diff --git a/charts/castai-kvisor/values.yaml b/charts/castai-kvisor/values.yaml index 3147c06b..b4c17fed 100644 --- a/charts/castai-kvisor/values.yaml +++ b/charts/castai-kvisor/values.yaml @@ -26,7 +26,7 @@ imageScanSecret: "" # Controls `deployment.spec.strategy` field updateStrategy: - type: Recreate + type: RollingUpdate policyEnforcement: enabled: false diff --git a/linters/kubebench/spec/aks.go b/linters/kubebench/spec/aks.go index 2d28a680..5cded547 100644 --- a/linters/kubebench/spec/aks.go +++ b/linters/kubebench/spec/aks.go @@ -29,7 +29,7 @@ func AKS(nodeName, jobName string) *batchv1.Job { Containers: []corev1.Container{ { Name: "kube-bench", - Image: "ghcr.io/castai/kvisor/kube-bench:v0.7.0", + Image: kubeBenchImage, SecurityContext: &corev1.SecurityContext{ ReadOnlyRootFilesystem: lo.ToPtr(true), AllowPrivilegeEscalation: lo.ToPtr(false), diff --git a/linters/kubebench/spec/common.go b/linters/kubebench/spec/common.go new file mode 100644 index 00000000..239b77f8 --- /dev/null +++ b/linters/kubebench/spec/common.go @@ -0,0 +1,3 @@ +package spec + +const kubeBenchImage = "ghcr.io/castai/kvisor/kube-bench:v0.8.0" diff --git a/linters/kubebench/spec/eks.go b/linters/kubebench/spec/eks.go index b96f49ad..5ed5c3bc 100644 --- a/linters/kubebench/spec/eks.go +++ b/linters/kubebench/spec/eks.go @@ -29,7 +29,7 @@ func EKS(nodeName, jobName string) *batchv1.Job { Containers: []corev1.Container{ { Name: "kube-bench", - Image: "ghcr.io/castai/kvisor/kube-bench:v0.7.0", + Image: kubeBenchImage, SecurityContext: &corev1.SecurityContext{ ReadOnlyRootFilesystem: lo.ToPtr(true), AllowPrivilegeEscalation: lo.ToPtr(false), diff --git a/linters/kubebench/spec/gke.go b/linters/kubebench/spec/gke.go index e25b717b..7802dc80 100644 --- a/linters/kubebench/spec/gke.go +++ b/linters/kubebench/spec/gke.go @@ -29,7 +29,7 @@ func GKE(nodeName, jobName string) *batchv1.Job { Containers: []corev1.Container{ { Name: "kube-bench", - Image: "ghcr.io/castai/kvisor/kube-bench:v0.7.0", + Image: kubeBenchImage, SecurityContext: &corev1.SecurityContext{ ReadOnlyRootFilesystem: lo.ToPtr(true), AllowPrivilegeEscalation: lo.ToPtr(false), diff --git a/linters/kubebench/spec/master.go b/linters/kubebench/spec/master.go index 29bb4c67..f0c1ecc1 100644 --- a/linters/kubebench/spec/master.go +++ b/linters/kubebench/spec/master.go @@ -44,7 +44,7 @@ func Master(nodeName, jobName string) *batchv1.Job { Containers: []corev1.Container{ { Name: "kube-bench", - Image: "ghcr.io/castai/kvisor/kube-bench:v0.7.0", + Image: kubeBenchImage, SecurityContext: &corev1.SecurityContext{ ReadOnlyRootFilesystem: lo.ToPtr(true), AllowPrivilegeEscalation: lo.ToPtr(false), diff --git a/linters/kubebench/spec/node.go b/linters/kubebench/spec/node.go index e290d3f1..33794f5b 100644 --- a/linters/kubebench/spec/node.go +++ b/linters/kubebench/spec/node.go @@ -29,7 +29,7 @@ func Node(nodeName, jobName string) *batchv1.Job { Containers: []corev1.Container{ { Name: "kube-bench", - Image: "ghcr.io/castai/kvisor/kube-bench:v0.7.0", + Image: kubeBenchImage, SecurityContext: &corev1.SecurityContext{ ReadOnlyRootFilesystem: lo.ToPtr(true), AllowPrivilegeEscalation: lo.ToPtr(false),