From 5e334ad0903ef35656806c35c9099721e86d7f3b Mon Sep 17 00:00:00 2001 From: undistrobot Date: Fri, 17 Mar 2023 19:05:12 +0000 Subject: [PATCH] update zora chart --- charts/zora/Chart.yaml | 4 +- charts/zora/README.md | 14 +++-- .../crds/zora.undistro.io_clusterissues.yaml | 4 +- .../zora/crds/zora.undistro.io_clusters.yaml | 4 +- .../crds/zora.undistro.io_clusterscans.yaml | 4 +- .../zora/crds/zora.undistro.io_plugins.yaml | 4 +- charts/zora/templates/operator/rbac.yaml | 4 +- charts/zora/templates/plugins/kubescape.yaml | 52 ------------------- charts/zora/templates/plugins/popeye.yaml | 6 +-- charts/zora/values-hml.yaml | 1 - charts/zora/values.yaml | 21 ++++---- 11 files changed, 32 insertions(+), 86 deletions(-) delete mode 100644 charts/zora/templates/plugins/kubescape.yaml diff --git a/charts/zora/Chart.yaml b/charts/zora/Chart.yaml index f58c308..41fb3dc 100644 --- a/charts/zora/Chart.yaml +++ b/charts/zora/Chart.yaml @@ -17,7 +17,7 @@ name: zora description: Zora scans multiple Kubernetes clusters and reports potential issues. icon: https://zora-docs.undistro.io/assets/logo.png type: application -version: 0.4.4 -appVersion: "v0.4.4" +version: 0.4.5-alpha1 +appVersion: "v0.4.5-alpha1" sources: - https://github.com/undistro/zora diff --git a/charts/zora/README.md b/charts/zora/README.md index 42c101c..35f58c6 100644 --- a/charts/zora/README.md +++ b/charts/zora/README.md @@ -1,6 +1,6 @@ # Zora Helm Chart -![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square&color=3CA9DD) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square&color=3CA9DD) ![AppVersion: v0.4.4](https://img.shields.io/badge/AppVersion-v0.4.4-informational?style=flat-square&color=3CA9DD) +![Version: 0.4.5-alpha1](https://img.shields.io/badge/Version-0.4.5--alpha1-informational?style=flat-square&color=3CA9DD) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square&color=3CA9DD) ![AppVersion: v0.4.5-alpha1](https://img.shields.io/badge/AppVersion-v0.4.5--alpha1-informational?style=flat-square&color=3CA9DD) Zora scans multiple Kubernetes clusters and reports potential issues. @@ -12,7 +12,7 @@ To install the chart with the release name `zora`: helm repo add undistro https://charts.undistro.io --force-update helm upgrade --install zora undistro/zora \ -n zora-system \ - --version 0.4.4 \ + --version 0.4.5-alpha1 \ --create-namespace --wait ``` @@ -56,8 +56,8 @@ The following table lists the configurable parameters of the Zora chart and thei | fullnameOverride | string | `""` | String to fully override fullname template with a string | | saas.workspaceID | string | `""` | Your SaaS workspace ID | | saas.server | string | `"https://zora-dashboard.undistro.io"` | SaaS server URL | -| saas.hooks.image.repository | string | `"radial/busyboxplus"` | SaaS hooks image repository | -| saas.hooks.image.tag | string | `"curl"` | SaaS hooks image tag | +| saas.hooks.image.repository | string | `"curlimages/curl"` | SaaS hooks image repository | +| saas.hooks.image.tag | string | `"7.88.1"` | SaaS hooks image tag | | saas.hooks.installURL | string | `"{{.Values.saas.server}}/zora/api/v1alpha1/workspaces/{{.Values.saas.workspaceID}}/helmreleases"` | SaaS install hook URL template | | imageCredentials.create | bool | `false` | Specifies whether the secret should be created by providing credentials | | imageCredentials.registry | string | `"ghcr.io"` | Docker registry host | @@ -96,11 +96,9 @@ The following table lists the configurable parameters of the Zora chart and thei | scan.defaultPlugins | list | `["popeye"]` | Names of the default plugins | | scan.plugins.popeye.enabled | bool | `true` | | | scan.plugins.popeye.skipInternalResources | bool | `false` | Specifies whether the following resources should be skipped by `popeye` scans. 1. resources from `kube-system`, `kube-public` and `kube-node-lease` namespaces; 2. kubernetes system reserved RBAC (prefixed with `system:`); 3. `kube-root-ca.crt` configmaps; 4. `default` namespace; 5. `default` serviceaccounts; 6. Helm secrets (prefixed with `sh.helm.release`); 7. Zora components. See `popeye` configuration file that is used for this case: https://github.com/undistro/zora/blob/main/charts/zora/templates/plugins/popeye-config.yaml | +| scan.plugins.popeye.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"250m","memory":"256Mi"}}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) to add to `popeye` container | | scan.plugins.popeye.image.repository | string | `"ghcr.io/undistro/popeye"` | popeye plugin image repository | -| scan.plugins.popeye.image.tag | string | `"nonroot"` | popeye plugin image tag | -| scan.plugins.kubescape.enabled | bool | `false` | | -| scan.plugins.kubescape.image.repository | string | `"quay.io/armosec/kubescape"` | kubescape plugin image repository | -| scan.plugins.kubescape.image.tag | string | `"v2.0.163"` | kubescape plugin image tag | +| scan.plugins.popeye.image.tag | string | `"v0.11.1-cross"` | popeye plugin image tag | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/zora/crds/zora.undistro.io_clusterissues.yaml b/charts/zora/crds/zora.undistro.io_clusterissues.yaml index 57532fc..72e0f9d 100644 --- a/charts/zora/crds/zora.undistro.io_clusterissues.yaml +++ b/charts/zora/crds/zora.undistro.io_clusterissues.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Undistro Authors +# Copyright 2023 Undistro Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/zora/crds/zora.undistro.io_clusters.yaml b/charts/zora/crds/zora.undistro.io_clusters.yaml index e8628a3..58cc72e 100644 --- a/charts/zora/crds/zora.undistro.io_clusters.yaml +++ b/charts/zora/crds/zora.undistro.io_clusters.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Undistro Authors +# Copyright 2023 Undistro Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/zora/crds/zora.undistro.io_clusterscans.yaml b/charts/zora/crds/zora.undistro.io_clusterscans.yaml index b343738..5b296f3 100644 --- a/charts/zora/crds/zora.undistro.io_clusterscans.yaml +++ b/charts/zora/crds/zora.undistro.io_clusterscans.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Undistro Authors +# Copyright 2023 Undistro Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/zora/crds/zora.undistro.io_plugins.yaml b/charts/zora/crds/zora.undistro.io_plugins.yaml index 07f4613..2ccd11f 100644 --- a/charts/zora/crds/zora.undistro.io_plugins.yaml +++ b/charts/zora/crds/zora.undistro.io_plugins.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Undistro Authors +# Copyright 2023 Undistro Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/zora/templates/operator/rbac.yaml b/charts/zora/templates/operator/rbac.yaml index 1f7f596..b505094 100644 --- a/charts/zora/templates/operator/rbac.yaml +++ b/charts/zora/templates/operator/rbac.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Undistro Authors +# Copyright 2023 Undistro Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/charts/zora/templates/plugins/kubescape.yaml b/charts/zora/templates/plugins/kubescape.yaml deleted file mode 100644 index 8748a8a..0000000 --- a/charts/zora/templates/plugins/kubescape.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2022 Undistro Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.scan.plugins.kubescape.enabled -}} -apiVersion: zora.undistro.io/v1alpha1 -kind: Plugin -metadata: - name: kubescape - labels: - {{- include "zora.labels" . | nindent 4 }} -spec: - image: "{{ .Values.scan.plugins.kubescape.image.repository }}:{{ .Values.scan.plugins.kubescape.image.tag }}" - env: - - name: KUBESCAPE_ARTIFACTS - value: /home/armo/.kubescape/ - - name: KS_SKIP_UPDATE_CHECK - value: 'true' - command: - - /bin/sh - - -c - - | - start=$(date +%s) - /usr/bin/kubescape scan \ - --use-artifacts-from=$(KUBESCAPE_ARTIFACTS) \ - --keep-local \ - --format=json \ - --output=$(DONE_DIR)/results.json \ - --disable-color \ - --logger error \ - --format-version=v2 - exitcode=$(echo $?) - if [ $exitcode -ne 0 ]; then - echo "ERROR" > $(DONE_DIR)/error - else - echo $(DONE_DIR)/results.json > $(DONE_DIR)/done - fi - ls -lh $(DONE_DIR)/ - end=$(date +%s) - echo "Scan has finished in $(($end-$start)) seconds with exit code $exitcode" - exit $exitcode -{{- end }} diff --git a/charts/zora/templates/plugins/popeye.yaml b/charts/zora/templates/plugins/popeye.yaml index 24c7212..4e806e2 100644 --- a/charts/zora/templates/plugins/popeye.yaml +++ b/charts/zora/templates/plugins/popeye.yaml @@ -20,10 +20,10 @@ metadata: {{- include "zora.labels" . | nindent 4 }} spec: image: "{{ .Values.scan.plugins.popeye.image.repository }}:{{ .Values.scan.plugins.popeye.image.tag }}" + {{- if .Values.scan.plugins.popeye.resources }} resources: - limits: - cpu: 500m - memory: 100Mi + {{- toYaml .Values.scan.plugins.popeye.resources | nindent 4 }} + {{- end }} {{- if .Values.scan.plugins.popeye.skipInternalResources }} envFrom: - configMapRef: diff --git a/charts/zora/values-hml.yaml b/charts/zora/values-hml.yaml index a3e0b37..5b58552 100644 --- a/charts/zora/values-hml.yaml +++ b/charts/zora/values-hml.yaml @@ -15,7 +15,6 @@ scan: defaultPlugins: - popeye - - kubescape ui: image: # UI private repository diff --git a/charts/zora/values.yaml b/charts/zora/values.yaml index acc9442..01e455d 100644 --- a/charts/zora/values.yaml +++ b/charts/zora/values.yaml @@ -25,9 +25,9 @@ saas: hooks: image: # -- SaaS hooks image repository - repository: radial/busyboxplus + repository: curlimages/curl # -- SaaS hooks image tag - tag: curl + tag: '7.88.1' # -- SaaS install hook URL template installURL: "{{.Values.saas.server}}/zora/api/v1alpha1/workspaces/{{.Values.saas.workspaceID}}/helmreleases" @@ -153,15 +153,16 @@ scan: # 7. Zora components. # See `popeye` configuration file that is used for this case: https://github.com/undistro/zora/blob/main/charts/zora/templates/plugins/popeye-config.yaml skipInternalResources: false + # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) to add to `popeye` container + resources: + requests: + cpu: 250m + memory: 256Mi + limits: + cpu: 500m + memory: 500Mi image: # -- popeye plugin image repository repository: ghcr.io/undistro/popeye # -- popeye plugin image tag - tag: nonroot - kubescape: - enabled: false - image: - # -- kubescape plugin image repository - repository: quay.io/armosec/kubescape - # -- kubescape plugin image tag - tag: v2.0.163 + tag: v0.11.1-cross