diff --git a/charts/popeye/Chart.yaml b/charts/popeye/Chart.yaml index 681c3bfb..00e8500d 100644 --- a/charts/popeye/Chart.yaml +++ b/charts/popeye/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: popeye description: Popeye - A Kubernetes Cluster Sanitizer type: application -version: 1.4.6 -appVersion: "v0.11.3" +version: 2.0.0 +appVersion: "v0.20.0" home: https://github.com/christianknell/helm-charts icon: https://raw.githubusercontent.com/derailed/popeye/master/assets/popeye_logo.png maintainers: @@ -15,7 +15,7 @@ annotations: artifacthub.io/category: security artifacthub.io/changes: | - kind: changed - description: bumped image version to v0.11.3 + description: bumped image version to v0.20.0 artifacthub.io/screenshots: | - title: Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. url: https://popeyecli.io/assets/d_score.png diff --git a/charts/popeye/README.md b/charts/popeye/README.md index 7a56602b..d8552354 100644 --- a/charts/popeye/README.md +++ b/charts/popeye/README.md @@ -60,11 +60,11 @@ The command removes all the Kubernetes components associated with the chart and | cronJob.s3.endpoint | string | `""` | example endpoint: "https://s3.us-east-1.amazonaws.com" | | cronJob.s3.region | string | `""` | example region: "us-east-1" | | cronJob.schedule | string | `"* */1 * * *"` | | -| cronJob.spinachConfiguration | string | `nil` | | +| cronJob.spinachConfiguration | string | `""` | | | fullnameOverride | string | `""` | String to fully override `"popeye.fullname"` | | image.pullPolicy | string | `"Always"` | image pull policy | | image.repository | string | `"derailed/popeye"` | image repository | -| image.tag | string | `"v0.11.3"` | Overrides the image tag | +| image.tag | string | `"v0.20.0"` | Overrides the image tag | | imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. | | nameOverride | string | `""` | Provide a name in place of `popeye` | | nodeSelector | object | `{}` | Node labels for pod assignment | @@ -84,3 +84,9 @@ Alternatively, a YAML file that specifies the values for the parameters can be p ```console helm install my-release -f values.yaml christianknell/popeye ``` + +## Upgrading the Chart + +### To 2.0.0 + +This major upgrades the Docker Image to v0.20.0. This new version contains breaking changes in the SpinachYAML configuration. See [here](SpinachYAML configuration ) for more information. diff --git a/charts/popeye/README.md.gotmpl b/charts/popeye/README.md.gotmpl index d35fa3ea..85936106 100644 --- a/charts/popeye/README.md.gotmpl +++ b/charts/popeye/README.md.gotmpl @@ -50,3 +50,9 @@ Alternatively, a YAML file that specifies the values for the parameters can be p ```console helm install my-release -f values.yaml christianknell/popeye ``` + +## Upgrading the Chart + +### To 2.0.0 + +This major upgrades the Docker Image to v0.20.0. This new version contains breaking changes in the SpinachYAML configuration. See [here](SpinachYAML configuration ) for more information. diff --git a/charts/popeye/values.schema.json b/charts/popeye/values.schema.json index 2d37f886..023e4423 100644 --- a/charts/popeye/values.schema.json +++ b/charts/popeye/values.schema.json @@ -68,7 +68,7 @@ "type": "string" }, "spinachConfiguration": { - "type": "null" + "type": "object" } } }, diff --git a/charts/popeye/values.yaml b/charts/popeye/values.yaml index a87ff341..b3294bdd 100644 --- a/charts/popeye/values.yaml +++ b/charts/popeye/values.yaml @@ -9,7 +9,7 @@ image: # -- image pull policy pullPolicy: Always # -- Overrides the image tag - tag: "v0.11.3" + tag: "v0.20.0" # -- If defined, uses a Secret to pull an image from a private Docker registry or repository. imagePullSecrets: [] @@ -80,34 +80,59 @@ cronJob: # -- example region: "us-east-1" region: "" schedule: "* */1 * * *" - spinachConfiguration: + spinachConfiguration: {} # # A Popeye sample configuration file # popeye: - # # Checks resources against reported metrics usage. - # # If over/under these thresholds a sanitization warning will be issued. - # # Your cluster must run a metrics-server for these to take place! # allocations: # cpu: - # underPercUtilization: 200 # Checks if cpu is under allocated by more than 200% at current load. - # overPercUtilization: 50 # Checks if cpu is over allocated by more than 50% at current load. + # underPercUtilization: 200 + # overPercUtilization: 50 # memory: - # underPercUtilization: 200 # Checks if mem is under allocated by more than 200% at current load. - # overPercUtilization: 50 # Checks if mem is over allocated by more than 50% usage at current load. - # # Configure node resources. - # node: - # # Limits set a cpu/mem threshold in % ie if cpu|mem > limit a lint warning is triggered. - # limits: - # # CPU checks if current CPU utilization on a node is greater than 90%. - # cpu: 90 - # # Memory checks if current Memory utilization on a node is greater than 80%. - # memory: 80 - # # Configure pod resources - # pod: - # # Restarts check the restarts count and triggers a lint warning if above threshold. - # restarts: - # 3 - # # Check container resource utilization in percent. - # # Issues a lint warning if about these threshold. - # limits: - # cpu: 80 - # memory: 75 + # underPercUtilization: 200 + # overPercUtilization: 50 + # # [!!NEW!!] Specify global exclusions for fqn, codes, labels, annotations + # excludes: + # global: + # # Exclude kube-system ns for all linters. + # fqns: [rx:^kube-system] + # # Exclude these workload labels for all linters. + # labels: + # app: [blee, bozo] + # # [!!NEW!!] Linters exclude section + # linters: + # # [!!NEW!!] use the R from GVR resource specification to name the linter + # statefulsets: + # # [!!NEW!!] Exclude codes via regexp ie skip 101, 1000,... + # codes: ["rx:^10"] + # instances: + # # Skip scan for a particular FQN aka namespace/res-name + # - fqns: [default/prom-alertmanager] + # codes: [106] + # pods: + # codes: ["306", "rx:^11"] + # instances: + # - fqns: [rx:^default/prom] + # - fqns: [rx:^default/graf] + # # [!!NEW!!] Skip using either labels or annotations and/or specific codes + # - labels: + # app: [blee, blah, zorg] + # codes: [300] + # - fqns: [rx:^default/pappi] + # codes: [300, 102, 306] + # containers: [c1] + # resources: + # node: + # limits: + # cpu: 90 + # memory: 80 + # pod: + # limits: + # cpu: 80 + # memory: 75 + # restarts: 3 + # overrides: + # - code: 1502 + # severity: 3 + # registries: + # - quay2.io + # - docker1.io