From 48a4f16f19d62cc6f11c757d6f41571dc119a2d5 Mon Sep 17 00:00:00 2001 From: Dmitry Ribakov <69093195+dimar-apolicy@users.noreply.github.com> Date: Thu, 25 Jan 2024 14:01:05 +0200 Subject: [PATCH] feat(KSPM admission controller): SSPROD-35354 - Make Dry Run mode configurable to a user in Chart Values. (#1560) --- charts/admission-controller/Chart.yaml | 2 +- charts/admission-controller/README.md | 6 +++--- .../admission-controller/templates/webhook/deployment.yaml | 6 +++++- charts/admission-controller/values.yaml | 2 +- charts/sysdig-deploy/Chart.yaml | 4 ++-- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/admission-controller/Chart.yaml b/charts/admission-controller/Chart.yaml index 335b9fc89..a5293c96d 100644 --- a/charts/admission-controller/Chart.yaml +++ b/charts/admission-controller/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: admission-controller description: Sysdig Admission Controller using Sysdig Secure inline image scanner type: application -version: 0.14.19 +version: 0.14.20 appVersion: 3.9.36 home: https://sysdiglabs.github.io/admission-controller/ icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md index 8b695fd56..3050d434c 100644 --- a/charts/admission-controller/README.md +++ b/charts/admission-controller/README.md @@ -68,7 +68,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.14.19 \ + --create-namespace -n sysdig-admission-controller --version=0.14.20 \ --set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME ``` @@ -80,7 +80,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.14.19 \ + --create-namespace -n sysdig-admission-controller --version=0.14.20 \ --values values.yaml ``` @@ -142,7 +142,7 @@ The following table lists the configurable parameters of the `admission-controll | webhook.v2.http.port | HTTP serve port where the requests will be served from | 6443 | | webhook.v2.image.registry | The KSPM Admission Controller image registry | quay.io | | webhook.v2.image.repository | The KSPM Admission Controller image repository | sysdig/secure-admission-controller | -| webhook.v2.image.tag | The KSPM Admission Controller image tag | 1.0.1 | +| webhook.v2.image.tag | The KSPM Admission Controller image tag | 1.27.0 | | webhook.v2.image.digest | Specifies the image digest value. If set, this value is used instead of the tag value | | | webhook.v2.image.pullPolicy | The PullPolicy for KSPM Admission Controller image | | | webhook.name | The service name for Webhook deployment | webhook | diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml index 77a94c029..cdf90065f 100644 --- a/charts/admission-controller/templates/webhook/deployment.yaml +++ b/charts/admission-controller/templates/webhook/deployment.yaml @@ -54,8 +54,12 @@ spec: image: {{ include "admissionController.kspm.image" . }} imagePullPolicy: {{ .Values.webhook.v2.image.pullPolicy | default .Values.global.image.pullPolicy }} env: + - name: DEFAULT_TIMEOUT + value: {{ .Values.webhook.timeoutSeconds | quote }} + - name: DENY_ON_ERROR + value: {{ .Values.webhook.denyOnError | default "false" | quote }} - name: DRY_RUN - value: "true" + value: {{ .Values.webhook.dryRun | default "true" | quote }} {{- if (or (include "webhook.httpProxy" .) (include "webhook.httpsProxy" .) (include "webhook.noProxy" .) )}} - name: HTTP_PROXY value: {{ include "webhook.httpProxy" . }} diff --git a/charts/admission-controller/values.yaml b/charts/admission-controller/values.yaml index 350df8dda..2a39cac2b 100644 --- a/charts/admission-controller/values.yaml +++ b/charts/admission-controller/values.yaml @@ -190,7 +190,7 @@ webhook: # The KSPM Admission Controller image repository repository: sysdig/secure-admission-controller # The KSPM Admission Controller image tag - tag: 1.0.1 + tag: 1.27.0 # Specifies the image digest value. If set, this value is used instead of the tag value digest: # The PullPolicy for KSPM Admission Controller image diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index 7cc3e308b..0c15b2ecc 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.37.6 +version: 1.37.7 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com @@ -20,7 +20,7 @@ dependencies: - name: admission-controller # repository: https://charts.sysdig.com repository: file://../admission-controller - version: ~0.14.19 + version: ~0.14.20 alias: admissionController condition: admissionController.enabled - name: agent