diff --git a/Makefile b/Makefile index d100f78d46..55e972b74e 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ export IMAGE_REPOSITORY?=quay.io/deepfenceio export DF_IMG_TAG?=latest export STEAMPIPE_IMG_TAG?=0.23.x export IS_DEV_BUILD?=false -export VERSION?=v2.5.2 +export VERSION?=v2.5.3 export AGENT_BINARY_BUILD=$(DEEPFENCE_FARGATE_DIR)/build export AGENT_BINARY_BUILD_RELATIVE=deepfence_agent/agent-binary/build export AGENT_BINARY_DIST=$(DEEPFENCE_FARGATE_DIR)/dist diff --git a/README.md b/README.md index 6e8e0912fc..04db41ed79 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,9 @@ # ThreatMapper - Runtime Threat Management and Attack Path Enumeration for Cloud Native +> [!IMPORTANT] +> [Upcoming Changes to ThreatMapper Threat Intel Feeds](https://www.deepfence.io/blog/upcoming-changes-to-threatmapper-threat-intel-feeds-what-you-need-to-know) + Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk-of-exploit. It uncovers vulnerable software components, exposed secrets and deviations from good security practice. ThreatMapper uses a combination of agent-based inspection and agent-less monitoring to provide the widest possible coverage to detect threats. With ThreatMapper's **ThreatGraph** visualization, you can then identify the issues that present the greatest risk to the security of your applications, and prioritize these for planned protection or remediation. @@ -93,10 +96,10 @@ docker run -dit \ -e http_proxy="" \ -e https_proxy="" \ -e no_proxy="" \ - quay.io/deepfenceio/deepfence_agent_ce:2.5.2 + quay.io/deepfenceio/deepfence_agent_ce:2.5.3 ``` -Note: Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.5.2-multiarch` is supported in amd64 and arm64/v8 architectures. +Note: Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.5.3-multiarch` is supported in amd64 and arm64/v8 architectures. On a Kubernetes platform, the sensors are installed using [helm chart](https://community.deepfence.io/threatmapper/docs/v2.5/sensors/kubernetes/) diff --git a/deepfence_server/apiDocs/operation.go b/deepfence_server/apiDocs/operation.go index 38e569e8f3..b8c34e5c1e 100644 --- a/deepfence_server/apiDocs/operation.go +++ b/deepfence_server/apiDocs/operation.go @@ -895,6 +895,13 @@ func (d *OpenAPIDocs) AddSettingsOperations() { d.AddOperation("getAgentBinaryDownloadURL", http.MethodGet, "/deepfence/agent-deployment/binary/download-url", "Get agent binary download url", "Get agent binary download url", http.StatusOK, []string{tagSettings}, bearerToken, nil, new(GetAgentBinaryDownloadURLResponse)) + + d.AddOperation("getDeepfenceCommunicationMessages", http.MethodGet, "/deepfence/deepfence-communication/message", + "Get Deepfence communication messages", "Get Deepfence communication messages", + http.StatusOK, []string{tagSettings}, bearerToken, nil, new([]postgresqldb.DeepfenceCommunication)) + d.AddOperation("markDeepfenceCommunicationRead", http.MethodPut, "/deepfence/deepfence-communication/message/{id}/read", + "Mark Deepfence communication message read", "Mark Deepfence communication message read", + http.StatusNoContent, []string{tagSettings}, bearerToken, new(DeepfenceCommunicationID), nil) } func (d *OpenAPIDocs) AddLicenseOperations() { diff --git a/deepfence_server/handler/deepfence_communication.go b/deepfence_server/handler/deepfence_communication.go new file mode 100644 index 0000000000..b73aa427c2 --- /dev/null +++ b/deepfence_server/handler/deepfence_communication.go @@ -0,0 +1,66 @@ +package handler + +import ( + "net/http" + "strconv" + + "github.com/deepfence/ThreatMapper/deepfence_server/model" + "github.com/deepfence/ThreatMapper/deepfence_utils/directory" + "github.com/deepfence/ThreatMapper/deepfence_utils/log" + "github.com/go-chi/chi/v5" + httpext "github.com/go-playground/pkg/v5/net/http" +) + +func (h *Handler) GetDeepfenceCommunication(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + pgClient, err := directory.PostgresClient(ctx) + if err != nil { + log.Error().Msgf("%v", err) + h.respondError(&InternalServerError{err}, w) + return + } + deepfenceCommunication, err := pgClient.GetUnreadDeepfenceCommunication(ctx) + if err != nil { + log.Error().Msgf("%v", err) + h.respondError(&InternalServerError{err}, w) + return + } + err = httpext.JSON(w, http.StatusOK, deepfenceCommunication) + if err != nil { + log.Error().Msgf("%v", err) + } +} + +func (h *Handler) MarkDeepfenceCommunicationAsRead(w http.ResponseWriter, r *http.Request) { + defer r.Body.Close() + messageID, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64) + if err != nil { + log.Error().Msgf("%v", err) + h.respondError(&BadDecoding{err}, w) + return + } + req := model.DeepfenceCommunicationID{ + ID: messageID, + } + err = h.Validator.Struct(req) + if err != nil { + log.Error().Msgf("%v", err) + h.respondError(&ValidatorError{err: err}, w) + return + } + + ctx := r.Context() + pgClient, err := directory.PostgresClient(ctx) + if err != nil { + log.Error().Msgf("%v", err) + h.respondError(&InternalServerError{err}, w) + return + } + err = pgClient.MarkDeepfenceCommunicationRead(ctx, req.ID) + if err != nil { + log.Error().Msgf("%v", err) + h.respondError(err, w) + return + } + w.WriteHeader(http.StatusNoContent) +} diff --git a/deepfence_server/model/setting.go b/deepfence_server/model/setting.go index d6fedf0dc8..175708dedb 100644 --- a/deepfence_server/model/setting.go +++ b/deepfence_server/model/setting.go @@ -17,3 +17,7 @@ type GetAgentBinaryDownloadURLResponse struct { StartAgentScriptDownloadURL string `json:"start_agent_script_download_url"` UninstallAgentScriptDownloadURL string `json:"uninstall_agent_script_download_url"` } + +type DeepfenceCommunicationID struct { + ID int64 `path:"id"` +} diff --git a/deepfence_server/router/router.go b/deepfence_server/router/router.go index 3423141834..d99b123c70 100644 --- a/deepfence_server/router/router.go +++ b/deepfence_server/router/router.go @@ -508,6 +508,11 @@ func SetupRoutes(r *chi.Mux, serverPort string, serveOpenapiDocs bool, ingestC c }) }) + r.Route("/deepfence-communication/message", func(r chi.Router) { + r.Get("/", dfHandler.AuthHandler(ResourceReport, PermissionRead, dfHandler.GetDeepfenceCommunication)) + r.Put("/{id}/read", dfHandler.AuthHandler(ResourceReport, PermissionRead, dfHandler.MarkDeepfenceCommunicationAsRead)) + }) + r.Route("/diagnosis", func(r chi.Router) { r.Get("/notification", dfHandler.AuthHandler(ResourceDiagnosis, PermissionRead, dfHandler.DiagnosticNotification)) r.Post("/console-logs", dfHandler.AuthHandler(ResourceDiagnosis, PermissionGenerate, dfHandler.GenerateConsoleDiagnosticLogs)) diff --git a/deepfence_utils/postgresql/migrate/0008_create_deepfence_communication_table.sql b/deepfence_utils/postgresql/migrate/0008_create_deepfence_communication_table.sql new file mode 100644 index 0000000000..8fdf24cc7c --- /dev/null +++ b/deepfence_utils/postgresql/migrate/0008_create_deepfence_communication_table.sql @@ -0,0 +1,28 @@ +-- +goose Up + +-- +goose StatementBegin +CREATE TABLE public.deepfence_communication +( + id bigint PRIMARY KEY, + title text NOT NULL, + content text NOT NULL, + link text NOT NULL, + link_title text NOT NULL, + button_content text NOT NULL, + read bool DEFAULT FALSE NOT NULL, + created_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL, + updated_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP NOT NULL +); + +CREATE TRIGGER deepfence_communication_updated_at + BEFORE UPDATE + ON deepfence_communication + FOR EACH ROW +EXECUTE PROCEDURE update_modified_column(); +-- +goose StatementEnd + +-- +goose Down + +-- +goose StatementBegin +DROP TABLE IF EXISTS deepfence_communication; +-- +goose StatementEnd diff --git a/deepfence_utils/postgresql/postgresql-db/db.go b/deepfence_utils/postgresql/postgresql-db/db.go index feec0dcef2..a4babd05f9 100644 --- a/deepfence_utils/postgresql/postgresql-db/db.go +++ b/deepfence_utils/postgresql/postgresql-db/db.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.26.0 +// sqlc v1.27.0 package postgresql_db diff --git a/deepfence_utils/postgresql/postgresql-db/models.go b/deepfence_utils/postgresql/postgresql-db/models.go index 3db5456c58..2c6b22c865 100644 --- a/deepfence_utils/postgresql/postgresql-db/models.go +++ b/deepfence_utils/postgresql/postgresql-db/models.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.26.0 +// sqlc v1.27.0 package postgresql_db @@ -56,6 +56,18 @@ type ContainerRegistry struct { UpdatedAt time.Time `json:"updated_at"` } +type DeepfenceCommunication struct { + ID int64 `json:"id"` + Title string `json:"title"` + Content string `json:"content"` + Link string `json:"link"` + LinkTitle string `json:"link_title"` + ButtonContent string `json:"button_content"` + Read bool `json:"read"` + CreatedAt time.Time `json:"created_at"` + UpdatedAt time.Time `json:"updated_at"` +} + type GenerativeAiIntegration struct { ID int32 `json:"id"` IntegrationType string `json:"integration_type"` diff --git a/deepfence_utils/postgresql/postgresql-db/queries.sql.go b/deepfence_utils/postgresql/postgresql-db/queries.sql.go index 533268911e..b3675de628 100644 --- a/deepfence_utils/postgresql/postgresql-db/queries.sql.go +++ b/deepfence_utils/postgresql/postgresql-db/queries.sql.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.26.0 +// sqlc v1.27.0 // source: queries.sql package postgresql_db @@ -1873,7 +1873,7 @@ func (q *Queries) GetIntegrations(ctx context.Context) ([]Integration, error) { const getIntegrationsFromIDs = `-- name: GetIntegrationsFromIDs :many SELECT id, resource, filters, integration_type, interval_minutes, last_sent_time, config, error_msg, created_by_user_id, created_at, updated_at, last_event_updated_at, metrics FROM integration -WHERE id = ANY($1::int[]) +WHERE id = ANY ($1::int[]) ` func (q *Queries) GetIntegrationsFromIDs(ctx context.Context, dollar_1 []int32) ([]Integration, error) { @@ -2309,6 +2309,46 @@ func (q *Queries) GetSettings(ctx context.Context) ([]Setting, error) { return items, nil } +const getUnreadDeepfenceCommunication = `-- name: GetUnreadDeepfenceCommunication :many +SELECT id, title, content, link, link_title, button_content, read, created_at, updated_at +FROM deepfence_communication +WHERE read = false +ORDER BY created_at +` + +func (q *Queries) GetUnreadDeepfenceCommunication(ctx context.Context) ([]DeepfenceCommunication, error) { + rows, err := q.db.QueryContext(ctx, getUnreadDeepfenceCommunication) + if err != nil { + return nil, err + } + defer rows.Close() + var items []DeepfenceCommunication + for rows.Next() { + var i DeepfenceCommunication + if err := rows.Scan( + &i.ID, + &i.Title, + &i.Content, + &i.Link, + &i.LinkTitle, + &i.ButtonContent, + &i.Read, + &i.CreatedAt, + &i.UpdatedAt, + ); err != nil { + return nil, err + } + items = append(items, i) + } + if err := rows.Close(); err != nil { + return nil, err + } + if err := rows.Err(); err != nil { + return nil, err + } + return items, nil +} + const getUser = `-- name: GetUser :one SELECT users.id, users.first_name, @@ -2735,6 +2775,17 @@ func (q *Queries) GetVisibleSettings(ctx context.Context) ([]Setting, error) { return items, nil } +const markDeepfenceCommunicationRead = `-- name: MarkDeepfenceCommunicationRead :exec +UPDATE deepfence_communication +SET read = true +WHERE id = $1 +` + +func (q *Queries) MarkDeepfenceCommunicationRead(ctx context.Context, id int64) error { + _, err := q.db.ExecContext(ctx, markDeepfenceCommunicationRead, id) + return err +} + const setIntegrationMetrics = `-- name: SetIntegrationMetrics :exec UPDATE integration SET metrics = $2 @@ -3111,6 +3162,51 @@ func (q *Queries) UpdateUserInvite(ctx context.Context, arg UpdateUserInvitePara return i, err } +const upsertDeepfenceCommunication = `-- name: UpsertDeepfenceCommunication :one +INSERT INTO deepfence_communication (id, title, content, link, link_title, button_content) +VALUES ($1, $2, $3, $4, $5, $6) +ON CONFLICT (id) DO UPDATE + SET title = $2, + content = $3, + link = $4, + link_title = $5, + button_content = $6 +RETURNING id, title, content, link, link_title, button_content, read, created_at, updated_at +` + +type UpsertDeepfenceCommunicationParams struct { + ID int64 `json:"id"` + Title string `json:"title"` + Content string `json:"content"` + Link string `json:"link"` + LinkTitle string `json:"link_title"` + ButtonContent string `json:"button_content"` +} + +func (q *Queries) UpsertDeepfenceCommunication(ctx context.Context, arg UpsertDeepfenceCommunicationParams) (DeepfenceCommunication, error) { + row := q.db.QueryRowContext(ctx, upsertDeepfenceCommunication, + arg.ID, + arg.Title, + arg.Content, + arg.Link, + arg.LinkTitle, + arg.ButtonContent, + ) + var i DeepfenceCommunication + err := row.Scan( + &i.ID, + &i.Title, + &i.Content, + &i.Link, + &i.LinkTitle, + &i.ButtonContent, + &i.Read, + &i.CreatedAt, + &i.UpdatedAt, + ) + return i, err +} + const upsertLicense = `-- name: UpsertLicense :one INSERT INTO license (license_key, start_date, end_date, no_of_hosts, current_hosts, is_active, license_type, deepfence_support_email, notification_threshold_percentage, registry_credentials, message, diff --git a/deepfence_utils/postgresql/queries.sql b/deepfence_utils/postgresql/queries.sql index 715a7d6736..c86f128508 100644 --- a/deepfence_utils/postgresql/queries.sql +++ b/deepfence_utils/postgresql/queries.sql @@ -628,7 +628,7 @@ LIMIT 1; -- name: GetIntegrationsFromIDs :many SELECT * FROM integration -WHERE id = ANY($1::int[]); +WHERE id = ANY ($1::int[]); -- name: GetIntegrationsFromType :many SELECT * @@ -784,4 +784,26 @@ WHERE id = $1; -- name: GetIntegrationMetrics :one SELECT metrics FROM integration +WHERE id = $1; + +-- name: UpsertDeepfenceCommunication :one +INSERT INTO deepfence_communication (id, title, content, link, link_title, button_content) +VALUES ($1, $2, $3, $4, $5, $6) +ON CONFLICT (id) DO UPDATE + SET title = $2, + content = $3, + link = $4, + link_title = $5, + button_content = $6 +RETURNING *; + +-- name: GetUnreadDeepfenceCommunication :many +SELECT * +FROM deepfence_communication +WHERE read = false +ORDER BY created_at; + +-- name: MarkDeepfenceCommunicationRead :exec +UPDATE deepfence_communication +SET read = true WHERE id = $1; \ No newline at end of file diff --git a/deepfence_utils/threatintel/common.go b/deepfence_utils/threatintel/common.go index 215b9ae170..8177057693 100644 --- a/deepfence_utils/threatintel/common.go +++ b/deepfence_utils/threatintel/common.go @@ -44,8 +44,19 @@ type DBUploadRequest struct { var ErrDatabaseNotFound = errors.New("database type not found") +type DeepfenceCommunicationMessage struct { + Title string `json:"title"` + Content string `json:"content"` + Link string `json:"link"` + LinkTitle string `json:"link_title"` + ButtonContent string `json:"button_content"` + ID int64 `json:"id"` + UpdatedAt int64 `json:"updated_at"` +} + type Listing struct { - Available map[string][]Entry `json:"available"` + Available map[string][]Entry `json:"available"` + Messages []DeepfenceCommunicationMessage `json:"messages"` } type Entry struct { diff --git a/deepfence_utils/threatintel/coms.go b/deepfence_utils/threatintel/coms.go deleted file mode 100644 index 0c0e425222..0000000000 --- a/deepfence_utils/threatintel/coms.go +++ /dev/null @@ -1,47 +0,0 @@ -package threatintel - -import ( - "encoding/json" - "errors" - "io" - "net/http" -) - -type Message struct { - ID int `json:"id"` - Content string `json:"content"` - UpdatedAt int64 `json:"updated_at"` -} - -type Coms struct { - UpdatedAt int64 `json:"updated_at"` - Messages []Message `json:"messages"` -} - -const comsURL = "https://deepfence-coms.s3.us-east-2.amazonaws.com/ThreatMapper/coms.json" - -func GetCommunicationMessages() (Coms, error) { - - resp, err := http.Get(comsURL) - if err != nil { - return Coms{}, err - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - return Coms{}, errors.New("Failed reaching data") - } - - body, err := io.ReadAll(resp.Body) - if err != nil { - return Coms{}, err - } - - var data Coms - err = json.Unmarshal(body, &data) - if err != nil { - return Coms{}, err - } - - return data, nil -} diff --git a/deepfence_utils/threatintel/deepfence_communication.go b/deepfence_utils/threatintel/deepfence_communication.go new file mode 100644 index 0000000000..8075ce659a --- /dev/null +++ b/deepfence_utils/threatintel/deepfence_communication.go @@ -0,0 +1,35 @@ +package threatintel + +import ( + "context" + + "github.com/deepfence/ThreatMapper/deepfence_utils/directory" + "github.com/deepfence/ThreatMapper/deepfence_utils/log" + postgresql_db "github.com/deepfence/ThreatMapper/deepfence_utils/postgresql/postgresql-db" +) + +func UpdateDeepfenceCommunication(ctx context.Context, messages []DeepfenceCommunicationMessage) error { + + pgClient, err := directory.PostgresClient(ctx) + if err != nil { + log.Error().Err(err).Msg("failed to get db connection") + return err + } + + for _, message := range messages { + _, err = pgClient.UpsertDeepfenceCommunication(ctx, postgresql_db.UpsertDeepfenceCommunicationParams{ + ID: message.ID, + Title: message.Title, + Content: message.Content, + Link: message.Link, + LinkTitle: message.LinkTitle, + ButtonContent: message.ButtonContent, + }) + if err != nil { + log.Error().Err(err).Msg("failed to update Deepfence communication") + continue + } + } + + return nil +} diff --git a/deepfence_worker/cronjobs/license.go b/deepfence_worker/cronjobs/license.go index 3180ca1a14..f063c9e296 100644 --- a/deepfence_worker/cronjobs/license.go +++ b/deepfence_worker/cronjobs/license.go @@ -16,6 +16,7 @@ import ( "github.com/deepfence/ThreatMapper/deepfence_utils/log" "github.com/deepfence/ThreatMapper/deepfence_utils/setting" "github.com/deepfence/ThreatMapper/deepfence_utils/utils" + wutils "github.com/deepfence/ThreatMapper/deepfence_worker/utils" "github.com/hibiken/asynq" "github.com/neo4j/neo4j-go-driver/v5/neo4j" ) @@ -58,6 +59,7 @@ func PublishLicenseUsageToLicenseServer(ctx context.Context, task *asynq.Task) e type ReportLicensePayload struct { LicenseKey string `json:"license_key"` + ConsoleVersion string `json:"console_version"` DfClusterID int64 `json:"df_cluster_id"` CurrentNumberOfHosts int64 `json:"current_no_of_hosts"` CurrentNumberOfCloudAccounts int64 `json:"current_no_of_cloud_accounts"` @@ -120,6 +122,7 @@ func publishLicenseUsageToLicenseServer(ctx context.Context) error { reportLicensePayload := ReportLicensePayload{ LicenseKey: license.LicenseKey, + ConsoleVersion: wutils.Version, DfClusterID: consoleID, CurrentNumberOfHosts: activeAgentNodes, CurrentNumberOfCloudAccounts: 0, diff --git a/deepfence_worker/cronjobs/rules_fetcher.go b/deepfence_worker/cronjobs/rules_fetcher.go index 8349e720e6..5c281b0d97 100644 --- a/deepfence_worker/cronjobs/rules_fetcher.go +++ b/deepfence_worker/cronjobs/rules_fetcher.go @@ -130,6 +130,11 @@ func FetchThreatIntel(ctx context.Context, task *asynq.Task) error { var wg conc.WaitGroup var errs []error + if err := threatintel.UpdateDeepfenceCommunication(ctx, listing.Messages); err != nil { + log.Error().Err(err).Msg("failed to update Deepfence communication") + errs = append(errs, err) + } + // download vulnerability db vulnDBInfo, err := listing.GetLatest(wutils.Version, threatintel.DBTypeVulnerability) if err != nil { diff --git a/deployment-scripts/docker-compose.yml b/deployment-scripts/docker-compose.yml index b94d3261a3..7f3a8b1c69 100644 --- a/deployment-scripts/docker-compose.yml +++ b/deployment-scripts/docker-compose.yml @@ -58,7 +58,7 @@ services: deepfence-postgres: container_name: deepfence-postgres - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_postgres_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_postgres_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 restart: unless-stopped @@ -73,7 +73,7 @@ services: deepfence-redis: container_name: deepfence-redis - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_redis_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_redis_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 restart: unless-stopped @@ -88,7 +88,7 @@ services: deepfence-neo4j: container_name: deepfence-neo4j - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_neo4j_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_neo4j_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 @@ -119,7 +119,7 @@ services: deepfence-console-agent: container_name: deepfence-console-agent - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_agent_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_agent_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 deploy: @@ -152,7 +152,7 @@ services: deepfence-router: container_name: deepfence-router - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_router_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_router_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 networks: @@ -174,7 +174,7 @@ services: # this service can be commented in case S3 or external file server is used deepfence-file-server: container_name: deepfence-file-server - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_file_server_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_file_server_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 networks: @@ -196,7 +196,7 @@ services: deepfence-server: container_name: deepfence-server - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_server_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_server_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 tmpfs: @@ -226,7 +226,7 @@ services: deepfence-worker: container_name: deepfence-worker - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 restart: unless-stopped @@ -248,7 +248,7 @@ services: # deepfence-worker-2: # container_name: deepfence-worker-2 - # image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.2} + # image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.3} # ulimits: # core: 0 # restart: unless-stopped @@ -269,7 +269,7 @@ services: # deepfence-worker-3: # container_name: deepfence-worker-3 - # image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.2} + # image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.3} # ulimits: # core: 0 # restart: unless-stopped @@ -290,7 +290,7 @@ services: deepfence-scheduler: container_name: deepfence-scheduler - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 restart: unless-stopped @@ -312,7 +312,7 @@ services: deepfence-ui: container_name: deepfence-ui - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_ui_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_ui_ce:${DF_IMG_TAG:-2.5.3} ulimits: core: 0 networks: @@ -326,7 +326,7 @@ services: max-size: "100m" deepfence-kafka-broker: - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_kafka_broker_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_kafka_broker_ce:${DF_IMG_TAG:-2.5.3} hostname: deepfence-kafka-broker container_name: deepfence-kafka-broker # environment: @@ -345,7 +345,7 @@ services: restart: unless-stopped deepfence-ingester: - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_worker_ce:${DF_IMG_TAG:-2.5.3} hostname: deepfence-ingester container_name: deepfence-ingester ports: @@ -364,7 +364,7 @@ services: restart: unless-stopped deepfence-telemetry: - image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_telemetry_ce:${DF_IMG_TAG:-2.5.2} + image: ${IMAGE_REPOSITORY:-quay.io/deepfenceio}/deepfence_telemetry_ce:${DF_IMG_TAG:-2.5.3} hostname: deepfence-telemetry container_name: deepfence-telemetry ports: diff --git a/deployment-scripts/helm-charts/deepfence-agent/Chart.yaml b/deployment-scripts/helm-charts/deepfence-agent/Chart.yaml index 4c02ab7d55..e20746fc6e 100644 --- a/deployment-scripts/helm-charts/deepfence-agent/Chart.yaml +++ b/deployment-scripts/helm-charts/deepfence-agent/Chart.yaml @@ -15,9 +15,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.5.2 +version: 2.5.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 2.5.2 \ No newline at end of file +appVersion: 2.5.3 \ No newline at end of file diff --git a/deployment-scripts/helm-charts/deepfence-agent/values.yaml b/deployment-scripts/helm-charts/deepfence-agent/values.yaml index b2db2fe4e8..2e2b325ef8 100644 --- a/deployment-scripts/helm-charts/deepfence-agent/values.yaml +++ b/deployment-scripts/helm-charts/deepfence-agent/values.yaml @@ -11,7 +11,7 @@ commonLabels: {} global: # this image tag is used everywhere for agents # to override set tag at agents level - imageTag: 2.5.2 + imageTag: 2.5.3 imagePullSecret: # Specifies whether image pull secret should be created @@ -28,7 +28,7 @@ imagePullSecret: agent: image: name: quay.io/deepfenceio/deepfence_agent_ce - # tag: 2.5.2 + # tag: 2.5.3 pullPolicy: Always affinity: {} podLabels: {} @@ -52,7 +52,7 @@ agent: cluster_agent: image: name: quay.io/deepfenceio/deepfence_cluster_agent_ce - # tag: 2.5.2 + # tag: 2.5.3 pullPolicy: Always affinity: {} podLabels: {} diff --git a/deployment-scripts/helm-charts/deepfence-console/Chart.yaml b/deployment-scripts/helm-charts/deepfence-console/Chart.yaml index 69d719c233..85b8283152 100644 --- a/deployment-scripts/helm-charts/deepfence-console/Chart.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: deepfence-console description: A Helm chart for Kubernetes type: application -version: 2.5.2 -appVersion: 2.5.2 +version: 2.5.3 +appVersion: 2.5.3 diff --git a/deployment-scripts/helm-charts/deepfence-console/values.yaml b/deployment-scripts/helm-charts/deepfence-console/values.yaml index 16e734b587..6992b7d25f 100644 --- a/deployment-scripts/helm-charts/deepfence-console/values.yaml +++ b/deployment-scripts/helm-charts/deepfence-console/values.yaml @@ -16,7 +16,7 @@ global: # imageRepoPrefix: "docker.io" # this image tag is used everywhere for console services # to override set tag at service level - imageTag: 2.5.2 + imageTag: 2.5.3 storageClass: "" # used in service name generation # ..svc. @@ -64,7 +64,7 @@ kafka: repository: deepfenceio/deepfence_kafka_broker_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 config: # required, recommended to generate new UUID using kafka-storage tool STORAGE_UUID: hNQ55qppT5GGybF52ZGlOQ @@ -102,7 +102,7 @@ postgres: repository: deepfenceio/deepfence_postgres_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 storageClass: "" volumeSize: 50G resources: @@ -131,7 +131,7 @@ redis: repository: deepfenceio/deepfence_redis_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 storageClass: "" volumeSize: 30G resources: @@ -170,7 +170,7 @@ fileserver: repository: deepfenceio/deepfence_file_server_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 storageClass: "" volumeSize: 100G resources: @@ -231,7 +231,7 @@ neo4j: image: repository: deepfenceio/deepfence_neo4j_ce pullPolicy: Always - # tag: 2.5.2 + # tag: 2.5.3 storageClass: "" volumeSize: 100G resources: @@ -293,7 +293,7 @@ router: repository: deepfenceio/deepfence_router_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 forceHttpsRedirect: true podAnnotations: {} podSecurityContext: {} @@ -356,7 +356,7 @@ server: repository: deepfenceio/deepfence_server_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 podAnnotations: {} podSecurityContext: {} securityContext: {} @@ -388,7 +388,7 @@ worker: repository: deepfenceio/deepfence_worker_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 podAnnotations: {} podSecurityContext: {} securityContext: {} @@ -426,7 +426,7 @@ ingester: repository: deepfenceio/deepfence_worker_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 podAnnotations: {} podSecurityContext: {} securityContext: {} @@ -456,7 +456,7 @@ scheduler: repository: deepfenceio/deepfence_worker_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 service: type: ClusterIP port: 8080 @@ -481,7 +481,7 @@ ui: repository: deepfenceio/deepfence_ui_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 service: type: ClusterIP port: 8081 @@ -531,7 +531,7 @@ console_agents: repository: deepfenceio/deepfence_agent_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 resources: requests: cpu: 150m @@ -555,7 +555,7 @@ console_agents: repository: deepfenceio/deepfence_cluster_agent_ce pullPolicy: Always # Overrides the image tag whose default is .global.imageTag - # tag: 2.5.2 + # tag: 2.5.3 resources: requests: cpu: 25m diff --git a/deployment-scripts/helm-charts/deepfence-router/Chart.yaml b/deployment-scripts/helm-charts/deepfence-router/Chart.yaml index ee593c80c0..1edb785e4c 100644 --- a/deployment-scripts/helm-charts/deepfence-router/Chart.yaml +++ b/deployment-scripts/helm-charts/deepfence-router/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 description: Deepfence Router - Helm chart for Kubernetes name: deepfence-router type: application -appVersion: 2.5.2 -version: 2.5.2 +appVersion: 2.5.3 +version: 2.5.3 diff --git a/deployment-scripts/helm-charts/index.yaml b/deployment-scripts/helm-charts/index.yaml index cba3fbdbb3..e9a4e9c6b6 100644 --- a/deployment-scripts/helm-charts/index.yaml +++ b/deployment-scripts/helm-charts/index.yaml @@ -1,6 +1,16 @@ apiVersion: v1 entries: deepfence-agent: + - apiVersion: v2 + appVersion: 2.5.3 + created: "2025-01-20T19:20:04.239075+05:30" + description: Deepfence Agent - Helm chart for Kubernetes + digest: fb7150d4c103425a4f9da805738e6b20011a00f68dbf4e0a5dffd18ce6743bb8 + name: deepfence-agent + type: application + urls: + - deepfence-agent-2.5.3.tgz + version: 2.5.3 - apiVersion: v2 appVersion: 2.5.2 created: "2024-12-20T14:56:16.973936+05:30" @@ -342,6 +352,16 @@ entries: - deepfence-agent-1.0.0.tgz version: 1.0.0 deepfence-console: + - apiVersion: v2 + appVersion: 2.5.3 + created: "2025-01-20T19:20:04.241181+05:30" + description: A Helm chart for Kubernetes + digest: e095f10bedb1d82ca5dc70a5ad8dcc4f5e5d3a9b8353ac701b625aa7686026a8 + name: deepfence-console + type: application + urls: + - deepfence-console-2.5.3.tgz + version: 2.5.3 - apiVersion: v2 appVersion: 2.5.2 created: "2024-12-20T14:56:16.975201+05:30" @@ -693,6 +713,16 @@ entries: - deepfence-console-1.0.0.tgz version: 1.0.0 deepfence-router: + - apiVersion: v2 + appVersion: 2.5.3 + created: "2025-01-20T19:20:04.241739+05:30" + description: Deepfence Router - Helm chart for Kubernetes + digest: d738846f774b14e24f91eb0d1d5168d4b98b17e87585a3e52ceb9950fd111b71 + name: deepfence-router + type: application + urls: + - deepfence-router-2.5.3.tgz + version: 2.5.3 - apiVersion: v2 appVersion: 2.5.2 created: "2024-12-20T14:56:16.97551+05:30" @@ -923,4 +953,4 @@ entries: urls: - deepfence-router-1.0.0.tgz version: 1.0.0 -generated: "2024-12-20T14:56:16.973133+05:30" +generated: "2025-01-20T19:20:04.238471+05:30" diff --git a/deployment-scripts/start-agent.sh b/deployment-scripts/start-agent.sh index 8f1ec5a4c4..3095cb17ad 100755 --- a/deployment-scripts/start-agent.sh +++ b/deployment-scripts/start-agent.sh @@ -124,7 +124,7 @@ start_agent() { -e http_proxy="$MGMT_CONSOLE_HTTP_PROXY" \ -e https_proxy="$MGMT_CONSOLE_HTTPS_PROXY" \ -e no_proxy="$NO_PROXY" \ - "$IMAGE_REPOSITORY"/deepfence_agent_ce:"${DF_IMG_TAG:-2.5.2}" + "$IMAGE_REPOSITORY"/deepfence_agent_ce:"${DF_IMG_TAG:-2.5.3}" } main() { diff --git a/deployment-scripts/start-podman-agent.sh b/deployment-scripts/start-podman-agent.sh index 175f08fe3a..5d6c3da8a9 100755 --- a/deployment-scripts/start-podman-agent.sh +++ b/deployment-scripts/start-podman-agent.sh @@ -124,7 +124,7 @@ start_agent() { -e http_proxy="$MGMT_CONSOLE_HTTP_PROXY" \ -e https_proxy="$MGMT_CONSOLE_HTTPS_PROXY" \ -e no_proxy="$NO_PROXY" \ - "$IMAGE_REPOSITORY"/deepfence_agent_ce:"${DF_IMG_TAG:-2.5.2}" + "$IMAGE_REPOSITORY"/deepfence_agent_ce:"${DF_IMG_TAG:-2.5.3}" } main() { diff --git a/install.sh b/install.sh index b88b93b832..c7cdb43c0b 100755 --- a/install.sh +++ b/install.sh @@ -12,7 +12,7 @@ CROSS="${RED}✘${NC}" INFO="${BLUE}ℹ${NC}" # Default values -DEFAULT_IMAGE_TAG="2.5.2" +DEFAULT_IMAGE_TAG="2.5.3" DEFAULT_STORAGE_CLASS="" # Auto-generate default Neo4j password DEFAULT_NEO4J_PASSWORD=$(openssl rand -base64 12 | tr -dc 'a-zA-Z0-9' | head -c 12)