From f9db25eb77d6f648adefbf01ad3df983c41ddf70 Mon Sep 17 00:00:00 2001 From: Alberto Barba Date: Tue, 22 Aug 2023 16:05:44 +0200 Subject: [PATCH 1/3] feat(cluster-scanner): allow to configure http proxy (#1302) --- charts/cluster-scanner/Chart.yaml | 2 +- charts/cluster-scanner/README.md | 9 ++--- .../cluster-scanner/templates/configmap.yaml | 9 +++++ .../cluster-scanner/templates/deployment.yaml | 36 +++++++++++++++++++ .../cluster-scanner/tests/configmap_test.yaml | 31 ++++++++++++++++ .../tests/deployment_test.yaml | 28 +++++++-------- charts/cluster-scanner/values.yaml | 2 ++ charts/sysdig-deploy/Chart.yaml | 4 +-- 8 files changed, 100 insertions(+), 21 deletions(-) diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml index d5b2fe4c4..a1550252a 100644 --- a/charts/cluster-scanner/Chart.yaml +++ b/charts/cluster-scanner/Chart.yaml @@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner type: application -version: 0.4.1 +version: 0.5.0 appVersion: "0.1.0" home: https://www.sysdig.com/ diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md index 372dd26b8..f0f6fd842 100644 --- a/charts/cluster-scanner/README.md +++ b/charts/cluster-scanner/README.md @@ -25,7 +25,7 @@ $ pre-commit run -a $ helm repo add sysdig https://charts.sysdig.com $ helm repo update $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.4.1 \ + --create-namespace -n sysdig --version=0.5.0 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.4.1 \ + --create-namespace -n sysdig --version=0.5.0 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -93,6 +93,7 @@ The following table lists the configurable parameters of the `cluster-scanner` c | global.sysdig.region | Region name for Sysdig. Valid options: `us1`, `us2`, `us3`, `us4`, `eu1`, `au1`. When no region is suitable (e.g. on-premise installations) set the `global.sysdig.apiHost: ""` parameter. | "us1" | | global.image.pullSecrets | The pull secrets for Cluster Scanner | [] | | global.image.pullPolicy | The pull policy for Cluster Scanner | IfNotPresent | +| global.proxy | Global HTTP Proxy settings. | {} | | global.loggingLevel | Set the logging level to use, useful for troubleshooting. Valid values, sorted by increasing level of verbosity are: `PANIC`, `FATAL`, `ERROR`, `WARN`, `INFO`, `DEBUG`, `TRACE`. | "INFO" | | global.ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | [] | | global.ssl.ca.keyName | Filename that is used when creating the secret. Required if cert is provided. | | @@ -158,7 +159,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to ` ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.4.1 \ + --create-namespace -n sysdig --version=0.5.0 \ --set global.sysdig.region="us1" ``` @@ -167,7 +168,7 @@ installing the chart. For example: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.4.1 \ + --create-namespace -n sysdig --version=0.5.0 \ --values values.yaml ``` diff --git a/charts/cluster-scanner/templates/configmap.yaml b/charts/cluster-scanner/templates/configmap.yaml index 97df8a4a0..ee75a8ea6 100644 --- a/charts/cluster-scanner/templates/configmap.yaml +++ b/charts/cluster-scanner/templates/configmap.yaml @@ -25,6 +25,15 @@ data: rsi_leaderelection_lock_name: {{ .Values.runtimeStatusIntegrator.leaderElectionLeaseNameOverride | default (include "cluster-scanner.fullname" .) }} rsi_leaderelection_lock_namespace: {{ .Values.runtimeStatusIntegrator.leaderElectionLeaseNamespaceOverride | default .Release.Namespace }} rsi_service_name: {{ include "cluster-scanner.fullname" . }} + {{- if .Values.global.proxy.httpProxy }} + http_proxy: {{ .Values.global.proxy.httpProxy }} + {{- end -}} + {{- if .Values.global.proxy.httpsProxy }} + https_proxy: {{ .Values.global.proxy.httpsProxy }} + {{- end -}} + {{- if .Values.global.proxy.noProxy }} + no_proxy: {{ .Values.global.proxy.noProxy }} + {{- end -}} {{- include "cluster-scanner.rsiJsConfig" . | nindent 2 }} {{- include "cluster-scanner.iseJsConfig" . | nindent 2 }} ise_cache_type: {{ .Values.imageSbomExtractor.cache.type }} diff --git a/charts/cluster-scanner/templates/deployment.yaml b/charts/cluster-scanner/templates/deployment.yaml index 68f044a56..c973f2cc4 100644 --- a/charts/cluster-scanner/templates/deployment.yaml +++ b/charts/cluster-scanner/templates/deployment.yaml @@ -73,6 +73,24 @@ spec: - name: PPROF_PORT value: {{ .ports.pprof | default "6060" | quote }} {{- end }} + - name: HTTP_PROXY + valueFrom: + configMapKeyRef: + name: {{ include "cluster-scanner.fullname" . }} + key: http_proxy + optional: true + - name: HTTPS_PROXY + valueFrom: + configMapKeyRef: + name: {{ include "cluster-scanner.fullname" . }} + key: https_proxy + optional: true + - name: NO_PROXY + valueFrom: + configMapKeyRef: + name: {{ include "cluster-scanner.fullname" . }} + key: no_proxy + optional: true {{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} - name: SSL_CERT_FILE value: /ca-certs/{{- include "sysdig.custom_ca.keyName" (dict "global" .Values.global.ssl "component" .Values.ssl) -}} @@ -295,6 +313,24 @@ spec: - name: PPROF_PORT value: {{ .ports.pprof | default "6061" | quote }} {{- end }} + - name: HTTP_PROXY + valueFrom: + configMapKeyRef: + name: {{ include "cluster-scanner.fullname" . }} + key: http_proxy + optional: true + - name: HTTPS_PROXY + valueFrom: + configMapKeyRef: + name: {{ include "cluster-scanner.fullname" . }} + key: https_proxy + optional: true + - name: NO_PROXY + valueFrom: + configMapKeyRef: + name: {{ include "cluster-scanner.fullname" . }} + key: no_proxy + optional: true {{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} - name: SSL_CERT_FILE value: /ca-certs/{{- include "sysdig.custom_ca.keyName" (dict "global" .Values.global.ssl "component" .Values.ssl) -}} diff --git a/charts/cluster-scanner/tests/configmap_test.yaml b/charts/cluster-scanner/tests/configmap_test.yaml index 71968cef0..e1399ae66 100644 --- a/charts/cluster-scanner/tests/configmap_test.yaml +++ b/charts/cluster-scanner/tests/configmap_test.yaml @@ -310,3 +310,34 @@ tests: - equal: path: data.ise_pprof_enabled value: "marzullo" + + - it: "proxy parameters are optional" + set: + global.sysdig.apiHost: "http://test.com" + asserts: + - isNull: + path: data.http_proxy + - isNull: + path: data.https_proxy + - isNull: + path: data.no_proxy + + - it: "has correct value for proxy parameters when provided" + set: + global: + sysdig: + apiHost: "http://test.com" + proxy: + httpProxy: "fake-http-proxy" + httpsProxy: "fake-https-proxy" + noProxy: "fake-no-proxy" + asserts: + - equal: + path: data.http_proxy + value: "fake-http-proxy" + - equal: + path: data.https_proxy + value: "fake-https-proxy" + - equal: + path: data.no_proxy + value: "fake-no-proxy" diff --git a/charts/cluster-scanner/tests/deployment_test.yaml b/charts/cluster-scanner/tests/deployment_test.yaml index 45edb2ca8..abd443961 100644 --- a/charts/cluster-scanner/tests/deployment_test.yaml +++ b/charts/cluster-scanner/tests/deployment_test.yaml @@ -92,9 +92,9 @@ tests: asserts: - not: true isEmpty: - path: spec.template.spec.containers[0].env[9] + path: spec.template.spec.containers[0].env[?(@.name == "SYSDIG_KUBECONFIG_CONTENT")] - isSubset: - path: spec.template.spec.containers[0].env[9] + path: spec.template.spec.containers[0].env[?(@.name == "SYSDIG_KUBECONFIG_CONTENT")] content: name: SYSDIG_KUBECONFIG_CONTENT valueFrom: @@ -111,9 +111,9 @@ tests: asserts: - not: true isEmpty: - path: spec.template.spec.containers[1].env[37] + path: spec.template.spec.containers[1].env[?(@.name == "ANALYZER_CACHE_REDIS_TTL")] - isSubset: - path: spec.template.spec.containers[1].env[37] + path: spec.template.spec.containers[1].env[?(@.name == "ANALYZER_CACHE_REDIS_TTL")] content: name: ANALYZER_CACHE_REDIS_TTL valueFrom: @@ -146,7 +146,7 @@ tests: - myOtherDockerSecretTwo asserts: - equal: - path: spec.template.spec.containers[0].env[15] + path: spec.template.spec.containers[0].env[?(@.name == "LOCAL_REGISTRY_SECRETS")] value: name: LOCAL_REGISTRY_SECRETS valueFrom: @@ -172,7 +172,7 @@ tests: - myOtherDockerSecretTwo asserts: - equal: - path: spec.template.spec.containers[0].env[16] + path: spec.template.spec.containers[0].env[?(@.name == "EVE_ENABLED")] value: name: EVE_ENABLED valueFrom: @@ -328,17 +328,17 @@ tests: asserts: - not: true isEmpty: - path: spec.template.spec.containers[0].env[2] + path: spec.template.spec.containers[0].env[?(@.name == "PPROF_PORT")] - isSubset: - path: spec.template.spec.containers[0].env[2] + path: spec.template.spec.containers[0].env[?(@.name == "PPROF_PORT")] content: name: PPROF_PORT value: "6060" - not: true isEmpty: - path: spec.template.spec.containers[1].env[2] + path: spec.template.spec.containers[1].env[?(@.name == "PPROF_PORT")] - isSubset: - path: spec.template.spec.containers[1].env[2] + path: spec.template.spec.containers[1].env[?(@.name == "PPROF_PORT")] content: name: PPROF_PORT value: "6061" @@ -352,17 +352,17 @@ tests: asserts: - not: true isEmpty: - path: spec.template.spec.containers[0].env[2] + path: spec.template.spec.containers[0].env[?(@.name == "PPROF_PORT")] - isSubset: - path: spec.template.spec.containers[0].env[2] + path: spec.template.spec.containers[0].env[?(@.name == "PPROF_PORT")] content: name: PPROF_PORT value: "1010" - not: true isEmpty: - path: spec.template.spec.containers[1].env[2] + path: spec.template.spec.containers[1].env[?(@.name == "PPROF_PORT")] - isSubset: - path: spec.template.spec.containers[1].env[2] + path: spec.template.spec.containers[1].env[?(@.name == "PPROF_PORT")] content: name: PPROF_PORT value: "666" diff --git a/charts/cluster-scanner/values.yaml b/charts/cluster-scanner/values.yaml index 96fde7913..ace736341 100644 --- a/charts/cluster-scanner/values.yaml +++ b/charts/cluster-scanner/values.yaml @@ -24,6 +24,8 @@ global: pullSecrets: [] # The pull policy for Cluster Scanner pullPolicy: IfNotPresent + # Global HTTP Proxy settings. + proxy: {} # Set the logging level to use, useful for troubleshooting. Valid values, # sorted by increasing level of verbosity are: `PANIC`, `FATAL`, `ERROR`, diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index ab3b088a7..e9de10fbd 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.18.1 +version: 1.19.0 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com @@ -42,7 +42,7 @@ dependencies: - name: cluster-scanner # repository: https://charts.sysdig.com repository: file://../cluster-scanner - version: ~0.4.1 + version: ~0.5.0 alias: clusterScanner condition: clusterScanner.enabled - name: kspm-collector From 31babaa8386f26424184d2c6b73b123ab8c50949 Mon Sep 17 00:00:00 2001 From: draios-jenkins Date: Tue, 22 Aug 2023 14:07:21 +0000 Subject: [PATCH 2/3] github_actions_ci: Update CHANGELOG and RELEASE-NOTES for cluster-scanner-0.5.0 --- charts/cluster-scanner/CHANGELOG.md | 3 +++ charts/cluster-scanner/RELEASE-NOTES.md | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/cluster-scanner/CHANGELOG.md b/charts/cluster-scanner/CHANGELOG.md index 50acfc9ec..e85276152 100644 --- a/charts/cluster-scanner/CHANGELOG.md +++ b/charts/cluster-scanner/CHANGELOG.md @@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v0.5.0 +### New Features +* **cluster-scanner** [f9db25eb](https://github.com/sysdiglabs/charts/commit/f9db25eb77d6f648adefbf01ad3df983c41ddf70): allow to configure http proxy ([#1302](https://github.com/sysdiglabs/charts/issues/1302)) # v0.4.1 ### Documentation * **admission-controller, cluster-scanner, registry-scanner, cloud-connector, node-analyzer, rapid-response, sysdig-deploy, agent** [df733e62](https://github.com/sysdiglabs/charts/commit/df733e6294eae1967197e3521473a5fab0282b67): update maintainers list ([#1283](https://github.com/sysdiglabs/charts/issues/1283)) diff --git a/charts/cluster-scanner/RELEASE-NOTES.md b/charts/cluster-scanner/RELEASE-NOTES.md index b0fa78565..67008ddeb 100644 --- a/charts/cluster-scanner/RELEASE-NOTES.md +++ b/charts/cluster-scanner/RELEASE-NOTES.md @@ -1,5 +1,5 @@ # What's Changed -### Documentation -- **admission-controller, cluster-scanner, registry-scanner, cloud-connector, node-analyzer, rapid-response, sysdig-deploy, agent** [df733e62](https://github.com/sysdiglabs/charts/commit/df733e6294eae1967197e3521473a5fab0282b67): update maintainers list ([#1283](https://github.com/sysdiglabs/charts/issues/1283)) -#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.4.0...cluster-scanner-0.4.1 +### New Features +- **cluster-scanner** [f9db25eb](https://github.com/sysdiglabs/charts/commit/f9db25eb77d6f648adefbf01ad3df983c41ddf70): allow to configure http proxy ([#1302](https://github.com/sysdiglabs/charts/issues/1302)) +#### Full diff: https://github.com/sysdiglabs/charts/compare/cluster-scanner-0.4.1...cluster-scanner-0.5.0 From d95e2830927f19c1d01ca5636b98a57b9f80628b Mon Sep 17 00:00:00 2001 From: draios-jenkins Date: Tue, 22 Aug 2023 14:07:21 +0000 Subject: [PATCH 3/3] github_actions_ci: Update CHANGELOG and RELEASE-NOTES for sysdig-deploy-1.19.0 --- charts/sysdig-deploy/CHANGELOG.md | 3 +++ charts/sysdig-deploy/RELEASE-NOTES.md | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/sysdig-deploy/CHANGELOG.md b/charts/sysdig-deploy/CHANGELOG.md index 3252396c3..14806e3a5 100644 --- a/charts/sysdig-deploy/CHANGELOG.md +++ b/charts/sysdig-deploy/CHANGELOG.md @@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.19.0 +### New Features +* **cluster-scanner** [f9db25eb](https://github.com/sysdiglabs/charts/commit/f9db25eb77d6f648adefbf01ad3df983c41ddf70): allow to configure http proxy ([#1302](https://github.com/sysdiglabs/charts/issues/1302)) # v1.18.1 ### Chores * **sysdig-deploy** [23e2c873](https://github.com/sysdiglabs/charts/commit/23e2c8737856d6c59842e042b27cf09c68ec6402): Automatic version bump due to updated dependencies ([#1306](https://github.com/sysdiglabs/charts/issues/1306)) diff --git a/charts/sysdig-deploy/RELEASE-NOTES.md b/charts/sysdig-deploy/RELEASE-NOTES.md index ef0c06723..85f6738c2 100644 --- a/charts/sysdig-deploy/RELEASE-NOTES.md +++ b/charts/sysdig-deploy/RELEASE-NOTES.md @@ -1,5 +1,5 @@ # What's Changed -### Chores -- **sysdig-deploy** [23e2c873](https://github.com/sysdiglabs/charts/commit/23e2c8737856d6c59842e042b27cf09c68ec6402): Automatic version bump due to updated dependencies ([#1306](https://github.com/sysdiglabs/charts/issues/1306)) -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.18.0...sysdig-deploy-1.18.1 +### New Features +- **cluster-scanner** [f9db25eb](https://github.com/sysdiglabs/charts/commit/f9db25eb77d6f648adefbf01ad3df983c41ddf70): allow to configure http proxy ([#1302](https://github.com/sysdiglabs/charts/issues/1302)) +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.18.1...sysdig-deploy-1.19.0