From 8e03039ab001536a8ae6b663ff9774ccbc5a3f5f Mon Sep 17 00:00:00 2001 From: mjshastha <61929310+mjshastha@users.noreply.github.com> Date: Thu, 26 Jun 2025 09:28:49 +0530 Subject: [PATCH] chore: Upgrade default kube-bench and starboard version Upgraded default kube-bench and starboard versions to the latest. --- .../manifests/kube_enforcer/001_kube_enforcer_config.yaml | 6 +++--- .../manifests/kube_enforcer/003_kube_enforcer_deploy.yaml | 2 +- .../kube_enforcer_advanced/001_kube_enforcer_config.yaml | 4 ++-- .../kube_enforcer_advanced/003_kube_enforcer_deploy.yaml | 4 ++-- .../003_kube_enforcer_deploy.yaml | 2 +- .../kube_enforcer_ocp3x/001_kube_enforcer_config.yaml | 6 +++--- .../kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml | 2 +- .../kube_enforcer_trivy/001_kube_enforcer_config.yaml | 2 +- .../manifests/aqua-csp-quick-default-storage.yaml | 8 ++++---- .../manifests/aqua-csp-quick-hostpath.yaml | 8 ++++---- 10 files changed, 22 insertions(+), 22 deletions(-) diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml index 34e98cf4b..1924c8a03 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/001_kube_enforcer_config.yaml @@ -23,7 +23,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.10.7" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.11.1" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -272,7 +272,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" spec: group: aquasecurity.github.io versions: @@ -402,7 +402,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml index d7bfdc172..fcbf9f45d 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer/003_kube_enforcer_deploy.yaml @@ -114,7 +114,7 @@ spec: securityContext: {} containers: - name: operator - image: docker.io/aquasec/starboard-operator:0.15.25 + image: docker.io/aquasec/starboard-operator:0.15.26 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml index be04fded8..f2c26b5a7 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/001_kube_enforcer_config.yaml @@ -409,7 +409,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" spec: group: aquasecurity.github.io versions: @@ -539,7 +539,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml index d8676bab6..9778a6a58 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced/003_kube_enforcer_deploy.yaml @@ -78,7 +78,7 @@ spec: - name: CLUSTER_NAME value: "Default-cluster-name" # Cluster display name in aqua enterprise. - name: AQUA_KB_IMAGE_NAME - value: "registry.aquasec.com/kube-bench:v0.10.7" + value: "registry.aquasec.com/kube-bench:v0.11.1" - name: AQUA_ME_IMAGE_NAME value: "registry.aquasec.com/microenforcer:2022.4" - name: AQUA_KB_ME_REGISTRY_NAME @@ -182,7 +182,7 @@ spec: securityContext: {} containers: - name: operator - image: docker.io/aquasec/starboard-operator:0.15.25 + image: docker.io/aquasec/starboard-operator:0.15.26 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml index 266585f82..a8e427a8a 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_advanced_trivy/003_kube_enforcer_deploy.yaml @@ -78,7 +78,7 @@ spec: - name: CLUSTER_NAME value: "Default-cluster-name" # Cluster display name in aqua enterprise. - name: AQUA_KB_IMAGE_NAME - value: "registry.aquasec.com/kube-bench:v0.10.7" + value: "registry.aquasec.com/kube-bench:v0.11.1" - name: AQUA_ME_IMAGE_NAME value: "registry.aquasec.com/microenforcer:2022.4" - name: AQUA_KB_ME_REGISTRY_NAME diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml index 300c197d4..9950b8808 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/001_kube_enforcer_config.yaml @@ -23,7 +23,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.10.7" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.11.1" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -231,7 +231,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" spec: group: aquasecurity.github.io versions: @@ -362,7 +362,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml index d4ae5a299..50420065f 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_ocp3x/003_kube_enforcer_deploy.yaml @@ -114,7 +114,7 @@ spec: securityContext: {} containers: - name: operator - image: docker.io/aquasec/starboard-operator:0.15.25 + image: docker.io/aquasec/starboard-operator:0.15.26 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml index 9a3190834..bb5547871 100644 --- a/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml +++ b/enforcers/kube_enforcer/kubernetes_and_openshift/manifests/kube_enforcer_trivy/001_kube_enforcer_config.yaml @@ -24,7 +24,7 @@ data: AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_ME_GW_CERT_SECRET_NAME: "" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.10.7" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.11.1" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name diff --git a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml index 3fee53dfa..69ca8951a 100644 --- a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml +++ b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-default-storage.yaml @@ -799,7 +799,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.10.7" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.11.1" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -817,7 +817,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" spec: group: aquasecurity.github.io versions: @@ -925,7 +925,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" --- apiVersion: v1 kind: ServiceAccount @@ -1145,7 +1145,7 @@ spec: securityContext: {} containers: - name: operator - image: docker.io/aquasec/starboard-operator:0.15.25 + image: docker.io/aquasec/starboard-operator:0.15.26 imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml index 94ae9bba2..41361937b 100644 --- a/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml +++ b/quick_start/kubernetes_and_openshift/manifests/aqua-csp-quick-hostpath.yaml @@ -816,7 +816,7 @@ data: # Enable KA policy scanning via starboard AQUA_KAP_ADD_ALL_CONTROL: "true" AQUA_WATCH_CONFIG_AUDIT_REPORT: "true" - AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.10.7" + AQUA_KB_IMAGE_NAME: "registry.aquasec.com/kube-bench:v0.11.1" AQUA_ME_IMAGE_NAME: "registry.aquasec.com/microenforcer:2022.4" AQUA_KB_ME_REGISTRY_NAME: "aqua-registry" AQUA_ENFORCER_DS_NAME: "aqua-agent" #Sets Daemonset name @@ -835,7 +835,7 @@ metadata: name: configauditreports.aquasecurity.github.io labels: app.kubernetes.io/managed-by: starboard - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" spec: group: aquasecurity.github.io versions: @@ -943,7 +943,7 @@ metadata: labels: app.kubernetes.io/name: starboard-operator app.kubernetes.io/instance: starboard-operator - app.kubernetes.io/version: "0.15.25" + app.kubernetes.io/version: "0.15.26" --- apiVersion: v1 kind: ServiceAccount @@ -1163,7 +1163,7 @@ spec: securityContext: {} containers: - name: operator - image: docker.io/aquasec/starboard-operator:0.15.25 + image: docker.io/aquasec/starboard-operator:0.15.26 imagePullPolicy: IfNotPresent securityContext: privileged: false