diff --git a/charts/kubescape-operator/assets/common-egress-rules.yaml b/charts/kubescape-operator/assets/common-egress-rules.yaml index 639f97df..1c7c6cc5 100644 --- a/charts/kubescape-operator/assets/common-egress-rules.yaml +++ b/charts/kubescape-operator/assets/common-egress-rules.yaml @@ -16,7 +16,7 @@ to: - podSelector: matchLabels: - app: otel-collector + {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.otelCollector.name) | nindent 10 }} {{- if ne .Values.global.httpsProxy "" }} - ports: - port: {{ .Values.global.networkPolicy.httpsProxyPort }} diff --git a/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml b/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml index 4ea1503f..5b1f6b10 100644 --- a/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml +++ b/charts/kubescape-operator/assets/kubevuln-cronjob-full.yaml @@ -5,8 +5,8 @@ apiVersion: batch/v1 namespace: {{ .Values.ksNamespace }} labels: app: {{ .Values.kubevulnScheduler.name }} - kubescape.io/tier: "core" tier: {{ .Values.global.namespaceTier }} + kubescape.io/tier: "core" armo.tier: "vuln-scan" spec: schedule: "{{ .Values.kubevulnScheduler.scanSchedule }}" @@ -20,10 +20,10 @@ apiVersion: batch/v1 armo.tier: "vuln-scan" kubescape.io/tier: "core" spec: - {{- if .Values.imagePullSecrets }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: - name: {{ toYaml .Values.imagePullSecrets }} - {{- end }} + {{- end }} containers: - name: {{ .Values.kubevulnScheduler.name }} image: "{{ .Values.kubevulnScheduler.image.repository }}:{{ .Values.kubevulnScheduler.image.tag }}" diff --git a/charts/kubescape-operator/templates/kubescape-scheduler/networkpolicy.yaml b/charts/kubescape-operator/templates/kubescape-scheduler/networkpolicy.yaml index 2cbec481..cb72f189 100644 --- a/charts/kubescape-operator/templates/kubescape-scheduler/networkpolicy.yaml +++ b/charts/kubescape-operator/templates/kubescape-scheduler/networkpolicy.yaml @@ -15,4 +15,11 @@ spec: - Egress egress: {{ tpl (.Files.Get "assets/common-egress-rules.yaml") . | indent 4 }} + - ports: + - protocol: TCP + port: 4002 + to: + - podSelector: + matchLabels: + {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.operator.name) | nindent 14 }} {{- end }} diff --git a/charts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yaml b/charts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yaml index 652e71db..2629d026 100644 --- a/charts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yaml +++ b/charts/kubescape-operator/templates/kubevuln-scheduler/cronjob.yaml @@ -11,6 +11,7 @@ metadata: namespace: {{ .Values.ksNamespace }} labels: {{- include "kubescape-operator.labels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.kubevulnScheduler.name "tier" .Values.global.namespaceTier) | nindent 4 }} + armo.tier: "vuln-scan" kubescape.io/tier: "core" spec: schedule: "{{ trimPrefix "\n" (trimSuffix "\n" $kubevuln_daily_scan_cron_tab) }}" @@ -22,12 +23,13 @@ spec: metadata: labels: {{- include "kubescape-operator.labels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.kubevulnScheduler.name "tier" .Values.global.namespaceTier) | nindent 12 }} + armo.tier: "vuln-scan" kubescape.io/tier: "core" spec: - {{- if .Values.imagePullSecrets }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: - name: {{ toYaml .Values.imagePullSecrets }} - {{- end }} + {{- end }} containers: - name: {{ .Values.kubevulnScheduler.name }} image: "{{ .Values.kubevulnScheduler.image.repository }}:{{ .Values.kubevulnScheduler.image.tag }}" @@ -46,9 +48,9 @@ spec: - -path=v1/triggerAction - -headers=Content-Type:application/json - -path-body=/home/ks/request-body.json - {{- if .Values.kubevulnScheduler.insecureSkipTLSVerify }} + {{- if .Values.kubevulnScheduler.insecureSkipTLSVerify }} - -skip-ssl-verify=true - {{- end}} + {{- end}} volumeMounts: - name: {{ .Values.kubevulnScheduler.name }} mountPath: /home/ks/request-body.json diff --git a/charts/kubescape-operator/templates/kubevuln-scheduler/networkpolicy.yaml b/charts/kubescape-operator/templates/kubevuln-scheduler/networkpolicy.yaml index b1b188ac..b29059ac 100644 --- a/charts/kubescape-operator/templates/kubevuln-scheduler/networkpolicy.yaml +++ b/charts/kubescape-operator/templates/kubevuln-scheduler/networkpolicy.yaml @@ -15,4 +15,11 @@ spec: - Egress egress: {{ tpl (.Files.Get "assets/common-egress-rules.yaml") . | indent 4 }} + - ports: + - protocol: TCP + port: 4002 + to: + - podSelector: + matchLabels: + {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.operator.name) | nindent 14 }} {{- end }} diff --git a/charts/kubescape-operator/templates/kubevuln/service.yaml b/charts/kubescape-operator/templates/kubevuln/service.yaml index 80a77c5b..e01eeeb6 100644 --- a/charts/kubescape-operator/templates/kubevuln/service.yaml +++ b/charts/kubescape-operator/templates/kubevuln/service.yaml @@ -14,5 +14,5 @@ spec: targetPort: {{ .Values.kubevuln.service.targetPort }} protocol: {{ .Values.kubevuln.service.protocol }} selector: - app: {{ .Values.kubevuln.name }} + {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.kubevuln.name) | nindent 4 }} {{- end }} diff --git a/charts/kubescape-operator/templates/otel-collector/networkpolicy.yaml b/charts/kubescape-operator/templates/otel-collector/networkpolicy.yaml index 04302ec6..4156b634 100644 --- a/charts/kubescape-operator/templates/otel-collector/networkpolicy.yaml +++ b/charts/kubescape-operator/templates/otel-collector/networkpolicy.yaml @@ -35,4 +35,6 @@ spec: ports: - port: otlp protocol: TCP + - port: otlp-http + protocol: TCP {{- end }} diff --git a/charts/kubescape-operator/templates/otel-collector/service.yaml b/charts/kubescape-operator/templates/otel-collector/service.yaml index 1c22d917..a9bf7e2e 100644 --- a/charts/kubescape-operator/templates/otel-collector/service.yaml +++ b/charts/kubescape-operator/templates/otel-collector/service.yaml @@ -19,5 +19,5 @@ spec: targetPort: 4318 protocol: TCP selector: - app: {{ .Values.otelCollector.name }} + {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.otelCollector.name) | nindent 4 }} {{ end }} diff --git a/charts/kubescape-operator/templates/prometheus-exporter/service.yaml b/charts/kubescape-operator/templates/prometheus-exporter/service.yaml index bacb533d..451e04ff 100644 --- a/charts/kubescape-operator/templates/prometheus-exporter/service.yaml +++ b/charts/kubescape-operator/templates/prometheus-exporter/service.yaml @@ -14,5 +14,5 @@ spec: targetPort: {{ .Values.prometheusExporter.service.targetPort }} protocol: {{ .Values.prometheusExporter.service.protocol }} selector: - app: {{ .Values.prometheusExporter.name }} + {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.prometheusExporter.name) | nindent 4 }} {{- end }} diff --git a/charts/kubescape-operator/templates/synchronizer/service.yaml b/charts/kubescape-operator/templates/synchronizer/service.yaml index 7ced58c1..257e2b55 100644 --- a/charts/kubescape-operator/templates/synchronizer/service.yaml +++ b/charts/kubescape-operator/templates/synchronizer/service.yaml @@ -14,5 +14,5 @@ spec: targetPort: {{ .Values.synchronizer.service.targetPort }} protocol: {{ .Values.synchronizer.service.protocol }} selector: - app: {{ .Values.synchronizer.name }} + {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.synchronizer.name) | nindent 4 }} {{- end }} diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index c335d667..51f39934 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -129,7 +129,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -563,7 +565,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -903,7 +907,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -1242,13 +1248,24 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP to: - ipBlock: cidr: 1.1.1.1/32 + - ports: + - port: 4002 + protocol: TCP + to: + - podSelector: + matchLabels: + app.kubernetes.io/component: operator + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator podSelector: matchLabels: app.kubernetes.io/component: kubescape-scheduler @@ -1861,7 +1878,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -2067,6 +2086,7 @@ all capabilities: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kubescape-operator app.kubernetes.io/version: 1.22.4 + armo.tier: vuln-scan helm.sh/chart: kubescape-operator-1.22.4 kubescape.io/ignore: "true" kubescape.io/tier: core @@ -2086,6 +2106,7 @@ all capabilities: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kubescape-operator app.kubernetes.io/version: 1.22.4 + armo.tier: vuln-scan helm.sh/chart: kubescape-operator-1.22.4 kubescape.io/ignore: "true" kubescape.io/tier: core @@ -2169,13 +2190,24 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP to: - ipBlock: cidr: 1.1.1.1/32 + - ports: + - port: 4002 + protocol: TCP + to: + - podSelector: + matchLabels: + app.kubernetes.io/component: operator + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator podSelector: matchLabels: app.kubernetes.io/component: kubevuln-scheduler @@ -2444,7 +2476,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -2515,7 +2549,9 @@ all capabilities: protocol: TCP targetPort: 8080 selector: - app: kubevuln + app.kubernetes.io/component: kubevuln + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 50: | apiVersion: v1 @@ -3103,7 +3139,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -3697,8 +3735,8 @@ all capabilities: namespace: kubescape labels: app: kubevuln-scheduler - kubescape.io/tier: "core" tier: ks-control-plane + kubescape.io/tier: "core" armo.tier: "vuln-scan" spec: schedule: "1 2 3 4 5" @@ -3850,7 +3888,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -4267,7 +4307,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -4282,6 +4324,8 @@ all capabilities: ports: - port: otlp protocol: TCP + - port: otlp-http + protocol: TCP podSelector: matchLabels: app.kubernetes.io/component: otel-collector @@ -4341,7 +4385,9 @@ all capabilities: protocol: TCP targetPort: 4318 selector: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 82: | apiVersion: v1 @@ -4557,7 +4603,9 @@ all capabilities: protocol: TCP targetPort: 8080 selector: - app: prometheus-exporter + app.kubernetes.io/component: prometheus-exporter + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: null 88: | apiVersion: v1 @@ -5141,7 +5189,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -5872,7 +5922,9 @@ all capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator - ports: - port: 1234 protocol: TCP @@ -5943,7 +5995,9 @@ all capabilities: protocol: TCP targetPort: 8089 selector: - app: synchronizer + app.kubernetes.io/component: synchronizer + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 113: | apiVersion: v1 @@ -6306,7 +6360,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator ingress: - from: - podSelector: @@ -6614,7 +6670,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator podSelector: matchLabels: app.kubernetes.io/component: kollector @@ -6909,7 +6967,18 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator + - ports: + - port: 4002 + protocol: TCP + to: + - podSelector: + matchLabels: + app.kubernetes.io/component: operator + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator podSelector: matchLabels: app.kubernetes.io/component: kubescape-scheduler @@ -7503,7 +7572,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator ingress: - from: - podSelector: @@ -7679,6 +7750,7 @@ default capabilities: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kubescape-operator app.kubernetes.io/version: 1.22.4 + armo.tier: vuln-scan helm.sh/chart: kubescape-operator-1.22.4 kubescape.io/ignore: "true" kubescape.io/tier: core @@ -7698,6 +7770,7 @@ default capabilities: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kubescape-operator app.kubernetes.io/version: 1.22.4 + armo.tier: vuln-scan helm.sh/chart: kubescape-operator-1.22.4 kubescape.io/ignore: "true" kubescape.io/tier: core @@ -7779,7 +7852,18 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator + - ports: + - port: 4002 + protocol: TCP + to: + - podSelector: + matchLabels: + app.kubernetes.io/component: operator + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator podSelector: matchLabels: app.kubernetes.io/component: kubevuln-scheduler @@ -8036,7 +8120,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator ingress: - from: - podSelector: @@ -8077,7 +8163,9 @@ default capabilities: protocol: TCP targetPort: 8080 selector: - app: kubevuln + app.kubernetes.io/component: kubevuln + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 40: | apiVersion: v1 @@ -8588,7 +8676,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator podSelector: matchLabels: app.kubernetes.io/component: node-agent @@ -9038,8 +9128,8 @@ default capabilities: namespace: kubescape labels: app: kubevuln-scheduler - kubescape.io/tier: "core" tier: ks-control-plane + kubescape.io/tier: "core" armo.tier: "vuln-scan" spec: schedule: "1 2 3 4 5" @@ -9184,7 +9274,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator ingress: - from: - podSelector: @@ -9563,7 +9655,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator ingress: - from: - podSelector: @@ -9572,6 +9666,8 @@ default capabilities: ports: - port: otlp protocol: TCP + - port: otlp-http + protocol: TCP podSelector: matchLabels: app.kubernetes.io/component: otel-collector @@ -9607,7 +9703,9 @@ default capabilities: protocol: TCP targetPort: 4318 selector: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 65: | apiVersion: v1 @@ -10148,7 +10246,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator podSelector: matchLabels: app.kubernetes.io/component: storage @@ -10832,7 +10932,9 @@ default capabilities: to: - podSelector: matchLabels: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator ingress: - from: - podSelector: @@ -10873,7 +10975,9 @@ default capabilities: protocol: TCP targetPort: 8089 selector: - app: synchronizer + app.kubernetes.io/component: synchronizer + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 87: | apiVersion: v1 @@ -12208,6 +12312,7 @@ disable otel: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kubescape-operator app.kubernetes.io/version: 1.22.4 + armo.tier: vuln-scan helm.sh/chart: kubescape-operator-1.22.4 kubescape.io/ignore: "true" kubescape.io/tier: core @@ -12227,6 +12332,7 @@ disable otel: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: kubescape-operator app.kubernetes.io/version: 1.22.4 + armo.tier: vuln-scan helm.sh/chart: kubescape-operator-1.22.4 kubescape.io/ignore: "true" kubescape.io/tier: core @@ -12497,7 +12603,9 @@ disable otel: protocol: TCP targetPort: 8080 selector: - app: kubevuln + app.kubernetes.io/component: kubevuln + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 30: | apiVersion: v1 @@ -13333,8 +13441,8 @@ disable otel: namespace: kubescape labels: app: kubevuln-scheduler - kubescape.io/tier: "core" tier: ks-control-plane + kubescape.io/tier: "core" armo.tier: "vuln-scan" spec: schedule: "1 2 3 4 5" @@ -13798,7 +13906,9 @@ disable otel: protocol: TCP targetPort: 4318 selector: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 51: | apiVersion: v1 @@ -14914,7 +15024,9 @@ disable otel: protocol: TCP targetPort: 8089 selector: - app: synchronizer + app.kubernetes.io/component: synchronizer + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 70: | apiVersion: v1 @@ -15919,7 +16031,9 @@ minimal capabilities: protocol: TCP targetPort: 8080 selector: - app: kubevuln + app.kubernetes.io/component: kubevuln + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 19: | apiVersion: v1 @@ -16745,8 +16859,8 @@ minimal capabilities: namespace: kubescape labels: app: kubevuln-scheduler - kubescape.io/tier: "core" tier: ks-control-plane + kubescape.io/tier: "core" armo.tier: "vuln-scan" spec: schedule: "1 2 3 4 5" @@ -17151,7 +17265,9 @@ minimal capabilities: protocol: TCP targetPort: 4318 selector: - app: otel-collector + app.kubernetes.io/component: otel-collector + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/name: kubescape-operator type: ClusterIP 40: | apiVersion: v1