warn about costly scan scheduling in Helm output

charts/zora/templates/NOTES.txt

@@ -15,3 +15,16 @@ Visit our documentation for in-depth information: https://zora-docs.undistro.io
 {{ if .Values.saas.workspaceID -}}
 Visit Zora Dashboard to explore your clusters and issues: {{ .Values.saas.server }}
 {{- end }}
+
+{{- $warnMisconfig := and .Values.scan.misconfiguration.schedule (include "zora.IsMisconfigScheduleMoreOftenThanHourly" .) }}
+{{- if eq $warnMisconfig "true" }}
+WARNING: The misconfiguration scan appears to be scheduled to run more frequently than hourly, you should be aware this
+         may lead to higher resource utilization and network traffic.
+{{- end }}
+
+{{- $warVuln := and .Values.scan.vulnerability.schedule (include "zora.IsVulnScheduleMoreOftenThanDaily" .) }}
+{{- if eq $warVuln "true" }}
+WARNING: The vulnerability scan appears to be scheduled to run more frequently than daily, potentially leading to
+         significant increases in networking costs and resource utilization. This is particularly relevant for
+         vulnerability scans, which involve downloading a vulnerability database and pulling images.
+{{ end }}

charts/zora/templates/_helpers.tpl

@@ -130,3 +130,22 @@ Truncate a name to a specific length
 {{- .name }}
 {{- end }}
 {{- end }}
+
+{{/* Returns true if the explicitly set misconfiguration schedule is more frequently than hourly */}}
+{{- define "zora.IsMisconfigScheduleMoreOftenThanHourly" -}}
+{{- $cron_fields := split " " .Values.scan.misconfiguration.schedule -}}
+{{- $minute := $cron_fields._0 -}}
+{{/* minute must be in range [0-59] */}}
+{{- not (mustRegexMatch "^(?:\\d|[0-5]\\d)$" $minute) -}}
+{{- end -}}
+
+{{/* Returns true if the explicitly set vulnerability schedule is more frequently than daily */}}
+{{- define "zora.IsVulnScheduleMoreOftenThanDaily" -}}
+{{- $cron_fields := split " " .Values.scan.vulnerability.schedule -}}
+{{- $minute := $cron_fields._0 -}}
+{{- $hour := $cron_fields._1 -}}
+{{/* minute and hour must be in range [0-59] */}}
+{{- $isMinuteBad := not (mustRegexMatch "^(?:\\d|[0-5]\\d)$" $minute) -}}
+{{- $isHourBad := not (mustRegexMatch "^(?:\\d|[0-5]\\d)$" $hour) -}}
+{{- or $isMinuteBad $isHourBad -}}
+{{- end -}}

charts/zora/templates/clusterscan/clusterscan.yaml

@@ -35,7 +35,7 @@ metadata:
 spec:
   clusterRef:
     name: {{ include "zora.clusterName" . }}
-  {{- $currentMisconfigScan := (lookup "zora.undistro.io/v1alpha1" "ClusterScan" .Release.Namespace $misconfigScanName) }}
+  {{- $currentMisconfigScan := and (.Capabilities.APIVersions.Has "zora.undistro.io/v1alpha1") (lookup "zora.undistro.io/v1alpha1" "ClusterScan" .Release.Namespace $misconfigScanName) }}
   {{- if and $currentMisconfigScan (not .Values.scan.misconfiguration.schedule) }}
   schedule: {{ $currentMisconfigScan.spec.schedule | quote }}
   {{- else }}
@@ -62,7 +62,7 @@ metadata:
 spec:
   clusterRef:
     name: {{ include "zora.clusterName" . }}
-  {{- $currentVulnScan := (lookup "zora.undistro.io/v1alpha1" "ClusterScan" .Release.Namespace $vulnScanName) }}
+  {{- $currentVulnScan := and (.Capabilities.APIVersions.Has "zora.undistro.io/v1alpha1") (lookup "zora.undistro.io/v1alpha1" "ClusterScan" .Release.Namespace $vulnScanName) }}
   {{- if and $currentVulnScan (not .Values.scan.vulnerability.schedule) }}
   schedule: {{ $currentVulnScan.spec.schedule | quote }}
   {{- else }}