diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md
index 7c0e23b56..80e070b4a 100644
--- a/charts/admission-controller/README.md
+++ b/charts/admission-controller/README.md
@@ -23,7 +23,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
- --create-namespace -n sysdig-admission-controller --version=0.11.9 \
+ --create-namespace -n sysdig-admission-controller --version=0.12.0 \
--set clusterName=CLUSTER_NAME \
--set sysdig.secureAPIToken=SECURE_API_TOKEN
```
@@ -55,7 +55,7 @@ This chart deploys the Sysdig Admission Controller on a [Kubernetes](http://kube
To install the chart with the release name `admission-controller`:
```console
-$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.9
+$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.12.0
```
The command deploys the Sysdig Admission Controller on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -87,6 +87,12 @@ The following table lists the configurable parameters of the `admission-controll
| global.proxy | Global HTTP Proxy settings. | {}
|
| global.image.pullSecrets | | []
|
| global.image.pullPolicy | | IfNotPresent
|
+| global.ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | []
|
+| global.ssl.ca.keyName | Filename that is used when creating the secret. Required if cert is provided. |
|
+| global.ssl.ca.existingCaSecret | Provide the name of an existing Secret that contains the CA required |
|
+| global.ssl.ca.existingCaSecretKeyName | Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. |
|
+| global.ssl.ca.existingCaConfigMap | Provide the name of an existing ConfigMap that contains the CA required |
|
+| global.ssl.ca.existingCaConfigMapKeyName | Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. |
|
| clusterName | **required**
Cluster Name which appear on Secure UI | ""
|
| namespace | Namespace to install components (Optional, will default to release namespace).
IMPORTANT: If a namespace is specified this way it must already exist otherwise installation will fail. | ""
|
| sysdig.secureAPIToken | **required**
API Token to access Sysdig Secure.
If neither this value nor `sysdig.existingSecureAPITokenSecret` are configured, the user will be required to provide the deployment the `SECURE_API_TOKEN` (and `AUTH_BEARER_TOKEN` if the scanner is enabled) environment variables. Overrides `global.sysdig.secureAPIToken` | ""
|
@@ -144,6 +150,12 @@ The following table lists the configurable parameters of the `admission-controll
| webhook.logLevel | Log Level - Valid Values are: error, info, debug, trace | info
|
| webhook.ssl.reuseTLSSecret | Reuse existing TLS Secret during chart upgrade | false
|
| webhook.ssl.ca.cert | For outbound connections (secure backend, proxy,...)
A PEM-encoded x509 certificate authority. | ""
|
+| webhook.ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | []
|
+| webhook.ssl.ca.keyName | Filename that is used when creating the secret. Required if cert is provided. |
|
+| webhook.ssl.ca.existingCaSecret | Provide the name of an existing Secret that contains the CA required |
|
+| webhook.ssl.ca.existingCaSecretKeyName | Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. |
|
+| webhook.ssl.ca.existingCaConfigMap | Provide the name of an existing ConfigMap that contains the CA required |
|
+| webhook.ssl.ca.existingCaConfigMapKeyName | Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. |
|
| webhook.customEntryPoint | Custom entrypoint for the webhook
Remember to provide the webhook valid arguments with `--tls_cert_file` and `--tls_private_key_file`.
default: /bin/webhook --tls_cert_file /cert/tls.crt --tls_private_key_file /cert/tls.key | []
|
| webhook.http.port | HTTP serve port where the requests will be served from | 5000
|
| scc.create | Enable the creation of Security Context Constraints in Openshift | true
|
@@ -174,6 +186,12 @@ The following table lists the configurable parameters of the `admission-controll
| scanner.tolerations | Tolerations for scheduling for the scanner | []
|
| scanner.affinity | Configure affinity rules for the scanner | {}
|
| scanner.ssl.ca.cert | For outbound connections (secure backend, proxy,...).
A PEM-encoded x509 certificate authority. | ""
|
+| scanner.ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | []
|
+| scanner.ssl.ca.keyName | Filename that is used when creating the secret. Required if cert is provided. |
|
+| scanner.ssl.ca.existingCaSecret | Provide the name of an existing Secret that contains the CA required |
|
+| scanner.ssl.ca.existingCaSecretKeyName | Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. |
|
+| scanner.ssl.ca.existingCaConfigMap | Provide the name of an existing ConfigMap that contains the CA required |
|
+| scanner.ssl.ca.existingCaConfigMapKeyName | Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. |
|
| scanner.customEntryPoint | Custom entrypoint for the scanner.
Remember to provide the scanner valid arguments with `--server_port` and optionally `--auth_secure_token`
default: /inline-scan-service --server_port=8080 | []
|
@@ -181,7 +199,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
```console
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
- --create-namespace -n sysdig-admission-controller --version=0.11.9 \
+ --create-namespace -n sysdig-admission-controller --version=0.12.0 \
--set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
```
@@ -190,7 +208,7 @@ installing the chart. For example:
```console
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
- --create-namespace -n sysdig-admission-controller --version=0.11.9 \
+ --create-namespace -n sysdig-admission-controller --version=0.12.0 \
--values values.yaml
```
diff --git a/charts/admission-controller/values.yaml b/charts/admission-controller/values.yaml
index 1149211af..1367aafff 100644
--- a/charts/admission-controller/values.yaml
+++ b/charts/admission-controller/values.yaml
@@ -18,6 +18,40 @@ global:
image:
pullSecrets: []
pullPolicy: IfNotPresent
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
# **required**
#
Cluster Name which appear on Secure UI
@@ -222,6 +256,38 @@ webhook:
# For outbound connections (secure backend, proxy,...)
#
A PEM-encoded x509 certificate authority.
cert: ""
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
+
# Custom entrypoint for the webhook
#
Remember to provide the webhook valid arguments with `--tls_cert_file` and `--tls_private_key_file`.
@@ -332,6 +398,39 @@ scanner:
#
A PEM-encoded x509 certificate authority.
cert: ""
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
+
# Custom entrypoint for the scanner.
#
Remember to provide the scanner valid arguments with `--server_port` and optionally `--auth_secure_token`
#
default: /inline-scan-service --server_port=8080
diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
index 99e26f98a..f825ba520 100644
--- a/charts/agent/values.yaml
+++ b/charts/agent/values.yaml
@@ -11,6 +11,39 @@ global:
image:
pullSecrets: []
pullPolicy: IfNotPresent
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret
+ existingCaSecretKeyName:
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap
+ existingCaConfigMapKeyName:
namespace: ""
@@ -327,6 +360,39 @@ delegatedAgentDeployment:
# Allow direct setting of Agent log priority levels for console and file logs (info|debug)
logPriority:
+ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret
+ existingCaSecretKeyName:
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap
+ existingCaConfigMapKeyName:
tests:
timeout: 300s
image:
diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md
index a1d5597ac..c1c7d75d6 100644
--- a/charts/cluster-scanner/README.md
+++ b/charts/cluster-scanner/README.md
@@ -25,7 +25,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.3.3 \
+ --create-namespace -n sysdig --version=0.4.0 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.3.3 \
+ --create-namespace -n sysdig --version=0.4.0 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -94,6 +94,12 @@ The following table lists the configurable parameters of the `cluster-scanner` c
| global.image.pullSecrets | The pull secrets for Cluster Scanner | []
|
| global.image.pullPolicy | The pull policy for Cluster Scanner | IfNotPresent
|
| global.loggingLevel | Set the logging level to use, useful for troubleshooting. Valid values, sorted by increasing level of verbosity are: `PANIC`, `FATAL`, `ERROR`, `WARN`, `INFO`, `DEBUG`, `TRACE`. | "INFO"
|
+| global.ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | []
|
+| global.ssl.ca.keyName | Filename that is used when creating the secret. Required if cert is provided. |
|
+| global.ssl.ca.existingCaSecret | Provide the name of an existing Secret that contains the CA required |
|
+| global.ssl.ca.existingCaSecretKeyName | Provide the filename that is defined inside the existing Secret |
|
+| global.ssl.ca.existingCaConfigMap | Provide the name of an existing ConfigMap that contains the CA required |
|
+| global.ssl.ca.existingCaConfigMapKeyName | Provide the filename that is defined inside the existing ConfigMap |
|
| eveEnabled | Enables Sysdig Eve to retrieve the list of running packages. | false
|
| eveIntegrationEnabled | Enables the integration with Sysdig Eve. Stores the list of running packages to Sysdig backend. It implies `eveEnabled: true`. | false
|
| rootNamespace | The namespace to use to retrieve the cluster UID | "kube-system"
|
@@ -140,13 +146,19 @@ The following table lists the configurable parameters of the `cluster-scanner` c
| nodeSelector.kubernetes.io/arch | Cluster Scanner is only supported on nodes with amd64 architecture | amd64
|
| tolerations | Set Cluster Scanner scheduling tolerations | []
|
| affinity | Set Cluster Scanner affinity | {}
|
+| ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | []
|
+| ssl.ca.keyName | Filename that is used when creating the secret. Required if cert is provided. |
|
+| ssl.ca.existingCaSecret | Provide the name of an existing Secret that contains the CA required |
|
+| ssl.ca.existingCaSecretKeyName | Provide the filename that is defined inside the existing Secret |
|
+| ssl.ca.existingCaConfigMap | Provide the name of an existing ConfigMap that contains the CA required |
|
+| ssl.ca.existingCaConfigMapKeyName | Provide the filename that is defined inside the existing ConfigMap |
|
Specify each parameter using the **`--set key=value[,key=value]`** argument to `helm upgrade --install`. For example:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.3.3 \
+ --create-namespace -n sysdig --version=0.4.0 \
--set global.sysdig.region="us1"
```
@@ -155,7 +167,7 @@ installing the chart. For example:
```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
- --create-namespace -n sysdig --version=0.3.3 \
+ --create-namespace -n sysdig --version=0.4.0 \
--values values.yaml
```
diff --git a/charts/cluster-scanner/values.yaml b/charts/cluster-scanner/values.yaml
index 7c22e002f..96fde7913 100644
--- a/charts/cluster-scanner/values.yaml
+++ b/charts/cluster-scanner/values.yaml
@@ -29,7 +29,39 @@ global:
# sorted by increasing level of verbosity are: `PANIC`, `FATAL`, `ERROR`,
# `WARN`, `INFO`, `DEBUG`, `TRACE`.
loggingLevel: "INFO"
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret
+ existingCaSecretKeyName:
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap
+ existingCaConfigMapKeyName:
# Enables Sysdig Eve to retrieve the list of running packages.
eveEnabled: false
# Enables the integration with Sysdig Eve. Stores the list of running packages
@@ -223,3 +255,37 @@ tolerations: []
# Set Cluster Scanner affinity
affinity: {}
+
+ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret
+ existingCaSecretKeyName:
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap
+ existingCaConfigMapKeyName:
diff --git a/charts/kspm-collector/values.yaml b/charts/kspm-collector/values.yaml
index dce31b1e4..1b6ea6470 100644
--- a/charts/kspm-collector/values.yaml
+++ b/charts/kspm-collector/values.yaml
@@ -20,6 +20,40 @@ global:
image:
pullSecrets: []
pullPolicy: IfNotPresent
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
sysdig:
# Required: You need your Sysdig access key before running agents, either specifying 'accessKey' here, or using 'existingAccessKeySecret'
@@ -137,6 +171,41 @@ affinity: {}
labels: {}
+ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
+
tests:
timeout: 300s
image:
diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml
index 96c537a9a..9a9ab42fd 100644
--- a/charts/node-analyzer/values.yaml
+++ b/charts/node-analyzer/values.yaml
@@ -13,6 +13,40 @@ global:
image:
pullSecrets: []
pullPolicy: IfNotPresent
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
image:
# This is a hack to support RELATED_IMAGE_ feature in Helm based
@@ -377,6 +411,40 @@ nodeAnalyzer:
periodSeconds: 3
env: {}
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
tests:
timeout: 300s
diff --git a/charts/rapid-response/values.yaml b/charts/rapid-response/values.yaml
index a2cabfa2f..2e0631117 100644
--- a/charts/rapid-response/values.yaml
+++ b/charts/rapid-response/values.yaml
@@ -6,6 +6,41 @@ global:
image:
pullSecrets: []
pullPolicy: IfNotPresent
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ # See below in the rapidResponse.ssl.ca.cert key for an example
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName: root_ca_file.crt
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
sysdig:
# Required: You need your Sysdig access key before running agents, either specifying 'accessKey' here, or using 'existingAccessKeySecret'
@@ -74,49 +109,38 @@ rapidResponse:
# Import custom CA certificates
ssl:
ca:
- certs:
- []
- # Example of certificate
- # - |
- # -----BEGIN CERTIFICATE-----
- # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
- # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
- # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
- # DwAwggEKAoIBAQCqiqSoGHDbQhULBpkS+4Ip4VLF36DZpT8CJ4rOBA5+8Cnjd3XY
- # I+n1g6ta/s/6QMEy46rHUysGrmtb/G5+dDAzfNUuAJh2vJEb3Yt8ysihxPwxLie+
- # 85dgEQirruyruvR7zczRo1BVoa7Q5M9kMPnM6a+M5mEjnVoqwdD3g4QigkSQ2ewD
- # 7AwwOALgDd4duuUUoCz+IKr+8PWBHvCpRrgwSoVNjw8fckWb4fMLaChiyr9SZfpq
- # qjR8rRq65Yb7etmpRew61czWMv2Tv45bz6xigdB/zWe6+qAFiHqXaHDyxytkji3C
- # ZuBxa8Xl7xYfpcczEa1qh8ByAQyWzKN5xRY1AgMBAAGjYTBfMA4GA1UdDwEB/wQE
- # AwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUw
- # AwEB/zAdBgNVHQ4EFgQUslz034d5FUO+jSzlsgWlFeP/ogwwDQYJKoZIhvcNAQEL
- # BQADggEBAJH3MIVEnnjB3XLA6cw61dWTtigLcA5caT5yEJALf126dBaPwFsOn0mi
- # ehxdSRh+LrDzEN1MP9NJRpKQxMCy694sAzZGJggBhBGE6P0InLM56lBHlmqN2Cfy
- # apwtueUtXm/GoB+3FEsRnjl7qzi40oadosdu0pIrqvviTjmbfm6CfxaW4crAu6Ev
- # 3fl41WW/2WWzFU7KV7ApfRfzJUZ82vo8n6CXv2ogt7DOrAE4l27KS5oqNu8K5STh
- # FdNM4fBjDhoRhwIrurHDGabsIJa+0yThwRQSSafereqredfafLOHqV/ar6S63BGe
- # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
- # -----END CERTIFICATE-----
- # - |
- # -----BEGIN CERTIFICATE-----
- # MIIDEzXXAguhgAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
- # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
- # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
- # DwAwggEKAoIBAQCqiqSoGHDbQhULBpkS+4Ip4VLF36DZpT8CJ4rOBA5+8Cnjd3XY
- # I+n1g6ta/s/6QMEy46rHUysGrmtb/G5+dDAzfNUuAJh2vJEb3Yt8ysihxPwxLie+
- # 85dgEQirruyruvR7zczRo1BVoa7Q5M9kMPnM6a+M5mEjnVoqwdD3g4QigkSQ2ewD
- # 7AwwOALgDd4duuUUoCz+IKr+8PWBHvCpRrgwSoVNjw8fckWb4fMLaChiyr9SZfpq
- # qjR8rRq65Yb7etmpRew61czWMv2Tv45bz6xigdB/zWe6+qAFiHqXaHDyxytkji3C
- # ZuBxa8Xl7xYfpcczEa1qh8ByAQyWzKN5xRY1AgMBAAGjYTBfMA4GA1UdDwEB/wQE
- # AwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUw
- # AwEB/zAdBgNVHQ4EFgQUslz034d5FUO+jSzlsgWlFeP/ogwwDQYJKoZIhvcNAQEL
- # BQADggEBAJH3MIVEnnjB3XLA6cw61dWTtigLcA5caT5yEJALf126dBaPwFsOn0mi
- # ehxdSRh+LrDzEN1MP9NJRpKQxMCy694sAzZGJggBhBGE6P0InLM56lBHlmqN2Cfy
- # apwtueUtXm/GoB+3FEsRnjl7qzi40oadosdu0pIrqvviTjmbfm6CfxaW4crAu6Ev
- # 3fl41WW/2WWzFU7KV7ApfRfzJUZ82vo8n6CXv2ogt7DOrAE4l27KS5oqNu8K5STh
- # FdNM4fBjDhoRhwIrurHDGabsIJa+0yThwRQSSafereqredfafLOHqV/ar6S63BGe
- # MMNlTAQ9fvdNOTzZntye0ZZZR5SG13E=
- # -----END CERTIFICATE-----
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set.
+ existingCaSecretKeyName:
+
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set.
+ existingCaConfigMapKeyName:
# The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to
# running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail.
diff --git a/charts/sysdig-deploy/values.yaml b/charts/sysdig-deploy/values.yaml
index 1bff7ea3c..58d8a5d36 100644
--- a/charts/sysdig-deploy/values.yaml
+++ b/charts/sysdig-deploy/values.yaml
@@ -18,6 +18,39 @@ global:
image:
pullSecrets: []
pullPolicy: IfNotPresent
+ ssl:
+ ca:
+ # For outbound connections (secure backend, proxy,...)
+ # A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates.
+ certs: []
+ # Example of certificate
+ # certs:
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYR5SR13E=
+ # -----END CERTIFICATE-----
+ # - |
+ # -----BEGIN CERTIFICATE-----
+ # MIIDEzCCAfugAwIBAgIQKiv9U+KxPJzu1adXwC06RzANBgkqhkiG9w0BAQsFADAU
+ # MRIwEAYDVQQDEwloYXJib3ItY2EwHhcNMjIwMjIzMDY1NjExWhcNMjMwMjIzMDY1
+ # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
+ # -----END CERTIFICATE-----
+
+ # Filename that is used when creating the secret. Required if cert is provided.
+ keyName:
+
+ # Provide the name of an existing Secret that contains the CA required
+ existingCaSecret:
+ # Provide the filename that is defined inside the existing Secret
+ existingCaSecretKeyName:
+ # Provide the name of an existing ConfigMap that contains the CA required
+ existingCaConfigMap:
+ # Provide the filename that is defined inside the existing ConfigMap
+ existingCaConfigMapKeyName:
admissionController:
enabled: false