feat(node-analyzer): enable DB V2 by default in Host and Runtime scanner (#1416)

Author: guidobonomi

charts/node-analyzer/Chart.yaml

@@ -3,7 +3,7 @@ name: node-analyzer
 description: Sysdig Node Analyzer
 
 # currently matching Sysdig's appVersion 1.14.34
-version: 1.17.9
+version: 1.17.10
 appVersion: 12.8.0
 keywords:
   - monitoring

charts/node-analyzer/README.md

@@ -182,7 +182,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
 | `nodeAnalyzer.hostScanner.additionalDirsToScan`                      | Sets the optional comma-separated list of directories in addition to the default ones.                                                                                                      | ` `                                                                                                                                                                   |
 | `nodeAnalyzer.hostScanner.env`                                       | Specifies the extra environment variables that will be passed onto pods.                                                                                                                    | `{}`                                                                                                                                                                  |
 | `nodeAnalyzer.hostScanner.image.repository`                          | Specifies the  image repository to pull the Host Scanner from.                                                                                                                              | `sysdig/vuln-host-scanner`                                                                                                                                            |
-| `nodeAnalyzer.hostScanner.image.tag`                                 | Specifies the  image tag to pull the Host Scanner.                                                                                                                                          | `0.5.2`                                                                                                                                                               |
+| `nodeAnalyzer.hostScanner.image.tag`                                 | Specifies the  image tag to pull the Host Scanner.                                                                                                                                          | `0.6.3`                                                                                                                                                               |
 | `nodeAnalyzer.hostScanner.image.digest`                              | Specifies the image digest to pull.                                                                                                                                                         | ` `                                                                                                                                                                   |
 | `nodeAnalyzer.hostScanner.image.pullPolicy`                          | Specifies the  image pull policy for the Host Scanner.                                                                                                                                      | `""`                                                                                                                                                                  |
 | `nodeAnalyzer.hostScanner.resources.requests.cpu`                    | Specifies the Host Scanner CPU requests per node.                                                                                                                                           | `150m`                                                                                                                                                                |
@@ -196,7 +196,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
 | `nodeAnalyzer.runtimeScanner.extraMounts`                            | Specifies a container engine custom socket path (docker, containerd, CRI-O).                                                                                                                |                                                                                                                                                                       |
 | `nodeAnalyzer.runtimeScanner.storageClassName`                       | Specifies the Runtime Scanner storage class to use instead of emptyDir for ephemeral storage.                                                                                               | ``                                                                                                                                                                    |
 | `nodeAnalyzer.runtimeScanner.image.repository`                       | Specifies the  image repository to pull the Runtime Scanner from.                                                                                                                           | `sysdig/vuln-runtime-scanner`                                                                                                                                         |
-| `nodeAnalyzer.runtimeScanner.image.tag`                              | Specifies the  image tag to pull the Runtime Scanner.                                                                                                                                       | `1.5.7`                                                                                                                                                               |
+| `nodeAnalyzer.runtimeScanner.image.tag`                              | Specifies the  image tag to pull the Runtime Scanner.                                                                                                                                       | `1.6.2`                                                                                                                                                               |
 | `nodeAnalyzer.runtimeScanner.image.digest`                           | Specifies the  image digest to pull.                                                                                                                                                        | ` `                                                                                                                                                                   |
 | `nodeAnalyzer.runtimeScanner.image.pullPolicy`                       | Specifies the  image pull policy for the Runtime Scanner.                                                                                                                                   | `""`                                                                                                                                                                  |
 | `nodeAnalyzer.runtimeScanner.resources.requests.cpu`                 | Specifies the Runtime Scanner CPU requests per node.                                                                                                                                        | `150m`                                                                                                                                                                |

charts/node-analyzer/templates/configmap-host-scanner.yaml

@@ -36,4 +36,7 @@ data:
   {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
   no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
   {{- end -}}
+  {{- if .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion }}
+  vuln_db_version: {{ .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion | quote }}
+  {{- end }}
 {{- end }}

charts/node-analyzer/templates/daemonset-node-analyzer.yaml

@@ -643,6 +643,12 @@ spec:
                 name: {{ .Release.Name }}-runtime-scanner
                 key: max_image_size_allowed
                 optional: true
+          - name: VULNERABILITY_DB_VERSION
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}-runtime-scanner
+                key: vuln_db_version
+                optional: true
           - name: SYSDIG_API_URL
             valueFrom:
               configMapKeyRef:
@@ -854,6 +860,12 @@ spec:
                 name: {{ .Release.Name }}-host-scanner
                 key: analyzer.maxFileSizeAllowed
                 optional: true
+          - name: VULNERABILITY_DB_VERSION
+            valueFrom:
+              configMapKeyRef:
+                name: {{ .Release.Name }}-host-scanner
+                key: vuln_db_version
+                optional: true
           - name: TMPDIR
             value: "/tmp"
           - name: PROBES_PORT

charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml

@@ -37,4 +37,7 @@ data:
   {{- if .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed }}
   analyzer.maxFileSizeAllowed: {{ .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed | int64 | quote }}
   {{- end -}}
+  {{- if .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion }}
+  vuln_db_version: {{ .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion | quote }}
+  {{- end -}}
 {{- end }}

charts/node-analyzer/values.yaml

@@ -289,7 +289,7 @@ nodeAnalyzer:
     probesPort: 7002
     image:
       repository: sysdig/vuln-runtime-scanner
-      tag: "1.5.7"
+      tag: "1.6.2"
       digest:
       pullPolicy:
     storageClassName:
@@ -364,7 +364,7 @@ nodeAnalyzer:
 
     image:
       repository: sysdig/vuln-host-scanner
-      tag: "0.5.2"
+      tag: "0.6.3"
       digest:
       pullPolicy: