From f408337da0b465f06e933c7e2b4c418e3d21dcca Mon Sep 17 00:00:00 2001 From: Adi Shaull Date: Mon, 11 Dec 2023 10:17:31 +0200 Subject: [PATCH] SLK-74691 - Fix indentation SLK-68752 - Change dnsNdots to global value Fix dependencies repository - [#808](https://github.com/aquasecurity/aqua-helm/issues/808) Fix README.md [#806](https://github.com/aquasecurity/aqua-helm/issues/806) --- README.md | 12 +++++----- kube-enforcer/CHANGELOG.md | 6 +++++ kube-enforcer/Chart.yaml | 4 ++-- kube-enforcer/README.md | 2 +- .../templates/kube-enforcer-deployment.yaml | 4 ++-- kube-enforcer/values.yaml | 3 +-- server/CHANGELOG.md | 3 +++ server/Chart.yaml | 4 ++-- server/templates/job-check-db-upgrade.yaml | 22 +++++++++---------- 9 files changed, 34 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 320f3623..da4564e2 100644 --- a/README.md +++ b/README.md @@ -27,10 +27,10 @@ This repository includes the following charts; they can be deployed separately: | Chart | Description | Latest Chart Version | |-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------| -| [Server](server/) | Deploys the Console, Database, and Gateway components; optionally deploys Envoy component | 2022.4.21 | -| [Enforcer](enforcer/) | Deploys the Aqua Enforcer daemonset | 2022.4.16 | +| [Server](server/) | Deploys the Console, Database, and Gateway components; optionally deploys Envoy component | 2022.4.22 | +| [Enforcer](enforcer/) | Deploys the Aqua Enforcer daemonset | 2022.4.18 | | [Scanner](scanner/) | Deploys the Aqua Scanner deployment | 2022.4.6 | -| [KubeEnforcer](kube-enforcer/) | Deploys Aqua KubeEnforcer | 2022.4.34 | +| [KubeEnforcer](kube-enforcer/) | Deploys Aqua KubeEnforcer | 2022.4.35 | | [Gateway](gateway) | Deploys the Aqua Standalone Gateway | 2022.4.12 | | [Tenant-Manager](tenant-manager/) | Deploys the Aqua Tenant Manager | 2022.4.0 | | [Cyber Center](cyber-center/) | Deploys Aqua CyberCenter offline for air-gap environment | 2022.4.2 | @@ -80,11 +80,11 @@ NAME CHART VERSION APP VERSION DESCRIPTION aqua-helm/codesec-agent 1.2.3 2022.4 A Helm chart for the Argon Broker Deployment aqua-helm/cloud-connector 2022.4.4 2022.4 A Helm chart for Aqua Cloud-Connector aqua-helm/cyber-center 2022.4.2 2022.4 A Helm chart for Aqua CyberCenter -aqua-helm/enforcer 2022.4.16 2022.4 A Helm chart for the Aqua Enforcer -aqua-helm/kube-enforcer 2022.4.34 2022.4 A Helm chart for the Aqua KubeEnforcer Starboard +aqua-helm/enforcer 2022.4.18 2022.4 A Helm chart for the Aqua Enforcer +aqua-helm/kube-enforcer 2022.4.35 2022.4 A Helm chart for the Aqua KubeEnforcer Starboard aqua-helm/gateway 2022.4.12 2022.4 A Helm chart for the Aqua Gateway aqua-helm/scanner 2022.4.6 2022.4 A Helm chart for the Aqua Scanner CLI component -aqua-helm/server 2022.4.21 2022.4 A Helm chart for the Aqua Console components +aqua-helm/server 2022.4.22 2022.4 A Helm chart for the Aqua Console components aqua-helm/tenant-manager 2022.4.1 2022.4 A Helm chart for the Aqua Tenant Manager ``` diff --git a/kube-enforcer/CHANGELOG.md b/kube-enforcer/CHANGELOG.md index 316e59c8..0a437c0b 100644 --- a/kube-enforcer/CHANGELOG.md +++ b/kube-enforcer/CHANGELOG.md @@ -1,6 +1,12 @@ # Changelog All notable changes to this project will be documented in this file. +## 2022.4.35 ( Dec 10th, 2023 ) +### ⚠ BREAKING CHANGES +* SLK-68752 - Change dnsNdots to global value +* Fix dependencies repository - [#808](https://github.com/aquasecurity/aqua-helm/issues/808) +* Fix README.md [#806](https://github.com/aquasecurity/aqua-helm/issues/806) + ## 2022.4.34 ( Dec 7th, 2023 ) * Updated starboard version to v0.15.18 diff --git a/kube-enforcer/Chart.yaml b/kube-enforcer/Chart.yaml index d93a7f63..ee3c1ab8 100644 --- a/kube-enforcer/Chart.yaml +++ b/kube-enforcer/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 appVersion: "2022.4" description: A Helm chart for the Aqua KubeEnforcer name: kube-enforcer -version: "2022.4.33" +version: "2022.4.35" dependencies: - name: enforcer version: "2022.4.18" - repository: "file://../enforcer/" + repository: "https://helm.aquasec.com" condition: global.enforcer.enabled icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4 keywords: diff --git a/kube-enforcer/README.md b/kube-enforcer/README.md index e127d1bb..577380ac 100644 --- a/kube-enforcer/README.md +++ b/kube-enforcer/README.md @@ -332,7 +332,7 @@ To perform kube-bench scans in the cluster, the KubeEnforcer needs: | Parameter | Description | Default | Mandatory | |--------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------|--------------------------------------------------------------------------------------------------| -| `global.imageCredentials.create` | Set to create new pull image secret | `true` | `Yes - New cluster` | +| `global.imageCredentials.create` | Set to create new pull image secret | `false` | `Yes - New cluster` | | `global.imageCredentials.name` | Your Docker pull image secret name | `aqua-registry-secret` | `Yes - New cluster` | | `global.imageCredentials.repositoryUriPrefix` | repository uri prefix for dockerhub set `docker.io` | `registry.aquasec.com` | `Yes - New cluster` | | `global.imageCredentials.registry` | set the registry url for dockerhub set `index.docker.io/v1/` | `registry.aquasec.com` | `Yes - New cluster` | diff --git a/kube-enforcer/templates/kube-enforcer-deployment.yaml b/kube-enforcer/templates/kube-enforcer-deployment.yaml index a3411c1d..83267a4b 100644 --- a/kube-enforcer/templates/kube-enforcer-deployment.yaml +++ b/kube-enforcer/templates/kube-enforcer-deployment.yaml @@ -35,11 +35,11 @@ spec: {{- end }} {{ include "aqua.labels" . | indent 8 }} spec: - {{- if .Values.dnsNdots }} + {{- if .Values.global.dnsNdots }} dnsConfig: options: - name: ndots - value: {{ int .Values.dnsNdots | quote }} + value: {{ int .Values.global.dnsNdots | quote }} {{- end }} {{- with .Values.securityContext }} securityContext: diff --git a/kube-enforcer/values.yaml b/kube-enforcer/values.yaml index 639d6a0d..d83e359e 100644 --- a/kube-enforcer/values.yaml +++ b/kube-enforcer/values.yaml @@ -11,6 +11,7 @@ global: # k3s = k3s kubernetes platform # mke = Mirantis Kubernetes Engine platform: "" + dnsNdots: enforcer: enabled: false gateway: @@ -100,8 +101,6 @@ logLevel: "" # Comma-separated node-labels for nodes on which Kube-Bench is to be skipped. key1=val1,key2=val2,... skipNodes: "" -dnsNdots: - # Set create to false if you want to use an existing secret for the kube-enforcer certs # If certsSecret.create and certsSecret.name defined then need provide certsSecret.serverCertificate and # certsSecret.serverKey and webhooks.caBundle encrypted with base64 and secret for TLS connectivity with kube-api will be created diff --git a/server/CHANGELOG.md b/server/CHANGELOG.md index 39af5de3..78a7c852 100644 --- a/server/CHANGELOG.md +++ b/server/CHANGELOG.md @@ -1,6 +1,9 @@ # Changelog All notable changes to this project will be documented in this file. +## 2022.4.35 ( Dec 10th, 2023 ) +* Fix indentation and formatting for external DB - [#790](https://github.com/aquasecurity/aqua-helm/issues/790) + ## 2022.4.21 (Dec 5 th, 2023) * Allow the API version of PodDisruptionBudget to be overridden [#807](https://github.com/aquasecurity/aqua-helm/pull/807) diff --git a/server/Chart.yaml b/server/Chart.yaml index 8c4647dc..7d8a7e5e 100644 --- a/server/Chart.yaml +++ b/server/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 appVersion: "2022.4" description: A Helm chart for the Aqua Console components name: server -version: "2022.4.21" +version: "2022.4.22" dependencies: - name: gateway version: "2022.4.12" - repository: "file://../gateway/" + repository: "https://helm.aquasec.com" condition: gateway.enabled icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4 home: https://www.aquasec.com/ diff --git a/server/templates/job-check-db-upgrade.yaml b/server/templates/job-check-db-upgrade.yaml index a502deca..7be5751a 100644 --- a/server/templates/job-check-db-upgrade.yaml +++ b/server/templates/job-check-db-upgrade.yaml @@ -38,7 +38,7 @@ spec: {{- end }} image: "{{ .Values.imageCredentials.repositoryUriPrefix }}/{{ .Values.web.image.repository }}:{{ .Values.web.image.tag }}" imagePullPolicy: "{{ .Values.web.image.pullPolicy }}" - command: ["/opt/aquasec/sedockweb", "test-upgrade"] + command: [ "/opt/aquasec/sedockweb", "test-upgrade" ] envFrom: - configMapRef: name: {{ .Release.Name }}-web-config @@ -78,16 +78,16 @@ spec: key: audit-password {{- end }} {{ if .Values.global.db.externalDbCerts.enable }} - - name: SSL_CERT_DIR - value: /etc/ext_db_certs - volumeMounts: - - name: ext-db-cert - mountPath: /etc/ext_db_certs - readOnly: true - volumes: - - name: ext-db-cert - secret: - secretName: {{ .Values.global.db.externalDbCerts.certSecretName }} + - name: SSL_CERT_DIR + value: /etc/ext_db_certs + volumeMounts: + - name: ext-db-cert + mountPath: /etc/ext_db_certs + readOnly: true + volumes: + - name: ext-db-cert + secret: + secretName: {{ .Values.global.db.externalDbCerts.certSecretName }} {{ end }} imagePullSecrets: {{- if .Values.imageCredentials.create }}