OpenShift Registry Scan Support (#24)

ZurielPalo · yishaynaPalo · web-flow · commit 377a35b4fff9 · 2025-12-18T10:18:24.000+02:00
* add registry_scan_url optional env

* add openshift registry permissions

* remove openshift registry permissions

* add openshift registry permissions

* change env name

* restore chart version

* bump version

---------

Co-authored-by: Yishay Nadav &lt;ynadav@paloaltonetworks.com&gt;
diff --git a/charts/konnector/Chart.yaml b/charts/konnector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: konnector
 description: Deploys Palo Alto Networks' Cortex KSPM connector for advanced Kubernetes security posture management.
 type: application
-version: 1.0.24-rc.1
+version: 1.0.24-rc.2
 appVersion: "1.0.0"
 maintainers:
   - name: Palo Alto Networks - Cortex KSPM team
diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml
@@ -28,6 +28,7 @@ optionalValues:
   CLUSTER_URI: ""    # Cluster URI should be set when metadata service is not reachable from the cluster
   UPLOAD_LOG_LEVEL: "ERROR"  # Log level for uploading logs ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC")
   CONSOLE_LOG_LEVEL: "INFO"  # Log level for console output ("ERROR", "WARNING", "INFO", "DEBUG", "PANIC")
+  IN_CLUSTER_REGISTRY_SCAN_URL: ""  # OpenShift registry scan URL - set by the user if a custom registry URL was configured
 
 proxyValues:
   httpProxy: ""  # Optional proxy URL for external network access
@@ -199,6 +200,10 @@ system:
       roleRef:
         apiGroup: security.openshift.io/v1
         name: system:openshift:scc:privileged
+    konnector-openshift-registry:
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io/v1
+        name: system:image-puller
 
   # ==========================
   # Secrets Resources
