bump to 4.5.20069 and new env for encorcer (#12)

giantswarm · Mar 12, 2020 · 57566ca · 57566ca
1 parent 4013572
commit 57566ca
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 24 deletions.
diff --git a/helm/aqua-app-enforcer/templates/enforcer-daemonset.yaml b/helm/aqua-app-enforcer/templates/enforcer-daemonset.yaml
@@ -84,6 +84,8 @@ spec:
           value: "{{ .Values.runcInterception }}"
         - name: SENDING_HOST_IMAGES_DISABLED
           value: "{{ .Values.sendingHostImagesDisables }}"
+        - name: AQUA_ENFORCER_SCANNING_MEMORY_LIMIT
+          value: "{{ .Values.scanningMemoryLimit }}"
         volumeMounts:
         - mountPath: /var/run
           name: var-run

diff --git a/helm/aqua-app-enforcer/values.yaml b/helm/aqua-app-enforcer/values.yaml
@@ -1,18 +1,20 @@
 imageCredentials:
   name: giantswarm-partner-aqua-pull-secret
-  repositoryUriPrefix: "quay.io" 
+  repositoryUriPrefix: "quay.io"
 
 enforcerToken: ""
 
 enforcerTokenSecretName: null
 enforcerTokenSecretKey: null
-enforcerLogicalName: 
+enforcerLogicalName:
 
 privileged: true
 
-runcInterception: true 
+runcInterception: true
 sendingHostImagesDisables: false
 
+scanningMemoryLimit: 500
+
 rbac:
   enabled: true
   roleRef:
@@ -23,12 +25,13 @@ gate:
 
 image:
   repository: giantswarm/aqua-enforcer
-  tag: "4.5"
+  tag: "4.5.20069"
   pullPolicy: IfNotPresent
 
 livenessProbe: {}
 readinessProbe: {}
-resources: {}
+resources:
+  {}
   # limits:
   #   memory: 128Mi
   # requests:

diff --git a/helm/aqua-app-scanner/values.yaml b/helm/aqua-app-scanner/values.yaml
@@ -1,19 +1,19 @@
 imageCredentials:
   name: giantswarm-partner-aqua-pull-secret
-  repositoryUriPrefix: "quay.io" 
+  repositoryUriPrefix: "quay.io"
 
 rbac:
   enabled: true
   roleRef:
-  
+
 serviceAccount: "server-sa"
 server:
   serviceName: "server-console-svc" # example
   port: 8080
 
 image:
   repository: giantswarm/aqua-scanner
-  tag: "4.5"
+  tag: 4.5.20069
   pullPolicy: IfNotPresent
 
 user:
@@ -24,7 +24,8 @@ passwordKey: null
 replicaCount: 1
 livenessProbe: {}
 readinessProbe: {}
-resources: {}
+resources:
+  {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following

diff --git a/helm/aqua-app-server/values.yaml b/helm/aqua-app-server/values.yaml
@@ -1,7 +1,7 @@
 # Specifies the secret data for imagePullSecrets needed to fetch the private docker images
 imageCredentials:
   name: giantswarm-partner-aqua-pull-secret
-  repositoryUriPrefix: "quay.io" 
+  repositoryUriPrefix: "quay.io"
 
 rbac:
   enabled: true
@@ -41,7 +41,7 @@ db:
   auditssl: false
   image:
     repository: giantswarm/aqua-database
-    tag: "4.5"
+    tag: 4.5.20069
     pullPolicy: IfNotPresent
   service:
     type: ClusterIP
@@ -53,18 +53,18 @@ db:
   livenessProbe:
     exec:
       command:
-      - sh
-      - -c
-      - exec pg_isready --host $POD_IP
+        - sh
+        - -c
+        - exec pg_isready --host $POD_IP
     initialDelaySeconds: 60
     timeoutSeconds: 5
     failureThreshold: 6
   readinessProbe:
     exec:
       command:
-      - sh
-      - -c
-      - exec pg_isready --host $POD_IP
+        - sh
+        - -c
+        - exec pg_isready --host $POD_IP
     initialDelaySeconds: 5
     timeoutSeconds: 3
     periodSeconds: 5
@@ -82,19 +82,20 @@ db:
 gate:
   image:
     repository: giantswarm/aqua-gateway
-    tag: "4.5"
+    tag: 4.5.20069
     pullPolicy: IfNotPresent
   service:
     type: ClusterIP
     externalPort: 3622
-    loadBalancerSourceRanges: []
+    loadBalancerSourceRanges:
+      []
       # - 10.0.0.0/8
-      # - 172.19.0.0/16 
+      # - 172.19.0.0/16
   publicIP: aqua-gateway
   replicaCount: 1
   ingress:
     enabled: false
-    annotations: 
+    annotations:
       kubernetes.io/ingress.class: nginx
     hosts: #REQUIRED
     #- aquasec-test.example.com
@@ -118,15 +119,15 @@ gate:
 web:
   image:
     repository: giantswarm/aqua-console
-    tag: "4.5"
+    tag: 4.5.20069
     pullPolicy: IfNotPresent
   service:
     type: ClusterIP
     externalPort: 8080
   encryptionKey:
   ingress:
     enabled: false
-    annotations: 
+    annotations:
       kubernetes.io/ingress.class: nginx
     hosts: #REQUIRED
     #- aquasec-test.example.com
@@ -160,7 +161,7 @@ scanner:
   enabled: false
   image:
     repository: giantswarm/aqua-scanner
-    tag: "4.5"
+    tag: 4.5.20069
     pullPolicy: IfNotPresent
   user:
   password: