Skip to content

Commit

Permalink
chore(cluster-shield,sysdig-deploy): bump cluster-shield to version 1…
Browse files Browse the repository at this point in the history 
….2.0 (#1874)

Co-authored-by: AlbertoBarba <[email protected]>
Co-authored-by: Alberto Barba <[email protected]>
  • Loading branch information
@draios-jenkins @AlbertoBarba
3 people authored Aug 5, 2024
1 parent e6fce76 commit d1957ea
Show file tree
Hide file tree
Showing 14 changed files with 651 additions and 178 deletions.
4 changes: 2 additions & 2 deletions charts/cluster-shield/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ apiVersion: v2
name: cluster-shield
description: Cluster Shield Helm Chart for Kubernetes
type: application
version: 1.1.2
appVersion: "1.1.2"
version: 1.2.0
appVersion: "1.2.0"
maintainers:
- name: AlbertoBarba
email: [email protected]
Expand Down
9 changes: 5 additions & 4 deletions charts/cluster-shield/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-sysdig-cluster-shield sysdig/cluster-shield \
--create-namespace -n sysdig-agent --version=1.1.2 \
--create-namespace -n sysdig-agent --version=1.2.0 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
Expand Down Expand Up @@ -144,11 +144,9 @@ The following table lists the configurable parameters of the `cluster-shield` ch
| cluster_shield.features.container_vulnerability_management.enabled | Enable the container vulnerability management feature | <code>false</code> |
| cluster_shield.features.container_vulnerability_management.in_use.enabled | Allows to retrieve the list of running packages. | <code>true</code> |
| cluster_shield.features.container_vulnerability_management.in_use.integration_enabled | Allows to store the list of running packages to Sysdig backend. | <code>false</code> |
| cluster_shield.features.container_vulnerability_management.local_cluster.enabled | Enable to scan the cluster where the cluster-shield is running. | <code>true</code> |
| cluster_shield.features.container_vulnerability_management.local_cluster.registry_secrets | Restrict access to specific Docker secrets when Cluster Scanner is running. The default behavior is listing all secrets. | <code>[]</code> |
| cluster_shield.features.container_vulnerability_management.platform_services_enabled | Define if the platform services are enabled | <code>true</code> |
| cluster_shield.features.container_vulnerability_management.registry_ssl.verify | If set to false it allows insecure connections to registries, Such as for registries with self-signed or private certificates. | <code>true</code> |
| cluster_shield.features.container_vulnerability_management.remote_clusters.enabled | | <code>false</code> |
| cluster_shield.features.kubernetes_metadata.enabled | Enable the Kubernetes Metadata feature | <code>false</code> |
| ca.certs | A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | <code>[]</code> |
| ca.keyName | Filename that is used when creating the secret. Required if certs is provided. | <code>null</code> |
Expand All @@ -157,7 +155,8 @@ The following table lists the configurable parameters of the `cluster-shield` ch
| ca.existingCaConfigMap | Provide the name of an existing ConfigMap that contains the CA required | <code>null</code> |
| ca.existingCaConfigMapKeyName | Provide the filename that is defined inside the existing ConfigMap | <code>null</code> |
| run_command | The command executed by the Cluster Shield POD | <code>"run-all-namespaced"</code> |
| image.repository | The Cluster Shield container image repository | <code>quay.io/sysdig/cluster-shield</code> |
| image.registry | The Sysdig Registry Scanner image registry. | <code>quay.io</code> |
| image.repository | The Cluster Shield container image repository | <code>sysdig/cluster-shield</code> |
| image.pullPolicy | The Cluster Shield container image pull policy | <code></code> |
| proxy.httpProxy | Sets the HTTP Proxy address. | <code></code> |
| proxy.httpsProxy | Sets the HTTPS Proxy address. | <code></code> |
Expand Down Expand Up @@ -188,6 +187,8 @@ The following table lists the configurable parameters of the `cluster-shield` ch
| updateStrategy.type | The update strategy for the Cluster Shield deployment | <code>RollingUpdate</code> |
| updateStrategy.rollingUpdate | The rolling update strategy for the Cluster Shield deployment | <code>{}</code> |
| onPremCompatibilityVersion | Optional parameter used to check the compatibility of cluster-shield component versions with the on-premised backend version. If you are running an on-prem version of the Sysdig backend, you MUST set this parameter with the version of Sysdig backend you are using. If you are runinng on SaaS, do NOT provide this parameter. | <code></code> |
| hostNetwork | Specifies if Cluster Shield should be started in hostNetwork mode. This field is required if you are using a custom CNI where the control plane nodes are unable to initiate network connections to the pods, for example, using Calico CNI plugin on EKS. | <code>false</code> |
| dnsPolicy | Define Cluster Shield Pods DNS Policy | <code></code> |


## Running helm unit tests
Expand Down
Loading

0 comments on commit d1957ea

Please sign in to comment.