deprecate gateway (#565)

* deprecate gateway

Signed-off-by: Amir Malka <[email protected]>

* update temporary operator image

Signed-off-by: Amir Malka <[email protected]>

* remove args to operator container

Signed-off-by: Matthias Bertschy <[email protected]>

* operator image tag

Signed-off-by: Amir Malka <[email protected]>

* update version

Signed-off-by: Amir Malka <[email protected]>

* update tag

Signed-off-by: Amir Malka <[email protected]>

* update version

Signed-off-by: Amir Malka <[email protected]>

---------

Signed-off-by: Amir Malka <[email protected]>
Signed-off-by: Matthias Bertschy <[email protected]>
Co-authored-by: Matthias Bertschy <[email protected]>

.github/workflows/README.md

@@ -7,7 +7,6 @@
 The helm chart CICD runs on GitHub Actions, and in most cases will be automatically triggered by one of the in-cluster components:
 * Operator
 * Kubevuln
-* Gateway
 
 You can find more about the automatic process of in-cluster components [here](https://github.com/kubescape/workflows/blob/main/README.md).
 

charts/kubescape-operator/README.md

@@ -115,11 +115,6 @@ However, we recommend that you give Kubescape no less than 500m CPU no matter th
 | kubescapeScheduler.scanSchedule | string | `"0 0 * * *"` | scan schedule frequency |
 | kubescapeScheduler.volumes | object | `[]` | Additional volumes for scan scheduler |
 | kubescapeScheduler.volumeMounts | object | `[]` | Additional volumeMounts for scan scheduler |
-| gateway.affinity | object | `{}` | Assign custom [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) rules to the deployment |
-| gateway.image.repository | string | `"quay.io/kubescape/gateway"` | [source code](https://github.com/kubescape/gateway) |
-| gateway.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
-| gateway.volumes | object | `[]` | Additional volumes for the notification service |
-| gateway.volumeMounts | object | `[]` | Additional volumeMounts for the notification service |
 | kubevuln.affinity | object | `{}` | Assign custom [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) rules to the deployment |
 | kubevuln.image.repository | string | `"quay.io/kubescape/kubevuln"` | [source code](https://github.com/kubescape/kubevuln) |
 | kubevuln.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
@@ -539,7 +534,7 @@ kubectl -n kubescape delete pod <pod-name>
 
 When creating a recurring scan, the Operator component will create a `ConfigMap` and a `CronJob` from a recurring template ConfigMap. Each scan type comes with a template.
 
-The CronJob itself does not run the scan directly. When a CronJob is ready to run, it will send a REST API request to the Operator component, which will then trigger the relevant scan (similarly to a request coming from the Gateway).
+The CronJob itself does not run the scan directly. When a CronJob is ready to run, it will send a REST API request to the Operator component, which will then trigger the relevant scan.
 
 The scan results are then sent by each relevant component to the CloudEndpoint.
 

charts/kubescape-operator/templates/_common.tpl

@@ -46,8 +46,6 @@ submit: {{ $submit }}
 
 {{- define "components" -}}
 {{- $configurations := fromYaml (include "configurations" .) }}
-gateway:
-  enabled: {{ $configurations.submit }}
 hostScanner:
   enabled: {{ eq .Values.capabilities.nodeScan "enable" }}
 kubescape:

charts/kubescape-operator/templates/configs/cloudapi-configmap.yaml

@@ -25,8 +25,6 @@ data:
   clusterData: |
     {
       "serviceDiscovery": {{ $components.serviceDiscovery.enabled }},
-      "gatewayWebsocketURL": "{{ .Values.gateway.name }}:{{ .Values.gateway.websocketService.port }}",
-      "gatewayRestURL": "{{ .Values.gateway.name }}:{{ .Values.gateway.httpService.port }}",
       "vulnScanURL": "{{ .Values.kubevuln.name }}:{{ .Values.kubevuln.service.port }}",
       "kubevulnURL": "{{ .Values.kubevuln.name }}:{{ .Values.kubevuln.service.port }}",
       "kubescapeURL": "{{ .Values.kubescape.name }}:{{ .Values.kubescape.service.port }}",

charts/kubescape-operator/templates/operator/deployment.yaml

@@ -110,10 +110,6 @@ spec:
             - name : no_proxy
               value: "{{ $no_proxy_envar_list }}"
             {{- end }}
-          args:
-            - -alsologtostderr
-            - -v=4
-            - 2>&1
           volumeMounts:
             - name: {{ $components.cloudSecret.name }}
               mountPath: /etc/credentials

charts/kubescape-operator/templates/operator/networkpolicy.yaml

@@ -34,13 +34,6 @@ spec:
         - podSelector:
             matchLabels:
               {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.kubescape.name) | nindent 14 }}
-    - ports:
-        - protocol: TCP
-          port: 8001
-      to:
-        - podSelector:
-            matchLabels:
-              {{- include "kubescape-operator.selectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.gateway.name) | nindent 14 }}
     - ports:
         - protocol: TCP
           port: 8080

charts/kubescape-operator/templates/proxy-support/_noproxy_list.tpl

@@ -4,7 +4,7 @@
     {{- if $api_server_service -}}
       {{ $api_server_ip = $api_server_service.spec.clusterIP }}
     {{- end -}}
-    {{ .Values.gateway.name }},{{ .Values.kubescape.name }},{{ .Values.kubevuln.name }},{{ .Values.nodeAgent.name }},{{ .Values.operator.name }},otel-collector,kubernetes.default.svc.*,{{ $api_server_ip }}
+    {{ .Values.kubescape.name }},{{ .Values.kubevuln.name }},{{ .Values.nodeAgent.name }},{{ .Values.operator.name }},otel-collector,kubernetes.default.svc.*,{{ $api_server_ip }}
     {{- if ne .Values.global.noProxy "" -}}
         ,{{- .Values.global.noProxy -}}
     {{- end -}}