diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md index 81a55d3fe..67c757ed5 100644 --- a/charts/admission-controller/README.md +++ b/charts/admission-controller/README.md @@ -23,7 +23,7 @@ $ pre-commit run -a $ helm repo add sysdig https://charts.sysdig.com $ helm repo update $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.11.4 \ + --create-namespace -n sysdig-admission-controller --version=0.11.5 \ --set clusterName=CLUSTER_NAME \ --set sysdig.secureAPIToken=SECURE_API_TOKEN ``` @@ -55,7 +55,7 @@ This chart deploys the Sysdig Admission Controller on a [Kubernetes](http://kube To install the chart with the release name `admission-controller`: ```console -$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.4 +$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.5 ``` The command deploys the Sysdig Admission Controller on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. @@ -143,10 +143,7 @@ The following table lists the configurable parameters of the `admission-controll | webhook.dryRun | Dry Run request | false | | webhook.logLevel | Log Level - Valid Values are: error, info, debug, trace | info | | webhook.ssl.reuseTLSSecret | Reuse existing TLS Secret during chart upgrade | false | -| webhook.ssl.ca.cert | For outbound connections (secure backend, proxy,...)
And inbound connections to serve HttpRequests as Kubernetes Webhook.
A PEM-encoded x509 certificate authority.
If empty, a new CA will be autogenerated. | "" | -| webhook.ssl.ca.key | For outbound connections (secure backend, proxy,...)
A PEM-encoded private key of the certificate authority to use in the certificate generation.
If empty, a new CA will be autogenerated. | "" | -| webhook.ssl.cert | For inbound connections to serve HttpRequests as Kubernetes Webhook.
A PEM-encoded x509 certificate signed by the CA.
If empty, a new cert will be generated.
If provided, it must be valid with the `webhook.ssl.ca`.
If this is set, the key must also be provided. | "" | -| webhook.ssl.key | For inbound connections to serve HttpRequests as Kubernetes Webhook.
A PEM-encoded private key signed by the CA.
If empty, a new key will be generated.
If provided, it must be valid with the `webhook.ssl.ca`.
If this is set, the cert must also be provided. | "" | +| webhook.ssl.ca.cert | For outbound connections (secure backend, proxy,...)
A PEM-encoded x509 certificate authority. | "" | | webhook.customEntryPoint | Custom entrypoint for the webhook
Remember to provide the webhook valid arguments with `--tls_cert_file` and `--tls_private_key_file`.
default: /bin/webhook --tls_cert_file /cert/tls.crt --tls_private_key_file /cert/tls.key | [] | | webhook.http.port | HTTP serve port where the requests will be served from | 5000 | | scc.create | Enable the creation of Security Context Constraints in Openshift | true | @@ -176,7 +173,7 @@ The following table lists the configurable parameters of the `admission-controll | scanner.priorityClassName | priorityClassName config for the scanner | | | scanner.tolerations | Tolerations for scheduling for the scanner | [] | | scanner.affinity | Configure affinity rules for the scanner | {} | -| scanner.ssl.ca.cert | For outbound connections (secure backend, proxy,...).
A PEM-encoded x509 certificate authority.
If empty, a new CA will be autogenerated. | "" | +| scanner.ssl.ca.cert | For outbound connections (secure backend, proxy,...).
A PEM-encoded x509 certificate authority. | "" | | scanner.customEntryPoint | Custom entrypoint for the scanner.
Remember to provide the scanner valid arguments with `--server_port` and optionally `--auth_secure_token`
default: /inline-scan-service --server_port=8080 | [] | @@ -184,7 +181,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to ` ```console $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.11.4 \ + --create-namespace -n sysdig-admission-controller --version=0.11.5 \ --set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME ``` @@ -193,7 +190,7 @@ installing the chart. For example: ```console $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.11.4 \ + --create-namespace -n sysdig-admission-controller --version=0.11.5 \ --values values.yaml ``` diff --git a/charts/admission-controller/values.yaml b/charts/admission-controller/values.yaml index a8659473d..1149211af 100644 --- a/charts/admission-controller/values.yaml +++ b/charts/admission-controller/values.yaml @@ -220,26 +220,8 @@ webhook: reuseTLSSecret: false ca: # For outbound connections (secure backend, proxy,...) - #
And inbound connections to serve HttpRequests as Kubernetes Webhook. #
A PEM-encoded x509 certificate authority. - #
If empty, a new CA will be autogenerated. cert: "" - # For outbound connections (secure backend, proxy,...) - #
A PEM-encoded private key of the certificate authority to use in the certificate generation. - #
If empty, a new CA will be autogenerated. - key: "" - # For inbound connections to serve HttpRequests as Kubernetes Webhook. - #
A PEM-encoded x509 certificate signed by the CA. - #
If empty, a new cert will be generated. - #
If provided, it must be valid with the `webhook.ssl.ca`. - #
If this is set, the key must also be provided. - cert: "" - # For inbound connections to serve HttpRequests as Kubernetes Webhook. - #
A PEM-encoded private key signed by the CA. - #
If empty, a new key will be generated. - #
If provided, it must be valid with the `webhook.ssl.ca`. - #
If this is set, the cert must also be provided. - key: "" # Custom entrypoint for the webhook #
Remember to provide the webhook valid arguments with `--tls_cert_file` and `--tls_private_key_file`. @@ -348,7 +330,6 @@ scanner: ca: # For outbound connections (secure backend, proxy,...). #
A PEM-encoded x509 certificate authority. - #
If empty, a new CA will be autogenerated. cert: "" # Custom entrypoint for the scanner.