add sbom generation on node-agent feature

Signed-off-by: Matthias Bertschy <[email protected]>
kubescape · Dec 5, 2024 · 5b1f6ef · 5b1f6ef
1 parent 11e4004
commit 5b1f6ef
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 39 deletions.
diff --git a/charts/kubescape-operator/templates/node-agent/clusterrole.yaml b/charts/kubescape-operator/templates/node-agent/clusterrole.yaml
@@ -23,10 +23,10 @@ rules:
   resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
   verbs: ["get", "watch", "list"]
 - apiGroups: ["spdx.softwarecomposition.kubescape.io"]
-  resources: ["sbomsyfts", "seccompprofiles"]
+  resources: ["seccompprofiles"]
   verbs: ["get", "watch", "list"]
 - apiGroups: ["spdx.softwarecomposition.kubescape.io"]
-  resources: ["applicationactivities", "applicationprofiles", "networkneighborses", "networkneighborhoods", "sbomsyftfiltereds"]
+  resources: ["applicationactivities", "applicationprofiles", "networkneighborses", "networkneighborhoods", "sbomsyfts", "sbomsyftfiltereds"]
   verbs: ["create", "get", "update", "watch", "list", "patch"]
 - apiGroups: ["kubescape.io"]
   resources: ["runtimerulealertbindings"]

diff --git a/charts/kubescape-operator/templates/node-agent/configmap.yaml b/charts/kubescape-operator/templates/node-agent/configmap.yaml
@@ -26,6 +26,9 @@ data:
         "networkServiceEnabled": {{ eq .Values.capabilities.networkPolicyService "enable" }},
         "malwareDetectionEnabled": {{ eq .Values.capabilities.malwareDetection "enable" }},
         "nodeProfileServiceEnabled": {{ eq .Values.capabilities.nodeProfileService "enable" }},
+        "maxImageSize": {{ .Values.kubevuln.config.maxImageSize }},
+        "maxSBOMSize": {{ .Values.kubevuln.config.maxSBOMSize }},
+        "sbomGenerationEnabled": {{ eq .Values.capabilities.nodeSbomGeneration "enable" }},
         "seccompServiceEnabled": {{ eq .Values.capabilities.seccompProfileService "enable" }},
         "initialDelay": "{{ .Values.nodeAgent.config.learningPeriod }}",
         "updateDataPeriod": "{{ .Values.nodeAgent.config.updatePeriod }}",

diff --git a/charts/kubescape-operator/templates/node-agent/daemonset.yaml b/charts/kubescape-operator/templates/node-agent/daemonset.yaml
@@ -144,11 +144,9 @@ spec:
             - name: KS_LOGGER_NAME
               value: "{{ .Values.logger.name }}"
             {{- if $components.otelCollector.enabled }}
-            {{- if $components.synchronizer.enabled }}
             - name: OTEL_COLLECTOR_SVC
               value: "otel-collector:4318"
             {{- end }}
-            {{- end }}
             {{- if $components.clamAV.enabled }}
             - name: CLAMAV_SOCKET
               value: "/clamav/clamd.sock"