Merge branch 'master' into SSPROD-27101-add-resource-id-to-node-analyzer

sysdiglabs · Jul 16, 2023 · b31c246 · b31c246
2 parents 17f38e7 + ed58ae9
commit b31c246
Show file tree

Hide file tree

Showing 27 changed files with 91 additions and 74 deletions.
diff --git a/charts/admission-controller/CHANGELOG.md b/charts/admission-controller/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.11.3
+* feat: remove workload name from scanning secure events for both dry run and real secure events
+
 # v0.11.2
 ### Bug Fixes
 * **admission-controller** [d03dc2ce](https://github.com/sysdiglabs/charts/commit/d03dc2ce1d7056304b7a1f803bb1dd92e4feb9d4): Make ValidatingWebhookConfiguration part of the resource lifecycle ([#1217](https://github.com/sysdiglabs/charts/issues/1217))

diff --git a/charts/admission-controller/Chart.yaml b/charts/admission-controller/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: admission-controller
 description: Sysdig Admission Controller using Sysdig Secure inline image scanner
 type: application
-version: 0.11.2
-appVersion: 3.9.22
+version: 0.11.3
+appVersion: 3.9.24
 home: https://sysdiglabs.github.io/admission-controller/
 icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
 maintainers:

diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md
@@ -23,7 +23,7 @@ $ pre-commit run -a
 $ helm repo add sysdig https://charts.sysdig.com
 $ helm repo update
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
-      --create-namespace -n sysdig-admission-controller --version=0.11.2  \
+      --create-namespace -n sysdig-admission-controller --version=0.11.3  \
       --set clusterName=CLUSTER_NAME \
       --set sysdig.secureAPIToken=SECURE_API_TOKEN
 ```
@@ -55,7 +55,7 @@ This chart deploys the Sysdig Admission Controller on a [Kubernetes](http://kube
 To install the chart with the release name `admission-controller`:
 
 ```console
-$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.2
+$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.3
 ```
 
 The command deploys the Sysdig Admission Controller on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -184,7 +184,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
 
 ```console
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
-    --create-namespace -n sysdig-admission-controller --version=0.11.2 \
+    --create-namespace -n sysdig-admission-controller --version=0.11.3 \
     --set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
 ```
 
@@ -193,7 +193,7 @@ installing the chart. For example:
 
 ```console
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
-    --create-namespace -n sysdig-admission-controller --version=0.11.2 \
+    --create-namespace -n sysdig-admission-controller --version=0.11.3 \
     --values values.yaml
 ```
 

diff --git a/charts/admission-controller/RELEASE-NOTES.md b/charts/admission-controller/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### Bug Fixes
-- **admission-controller** [d03dc2ce](https://github.com/sysdiglabs/charts/commit/d03dc2ce1d7056304b7a1f803bb1dd92e4feb9d4): Make ValidatingWebhookConfiguration part of the resource lifecycle ([#1217](https://github.com/sysdiglabs/charts/issues/1217))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.11.1...admission-controller-0.11.2
+### New Features
+- **admission-controller** [96208c13](https://github.com/sysdiglabs/charts/commit/96208c130458ec7e8159cbc729847793de63f9a5): remove workload name from scanning events ([#1234](https://github.com/sysdiglabs/charts/issues/1234))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.11.2...admission-controller-0.11.3
diff --git a/charts/agent/CHANGELOG.md b/charts/agent/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.10.3
+### New Features
+* **agent** [07b8704c](https://github.com/sysdiglabs/charts/commit/07b8704cafb51b2dab6e99cac0e3fd6b4ad2449f): lower default cpu requests for kmodule container ([#1230](https://github.com/sysdiglabs/charts/issues/1230))
 # v1.10.2
 ### Bug Fixes
 * **agent** [0eee32a2](https://github.com/sysdiglabs/charts/commit/0eee32a2d85d65924df2c964e431b2bb1a78b5fc): trim newlines when applying nodeSelectors in delegatedAgentDeployments ([#1159](https://github.com/sysdiglabs/charts/issues/1159))

diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
@@ -5,7 +5,7 @@ description: Sysdig Monitor and Secure agent
 type: application
 
 # currently matching sysdig 1.14.32
-version: 1.10.2
+version: 1.10.3
 
 appVersion: 12.15.0
 

diff --git a/charts/agent/README.md b/charts/agent/README.md
@@ -139,7 +139,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `slim.image.repository`                                 | Specifies the slim agent image repository.                                                                                                                                               | `sysdig/agent-slim`                                                                                       |
 | `slim.kmoduleImage.repository`                          | Specifies the repository to pull the kernel module image builder from.                                                                                                                   | `sysdig/agent-kmodule`                                                                                    |
 | `slim.kmoduleImage.digest`                              | Specifies the image digest to pull.                                                                                                                                                      | ` `                                                                                                       |
-| `slim.resources.requests.cpu`                           | Specifies the CPU requested for building the kernel module.                                                                                                                              | `1000m`                                                                                                   |
+| `slim.resources.requests.cpu`                           | Specifies the CPU requested for building the kernel module.                                                                                                                              | `250m`                                                                                                    |
 | `slim.resources.requests.memory`                        | Specifies the memory requested for building the kernel module.                                                                                                                           | `348Mi`                                                                                                   |
 | `slim.resources.limits.cpu`                             | Specifies the CPU limit for building the kernel module                                                                                                                                   | `1000m`                                                                                                   |
 | `slim.resources.limits.memory`                          | Specifies the memory limit for building the kernel module.                                                                                                                               | `512Mi`                                                                                                   |

diff --git a/charts/agent/RELEASE-NOTES.md b/charts/agent/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### Bug Fixes
-- **agent** [0eee32a2](https://github.com/sysdiglabs/charts/commit/0eee32a2d85d65924df2c964e431b2bb1a78b5fc): trim newlines when applying nodeSelectors in delegatedAgentDeployments ([#1159](https://github.com/sysdiglabs/charts/issues/1159))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.10.1...agent-1.10.2
+### New Features
+- **agent** [07b8704c](https://github.com/sysdiglabs/charts/commit/07b8704cafb51b2dab6e99cac0e3fd6b4ad2449f): lower default cpu requests for kmodule container ([#1230](https://github.com/sysdiglabs/charts/issues/1230))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.10.2...agent-1.10.3
diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
@@ -175,7 +175,7 @@ slim:
     # a sane defaults ones, but you can tweak or ask Sysdig Support for more
     # info about this
     requests:
-      cpu: 1000m
+      cpu: 250m
       memory: 348Mi
     limits:
       cpu: 1000m

diff --git a/charts/cloud-connector/CHANGELOG.md b/charts/cloud-connector/CHANGELOG.md
@@ -11,6 +11,10 @@ exclusively to fix incorrect entries and not to add new ones.
 
 
 ## Change Log
+# v0.8.3
+* fix: add aws-cloudtrail-s3-sns-sqs ingestor type for CIEM
+* fix: falco rules error on appending exceptions
+
 # v0.8.2
 ### Documentation
 * **cloud-connector** [6ad0ef92](https://github.com/sysdiglabs/charts/commit/6ad0ef926ebf7600ba7730c43219036eb1d0b57c): DOC-3215- Update Cloud connector Readme for clarity and correctness ([#1172](https://github.com/sysdiglabs/charts/issues/1172))

diff --git a/charts/cloud-connector/Chart.yaml b/charts/cloud-connector/Chart.yaml
@@ -3,8 +3,8 @@ name: cloud-connector
 description: Sysdig Cloud Connector
 
 type: application
-version: 0.8.2
-appVersion: 0.16.43
+version: 0.8.3
+appVersion: 0.16.46
 home: https://sysdiglabs.github.io/cloud-connector
 
 maintainers:

diff --git a/charts/cloud-connector/README.md b/charts/cloud-connector/README.md
@@ -36,7 +36,7 @@ To install the chart:
 helm repo add sysdig https://charts.sysdig.com
 helm repo update
 helm upgrade --install cloud-connector sysdig/cloud-connector \
-     --create-namespace -n cloud-connector --version=0.8.2  \
+     --create-namespace -n cloud-connector --version=0.8.3  \
      --set sysdig.secureAPIToken=<SECURE_API_TOKEN>
 ```
 
@@ -60,7 +60,7 @@ For example:
 
 ```bash
 helm upgrade --install cloud-connector sysdig/cloud-connector \
-     --create-namespace -n cloud-connector --version=0.8.2  \
+     --create-namespace -n cloud-connector --version=0.8.3  \
      --set sysdig.secureAPIToken=<SECURE_API_TOKEN>
 ```
 
@@ -72,7 +72,7 @@ For example:
 
 ```bash
 helm upgrade --install cloud-connector sysdig/cloud-connector \
-     --create-namespace -n cloud-connector --version=0.8.2  \
+     --create-namespace -n cloud-connector --version=0.8.3  \
     --values values.yaml
 ```
 

diff --git a/charts/cloud-connector/RELEASE-NOTES.md b/charts/cloud-connector/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### Documentation
-- **cloud-connector** [6ad0ef92](https://github.com/sysdiglabs/charts/commit/6ad0ef926ebf7600ba7730c43219036eb1d0b57c): DOC-3215- Update Cloud connector Readme for clarity and correctness ([#1172](https://github.com/sysdiglabs/charts/issues/1172))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/cloud-connector-0.8.1...cloud-connector-0.8.2
+### Bug Fixes
+- **cloud-connector** [606b2377](https://github.com/sysdiglabs/charts/commit/606b23773267318ae94b2c74eb4b1f3a54f8360f): falco rules error on appending exceptions ([#1233](https://github.com/sysdiglabs/charts/issues/1233))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/cloud-connector-0.8.2...cloud-connector-0.8.3
diff --git a/charts/cloud-scanning/CHANGELOG.md b/charts/cloud-scanning/CHANGELOG.md
@@ -10,6 +10,7 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.4.1
 # v0.4.0
 ### New Features
 * **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170))

diff --git a/charts/cloud-scanning/Chart.yaml b/charts/cloud-scanning/Chart.yaml
@@ -3,7 +3,7 @@ name: cloud-scanning
 description: Sysdig Cloud Scanning
 
 type: application
-version: 0.4.0
+version: 0.4.1
 appVersion: 0.11.3
 home: https://sysdiglabs.github.io/cloud-connector
 

diff --git a/charts/cloud-scanning/README.md b/charts/cloud-scanning/README.md
@@ -1,13 +1,13 @@
 # Cloud Scanning
 
-This chart deploys the Sysdig Cloud scanning on your Kubernetes cluster.
+This chart deploys the Sysdig Cloud scanning on your Kubernetes cluster. See Cloud Scanning configuration on [Cloud Scanning documentation](https://sysdiglabs.github.io/cloud-connector/scanning.html) for more information.
 
 >  ⚠️ **Deprecated Module**
 > <br>Use [Cloud-Connector `scanning`](https://charts.sysdig.com/charts/cloud-connector/#scanners) configuration instead of this module
 
 ## Installing the Chart
 
-Add Sysdig Helm charts repository and deploy the chart:
+Add the Sysdig Helm charts repository and deploy the chart:
 
 ```
 $ helm repo add sysdig https://charts.sysdig.com
@@ -25,12 +25,39 @@ $ curl -o "/tmp/sysdig_public.gpg" "https://charts.sysdig.com/public.gpg"
 $ gpg --import /tmp/sysdig_public.gpg
 ```
 
-### Verify the chart
+### Verify the Chart
 
-To check the integrity and the origin of the charts you can now append the `--verify` flag to the `install`, `upgrade` and `pull` helm commands.
+To check the integrity and the origin of the charts, append the `--verify` flag to the `install`, `upgrade`, and `pull` helm commands.
 
 ## Configuration
 
+You can use the Helm chart to update the default Cloud Scanning configurations by using either of the following:
+
+- Using the key-value pair: `--set sysdig.settings.key = value`
+- `values.yaml` file
+
+### Using the Key-Value Pair
+
+Specify each parameter using the `--set key=value[,key=value]` argument to the `helm install` command.
+
+For example:
+
+```bash
+$ helm install my-release \
+    --set sysdig.secureAPIToken=YOUR-KEY-HERE \
+    sysdig/cloud-scanning
+```
+
+### Using values.yaml
+
+The `values.yaml` file specifies the values for the Cloud Scanning configuration parameters.  You can add the configuration to the `values.yaml` file, then use it in the `helm install` command.
+
+```bash
+$ helm install my-release -f values.yaml sysdig/cloud-scanning
+```
+
+## Configuration Parameters
+
 The following table lists the configurable parameters of the Sysdig Cloud Scanning
 chart and their default values:
 
@@ -72,20 +99,3 @@ chart and their default values:
 | `codeBuildProject`           | Name of the CodeBuild exeuting the scanner                                                                      | ` `                                                                             |
 | `sqsQueueUrl`                | URL of the SQS queue for CloudTrail events                                                                      | ` `                                                                             |
 | `secureAPITokenSecret`       | Secret name that contains the API Token for Secure (required to inline-scan without leaking the secret)         | ` `                                                                             |
-
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```bash
-$ helm install my-release \
-    --set sysdig.secureAPIToken=YOUR-KEY-HERE \
-    sysdig/cloud-scanning
-```
-
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
-
-```bash
-$ helm install my-release -f values.yaml sysdig/cloud-scanning
-```
-
-You have more details about Cloud Scanning configuration on [Cloud Scanning documentation](https://sysdiglabs.github.io/cloud-connector/scanning.html)
diff --git a/charts/cloud-scanning/RELEASE-NOTES.md b/charts/cloud-scanning/RELEASE-NOTES.md
@@ -1,6 +1,3 @@
 # What's Changed
 
-### New Features
-- **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170))
-
-#### Full diff: https://github.com/sysdiglabs/charts/compare/cloud-scanning-0.3.3...cloud-scanning-0.4.0
+#### Full diff: https://github.com/sysdiglabs/charts/compare/cloud-scanning-0.4.0...cloud-scanning-0.4.1
diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,7 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.10.3
 # v1.10.2
 ### Bug Fixes
 * **kspm-collector,node-analyzer** [96da2bf6](https://github.com/sysdiglabs/charts/commit/96da2bf6a09a306e2e801ed6358080956130adc0): properly handle affinity beta annotations ([#1196](https://github.com/sysdiglabs/charts/issues/1196))

diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
@@ -47,9 +47,7 @@ sysdig/sysdig-deploy
 
 ### Using values.yaml
 
-The `values.yaml` file specifies the values for the agent configuration parameters.  You can add the configuration to the `values.yaml` file, then use it in the `helm install` command.
-
-For example, to enable Prometheus metrics scraping:
+The `values.yaml` file specifies the values for the `node-analyzer` configuration parameters.  You can add the configuration to the `values.yaml` file, then use it in the `helm install` command.
 
 1. Add the following to the `values.yaml` file:
 
@@ -82,7 +80,6 @@ For example, to enable Prometheus metrics scraping:
    ```
 
 
-
 ## Verify the integrity and origin
 Sysdig Helm Charts are signed so users can verify the integrity and origin of each chart, the steps are as follows:
 
@@ -93,9 +90,9 @@ $ curl -o "/tmp/sysdig_public.gpg" "https://charts.sysdig.com/public.gpg"
 $ gpg --import /tmp/sysdig_public.gpg
 ```
 
-### Verify the chart
+### Verify the Chart
 
-To check the integrity and the origin of the charts you can now append the `--verify` flag to the `install`, `upgrade` and `pull` helm commands.
+To check the integrity and the origin of the charts,  append the `--verify` flag to the `install`, `upgrade` and `pull` helm commands.
 
 ## Configuration Parameters
 

diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,5 +1,3 @@
 # What's Changed
 
-### Bug Fixes
-- **kspm-collector,node-analyzer** [96da2bf6](https://github.com/sysdiglabs/charts/commit/96da2bf6a09a306e2e801ed6358080956130adc0): properly handle affinity beta annotations ([#1196](https://github.com/sysdiglabs/charts/issues/1196))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.10.1...node-analyzer-1.10.2
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.10.2...node-analyzer-1.10.3
diff --git a/charts/rapid-response/CHANGELOG.md b/charts/rapid-response/CHANGELOG.md
@@ -10,6 +10,7 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.6.2
 # v0.6.1
 ### Bug Fixes
 * **common** [0e37805f](https://github.com/sysdiglabs/charts/commit/0e37805f0190b74b53f7d9b47e5528009f58aa4b): add missing CHANGELOG file and bump version ([#1223](https://github.com/sysdiglabs/charts/issues/1223))

diff --git a/charts/rapid-response/Chart.yaml b/charts/rapid-response/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.1
+version: 0.6.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/rapid-response/README.md b/charts/rapid-response/README.md
@@ -20,7 +20,7 @@ $ gpg --import /tmp/sysdig_public.gpg
 
 ### Verify the chart
 
-To check the integrity and the origin of the charts you can now append the `--verify` flag to the `install`, `upgrade` and `pull` helm commands.
+To check the integrity and the origin of the charts, append the `--verify` flag to the `install`, `upgrade`, and `pull` helm commands.
 
 ## Configuration
 
@@ -31,7 +31,7 @@ You can use the Helm chart to update the default Rapid Response configurations b
 
 ### Using the Key-Value Pair
 
-Specify each parameter using the `--set key=value[,key=value]` argument to the `helm install`command.
+Specify each parameter using the `--set key=value[,key=value]` argument to the `helm install` command.
 
 For example:
 
@@ -43,7 +43,7 @@ helm install --create-namespace -n rapid-response rapid-response \
 
 ### Using values.yaml
 
-The `values.yaml` file specifies the values for the agent configuration parameters.  You can add the configuration to the `values.yaml` file, then use it in the `helm install` command.
+The `values.yaml` file specifies the values for the Rapid Response configuration parameters.  You can add the configuration to the `values.yaml` file, then use it in the `helm install` command.
 
 ```bash
 helm install --create-namespace -n rapid-response rapid-response \