From 759019dbd01cdec9fcbd53b5fbc9a948783a8619 Mon Sep 17 00:00:00 2001 From: chenk Date: Wed, 17 Apr 2024 17:46:10 +0300 Subject: [PATCH] fix: better handling for kubelet config (#2017) Signed-off-by: chenk --- deploy/helm/README.md | 2 +- deploy/helm/values.yaml | 2 +- deploy/static/trivy-operator.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 0df85ac4b..b568ff910 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -31,7 +31,7 @@ Keeps security report resources updated | nodeCollector.imagePullSecret | string | `nil` | imagePullSecret is the secret name to be used when pulling node-collector image from private registries example : reg-secret It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace | | nodeCollector.registry | string | `"ghcr.io"` | registry of the node-collector image | | nodeCollector.repository | string | `"aquasecurity/node-collector"` | repository of the node-collector image | -| nodeCollector.tag | string | `"0.1.3"` | tag version of the node-collector image | +| nodeCollector.tag | string | `"0.1.4"` | tag version of the node-collector image | | nodeCollector.tolerations | list | `[]` | tolerations to be applied to the node-collector so that they can run on nodes with matching taints | | nodeCollector.useNodeSelector | bool | `true` | useNodeSelector determine if to use nodeSelector (by auto detecting node name) with node-collector scan job | | nodeCollector.volumeMounts | list | `[{"mountPath":"/var/lib/etcd","name":"var-lib-etcd","readOnly":true},{"mountPath":"/var/lib/kubelet","name":"var-lib-kubelet","readOnly":true},{"mountPath":"/var/lib/kube-scheduler","name":"var-lib-kube-scheduler","readOnly":true},{"mountPath":"/var/lib/kube-controller-manager","name":"var-lib-kube-controller-manager","readOnly":true},{"mountPath":"/etc/systemd","name":"etc-systemd","readOnly":true},{"mountPath":"/lib/systemd/","name":"lib-systemd","readOnly":true},{"mountPath":"/etc/kubernetes","name":"etc-kubernetes","readOnly":true},{"mountPath":"/etc/cni/net.d/","name":"etc-cni-netd","readOnly":true}]` | node-collector pod volume mounts definition for collecting config files information | diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index bbb3cdb27..0bf74c91a 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -655,7 +655,7 @@ nodeCollector: # -- repository of the node-collector image repository: aquasecurity/node-collector # -- tag version of the node-collector image - tag: 0.1.3 + tag: 0.1.4 # -- imagePullSecret is the secret name to be used when pulling node-collector image from private registries example : reg-secret # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace imagePullSecret: ~ diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index fd9b6ac29..4c6df46ba 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2942,7 +2942,7 @@ data: configAuditReports.scanner: "Trivy" compliance.failEntriesLimit: "10" report.recordFailedChecksOnly: "true" - node.collector.imageRef: "ghcr.io/aquasecurity/node-collector:0.1.3" + node.collector.imageRef: "ghcr.io/aquasecurity/node-collector:0.1.4" policies.bundle.oci.ref: "ghcr.io/aquasecurity/trivy-checks:0" node.collector.nodeSelector: "true" ---