Revert "remove continuous scanning config"

This reverts commit 37cf5dd.

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>

charts/kubescape-operator/templates/_common.tpl

@@ -8,6 +8,7 @@ capabilitiesConfig: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.g
 cloudConfig: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.global.configMapsDirectory "cloudapi-configmap.yaml") . | sha256sum }}
 cloudSecret: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.global.configMapsDirectory "cloud-secret.yaml" ) . | sha256sum }}
 hostScannerConfig: {{ include (printf "%s/kubescape/host-scanner-definition-configmap.yaml" $.Template.BasePath ) . | sha256sum }}
+matchingRulesConfig: {{ include (printf "%s/%s/%s" $.Template.BasePath $.Values.global.configMapsDirectory "matchingRules-configmap.yaml") . | sha256sum }}
 nodeAgentConfig: {{ include (printf "%s/node-agent/configmap.yaml" $.Template.BasePath) . | sha256sum }}
 operatorConfig: {{ include (printf "%s/operator/configmap.yaml" $.Template.BasePath) . | sha256sum }}
 otelConfig: {{ include (printf "%s/otel-collector/configmap.yaml" $.Template.BasePath) . | sha256sum }}
@@ -21,6 +22,7 @@ synchronizerConfig: {{ include (printf "%s/synchronizer/configmap.yaml" $.Templa
 {{- $ksOtel := empty .Values.otelCollector.disable -}}
 {{- $otel := not (empty .Values.configurations.otelUrl) -}}
 {{- $submit := not (empty .Values.server) -}}
+continuousScan: {{ and (eq .Values.capabilities.continuousScan "enable") (not $submit) }}
 createCloudSecret: {{ $createCloudSecret }}
 ksOtel: {{ and $ksOtel $submit }}
 otel: {{ $otel }}

charts/kubescape-operator/templates/configs/cloudapi-configmap.yaml

@@ -43,6 +43,7 @@ data:
       "keepLocal": {{ not $components.serviceDiscovery.enabled }},
       "scanTimeout": "{{ .Values.kubevuln.config.scanTimeout }}",
       "vexGeneration": {{ eq .Values.capabilities.vexGeneration "enable" }},
+      "continuousPostureScan": {{ $configurations.continuousScan }},
 {{- if not (empty .Values.kubevuln.config.grypeDbListingURL) }}
       "listingURL": "{{ .Values.kubevuln.config.grypeDbListingURL }}",
 {{- end }}

charts/kubescape-operator/templates/configs/matchingRules-configmap.yaml

@@ -0,0 +1,11 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ .Values.continuousScanning.configMapName }}
+  namespace: {{ .Values.ksNamespace }}
+  labels:
+    {{- include "kubescape-operator.labels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.ksLabel "tier" .Values.global.namespaceTier) | nindent 4 }}
+    kubescape.io/tier: "core"
+data:
+  matchingRules.json: |
+    {{ mustToJson .Values.continuousScanning.matchingRules }}

charts/kubescape-operator/templates/operator/deployment.yaml

@@ -29,6 +29,7 @@ spec:
         checksum/cloud-secret: {{ $checksums.cloudSecret }}
         checksum/cloud-config: {{ $checksums.cloudConfig }}
         checksum/capabilities-config: {{ $checksums.capabilitiesConfig }}
+        checksum/matching-rules-config: {{ $checksums.matchingRulesConfig }}
       {{- if ne .Values.global.proxySecretFile "" }}
         checksum/proxy-config: {{ $checksums.proxySecret }}
       {{- end }}
@@ -133,6 +134,10 @@ spec:
               mountPath: /etc/config/capabilities.json
               readOnly: true
               subPath: "capabilities.json"
+            - name: {{ .Values.continuousScanning.configMapName }}
+              mountPath: /etc/config/matchingRules.json
+              readOnly: true
+              subPath: "matchingRules.json"
             - name: config
               mountPath: /etc/config/config.json
               readOnly: true
@@ -201,6 +206,12 @@ spec:
             items:
             - key: "config.json"
               path: "config.json"
+        - name: {{ .Values.continuousScanning.configMapName }}
+          configMap:
+            name: {{ .Values.continuousScanning.configMapName }}
+            items:
+              - key: "matchingRules.json"
+                path: "matchingRules.json"
 {{- if .Values.volumes }}
 {{ toYaml .Values.volumes | indent 8 }}
 {{- end }}