release: prepare v0.21.0 (#2082)

Signed-off-by: chenk <hen.keinan@gmail.com>

CONTRIBUTING.md

@@ -344,16 +344,16 @@ chart, then run `mage generate:docs` to ensure the helm docs are up-to-date.
 To install [Operator Lifecycle Manager] (OLM) run:
 
 ```
-kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.1/crds.yaml
-kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.1/olm.yaml
+kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.0/crds.yaml
+kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.0/olm.yaml
 ```
 
 or
 
 ```
 curl -L https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.21.4/install.sh -o install.sh
 chmod +x install.sh
-./install.sh v0.20.1
+./install.sh v0.21.0
 ```
 
 ### Build the Catalog Image

RELEASING.md

@@ -46,17 +46,17 @@
 5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow
 
    ```sh
-   git tag -v0.20.1 -m 'Release v0.20.1'
-   git push upstream v0.20.1
+   git tag -v0.21.0 -m 'Release v0.21.0'
+   git push upstream v0.21.0
    ```
 
 6. Verify that the `release` workflow has built and published the following artifacts
    1. Trivy-operator container images published to DockerHub
-       `docker.io/aquasec/trivy-operator:0.20.1`
+       `docker.io/aquasec/trivy-operator:0.21.0`
    2. Trivy-operator container images published to Amazon ECR Public Gallery
-       `public.ecr.aws/aquasecurity/trivy-operator:0.20.1`
+       `public.ecr.aws/aquasecurity/trivy-operator:0.21.0`
    3. Trivy-operator container images published to GitHub Container Registry
-       `ghcr.io/aquasecurity/trivy-operator:0.20.1`
+       `ghcr.io/aquasecurity/trivy-operator:0.21.0`
 
 7. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the <https://github.com/k8s-operatorhub/community-operators> repository.
 

deploy/helm/Chart.yaml

@@ -11,7 +11,7 @@ version: 0.22.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.20.1
+appVersion: 0.21.0
 
 # kubeVersion: A SemVer range of compatible Kubernetes versions (optional)
 

deploy/helm/README.md

@@ -1,6 +1,6 @@
 # trivy-operator
 
-![Version: 0.22.1](https://img.shields.io/badge/Version-0.22.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.20.1](https://img.shields.io/badge/AppVersion-0.20.1-informational?style=flat-square)
+![Version: 0.22.1](https://img.shields.io/badge/Version-0.22.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.21.0](https://img.shields.io/badge/AppVersion-0.21.0-informational?style=flat-square)
 
 Keeps security report resources updated
 

deploy/helm/templates/specs/cis-1.23.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: 0.20.1
+    app.kubernetes.io/version: 0.21.0
     app.kubernetes.io/managed-by: kubectl
 spec:
   cron: {{ .Values.compliance.cron | quote}}

deploy/helm/templates/specs/nsa-1.0.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 spec:
   cron: {{ .Values.compliance.cron | quote }}

deploy/helm/templates/specs/pss-baseline.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: 0.20.1
+    app.kubernetes.io/version: 0.21.0
     app.kubernetes.io/managed-by: kubectl
 spec:
   cron: {{ .Values.compliance.cron | quote }}

deploy/helm/templates/specs/pss-restricted.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: 0.20.1
+    app.kubernetes.io/version: 0.21.0
     app.kubernetes.io/managed-by: kubectl
 spec:
   cron: {{ .Values.compliance.cron | quote }}

deploy/static/namespace.yaml

@@ -6,5 +6,5 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl

deploy/static/trivy-operator.yaml

@@ -2919,7 +2919,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 ---
 # Source: trivy-operator/templates/configmaps/operator.yaml
@@ -2931,7 +2931,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 data:
   nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]"
@@ -2955,7 +2955,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 data:
 ---
@@ -2968,7 +2968,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 data:
   OPERATOR_LOG_DEV_MODE: "false"
@@ -3021,7 +3021,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 data:
   trivy.repository: "ghcr.io/aquasecurity/trivy"
@@ -3058,7 +3058,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 data:
 ---
@@ -3071,7 +3071,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 data:
 ---
@@ -3084,7 +3084,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 spec:
   replicas: 1
@@ -3104,7 +3104,7 @@ spec:
       automountServiceAccountToken: true
       containers:
         - name: "trivy-operator"
-          image: "ghcr.io/aquasecurity/trivy-operator:0.20.1"
+          image: "ghcr.io/aquasecurity/trivy-operator:0.21.0"
           imagePullPolicy: IfNotPresent
           env:
             - name: OPERATOR_NAMESPACE
@@ -3165,7 +3165,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 spec:
   clusterIP: None
@@ -3556,7 +3556,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -3577,7 +3577,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 rules:
   - apiGroups:
@@ -3604,7 +3604,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -3624,7 +3624,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 rules:
   - apiGroups:
@@ -3654,7 +3654,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -3674,7 +3674,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -3699,7 +3699,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -3724,7 +3724,7 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -3749,5 +3749,5 @@ metadata:
   labels:
     app.kubernetes.io/name: trivy-operator
     app.kubernetes.io/instance: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
     app.kubernetes.io/managed-by: kubectl

docs/docs/crds/clustercompliance-report.md

@@ -1346,7 +1346,7 @@ status:
             "app.kubernetes.io/instance": "trivy-operator",
             "app.kubernetes.io/managed-by": "kubectl",
             "app.kubernetes.io/name": "trivy-operator",
-            "app.kubernetes.io/version": "0.20.1"
+            "app.kubernetes.io/version": "0.21.0"
         },
         "name": "cis",
         "resourceVersion": "8985",

docs/docs/crds/configaudit-report.md

@@ -34,7 +34,7 @@ report:
   scanner:
     name: Trivy 
     vendor: Aqua Security
-    version: '0.20.1'
+    version: '0.21.0'
   summary:
     criticalCount: 2
     highCount: 0

docs/docs/crds/exposedsecret-report.md

@@ -33,7 +33,7 @@ metadata:
 report:
   artifact:
     repository: myimagewithsecret
-    tag: v0.20.1
+    tag: v0.21.0
   registry:
     server: index.docker.io
   scanner:

docs/docs/crds/rbacassessment-report.md

@@ -176,7 +176,7 @@ report:
   scanner:
     name: Trivy
     vendor: Aqua Security
-    version: '0.20.1'
+    version: '0.21.0'
   summary:
     criticalCount: 1
     highCount: 0

docs/docs/design/caching_scan_results_by_repo_digest.md

@@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili
   a gate.
 * Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports.
 
-[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.20.1/integrations/vulnerability-scanners/trivy/#standalone
-[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.20.1/integrations/vulnerability-scanners/trivy/#clientserver
+[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.21.0/integrations/vulnerability-scanners/trivy/#standalone
+[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.21.0/integrations/vulnerability-scanners/trivy/#clientserver

docs/docs/design/design_compliance_report.md

@@ -542,7 +542,7 @@ metadata:
   name: clustercompliancereports.aquasecurity.github.io
   labels:
     app.kubernetes.io/managed-by: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
 spec:
   group: aquasecurity.github.io
   scope: Cluster
@@ -678,7 +678,7 @@ metadata:
   name: clustercompliancedetailreports.aquasecurity.github.io
   labels:
     app.kubernetes.io/managed-by: trivy-operator
-    app.kubernetes.io/version: "0.20.1"
+    app.kubernetes.io/version: "0.21.0"
 spec:
   group: aquasecurity.github.io
   versions:

docs/docs/design/design_starboard_at_scale.excalidraw

@@ -11835,7 +11835,7 @@
       "versionNonce": 596868769,
       "isDeleted": false,
       "boundElementIds": null,
-      "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n  name: scan-vulnerabilityreport-<workload hash>\n  namespace: trivy-system\nspec:\n  template:\n    spec:\n      containers:\n      - name: nginx\n        image: aquasec/trivy:0.20.1\n        command: [\"trivy\",  \"image\", \"nginx:1.16\"]\n      restartPolicy: Never\n  backoffLimit: 1",
+      "text": "apiVersion: batch/v1\nkind: Job\nmetadata:\n  name: scan-vulnerabilityreport-<workload hash>\n  namespace: trivy-system\nspec:\n  template:\n    spec:\n      containers:\n      - name: nginx\n        image: aquasec/trivy:0.21.0\n        command: [\"trivy\",  \"image\", \"nginx:1.16\"]\n      restartPolicy: Never\n  backoffLimit: 1",
       "fontSize": 20,
       "fontFamily": 3,
       "textAlign": "left",
@@ -11895,7 +11895,7 @@
       "boundElementIds": [],
       "fontSize": 20,
       "fontFamily": 3,
-      "text": "apiVersion: v1\nkind: Pod\nmetadata:\n  name: scan-vulnerabilityreport-<workload hash>-<pod-hash>\n  namespace: trivy-system\nspec:\n  containers:\n    - name: nginx\n      image: aquasec/trivy:0.20.1\n      command: [\"trivy\",  \"image\", \"nginx:1.16\"]\n",
+      "text": "apiVersion: v1\nkind: Pod\nmetadata:\n  name: scan-vulnerabilityreport-<workload hash>-<pod-hash>\n  namespace: trivy-system\nspec:\n  containers:\n    - name: nginx\n      image: aquasec/trivy:0.21.0\n      command: [\"trivy\",  \"image\", \"nginx:1.16\"]\n",
       "baseline": 259,
       "textAlign": "left",
       "verticalAlign": "top"

docs/docs/design/design_trivy_file_system_scanner.md

@@ -117,10 +117,10 @@ spec:
           emptyDir: { }
       initContainers:
         # The trivy-get-binary init container is used to copy out the trivy executable
-        # binary from the upstream Trivy container image, i.e. aquasec/trivy:0.20.1,
+        # binary from the upstream Trivy container image, i.e. aquasec/trivy:0.21.0,
         # to a shared emptyDir volume.
         - name: trivy-get-binary
-          image: aquasec/trivy:0.20.1
+          image: aquasec/trivy:0.21.0
           command:
             - cp
             - -v
@@ -135,7 +135,7 @@ spec:
         # This won't be required once Trivy supports ClientServer mode
         # for the fs subcommand.
         - name: trivy-download-db
-          image: aquasec/trivy:0.20.1
+          image: aquasec/trivy:0.21.0
           command:
             - /var/trivy-operator/trivy
             - --download-db-only

docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md

@@ -167,7 +167,7 @@ spec:
           emptyDir: { }
       initContainers:
         - name: trivy-get-binary
-          image: aquasec/trivy:0.20.1
+          image: aquasec/trivy:0.21.0
           command:
             - cp
             - -v
@@ -177,7 +177,7 @@ spec:
             - name: scan-volume
               mountPath: /var/trivy-operator
         - name: trivy-download-db
-          image: aquasec/trivy:0.20.1
+          image: aquasec/trivy:0.21.0
           command:
             - /var/trivy-operator/trivy
             - --download-db-only
@@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d
     - As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster
     then scan job will be blocked due to the PSP.
 
-[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.20.1/integrations/managed-registries/#amazon-elastic-container-registry-ecr
+[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.21.0/integrations/managed-registries/#amazon-elastic-container-registry-ecr
 [IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
 [Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md