diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aqua-operator-certified.clusterserviceversion.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aqua-operator-certified.clusterserviceversion.yaml new file mode 100644 index 0000000000..d9bdececd3 --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aqua-operator-certified.clusterserviceversion.yaml @@ -0,0 +1,720 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: aqua-operator.2022.4.424 + namespace: placeholder + annotations: + capabilities: Seamless Upgrades + categories: Security + olm.skipRange: '>=1.0.2 <2022.4.424' + description: The Aqua Security Operator runs within a Openshift cluster and provides a means to deploy and manage Aqua Security cluster and components. + certified: 'true' + containerImage: registry.connect.redhat.com/aquasec/aquasec@sha256:9cc4aad26f6f488c852afc7e470cd896e2579503659fae2eb7c823b74b9c19d3 + createdAt: '' + support: Aqua Security, Inc. + repository: https://github.com/aquasecurity/aqua-operator + alm-examples: |- + [ + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaCsp", + "metadata": { + "name": "aqua", + "namespace": "aqua" + }, + "spec": { + "infra": { + "serviceAccount": "aqua-sa", + "namespace": "aqua", + "version": "2022.4", + "requirements": true + }, + "common": { + "dbDiskSize": 10, + "databaseSecret": { + "key": "db-password", + "name": "aqua-database-password" + } + }, + "database": { + "replicas": 1, + "service": "ClusterIP" + }, + "gateway": { + "replicas": 1, + "service": "ClusterIP" + }, + "server": { + "replicas": 1, + "service": "LoadBalancer" + }, + "route": true, + "runAsNonRoot": false + } + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaDatabase", + "metadata": { + "name": "aqua", + "namespace": "aqua" + }, + "spec": { + "infra": { + "serviceAccount": "aqua-sa", + "version": "2022.4" + }, + "common": { + "splitDB": false + }, + "deploy": { + "replicas": 1, + "service": "ClusterIP" + }, + "diskSize": 10, + "runAsNonRoot": false + } + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaEnforcer", + "metadata": { + "name": "aqua" + }, + "spec": { + "infra": { + "serviceAccount": "aqua-sa", + "version": "2022.4" + }, + "runAsNonRoot": false, + "gateway": { + "host": "aqua-gateway", + "port": 8443 + }, + "token": "<>" + } + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaKubeEnforcer", + "metadata": { + "name": "aqua" + }, + "spec": { + "infra": { + "version": "2022.4", + "serviceAccount": "aqua-kube-enforcer-sa" + }, + "config": { + "gateway_address": "aqua-gateway.aqua:8443", + "cluster_name": "aqua-secure", + "imagePullSecret": "aqua-registry" + }, + "deploy": { + "service": "ClusterIP" + }, + "starboard": { + "infra": { + "serviceAccount": "starboard-operator" + }, + "config": { + "imagePullSecret": "aqua-registry" + }, + "deploy": { + "replicas": 1 + } + }, + "token": "<>" + } + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaGateway", + "metadata": { + "name": "aqua", + "namespace": "aqua" + }, + "spec": { + "infra": { + "serviceAccount": "aqua-sa", + "version": "2022.4" + }, + "common": { + "databaseSecret": { + "name": "<>", + "key": "<>" + }, + "splitDB": false + }, + "externalDb": { + "host": "<>", + "port": "<>", + "username": "<>", + "password": "<>" + }, + "deploy": { + "replicas": 1, + "service": "ClusterIP" + } + }, + "runAsNonRoot": false + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaScanner", + "metadata": { + "name": "aqua", + "namespace": "aqua" + }, + "spec": { + "infra": { + "serviceAccount": "aqua-sa", + "version": "2022.4" + }, + "deploy": { + "replicas": 1 + }, + "runAsNonRoot": false, + "login": { + "username": "<>", + "password": "<>", + "host": "http://aqua-server:8080" + } + } + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaServer", + "metadata": { + "name": "aqua", + "namespace": "aqua" + }, + "spec": { + "infra": { + "serviceAccount": "aqua-sa", + "version": "2022.4" + }, + "common": { + "databaseSecret": { + "name": "<>", + "key": "<>" + }, + "splitDB": false + }, + "externalDb": { + "host": "<>", + "port": "<>", + "username": "<>", + "password": "<>" + }, + "deploy": { + "replicas": 1, + "service": "LoadBalancer" + } + }, + "runAsNonRoot": false + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaLightning", + "metadata": { + "name": "aqua" + }, + "spec": { + "global": { + "gateway_address": "aqua-gateway.aqua:8443", + "cluster_name": "Default-cluster-name" + }, + "common": { + "imagePullSecret": "aqua-registry" + }, + "kubeEnforcer": { + "infra": { + "serviceAccount": "aqua-kube-enforcer-sa" + }, + "token": "<>", + "deploy": { + "service": "ClusterIP" + }, + "starboard": { + "infra": { + "serviceAccount": "aqua-kube-enforcer-sa" + }, + "config": { + "imagePullSecret": "aqua-registry" + }, + "deploy": { + "replicas": 1 + } + }, + "env": [] + }, + "enforcer": { + "infra": { + "serviceAccount": "aqua-sa", + "version": "2022.4" + }, + "deploy": null, + "token": "<>", + "env": [ + ], + "secret": { + "name": null, + "key": null + }, + "runAsNonRoot": null, + "rhcosVersion": null + } + } + }, + { + "apiVersion": "operator.aquasec.com/v1alpha1", + "kind": "AquaCloudConnector", + "metadata": { + "name": "aqua" + }, + "spec": { + "infra": { + "serviceAccount": "aqua-sa", + "version": "2022.4" + }, + "common": { + "imagePullSecret": "aqua-registry" + }, + "deploy": { + "replicas": 1 + }, + "runAsNonRoot": false, + "gateway": { + "host": "aqua-gateway", + "port": "8443" + }, + "login": { + "host": "aqua-gateway:8443", + "password": "<>", + "token": "<>", + "username": "<>" + }, + "tunnels": [ + { + "host": ".azurecr.io", + "port": "443" + }, + { + "host": "gke.gcr.io", + "port": "443" + }, + { + "host": ".jfrog.io", + "port": "443" + }, + { + "host": "1.1.1.1", + "port": "443" + }, + { + "region": "us-east1", + "type": "ecr" + } + ] + } + } + ] + operators.operatorframework.io/internal-objects: '["aquastarboards.aquasecurity.github.io","configauditreports.aquasecurity.github.io", "clusterconfigauditreports.aquasecurity.github.io"]' +spec: + displayName: Aqua Security Operator + version: 2022.4.424 + description: |- + The Aqua Security Operator runs within an OpenShift cluster and provides a means to deploy and manage the Aqua Security cluster and components : + * Server (aka “console”) + * Database (for production environments we recommend to use an external database and not the Aqua default database) + * Gateway + * Enforcer (aka “agent”) + * KubeEnforcer + * Scanner + * CSP (package that contains the Server, Database, and Gateway) + * LightningEnforcer (package that contains Enforcer and Kube Enforcer) - Do not deploy using Certified Operator. + * AquaCloudConnector. + + Use the Aqua-Operator to + * Deploy Aqua Security components on OpenShift + * Scale up Aqua Security components with extra replicas + * Assign metadata tags to Aqua Security components + + The Aqua Operator provides a few [Custom Resources](https://github.com/aquasecurity/aqua-operator/tree/master/deploy/crds) for managing the Aqua CSP platform. + + ## Prerequisites + + There are only 3 prerequisites: + 1. Make sure you have a license and to obtain one, please contact Aqua Security at [Contact Us](mailto:cloudsales@aquasec.com). + 2. Create a new project for aqua + + ```oc new-project aqua``` + + 3. Create the secret for Aqua Database password. If you are using an External Database, make sure you use those credentials. + NOTE: This step is optional and you can specify the Database password when creating the CRs. + + ```oc create secret generic aqua-database-password --from-literal=db-password= -n aqua``` + + Please note that for the certified operator, the Docker registry secret is NOT needed. For the Red Hat certified operator, the Aqua application images are stored in the Red Hat Connect registry and will be automatically pulled by the Aqua operator. + + ## Choosing the right channel + + Channels are a flexible publishing mechanism that offers you three different Aqua versions to deploy, at any point. These channels map to their respective Aqua versions, describing the maturity based on where they are in their lifecycle: + * 4.6: This maps to the older version of Aqua 4.6.0 + * 5.0: This maps to the Aqua version 5.0.0 + * 5.3: This maps to the Aqua version 5.3.0 + * 6.0: This maps to the Aqua version 6.0.0 + * 6.2: This maps to the Aqua version 6.2.0 + * 6.5: This maps to the Aqua version 6.5.0 + * 2022.4: This is the latest and greatest version of Aqua (default) + + ## Deploying the Aqua Operator + + Aqua Operator follows an easy push button deployment that installs the operator in its own aqua namespace. + Please refer to the instructions [here](https://github.com/aquasecurity/aqua-operator/blob/2022.4.0/docs/DeployOpenShiftOperator.md). + + ## Configuring the Aqua Operator + + Operators leverage CRDs as a configuration mechanism for the application. Aqua offers a number of CRDs that can be tweaked and configured as per your needs. Please refer to this [link](https://github.com/aquasecurity/aqua-operator/blob/6.2.0/docs/DeployOpenShiftOperator.md#aquacsp-crds) for Custom Resource examples for popular scenarios. + + ## Support + + For support please contact support@aquasec.com. + keywords: + - aqua-security + - scanning + - security + - runtime-security + maintainers: + - email: support@aquasec.com + name: Aqua Support, Aqua Security + provider: + name: Aqua Security, Inc. + maturity: alpha + labels: + name: aqua-operator + selector: + matchLabels: + name: aqua-operator + links: + - name: Aqua Security + url: https://www.aquasec.com/ + - name: Aqua Operator Github + url: https://github.com/aquasecurity/aqua-operator + icon: + - base64data: PHN2ZyB3aWR0aD0iMTUwIiBoZWlnaHQ9IjE1MCIgdmlld0JveD0iMCAwIDE1MCAxNTAiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMCkiPgo8cGF0aCBkPSJNMTE2LjQ1OCAwLjcwMDkyOEg2NC4xNzA2QzYxLjkyMyAwLjcwMDkyOCA1OS43Njg4IDEuNTg1NzggNTguMTc5MSAzLjE2MzI2TDM2LjAxMjkgMjUuMTU4NUMzNS4xNTc5IDI2LjAwNjkgMzQuMjk5NiAyNi44NTg2IDM0LjI5OTYgMjguODk2OEMzNC4yOTk2IDI4Ljg5NjggMzQuMjk5NiAzMy45OTM3IDM5LjA5MjIgMzMuOTkzN0gxMTYuNDU4VjAuNzAwOTI4WiIgZmlsbD0iI0ZGQzkwMCIvPgo8cGF0aCBvcGFjaXR5PSIwLjg5IiBkPSJNODIuOTM3IDMzLjk5MzdIMTE2LjQ1OFYwLjcwMDkyOEw4Mi45MzcgMzMuOTkzN1oiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcikiLz4KPHBhdGggZD0iTTExNi40NTggMC43MDA5MjhMODIuOTM3IDMzLjk5MzdIMTE2LjQ1OFYwLjcwMDkyOFoiIGZpbGw9InVybCgjcGFpbnQxX2xpbmVhcikiLz4KPHBhdGggZD0iTTE0OS4xNTIgMy40OTc5N0MxNDguMiAxLjg3NDA5IDE0Ni4xNDYgMC42Njc3ODMgMTQ0LjE0MiAwLjcwMDkyM0gxMTYuNDU4QzExNi40NTggMC43MDA5MjMgMTE2LjQ1OCA4OC4yMDE1IDExNi40NTggMTEwLjc2M0MxMTYuNDU4IDExNS41MTkgMTIxLjM0MSAxMTUuNTE5IDEyMS41OTggMTE1LjUxOUMxMjMuNjUyIDExNS41MTkgMTI0LjUxMSAxMTQuNjcxIDEyNS4zNjYgMTEzLjgxOUwxNDcuNTMyIDkxLjgyMzdDMTQ5LjEyMiA5MC4yNDYyIDE0OS45OTcgODguMTA4NyAxNDkuOTk3IDg1Ljg3ODNWNi4xMTkzOEMxNTAgNS4yMjQ1OSAxNDkuNjYzIDQuMzMzMTEgMTQ5LjE1MiAzLjQ5Nzk3WiIgZmlsbD0iI0ZGNDQ1RiIvPgo8cGF0aCBkPSJNMzMuNjEzNCAxMTYuMzY3VjM5LjQwODlDMzMuNjEzNCAzNC42NCAyOC40NjM0IDM0LjY0IDI4LjQ2MzQgMzQuNjRDMjYuNDAyNyAzNC42NCAyNS41NDc4IDM1LjQ5MTcgMjQuNjg5NCAzNi4zNDM0TDIuNDY2NDcgNTguMzk1QzAuODczMzk0IDU5Ljk3MjUgMC4wMDE3MDg5OCA2Mi4xMTY2IDAuMDAxNzA4OTggNjQuMzUzNlYxMTYuMzY3SDMzLjYxMzRaIiBmaWxsPSIjMDhCMUQ1Ii8+CjxwYXRoIG9wYWNpdHk9IjAuODIiIGQ9Ik0wIDExNi4zNjdMMzMuNjExNiA4My4wMTgyVjExNi4zNjdIMFoiIGZpbGw9InVybCgjcGFpbnQyX2xpbmVhcikiLz4KPHBhdGggZD0iTTAgMTE2LjM2N0wzMy42MTE2IDgzLjAxODJWMTE2LjM2N0gwWiIgZmlsbD0idXJsKCNwYWludDNfbGluZWFyKSIvPgo8cGF0aCBkPSJNMi44NDU1NSAxNDguNTRDMS4yMDIzNyAxNDcuNTk2IC0wLjAzMDAwODIgMTQ1LjU1MSA0Ljk5MTYzZS0wNSAxNDMuNTYyVjExNi4zNjdDNC45OTE2M2UtMDUgMTE2LjM2NyA4OC41NjEzIDExNi4zNjcgMTExLjE3MiAxMTYuMzY3QzExNS45NzggMTE2LjM2NyAxMTUuOTgxIDEyMC43NjUgMTE1Ljk4MSAxMjEuMDI0QzExNS45ODQgMTIzLjA2OCAxMTUuMTI2IDEyMy45MiAxMTQuMjY4IDEyNC43NzJMOTIuMDQ4IDE0Ni44MkM5MC40NTQ5IDE0OC40MDQgODguMzIwOCAxNDkuMzAyIDg2LjA2OTggMTQ5LjMwMkg1LjQ5NEM0LjU5MjI2IDE0OS4yOTkgMy42ODcxOCAxNDkuMDQ3IDIuODQ1NTUgMTQ4LjU0WiIgZmlsbD0iIzE5MDREQSIvPgo8L2c+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXIiIHgxPSI5My4wMTU3IiB5MT0iNDAuNjExIiB4Mj0iMTI0Ljk0NCIgeTI9IjguNDM0MzYiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0ZGNDQ1RiIgc3RvcC1vcGFjaXR5PSIwIi8+CjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI0ZGNDQ1RiIgc3RvcC1vcGFjaXR5PSIwLjMiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDFfbGluZWFyIiB4MT0iMTE2LjQ1OCIgeTE9IjE3LjM0OTQiIHgyPSI4Mi45MzU1IiB5Mj0iMTcuMzQ5NCIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjRkY0NDVGIiBzdG9wLW9wYWNpdHk9IjAuNCIvPgo8c3RvcCBvZmZzZXQ9IjAuMDA3NjE2ODIiIHN0b3AtY29sb3I9IiNGRjQ0NUYiIHN0b3Atb3BhY2l0eT0iMC4zODczIi8+CjxzdG9wIG9mZnNldD0iMC4yNDA2IiBzdG9wLWNvbG9yPSIjRkY0NDVGIiBzdG9wLW9wYWNpdHk9IjAiLz4KPC9saW5lYXJHcmFkaWVudD4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDJfbGluZWFyIiB4MT0iNi42MzY0NiIgeTE9IjEyNi4zMzciIHgyPSI0MC43ODE4IiB5Mj0iOTIuMDg0NiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMTkwNERBIiBzdG9wLW9wYWNpdHk9IjAuMiIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiMxOTA0REEiIHN0b3Atb3BhY2l0eT0iMCIvPgo8L2xpbmVhckdyYWRpZW50Pgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50M19saW5lYXIiIHgxPSIxNi44MDYiIHkxPSIxMTYuMzY2IiB4Mj0iMTYuODA2IiB5Mj0iODMuMDE5NiIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgo8c3RvcCBzdG9wLWNvbG9yPSIjMTkwNERBIiBzdG9wLW9wYWNpdHk9IjAuMyIvPgo8c3RvcCBvZmZzZXQ9IjAuMDA3NjE2ODIiIHN0b3AtY29sb3I9IiMxOTA0REEiIHN0b3Atb3BhY2l0eT0iMC4yOTA1Ii8+CjxzdG9wIG9mZnNldD0iMC4yNDA2IiBzdG9wLWNvbG9yPSIjMTkwNERBIiBzdG9wLW9wYWNpdHk9IjAiLz4KPC9saW5lYXJHcmFkaWVudD4KPGNsaXBQYXRoIGlkPSJjbGlwMCI+CjxyZWN0IHdpZHRoPSIxNTAiIGhlaWdodD0iMTQ4LjU5OCIgZmlsbD0id2hpdGUiIHRyYW5zZm9ybT0idHJhbnNsYXRlKDAgMC43MDA5MjgpIi8+CjwvY2xpcFBhdGg+CjwvZGVmcz4KPC9zdmc+Cg== + mediatype: image/svg+xml + miniKubeVersion: 1.11.0 + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + install: + strategy: deployment + spec: + clusterPermissions: + - serviceAccountName: aqua-sa + rules: + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - aqua-scc + - privileged + - hostaccess + - serviceAccountName: aqua-kube-enforcer-sa + rules: + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - aqua-scc + - privileged + - hostaccess + - serviceAccountName: aqua-operator + rules: + - apiGroups: + - '' + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + - nodes + - route + verbs: + - '*' + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + - extensions + resources: + - '*' + - deployments + - daemonsets + - replicasets + - statefulsets + - podsecuritypolicies + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - operator.aquasec.com + resources: + - '*' + - aquagateways + - aquaservers + - aquacsps + - aquaenforcers + - aquascanners + - aquakubeenforcers + - aqualightnings + - aquacloudconnectors + verbs: + - '*' + - apiGroups: + - aquasecurity.github.io + resources: + - '*' + - aquastarboards + - configauditreports + - clusterconfigauditreports + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + - authorization.k8s.io + resources: + - '*' + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - policy + resources: + - '*' + - podsecuritypolicies + verbs: + - '*' + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - '*' + - route + verbs: + - '*' + - apiGroups: + - coordination.k8s.io + resources: + - '*' + - leases + verbs: + - '*' + deployments: + - name: aqua-operator + spec: + replicas: 1 + selector: + matchLabels: + name: aqua-operator + template: + metadata: + labels: + name: aqua-operator + spec: + serviceAccountName: aqua-operator + containers: + - name: aqua-operator + image: registry.connect.redhat.com/aquasec/aquasec@sha256:9cc4aad26f6f488c852afc7e470cd896e2579503659fae2eb7c823b74b9c19d3 + imagePullPolicy: Always + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: aqua-operator + - name: CERTIFIED_MARKETPLACE + value: 'true' + - name: RELATED_IMAGE_DATABASE + value: registry.connect.redhat.com/aquasec/database@sha256:c91ae82b0179c3ec4e156835a9f23b66767ba15514ff33fb268b35d8f04d6fde + - name: RELATED_IMAGE_GATEWAY + value: registry.connect.redhat.com/aquasec/gateway@sha256:47897a1ba551ab7b836f2b9b70c55cd96afb9168d6e02417b08f84494f75e3a9 + - name: RELATED_IMAGE_SERVER + value: registry.connect.redhat.com/aquasec/console@sha256:39e3126b1199e6ceb40b666589f9647167ab858626185ab43fbf6f1ce14b47c0 + - name: RELATED_IMAGE_SCANNER + value: registry.connect.redhat.com/aquasec/scanner@sha256:f2fe267f0850e2992a19dcacd49f126206c4e0f1d4985f2fc124e59f8b7d4cd3 + - name: RELATED_IMAGE_ENFORCER + value: registry.connect.redhat.com/aquasec/enforcer@sha256:969e63fa93425e156d3ae27182cfdac71c6caadf4b016a5ed734915655a4bee2 + - name: RELATED_IMAGE_KUBE_ENFORCER + value: registry.connect.redhat.com/aquasec/kube-enforcer@sha256:777ed32d518fbb7bc50b7aa980ac362970160591b12ab284d595f766557e663a + - name: RELATED_IMAGE_KUBE_BENCH + value: registry.connect.redhat.com/aquasec/kube-bench@sha256:729d11954ead9df360e33c9c45c47b6d0c76f3c08636c4708a3c1c03fa2fa447 + - name: RELATED_IMAGE_STARBOARD + value: registry.connect.redhat.com/aquasec/starboard@sha256:16bca28906ae290101b1dd38be12753b228843dee00a6e7a21f9655d1e241eaf + - name: RELATED_IMAGE_CLOUD_CONNECTOR + value: registry.connect.redhat.com/aquasec/cloud-connector@sha256:b0c62ad16430e82cff1848e0a6db995eec3d380c5d0c1d8161aea4b076420fde + ports: + - containerPort: 60000 + name: metrics + permissions: + - serviceAccountName: aqua-operator + rules: + - apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + customresourcedefinitions: + owned: + - kind: AquaCsp + name: aquacsps.operator.aquasec.com + version: v1alpha1 + displayName: AquaCsp + description: Aqua Security CSP Deployment with Aqua Operator + - kind: AquaLightning + description: Aqua Lightning Enforcers Deployment with Aqua Operator + displayName: AquaLightningEnforcers + name: aqualightnings.operator.aquasec.com + version: v1alpha1 + - kind: AquaDatabase + name: aquadatabases.operator.aquasec.com + version: v1alpha1 + displayName: AquaDatabase + description: Aqua Security Database Deployment with Aqua Operator + - kind: AquaEnforcer + name: aquaenforcers.operator.aquasec.com + version: v1alpha1 + displayName: AquaEnforcer + description: Aqua Security Enforcer Deployment with Aqua Operator + - kind: AquaKubeEnforcer + name: aquakubeenforcers.operator.aquasec.com + version: v1alpha1 + displayName: AquaKubeEnforcer + description: Aqua Security KubeEnforcer Deployment with Aqua Operator + - kind: AquaGateway + name: aquagateways.operator.aquasec.com + version: v1alpha1 + displayName: AquaGateway + description: Aqua Security Gateway Deployment with Aqua Operator + - kind: AquaScanner + name: aquascanners.operator.aquasec.com + version: v1alpha1 + displayName: AquaScanner + description: Aqua Security Scanner Deployment with Aqua Operator + - kind: AquaServer + name: aquaservers.operator.aquasec.com + version: v1alpha1 + displayName: AquaServer + description: Aqua Security Server Deployment with Aqua Operator + - kind: AquaStarboard + name: aquastarboards.aquasecurity.github.io + version: v1alpha1 + displayName: AquaStarboard + description: Aqua Starboard for kube-enforcer. + group: aquakubeenforcers.operator.aquasec.com + - kind: AquaCloudConnector + description: Aqua Cloud Connector Deployment with Aqua Operator + displayName: AquaCloudConnector + name: aquacloudconnectors.operator.aquasec.com + version: v1alpha1 + - kind: ClusterConfigAuditReport + name: clusterconfigauditreports.aquasecurity.github.io + version: v1alpha1 + displayName: ClusterConfigAuditReport + description: For Aqua Starboard. + group: aquakubeenforcers.operator.aquasec.com + - kind: ConfigAuditReport + name: configauditreports.aquasecurity.github.io + version: v1alpha1 + displayName: ConfigAuditReport + description: For Aqua Starboard. + group: aquakubeenforcers.operator.aquasec.com + relatedImages: + - name: aquasec + image: registry.connect.redhat.com/aquasec/aquasec@sha256:9cc4aad26f6f488c852afc7e470cd896e2579503659fae2eb7c823b74b9c19d3 + - name: console + image: registry.connect.redhat.com/aquasec/console@sha256:39e3126b1199e6ceb40b666589f9647167ab858626185ab43fbf6f1ce14b47c0 + - name: gateway + image: registry.connect.redhat.com/aquasec/gateway@sha256:47897a1ba551ab7b836f2b9b70c55cd96afb9168d6e02417b08f84494f75e3a9 + - name: enforcer + image: registry.connect.redhat.com/aquasec/enforcer@sha256:969e63fa93425e156d3ae27182cfdac71c6caadf4b016a5ed734915655a4bee2 + - name: scanner + image: registry.connect.redhat.com/aquasec/scanner@sha256:f2fe267f0850e2992a19dcacd49f126206c4e0f1d4985f2fc124e59f8b7d4cd3 + - name: kube-enforcer + image: registry.connect.redhat.com/aquasec/kube-enforcer@sha256:777ed32d518fbb7bc50b7aa980ac362970160591b12ab284d595f766557e663a + - name: kube-bench + image: registry.connect.redhat.com/aquasec/kube-bench@sha256:729d11954ead9df360e33c9c45c47b6d0c76f3c08636c4708a3c1c03fa2fa447 + - name: starboard + image: registry.connect.redhat.com/aquasec/starboard@sha256:16bca28906ae290101b1dd38be12753b228843dee00a6e7a21f9655d1e241eaf + - name: cloud-connector + image: registry.connect.redhat.com/aquasec/cloud-connector@sha256:b0c62ad16430e82cff1848e0a6db995eec3d380c5d0c1d8161aea4b076420fde + - name: database + image: registry.connect.redhat.com/aquasec/database@sha256:c91ae82b0179c3ec4e156835a9f23b66767ba15514ff33fb268b35d8f04d6fde diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquacloudconnectors.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquacloudconnectors.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..72ef89e1e4 --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquacloudconnectors.operator.aquasec.com.crd.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquacloudconnectors.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaCloudConnector + listKind: AquaCloudConnectorList + plural: aquacloudconnectors + singular: aquacloudconnector + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Replicas + type: integer + description: Replicas Number + jsonPath: .spec.deploy.replicas + - name: Age + type: date + description: Aqua Cloud Connector Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Cloud Connector status + jsonPath: .status.state + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquacsps.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquacsps.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..faf86e410a --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquacsps.operator.aquasec.com.crd.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquacsps.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaCsp + listKind: AquaCspList + plural: aquacsps + singular: aquacsp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Age + type: date + description: Aqua Csp Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Csp status + jsonPath: .status.state + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquadatabases.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquadatabases.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..6769e51437 --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquadatabases.operator.aquasec.com.crd.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquadatabases.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaDatabase + listKind: AquaDatabaseList + plural: aquadatabases + singular: aquadatabase + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Replicas + type: integer + description: Replicas Number + jsonPath: .spec.deploy.replicas + - name: Age + type: date + description: Aqua Database Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Database status + jsonPath: .status.state + - name: Nodes + type: string + description: List Of Nodes (Pods) + jsonPath: .status.nodes + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquaenforcers.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquaenforcers.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..5214b0f31a --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquaenforcers.operator.aquasec.com.crd.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquaenforcers.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaEnforcer + listKind: AquaEnforcerList + plural: aquaenforcers + singular: aquaenforcer + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Replicas + type: integer + description: Replicas Number + jsonPath: .spec.deploy.replicas + - name: Age + type: date + description: Aqua Enforcer Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Enforcer status + jsonPath: .status.state + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquagateways.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquagateways.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..c7fabaf40f --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquagateways.operator.aquasec.com.crd.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquagateways.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaGateway + listKind: AquaGatewayList + plural: aquagateways + singular: aquagateway + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Replicas + type: integer + description: Replicas Number + jsonPath: .spec.deploy.replicas + - name: Age + type: date + description: Aqua Gateway Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Gateway status + jsonPath: .status.state + - name: Nodes + type: string + description: List Of Nodes (Pods) + jsonPath: .status.nodes + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquakubeenforcers.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquakubeenforcers.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..80709770fd --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquakubeenforcers.operator.aquasec.com.crd.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquakubeenforcers.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaKubeEnforcer + listKind: AquaKubeEnforcerList + plural: aquakubeenforcers + singular: aquakubeenforcer + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Status + type: string + description: Aqua KubeEnforcer status + jsonPath: .status.state + - name: Age + type: date + description: Aqua KubeEnforcer Age + jsonPath: .metadata.creationTimestamp + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aqualightnings.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aqualightnings.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..42180b33f1 --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aqualightnings.operator.aquasec.com.crd.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aqualightnings.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaLightning + listKind: AquaLightningList + plural: aqualightnings + singular: aqualightning + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Status + type: string + description: Aqua Lightning status + jsonPath: .status.state + - name: Age + type: date + description: Aqua Lightning Age + jsonPath: .metadata.creationTimestamp + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquascanners.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquascanners.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..0831956a48 --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquascanners.operator.aquasec.com.crd.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquascanners.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaScanner + listKind: AquaScannerList + plural: aquascanners + singular: aquascanner + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Replicas + type: integer + description: Replicas Number + jsonPath: .spec.deploy.replicas + - name: Age + type: date + description: Aqua Scanner Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Scanner status + jsonPath: .status.state + - name: Nodes + type: string + description: List Of Nodes (Pods) + jsonPath: .status.nodes + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquaservers.operator.aquasec.com.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquaservers.operator.aquasec.com.crd.yaml new file mode 100644 index 0000000000..60f369eedc --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquaservers.operator.aquasec.com.crd.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquaservers.operator.aquasec.com +spec: + group: operator.aquasec.com + names: + kind: AquaServer + listKind: AquaServerList + plural: aquaservers + singular: aquaserver + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Replicas + type: integer + description: Replicas Number + jsonPath: .spec.deploy.replicas + - name: Age + type: date + description: Aqua Server Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Server status + jsonPath: .status.state + - name: Nodes + type: string + description: List Of Nodes (Pods) + jsonPath: .status.nodes + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/aquastarboards.aquasecurity.github.io.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/aquastarboards.aquasecurity.github.io.crd.yaml new file mode 100644 index 0000000000..84b064266f --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/aquastarboards.aquasecurity.github.io.crd.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: aquastarboards.aquasecurity.github.io +spec: + group: aquasecurity.github.io + names: + kind: AquaStarboard + listKind: AquaStarboardList + plural: aquastarboards + singular: aquastarboard + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Replicas + type: integer + description: Replicas Number + jsonPath: .spec.deploy.replicas + - name: Age + type: date + description: Aqua Starboard Age + jsonPath: .metadata.creationTimestamp + - name: Status + type: string + description: Aqua Starboard status + jsonPath: .status.state + - name: Nodes + type: string + description: List Of Nodes (Pods) + jsonPath: .status.nodes + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/clusterconfigauditreports.aquasecurity.github.io.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/clusterconfigauditreports.aquasecurity.github.io.crd.yaml new file mode 100644 index 0000000000..a2eca4c84d --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/clusterconfigauditreports.aquasecurity.github.io.crd.yaml @@ -0,0 +1,51 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterconfigauditreports.aquasecurity.github.io + labels: + app.kubernetes.io/managed-by: starboard +spec: + group: aquasecurity.github.io + names: + kind: ClusterConfigAuditReport + listKind: ClusterConfigAuditReportList + plural: clusterconfigauditreports + singular: clusterconfigauditreport + categories: [] + shortNames: + - clusterconfigaudit + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Scanner + type: string + description: The name of the config audit scanner + jsonPath: .report.scanner.name + - name: Age + type: date + description: The age of the report + jsonPath: .metadata.creationTimestamp + - name: Danger + type: integer + priority: 1 + description: The number of checks that failed with Danger status + jsonPath: .report.summary.dangerCount + - name: Warning + type: integer + priority: 1 + description: The number of checks that failed with Warning status + jsonPath: .report.summary.warningCount + - name: Pass + type: integer + priority: 1 + description: The number of checks that passed + jsonPath: .report.summary.passCount + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/manifests/configauditreports.aquasecurity.github.io.crd.yaml b/operators/aqua-operator-certified/2022.4.424/manifests/configauditreports.aquasecurity.github.io.crd.yaml new file mode 100644 index 0000000000..39ea3b2c62 --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/manifests/configauditreports.aquasecurity.github.io.crd.yaml @@ -0,0 +1,51 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: configauditreports.aquasecurity.github.io + labels: + app.kubernetes.io/managed-by: starboard +spec: + group: aquasecurity.github.io + names: + kind: ConfigAuditReport + listKind: ConfigAuditReportList + plural: configauditreports + singular: configauditreport + categories: [] + shortNames: + - configaudit + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + additionalPrinterColumns: + - name: Scanner + type: string + description: The name of the config audit scanner + jsonPath: .report.scanner.name + - name: Age + type: date + description: The age of the report + jsonPath: .metadata.creationTimestamp + - name: Danger + type: integer + priority: 1 + description: The number of checks that failed with Danger status + jsonPath: .report.summary.dangerCount + - name: Warning + type: integer + priority: 1 + description: The number of checks that failed with Warning status + jsonPath: .report.summary.warningCount + - name: Pass + type: integer + priority: 1 + description: The number of checks that passed + jsonPath: .report.summary.passCount + served: true + storage: true + subresources: + status: {} diff --git a/operators/aqua-operator-certified/2022.4.424/metadata/annotations.yaml b/operators/aqua-operator-certified/2022.4.424/metadata/annotations.yaml new file mode 100644 index 0000000000..9a25d8afc2 --- /dev/null +++ b/operators/aqua-operator-certified/2022.4.424/metadata/annotations.yaml @@ -0,0 +1,11 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.channels.v1: "2022.4" + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: aqua-operator-certified + operators.operatorframework.io.bundle.channel.default.v1: "2022.4" + + # Annotations to specify OCP versions compatibility. + com.redhat.openshift.versions: v4.6-v4.13