From e47d3f7b3536dc46168efbcdca1fbdf0ba71a6a1 Mon Sep 17 00:00:00 2001 From: chenk Date: Wed, 24 Apr 2024 11:26:39 +0300 Subject: [PATCH] release: prepare v0.20.1 (#2038) Signed-off-by: chenk --- CONTRIBUTING.md | 6 +-- RELEASING.md | 10 ++--- deploy/helm/Chart.yaml | 4 +- deploy/helm/README.md | 2 +- deploy/helm/templates/specs/cis-1.23.yaml | 2 +- deploy/helm/templates/specs/nsa-1.0.yaml | 2 +- deploy/helm/templates/specs/pss-baseline.yaml | 2 +- .../helm/templates/specs/pss-restricted.yaml | 2 +- deploy/static/namespace.yaml | 2 +- deploy/static/trivy-operator.yaml | 38 +++++++++---------- docs/docs/crds/clustercompliance-report.md | 2 +- docs/docs/crds/configaudit-report.md | 2 +- docs/docs/crds/exposedsecret-report.md | 2 +- docs/docs/crds/rbacassessment-report.md | 2 +- .../caching_scan_results_by_repo_digest.md | 4 +- docs/docs/design/design_compliance_report.md | 4 +- .../design_starboard_at_scale.excalidraw | 4 +- .../design_trivy_file_system_scanner.md | 6 +-- ..._scan_job_in_same_namespace_of_workload.md | 6 +-- docs/docs/design/ttl_scans.md | 4 +- docs/getting-started/installation/olm.md | 18 +++++++-- docs/tutorials/private-registries.md | 2 +- mkdocs.yml | 4 +- tests/itest/helper/helper.go | 2 +- 24 files changed, 72 insertions(+), 60 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6fac2f933..aa4917865 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -344,8 +344,8 @@ chart, then run `mage generate:docs` to ensure the helm docs are up-to-date. To install [Operator Lifecycle Manager] (OLM) run: ``` -kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.0/crds.yaml -kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.0/olm.yaml +kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.1/crds.yaml +kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.1/olm.yaml ``` or @@ -353,7 +353,7 @@ or ``` curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.4/install.sh -o install.sh chmod +x install.sh -./install.sh v0.20.0 +./install.sh v0.20.1 ``` ### Build the Catalog Image diff --git a/RELEASING.md b/RELEASING.md index 2700c2438..5d93d5343 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -46,17 +46,17 @@ 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow ```sh - git tag -v0.20.0 -m 'Release v0.20.0' - git push upstream v0.20.0 + git tag -v0.20.1 -m 'Release v0.20.1' + git push upstream v0.20.1 ``` 6. Verify that the `release` workflow has built and published the following artifacts 1. Trivy-operator container images published to DockerHub - `docker.io/aquasec/trivy-operator:0.20.0` + `docker.io/aquasec/trivy-operator:0.20.1` 2. Trivy-operator container images published to Amazon ECR Public Gallery - `public.ecr.aws/aquasecurity/trivy-operator:0.20.0` + `public.ecr.aws/aquasecurity/trivy-operator:0.20.1` 3. Trivy-operator container images published to GitHub Container Registry - `ghcr.io/aquasecurity/trivy-operator:0.20.0` + `ghcr.io/aquasecurity/trivy-operator:0.20.1` 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository. diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 5b09f5869..e1c31cd9a 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -6,12 +6,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.22.0 +version: 0.22.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.20.0 +appVersion: 0.20.1 # kubeVersion: A SemVer range of compatible Kubernetes versions (optional) diff --git a/deploy/helm/README.md b/deploy/helm/README.md index 957f06407..efe15f5ec 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -1,6 +1,6 @@ # trivy-operator -![Version: 0.22.0](https://img.shields.io/badge/Version-0.22.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.20.0](https://img.shields.io/badge/AppVersion-0.20.0-informational?style=flat-square) +![Version: 0.22.1](https://img.shields.io/badge/Version-0.22.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.20.1](https://img.shields.io/badge/AppVersion-0.20.1-informational?style=flat-square) Keeps security report resources updated diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml index c73284a50..dbbda184a 100644 --- a/deploy/helm/templates/specs/cis-1.23.yaml +++ b/deploy/helm/templates/specs/cis-1.23.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.20.0 + app.kubernetes.io/version: 0.20.1 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote}} diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml index 2bcf9e68f..990abaf96 100644 --- a/deploy/helm/templates/specs/nsa-1.0.yaml +++ b/deploy/helm/templates/specs/nsa-1.0.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml index 27e6887de..ccb884777 100644 --- a/deploy/helm/templates/specs/pss-baseline.yaml +++ b/deploy/helm/templates/specs/pss-baseline.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.20.0 + app.kubernetes.io/version: 0.20.1 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml index a06acd5eb..933c31a7f 100644 --- a/deploy/helm/templates/specs/pss-restricted.yaml +++ b/deploy/helm/templates/specs/pss-restricted.yaml @@ -5,7 +5,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: 0.20.0 + app.kubernetes.io/version: 0.20.1 app.kubernetes.io/managed-by: kubectl spec: cron: {{ .Values.compliance.cron | quote }} diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml index 667cd6d81..d674ebf8f 100644 --- a/deploy/static/namespace.yaml +++ b/deploy/static/namespace.yaml @@ -6,5 +6,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml index 75eba6948..398302b91 100644 --- a/deploy/static/trivy-operator.yaml +++ b/deploy/static/trivy-operator.yaml @@ -2919,7 +2919,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl --- # Source: trivy-operator/templates/configmaps/operator.yaml @@ -2931,7 +2931,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl data: nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]" @@ -2955,7 +2955,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl data: --- @@ -2968,7 +2968,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl data: OPERATOR_LOG_DEV_MODE: "false" @@ -3020,7 +3020,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl data: trivy.repository: "ghcr.io/aquasecurity/trivy" @@ -3056,7 +3056,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl data: --- @@ -3069,7 +3069,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl data: --- @@ -3082,7 +3082,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl spec: replicas: 1 @@ -3102,7 +3102,7 @@ spec: automountServiceAccountToken: true containers: - name: "trivy-operator" - image: "ghcr.io/aquasecurity/trivy-operator:0.20.0" + image: "ghcr.io/aquasecurity/trivy-operator:0.20.1" imagePullPolicy: IfNotPresent env: - name: OPERATOR_NAMESPACE @@ -3163,7 +3163,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl spec: clusterIP: None @@ -3554,7 +3554,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3575,7 +3575,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3602,7 +3602,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3622,7 +3622,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl rules: - apiGroups: @@ -3652,7 +3652,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl roleRef: apiGroup: rbac.authorization.k8s.io @@ -3672,7 +3672,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3697,7 +3697,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3722,7 +3722,7 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -3747,5 +3747,5 @@ metadata: labels: app.kubernetes.io/name: trivy-operator app.kubernetes.io/instance: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" app.kubernetes.io/managed-by: kubectl diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md index 3d370d5f0..ef3e6f278 100644 --- a/docs/docs/crds/clustercompliance-report.md +++ b/docs/docs/crds/clustercompliance-report.md @@ -1346,7 +1346,7 @@ status: "app.kubernetes.io/instance": "trivy-operator", "app.kubernetes.io/managed-by": "kubectl", "app.kubernetes.io/name": "trivy-operator", - "app.kubernetes.io/version": "0.20.0" + "app.kubernetes.io/version": "0.20.1" }, "name": "cis", "resourceVersion": "8985", diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md index 49562fdeb..a303cd904 100644 --- a/docs/docs/crds/configaudit-report.md +++ b/docs/docs/crds/configaudit-report.md @@ -34,7 +34,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.20.0' + version: '0.20.1' summary: criticalCount: 2 highCount: 0 diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md index 2bf176b89..f399b7db2 100644 --- a/docs/docs/crds/exposedsecret-report.md +++ b/docs/docs/crds/exposedsecret-report.md @@ -33,7 +33,7 @@ metadata: report: artifact: repository: myimagewithsecret - tag: v0.20.0 + tag: v0.20.1 registry: server: index.docker.io scanner: diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md index ae9d1fef8..1f9ffcdaa 100644 --- a/docs/docs/crds/rbacassessment-report.md +++ b/docs/docs/crds/rbacassessment-report.md @@ -176,7 +176,7 @@ report: scanner: name: Trivy vendor: Aqua Security - version: '0.20.0' + version: '0.20.1' summary: criticalCount: 1 highCount: 0 diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md index b50a2f2e2..df7fb2c22 100644 --- a/docs/docs/design/caching_scan_results_by_repo_digest.md +++ b/docs/docs/design/caching_scan_results_by_repo_digest.md @@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili a gate. * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports. -[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.20.0/integrations/vulnerability-scanners/trivy/#standalone -[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.20.0/integrations/vulnerability-scanners/trivy/#clientserver +[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.20.1/integrations/vulnerability-scanners/trivy/#standalone +[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.20.1/integrations/vulnerability-scanners/trivy/#clientserver diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md index b5c23c487..98c0a9baf 100644 --- a/docs/docs/design/design_compliance_report.md +++ b/docs/docs/design/design_compliance_report.md @@ -542,7 +542,7 @@ metadata: name: clustercompliancereports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" spec: group: aquasecurity.github.io scope: Cluster @@ -678,7 +678,7 @@ metadata: name: clustercompliancedetailreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: trivy-operator - app.kubernetes.io/version: "0.20.0" + app.kubernetes.io/version: "0.20.1" spec: group: aquasecurity.github.io versions: diff --git a/docs/docs/design/design_starboard_at_scale.excalidraw b/docs/docs/design/design_starboard_at_scale.excalidraw index 35c329c49..e8298e145 100644 --- a/docs/docs/design/design_starboard_at_scale.excalidraw +++ b/docs/docs/design/design_starboard_at_scale.excalidraw @@ -11835,7 +11835,7 @@ "versionNonce": 596868769, "isDeleted": false, "boundElementIds": null, - "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.20.0\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", + "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n name: scan-vulnerabilityreport-\n namespace: trivy-system\nspec:\n template:\n spec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.20.1\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n restartPolicy: Never\n backoffLimit: 1", "fontSize": 20, "fontFamily": 3, "textAlign": "left", @@ -11895,7 +11895,7 @@ "boundElementIds": [], "fontSize": 20, "fontFamily": 3, - "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.20.0\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", + "text": "apiVersion: v1\nkind: Pod\nmetadata:\n name: scan-vulnerabilityreport--\n namespace: trivy-system\nspec:\n containers:\n - name: nginx\n image: aquasec/trivy:0.20.1\n command: [\"trivy\", \"image\", \"nginx:1.16\"]\n", "baseline": 259, "textAlign": "left", "verticalAlign": "top" diff --git a/docs/docs/design/design_trivy_file_system_scanner.md b/docs/docs/design/design_trivy_file_system_scanner.md index a2637491a..392401c3a 100644 --- a/docs/docs/design/design_trivy_file_system_scanner.md +++ b/docs/docs/design/design_trivy_file_system_scanner.md @@ -117,10 +117,10 @@ spec: emptyDir: { } initContainers: # The trivy-get-binary init container is used to copy out the trivy executable - # binary from the upstream Trivy container image, i.e. aquasec/trivy:0.20.0, + # binary from the upstream Trivy container image, i.e. aquasec/trivy:0.20.1, # to a shared emptyDir volume. - name: trivy-get-binary - image: aquasec/trivy:0.20.0 + image: aquasec/trivy:0.20.1 command: - cp - -v @@ -135,7 +135,7 @@ spec: # This won't be required once Trivy supports ClientServer mode # for the fs subcommand. - name: trivy-download-db - image: aquasec/trivy:0.20.0 + image: aquasec/trivy:0.20.1 command: - /var/trivy-operator/trivy - --download-db-only diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md index fd874dd6b..f47ce3bd5 100644 --- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md +++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md @@ -167,7 +167,7 @@ spec: emptyDir: { } initContainers: - name: trivy-get-binary - image: aquasec/trivy:0.20.0 + image: aquasec/trivy:0.20.1 command: - cp - -v @@ -177,7 +177,7 @@ spec: - name: scan-volume mountPath: /var/trivy-operator - name: trivy-download-db - image: aquasec/trivy:0.20.0 + image: aquasec/trivy:0.20.1 command: - /var/trivy-operator/trivy - --download-db-only @@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster then scan job will be blocked due to the PSP. -[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.20.0/integrations/managed-registries/#amazon-elastic-container-registry-ecr +[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.20.1/integrations/managed-registries/#amazon-elastic-container-registry-ecr [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md diff --git a/docs/docs/design/ttl_scans.md b/docs/docs/design/ttl_scans.md index d33ab4de7..a99f10b65 100644 --- a/docs/docs/design/ttl_scans.md +++ b/docs/docs/design/ttl_scans.md @@ -44,13 +44,13 @@ metadata: report: artifact: repository: fluxcd/source-controller - tag: v0.20.0 + tag: v0.20.1 registry: server: ghcr.io scanner: name: Trivy vendor: Aqua Security - version: 0.20.0 + version: 0.20.1 summary: criticalCount: 0 highCount: 0 diff --git a/docs/getting-started/installation/olm.md b/docs/getting-started/installation/olm.md index f5291049c..11e270654 100644 --- a/docs/getting-started/installation/olm.md +++ b/docs/getting-started/installation/olm.md @@ -10,17 +10,21 @@ As an example, let's install the Operator from the OperatorHub catalog in the `t configure it to watch the `default` namespaces: 1. Install the Operator Lifecycle Manager: + ``` - curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.0/install.sh -o install.sh + curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.1/install.sh -o install.sh chmod +x install.sh - ./install.sh v0.20.0 + ./install.sh v0.20.1 ``` 2. Create the namespace to install the operator in: + ``` kubectl create ns trivy-system ``` + 3. Create the OperatorGroup to select all namespaces: + ``` cat << EOF | kubectl apply -f - apiVersion: operators.coreos.com/v1 @@ -30,7 +34,9 @@ configure it to watch the `default` namespaces: namespace: trivy-system EOF ``` + 4. Install the operator by creating the Subscription: + ``` cat << EOF | kubectl apply -f - apiVersion: operators.coreos.com/v1alpha1 @@ -50,23 +56,29 @@ configure it to watch the `default` namespaces: value: "kube-system" EOF ``` + The operator will be installed in the `trivy-system` namespace and will select all namespaces, except - `kube-system` and `trivy-system`. + `kube-system` and `trivy-system`. 5. After install, watch the operator come up using the following command: + ```console $ kubectl get clusterserviceversions -n trivy-system NAME DISPLAY VERSION REPLACES PHASE trivy-operator.{{ git.tag }} Trivy Operator {{ git.tag[1:] }} trivy-operator.{{ var.prev_git_tag }} Succeeded ``` + If the above command succeeds and the ClusterServiceVersion has transitioned from `Installing` to `Succeeded` phase you will also find the operator's Deployment in the same namespace where the Subscription is: + ```console $ kubectl get deployments -n trivy-system NAME READY UP-TO-DATE AVAILABLE AGE trivy-operator 1/1 1 1 11m ``` + If for some reason it's not ready yet, check the logs of the Deployment for errors: + ``` kubectl logs deployment/trivy-operator -n trivy-system ``` diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md index 9ad3adf3d..2f265c5bd 100644 --- a/docs/tutorials/private-registries.md +++ b/docs/tutorials/private-registries.md @@ -303,4 +303,4 @@ data: The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry. -For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.20.0/docs/vulnerability-scanning/managed-registries/) +For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.20.1/docs/vulnerability-scanning/managed-registries/) diff --git a/mkdocs.yml b/mkdocs.yml index 54e8c93c5..a414c587e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -90,8 +90,8 @@ extra: provider: mike default: latest var: - prev_git_tag: "v0.19.4" - chart_version: "0.22.0" + prev_git_tag: "v0.20.0" + chart_version: "0.22.1" social: - icon: fontawesome/brands/twitter link: https://twitter.com/AquaTrivy diff --git a/tests/itest/helper/helper.go b/tests/itest/helper/helper.go index 6cb5683b1..0d9e3c3e5 100644 --- a/tests/itest/helper/helper.go +++ b/tests/itest/helper/helper.go @@ -236,7 +236,7 @@ var ( trivyScanner = v1alpha1.Scanner{ Name: v1alpha1.ScannerNameTrivy, Vendor: "Aqua Security", - Version: "0.20.0", + Version: "0.20.1", } )