diff --git a/charts/kspm-collector/templates/_helpers.tpl b/charts/kspm-collector/templates/_helpers.tpl index 1ab2cdbfd..75f7d55fc 100644 --- a/charts/kspm-collector/templates/_helpers.tpl +++ b/charts/kspm-collector/templates/_helpers.tpl @@ -178,3 +178,18 @@ KSPM Collector nodeSelector true {{- end }} {{- end }} + +{{/* +Return agent tags if available +*/}} +{{- define "agent.tags" }} +{{- $globalSettings := .Values.settings | default dict }} +{{- $agentSettings := .Values.agent | default dict }} +{{- $globalTags := dig "global" "settings" "tags" "" $globalSettings }} +{{- $agentTags := dig "agent" "sysdig" "settings" "tags" "" $agentSettings }} +{{- if ne $globalTags "" -}} + {{ $globalTags }} +{{- else if ne $agentTags "" -}} + {{ $agentTags }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kspm-collector/templates/deployment.yaml b/charts/kspm-collector/templates/deployment.yaml index fed452c45..a90090d88 100644 --- a/charts/kspm-collector/templates/deployment.yaml +++ b/charts/kspm-collector/templates/deployment.yaml @@ -165,6 +165,10 @@ spec: key: agent_port name: {{ template "kspmCollector.fullname" . }} optional: true + {{- if ne (include "agent.tags" .) "" }} + - name: TAGS + value: {{ include "agent.tags" . }} + {{- end }} {{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} - name: SSL_CERT_FILE value: /ca-certs/{{- include "sysdig.custom_ca.keyName" (dict "global" .Values.global.ssl "component" .Values.ssl) -}} diff --git a/charts/kspm-collector/tests/agent_tags_test.yaml b/charts/kspm-collector/tests/agent_tags_test.yaml new file mode 100644 index 000000000..1858a3f5f --- /dev/null +++ b/charts/kspm-collector/tests/agent_tags_test.yaml @@ -0,0 +1,66 @@ +suite: Test kspm-collector Agent Tags +templates: + - deployment.yaml +tests: + - it: Check agent tags are set from global.settings.tags + documentIndex: 0 + set: + clusterName: "test-k8s" + scanner: + enabled: true + webhook: + enabled: true + sysdig: + accessKey: standard-key + secureAPIToken: standard-token + global: + ssl: + settings: + tags: tag:value + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: TAGS + value: tag:value + template: deployment.yaml + - it: Check agent tags are set from agent.sysdig.settings.tags + documentIndex: 0 + set: + clusterName: "test-k8s" + scanner: + enabled: true + webhook: + enabled: true + sysdig: + accessKey: standard-key + secureAPIToken: standard-token + agent: + sysdig: + settings: + tags: tag:value + asserts: + - equal: + path: spec.template.spec.containers[0].env + content: + name: TAGS + value: tag:value + template: deployment.yaml + - it: Check agent tags are not set + documentIndex: 0 + set: + clusterName: "test-k8s" + scanner: + enabled: true + webhook: + enabled: true + sysdig: + accessKey: standard-key + secureAPIToken: standard-token + asserts: + - isNullOrEmpty: + path: spec.template.spec.containers[0].env + content: + name: TAGS + value: tag:value + template: deployment.yaml \ No newline at end of file diff --git a/charts/node-analyzer/templates/_helpers.tpl b/charts/node-analyzer/templates/_helpers.tpl index 38bcfe478..525fca39a 100644 --- a/charts/node-analyzer/templates/_helpers.tpl +++ b/charts/node-analyzer/templates/_helpers.tpl @@ -288,3 +288,19 @@ Returns the namespace for installing components true {{- end }} {{- end }} + + +{{/* +Return agent tags if available +*/}} +{{- define "agent.tags" }} +{{- $globalSettings := .Values.settings | default dict }} +{{- $agentSettings := .Values.agent | default dict }} +{{- $globalTags := dig "global" "settings" "tags" "" $globalSettings }} +{{- $agentTags := dig "agent" "sysdig" "settings" "tags" "" $agentSettings }} +{{- if ne $globalTags "" -}} + {{ $globalTags }} +{{- else if ne $agentTags "" -}} + {{ $agentTags }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/node-analyzer/templates/daemonset-node-analyzer.yaml b/charts/node-analyzer/templates/daemonset-node-analyzer.yaml index 50bf7a234..ddbfcaa19 100644 --- a/charts/node-analyzer/templates/daemonset-node-analyzer.yaml +++ b/charts/node-analyzer/templates/daemonset-node-analyzer.yaml @@ -237,6 +237,10 @@ spec: name: {{ .Release.Name }}-kspm-analyzer key: agent_port optional: true + {{- if ne (include "agent.tags" .) "" }} + - name: TAGS + value: {{ include "agent.tags" . }} + {{- end }} {{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.nodeAnalyzer.ssl)) "true" }} - name: SSL_CERT_FILE value: /ca-certs/{{- include "sysdig.custom_ca.keyName" (dict "global" .Values.global.ssl "component" .Values.nodeAnalyzer.ssl) -}} diff --git a/charts/node-analyzer/tests/agent_tags_test.yaml b/charts/node-analyzer/tests/agent_tags_test.yaml new file mode 100644 index 000000000..e4151679a --- /dev/null +++ b/charts/node-analyzer/tests/agent_tags_test.yaml @@ -0,0 +1,41 @@ +suite: Test kspm-collector Agent Tags +templates: + - daemonset-node-analyzer.yaml +tests: + - it: Check agent tags are set from global.settings.tags + documentIndex: 0 + set: + global: + ssl: + settings: + tags: tag:value + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: TAGS + value: tag:value + template: deployment.yaml + - it: Check agent tags are set from agent.sysdig.settings.tags + documentIndex: 0 + set: + agent: + sysdig: + settings: + tags: tag:value + asserts: + - equal: + path: spec.template.spec.containers[0].env + content: + name: TAGS + value: tag:value + template: deployment.yaml + - it: Check agent tags are not set + documentIndex: 0 + asserts: + - isNullOrEmpty: + path: spec.template.spec.containers[0].env + content: + name: TAGS + value: tag:value + template: deployment.yaml \ No newline at end of file