Skip to content

Commit

Permalink
feat(agent): add option to override security.openshift.io/v1 API pres…
Browse files Browse the repository at this point in the history
…ence
  • Loading branch information
jsecchiero committed Nov 21, 2024
1 parent e9e8280 commit 0cfcdbb
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 4 deletions.
2 changes: 1 addition & 1 deletion charts/agent/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@ sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
type: application
version: 1.31.0
version: 1.31.1
3 changes: 3 additions & 0 deletions charts/agent/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,9 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `global.gke.autopilot` | If true, overrides the agent configuration to run on GKE Autopilot clusters. | `false` |
| `global.image.pullSecrets` | Global pull secrets. | <code>[]</code> |
| `global.image.pullPolicy` | Global pull policy. | <code>`IfNotPresent`</code> |

| hasAPISecurityOpenshiftV1Override | Overrides `security.openshift.io/v1` API detection | `false` |

| `namespace` | Overrides the global namespace setting and release namespace for components. | `""` |
| `image.registry` | Sysdig Agent image registry. | `quay.io` |
| `image.repository` | Sets the image repository to pull the agent image from. | `sysdig/agent` |
Expand Down
3 changes: 2 additions & 1 deletion charts/agent/templates/securitycontextconstraint.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{- if and .Values.scc.create (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
{{- $hasAPISecurityOpenshiftV1 := default (.Capabilities.APIVersions.Has "security.openshift.io/v1") .Values.hasAPISecurityOpenshiftV1Override }}
{{- if and .Values.scc.create ($hasAPISecurityOpenshiftV1) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
Expand Down
11 changes: 11 additions & 0 deletions charts/agent/tests/security_context_constraints_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -139,3 +139,14 @@ tests:
- equal:
path: allowHostPorts
value: true

- it: Testing that SCS is created when security.openshift.io/v1 api are overridden
set:
scc:
create: true
hasAPISecurityOpenshiftV1Override: true
asserts:
- hasDocuments:
count: 1
- isKind:
of: SecurityContextConstraints
3 changes: 3 additions & 0 deletions charts/agent/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -404,3 +404,6 @@ tests:
tag: 1.31.2
# Allow to modify DNS policy
dnsPolicy: null
# Overrides `security.openshift.io/v1` API detection
# useful while using "helm template" and to generate security context constraints
hasAPISecurityOpenshiftV1Override: false
4 changes: 2 additions & 2 deletions charts/sysdig-deploy/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
version: 1.68.1
version: 1.68.2
maintainers:
- name: AlbertoBarba
email: [email protected]
Expand All @@ -26,7 +26,7 @@ dependencies:
- name: agent
# repository: https://charts.sysdig.com
repository: file://../agent
version: ~1.31.0
version: ~1.31.1
alias: agent
condition: agent.enabled
- name: common
Expand Down

0 comments on commit 0cfcdbb

Please sign in to comment.