88e1afc 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
### Chores
-- **sysdig-deploy** [2ad42f2f](https://github.com/sysdiglabs/charts/commit/2ad42f2f3f1319bbaf3dc93b63cf7eec1d14bc86): Automatic version bump due to updated dependencies ([#1418](https://github.com/sysdiglabs/charts/issues/1418))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.26.1...sysdig-deploy-1.26.2
+- **sysdig-deploy** [99ad329d](https://github.com/sysdiglabs/charts/commit/99ad329da1c4af6a01ed512c78b6e05ecb3a82fc): Automatic version bump due to updated dependencies ([#1421](https://github.com/sysdiglabs/charts/issues/1421))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.26.2...sysdig-deploy-1.26.3
From 201126cf8abb51996ee001665c17545210058ff9 Mon Sep 17 00:00:00 2001
From: chen-shmilovich-sysdig
<66797177+chen-shmilovich-sysdig@users.noreply.github.com>
Date: Sun, 22 Oct 2023 16:58:19 +0300
Subject: [PATCH 65/68] chore(kspm-collector,node-analyzer): KSPM v1.34.0
(#1422)
---
charts/kspm-collector/Chart.yaml | 4 ++--
charts/kspm-collector/README.md | 2 +-
charts/kspm-collector/values.yaml | 2 +-
charts/node-analyzer/Chart.yaml | 2 +-
charts/node-analyzer/README.md | 2 +-
charts/node-analyzer/values.yaml | 2 +-
charts/sysdig-deploy/Chart.yaml | 6 +++---
7 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml
index a5ab95414..24a7ee724 100644
--- a/charts/kspm-collector/Chart.yaml
+++ b/charts/kspm-collector/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
name: kspm-collector
description: Sysdig KSPM collector
-version: 0.8.4
-appVersion: 1.30.0
+version: 0.8.5
+appVersion: 1.34.0
keywords:
- monitoring
diff --git a/charts/kspm-collector/README.md b/charts/kspm-collector/README.md
index 408368a91..fefbf3b3f 100644
--- a/charts/kspm-collector/README.md
+++ b/charts/kspm-collector/README.md
@@ -45,7 +45,7 @@ The following table lists the configurable parameters of the Sysdig KSPM Collect
| `clusterName` | Sets a unique cluster name. This name will be used to identify events using the `kubernetes.cluster.name` tag. | ` ` |
| `image.registry` | Specifies the KSPM collector image registry. | `quay.io` |
| `image.repository` | Specifies the image repository to pull from. | `sysdig/kspm-collector` |
-| `image.tag` | Specifies the image tag to pull from the image repository. | `1.33.0` |
+| `image.tag` | Specifies the image tag to pull from the image repository. | `1.34.0` |
| `image.digest` | Specifies the image digest to pull from the image repository. | ` ` |
| `image.pullPolicy` | Specifies theImage pull policy. | `""` |
| `imagePullSecrets` | Specifies the Image pull secret. | `[]` |
diff --git a/charts/kspm-collector/values.yaml b/charts/kspm-collector/values.yaml
index 2c1caacde..899c5e15d 100644
--- a/charts/kspm-collector/values.yaml
+++ b/charts/kspm-collector/values.yaml
@@ -77,7 +77,7 @@ clusterName: ""
image:
repository: sysdig/kspm-collector
- tag: 1.33.0
+ tag: 1.34.0
digest:
registry: quay.io
pullPolicy:
diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
index 287931b30..6eed856db 100644
--- a/charts/node-analyzer/Chart.yaml
+++ b/charts/node-analyzer/Chart.yaml
@@ -3,7 +3,7 @@ name: node-analyzer
description: Sysdig Node Analyzer
# currently matching Sysdig's appVersion 1.14.34
-version: 1.17.11
+version: 1.17.12
appVersion: 12.8.0
keywords:
- monitoring
diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
index f25c30cf2..111ac0c84 100644
--- a/charts/node-analyzer/README.md
+++ b/charts/node-analyzer/README.md
@@ -219,7 +219,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.tolerations` | Specifies the tolerations for scheduling. | node-role.kubernetes.io/master:NoSchedule,
node-role.kubernetes.io/control-plane:NoSchedule
|
| `nodeAnalyzer.kspmAnalyzer.debug` | Set to true to show KSPM node analyzer debug logging, which is useful for troubleshooting. | `false` |
| `nodeAnalyzer.kspmAnalyzer.image.repository` | Specifies the image repository to pull the KSPM node analyzer from. | `sysdig/kspm-analyzer` |
-| `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.34.0` |
+| `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.35.0` |
| `nodeAnalyzer.kspmAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.kspmAnalyzer.image.pullPolicy` | Specifies the The image pull policy for the KSPM node analyzer. | `""` |
| `nodeAnalyzer.kspmAnalyzer.resources.requests.cpu` | Specifies the KSPM node analyzer CPU requests per node. | `150m` |
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
index d25ecf032..30852b2b1 100644
--- a/charts/node-analyzer/values.yaml
+++ b/charts/node-analyzer/values.yaml
@@ -387,7 +387,7 @@ nodeAnalyzer:
debug: false
image:
repository: sysdig/kspm-analyzer
- tag: 1.34.0
+ tag: 1.35.0
digest:
pullPolicy:
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index 1975749ed..f306f61a9 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.26.3
+version: 1.26.4
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -36,7 +36,7 @@ dependencies:
- name: node-analyzer
# repository: https://charts.sysdig.com
repository: file://../node-analyzer
- version: ~1.17.11
+ version: ~1.17.12
alias: nodeAnalyzer
condition: nodeAnalyzer.enabled
- name: cluster-scanner
@@ -48,7 +48,7 @@ dependencies:
- name: kspm-collector
# repository: https://charts.sysdig.com
repository: file://../kspm-collector
- version: ~0.8.4
+ version: ~0.8.5
alias: kspmCollector
condition: global.kspm.deploy
- name: rapid-response
From 3233d5d6970d1805557da9bc8dd3616dcb6e15b8 Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Sun, 22 Oct 2023 14:00:01 +0000
Subject: [PATCH 66/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for kspm-collector-0.8.5
---
charts/kspm-collector/CHANGELOG.md | 3 +++
charts/kspm-collector/RELEASE-NOTES.md | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/charts/kspm-collector/CHANGELOG.md b/charts/kspm-collector/CHANGELOG.md
index 146e8054b..113ef82a3 100644
--- a/charts/kspm-collector/CHANGELOG.md
+++ b/charts/kspm-collector/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v0.8.5
+### Chores
+* **kspm-collector,node-analyzer** [201126cf](https://github.com/sysdiglabs/charts/commit/201126cf8abb51996ee001665c17545210058ff9): KSPM v1.34.0 ([#1422](https://github.com/sysdiglabs/charts/issues/1422))
# v0.8.4
### New Features
* **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
diff --git a/charts/kspm-collector/RELEASE-NOTES.md b/charts/kspm-collector/RELEASE-NOTES.md
index 501f97b15..1ec7b8252 100644
--- a/charts/kspm-collector/RELEASE-NOTES.md
+++ b/charts/kspm-collector/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
-### New Features
-- **kspm-collector,node-analyzer** [660e610d](https://github.com/sysdiglabs/charts/commit/660e610d475cdac3b9d2c51da4af0a01abce31f6): add support for NATS_MAX_RECONNECT variable ([#1400](https://github.com/sysdiglabs/charts/issues/1400))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/kspm-collector-0.8.3...kspm-collector-0.8.4
+### Chores
+- **kspm-collector,node-analyzer** [201126cf](https://github.com/sysdiglabs/charts/commit/201126cf8abb51996ee001665c17545210058ff9): KSPM v1.34.0 ([#1422](https://github.com/sysdiglabs/charts/issues/1422))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/kspm-collector-0.8.4...kspm-collector-0.8.5
From cacef33fab16fc27ad13720f3bc3b499a57bc69a Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Sun, 22 Oct 2023 14:00:01 +0000
Subject: [PATCH 67/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for node-analyzer-1.17.12
---
charts/node-analyzer/CHANGELOG.md | 3 +++
charts/node-analyzer/RELEASE-NOTES.md | 7 ++-----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
index 1db8d1edc..01b1777ea 100644
--- a/charts/node-analyzer/CHANGELOG.md
+++ b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.17.12
+### Chores
+* **kspm-collector,node-analyzer** [201126cf](https://github.com/sysdiglabs/charts/commit/201126cf8abb51996ee001665c17545210058ff9): KSPM v1.34.0 ([#1422](https://github.com/sysdiglabs/charts/issues/1422))
# v1.17.11
### Chores
* **node-analyzer** [a589d167](https://github.com/sysdiglabs/charts/commit/a589d16767394384bbc50eac4049b96d82d99355): bump sysdig/vuln-host-scanner to v0.6.5 ([#1420](https://github.com/sysdiglabs/charts/issues/1420))
diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
index 01cc6854f..0b7595be1 100644
--- a/charts/node-analyzer/RELEASE-NOTES.md
+++ b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,8 +1,5 @@
# What's Changed
### Chores
-- **node-analyzer** [a589d167](https://github.com/sysdiglabs/charts/commit/a589d16767394384bbc50eac4049b96d82d99355): bump sysdig/vuln-host-scanner to v0.6.5 ([#1420](https://github.com/sysdiglabs/charts/issues/1420))
-
- * * Hostscanner bumped to 0.6.5
- * Fixed a bug that could cause the host-scanner go in crash loop backoff due to a missing timeout when retrieving AWS labels
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.10...node-analyzer-1.17.11
+- **kspm-collector,node-analyzer** [201126cf](https://github.com/sysdiglabs/charts/commit/201126cf8abb51996ee001665c17545210058ff9): KSPM v1.34.0 ([#1422](https://github.com/sysdiglabs/charts/issues/1422))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.17.11...node-analyzer-1.17.12
From 94327ee045b3d46aff4a5b46fa86c1d695c108db Mon Sep 17 00:00:00 2001
From: draios-jenkins
Date: Sun, 22 Oct 2023 14:00:01 +0000
Subject: [PATCH 68/68] github_actions_ci: Update CHANGELOG and RELEASE-NOTES
for sysdig-deploy-1.26.4
---
charts/sysdig-deploy/CHANGELOG.md | 3 +++
charts/sysdig-deploy/RELEASE-NOTES.md | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
index f493b046f..dc593d2f4 100644
--- a/charts/sysdig-deploy/CHANGELOG.md
+++ b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.26.4
+### Chores
+* **kspm-collector,node-analyzer** [201126cf](https://github.com/sysdiglabs/charts/commit/201126cf8abb51996ee001665c17545210058ff9): KSPM v1.34.0 ([#1422](https://github.com/sysdiglabs/charts/issues/1422))
# v1.26.3
### Chores
* **sysdig-deploy** [99ad329d](https://github.com/sysdiglabs/charts/commit/99ad329da1c4af6a01ed512c78b6e05ecb3a82fc): Automatic version bump due to updated dependencies ([#1421](https://github.com/sysdiglabs/charts/issues/1421))
diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
index 9a88e1afc..02f46aaee 100644
--- a/charts/sysdig-deploy/RELEASE-NOTES.md
+++ b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
# What's Changed
### Chores
-- **sysdig-deploy** [99ad329d](https://github.com/sysdiglabs/charts/commit/99ad329da1c4af6a01ed512c78b6e05ecb3a82fc): Automatic version bump due to updated dependencies ([#1421](https://github.com/sysdiglabs/charts/issues/1421))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.26.2...sysdig-deploy-1.26.3
+- **kspm-collector,node-analyzer** [201126cf](https://github.com/sysdiglabs/charts/commit/201126cf8abb51996ee001665c17545210058ff9): KSPM v1.34.0 ([#1422](https://github.com/sysdiglabs/charts/issues/1422))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.26.3...sysdig-deploy-1.26.4