sysdiglabs · IgorEulalio · Dec 5, 2023 · Dec 1, 2023 · Dec 1, 2023 · Dec 1, 2023
diff --git a/charts/agent/CHANGELOG.md b/charts/agent/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.17.3
+### Bug Fixes
+* **agent** [b8c3e335](https://github.com/sysdiglabs/charts/commit/b8c3e3351824f6b0db17b1c0dac790b95efb7b33): GKE Autopilot do not accept HTTP probe ([#1508](https://github.com/sysdiglabs/charts/issues/1508))
 # v1.17.2
 ### Bug Fixes
 * **agent** [9c64b01a](https://github.com/sysdiglabs/charts/commit/9c64b01a687e59b6d5950e43f79b560bead87129): allows to specify non semver tags [SMAGENT-6093]  ([#1504](https://github.com/sysdiglabs/charts/issues/1504))

diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
@@ -30,4 +30,4 @@ sources:
 - https://app.sysdigcloud.com/#/settings/user
 - https://github.com/draios/sysdig
 type: application
-version: 1.17.2
+version: 1.17.3
diff --git a/charts/agent/RELEASE-NOTES.md b/charts/agent/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### Bug Fixes
-- **agent** [9c64b01a](https://github.com/sysdiglabs/charts/commit/9c64b01a687e59b6d5950e43f79b560bead87129): allows to specify non semver tags [SMAGENT-6093]  ([#1504](https://github.com/sysdiglabs/charts/issues/1504))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.17.1...agent-1.17.2
+- **agent** [b8c3e335](https://github.com/sysdiglabs/charts/commit/b8c3e3351824f6b0db17b1c0dac790b95efb7b33): GKE Autopilot do not accept HTTP probe ([#1508](https://github.com/sysdiglabs/charts/issues/1508))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.17.2...agent-1.17.3
diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
@@ -513,9 +513,11 @@ true
 {{- end }}
 
 {{- define "agent.enableHttpProbes" }}
+{{- if not (include "agent.gke.autopilot" .) }}
 {{- if regexMatch "^v?([0-9]+)(\\.[0-9]+)?(\\.[0-9]+)?(-([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?(\\+([0-9A-Za-z\\-]+(\\.[0-9A-Za-z\\-]+)*))?$" .Values.image.tag }}
 {{- if semverCompare ">= 12.18.0-0" .Values.image.tag }}
 {{- printf "true" -}}
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
diff --git a/charts/agent/tests/readiness_probe_test.yaml b/charts/agent/tests/readiness_probe_test.yaml
@@ -179,3 +179,38 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].readinessProbe.periodSeconds
           value: 3
+
+  - it: "Do not use the HTTP Readiness Probe on GKE Autopilot"
+    set:
+      global:
+        gke:
+          autopilot: true
+    template: templates/daemonset.yaml
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[*].readinessProbe
+          value:
+            exec:
+              command:
+                - test
+                - -e
+                - /opt/draios/logs/running
+            initialDelaySeconds: 90
+            periodSeconds: 3
+
+  - it: "Do not use the HTTP Readiness Probe on GKE Autopilot"
+    set:
+      gke:
+        autopilot: true
+    template: templates/daemonset.yaml
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[*].readinessProbe
+          value:
+            exec:
+              command:
+                - test
+                - -e
+                - /opt/draios/logs/running
+            initialDelaySeconds: 90
+            periodSeconds: 3
diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner
 
 type: application
 
-version: 0.8.4
+version: 0.8.5
 
 appVersion: "0.1.0"
 home: https://www.sysdig.com/

diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md
diff --git a/charts/cluster-scanner/templates/configmap.yaml b/charts/cluster-scanner/templates/configmap.yaml
@@ -12,6 +12,7 @@ data:
   sysdig_host: https://{{ include "cluster-scanner.apiHost" . }}
   {{ end -}}
   sysdig_verify_certificate: {{ .Values.sslVerifyCertificate | quote }}
+  sysdig_verify_registry_certificate: {{ .Values.sslVerifyRegistryCertificate | quote }}
   cluster_name: {{ .Values.global.clusterConfig.name }}
   root_namespace: {{ .Values.rootNamespace }}
   eve_enabled: {{ .Values.eveEnabled | quote }}

diff --git a/charts/cluster-scanner/templates/deployment.yaml b/charts/cluster-scanner/templates/deployment.yaml
@@ -146,6 +146,12 @@ spec:
                 name: {{ include "cluster-scanner.fullname" . }}
                 key: sysdig_verify_certificate
                 optional: true
+          - name: REGISTRY_VERIFY_CERTIFICATE
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "cluster-scanner.fullname" . }}
+                key: sysdig_verify_registry_certificate
+                optional: true
           - name: CLUSTER_NAME
             valueFrom:
               configMapKeyRef:
@@ -394,6 +400,12 @@ spec:
                 name: {{ include "cluster-scanner.fullname" . }}
                 key: sysdig_verify_certificate
                 optional: true
+          - name: REGISTRY_VERIFY_CERTIFICATE
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "cluster-scanner.fullname" . }}
+                key: sysdig_verify_registry_certificate
+                optional: true
           - name: NATS_URL
             valueFrom:
               configMapKeyRef:

diff --git a/charts/cluster-scanner/values.yaml b/charts/cluster-scanner/values.yaml
@@ -96,6 +96,10 @@ scannerMode: "local"
 # By default, certificates are always verified.
 sslVerifyCertificate: true
 
+# Can be set to false to allow insecure connections registries,
+# Such as for registries with self-signed or private certificates.
+# By default, certificates are always verified.
+sslVerifyRegistryCertificate: true
 runtimeStatusIntegrator:
   image:
     # The image registry to use for the Runtime Status Integrator component of

diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.18.9
+### Chores
+* **node-analyzer** [be507e09](https://github.com/sysdiglabs/charts/commit/be507e09e99ea79486a8d881a611d239de126f30): bump KSPM to v1.37.0 ([#1510](https://github.com/sysdiglabs/charts/issues/1510))
 # v1.18.8
 ### New Features
 * **node-analyzer** [09aa4ee7](https://github.com/sysdiglabs/charts/commit/09aa4ee720186daf8c0a9511891053e68b9cc3cd): Update legacy engine NIA component with security updates ([#1490](https://github.com/sysdiglabs/charts/issues/1490))

diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
@@ -3,7 +3,7 @@ name: node-analyzer
 description: Sysdig Node Analyzer
 
 # currently matching Sysdig's appVersion 1.14.34
-version: 1.18.8
+version: 1.18.9
 appVersion: 12.9.0
 keywords:
   - monitoring

diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md
@@ -241,7 +241,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
 | `nodeAnalyzer.tolerations`                                           | Specifies the  tolerations for scheduling.                                                                                                                                                  | <pre>node-role.kubernetes.io/master:NoSchedule,<br>node-role.kubernetes.io/control-plane:NoSchedule</pre>                                                             |
 | `nodeAnalyzer.kspmAnalyzer.debug`                                    | Set to true to show KSPM node analyzer debug logging, which is useful for troubleshooting.                                                                                                  | `false`                                                                                                                                                               |
 | `nodeAnalyzer.kspmAnalyzer.image.repository`                         | Specifies the image repository to pull the  KSPM node analyzer from.                                                                                                                        | `sysdig/kspm-analyzer`                                                                                                                                                |
-| `nodeAnalyzer.kspmAnalyzer.image.tag`                                | Specifies the image tag for the KSPM node analyzer image to be pulled.                                                                                                                      | `1.36.0`                                                                                                                                                              |
+| `nodeAnalyzer.kspmAnalyzer.image.tag`                                | Specifies the image tag for the KSPM node analyzer image to be pulled.                                                                                                                      | `1.37.0`                                                                                                                                                              |
 | `nodeAnalyzer.kspmAnalyzer.image.digest`                             | Specifies the image digest to pull.                                                                                                                                                         | ` `                                                                                                                                                                   |
 | `nodeAnalyzer.kspmAnalyzer.image.pullPolicy`                         | Specifies the The image pull policy for the  KSPM node analyzer.                                                                                                                            | `""`                                                                                                                                                                  |
 | `nodeAnalyzer.kspmAnalyzer.http_proxy`                               | Sets `HTTP_PROXY` on the KSPM Analyzer container.                                                                                                                                           | `""`                                                                                                                                                                  |

diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### New Features
-- **node-analyzer** [09aa4ee7](https://github.com/sysdiglabs/charts/commit/09aa4ee720186daf8c0a9511891053e68b9cc3cd): Update legacy engine NIA component with security updates ([#1490](https://github.com/sysdiglabs/charts/issues/1490))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.18.7...node-analyzer-1.18.8
+### Chores
+- **node-analyzer** [be507e09](https://github.com/sysdiglabs/charts/commit/be507e09e99ea79486a8d881a611d239de126f30): bump KSPM to v1.37.0 ([#1510](https://github.com/sysdiglabs/charts/issues/1510))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.18.8...node-analyzer-1.18.9
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
@@ -420,7 +420,7 @@ nodeAnalyzer:
     debug: false
     image:
       repository: sysdig/kspm-analyzer
-      tag: 1.36.0
+      tag: 1.37.0
       digest:
       pullPolicy:
 

diff --git a/charts/registry-scanner/CHANGELOG.md b/charts/registry-scanner/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.1.23
+### Chores
+* **registry-scanner** [39d7ee0f](https://github.com/sysdiglabs/charts/commit/39d7ee0f1c2d9d5d44992f3a1467bc126872534c): Update to v0.2.60 ([#1512](https://github.com/sysdiglabs/charts/issues/1512))
 # v1.1.22
 ### Chores
 * **registry-scanner** [7d114fe8](https://github.com/sysdiglabs/charts/commit/7d114fe8cf822354dbc542f9ce845e216c08f70b): Update to v0.2.59 [ESC-3783] ([#1499](https://github.com/sysdiglabs/charts/issues/1499))

diff --git a/charts/registry-scanner/Chart.yaml b/charts/registry-scanner/Chart.yaml
@@ -4,8 +4,8 @@ description: Sysdig Registry Scanner
 type: application
 home: https://sysdiglabs.github.io/registry-scanner/
 icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
-version: 1.1.22
-appVersion: 0.2.59
+version: 1.1.23
+appVersion: 0.2.60
 maintainers:
   - name: giuse-sysdig
     email: [email protected]

diff --git a/charts/registry-scanner/README.md b/charts/registry-scanner/README.md
@@ -129,7 +129,7 @@ Use the following command to deploy:
 helm upgrade --install registry-scanner \
    --namespace sysdig-agent \
    --create-namespace \
-   --version=1.1.22  \
+   --version=1.1.23  \
    --set config.secureBaseURL=<SYSDIG_SECURE_URL> \
    --set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
    --set config.secureSkipTLS=true \

diff --git a/charts/registry-scanner/RELEASE-NOTES.md b/charts/registry-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### Chores
-- **registry-scanner** [7d114fe8](https://github.com/sysdiglabs/charts/commit/7d114fe8cf822354dbc542f9ce845e216c08f70b): Update to v0.2.59 [ESC-3783] ([#1499](https://github.com/sysdiglabs/charts/issues/1499))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.21...registry-scanner-1.1.22
+- **registry-scanner** [39d7ee0f](https://github.com/sysdiglabs/charts/commit/39d7ee0f1c2d9d5d44992f3a1467bc126872534c): Update to v0.2.60 ([#1512](https://github.com/sysdiglabs/charts/issues/1512))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.1.22...registry-scanner-1.1.23
diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.31.4
+### Chores
+* **sysdig-deploy** [1e046c81](https://github.com/sysdiglabs/charts/commit/1e046c81a725a256c1be3c4019013dc5695ae196): Automatic version bump due to updated dependencies ([#1509](https://github.com/sysdiglabs/charts/issues/1509))
 # v1.31.3
 ### Chores
 * **sysdig-deploy** [00089aab](https://github.com/sysdiglabs/charts/commit/00089aabee2145933a6ead25a8b4b6ade34168e4): Automatic version bump due to updated dependencies ([#1505](https://github.com/sysdiglabs/charts/issues/1505))

diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: sysdig-deploy
 description: A chart with various Sysdig components for Kubernetes
 type: application
-version: 1.31.3
+version: 1.31.4
 maintainers:
   - name: AlbertoBarba
     email: [email protected]
@@ -26,7 +26,7 @@ dependencies:
   - name: agent
     # repository: https://charts.sysdig.com
     repository: file://../agent
-    version: ~1.17.2
+    version: ~1.17.3
     alias: agent
     condition: agent.enabled
   - name: common
@@ -42,7 +42,7 @@ dependencies:
   - name: cluster-scanner
     # repository: https://charts.sysdig.com
     repository: file://../cluster-scanner
-    version: ~0.8.4
+    version: ~0.8.5
     alias: clusterScanner
     condition: clusterScanner.enabled
   - name: kspm-collector

diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### Chores
-- **sysdig-deploy** [00089aab](https://github.com/sysdiglabs/charts/commit/00089aabee2145933a6ead25a8b4b6ade34168e4): Automatic version bump due to updated dependencies ([#1505](https://github.com/sysdiglabs/charts/issues/1505))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.31.2...sysdig-deploy-1.31.3
+- **sysdig-deploy** [1e046c81](https://github.com/sysdiglabs/charts/commit/1e046c81a725a256c1be3c4019013dc5695ae196): Automatic version bump due to updated dependencies ([#1509](https://github.com/sysdiglabs/charts/issues/1509))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.31.3...sysdig-deploy-1.31.4