Changelog of the Helm Chart

0.6.0

  • Add NodeSelector capability to pods
  • Added the ability to scale container-scanner and web-scanner
  • Added the ability to configure a Horizontal Pod Autoscale (HPA) for web, sidekiq, sidekiq_node, container-scanner and web-scanner pods
  • Simplified use of certificates for ingress, DB and redis
    • It is now possible to enter certificates and keys directly in the Values.yml file.
    • Ingress secrets are not regenerated on each installation
  • Added support for multiple ingresses.
    • Added a new configuration for the ingress(es) via the ingress.hosts variable.
    • Deprecated: the variables ingress.host, ingress.tls, ingress.ingressClassName and ingress.annotations are now deprecated. The variables will be removed in a future update.
  • Added the ability to use a Persistent Volume (PV) et Persistent Volume Claim (PVC) for the container-scanner cache
    • Deprecated: the containerScanner.cache_size_limit variable is deprecated. You must now use containerScanner.cacheStorageSize or containerScanner.existingClaim. The variable will be removed in a future update.
  • Added the ability to specify the Deployments update strategy
  • DB and redis pods are now in StatefulSet
  • Add a NOTES.txt file to warn of deprecations after a Helm chart installation or update
  • Fixed annotation used to disable apparmor on container-scanner
  • Deprecated: *.extraEnvVars variables for all pods are now displayed as deprecated in the NOTES.txt. It is recommended to use *.env

0.5.12 (2025-04-28)

  • Simplification of mounting the root-ca for an external database
  • Fix for mounting the third_party volume
  • Removal of the possibility of privilege escalation in certain pods
  • Elimination of duplicate volume mounts in offline mode
  • Allow adding the ingress certificate/key directly to the values.yml file

0.5.11 (2025-02-27)

  • Ability to add additional annotations to pods
  • Ability to replicate the web and sidekiq_node pods
  • Improved database performance in single-node deployment when the database is managed by the Helm chart
  • Removal of privilege escalation in the sidekiq_node pod

0.5.9 (2024-11-14)

  • Removal of exposing port 6380 for Redis
  • Allow labeling pods via additional labels
  • Replaced the cron deployment with a sidekiq-master container, and removed the cron service from the chart
  • Fixed certificate usage with MariaDB (adjusted mounting of the configuration file)
  • Allowed privilege escalation for the web-scanner pod to enable nmap scans

0.5.8 (2024-07-12)

  • Allowed privilege escalation for the sidekiq_node pod (necessary to run nmap with the cyberwatch user directly inside the container; added CAP_NET_RAW+ep capability to the nmap binary in the Dockerfile)

0.5.7 (2024-07-02)

  • Added an environment variable to indicate the presence of container-scanner
  • Added the container-scanner service (integrating the dedicated image as a service)

0.5.6 (2024-02-05)

  • Added resources.requests to chart pods (requests set to 10% of defined limits)

0.5.5

  • Added limitations (quotas) to configurable Helm chart pods in the values.yml file

0.5.2

  • The Helm chart is now signed with a certificate
  • Added the cyberwatch namespace to store chart elements

0.5.1

  • Fixed the image name for MariaDB

0.5.0

This version facilitates deployment of Cyberwatch on a multi-node cluster. New features:

  • Generation of a self-signed certificate for the Ingress

  • Ability to specify container registry credentials from values.yml

  • Specification of the number of replicas for the sidekiq container

  • Restart only containers impacted by a change in secrets or ConfigMap

  • Specification of a unique Cyberwatch node name for a multi-node cluster

  • Specification of the IngressClass name to use if multiple IngressClasses are available

  • Reactivation of the thirdParties volume shared between the web and sidekiqNode containers (necessary to transmit the .cab file from sidekiqNode to web)

Back to top