Merge remote-tracking branch 'origin' into bump-nodeanalyzer-to-1.44.18

sysdiglabs · Jan 2, 2025 · ace13ac · ace13ac
2 parents a480388 + d0e38d3
commit ace13ac
Show file tree

Hide file tree

Showing 46 changed files with 138 additions and 114 deletions.
diff --git a/.github/workflows/agent-release.yaml b/.github/workflows/agent-release.yaml
@@ -20,7 +20,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@v2.73.0
+        uses: updatecli/updatecli-action@v2.75.0
 
       - name: Run Updatecli in apply mode
         run: "updatecli apply --config .github/updatecli.d/config-agent-release.yaml"

diff --git a/.github/workflows/k8s-apis-deprecation.yml b/.github/workflows/k8s-apis-deprecation.yml
@@ -39,7 +39,7 @@ jobs:
 
       - name: "🛠️ Setup Pluto"
         # Pluto in the docs suggest to use master but would be better to tag a release version
-        uses: FairwindsOps/pluto/github-action@v5.20.3
+        uses: FairwindsOps/pluto/github-action@v5.21.0
 
       - name: "🔍 Inspecting ${{ matrix.charts_name }} against k8s ${{ matrix.k8s_version }}"
         id: inspecting

diff --git a/.github/workflows/kubectl-update.yaml b/.github/workflows/kubectl-update.yaml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@v2.73.0
+        uses: updatecli/updatecli-action@v2.75.0
 
       - name: Run Updatecli
         run: "updatecli apply --config .github/updatecli.d/config-update-bitnami-kubectl-image.yaml"

diff --git a/.github/workflows/update-sysdig-deploy-chart.yaml b/.github/workflows/update-sysdig-deploy-chart.yaml
@@ -43,7 +43,7 @@ jobs:
 
       - name: Create Pull Request
         if: steps.dependent_files.outputs.any_changed == 'true'
-        uses: peter-evans/[email protected].5
+        uses: peter-evans/[email protected].6
         with:
           title: "chore(sysdig-deploy): Automatic version bump due to updated dependencies"
           base: main

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -17,7 +17,7 @@ repos:
     entry: make unittest
     language: system
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.2.0
+  rev: v5.0.0
   hooks:
     - id: trailing-whitespace
     - id: end-of-file-fixer

diff --git a/charts/agent/CHANGELOG.md b/charts/agent/CHANGELOG.md
@@ -10,6 +10,18 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.34.5
+### New Features
+* **agent,shield** [d8414740](https://github.com/sysdiglabs/charts/commit/d8414740491a7fc39ba85b72ad08d4792e94b734): release agent 13.7.1 ([#2094](https://github.com/sysdiglabs/charts/issues/2094))
+# v1.34.4
+### Chores
+* **ci** [e3167692](https://github.com/sysdiglabs/charts/commit/e316769250d0ab94519de59436be0d16fb5df3e1): bump bitnami/kubectl image references ([#2053](https://github.com/sysdiglabs/charts/issues/2053))
+# v1.34.3
+### Chores
+* **agent** [ed886c9a](https://github.com/sysdiglabs/charts/commit/ed886c9a60c57fa10c90b9dd90fa1ee3433e70d0): Bump Windows Agent release to 1.3.1 ([#2085](https://github.com/sysdiglabs/charts/issues/2085))
+# v1.34.2
+### New Features
+* **agent** [a65d52c3](https://github.com/sysdiglabs/charts/commit/a65d52c363277573f7c6b70dab172e065c38f59f): REVERT [SMAGENT-8138] add full securityContext to agent charts ([#2084](https://github.com/sysdiglabs/charts/issues/2084))
 # v1.34.1
 ### New Features
 * **agent** [550c06fa](https://github.com/sysdiglabs/charts/commit/550c06fad7140b7e98d6063ba61337be4341498a): [SMAGENT-8138] add full securityContext to agent charts ([#2017](https://github.com/sysdiglabs/charts/issues/2017))

diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 13.7.0
+appVersion: 13.7.1
 dependencies:
 - name: common
   repository: file://../common
@@ -30,4 +30,4 @@ sources:
 - https://app.sysdigcloud.com/#/settings/user
 - https://github.com/draios/sysdig
 type: application
-version: 1.34.1
+version: 1.34.5
diff --git a/charts/agent/RELEASE-NOTES.md b/charts/agent/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### New Features
-- **agent** [550c06fa](https://github.com/sysdiglabs/charts/commit/550c06fad7140b7e98d6063ba61337be4341498a): [SMAGENT-8138] add full securityContext to agent charts ([#2017](https://github.com/sysdiglabs/charts/issues/2017))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.34.0...agent-1.34.1
+- **agent,shield** [d8414740](https://github.com/sysdiglabs/charts/commit/d8414740491a7fc39ba85b72ad08d4792e94b734): release agent 13.7.1 ([#2094](https://github.com/sysdiglabs/charts/issues/2094))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.34.4...agent-1.34.5
diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
@@ -690,14 +690,8 @@ annotations:
 privileged: true
 runAsNonRoot: false
 runAsUser: 0
-runAsGroup: 0
 readOnlyRootFilesystem: false
 allowPrivilegeEscalation: true
-capabilities:
-  drop:
-    - ALL
-  add:
-    - ALL
 {{- else }}
 allowPrivilegeEscalation: false
 seccompProfile:

diff --git a/charts/agent/templates/daemonset-windows.yaml b/charts/agent/templates/daemonset-windows.yaml
@@ -30,16 +30,6 @@ spec:
         {{ toYaml .Values.global.image.pullSecrets | nindent 8 }}
       {{- end }}
       securityContext:
-        privileged: true
-        {{- if ( semverCompare ">= 1.31.0" (.Capabilities.KubeVersion.GitVersion )) }}
-        runAsNonRoot: false
-        runAsGroup: 0
-        {{- end }}
-        readOnlyRootFilesystem: false
-        allowPrivilegeEscalation: true
-        capabilities:
-          add:
-            - ALL
         windowsOptions:
           hostProcess: true
           runAsUserName: "NT AUTHORITY\\SYSTEM"

diff --git a/charts/agent/templates/daemonset.yaml b/charts/agent/templates/daemonset.yaml
@@ -78,15 +78,9 @@ spec:
           securityContext:
             privileged: true
             runAsNonRoot: false
-            runAsGroup: 0
             runAsUser: 0
             readOnlyRootFilesystem: false
             allowPrivilegeEscalation: true
-            capabilities:
-              drop:
-                - ALL
-              add:
-                - ALL
           resources:
             {{- if (include "agent.gke.autopilot" .) }}
               {{- $resources := merge .Values.slim.resources (dict "requests" (dict "ephemeral-storage" .Values.gke.ephemeralStorage))}}

diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml
@@ -69,12 +69,8 @@ spec:
             privileged: true
             runAsNonRoot: false
             runAsUser: 0
-            runAsGroup: 0
             readOnlyRootFilesystem: false
             allowPrivilegeEscalation: true
-            capabilities:
-              add:
-                - ALL
           env:
           - name: RUN_MODE
             value: nodriver

diff --git a/charts/agent/tests/readiness_probe_windows_test.yaml b/charts/agent/tests/readiness_probe_windows_test.yaml
@@ -19,9 +19,6 @@ kubernetesProvider:
 tests:
 
   - it: "Windows Agent Probes (agent < 1.3.0)"
-    capabilities:
-      majorVersion: 1
-      minorVersion: 31
     set:
       windows:
         enabled: true

diff --git a/charts/agent/tests/security_context_test.yaml b/charts/agent/tests/security_context_test.yaml
@@ -29,12 +29,6 @@ tests:
             readOnlyRootFilesystem: false
             runAsNonRoot: false
             runAsUser: 0
-            runAsGroup: 0
-            capabilities:
-              drop:
-                - ALL
-              add:
-                - ALL
 
   - it: Ensure the securityContext for a non-privileged agent contains the keys defined
     set:
@@ -131,35 +125,3 @@ tests:
                 - SYS_TIME
                 - SYS_TTY_CONFIG
                 - WAKE_ALARM
-
-  - it: Ensure the securityContext contains the mandatory keys
-    asserts:
-      - isSubset:
-          path: spec.template.spec['initContainers','containers'][:].securityContext.capabilities
-          content:
-            drop:
-              - ALL
-      - exists:
-          path: spec.template.spec.initContainers[:].securityContext.runAsNonRoot
-      - exists:
-          path: spec.template.spec.containers[:].securityContext.runAsNonRoot
-      - exists:
-          path: spec.template.spec.initContainers[:].securityContext.runAsUser
-      - exists:
-          path: spec.template.spec.containers[:].securityContext.runAsUser
-      - exists:
-          path: spec.template.spec.initContainers[:].securityContext.runAsGroup
-      - exists:
-          path: spec.template.spec.containers[:].securityContext.runAsGroup
-      - exists:
-          path: spec.template.spec.initContainers[:].securityContext.privileged
-      - exists:
-          path: spec.template.spec.containers[:].securityContext.privileged
-      - exists:
-          path: spec.template.spec.initContainers[:].securityContext.allowPrivilegeEscalation
-      - exists:
-          path: spec.template.spec.containers[:].securityContext.allowPrivilegeEscalation
-      - exists:
-          path: spec.template.spec.initContainers[:].securityContext.readOnlyRootFilesystem
-      - exists:
-          path: spec.template.spec.containers[:].securityContext.readOnlyRootFilesystem
diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
@@ -51,7 +51,7 @@ image:
   overrideValue: null
   registry: quay.io
   repository: sysdig/agent
-  tag: 13.7.0
+  tag: 13.7.1
   # Specify a imagePullPolicy
   # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
   # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -68,7 +68,7 @@ windows:
   image:
     registry: quay.io
     repository: sysdig/agent-windows
-    tag: 1.3.0
+    tag: 1.3.1
     # Specify an imagePullPolicy
     # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
     # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -401,7 +401,7 @@ tests:
   timeout: 300s
   image:
     repo: bitnami/kubectl
-    tag: 1.31.2
+    tag: 1.32.0
 # Allow to modify DNS policy
 dnsPolicy: null
 customSecurityContext: {}
diff --git a/charts/kspm-collector/CHANGELOG.md b/charts/kspm-collector/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.17.1
+### Chores
+* **ci** [e3167692](https://github.com/sysdiglabs/charts/commit/e316769250d0ab94519de59436be0d16fb5df3e1): bump bitnami/kubectl image references ([#2053](https://github.com/sysdiglabs/charts/issues/2053))
 # v0.17.0
 ### Chores
 * **kspm-collector,node-analyzer** [5189fe6b](https://github.com/sysdiglabs/charts/commit/5189fe6b544cc097d10e803cb88e5653b22f1a81): release kspm-collector & node-analyzer ([#2020](https://github.com/sysdiglabs/charts/issues/2020))

diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: kspm-collector
 description: Sysdig KSPM collector
-version: 0.17.0
+version: 0.17.1
 appVersion: 1.39.6
 keywords:
   - monitoring

diff --git a/charts/kspm-collector/RELEASE-NOTES.md b/charts/kspm-collector/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### Chores
-- **kspm-collector,node-analyzer** [5189fe6b](https://github.com/sysdiglabs/charts/commit/5189fe6b544cc097d10e803cb88e5653b22f1a81): release kspm-collector & node-analyzer ([#2020](https://github.com/sysdiglabs/charts/issues/2020))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/kspm-collector-0.16.6...kspm-collector-0.17.0
+- **ci** [e3167692](https://github.com/sysdiglabs/charts/commit/e316769250d0ab94519de59436be0d16fb5df3e1): bump bitnami/kubectl image references ([#2053](https://github.com/sysdiglabs/charts/issues/2053))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/kspm-collector-0.17.0...kspm-collector-0.17.1
diff --git a/charts/kspm-collector/values.yaml b/charts/kspm-collector/values.yaml
@@ -217,4 +217,4 @@ tests:
   timeout: 300s
   image:
     repo: bitnami/kubectl
-    tag: 1.31.2
+    tag: 1.32.0
diff --git a/charts/node-analyzer/CHANGELOG.md b/charts/node-analyzer/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.33.5
+### Chores
+* **ci** [e3167692](https://github.com/sysdiglabs/charts/commit/e316769250d0ab94519de59436be0d16fb5df3e1): bump bitnami/kubectl image references ([#2053](https://github.com/sysdiglabs/charts/issues/2053))
 # v1.33.4
 ### Bug Fixes
 * **node-analyzer** [f45ed3bc](https://github.com/sysdiglabs/charts/commit/f45ed3bcdda05cd59582b5ac1553af9e4ef06cc5): Fix path execution node-analyzer ([#2079](https://github.com/sysdiglabs/charts/issues/2079))

diff --git a/charts/node-analyzer/RELEASE-NOTES.md b/charts/node-analyzer/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
-### Bug Fixes
-- **node-analyzer** [f45ed3bc](https://github.com/sysdiglabs/charts/commit/f45ed3bcdda05cd59582b5ac1553af9e4ef06cc5): Fix path execution node-analyzer ([#2079](https://github.com/sysdiglabs/charts/issues/2079))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.33.3...node-analyzer-1.33.4
+### Chores
+- **ci** [e3167692](https://github.com/sysdiglabs/charts/commit/e316769250d0ab94519de59436be0d16fb5df3e1): bump bitnami/kubectl image references ([#2053](https://github.com/sysdiglabs/charts/issues/2053))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/node-analyzer-1.33.4...node-analyzer-1.33.5
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
@@ -536,7 +536,7 @@ tests:
   timeout: 300s
   image:
     repo: bitnami/kubectl
-    tag: 1.31.2
+    tag: 1.32.0
 
 # Allow to modify DNS policy
 dnsPolicy: null

diff --git a/charts/rapid-response/CHANGELOG.md b/charts/rapid-response/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.9.14
+### Chores
+* **ci** [e3167692](https://github.com/sysdiglabs/charts/commit/e316769250d0ab94519de59436be0d16fb5df3e1): bump bitnami/kubectl image references ([#2053](https://github.com/sysdiglabs/charts/issues/2053))
 # v0.9.13
 ### Chores
 * **rapid-response** [39e26066](https://github.com/sysdiglabs/charts/commit/39e2606640baf7db7d73bc754de2178e457885ec): bump rapid-response version to 0.5.1 ([#2081](https://github.com/sysdiglabs/charts/issues/2081))

diff --git a/charts/rapid-response/Chart.yaml b/charts/rapid-response/Chart.yaml
@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.13
+version: 0.9.14
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

diff --git a/charts/rapid-response/RELEASE-NOTES.md b/charts/rapid-response/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### Chores
-- **rapid-response** [39e26066](https://github.com/sysdiglabs/charts/commit/39e2606640baf7db7d73bc754de2178e457885ec): bump rapid-response version to 0.5.1 ([#2081](https://github.com/sysdiglabs/charts/issues/2081))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/rapid-response-0.9.12...rapid-response-0.9.13
+- **ci** [e3167692](https://github.com/sysdiglabs/charts/commit/e316769250d0ab94519de59436be0d16fb5df3e1): bump bitnami/kubectl image references ([#2053](https://github.com/sysdiglabs/charts/issues/2053))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/rapid-response-0.9.13...rapid-response-0.9.14
diff --git a/charts/rapid-response/values.yaml b/charts/rapid-response/values.yaml
@@ -224,4 +224,4 @@ tests:
   timeout: 300s
   image:
     repo: bitnami/kubectl
-    tag: 1.31.2
+    tag: 1.32.0
diff --git a/charts/registry-scanner/CHANGELOG.md b/charts/registry-scanner/CHANGELOG.md
@@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v1.6.1
+### Chores
+* **registry-scanner** [4a9364e6](https://github.com/sysdiglabs/charts/commit/4a9364e65e785027276a17b80d473c6a79802acc): Update to v0.7.1 ([#2095](https://github.com/sysdiglabs/charts/issues/2095))
+# v1.6.0
+### Chores
+* **registry-scanner** [f0502afd](https://github.com/sysdiglabs/charts/commit/f0502afd7d1c14a81b2ee30e8a61ac39f1ef0684): Update to v0.7.0 ([#2083](https://github.com/sysdiglabs/charts/issues/2083))
 # v1.5.1
 ### Chores
 * **registry-scanner** [01f5be70](https://github.com/sysdiglabs/charts/commit/01f5be701753c8e6b802a7ded3e619a8ed589cc4): Update to v0.6.1 ([#2024](https://github.com/sysdiglabs/charts/issues/2024))

diff --git a/charts/registry-scanner/Chart.yaml b/charts/registry-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Registry Scanner
 type: application
 home: https://www.sysdig.com/
 icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
-version: 1.5.1
-appVersion: 0.6.1
+version: 1.6.1
+appVersion: 0.7.1
 maintainers:
   - name: sysdiglabs
diff --git a/charts/registry-scanner/README.md b/charts/registry-scanner/README.md
@@ -135,7 +135,7 @@ Use the following command to deploy:
 helm upgrade --install registry-scanner \
    --namespace sysdig-agent \
    --create-namespace \
-   --version=1.5.1 \
+   --version=1.6.1 \
    --set config.secureBaseURL=<SYSDIG_SECURE_URL> \
    --set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
    --set config.secureSkipTLS=true \

diff --git a/charts/registry-scanner/RELEASE-NOTES.md b/charts/registry-scanner/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### Chores
-- **registry-scanner** [01f5be70](https://github.com/sysdiglabs/charts/commit/01f5be701753c8e6b802a7ded3e619a8ed589cc4): Update to v0.6.1 ([#2024](https://github.com/sysdiglabs/charts/issues/2024))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.5.0...registry-scanner-1.5.1
+- **registry-scanner** [4a9364e6](https://github.com/sysdiglabs/charts/commit/4a9364e65e785027276a17b80d473c6a79802acc): Update to v0.7.1 ([#2095](https://github.com/sysdiglabs/charts/issues/2095))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/registry-scanner-1.6.0...registry-scanner-1.6.1
diff --git a/charts/shield/CHANGELOG.md b/charts/shield/CHANGELOG.md
@@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.4.2
+### New Features
+* **agent,shield** [d8414740](https://github.com/sysdiglabs/charts/commit/d8414740491a7fc39ba85b72ad08d4792e94b734): release agent 13.7.1 ([#2094](https://github.com/sysdiglabs/charts/issues/2094))
+# v0.4.1
+### New Features
+* **shield** [25c29f18](https://github.com/sysdiglabs/charts/commit/25c29f182afa6d910e552f8f70c5d86f5c09c2bc): allow to override capabilities [SMAGENT-8408] ([#2077](https://github.com/sysdiglabs/charts/issues/2077))
 # v0.4.0
 ### Chores
 * **shield** [897b64ed](https://github.com/sysdiglabs/charts/commit/897b64ede6de8b2bc9d13e40bf7c909bfb52ba5f): bump cluster-shield to v1.6.0 ([#2075](https://github.com/sysdiglabs/charts/issues/2075))

diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: [email protected]
 type: application
-version: 0.4.0
+version: 0.4.2
 appVersion: "1.0.0"