diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml
index c20a90d56..81b6addd5 100644
--- a/charts/cluster-scanner/Chart.yaml
+++ b/charts/cluster-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner
type: application
-version: 0.8.4
+version: 0.8.5
appVersion: "0.1.0"
home: https://www.sysdig.com/
diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md
index cc0d448db..cec04e54f 100644
--- a/charts/cluster-scanner/README.md
+++ b/charts/cluster-scanner/README.md
@@ -25,7 +25,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.8.4 \
+ --create-namespace -n sysdig --version=0.8.5 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.8.4 \
+ --create-namespace -n sysdig --version=0.8.5 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -107,6 +107,7 @@ The following table lists the configurable parameters of the `cluster-scanner` c
| replicaCount | | 2 |
| scannerMode | The scannerMode of the Cluster Scanner. Supported values are `local` or `multi`. Please refer to docs.sysdig.com for further documentation. | "local" |
| sslVerifyCertificate | Optional parameter used to check the compatibility of cluster-scanner component versions with the on-premised backend version. If you are running an on-prem version of the Sysdig backend, you MUST set this parameter with the version of Sysdig backend you are using. If you are runinng on SaaS, do NOT provide this parameter. E.g. if `onPremCompatibilityVersion=6.2`, we ensure that the image tag is < 0.5.0 for both the Runtime Status Integrator and the Image SBOM Extractor. onPremCompatibilityVersion: "6.2" Can be set to false to allow insecure connections to the Sysdig backend, such as for on-premise installs that use self-signed certificates. By default, certificates are always verified. | true |
+| sslVerifyRegistryCertificate | Can be set to false to allow insecure connections registries, Such as for registries with self-signed or private certificates. By default, certificates are always verified. | true |
| runtimeStatusIntegrator.image.registry | The image registry to use for the Runtime Status Integrator component of Cluster Scanner | quay.io |
| runtimeStatusIntegrator.image.repository | The image repository to use for pulling the Runtime Status Integrator image | sysdig/runtime-status-integrator |
| runtimeStatusIntegrator.image.tag | | "0.5.3" |
@@ -161,7 +162,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.8.4 \
+ --create-namespace -n sysdig --version=0.8.5 \
--set global.sysdig.region="us1"
```
@@ -170,7 +171,7 @@ installing the chart. For example:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.8.4 \
+ --create-namespace -n sysdig --version=0.8.5 \
--values values.yaml
```
diff --git a/charts/cluster-scanner/templates/configmap.yaml b/charts/cluster-scanner/templates/configmap.yaml
index 84bafc55b..07b3c4ab4 100644
--- a/charts/cluster-scanner/templates/configmap.yaml
+++ b/charts/cluster-scanner/templates/configmap.yaml
@@ -12,6 +12,7 @@ data:
sysdig_host: https://{{ include "cluster-scanner.apiHost" . }}
{{ end -}}
sysdig_verify_certificate: {{ .Values.sslVerifyCertificate | quote }}
+ sysdig_verify_registry_certificate: {{ .Values.sslVerifyRegistryCertificate | quote }}
cluster_name: {{ .Values.global.clusterConfig.name }}
root_namespace: {{ .Values.rootNamespace }}
eve_enabled: {{ .Values.eveEnabled | quote }}
diff --git a/charts/cluster-scanner/templates/deployment.yaml b/charts/cluster-scanner/templates/deployment.yaml
index 2c3806913..e023b9591 100644
--- a/charts/cluster-scanner/templates/deployment.yaml
+++ b/charts/cluster-scanner/templates/deployment.yaml
@@ -394,6 +394,12 @@ spec:
name: {{ include "cluster-scanner.fullname" . }}
key: sysdig_verify_certificate
optional: true
+ - name: REGISTRY_VERIFY_CERTIFICATE
+ valueFrom:
+ configMapKeyRef:
+ name: {{ include "cluster-scanner.fullname" . }}
+ key: sysdig_verify_registry_certificate
+ optional: true
- name: NATS_URL
valueFrom:
configMapKeyRef:
diff --git a/charts/cluster-scanner/values.yaml b/charts/cluster-scanner/values.yaml
index e2b18bc98..fd6d22b0e 100644
--- a/charts/cluster-scanner/values.yaml
+++ b/charts/cluster-scanner/values.yaml
@@ -96,6 +96,10 @@ scannerMode: "local"
# By default, certificates are always verified.
sslVerifyCertificate: true
+# Can be set to false to allow insecure connections registries,
+# Such as for registries with self-signed or private certificates.
+# By default, certificates are always verified.
+sslVerifyRegistryCertificate: true
runtimeStatusIntegrator:
image:
# The image registry to use for the Runtime Status Integrator component of
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index f075a2400..3777ae502 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
-version: 1.32.0
+version: 1.32.1
maintainers:
- name: AlbertoBarba
email: alberto.barba@sysdig.com
@@ -42,7 +42,7 @@ dependencies:
- name: cluster-scanner
# repository: https://charts.sysdig.com
repository: file://../cluster-scanner
- version: ~0.8.4
+ version: ~0.8.5
alias: clusterScanner
condition: clusterScanner.enabled
- name: kspm-collector