From ec49018e13a19c9a3b3c24baa571d2754356f6f8 Mon Sep 17 00:00:00 2001 From: Baruch Bilanski Date: Mon, 26 Feb 2024 15:28:28 +0200 Subject: [PATCH 1/7] add aqua add on --- .../Addons/Partner/Aqua/aqua-enforcer.yaml | 54 +++++++++++++++++++ .../Addons/Partner/Aqua/aqua-source.yaml | 9 ++++ .../Addons/Partner/Aqua/external-secret.yaml | 29 ++++++++++ .../Addons/Partner/Aqua/namespace.yaml | 8 +++ .../Testers/Aqua/aqua-testJob.yaml | 35 ++++++++++++ 5 files changed, 135 insertions(+) create mode 100644 eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml create mode 100644 eks-anywhere-common/Addons/Partner/Aqua/aqua-source.yaml create mode 100644 eks-anywhere-common/Addons/Partner/Aqua/external-secret.yaml create mode 100644 eks-anywhere-common/Addons/Partner/Aqua/namespace.yaml create mode 100644 eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml diff --git a/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml b/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml new file mode 100644 index 00000000..b25b696b --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: aqua-enforcer + namespace: aqua +spec: + chart: + spec: + chart: enforcer + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: aqua-helm + namespace: flux-system + version: "2022.4.20" + interval: 30s + values: + global: + platform: eks + gateway: + port: 443 + imageCredentials: + create: true + name: + repositoryUriPrefix: "registry.aquasec.com" + registry: "registry.aquasec.com" + serviceAccount: + create: true + nodeSelector: {} + tolerations: [] + podAnnotations: {} + podLabels: {} + podSecurityContext: {} + affinity: {} + extraEnvironmentVars: {} + valuesFrom: + - kind: Secret + name: aqua-secrets-from-ps + valuesKey: aqua-geteway-address + targetPath: global.gateway.address + - kind: Secret + name: aqua-secrets-from-ps + valuesKey: aqua-enforcer-token + targetPath: enforcerToken + - kind: Secret + name: aqua-secrets-from-ps + valuesKey: aqua-image-username + targetPath: global.imageCredentials.username + - kind: Secret + name: aqua-secrets-from-ps + valuesKey: aqua-image-password + targetPath: global.imageCredentials.password + diff --git a/eks-anywhere-common/Addons/Partner/Aqua/aqua-source.yaml b/eks-anywhere-common/Addons/Partner/Aqua/aqua-source.yaml new file mode 100644 index 00000000..f49e0ac4 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Aqua/aqua-source.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: aqua-helm + namespace: flux-system +spec: + interval: 30s + url: https://helm.aquasec.com diff --git a/eks-anywhere-common/Addons/Partner/Aqua/external-secret.yaml b/eks-anywhere-common/Addons/Partner/Aqua/external-secret.yaml new file mode 100644 index 00000000..81322e3b --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Aqua/external-secret.yaml @@ -0,0 +1,29 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: aqua-secretstore-eksa + namespace: aqua +spec: + refreshInterval: 1m + secretStoreRef: + name: eksa-secret-store + kind: ClusterSecretStore + target: + name: aqua-secrets-from-ps # Specify the name for the Kubernetes Secret + data: + - secretKey: aqua-enforcer-token # Key in Kubernetes Secret + remoteRef: + key: /aqua-enforcer/enforcer-token # Key in AWS Parameter Store + + - secretKey: aqua-image-username + remoteRef: + key: /aqua-enforcer/username + + - secretKey: aqua-image-password + remoteRef: + key: /aqua-enforcer/password + + - secretKey: aqua-geteway-address + remoteRef: + key: /aqua-enforcer/gateway + diff --git a/eks-anywhere-common/Addons/Partner/Aqua/namespace.yaml b/eks-anywhere-common/Addons/Partner/Aqua/namespace.yaml new file mode 100644 index 00000000..9f347e03 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Aqua/namespace.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: aqua + labels: + aws.conformance.vendor: aqua + aws.conformance.vendor-solution: aqua-enforcer diff --git a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml new file mode 100644 index 00000000..7c85bcfb --- /dev/null +++ b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: aqua-enforcer-tester + namespace: aqua +spec: + template: + spec: + serviceAccountName: 'aqua-enforcer-sa' + containers: + - name: test-aqua-enforcer + image: 'alpine/k8s:1.26.2' + imagePullPolicy: Always + command: + - /bin/bash + args: + - '-c' + - >- + echo "1. Checking readiness probe" + aqua_enforcer_pod=""; + while true; + do + aqua_enforcer_pod=$(kubectl get pod -n aqua -l app=aqua-enforcer-ds --field-selector=status.phase==Running -o jsonpath="{.items[0].metadata.name}{range .items[0].status.conditions[?(@.type=='Ready')]}"); + aqua_enforcer_pod_status=$(kubectl get pod $aqua_enforcer_pod -n aqua -o jsonpath="{.status.phase}"); + + if [[ $aqua_enforcer_pod_status != "Running" ]]; then + echo "LOG: Pod $aqua_enforcer_pod, $aqua_enforcer_pod_status"; + sleep 15; + else + echo "LOG: Pod $aqua_enforcer_pod, Running"; + exit 0; + fi; + done; + restartPolicy: Never + backoffLimit: 1 From c639ab69d55f43c8a03b2a1dd2e478b6a5738a42 Mon Sep 17 00:00:00 2001 From: Baruch Bilanski Date: Tue, 5 Mar 2024 15:45:51 +0200 Subject: [PATCH 2/7] TestJob modified --- .../Testers/Aqua/aqua-testJob.yaml | 103 +++++++++++++++--- 1 file changed, 89 insertions(+), 14 deletions(-) diff --git a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml index 7c85bcfb..4166fdd3 100644 --- a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml +++ b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml @@ -16,20 +16,95 @@ spec: args: - '-c' - >- - echo "1. Checking readiness probe" - aqua_enforcer_pod=""; - while true; - do - aqua_enforcer_pod=$(kubectl get pod -n aqua -l app=aqua-enforcer-ds --field-selector=status.phase==Running -o jsonpath="{.items[0].metadata.name}{range .items[0].status.conditions[?(@.type=='Ready')]}"); - aqua_enforcer_pod_status=$(kubectl get pod $aqua_enforcer_pod -n aqua -o jsonpath="{.status.phase}"); - - if [[ $aqua_enforcer_pod_status != "Running" ]]; then - echo "LOG: Pod $aqua_enforcer_pod, $aqua_enforcer_pod_status"; - sleep 15; - else - echo "LOG: Pod $aqua_enforcer_pod, Running"; - exit 0; - fi; + echo "Checking Aqua Enforcer"; + sleep 5; + timeout_seconds=420; + retry_interval=30; + max_retry_attempts=10; + start_time=$(date +%s); + aqua_enforcer_pods=($(kubectl get pods -n aqua -l app=aqua-enforcer-ds --field-selector=status.phase==Running -o jsonpath="{.items[*].metadata.name}")); + + for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do + while true; do + current_time=$(date +%s); elapsed_time=$((current_time - start_time)); + + if [ $elapsed_time -ge $timeout_seconds ]; then + echo "Error: Timeout reached while waiting for Aqua Enforcer pods to be ready."; + exit 1; + fi; + + aqua_enforcer_pod_status=$(kubectl get pod $aqua_enforcer_pod -n aqua -o jsonpath="{.status.phase}"); + + if [[ $aqua_enforcer_pod_status != "Running" ]]; then + echo "LOG: Pod $aqua_enforcer_pod, $aqua_enforcer_pod_status"; + sleep 15; + else + echo "LOG: Pod $aqua_enforcer_pod, Running"; + break; + fi; + done; + done; + + for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do + kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; + status_command_exit_code=$?; + + if [ $status_command_exit_code -eq 0 ]; then + echo "Aqua Enforcer pod $aqua_enforcer_pod is running and connected"; + else + echo "Error: status command failed for pod $aqua_enforcer_pod."; + echo "Retrying for 5 minutes."; + + start_time_retry=$(date +%s); retry_elapsed_time=0; + + while [ $retry_elapsed_time -lt $((retry_interval * max_retry_attempts)) ]; do + kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; + status_command_exit_code=$?; + + if [ $status_command_exit_code -eq 0 ]; then + echo "status command executed successfully for pod $aqua_enforcer_pod."; + break; + else + echo "Retry: status command failed. Retrying in 30 seconds."; + sleep $retry_interval; + retry_elapsed_time=$((retry_elapsed_time + retry_interval)); + fi; + done; + + if [ $status_command_exit_code -ne 0 ]; then + echo "Error: Retry limit reached. status command still not successful for pod $aqua_enforcer_pod."; + exit 1; + fi; + fi; done; + + echo "Job completed successfully for all Aqua Enforcer pods."; + exit 0; restartPolicy: Never backoffLimit: 1 + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: aqua-enforcer-exec-role + namespace: aqua +rules: + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: aqua-enforcer-exec-binding + namespace: aqua +subjects: + - kind: ServiceAccount + name: aqua-enforcer-sa + namespace: aqua +roleRef: + kind: Role + name: aqua-enforcer-exec-role + apiGroup: rbac.authorization.k8s.io From 787398bff8675add2f5117d8ba2fe9620afd72af Mon Sep 17 00:00:00 2001 From: Baruch Bilanski Date: Mon, 11 Mar 2024 15:12:16 +0200 Subject: [PATCH 3/7] changed testjob to cronjob --- .../Testers/Aqua/aqua-testJob.yaml | 151 +++++++++--------- 1 file changed, 77 insertions(+), 74 deletions(-) diff --git a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml index 4166fdd3..1b0bb176 100644 --- a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml +++ b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml @@ -1,87 +1,90 @@ apiVersion: batch/v1 -kind: Job +kind: CronJob metadata: name: aqua-enforcer-tester namespace: aqua spec: - template: + schedule: "0 */12 * * *" + jobTemplate: spec: - serviceAccountName: 'aqua-enforcer-sa' - containers: - - name: test-aqua-enforcer - image: 'alpine/k8s:1.26.2' - imagePullPolicy: Always - command: - - /bin/bash - args: - - '-c' - - >- - echo "Checking Aqua Enforcer"; - sleep 5; - timeout_seconds=420; - retry_interval=30; - max_retry_attempts=10; - start_time=$(date +%s); - aqua_enforcer_pods=($(kubectl get pods -n aqua -l app=aqua-enforcer-ds --field-selector=status.phase==Running -o jsonpath="{.items[*].metadata.name}")); - - for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do - while true; do - current_time=$(date +%s); elapsed_time=$((current_time - start_time)); - - if [ $elapsed_time -ge $timeout_seconds ]; then - echo "Error: Timeout reached while waiting for Aqua Enforcer pods to be ready."; - exit 1; - fi; - - aqua_enforcer_pod_status=$(kubectl get pod $aqua_enforcer_pod -n aqua -o jsonpath="{.status.phase}"); - - if [[ $aqua_enforcer_pod_status != "Running" ]]; then - echo "LOG: Pod $aqua_enforcer_pod, $aqua_enforcer_pod_status"; - sleep 15; - else - echo "LOG: Pod $aqua_enforcer_pod, Running"; - break; - fi; - done; - done; - - for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do - kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; - status_command_exit_code=$?; - - if [ $status_command_exit_code -eq 0 ]; then - echo "Aqua Enforcer pod $aqua_enforcer_pod is running and connected"; - else - echo "Error: status command failed for pod $aqua_enforcer_pod."; - echo "Retrying for 5 minutes."; - - start_time_retry=$(date +%s); retry_elapsed_time=0; - - while [ $retry_elapsed_time -lt $((retry_interval * max_retry_attempts)) ]; do - kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; - status_command_exit_code=$?; - - if [ $status_command_exit_code -eq 0 ]; then - echo "status command executed successfully for pod $aqua_enforcer_pod."; - break; + template: + spec: + serviceAccountName: 'aqua-enforcer-sa' + containers: + - name: test-aqua-enforcer + image: 'alpine/k8s:1.26.2' + imagePullPolicy: Always + command: + - /bin/bash + args: + - '-c' + - >- + echo "Checking Aqua Enforcer"; + sleep 5; + timeout_seconds=420; + retry_interval=30; + max_retry_attempts=10; + start_time=$(date +%s); + aqua_enforcer_pods=($(kubectl get pods -n aqua -l app=aqua-enforcer-ds --field-selector=status.phase==Running -o jsonpath="{.items[*].metadata.name}")); + + for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do + while true; do + current_time=$(date +%s); elapsed_time=$((current_time - start_time)); + + if [ $elapsed_time -ge $timeout_seconds ]; then + echo "Error: Timeout reached while waiting for Aqua Enforcer pods to be ready."; + exit 1; + fi; + + aqua_enforcer_pod_status=$(kubectl get pod $aqua_enforcer_pod -n aqua -o jsonpath="{.status.phase}"); + + if [[ $aqua_enforcer_pod_status != "Running" ]]; then + echo "LOG: Pod $aqua_enforcer_pod, $aqua_enforcer_pod_status"; + sleep 15; else - echo "Retry: status command failed. Retrying in 30 seconds."; - sleep $retry_interval; - retry_elapsed_time=$((retry_elapsed_time + retry_interval)); + echo "LOG: Pod $aqua_enforcer_pod, Running"; + break; fi; done; - - if [ $status_command_exit_code -ne 0 ]; then - echo "Error: Retry limit reached. status command still not successful for pod $aqua_enforcer_pod."; - exit 1; + done; + + for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do + kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; + status_command_exit_code=$?; + + if [ $status_command_exit_code -eq 0 ]; then + echo "Aqua Enforcer pod $aqua_enforcer_pod is running and connected"; + else + echo "Error: status command failed for pod $aqua_enforcer_pod."; + echo "Retrying for 5 minutes."; + + start_time_retry=$(date +%s); retry_elapsed_time=0; + + while [ $retry_elapsed_time -lt $((retry_interval * max_retry_attempts)) ]; do + kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; + status_command_exit_code=$?; + + if [ $status_command_exit_code -eq 0 ]; then + echo "status command executed successfully for pod $aqua_enforcer_pod."; + break; + else + echo "Retry: status command failed. Retrying in 30 seconds."; + sleep $retry_interval; + retry_elapsed_time=$((retry_elapsed_time + retry_interval)); + fi; + done; + + if [ $status_command_exit_code -ne 0 ]; then + echo "Error: Retry limit reached. status command still not successful for pod $aqua_enforcer_pod."; + exit 1; + fi; fi; - fi; - done; - - echo "Job completed successfully for all Aqua Enforcer pods."; - exit 0; - restartPolicy: Never - backoffLimit: 1 + done; + + echo "Job completed successfully for all Aqua Enforcer pods."; + exit 0; + restartPolicy: Never + backoffLimit: 1 --- apiVersion: rbac.authorization.k8s.io/v1 From c438f8ea564d5dfcd0de7992a5e59b482321b3b3 Mon Sep 17 00:00:00 2001 From: Baruch Bilanski Date: Tue, 12 Mar 2024 11:28:35 +0200 Subject: [PATCH 4/7] added image tag, added seLinux policy --- .../Addons/Partner/Aqua/aqua-enforcer.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml b/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml index b25b696b..863a943b 100644 --- a/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml +++ b/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml @@ -25,6 +25,14 @@ spec: name: repositoryUriPrefix: "registry.aquasec.com" registry: "registry.aquasec.com" + image: + tag: "2022.4.460" + securityContext: + seLinuxOptions: + user: system_u + role: system_r + type: super_t + level: s0 serviceAccount: create: true nodeSelector: {} From 49b7bd6322b30eaafb38ba30d0edef1c20571298 Mon Sep 17 00:00:00 2001 From: Baruch Bilanski Date: Sun, 17 Mar 2024 15:17:10 +0200 Subject: [PATCH 5/7] change test command --- .../Testers/Aqua/aqua-testJob.yaml | 52 ++++++++++--------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml index 1b0bb176..4b3ea1f5 100644 --- a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml +++ b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml @@ -4,7 +4,7 @@ metadata: name: aqua-enforcer-tester namespace: aqua spec: - schedule: "0 */12 * * *" + schedule: "* * * * *" jobTemplate: spec: template: @@ -23,21 +23,21 @@ spec: sleep 5; timeout_seconds=420; retry_interval=30; - max_retry_attempts=10; + max_retry_attempts=5; start_time=$(date +%s); aqua_enforcer_pods=($(kubectl get pods -n aqua -l app=aqua-enforcer-ds --field-selector=status.phase==Running -o jsonpath="{.items[*].metadata.name}")); - + for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do while true; do current_time=$(date +%s); elapsed_time=$((current_time - start_time)); - + if [ $elapsed_time -ge $timeout_seconds ]; then echo "Error: Timeout reached while waiting for Aqua Enforcer pods to be ready."; exit 1; fi; - + aqua_enforcer_pod_status=$(kubectl get pod $aqua_enforcer_pod -n aqua -o jsonpath="{.status.phase}"); - + if [[ $aqua_enforcer_pod_status != "Running" ]]; then echo "LOG: Pod $aqua_enforcer_pod, $aqua_enforcer_pod_status"; sleep 15; @@ -47,40 +47,42 @@ spec: fi; done; done; - + for aqua_enforcer_pod in "${aqua_enforcer_pods[@]}"; do - kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; - status_command_exit_code=$?; - - if [ $status_command_exit_code -eq 0 ]; then - echo "Aqua Enforcer pod $aqua_enforcer_pod is running and connected"; + kubectl exec -n aqua $aqua_enforcer_pod -- timeout 30s /opt/aquasec/./slkaudit > /var/log/enforcer_testjob.log 2>&1 + grep -iq "Successfully connected to gateway" /var/log/enforcer_testjob.log + grep_exit_code=$?; + + if [ $grep_exit_code -eq 0 ]; then + echo "Success: Aqua Enforcer pod $aqua_enforcer_pod is running and connected"; else - echo "Error: status command failed for pod $aqua_enforcer_pod."; + echo "Error: Aqua Enforcer pod $aqua_enforcer_pod failed to connect."; echo "Retrying for 5 minutes."; - + start_time_retry=$(date +%s); retry_elapsed_time=0; - + while [ $retry_elapsed_time -lt $((retry_interval * max_retry_attempts)) ]; do - kubectl exec -n aqua $aqua_enforcer_pod -- /opt/aquasec/./slk status > /dev/null 2>&1; - status_command_exit_code=$?; - - if [ $status_command_exit_code -eq 0 ]; then - echo "status command executed successfully for pod $aqua_enforcer_pod."; + kubectl exec -n aqua $aqua_enforcer_pod -- timeout 30s /opt/aquasec/./slkaudit > /var/log/enforcer_testjob.log 2>&1 + grep -iq "Successfully connected to gateway" /var/log/enforcer_testjob.log + grep_exit_code=$?; + + if [ $grep_exit_code -eq 0 ]; then + echo "Success: Aqua Enforcer pod $aqua_enforcer_pod is running and connected after retry."; break; else - echo "Retry: status command failed. Retrying in 30 seconds."; + echo "Retry: Aqua Enforcer pod $aqua_enforcer_pod failed to connect. Retrying in 30 seconds."; sleep $retry_interval; retry_elapsed_time=$((retry_elapsed_time + retry_interval)); fi; done; - - if [ $status_command_exit_code -ne 0 ]; then - echo "Error: Retry limit reached. status command still not successful for pod $aqua_enforcer_pod."; + + if [ $grep_exit_code -ne 0 ]; then + echo "Error: Retry limit reached. Aqua Enforcer pod $aqua_enforcer_pod still failed to connect."; exit 1; fi; fi; done; - + echo "Job completed successfully for all Aqua Enforcer pods."; exit 0; restartPolicy: Never From 4c15e4cb8875163f4dd1bfd4709625fe18ce269c Mon Sep 17 00:00:00 2001 From: Baruch Bilanski Date: Sun, 17 Mar 2024 15:21:05 +0200 Subject: [PATCH 6/7] fix cron schedule --- eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml index 4b3ea1f5..7d4c5550 100644 --- a/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml +++ b/eks-anywhere-common/Testers/Aqua/aqua-testJob.yaml @@ -4,7 +4,7 @@ metadata: name: aqua-enforcer-tester namespace: aqua spec: - schedule: "* * * * *" + schedule: "0 */12 * * *" jobTemplate: spec: template: From ffbe160deb150715b2a8a82aa399f37ceca5c30f Mon Sep 17 00:00:00 2001 From: Baruch Bilanski Date: Tue, 19 Mar 2024 18:41:00 +0200 Subject: [PATCH 7/7] update enforcer version --- eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml b/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml index 863a943b..66f4e05c 100644 --- a/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml +++ b/eks-anywhere-common/Addons/Partner/Aqua/aqua-enforcer.yaml @@ -26,7 +26,7 @@ spec: repositoryUriPrefix: "registry.aquasec.com" registry: "registry.aquasec.com" image: - tag: "2022.4.460" + tag: "2022.4.461" securityContext: seLinuxOptions: user: system_u