Skip to content

Commit

Permalink
fix permission-manager versions
Browse files Browse the repository at this point in the history
  • Loading branch information
@devopstales
devopstales committed Apr 8, 2022
1 parent f3de430 commit c4391c8
Show file tree
Hide file tree
Showing 8 changed files with 244 additions and 16 deletions.
213 changes: 213 additions & 0 deletions charts/1-crd.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,213 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vulnerabilityreports.trivy-operator.devopstales.io
labels:
app.kubernetes.io/managed-by: trivy-operator
spec:
group: trivy-operator.devopstales.io
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
description: |
VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages
built into container images.
type: object
required:
- apiVersion
- kind
- metadata
- report
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
report:
description: |
Report is the actual vulnerability report data.
type: object
required:
- updateTimestamp
- artifact
- summary
- vulnerabilities
properties:
updateTimestamp:
description: |
UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.
type: string
format: date-time
registry:
description: |
Registry is the registry the Artifact was pulled from.
type: object
properties:
server:
description: |
Server the FQDN of registry server.
type: string
artifact:
description: |
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
type: object
properties:
repository:
description: |
Repository is the name of the repository in the Artifact registry.
type: string
tag:
description: |
Tag is a mutable, human-readable string used to identify an Artifact.
type: string
summary:
description: |
Summary is a summary of Vulnerability counts grouped by Severity.
type: object
required:
- criticalCount
- highCount
- mediumCount
- lowCount
- unknownCount
- status
properties:
criticalCount:
description: |
CriticalCount is the number of vulnerabilities with Critical Severity.
type: integer
minimum: 0
highCount:
description: |
HighCount is the number of vulnerabilities with High Severity.
type: integer
minimum: 0
mediumCount:
description: |
MediumCount is the number of vulnerabilities with Medium Severity.
type: integer
minimum: 0
lowCount:
description: |
LowCount is the number of vulnerabilities with Low Severity.
type: integer
minimum: 0
unknownCount:
description: |
UnknownCount is the number of vulnerabilities with unknown severity.
type: integer
minimum: 0
status:
description: |
The status of the image scann
type: string
enum:
- OK
- ERROR
vulnerabilities:
description: |
Vulnerabilities is a list of operating system (OS) or application software Vulnerability items found in the Artifact.
type: array
items:
type: object
required:
- vulnerabilityID
- resource
- installedVersion
- severity
- title
properties:
vulnerabilityID:
description: |
VulnerabilityID the vulnerability identifier.
type: string
resource:
description: |
Resource is a vulnerable package, application, or library.
type: string
installedVersion:
description: |
InstalledVersion indicates the installed version of the Resource.
type: string
score:
type: number
severity:
type: string
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
- UNKNOWN
- NONE
- ERROR
title:
type: string
description:
type: string
primaryLink:
type: string
links:
type: array
items:
type: string
additionalPrinterColumns:
- jsonPath: .report.artifact.repository
type: string
name: Repository
description: The name of image repository
- jsonPath: .report.artifact.tag
type: string
name: Tag
description: The name of image tag
- jsonPath: .metadata.creationTimestamp
type: date
name: Age
description: The age of the report
- jsonPath: .report.summary.criticalCount
type: integer
name: Critical
description: The number of critical vulnerabilities
priority: 1
- jsonPath: .report.summary.highCount
type: integer
name: High
description: The number of high vulnerabilities
priority: 1
- jsonPath: .report.summary.mediumCount
type: integer
name: Medium
description: The number of medium vulnerabilities
priority: 1
- jsonPath: .report.summary.lowCount
type: integer
name: Low
description: The number of low vulnerabilities
priority: 1
- jsonPath: .report.summary.unknownCount
type: integer
name: Unknown
description: The number of unknown vulnerabilities
priority: 1
- jsonPath: .report.summary.status
type: string
name: STATUS
description: The status of the image scann
priority: 0
scope: Namespaced
names:
singular: vulnerabilityreport
plural: vulnerabilityreports
kind: VulnerabilityReport
listKind: VulnerabilityReportList
categories:
- all
shortNames:
- vuln
- vulns
4 changes: 2 additions & 2 deletions charts/kube-openid-connect/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0
version: "1.1.0"

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
appVersion: "1.0.0"
10 changes: 8 additions & 2 deletions charts/kube-openid-connect/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,12 @@ systemctl restart kubelet
brew tap devopstales/devopstales
brew install kubectl-login

# Krew (macOS, Linux, Windows and ARM)
kubectl krew install openid-connect
# Main Krew with differente name (macOS, Linux, Windows and ARM)
kubectl krew install dtlogin

# My krew repo (macOS, Linux, Windows and ARM)
kubectl krew index add devopstales https://github.com/devopstales/krew
kubectl krew install devopstales/login

# Chocolatey (Windows)
choco install kubectl-login
Expand All @@ -34,5 +38,7 @@ https://github.com/devopstales/kube-openid-connect/releases
4. Use the plugin to login:

$ kubectl login {{ .Values.server.oidcRedirectUrlHttpScema }}://{{ .Values.server.oidcRedirectUrlHost }}
# OR I sou installed from main Krew
kubectl dtlogin {{ .Values.server.oidcRedirectUrlHttpScema }}://{{ .Values.server.oidcRedirectUrlHost }}
Configfile created with config for productioncluster to ~/.kube/config
Happy Kubernetes interaction!
2 changes: 1 addition & 1 deletion charts/permission-manager/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ apiVersion: v2
name: permission-manager
description: Web UI for ServiceAccount RBAC manager
type: application
version: 1.7.1-2
version: 1.8.0
appVersion: 1.7.1-rc1
4 changes: 2 additions & 2 deletions charts/trivy-operator/crds/0-crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: namespace-scanners.trivy-operator.devopstales.io
labels:
app.kubernetes.io/managed-by: trivy-operator
spec:
conversion:
strategy: None
Expand Down Expand Up @@ -48,5 +50,3 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
9 changes: 5 additions & 4 deletions charts/trivy-operator/templates/2-pvc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,11 @@ spec:
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
8 changes: 6 additions & 2 deletions charts/trivy-operator/templates/3-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,15 @@ spec:
fieldPath: metadata.namespace
- name: LOG_LEVEL
value: "{{ .Values.log_level }}"
{{- if .Values.admissionController.enabled }}
- name: ADMISSION_CONTROLLER
value: "{{ .Values.admissionController.token }}"
{{- end }}
{{- if .Values.githubToken.enabled }}
- name: GITHUB_TOKEN
value: "{{ .Values.githubToken.token }}"
{{- end }}
{{- if .Values.storage.enabled }}
{{- if .Values.persistence.enabled }}
volumeMounts:
- name: cache
mountPath: "/home/trivy-operator/trivy-cache"
Expand All @@ -56,7 +60,7 @@ spec:
- name: https
containerPort: 8443
protocol: TCP
{{- if .Values.storage.enabled }}
{{- if .Values.persistence.enabled }}
volumes:
- name: cache
persistentVolumeClaim:
Expand Down
10 changes: 7 additions & 3 deletions charts/trivy-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ serviceMonitor:

persistence:
enabled: true
accessMode: "ReadWriteOnce"
size: "1Gi"
annotations: {}
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
Expand All @@ -34,15 +37,15 @@ persistence:
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessMode: ReadWriteOnce
size: 1Gi
annotations: {}

namespaceScanner:
crontab: "*/5 * * * *"
namespaceSelector: "trivy-scan"
clusterWide: false

admissionController:
enabled: false

registryAuth:
enabled: false
registry:
Expand All @@ -53,3 +56,4 @@ registryAuth:
githubToken:
enabled: false
token: ""

0 comments on commit c4391c8

Please sign in to comment.