Merge branch 'master' into SSPROD-23092_Integrate_new_Admission_Contr…

…oller_to_existing_AC_chart
sysdiglabs · Jul 17, 2023 · 7596de0 · 7596de0
2 parents 1210d3f + 1095988
commit 7596de0
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/charts/admission-controller/CHANGELOG.md b/charts/admission-controller/CHANGELOG.md
@@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
 exclusively to fix incorrect entries and not to add new ones.
 
 ## Change Log
+# v0.11.4
+### New Features
+* **admission-controller** [03f5b13a](https://github.com/sysdiglabs/charts/commit/03f5b13a47cd4f57a938daf1a2cd4aeb671251d1): Add labels to VAC webhook to adopt existing one ([#1238](https://github.com/sysdiglabs/charts/issues/1238))
 # v0.11.3
 * feat: remove workload name from scanning secure events for both dry run and real secure events
 

diff --git a/charts/admission-controller/RELEASE-NOTES.md b/charts/admission-controller/RELEASE-NOTES.md
@@ -1,5 +1,5 @@
 # What's Changed
 
 ### New Features
-- **admission-controller** [96208c13](https://github.com/sysdiglabs/charts/commit/96208c130458ec7e8159cbc729847793de63f9a5): remove workload name from scanning events ([#1234](https://github.com/sysdiglabs/charts/issues/1234))
-#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.11.2...admission-controller-0.11.3
+- **admission-controller** [03f5b13a](https://github.com/sysdiglabs/charts/commit/03f5b13a47cd4f57a938daf1a2cd4aeb671251d1): Add labels to VAC webhook to adopt existing one ([#1238](https://github.com/sysdiglabs/charts/issues/1238))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.11.3...admission-controller-0.11.4
diff --git a/charts/admission-controller/templates/webhook/admissionregistration.yaml b/charts/admission-controller/templates/webhook/admissionregistration.yaml
@@ -5,12 +5,15 @@ so the template is executed just once
 {{- $certString := include "admissionController.webhook.gen-certs" . -}}
 {{- $certList := split "$" $certString -}}
 ---
+{{- $existingVac := (lookup "admissionregistration.k8s.io/v1" "ValidatingWebhookConfiguration" (include "admissionController.namespace" .) (include "admissionController.webhook.fullname" .))}}
+{{- if (or (not $existingVac) (and $existingVac (eq (index $existingVac.metadata.annotations "meta.helm.sh/release-name") .Release.Name ) (eq (index $existingVac.metadata.annotations "meta.helm.sh/release-namespace") .Release.Namespace ))) }}
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: {{ include "admissionController.webhook.fullname" . }}
   namespace: {{ include "admissionController.namespace" . }}
 webhooks: []
+{{- end}}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
@@ -19,6 +22,10 @@ metadata:
   namespace: {{ include "admissionController.namespace" . }}
   annotations:
     "helm.sh/hook": "post-install, post-upgrade"
+    meta.helm.sh/release-name: {{ .Release.Name }}
+    meta.helm.sh/release-namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/managed-by: Helm
 webhooks:
 {{- if .Values.features.kspmAdmissionController}}
 - name: vac.secure.sysdig.com