Skip to content

Commit

Permalink
Merge branch 'master' into SSPROD-23092_Integrate_new_Admission_Contr…
Browse files Browse the repository at this point in the history 
…oller_to_existing_AC_chart
  • Loading branch information
@airadier
airadier authored Jul 12, 2023
2 parents c5c6b1b + 3aa1546 commit ee05217
Show file tree
Hide file tree
Showing 72 changed files with 3,443 additions and 447 deletions.
10 changes: 4 additions & 6 deletions .chglog/RELEASE.tpl.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
{{ if .Versions -}}
{{ range .Versions }}
{{ range .CommitGroups -}}
{{- if not (eq "Ignored" .Title ) -}}
{{ if not (eq "Ignored" .Title ) -}}
### {{ .Title }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}** {{ end }}[{{.Hash.Short}}]({{ $.Info.RepositoryURL }}/commit/{{ .Hash.Long }}): {{ .Subject }}
Expand All @@ -14,17 +14,15 @@
{{ end -}}
{{ end -}}
{{ end -}}

{{- if .OtherCommits -}}
{{ if .OtherCommits -}}
### Others
{{ range .OtherCommits -}}
{{- range .OtherCommits -}}
- [{{.Hash.Short}}]({{ $.Info.RepositoryURL }}/commit/{{ .Hash.Long }})
{{ end -}}
{{ end -}}
{{ end -}}

{{- if .Versions }}
{{ range .Versions -}}
{{- range .Versions -}}
{{ if .Tag.Previous -}}
#### Full diff: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
{{ end -}}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/helm-unit-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ jobs:
- name: Set up helm unit test plugin
run: helm plugin install https://github.com/helm-unittest/helm-unittest --version=0.3.0

- name: Bundle sysdig-deploy dependencies
run: helm dependency build ./charts/sysdig-deploy
- name: Bundle chart dependencies
run: make deps

- name: Test admission-controller
run: helm unittest --strict ./charts/admission-controller
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/lint-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,8 @@ jobs:
k3s-version: v1.23.9+k3s1

- name: Run chart-testing (install)
run: ct install --upgrade --excluded-charts sysdig-stackdriver-bridge,sysdig-mcm-navmenu
run: ct install --upgrade --excluded-charts common,sysdig-stackdriver-bridge,sysdig-mcm-navmenu


lint-test-fork:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -139,7 +140,7 @@ jobs:
k3s-version: v1.23.9+k3s1

- name: Run chart-testing (install)
run: ct install --upgrade --excluded-charts sysdig-stackdriver-bridge
run: ct install --upgrade --excluded-charts common,sysdig-stackdriver-bridge,sysdig-mcm-navmenu

- uses: actions/github-script@v6
id: update-check-run
Expand Down
6 changes: 6 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,9 @@ unit-test-rs: deps-unittest
xargs -L1 dirname | \
xargs -I% sh -c \
"helm dependency build % ; helm unittest --strict %"

deps:
find ./charts -name "Chart.yaml" | \
xargs -L1 dirname | \
xargs -I% sh -c \
"helm dependency build %"
11 changes: 11 additions & 0 deletions charts/admission-controller/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,17 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.

## Change Log
# v0.11.2
### Bug Fixes
* **admission-controller** [d03dc2ce](https://github.com/sysdiglabs/charts/commit/d03dc2ce1d7056304b7a1f803bb1dd92e4feb9d4): Make ValidatingWebhookConfiguration part of the resource lifecycle ([#1217](https://github.com/sysdiglabs/charts/issues/1217))
# v0.11.1
### Bug Fixes
* **common** [0e37805f](https://github.com/sysdiglabs/charts/commit/0e37805f0190b74b53f7d9b47e5528009f58aa4b): add missing CHANGELOG file and bump version ([#1223](https://github.com/sysdiglabs/charts/issues/1223))
### New Features
* **admission-controller,agent,common,kspm-collector,node-analyzer,rapid-response,sysdig-deploy** [47483bc0](https://github.com/sysdiglabs/charts/commit/47483bc0d5f872bc6d406a48491ac930d1d75f8f): Improve region resolution in all charts ([#946](https://github.com/sysdiglabs/charts/issues/946))
# v0.10.0
### New Features
* **admission-controller, sysdig-deploy** [120a3676](https://github.com/sysdiglabs/charts/commit/120a3676b81af7c22e21517ddca3be6039b7aa6c): Add logic to toggle enable/disable HPA and set replica count based on that value. ([#1204](https://github.com/sysdiglabs/charts/issues/1204))
# v0.9.0
### New Features
* **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170))
Expand Down
7 changes: 6 additions & 1 deletion charts/admission-controller/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: admission-controller
description: Sysdig Admission Controller using Sysdig Secure inline image scanner
type: application
version: 0.9.0
version: 0.11.2
appVersion: 3.9.22
home: https://sysdiglabs.github.io/admission-controller/
icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
Expand All @@ -17,3 +17,8 @@ maintainers:
email: [email protected]
- name: jprieto92
email: [email protected]
dependencies:
- name: common
# repository: https://charts.sysdig.com
repository: file://../common
version: ~1.0.1
9 changes: 5 additions & 4 deletions charts/admission-controller/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.9.0 \
--create-namespace -n sysdig-admission-controller --version=0.11.2 \
--set clusterName=CLUSTER_NAME \
--set sysdig.secureAPIToken=SECURE_API_TOKEN
```
Expand Down Expand Up @@ -55,7 +55,7 @@ This chart deploys the Sysdig Admission Controller on a [Kubernetes](http://kube
To install the chart with the release name `admission-controller`:

```console
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.9.0
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.2
```

The command deploys the Sysdig Admission Controller on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
Expand Down Expand Up @@ -130,6 +130,7 @@ The following table lists the configurable parameters of the `admission-controll
| webhook.hostNetwork | Specifies if the webhook should be started in hostNetwork mode. <br/>This is required if using a custom CNI where the managed control plane nodes are unable to initiate network connections to the pods, for example using Calico CNI plugin on EKS. <br/>This is not required or recommended in most contexts. | <code>false</code> |
| webhook.imagePullSecrets | The image pull secrets for webhook | <code>[]</code> |
| webhook.resources | Resource request and limits for webhook | <code>{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}}</code> |
| webhook.autoscaling.enabled | Enable horizontal pod autoscaling | <code>true</code> |
| webhook.autoscaling.minReplicas | Min replicas to use while autoscaling the webhook | <code>2</code> |
| webhook.autoscaling.maxReplicas | Max replicas to use while autoscaling the webhook | <code>5</code> |
| webhook.autoscaling.targetCPUUtilizationPercentage | Target CPU to use when the number of replicas must be increased | <code>80</code> |
Expand Down Expand Up @@ -183,7 +184,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `

```console
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.9.0 \
--create-namespace -n sysdig-admission-controller --version=0.11.2 \
--set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
```

Expand All @@ -192,7 +193,7 @@ installing the chart. For example:

```console
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.9.0 \
--create-namespace -n sysdig-admission-controller --version=0.11.2 \
--values values.yaml
```

Expand Down
7 changes: 3 additions & 4 deletions charts/admission-controller/RELEASE-NOTES.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
# What's Changed

### New Features
- **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170))

#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.8.6...admission-controller-0.9.0
### Bug Fixes
- **admission-controller** [d03dc2ce](https://github.com/sysdiglabs/charts/commit/d03dc2ce1d7056304b7a1f803bb1dd92e4feb9d4): Make ValidatingWebhookConfiguration part of the resource lifecycle ([#1217](https://github.com/sysdiglabs/charts/issues/1217))
#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.11.1...admission-controller-0.11.2
14 changes: 2 additions & 12 deletions charts/admission-controller/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,18 +116,8 @@ Determine Secure endpoint based on provided region or .Values.sysdig.apiEndpoint
{{- define "admissionController.apiEndpoint" -}}
{{- if (or .Values.sysdig.apiEndpoint (eq .Values.global.sysdig.region "custom")) -}}
{{- required "A valid Sysdig API endpoint (.sysdig.apiEndpoint) is required" .Values.sysdig.apiEndpoint -}}
{{- else if (eq .Values.global.sysdig.region "us1") -}}
{{- "secure.sysdig.com" -}}
{{- else if (eq .Values.global.sysdig.region "us2") -}}
{{- "us2.app.sysdig.com" -}}
{{- else if (eq .Values.global.sysdig.region "us3") -}}
{{- "app.us3.sysdig.com" -}}
{{- else if (eq .Values.global.sysdig.region "us4") -}}
{{- "app.us4.sysdig.com" -}}
{{- else if (eq .Values.global.sysdig.region "eu1") -}}
{{- "eu1.app.sysdig.com" -}}
{{- else if (eq .Values.global.sysdig.region "au1") -}}
{{- "app.au1.sysdig.com" -}}
{{- else if hasKey ((include "sysdig.regions" .) | fromYaml) .Values.global.sysdig.region }}
{{- include "sysdig.secureApiEndpoint" . }}
{{- end -}}
{{- end -}}

Expand Down
7 changes: 7 additions & 0 deletions charts/admission-controller/templates/webhook/admissionregistration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ so the template is executed just once
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ include "admissionController.webhook.fullname" . }}
namespace: {{ include "admissionController.namespace" . }}
webhooks: []
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ include "admissionController.webhook.fullname" . }}
namespace: {{ include "admissionController.namespace" . }}
Expand Down
2 changes: 2 additions & 0 deletions charts/admission-controller/templates/webhook/autoscaler.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.webhook.autoscaling.enabled }}
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
Expand All @@ -11,3 +12,4 @@ spec:
kind: Deployment
name: {{ include "admissionController.webhook.fullname" . }}
targetCPUUtilizationPercentage: {{ .Values.webhook.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/admission-controller/templates/webhook/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ metadata:
labels:
{{- include "admissionController.webhook.labels" . | nindent 4 }}
spec:
{{- if not .Values.webhook.autoscaling.enabled }}
replicas: {{ .Values.webhook.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "admissionController.webhook.selectorLabels" . | nindent 6 }}
Expand Down
26 changes: 26 additions & 0 deletions charts/admission-controller/tests/conditional_flag_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,29 @@ tests:
kind: PodMonitor
apiVersion: monitoring.coreos.com/v1
template: webhook/podmonitor.yaml

- it: Checking if replica count is not set when HPA is enabled
set:
webhook:
autoscaling:
enabled: true
clusterName: test-k8s
sysdig:
secureAPIToken: standard_token
asserts:
- isNull:
path: spec.replicas
template: webhook/deployment.yaml

- it: Checking if replica count is set when HPA is disabled
set:
webhook:
autoscaling:
enabled: false
clusterName: test-k8s
sysdig:
secureAPIToken: standard_token
asserts:
- isNotNull:
path: spec.replicas
template: webhook/deployment.yaml
2 changes: 2 additions & 0 deletions charts/admission-controller/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,8 @@ webhook:
memory: 256Mi

autoscaling:
# Enable horizontal pod autoscaling
enabled: true
# Min replicas to use while autoscaling the webhook
minReplicas: 2
# Max replicas to use while autoscaling the webhook
Expand Down
11 changes: 11 additions & 0 deletions charts/agent/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,17 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.

## Change Log
# v1.10.3
### New Features
* **agent** [07b8704c](https://github.com/sysdiglabs/charts/commit/07b8704cafb51b2dab6e99cac0e3fd6b4ad2449f): lower default cpu requests for kmodule container ([#1230](https://github.com/sysdiglabs/charts/issues/1230))
# v1.10.2
### Bug Fixes
* **agent** [0eee32a2](https://github.com/sysdiglabs/charts/commit/0eee32a2d85d65924df2c964e431b2bb1a78b5fc): trim newlines when applying nodeSelectors in delegatedAgentDeployments ([#1159](https://github.com/sysdiglabs/charts/issues/1159))
# v1.10.1
### Bug Fixes
* **common** [0e37805f](https://github.com/sysdiglabs/charts/commit/0e37805f0190b74b53f7d9b47e5528009f58aa4b): add missing CHANGELOG file and bump version ([#1223](https://github.com/sysdiglabs/charts/issues/1223))
### New Features
* **admission-controller,agent,common,kspm-collector,node-analyzer,rapid-response,sysdig-deploy** [47483bc0](https://github.com/sysdiglabs/charts/commit/47483bc0d5f872bc6d406a48491ac930d1d75f8f): Improve region resolution in all charts ([#946](https://github.com/sysdiglabs/charts/issues/946))
# v1.9.2
# v1.9.1
### Chores
Expand Down
8 changes: 6 additions & 2 deletions charts/agent/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ description: Sysdig Monitor and Secure agent
type: application

# currently matching sysdig 1.14.32
version: 1.9.2
version: 1.10.3

appVersion: 12.15.0

Expand All @@ -26,4 +26,8 @@ maintainers:
email: [email protected]
- name: lilx1ao
email: [email protected]
dependencies: []
dependencies:
- name: common
# repository: https://charts.sysdig.com
repository: file://../common
version: ~1.0.1
Loading

0 comments on commit ee05217

Please sign in to comment.