diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml index ae041e86f..de98465d2 100644 --- a/charts/node-analyzer/Chart.yaml +++ b/charts/node-analyzer/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: node-analyzer description: Sysdig Node Analyzer # currently matching Sysdig's appVersion 1.14.34 -version: 1.35.9 +version: 1.35.10 appVersion: 12.9.2 keywords: - monitoring diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md index c6c2a789e..2a40ac030 100644 --- a/charts/node-analyzer/README.md +++ b/charts/node-analyzer/README.md @@ -156,7 +156,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.imageAnalyzer.resources.requests.memory` | Specifies the Node Image Analyzer Memory requests per node. | `512Mi` | | `nodeAnalyzer.imageAnalyzer.resources.limits.cpu` | Specifies the Node Image Analyzer CPU limit per node. | `500m` | | `nodeAnalyzer.imageAnalyzer.resources.limits.memory` | Specifies the Node Image Analyzer Memory limit per node. | `1536Mi` | -| `nodeAnalyzer.imageAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | +| `nodeAnalyzer.imageAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | | `nodeAnalyzer.imageAnalyzer.env` | Specifies the Extra environment variables that will be passed onto pods. | `{}` | | `nodeAnalyzer.hostAnalyzer.deploy` | Deploys the Host Analyzer. | `true` | | `nodeAnalyzer.hostAnalyzer.image.repository` | Specifies the image repository to pull the Host Analyzer from. | `sysdig/host-analyzer` | @@ -173,7 +173,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.hostAnalyzer.resources.requests.memory` | Specifies the Host Analyzer Memory requests per node. | `512Mi` | | `nodeAnalyzer.hostAnalyzer.resources.limits.cpu` | Specifies the Host Analyzer CPU limit per node. | `500m` | | `nodeAnalyzer.hostAnalyzer.resources.limits.memory` | Specifies the Host Analyzer memory limit per node. | `1536Mi` | -| `nodeAnalyzer.hostAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | +| `nodeAnalyzer.hostAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | | `nodeAnalyzer.hostAnalyzer.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` | | `nodeAnalyzer.benchmarkRunner.deploy` | Deploys the Benchmark Runner. | `true` | | `nodeAnalyzer.benchmarkRunner.image.repository` | Specifies the image repository to pull the Benchmark Runner from. | `sysdig/compliance-benchmark-runner` | @@ -188,9 +188,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.benchmarkRunner.resources.requests.memory` | Specifies the Benchmark Runner memory requests per node. | `128Mi` | | `nodeAnalyzer.benchmarkRunner.resources.limits.cpu` | Specifies the Benchmark Runner CPU limit per node. | `500m` | | `nodeAnalyzer.benchmarkRunner.resources.limits.memory` | Specifies the Benchmark Runner memory limit per node. | `256Mi` | -| `nodeAnalyzer.benchmarkRunner.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | +| `nodeAnalyzer.benchmarkRunner.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | | `nodeAnalyzer.benchmarkRunner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` | -| `nodeAnalyzer.hostScanner.debug` | Set to `true` to show debug logging, which is useful for troubleshooting. | `false` | +| `nodeAnalyzer.hostScanner.debug` | Set to `true` to show debug logging, which is useful for troubleshooting. | `false` | | `nodeAnalyzer.hostScanner.deploy` | Deploys the Host Scanner. | unset | | `nodeAnalyzer.hostScanner.dirsToScan` | Specifies the list of directories to inspect during the scan. | `/etc,/var/lib/dpkg,/var/lib/rpm,/lib/apk/db,/bin,/sbin,/usr/bin,/usr/sbin,/usr/share,/usr/local,/usr/lib,/usr/lib64,/var/lib/google,/var/lib/toolbox,/var/lib/cloud` | | `nodeAnalyzer.hostScanner.additionalDirsToScan` | Sets the optional comma-separated list of directories in addition to the default ones. | ` ` | @@ -204,19 +204,19 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.hostScanner.no_proxy` | Sets `NO_PROXY` on the Host Scanner container. | `""` | | `nodeAnalyzer.hostScanner.prometheus.enabled` | Enables prometheus | `false` | | `nodeAnalyzer.hostScanner.prometheus.port` | Overrides the default prometheus port | `""` | -| `nodeAnalyzer.hostScanner.prometheus.endpoint` | Overrides the default prometheus metrics endpoint | `""` | +| `nodeAnalyzer.hostScanner.prometheus.endpoint` | Overrides the default prometheus metrics endpoint | `""` | | `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` | | `nodeAnalyzer.hostScanner.resources.requests.memory` | Specifies the Host Scanner memory requests per node. | `512Mi` | | `nodeAnalyzer.hostScanner.resources.requests.ephemeral-storage` | Specifies the Host Scanner Storage requests per node. | `512Mi` | | `nodeAnalyzer.hostScanner.resources.limits.cpu` | Specifies the Host Scanner CPU limit per node. | `500m` | | `nodeAnalyzer.hostScanner.resources.limits.memory` | Specifies the Host Scanner memory limit per node. | `1Gi` | | `nodeAnalyzer.hostScanner.resources.limits.ephemeral-storage` | Specifies the Host Scanner Storage limit per node. | `1Gi` | -| `nodeAnalyzer.hostScanner.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | +| `nodeAnalyzer.hostScanner.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | | `nodeAnalyzer.hostScanner.probesPort` | Specifies the port where readiness and liveness probes are exposed. | `7001` | | `nodeAnalyzer.hostScanner.scanContainers.enabled` | Set to `true` to scan containers | `false` | -| `nodeAnalyzer.hostScanner.scanContainers.dockerSocketPath` | Specifies the path to docker socket | `unix:///var/run/docker.sock` | -| `nodeAnalyzer.hostScanner.scanContainers.podmanSocketPath` | Specifies the path to podman socket | `unix:///var/run/podman.sock` | -| `nodeAnalyzer.runtimeScanner.debug` | Set to `true` to show debug logging, which is useful for troubleshooting. | `false` | +| `nodeAnalyzer.hostScanner.scanContainers.dockerSocketPath` | Specifies the path to docker socket | `unix:///var/run/docker.sock` | +| `nodeAnalyzer.hostScanner.scanContainers.podmanSocketPath` | Specifies the path to podman socket | `unix:///var/run/podman.sock` | +| `nodeAnalyzer.runtimeScanner.debug` | Set to `true` to show debug logging, which is useful for troubleshooting. | `false` | | `nodeAnalyzer.runtimeScanner.deploy` | Deploys the Runtime Scanner. | `false` | | `nodeAnalyzer.runtimeScanner.extraMounts` | Specifies a container engine custom socket path (docker, containerd, CRI-O). | | | `nodeAnalyzer.runtimeScanner.storageClassName` | Specifies the Runtime Scanner storage class to use instead of emptyDir for ephemeral storage. | `` | @@ -233,7 +233,7 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.runtimeScanner.resources.limits.cpu` | Specifies the Runtime Scanner CPU limit per node. | `1000m` | | `nodeAnalyzer.runtimeScanner.resources.limits.memory` | Specifies the Runtime Scanner memory limit per node. | `2Gi` | | `nodeAnalyzer.runtimeScanner.resources.limits.ephemeral-storage` | Specifies the Runtime Scanner Storage limit per node. | `4Gi` | -| `nodeAnalyzer.runtimeScanner.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | +| `nodeAnalyzer.runtimeScanner.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | | `nodeAnalyzer.runtimeScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` | | `nodeAnalyzer.runtimeScanner.settings.eveEnabled` | Enables Sysdig Eve | `true` | | `nodeAnalyzer.runtimeScanner.eveConnector.image.repository` | Specifies the image repository to pull the Eve Connector from. | `sysdig/eveclient-api` | @@ -248,27 +248,27 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.tolerations` | Specifies the tolerations for scheduling. | 
node-role.kubernetes.io/master:NoSchedule,
node-role.kubernetes.io/control-plane:NoSchedule
| | `nodeAnalyzer.kspmAnalyzer.debug` | Set to true to show KSPM node analyzer debug logging, which is useful for troubleshooting. | `false` | | `nodeAnalyzer.kspmAnalyzer.image.repository` | Specifies the image repository to pull the KSPM node analyzer from. | `sysdig/kspm-analyzer` | -| `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.44.46` | +| `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.44.47` | | `nodeAnalyzer.kspmAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.kspmAnalyzer.image.pullPolicy` | Specifies the The image pull policy for the KSPM node analyzer. | `""` | -| `nodeAnalyzer.kspmAnalyzer.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4. | `false` | +| `nodeAnalyzer.kspmAnalyzer.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4. | `false` | | `nodeAnalyzer.kspmAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the KSPM Analyzer container. | `""` | | `nodeAnalyzer.kspmAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the KSPM Analyzer container. | `""` | | `nodeAnalyzer.kspmAnalyzer.no_proxy` | Sets `NO_PROXY` on the KSPM Analyzer container. | `""` | -| `nodeAnalyzer.kspmAnalyzer.transportLayer` | Sets the transport used by the KSPM Analyzer to communicate with Sysdig backend (http or nats). | `"http"` | +| `nodeAnalyzer.kspmAnalyzer.transportLayer` | Sets the transport used by the KSPM Analyzer to communicate with Sysdig backend (http or nats). | `"http"` | | `nodeAnalyzer.kspmAnalyzer.resources.requests.cpu` | Specifies the KSPM node analyzer CPU requests per node. | `150m` | | `nodeAnalyzer.kspmAnalyzer.resources.requests.memory` | Specifies the KSPM node analyzer memory requests per node. | `256Mi` | | `nodeAnalyzer.kspmAnalyzer.resources.limits.cpu` | Specifies the KSPM node analyzer CPU limits per node. | `500m` | | `nodeAnalyzer.kspmAnalyzer.resources.limits.memory` | Specifies the KSPM node analyzer memory limits per node. | `1536Mi` | | `nodeAnalyzer.kspmAnalyzer.port` | Specifies the KSPM node analyzer port for health checks and results API. | `12000` | | `nodeAnalyzer.kspmAnalyzer.readinessProbe.enabled` | Specifies whether KSPM node analyzer readinessProbe is enabled or not. | `true` | -| `nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | +| `nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate` | Set to `false` to allow insecure connections to the Sysdig backend, such as an On-Prem deployment. | | | `nodeAnalyzer.kspmAnalyzer.livenessProbe.enabled` | Specifies whether the KSPM node analyzer livenessProbe is enabled or not. | `true` | | `nodeAnalyzer.kspmAnalyzer.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` | | `nodeAnalyzer.nodeSelector` | Specifies the Node Selector. | `{}` | | `nodeAnalyzer.affinity` | Specifies the Node affinities. | `schedule on amd64 and linux` | -| `nodeAnalyzer.bottlerocket.enabled` | Set to `true` to indicate that the node analyzer will be deployed on bottlerocket. | `false` | -| `nodeAnalyzer.bottlerocket.apiClientPath` | Path to the apiclient binary inside Bottlerocket hosts. | `/usr/bin/apiclient` | -| `nodeAnalyzer.bottlerocket.apiServerSocketPath` | Path to the API socket inside Bottlerocket hosts. | `/run/api.sock` | -| `hostNetwork` | Allows to set hostNetwork | `null` | -| `dnsPolicy` | Allows to set dnsPolicy | `null` | +| `nodeAnalyzer.bottlerocket.enabled` | Set to `true` to indicate that the node analyzer will be deployed on bottlerocket. | `false` | +| `nodeAnalyzer.bottlerocket.apiClientPath` | Path to the apiclient binary inside Bottlerocket hosts. | `/usr/bin/apiclient` | +| `nodeAnalyzer.bottlerocket.apiServerSocketPath` | Path to the API socket inside Bottlerocket hosts. | `/run/api.sock` | +| `hostNetwork` | Allows to set hostNetwork | `null` | +| `dnsPolicy` | Allows to set dnsPolicy | `null` | diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml index 654493bd9..3e28e1d0a 100644 --- a/charts/node-analyzer/values.yaml +++ b/charts/node-analyzer/values.yaml @@ -435,7 +435,7 @@ nodeAnalyzer: debug: false image: repository: sysdig/kspm-analyzer - tag: 1.44.46 + tag: 1.44.47 digest: null pullPolicy: null # Permissions for OCP4, previously only added for benchmarkrunner