chore: Update deployment descriptors (#438)

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
aquasecurity · Mar 18, 2021 · 27d0ccc · 27d0ccc
1 parent c4c4289
commit 27d0ccc
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 20 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -66,11 +66,11 @@ These guidelines will help you get started with the Starboard project.
 
 ## Build Binaries
 
-| Binary                   | Image                                      | Description                                                   |
-| ------------------------ | ------------------------------------------ |  ------------------------------------------------------------ |
-| `starboard`              | `docker.io/aquasec/starboard:dev`          | Starboard command-line interface                              |
-| `starboard-operator`     | `docker.io/aquasec/starboard-operator:dev` | Starboard Operator                                            |
-| `starboard-scanner-aqua` | `docker.io/aquasec/starboard-scanner-aqua` | Starboard plugin to integrate with Aqua vulnerability scanner |
+| Binary                   | Image                                          | Description                                                   |
+| ------------------------ | ---------------------------------------------- |  ------------------------------------------------------------ |
+| `starboard`              | `docker.io/aquasec/starboard:dev`              | Starboard command-line interface                              |
+| `starboard-operator`     | `docker.io/aquasec/starboard-operator:dev`     | Starboard Operator                                            |
+| `starboard-scanner-aqua` | `docker.io/aquasec/starboard-scanner-aqua:dev` | Starboard plugin to integrate with Aqua vulnerability scanner |
 
 To build all Starboard binaries, run:
 
@@ -182,14 +182,14 @@ started with a basic development workflow. For other install modes see [Operator
 1. Send custom resource definitions to the Kubernetes API:
 
    ```
-   $ kubectl apply -f deploy/crd/vulnerabilityreports.crd.yaml \
+   $ kubectl create -f deploy/crd/vulnerabilityreports.crd.yaml \
        -f deploy/crd/configauditreports.crd.yaml \
        -f deploy/crd/ciskubebenchreports.crd.yaml
    ```
 2. Send the following Kubernetes objects definitions to the Kubernetes API:
 
    ```
-   $ kubectl apply -f deploy/static/01-starboard-operator.ns.yaml \
+   $ kubectl create -f deploy/static/01-starboard-operator.ns.yaml \
        -f deploy/static/02-starboard-operator.sa.yaml \
        -f deploy/static/03-starboard-operator.clusterrole.yaml \
        -f deploy/static/04-starboard-operator.clusterrolebinding.yaml
@@ -209,7 +209,7 @@ started with a basic development workflow. For other install modes see [Operator
 1. Create the `starboard-operator` Deployment in the `starboard-operator` namespace to run the operator's container:
 
    ```
-   $ kubectl apply -f deploy/static/06-starboard-operator.deployment.yaml
+   $ kubectl create -f deploy/static/06-starboard-operator.deployment.yaml
    ```
 
 ### Out of cluster

diff --git a/deploy/helm/templates/rbac.yaml b/deploy/helm/templates/rbac.yaml
@@ -30,8 +30,9 @@ rules:
   - apiGroups:
       - ""
     resources:
-      - "pods"
-      - "pods/log"
+      - pods
+      - pods/log
+      - replicationcontrollers
     verbs:
       - get
       - list

diff --git a/deploy/static/03-starboard-operator.clusterrole.yaml b/deploy/static/03-starboard-operator.clusterrole.yaml
@@ -8,8 +8,9 @@ rules:
   - apiGroups:
       - ""
     resources:
-      - "pods"
-      - "pods/log"
+      - pods
+      - pods/log
+      - replicationcontrollers
     verbs:
       - get
       - list

diff --git a/pkg/operator/controller/ciskubebenchreport.go b/pkg/operator/controller/ciskubebenchreport.go
@@ -103,10 +103,10 @@ func (r *CISKubeBenchReportReconciler) reconcileNodes() reconcile.Func {
 		if err != nil {
 			return ctrl.Result{}, err
 		}
-		log.Info("Checking scan jobs limit", "count", jobsCount, "limit", r.ConcurrentScanJobsLimit)
+		log.V(1).Info("Checking scan jobs limit", "count", jobsCount, "limit", r.ConcurrentScanJobsLimit)
 
 		if limitExceeded {
-			log.Info("Pushing back scan job", "count", jobsCount, "retryAfter", r.ScanJobRetryAfter)
+			log.V(1).Info("Pushing back scan job", "count", jobsCount, "retryAfter", r.ScanJobRetryAfter)
 			return ctrl.Result{RequeueAfter: r.Config.ScanJobRetryAfter}, nil
 		}
 

diff --git a/pkg/operator/controller/configauditreport.go b/pkg/operator/controller/configauditreport.go
@@ -12,7 +12,6 @@ import (
 	"github.com/go-logr/logr"
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
-	batchv1beta1 "k8s.io/api/batch/v1beta1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -46,7 +45,6 @@ var (
 		{kind: kube.KindReplicationController, forObject: &corev1.ReplicationController{}, ownsObject: &v1alpha1.ConfigAuditReport{}},
 		{kind: kube.KindStatefulSet, forObject: &appsv1.StatefulSet{}, ownsObject: &v1alpha1.ConfigAuditReport{}},
 		{kind: kube.KindDaemonSet, forObject: &appsv1.DaemonSet{}, ownsObject: &v1alpha1.ConfigAuditReport{}},
-		{kind: kube.KindCronJob, forObject: &batchv1beta1.CronJob{}, ownsObject: &v1alpha1.ConfigAuditReport{}},
 		{kind: kube.KindJob, forObject: &batchv1.Job{}, ownsObject: &v1alpha1.ConfigAuditReport{}},
 	}
 )
@@ -146,10 +144,10 @@ func (r *ConfigAuditReportReconciler) reconcileWorkload(workloadKind kube.Kind)
 		if err != nil {
 			return ctrl.Result{}, err
 		}
-		log.Info("Checking scan jobs limit", "count", scanJobsCount, "limit", r.ConcurrentScanJobsLimit)
+		log.V(1).Info("Checking scan jobs limit", "count", scanJobsCount, "limit", r.ConcurrentScanJobsLimit)
 
 		if limitExceeded {
-			log.Info("Pushing back scan job", "count", scanJobsCount, "retryAfter", r.ScanJobRetryAfter)
+			log.V(1).Info("Pushing back scan job", "count", scanJobsCount, "retryAfter", r.ScanJobRetryAfter)
 			return ctrl.Result{RequeueAfter: r.Config.ScanJobRetryAfter}, nil
 		}
 

diff --git a/pkg/operator/controller/vulnerabilityreport.go b/pkg/operator/controller/vulnerabilityreport.go
@@ -112,10 +112,10 @@ func (r *VulnerabilityReportReconciler) reconcilePods() reconcile.Func {
 		if err != nil {
 			return ctrl.Result{}, err
 		}
-		log.Info("Checking scan jobs limit", "count", scanJobsCount, "limit", r.ConcurrentScanJobsLimit)
+		log.V(1).Info("Checking scan jobs limit", "count", scanJobsCount, "limit", r.ConcurrentScanJobsLimit)
 
 		if limitExceeded {
-			log.Info("Pushing back scan job", "count", scanJobsCount, "retryAfter", r.ScanJobRetryAfter)
+			log.V(1).Info("Pushing back scan job", "count", scanJobsCount, "retryAfter", r.ScanJobRetryAfter)
 			return ctrl.Result{RequeueAfter: r.Config.ScanJobRetryAfter}, nil
 		}