release: Prepare v0.10.0-rc2 (aquasecurity#444)

Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
elek · Mar 19, 2021 · 3504621 · 3504621
1 parent d12f369
commit 3504621
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 27 deletions.
diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml
@@ -11,7 +11,7 @@ version: 0.4.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.9.2
+appVersion: 0.10.0-rc2
 
 # kubeVersion: A SemVer range of compatible Kubernetes versions (optional)
 

diff --git a/deploy/helm/templates/configmap.yaml b/deploy/helm/templates/configmap.yaml
@@ -17,6 +17,9 @@ data:
   {{- end }}
   trivy.severity: "{{ .Values.trivy.severity }}"
   {{- end }}
+  {{- if .Values.kubeBench.enabled }}
+  kube-bench.imageRef: "{{ .Values.kubeBench.imageRef }}"
+  {{- end }}
   polaris.imageRef: "{{ .Values.polaris.imageRef }}"
   polaris.config.yaml: |
     {{- toYaml .Values.polaris.config | nindent 4 }}

diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
@@ -60,6 +60,10 @@ trivy:
   httpProxy: 
   severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
 
+kubeBench:
+  enabled: true
+  imageRef: docker.io/aquasec/kube-bench:0.5.0
+
 polaris:
   imageRef: quay.io/fairwinds/polaris:3.0
   config:

diff --git a/deploy/static/06-starboard-operator.deployment.yaml b/deploy/static/06-starboard-operator.deployment.yaml
@@ -26,7 +26,7 @@ spec:
         fsGroup: 10000
       containers:
         - name: operator
-          image: docker.io/aquasec/starboard-operator:0.9.2
+          image: docker.io/aquasec/starboard-operator:0.10.0-rc2
           imagePullPolicy: IfNotPresent
           securityContext:
             privileged: false

diff --git a/docs/operator/installation/helm.md b/docs/operator/installation/helm.md
@@ -17,38 +17,20 @@ configure it to watch the `default` namespaces:
    helm repo add aqua https://aquasecurity.github.io/helm-charts/
    helm repo update
    ```
-2. Create the `starboard-operator` namespace:
-   ```
-   kubectl create namespace starboard-operator
-   ```
-3. (Optional) Configure Starboard by creating the `starboard` ConfigMap and the `starboard` secret in
-   the `starboard-operator` namespace. For example, you can use Trivy
-   in [ClientServer](./../../integrations/vulnerability-scanners/trivy.md#clientserver) mode or
-   [Aqua Enterprise](./../../integrations/vulnerability-scanners/aqua-enterprise.md) as an active vulnerability scanner.
-   If you skip this step, the operator will ensure [configuration objects](./../../settings.md)
-   on startup with the default settings:
-   ```
-   kubectl apply -f https://raw.githubusercontent.com/aquasecurity/starboard/{{ var.tag }}/deploy/static/05-starboard-operator.config.yaml
-   ```
-   Review the default values and makes sure the operator is configured properly:
-   ```
-   kubectl describe cm starboard -n starboard-operator
-   kubectl describe secret starboard -n starboard-operator
-   ```
-4. Install the chart from local directory:
+2. Install the chart from local directory:
    ```
    helm install starboard-operator ./deploy/helm \
-     -n starboard-operator \
+     -n starboard-operator --create-namespace \
      --set="targetNamespaces=default"
    ```
     Or install the chart from Aqua repository:
     ```
     helm install starboard-operator aqua/starboard-operator \
-      -n starboard-operator \
+      -n starboard-operator --create-namespace \
       --set="targetNamespaces=default" \
       --version {{ var.chart.version }}
     ```
-5. Check that the `starboard-operator` Helm release is created in the `starboard-operator`
+3. Check that the `starboard-operator` Helm release is created in the `starboard-operator`
    namespace:
    ```console
    $ helm list -n starboard-operator

diff --git a/mkdocs.yml b/mkdocs.yml
@@ -57,8 +57,8 @@ extra:
   version:
     method: mike
   var:
-    tag: "v0.9.2"
-    tag_prev: "v0.9.1"
+    tag: "v0.10.0-rc2"
+    tag_prev: "v0.9.2"
     build:
       version: "0.9.2"
       commit: "a11a033e13ee87e02b673f008dbcd6c40be4da06"

diff --git a/pkg/operator/controller/configauditreport.go b/pkg/operator/controller/configauditreport.go
@@ -132,7 +132,7 @@ func (r *ConfigAuditReportReconciler) reconcileWorkload(workloadKind kube.Kind)
 		log.V(1).Info("Checking whether configuration audit has been scheduled")
 		_, job, err := r.hasActiveScanJob(ctx, workloadPartial, podSpecHash)
 		if err != nil {
-			return ctrl.Result{}, nil
+			return ctrl.Result{}, err
 		}
 		if job != nil {
 			log.V(1).Info("Configuration audit has been scheduled",