Merge pull request #112 from dwertent/dev

David Wertenteil · web-flow · commit 55d8f87e04fc · 2022-08-11T21:15:09.000+03:00
updated config map and images
diff --git a/README.md b/README.md
@@ -75,6 +75,9 @@ helm upgrade --install armo  armo/armo-cluster-components -n armo-system --creat
 | armoVulnScanner.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
 | armoVulnScanner.volumes | object | `[]` | Additional volumes for the image vulnerability scanning |
 | armoVulnScanner.volumeMounts | object | `[]` | Additional volumeMounts for the image vulnerability scanning |
+| armoVulnScanScheduler.enabled | bool | `true` | enable/disable a image vulnerability scheduled scan using a CronJob |
+| armoVulnScanScheduler.image.repository | string | `"quay.io/armosec/http_request"` | [source code](https://github.com/armosec/http-request) (public repo) |
+| armoVulnScanScheduler.scanSchedule | string | `"0 0 * * *"` | scan schedule frequency |
 | armoVulnScanScheduler.volumes | object | `[]` | Additional volumes for scan scheduler |
 | armoVulnScanScheduler.volumeMounts | object | `[]` | Additional volumeMounts for scan scheduler |
 | armoWebsocket.affinity | object | `{}` | Assign custom [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) rules to the deployment |
diff --git a/charts/armo-components/templates/armo-collector-statefulset.yaml b/charts/armo-components/templates/armo-collector-statefulset.yaml
@@ -36,17 +36,17 @@ spec:
       - name: {{ toYaml .Values.imagePullSecrets }}
       {{- end }}
       initContainers:
-      - image: quay.io/armosec/kubectl
-        name: disconnect-handle
+      - image: quay.io/armosec/kubectl:1.24 # https://github.com/armosec/bitnami-docker-kubectl
+        name: remove-old-deployments
         command: 
         - bash
         args:
         - -c
         - set -xv; kubectl delete deployment armo-collector -n armo-system; dep_exist=$?; echo $dep_exist; while [ $dep_exist -eq 0 ]; do kubectl get deployment armo-collector -n armo-system; dep_exist=$?; echo $dep_exist; done 
         resources:
           limits:
-            cpu: 10m
-            memory: 40Mi
+            cpu: 20m
+            memory: 100Mi
           requests:
             cpu: 10m
             memory: 40Mi
diff --git a/charts/armo-components/templates/armo-configmap.yaml b/charts/armo-components/templates/armo-configmap.yaml
@@ -11,28 +11,28 @@ metadata:
 data:
   clusterData: |
     {
-      "notificationWSURL": "{{ .Values.armoNotificationService.name }}:{{ .Values.armoNotificationService.websocketService.port }}",
-      "notificationRestURL": "{{ .Values.armoNotificationService.name }}:{{ .Values.armoNotificationService.httpService.port }}",
+      "gatewayWebsocketURL": "{{ .Values.armoNotificationService.name }}:{{ .Values.armoNotificationService.websocketService.port }}",
+      "gatewayRestURL": "{{ .Values.armoNotificationService.name }}:{{ .Values.armoNotificationService.httpService.port }}",
       "vulnScanURL": "{{ .Values.armoVulnScanner.name }}:{{ .Values.armoVulnScanner.service.port }}",
+      "kubevulnURL": "{{ .Values.armoVulnScanner.name }}:{{ .Values.armoVulnScanner.service.port }}",
       "kubescapeURL": "{{ .Values.armoKubescape.name }}:{{ .Values.armoKubescape.service.port }}",
       "triggerNewImageScan": "{{ .Values.armoTriggerNewImageScan }}",
-      "customerGUID": "{{ .Values.accountGuid }}",
       "accountID": "{{ .Values.accountGuid }}",
       "clusterName": "{{ regexReplaceAll "\\W+" .Values.clusterName "-" | lower }}",
 {{- if eq .Values.environment "dev" }} 
       "backendOpenAPI": "{{ .Values.devBackendOpenAPI }}",
-      "eventReceiverREST": "{{ .Values.devEventReceiverHttpUrl }}",
-      "eventReceiverWS": "{{ .Values.devK8sReportUrl }}",
-      "masterNotificationServer": "wss://{{ .Values.devMasterNotificationService }}/v1/waitfornotification"
+      "eventReceiverRestURL": "{{ .Values.devEventReceiverHttpUrl }}",
+      "eventReceiverWebsocketURL": "{{ .Values.devK8sReportUrl }}",
+      "rootGatewayURL": "wss://{{ .Values.devGateway }}/v1/waitfornotification"
 {{- else if eq .Values.environment "staging" }}
       "backendOpenAPI": "{{ .Values.stagingBackendOpenAPI }}",
-      "eventReceiverREST": "{{ .Values.stagingEventReceiverHttpUrl }}",
-      "eventReceiverWS": "{{ .Values.stagingK8sReportUrl }}",
-      "masterNotificationServer": "wss://{{ .Values.stagingMasterNotificationService }}/v1/waitfornotification"
+      "eventReceiverRestURL": "{{ .Values.stagingEventReceiverHttpUrl }}",
+      "eventReceiverWebsocketURL": "{{ .Values.stagingK8sReportUrl }}",
+      "rootGatewayURL": "wss://{{ .Values.stagingGateway }}/v1/waitfornotification"
 {{- else }} 
-      "eventReceiverREST": "{{ .Values.eventReceiverHttpUrl }}",
       "backendOpenAPI": "{{ .Values.backendOpenAPI }}",
-      "eventReceiverWS": "{{ .Values.k8sReportUrl }}",
-      "masterNotificationServer": "wss://{{ .Values.masterNotificationService }}/v1/waitfornotification"
+      "eventReceiverRestURL": "{{ .Values.eventReceiverHttpUrl }}",
+      "eventReceiverWebsocketURL": "{{ .Values.k8sReportUrl }}",
+      "rootGatewayURL": "wss://{{ .Values.gateway }}/v1/waitfornotification"
 {{- end }}       
     }
diff --git a/charts/armo-components/templates/armo-notification-service-deployment.yaml b/charts/armo-components/templates/armo-notification-service-deployment.yaml
@@ -51,11 +51,9 @@ spec:
           resources:
 {{ toYaml .Values.armoNotificationService.resources | indent 12 }}
           env:  
-            - name: MASTER_NOTIFICATION_SERVER_ATTRIBUTES
-              value: customerGUID
-            - name: CA_NOTIFICATION_SERVER_WS_PORT
+            - name: WEBSOCKET_PORT
               value: "{{ .Values.armoNotificationService.websocketService.port }}"
-            - name: CA_NOTIFICATION_SERVER_PORT
+            - name: HTTP_PORT
               value: "{{ .Values.armoNotificationService.httpService.port }}"            
             {{- range .Values.armoNotificationService.env }}
             - name: {{ .name  }}
diff --git a/charts/armo-components/templates/armo-vuln-scanner-deployment.yaml b/charts/armo-components/templates/armo-vuln-scanner-deployment.yaml
@@ -56,24 +56,8 @@ spec:
           resources:
 {{ toYaml .Values.armoVulnScanner.resources | indent 12 }}
           env:
-            - name: CA_CLUSTER_NAME
-              value: "{{ regexReplaceAll "\\W+" .Values.clusterName "-" | lower }}"
-            - name: CA_CUSTOMER_GUID
-              value: "{{ .Values.accountGuid }}"
-            - name: OCIMAGE_URL
-              value: ""
-            - name: EVENT_RECEIVER_URL
-              value: "{{ .Values.k8sReportUrl }}"
             - name: PRINT_POST_JSON
               value: "{{ .Values.armoVulnScanner.verbose }}"
-            - name: CA_EVENT_RECEIVER_HTTP
-{{- if eq .Values.environment "dev" }}
-              value: "{{ .Values.devEventReceiverHttpUrl }}"
-{{- else if eq .Values.environment "staging" }}
-              value: "{{ .Values.stagingEventReceiverHttpUrl }}"
-{{- else }} 
-              value: "{{ .Values.eventReceiverHttpUrl }}"
-{{- end }}  
             {{- range .Values.armoVulnScanner.env }}
             - name: {{ .name  }}
               value: "{{ .value }}"
diff --git a/charts/armo-components/values.yaml b/charts/armo-components/values.yaml
@@ -14,17 +14,17 @@ addRevisionLabel: true
 environment: "prod"
 eventReceiverHttpUrl: "https://report.armo.cloud"
 k8sReportUrl: "wss://report.armo.cloud"
-masterNotificationService: "ens.euprod1.cyberarmorsoft.com"
+gateway: "ens.euprod1.cyberarmorsoft.com"
 backendOpenAPI: "https://api.armosec.io/api"
 # ARMO DEV BE URLs
 devEventReceiverHttpUrl: "https://report.eudev3.cyberarmorsoft.com"
 devK8sReportUrl: "wss://report.eudev3.cyberarmorsoft.com"
-devMasterNotificationService: "ens.eudev3.cyberarmorsoft.com"
+devGateway: "ens.eudev3.cyberarmorsoft.com"
 devBackendOpenAPI: "https://api-dev.armosec.io/api"
 # ARMO STAGING BE URLs
 stagingEventReceiverHttpUrl: "https://report-ks.eustage2.cyberarmorsoft.com"
 stagingK8sReportUrl: "wss://report.eustage2.cyberarmorsoft.com"
-stagingMasterNotificationService: "ens.eustage2.cyberarmorsoft.com"
+stagingGateway: "ens.eustage2.cyberarmorsoft.com" 
 stagingBackendOpenAPI: "https://api-stage.armosec.io/api"
  
 # Customer Specific Data
@@ -177,7 +177,7 @@ armoWebsocket:
   image:
     # -- source code: https://github.com/kubescape/kontroller
     repository: quay.io/kubescape/kontroller
-    tag: v0.0.60
+    tag: v0.0.61
     pullPolicy: Always
 
   service:
@@ -253,7 +253,7 @@ armoVulnScanner:
   image:
     # -- source code: https://github.com/kubescape/kubevuln
     repository: quay.io/kubescape/kubevuln
-    tag: v0.0.39
+    tag: v0.0.42
     pullPolicy: Always
 
   replicaCount: 1
@@ -301,7 +301,7 @@ armoCollector:
   image:
     # -- source code: https://github.com/kubescape/kollector
     repository: quay.io/kubescape/kollector
-    tag: v0.0.24
+    tag: v0.0.27
     pullPolicy: Always
 
   replicaCount: 1
@@ -353,7 +353,7 @@ armoNotificationService:
   image:
     # -- source code: https://github.com/kubescape/gateway
     repository: quay.io/kubescape/gateway
-    tag: v0.0.11
+    tag: v0.0.13
     pullPolicy: Always
 
   replicaCount: 1
