From 399fb3a851b791580191a53c29364113b7579996 Mon Sep 17 00:00:00 2001 From: Adi Shaull Date: Sun, 18 Jun 2023 12:37:43 +0300 Subject: [PATCH 1/2] SLK-60435 Add cloud connect --- main.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/main.go b/main.go index 1c150f0..721be89 100644 --- a/main.go +++ b/main.go @@ -21,6 +21,7 @@ import ( "fmt" "github.com/aquasecurity/aqua-operator/controllers/aquasecurity/aquastarboard" "github.com/aquasecurity/aqua-operator/controllers/ocp" + "github.com/aquasecurity/aqua-operator/controllers/operator/aquacloudconnector" "github.com/aquasecurity/aqua-operator/controllers/operator/aquacsp" "github.com/aquasecurity/aqua-operator/controllers/operator/aquadatabase" "github.com/aquasecurity/aqua-operator/controllers/operator/aquaenforcer" @@ -163,13 +164,13 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "AquaScanner") os.Exit(1) } - //if err = (&aquacloudconnector.AquaCloudConnectorReconciler{ - // Client: mgr.GetClient(), - // Scheme: mgr.GetScheme(), - //}).SetupWithManager(mgr); err != nil { - // setupLog.Error(err, "unable to create controller", "controller", "AquaCloudConnector") - // os.Exit(1) - //} + if err = (&aquacloudconnector.AquaCloudConnectorReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "AquaCloudConnector") + os.Exit(1) + } if err = (&aqualightning.AquaLightningReconciler{ Client: mgr.GetClient(), From 7be48be40d81bcc5a3e3fc0ae9caa191d2a58354 Mon Sep 17 00:00:00 2001 From: Adi Shaull Date: Tue, 11 Jul 2023 15:21:35 +0300 Subject: [PATCH 2/2] SLK-69062 Update community operator with the new KE deployment requirements --- .../aquastarboard/aquaStarboardHelper.go | 17 ++++++++++++++++- .../aquakubeenforcer/aquaKubeEnforcerHelper.go | 12 ++++++++++++ docs/DeployOpenShiftOperator.md | 2 +- pkg/consts/consts.go | 4 ++-- test/consts/testing_consts.go | 2 +- 5 files changed, 32 insertions(+), 5 deletions(-) diff --git a/controllers/aquasecurity/aquastarboard/aquaStarboardHelper.go b/controllers/aquasecurity/aquastarboard/aquaStarboardHelper.go index b77cbcb..0ba75de 100644 --- a/controllers/aquasecurity/aquastarboard/aquaStarboardHelper.go +++ b/controllers/aquasecurity/aquastarboard/aquaStarboardHelper.go @@ -74,6 +74,17 @@ func (enf *AquaStarboardHelper) CreateStarboardClusterRole(name string, namespac "get", "list", "watch", }, }, + { + APIGroups: []string{ + "apps.openshift.io", + }, + Resources: []string{ + "deploymentconfigs", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, { APIGroups: []string{ "batch", @@ -131,7 +142,7 @@ func (enf *AquaStarboardHelper) CreateStarboardClusterRole(name string, namespac }, { APIGroups: []string{ - "networking.k8s.io", + "networking.k8s.io", "extensions", }, Resources: []string{ "networkpolicies", "ingresses", @@ -573,6 +584,10 @@ func (ebf *AquaStarboardHelper) getStarboardEnvVars(cr *aquasecurityv1alpha1.Aqu Name: "OPERATOR_HEALTH_PROBE_BIND_ADDRESS", Value: consts.OperatorHealthProbeBindAddress, }, + { + Name: "OPERATOR_CONFIG_AUDIT_SCANNER_SCAN_ONLY_CURRENT_REVISIONS", + Value: "true", + }, } operatorLogDevMode := corev1.EnvVar{ Name: "OPERATOR_LOG_DEV_MODE", diff --git a/controllers/operator/aquakubeenforcer/aquaKubeEnforcerHelper.go b/controllers/operator/aquakubeenforcer/aquaKubeEnforcerHelper.go index f818023..062516b 100644 --- a/controllers/operator/aquakubeenforcer/aquaKubeEnforcerHelper.go +++ b/controllers/operator/aquakubeenforcer/aquaKubeEnforcerHelper.go @@ -80,6 +80,17 @@ func (enf *AquaKubeEnforcerHelper) CreateKubeEnforcerClusterRole(name string, na "get", "list", "watch", }, }, + { + APIGroups: []string{ + "apps.openshift.io", + }, + Resources: []string{ + "deploymentconfigs", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, { APIGroups: []string{ "*", @@ -365,6 +376,7 @@ func (enf *AquaKubeEnforcerHelper) CreateValidatingWebhook(cr, namespace, name, Resources: []string{ "pods", "deployments", + "deploymentconfigs", "replicasets", "replicationcontrollers", "statefulsets", diff --git a/docs/DeployOpenShiftOperator.md b/docs/DeployOpenShiftOperator.md index 99699b5..45d697c 100644 --- a/docs/DeployOpenShiftOperator.md +++ b/docs/DeployOpenShiftOperator.md @@ -688,7 +688,7 @@ spec: gateway_address: 'aqua-gateway:8443' # Required: provide <> cluster_name: Default-cluster-name # Required: provide your cluster name imagePullSecret: aqua-registry # Required: provide the imagePullSecret name - kubebench_image: 'docker.io/aquasec/kube-bench:v0.6.12' # Optional: KubeBench image name can be replace with custom registry + kubebench_image: 'docker.io/aquasec/kube-bench:v0.6.15' # Optional: KubeBench image name can be replace with custom registry deploy: service: ClusterIP image: diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go index 6091a61..6f5af3f 100644 --- a/pkg/consts/consts.go +++ b/pkg/consts/consts.go @@ -85,7 +85,7 @@ const ( LatestVersion = "2022.4" // StarboardVersion Latest starboard version - StarboardVersion = "0.15.10" + StarboardVersion = "0.15.13" // CyberCenterAddress Aqua Cybercenter Address CyberCenterAddress = "https://cybercenter5.aquasec.com" @@ -164,7 +164,7 @@ const ( EnforcerConfigMapName = "aqua-csp-enforcer" - KubeBenchImageName = "docker.io/aquasec/kube-bench:v0.6.12" + KubeBenchImageName = "docker.io/aquasec/kube-bench:v0.6.15" LightningEnforcerResources = `resources: limits: diff --git a/test/consts/testing_consts.go b/test/consts/testing_consts.go index 88bd1e5..087057c 100644 --- a/test/consts/testing_consts.go +++ b/test/consts/testing_consts.go @@ -42,5 +42,5 @@ const ( ScannerToken = "" GatewayAddress = "aqua-gateway:8443" ClusterName = "Default-cluster-name" - KubeBenchName = "docker.io/aquasec/kube-bench:v0.6.12" + KubeBenchName = "docker.io/aquasec/kube-bench:v0.6.15" )