From b55dff2a820b7e9f92ceed40ba65997062610afe Mon Sep 17 00:00:00 2001 From: mjshastha Date: Mon, 14 Oct 2024 13:26:28 +0530 Subject: [PATCH] Updated KB and starboard versions to the latest. --- .../manifests/kube_enforcer/001_kube_enforcer_config.yaml | 6 +++--- .../manifests/kube_enforcer/003_kube_enforcer_deploy.yaml | 2 +- .../kube_enforcer_advanced/001_kube_enforcer_config.yaml | 4 ++-- .../kube_enforcer_advanced/003_kube_enforcer_deploy.yaml | 4 ++-- .../003_kube_enforcer_deploy.yaml | 2 +- .../kube_enforcer_ocp3x/001_kube_enforcer_config.yaml | 6 +++--- .../kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml | 2 +- .../kube_enforcer_trivy/001_kube_enforcer_config.yaml | 2 +- .../manifests/aqua-csp-quick-default-storage.yaml | 8 ++++---- .../manifests/aqua-csp-quick-hostpath.yaml | 8 ++++---- 10 files changed, 22 insertions(+), 22 deletions(-) diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml index d8b66f378..91e3c45e2 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml @@ -23,7 +23,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.7.3" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.9.0" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -260,7 +260,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" spec: group: aquasecurity.github.io versions: @@ -390,7 +390,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml index a3a1a1e0a..6ec66aa95 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml @@ -114,7 +114,7 @@ spec: securityContext: {} containers: - name: operator - image: registry.aquasec.com/starboard-operator:0.15.20 + image: registry.aquasec.com/starboard-operator:0.15.22 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml index afe46475f..5db4c9ab0 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml @@ -402,7 +402,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" spec: group: aquasecurity.github.io versions: @@ -532,7 +532,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml index b5a8b89c8..2737b9f19 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml @@ -78,7 +78,7 @@ spec: - name: CLUSTER_NAME value: "Default-cluster-name" # Cluster display name in aqua enterprise. - name: AQUA_KB_IMAGE_NAME - value: "registry.aquasec.com/kube-bench:v0.7.3" + value: "registry.aquasec.com/kube-bench:v0.9.0" - name: AQUA_ME_IMAGE_NAME value: "registry.aquasec.com/microenforcer:2022.4" - name: AQUA_KB_ME_REGISTRY_NAME @@ -174,7 +174,7 @@ spec: securityContext: {} containers: - name: operator - image: registry.aquasec.com/starboard-operator:0.15.20 + image: registry.aquasec.com/starboard-operator:0.15.22 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml index 02ef4bfc9..5f50fc2dd 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml @@ -78,7 +78,7 @@ spec: - name: CLUSTER_NAME value: "Default-cluster-name" # Cluster display name in aqua enterprise. - name: AQUA_KB_IMAGE_NAME - value: "registry.aquasec.com/kube-bench:v0.7.3" + value: "registry.aquasec.com/kube-bench:v0.9.0" - name: AQUA_ME_IMAGE_NAME value: "registry.aquasec.com/microenforcer:2022.4" - name: AQUA_KB_ME_REGISTRY_NAME diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml index 283ee8429..040879741 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml @@ -23,7 +23,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.7.3" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.9.0" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -220,7 +220,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" spec: group: aquasecurity.github.io versions: @@ -351,7 +351,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml index bbe0bdee6..12cead5a5 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml @@ -114,7 +114,7 @@ spec: securityContext: {} containers: - name: operator - image: registry.aquasec.com/starboard-operator:0.15.20 + image: registry.aquasec.com/starboard-operator:0.15.22 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml index 453e179a0..548fd3d16 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml @@ -23,7 +23,7 @@ data: # Enable KA policy scanning via Trivy-Operator AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.7.3" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.9.0" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name diff --git a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml index 991c351fd..dd3d52303 100644 --- a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml +++ b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml @@ -799,7 +799,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.7.3" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.9.0" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -817,7 +817,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" spec: group: aquasecurity.github.io versions: @@ -925,7 +925,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" --- apiVersion: v1 kind: ServiceAccount @@ -1145,7 +1145,7 @@ spec: securityContext: {} containers: - name: operator - image: registry.aquasec.com/starboard-operator:0.15.20 + image: registry.aquasec.com/starboard-operator:0.15.22 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml index 02a06a907..dda0a402d 100644 --- a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml +++ b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml @@ -816,7 +816,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.7.3" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.9.0" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -835,7 +835,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" spec: group: aquasecurity.github.io versions: @@ -943,7 +943,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.20" + app.kubernetes.io/version: "0.15.22" --- apiVersion: v1 kind: ServiceAccount @@ -1163,7 +1163,7 @@ spec: securityContext: {} containers: - name: operator - image: registry.aquasec.com/starboard-operator:0.15.20 + image: registry.aquasec.com/starboard-operator:0.15.22 imagePullPolicy: IfNotPresent securityContext: privileged: false