mahanth

- What are [admission webhooks](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/)? - **Kubernetes requires communication to webhooks be encrypted** - [webhook request and response formats](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#webhook-request-and-response) - [connecting to the webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#contacting-the-webhook) - webhook response - *uid*, copied...

### Design Proposal 1. Deployment + create a admission web-hook server as part of Kubernetes deepfence agent or standalone admission controller + use admission controller to connect and cache required...

### Workflow - create policies and then associate them to clusters connected with Deepfence console - allows user to have different polices between environments like dev/qa/test/prod #### Policies - actions...

- Policy when vulnerability, threshold or allow/block list are defined - for example, allow images with no critical cve's on default namespace ``` { "id": 5, "conditions": [ { "key":...

Tasks: - Database + admission_controller_policies * id - primary key * name - string, policy name * conditions - json field * vulnerabilities - json field + ac_policies_associations * id...

- Masked Cve's are not persisted and are lost on restart - Add new table maskcve in postgres db - table design ``` cve_id pk nodes { node_name: node_type, node_name:...

@wkleinhenz we have recently updated haproxy config to take service host and port from environment variables, you can check and build code from master branch

development branch: https://github.com/deepfence/ThreatMapper/tree/admission-webhook

Steps to be performed while migration data for v4 to v5 **Step to be performed before upgrading inside neo4j container** 1. stop the neo4j ``` neo4j stop ``` 2. create...

List of the queries need migration for v5 neo4j 1. **link_cloud_resource** ``` Mon, 19 Feb 2024 14:01:38 +0000 ERR deepfence_worker/worker.go:123 worker task link_cloud_resource, payload: 1708351298013 error="Neo4jError: Neo.ClientError.Statement.SyntaxError (Unknown function 'apoc.meta.type'...