Skip to content

Commit

Permalink
Merge pull request #233 from adishaull/feature/SLK-69785
Browse files Browse the repository at this point in the history
SLK-69062 Update certified operator with the new KE deployment requir…
  • Loading branch information
semyonmor authored Jul 26, 2023
2 parents 5f70d4e + 8df8b4b commit 9ff7356
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 5 deletions.
17 changes: 16 additions & 1 deletion controllers/aquasecurity/aquastarboard/aquaStarboardHelper.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,17 @@ func (enf *AquaStarboardHelper) CreateStarboardClusterRole(name string, namespac
"get", "list", "watch",
},
},
{
APIGroups: []string{
"apps.openshift.io",
},
Resources: []string{
"deploymentconfigs",
},
Verbs: []string{
"get", "list", "watch",
},
},
{
APIGroups: []string{
"batch",
Expand Down Expand Up @@ -131,7 +142,7 @@ func (enf *AquaStarboardHelper) CreateStarboardClusterRole(name string, namespac
},
{
APIGroups: []string{
"networking.k8s.io",
"networking.k8s.io", "extensions",
},
Resources: []string{
"networkpolicies", "ingresses",
Expand Down Expand Up @@ -573,6 +584,10 @@ func (ebf *AquaStarboardHelper) getStarboardEnvVars(cr *aquasecurityv1alpha1.Aqu
Name: "OPERATOR_HEALTH_PROBE_BIND_ADDRESS",
Value: consts.OperatorHealthProbeBindAddress,
},
{
Name: "OPERATOR_CONFIG_AUDIT_SCANNER_SCAN_ONLY_CURRENT_REVISIONS",
Value: "true",
},
}
operatorLogDevMode := corev1.EnvVar{
Name: "OPERATOR_LOG_DEV_MODE",
Expand Down
12 changes: 12 additions & 0 deletions controllers/operator/aquakubeenforcer/aquaKubeEnforcerHelper.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,17 @@ func (enf *AquaKubeEnforcerHelper) CreateKubeEnforcerClusterRole(name string, na
"get", "list", "watch",
},
},
{
APIGroups: []string{
"apps.openshift.io",
},
Resources: []string{
"deploymentconfigs",
},
Verbs: []string{
"get", "list", "watch",
},
},
{
APIGroups: []string{
"*",
Expand Down Expand Up @@ -365,6 +376,7 @@ func (enf *AquaKubeEnforcerHelper) CreateValidatingWebhook(cr, namespace, name,
Resources: []string{
"pods",
"deployments",
"deploymentconfigs",
"replicasets",
"replicationcontrollers",
"statefulsets",
Expand Down
2 changes: 1 addition & 1 deletion docs/DeployOpenShiftOperator.md
Original file line number Diff line number Diff line change
Expand Up @@ -688,7 +688,7 @@ spec:
gateway_address: 'aqua-gateway:8443' # Required: provide <<AQUA GW IP OR DNS: AQUA GW PORT>>
cluster_name: Default-cluster-name # Required: provide your cluster name
imagePullSecret: aqua-registry # Required: provide the imagePullSecret name
kubebench_image: 'docker.io/aquasec/kube-bench:v0.6.12' # Optional: KubeBench image name can be replace with custom registry
kubebench_image: 'docker.io/aquasec/kube-bench:v0.6.17' # Optional: KubeBench image name can be replace with custom registry
deploy:
service: ClusterIP
image:
Expand Down
4 changes: 2 additions & 2 deletions pkg/consts/consts.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ const (
LatestVersion = "2022.4"

// StarboardVersion Latest starboard version
StarboardVersion = "0.15.10"
StarboardVersion = "0.15.13"

// CyberCenterAddress Aqua Cybercenter Address
CyberCenterAddress = "https://cybercenter5.aquasec.com"
Expand Down Expand Up @@ -164,7 +164,7 @@ const (

EnforcerConfigMapName = "aqua-csp-enforcer"

KubeBenchImageName = "docker.io/aquasec/kube-bench:v0.6.12"
KubeBenchImageName = "docker.io/aquasec/kube-bench:v0.6.17"

LightningEnforcerResources = `resources:
limits:
Expand Down
2 changes: 1 addition & 1 deletion test/consts/testing_consts.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,5 @@ const (
ScannerToken = ""
GatewayAddress = "aqua-gateway:8443"
ClusterName = "Default-cluster-name"
KubeBenchName = "docker.io/aquasec/kube-bench:v0.6.12"
KubeBenchName = "docker.io/aquasec/kube-bench:v0.6.17"
)

0 comments on commit 9ff7356

Please sign in to comment.