Add CVE re-scoring configuration to the monitoring images (gardener#7391

)

To automatically re-compute CVE scores of vulnerabilities.

Co-authored-by: Jeremy Rickards <jeremy.rickards@sap.com>

charts/images.yaml

@@ -104,34 +104,108 @@ images:
   sourceRepository: github.com/prometheus/alertmanager
   repository: quay.io/prometheus/alertmanager
   tag: v0.24.0
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: public
+      authentication_enforced: true
+      user_interaction: end-user
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
 - name: prometheus
   sourceRepository: github.com/prometheus/prometheus
   repository: quay.io/prometheus/prometheus
   tag: v2.41.0
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: public
+      authentication_enforced: true
+      user_interaction: end-user
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
 - name: configmap-reloader
   sourceRepository: github.com/prometheus-operator/prometheus-operator
   repository: ghcr.io/prometheus-operator/prometheus-config-reloader
   tag: v0.61.1
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: private
+      authentication_enforced: false
+      user_interaction: gardener-operator
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
 - name: kube-state-metrics
   sourceRepository: github.com/kubernetes/kube-state-metrics
   repository: registry.k8s.io/kube-state-metrics/kube-state-metrics
   tag: v2.5.0
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: private
+      authentication_enforced: false
+      user_interaction: gardener-operator
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
 - name: node-exporter
   sourceRepository: github.com/prometheus/node_exporter
   repository: quay.io/prometheus/node-exporter
   tag: v1.5.0
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: protected
+      authentication_enforced: false
+      user_interaction: end-user
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
+      comment: the node-exporter is also deployed to the shoot cluster
 - name: grafana
   sourceRepository: github.com/grafana/grafana
   repository: grafana/grafana
   tag: "7.5.17"
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: public
+      authentication_enforced: true
+      user_interaction: end-user
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
 - name: blackbox-exporter
   sourceRepository: github.com/prometheus/blackbox_exporter
   repository: quay.io/prometheus/blackbox-exporter
   tag: v0.23.0
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: protected
+      authentication_enforced: false
+      user_interaction: end-user
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
+      comment: the blackbox-exporter is also deployed to the shoot cluster
 - name: metrics-server
   sourceRepository: github.com/kubernetes-sigs/metrics-server
   repository: registry.k8s.io/metrics-server/metrics-server
   tag: v0.6.2
+  labels:
+  - name: gardener.cloud/cve-categorisation
+    value:
+      network_exposure: private
+      authentication_enforced: false
+      user_interaction: gardener-operator
+      confidentiality_requirement: high
+      integrity_requirement: high
+      availability_requirement: low
 
 # Shoot core addons
 - name: vpn-shoot-client