🥁stackrox v4 config updated🏡

redhat-cop · Jul 4, 2024 · fbced3d · fbced3d
1 parent c463591
commit fbced3d
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 36 deletions.
diff --git a/charts/stackrox/Chart.yaml b/charts/stackrox/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: stackrox-chart
 description: Install and Configure Stackrox
 type: application
-version: 0.0.8
+version: 0.0.9
 home: https://github.com/redhat-cop/helm-charts
 icon: https://avatars.githubusercontent.com/u/40638982?s=200&v=4
 maintainers:

diff --git a/charts/stackrox/templates/configure-stackrox-job.yaml b/charts/stackrox/templates/configure-stackrox-job.yaml
@@ -35,36 +35,64 @@ spec:
                 apiVersion: platform.stackrox.io/v1alpha1
                 kind: Central
                 metadata:
-                    namespace: {{ .Values.stackrox.namespace | quote }}
-                    name: stackrox-central-services
+                  name: stackrox-central-services
+                  namespace: {{ .Values.stackrox.namespace | quote }}
                 spec:
-                    central:
-                      exposure:
-                        loadBalancer:
-                          enabled: false
-                          port: 443
-                        nodePort:
-                          enabled: false
-                        route:
-                          enabled: true
+                  monitoring:
+                    openshift:
+                      enabled: true
+                  central:
+                    notifierSecretsEncryption:
+                      enabled: false
+                    exposure:
+                      loadBalancer:
+                        enabled: false
+                        port: 443
+                      nodePort:
+                        enabled: false
+                      route:
+                        enabled: true
+                    telemetry:
+                      enabled: true
+                    db:
+                      isEnabled: Default
                       persistence:
                         persistentVolumeClaim:
-                          claimName: stackrox-db
-                    egress:
-                      connectivityPolicy: Online
-                    scanner:
-                      analyzer:
-                        resources:
-                        {{- toYaml .Values.stackrox.analyzer.resources | nindent 24 }}
-                        scaling:
-                          autoScaling: Enabled
-                          maxReplicas: 5
-                          minReplicas: 2
-                          replicas: 3
-                      scannerComponent: Enabled
+                          claimName: central-db
+                    persistence:
+                      persistentVolumeClaim:
+                        claimName: stackrox-db
+                  egress:
+                    connectivityPolicy: Online
+                  scannerV4:
+                    db:
+                      persistence:
+                        persistentVolumeClaim:
+                          claimName: scanner-v4-db
+                    indexer:
+                      scaling:
+                        autoScaling: Enabled
+                        maxReplicas: 5
+                        minReplicas: 2
+                        replicas: 3
+                    matcher:
+                      scaling:
+                        autoScaling: Enabled
+                        maxReplicas: 5
+                        minReplicas: 2
+                        replicas: 3
+                    scannerComponent: Default
+                  scanner:
+                    analyzer:
+                      scaling:
+                        autoScaling: Enabled
+                        maxReplicas: 5
+                        minReplicas: 2
+                        replicas: 3
+                      {{- toYaml .Values.stackrox.analyzer.resources | nindent 24 }}
               EOF
               }
-
+              
               install_central
               until [ "$?" == 0 ]
               do
@@ -122,19 +150,47 @@ spec:
                 name: {{ .Values.stackrox.clusterName }}-secured-cluster
                 namespace: {{ .Values.stackrox.namespace | quote }}
               spec:
-                admissionControl:
-                  listenOnCreates: false
-                  listenOnEvents: true
-                  listenOnUpdates: false
+                monitoring:
+                  openshift:
+                    enabled: true
                 auditLogs:
                   collection: Auto
-                centralEndpoint: 'central.{{ .Values.stackrox.namespace }}:443'
-                clusterName: {{ .Values.stackrox.clusterName | quote }}
+                admissionControl:
+                  listenOnUpdates: true
+                  bypass: BreakGlassAnnotation
+                  contactImageScanners: DoNotScanInline
+                  listenOnCreates: true
+                  replicas: 3
+                  timeoutSeconds: 20
+                  listenOnEvents: true
+                scannerV4:
+                  db:
+                    persistence:
+                      persistentVolumeClaim:
+                        claimName: scanner-v4-db
+                  indexer:
+                    scaling:
+                      autoScaling: Enabled
+                      maxReplicas: 5
+                      minReplicas: 2
+                      replicas: 3
+                  scannerComponent: Default
+                scanner:
+                  analyzer:
+                    scaling:
+                      autoScaling: Enabled
+                      maxReplicas: 5
+                      minReplicas: 2
+                      replicas: 3
+                  scannerComponent: AutoSense
                 perNode:
                   collector:
-                    collection: KernelModule
+                    collection: CORE_BPF
+                    forceCollection: false
                     imageFlavor: Regular
                   taintToleration: TolerateTaints
+                clusterName: {{ .Values.stackrox.clusterName | quote }}
+                centralEndpoint: 'central.{{ .Values.stackrox.namespace }}:443'
               EOF
               exit 0;
           imagePullPolicy: Always
@@ -143,4 +199,4 @@ spec:
       restartPolicy: OnFailure
       serviceAccount: configure-stackrox
       serviceAccountName: configure-stackrox
-      terminationGracePeriodSeconds: 10
+      terminationGracePeriodSeconds: 10
diff --git a/charts/stackrox/values.yaml b/charts/stackrox/values.yaml
@@ -6,7 +6,7 @@ stackrox:
   operator:
     namespace: openshift-operators
     name: rhacs-operator
-    channel: latest
+    channel: stable
     approval: Automatic
     operatorName: rhacs-operator
     sourceName: redhat-operators
@@ -18,4 +18,4 @@ stackrox:
       limits:
         cpu: 500m
       requests:
-        cpu: 100m
+        cpu: 100m