diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-14 09:07:03 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-14 09:07:03 +0300 |
commit | 4fc8a5035217a603a5af54aab09bb7c1bfea7626 (patch) | |
tree | 760de5425c0064a744fb21aa18aecf720b85dc8e /doc/user | |
parent | 27715675e849d90937a5d3e2db3c4997018f7832 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/clusters/agent/vulnerabilities.md | 35 | ||||
-rw-r--r-- | doc/user/project/integrations/telegram.md | 5 |
2 files changed, 35 insertions, 5 deletions
diff --git a/doc/user/clusters/agent/vulnerabilities.md b/doc/user/clusters/agent/vulnerabilities.md index cb12b23bcfb..74676e31d22 100644 --- a/doc/user/clusters/agent/vulnerabilities.md +++ b/doc/user/clusters/agent/vulnerabilities.md @@ -15,11 +15,11 @@ You can also configure your agent so the vulnerabilities are displayed with othe ## Enable operational container scanning You can use operational container scanning to scan container images in your cluster for security vulnerabilities. You -can enable the scanner to run on a cadence as configured via the agent, or setup scan execution policies within a +can enable the scanner to run on a cadence as configured via the `agent config`, or setup `scan execution policies` within a project that houses the agent. NOTE: -In GitLab 15.0 and later, you do not need to install Starboard operator in the Kubernetes cluster. +If both `agent config` and `scan execution policies` are configured, the configuration from `scan execution policy` takes precedence. ### Enable via agent configuration @@ -56,7 +56,7 @@ container_scanning: - kube-system ``` -## Enable via scan execution policies +### Enable via scan execution policies To enable scanning of all images within your Kubernetes cluster via scan execution policies, we can use the [scan execution policy editor](../../application_security/policies/scan-execution-policies.md#scan-execution-policy-editor) @@ -96,6 +96,35 @@ The CRON expression is evaluated in [UTC](https://www.timeanddate.com/worldclock You can view the complete schema within the [scan execution policy documentation](../../application_security/policies/scan-execution-policies.md#scan-execution-policies-schema). +## Configure scanner resource requirements + +By default the scanner pod's default resource requirements are: + +```yaml +requests: + cpu: 100m + memory: 100Mi +limits: + cpu: 500m + memory: 500Mi +``` + +You can customize it with a `resource_requirements` field. + +```yaml +container_scanning: + resource_requirements: + requests: + cpu: 200m + memory: 200Mi + limits: + cpu: 700m + memory: 700Mi +``` + +NOTE: +Resource requirements can only be set up using the agent configuration. If you enabled `Operational Container Scanning` through `scan execution policies`, you would need to define the resource requirements within the agent configuration file. + ## View cluster vulnerabilities To view vulnerability information in GitLab: diff --git a/doc/user/project/integrations/telegram.md b/doc/user/project/integrations/telegram.md index d2e402d0bd0..fabea52629d 100644 --- a/doc/user/project/integrations/telegram.md +++ b/doc/user/project/integrations/telegram.md @@ -31,6 +31,8 @@ To configure the bot in Telegram: 1. Add the bot as an administrator to a new or existing channel. 1. Assign the bot `Post Messages` rights to receive events. 1. Create an identifier for the channel. + - For public channels, enter a public link and copy the channel identifier (for example, `https:/t.me/MY_IDENTIFIER`). + - For private channels, use the [`getUpdates`](https://telegram-bot-sdk.readme.io/reference/getupdates) method with your API token and copy the channel identifier. ## Set up the Telegram integration in GitLab @@ -47,8 +49,7 @@ After you invite the bot to a Telegram channel, you can configure GitLab to send 1. In **Enable integration**, select the **Active** checkbox. 1. In **New token**, [paste the token value from the Telegram bot](#create-a-telegram-bot). 1. In the **Trigger** section, select the checkboxes for the GitLab events you want to receive in Telegram. -1. In **Channel identifier**, [paste the channel identifier from the Telegram channel](#configure-the-telegram-bot). - - To get a private channel ID, use the [`getUpdates`](https://core.telegram.org/bots/api#getupdates) method. +1. In **Channel identifier**, [paste the Telegram channel identifier](#configure-the-telegram-bot). 1. Optional. Select **Test settings**. 1. Select **Save changes**. |