Skip to content

Commit

Permalink
fix(admission-controller): admission controller read does not read gl…
Browse files Browse the repository at this point in the history 
…obal.sysdig.accessKeySecret (#1359)
  • Loading branch information
@AlbertoBarba
AlbertoBarba authored Sep 14, 2023
1 parent c324083 commit 1a1fad6
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 4 deletions.
2 changes: 1 addition & 1 deletion charts/admission-controller/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: admission-controller
description: Sysdig Admission Controller using Sysdig Secure inline image scanner
type: application
version: 0.14.5
version: 0.14.6
appVersion: 3.9.29
home: https://sysdiglabs.github.io/admission-controller/
icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
Expand Down
4 changes: 2 additions & 2 deletions charts/admission-controller/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ For example:

```bash
helm upgrade --install admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.14.5 \
--create-namespace -n sysdig-admission-controller --version=0.14.6 \
--set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
```

Expand All @@ -80,7 +80,7 @@ For example:

```bash
helm upgrade --install admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.14.5 \
--create-namespace -n sysdig-admission-controller --version=0.14.6 \
--values values.yaml
```
Expand Down
2 changes: 1 addition & 1 deletion charts/admission-controller/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,7 @@ the following helper function designed to take the accessKey if specified locall
{{- end -}}
{{- define "sysdig.existingAccessKeySecret" -}}
{{- .Values.sysdig.existingAccessKeySecret | default .Values.global.sysdig.existingAccessKeySecret | default "" -}}
{{- .Values.sysdig.existingAccessKeySecret | default .Values.global.sysdig.accessKeySecret | default .Values.global.sysdig.existingAccessKeySecret | default "" -}}
{{- end -}}
{{/*
Expand Down
39 changes: 39 additions & 0 deletions charts/admission-controller/tests/global_overrides_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,45 @@ tests:
value: some-secret
template: webhook/deployment.yaml

- it: check value of accessKeySecret without local chart override
documentIndex: 0
set:
global:
sysdig:
accessKeySecret: some-secret
sysdig:
url: secure.sysdigcloud.com
features:
kspmAdmissionController: true
k8sAuditDetections: false
clusterName: test-k8s
version: 0.7.3
asserts:
- equal:
path: spec.template.spec.volumes[0].secret.secretName
value: some-secret
template: webhook/deployment.yaml

- it: check value of accessKeySecret with local chart override
documentIndex: 0
set:
global:
sysdig:
accessKeySecret: some-secret
sysdig:
url: secure.sysdigcloud.com
existingAccessKeySecret: override-secret
features:
kspmAdmissionController: true
k8sAuditDetections: false
clusterName: test-k8s
version: 0.7.3
asserts:
- equal:
path: spec.template.spec.volumes[0].secret.secretName
value: override-secret
template: webhook/deployment.yaml

- it: uses the specified region
documentIndex: 0
set:
Expand Down

0 comments on commit 1a1fad6

Please sign in to comment.