fix permission-manager versions

devopstales · devopstales · commit c4391c82a2f2 · 2022-04-08T18:43:38.000+02:00
diff --git a/charts/1-crd.yaml b/charts/1-crd.yaml
@@ -0,0 +1,213 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: vulnerabilityreports.trivy-operator.devopstales.io
+  labels:
+    app.kubernetes.io/managed-by: trivy-operator
+spec:
+  group: trivy-operator.devopstales.io
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          description: |
+            VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages
+            built into container images.
+          type: object
+          required:
+            - apiVersion
+            - kind
+            - metadata
+            - report
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            report:
+              description: |
+                Report is the actual vulnerability report data.
+              type: object
+              required:
+                - updateTimestamp
+                - artifact
+                - summary
+                - vulnerabilities
+              properties:
+                updateTimestamp:
+                  description: |
+                    UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
+                  type: string
+                  format: date-time
+                registry:
+                  description: |
+                    Registry is the registry the Artifact was pulled from.
+                  type: object
+                  properties:
+                    server:
+                      description: |
+                        Server the FQDN of registry server.
+                      type: string
+                artifact:
+                  description: |
+                    Artifact represents a standalone, executable package of software that includes everything needed to
+                    run an application.
+                  type: object
+                  properties:
+                    repository:
+                      description: |
+                        Repository is the name of the repository in the Artifact registry.
+                      type: string
+                    tag:
+                      description: |
+                        Tag is a mutable, human-readable string used to identify an Artifact.
+                      type: string
+                summary:
+                  description: |
+                    Summary is a summary of Vulnerability counts grouped by Severity.
+                  type: object
+                  required:
+                    - criticalCount
+                    - highCount
+                    - mediumCount
+                    - lowCount
+                    - unknownCount
+                    - status
+                  properties:
+                    criticalCount:
+                      description: |
+                        CriticalCount is the number of vulnerabilities with Critical Severity.
+                      type: integer
+                      minimum: 0
+                    highCount:
+                      description: |
+                        HighCount is the number of vulnerabilities with High Severity.
+                      type: integer
+                      minimum: 0
+                    mediumCount:
+                      description: |
+                        MediumCount is the number of vulnerabilities with Medium Severity.
+                      type: integer
+                      minimum: 0
+                    lowCount:
+                      description: |
+                        LowCount is the number of vulnerabilities with Low Severity.
+                      type: integer
+                      minimum: 0
+                    unknownCount:
+                      description: |
+                        UnknownCount is the number of vulnerabilities with unknown severity.
+                      type: integer
+                      minimum: 0
+                    status:
+                      description: |
+                        The status of the image scann
+                      type: string
+                      enum:
+                          - OK
+                          - ERROR
+                vulnerabilities:
+                  description: |
+                    Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
+                  type: array
+                  items:
+                    type: object
+                    required:
+                      - vulnerabilityID
+                      - resource
+                      - installedVersion
+                      - severity
+                      - title
+                    properties:
+                      vulnerabilityID:
+                        description: |
+                          VulnerabilityID the vulnerability identifier.
+                        type: string
+                      resource:
+                        description: |
+                          Resource is a vulnerable package, application, or library.
+                        type: string
+                      installedVersion:
+                        description: |
+                          InstalledVersion indicates the installed version of the Resource.
+                        type: string
+                      score:
+                        type: number
+                      severity:
+                        type: string
+                        enum:
+                          - CRITICAL
+                          - HIGH
+                          - MEDIUM
+                          - LOW
+                          - UNKNOWN
+                          - NONE
+                          - ERROR
+                      title:
+                        type: string
+                      description:
+                        type: string
+                      primaryLink:
+                        type: string
+                      links:
+                        type: array
+                        items:
+                          type: string
+      additionalPrinterColumns:
+        - jsonPath: .report.artifact.repository
+          type: string
+          name: Repository
+          description: The name of image repository
+        - jsonPath: .report.artifact.tag
+          type: string
+          name: Tag
+          description: The name of image tag
+        - jsonPath: .metadata.creationTimestamp
+          type: date
+          name: Age
+          description: The age of the report
+        - jsonPath: .report.summary.criticalCount
+          type: integer
+          name: Critical
+          description: The number of critical vulnerabilities
+          priority: 1
+        - jsonPath: .report.summary.highCount
+          type: integer
+          name: High
+          description: The number of high vulnerabilities
+          priority: 1
+        - jsonPath: .report.summary.mediumCount
+          type: integer
+          name: Medium
+          description: The number of medium vulnerabilities
+          priority: 1
+        - jsonPath: .report.summary.lowCount
+          type: integer
+          name: Low
+          description: The number of low vulnerabilities
+          priority: 1
+        - jsonPath: .report.summary.unknownCount
+          type: integer
+          name: Unknown
+          description: The number of unknown vulnerabilities
+          priority: 1
+        - jsonPath: .report.summary.status
+          type: string
+          name: STATUS
+          description: The status of the image scann
+          priority: 0
+  scope: Namespaced
+  names:
+    singular: vulnerabilityreport
+    plural: vulnerabilityreports
+    kind: VulnerabilityReport
+    listKind: VulnerabilityReportList
+    categories:
+      - all
+    shortNames:
+      - vuln
+      - vulns
diff --git a/charts/kube-openid-connect/Chart.yaml b/charts/kube-openid-connect/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0
+version: "1.1.0"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+appVersion: "1.0.0"
diff --git a/charts/kube-openid-connect/templates/NOTES.txt b/charts/kube-openid-connect/templates/NOTES.txt
@@ -22,8 +22,12 @@ systemctl restart kubelet
 brew tap devopstales/devopstales
 brew install kubectl-login
 
-# Krew (macOS, Linux, Windows and ARM)
-kubectl krew install openid-connect
+# Main Krew with differente name (macOS, Linux, Windows and ARM)
+kubectl krew install dtlogin
+
+# My krew repo (macOS, Linux, Windows and ARM)
+kubectl krew index add devopstales https://github.com/devopstales/krew
+kubectl krew install devopstales/login
 
 # Chocolatey (Windows)
 choco install kubectl-login
@@ -34,5 +38,7 @@ https://github.com/devopstales/kube-openid-connect/releases
 4. Use the plugin to login:
 
 $ kubectl login {{  .Values.server.oidcRedirectUrlHttpScema }}://{{ .Values.server.oidcRedirectUrlHost }}
+# OR I sou installed from main Krew
+kubectl dtlogin {{  .Values.server.oidcRedirectUrlHttpScema }}://{{ .Values.server.oidcRedirectUrlHost }}
 Configfile created with config for productioncluster to ~/.kube/config
 Happy Kubernetes interaction!
diff --git a/charts/permission-manager/Chart.yaml b/charts/permission-manager/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: permission-manager
 description: Web UI for ServiceAccount RBAC manager
 type: application
-version: 1.7.1-2
+version: 1.8.0
 appVersion: 1.7.1-rc1
diff --git a/charts/trivy-operator/crds/0-crd.yaml b/charts/trivy-operator/crds/0-crd.yaml
@@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: namespace-scanners.trivy-operator.devopstales.io
+  labels:
+    app.kubernetes.io/managed-by: trivy-operator
 spec:
   conversion:
     strategy: None
@@ -48,5 +50,3 @@ spec:
         type: object
     served: true
     storage: true
-    subresources:
-      status: {}
diff --git a/charts/trivy-operator/templates/2-pvc.yaml b/charts/trivy-operator/templates/2-pvc.yaml
@@ -14,10 +14,11 @@ spec:
   storageClassName: ""
 {{- else }}
   storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
 {{- end }}
   accessModes:
     - {{ .Values.persistence.accessMode | quote }}
-  resources: 
-    requests: 
-      storage: {{ .Values.persistence.size }}
-{{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- end }}
diff --git a/charts/trivy-operator/templates/3-deployment.yaml b/charts/trivy-operator/templates/3-deployment.yaml
@@ -40,11 +40,15 @@ spec:
               fieldPath: metadata.namespace
         - name: LOG_LEVEL
           value: "{{ .Values.log_level }}"
+{{- if .Values.admissionController.enabled }}
+        - name: ADMISSION_CONTROLLER
+          value: "{{ .Values.admissionController.token }}"
+{{- end }}
 {{- if .Values.githubToken.enabled }}
         - name: GITHUB_TOKEN
           value: "{{ .Values.githubToken.token }}"
 {{- end }}
-{{- if .Values.storage.enabled }}
+{{- if .Values.persistence.enabled }}
         volumeMounts:
         - name: cache
           mountPath: "/home/trivy-operator/trivy-cache"
@@ -56,7 +60,7 @@ spec:
           - name: https
             containerPort: 8443
             protocol: TCP
-{{- if .Values.storage.enabled }}
+{{- if .Values.persistence.enabled }}
       volumes:
       - name: cache
         persistentVolumeClaim:
diff --git a/charts/trivy-operator/values.yaml b/charts/trivy-operator/values.yaml
@@ -26,6 +26,9 @@ serviceMonitor:
 
 persistence:
   enabled: true
+  accessMode: "ReadWriteOnce"
+  size: "1Gi"
+  annotations: {}
   ## database data Persistent Volume Storage Class
   ## If defined, storageClassName: <storageClass>
   ## If set to "-", storageClassName: "", which disables dynamic provisioning
@@ -34,15 +37,15 @@ persistence:
   ##   GKE, AWS & OpenStack)
   ##
   # storageClass: "-"
-  accessMode: ReadWriteOnce
-  size: 1Gi
-  annotations: {}
 
 namespaceScanner:
   crontab: "*/5 * * * *"
   namespaceSelector: "trivy-scan"
   clusterWide: false
 
+admissionController:
+  enabled: false
+
 registryAuth:
   enabled: false
   registry:
@@ -53,3 +56,4 @@ registryAuth:
 githubToken:
   enabled: false
   token: ""
+ 
