Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/secretless setup #604

Merged
merged 3 commits into from
Jan 31, 2025
Merged

Feature/secretless setup #604

merged 3 commits into from
Jan 31, 2025

Conversation

slashben
Copy link
Contributor

This pull request introduces several changes to the kubescape-operator Helm chart, primarily focusing on enhancing the security capabilities and updating configuration options. The key changes include adding conditional logic for secret access, updating resource permissions, and modifying configuration values.

Enhancements to Security Capabilities:

  • Updated clusterrole.yaml and operator/clusterrole.yaml to conditionally include secrets in the resource list if enableClusterWideSecretAccess is enabled. [1] [2]
  • Added a warning message in NOTES.txt to inform users when both nodeSbomGeneration and enableClusterWideSecretAccess are disabled, limiting vulnerability scanning to public repositories only.

Configuration Updates:

  • Added enableClusterWideSecretAccess to values.yaml with a default value of true, allowing cluster-wide secret access for vulnerability scanning.

Test Snapshots:

  • Modified multiple test snapshots in snapshot_test.yaml.snap to reflect the changes in resource permissions, particularly the conditional inclusion of secrets. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]

Minor Text Corrections:

  • Corrected typographical errors in values.yaml related to the helmReleaseUpgrader section. [1] [2]
  • Added extra blank lines in the continuousScanning section of values.yaml for better readability.

@slashben slashben requested a review from matthyx January 28, 2025 15:03
matthyx
matthyx previously approved these changes Jan 31, 2025
Signed-off-by: Ben <ben@armosec.io>
Signed-off-by: Ben <ben@armosec.io>
@matthyx matthyx force-pushed the feature/secretless-setup branch from 0c966d9 to 0add58a Compare January 31, 2025 06:54
@matthyx matthyx merged commit 51949ab into main Jan 31, 2025
7 checks passed
@matthyx matthyx deleted the feature/secretless-setup branch January 31, 2025 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants