Merge branch '2022.4' into updateKbRegistry

mjshastha · mjshastha · commit 7d6a33a8f2ed · 2024-10-14T13:01:05.000+05:30
diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/001_kube_enforcer_config.yaml
@@ -1096,7 +1096,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 data:
   trivy.repository: "ghcr.io/aquasecurity/trivy"
@@ -1124,7 +1124,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 data:
   scanJob.podTemplateContainerSecurityContext: "{\"allowPrivilegeEscalation\":false,\"capabilities\":{\"drop\":[\"ALL\"]},\"privileged\":false,\"readOnlyRootFilesystem\":true}"
@@ -1141,7 +1141,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 data:
 ---
@@ -1153,7 +1153,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 ---
 apiVersion: v1
@@ -1164,7 +1164,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1402,7 +1402,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1421,7 +1421,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 rules:
   - apiGroups:
@@ -1451,7 +1451,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 roleRef:
   apiGroup: rbac.authorization.k8s.io
diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml
@@ -158,7 +158,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 spec:
   replicas: 1
@@ -178,7 +178,7 @@ spec:
       automountServiceAccountToken: true
       containers:
         - name: "trivy-operator"
-          image: "docker.io/aquasec/trivy-operator:0.16.1"
+          image: "docker.io/aquasec/trivy-operator:0.20.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: OPERATOR_NAMESPACE
@@ -245,6 +245,8 @@ spec:
               value: "10h"
             - name: OPERATOR_MERGE_RBAC_FINDING_WITH_CONFIG_AUDIT
               value: "true"
+            - name: CONTROLLER_CACHE_SYNC_TIMEOUT
+              value: "5m"
           ports:
             - name: metrics
               containerPort: 8080
diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml
@@ -946,7 +946,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 data:
   trivy.repository: "ghcr.io/aquasecurity/trivy"
@@ -974,7 +974,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 data:
   scanJob.podTemplateContainerSecurityContext: "{\"allowPrivilegeEscalation\":false,\"capabilities\":{\"drop\":[\"ALL\"]},\"privileged\":false,\"readOnlyRootFilesystem\":true}"
@@ -991,7 +991,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 data:
 ---
@@ -1003,7 +1003,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 ---
 apiVersion: v1
@@ -1014,7 +1014,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1252,7 +1252,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1271,7 +1271,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 rules:
   - apiGroups:
@@ -1301,7 +1301,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 roleRef:
   apiGroup: rbac.authorization.k8s.io
diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/003_kube_enforcer_deploy.yaml
@@ -98,7 +98,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.16.1"
+    app.kubernetes.io/version: "0.20.1"
     app.kubernetes.io/managed-by: kubectl
 spec:
   replicas: 1
@@ -118,7 +118,7 @@ spec:
       automountServiceAccountToken: true
       containers:
         - name: "trivy-operator"
-          image: "docker.io/aquasec/trivy-operator:0.16.1"
+          image: "docker.io/aquasec/trivy-operator:0.20.1"
           imagePullPolicy: IfNotPresent
           env:
             - name: OPERATOR_NAMESPACE
@@ -185,6 +185,8 @@ spec:
               value: "10h"
             - name: OPERATOR_MERGE_RBAC_FINDING_WITH_CONFIG_AUDIT
               value: "true"
+            - name: CONTROLLER_CACHE_SYNC_TIMEOUT
+              value: "5m"
           ports:
             - name: metrics
               containerPort: 8080
diff --git a/scanner/kubernetes_and_openshift/manifests/003_scanner_configmap.yaml b/scanner/kubernetes_and_openshift/manifests/003_scanner_configmap.yaml
@@ -18,3 +18,10 @@ data:
 
   # Set this to 1 to establish mTLS connection with CyberCenter
   #OFFLINE_CC_MTLS_ENABLE: "1"
+
+  #health monitor is supported from SaaS scanner version 2407.4.20 and for on-prem 2022.4.613.7
+  # enable below two values for health check monitor (liveness probe)
+  #AQUA_HEALTH_MONITOR_ENABLED: "true"
+  #AQUA_HEALTH_MONITOR_PORT: "8081"
+
+
diff --git a/scanner/kubernetes_and_openshift/manifests/004_scanner_deploy.yaml b/scanner/kubernetes_and_openshift/manifests/004_scanner_deploy.yaml
@@ -36,6 +36,16 @@ spec:
         - name: kube-scanner
           image: registry.aquasec.com/scanner:2022.4
           imagePullPolicy: Always
+#          livenessProbe:
+#            httpGet:
+#              port: 8081
+#              path: /healthz
+#              scheme: HTTP
+#            initialDelaySeconds: 15
+#            periodSeconds: 60
+#            successThreshold: 1
+#            failureThreshold: 3
+#            timeoutSeconds: 1
 #          resources:
 #            limits:
 #              cpu: 2000m
