diff --git a/.chglog/RELEASE.tpl.md b/.chglog/RELEASE.tpl.md
index 37c015945..ce19a9711 100644
--- a/.chglog/RELEASE.tpl.md
+++ b/.chglog/RELEASE.tpl.md
@@ -2,7 +2,7 @@
{{ if .Versions -}}
{{ range .Versions }}
{{ range .CommitGroups -}}
-{{- if not (eq "Ignored" .Title ) -}}
+{{ if not (eq "Ignored" .Title ) -}}
### {{ .Title }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}** {{ end }}[{{.Hash.Short}}]({{ $.Info.RepositoryURL }}/commit/{{ .Hash.Long }}): {{ .Subject }}
@@ -14,17 +14,15 @@
{{ end -}}
{{ end -}}
{{ end -}}
-
-{{- if .OtherCommits -}}
+{{ if .OtherCommits -}}
### Others
-{{ range .OtherCommits -}}
+{{- range .OtherCommits -}}
- [{{.Hash.Short}}]({{ $.Info.RepositoryURL }}/commit/{{ .Hash.Long }})
{{ end -}}
{{ end -}}
{{ end -}}
-
{{- if .Versions }}
-{{ range .Versions -}}
+{{- range .Versions -}}
{{ if .Tag.Previous -}}
#### Full diff: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
{{ end -}}
diff --git a/.github/workflows/helm-unit-test.yaml b/.github/workflows/helm-unit-test.yaml
index a3c5fbab5..bae31259e 100644
--- a/.github/workflows/helm-unit-test.yaml
+++ b/.github/workflows/helm-unit-test.yaml
@@ -19,8 +19,8 @@ jobs:
- name: Set up helm unit test plugin
run: helm plugin install https://github.com/helm-unittest/helm-unittest --version=0.3.0
- - name: Bundle sysdig-deploy dependencies
- run: helm dependency build ./charts/sysdig-deploy
+ - name: Bundle chart dependencies
+ run: make deps
- name: Test admission-controller
run: helm unittest --strict ./charts/admission-controller
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
index d6e48529d..2df9ae588 100644
--- a/.github/workflows/lint-test.yaml
+++ b/.github/workflows/lint-test.yaml
@@ -73,7 +73,8 @@ jobs:
k3s-version: v1.23.9+k3s1
- name: Run chart-testing (install)
- run: ct install --upgrade --excluded-charts sysdig-stackdriver-bridge,sysdig-mcm-navmenu
+ run: ct install --upgrade --excluded-charts common,sysdig-stackdriver-bridge,sysdig-mcm-navmenu
+
lint-test-fork:
runs-on: ubuntu-latest
@@ -139,7 +140,7 @@ jobs:
k3s-version: v1.23.9+k3s1
- name: Run chart-testing (install)
- run: ct install --upgrade --excluded-charts sysdig-stackdriver-bridge
+ run: ct install --upgrade --excluded-charts common,sysdig-stackdriver-bridge,sysdig-mcm-navmenu
- uses: actions/github-script@v6
id: update-check-run
diff --git a/Makefile b/Makefile
index a1b362df2..b4e605fdf 100644
--- a/Makefile
+++ b/Makefile
@@ -27,3 +27,9 @@ unit-test-rs: deps-unittest
xargs -L1 dirname | \
xargs -I% sh -c \
"helm dependency build % ; helm unittest --strict %"
+
+deps:
+ find ./charts -name "Chart.yaml" | \
+ xargs -L1 dirname | \
+ xargs -I% sh -c \
+ "helm dependency build %"
diff --git a/charts/admission-controller/CHANGELOG.md b/charts/admission-controller/CHANGELOG.md
index 433b5d576..11a37cf8b 100644
--- a/charts/admission-controller/CHANGELOG.md
+++ b/charts/admission-controller/CHANGELOG.md
@@ -10,6 +10,17 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v0.11.2
+### Bug Fixes
+* **admission-controller** [d03dc2ce](https://github.com/sysdiglabs/charts/commit/d03dc2ce1d7056304b7a1f803bb1dd92e4feb9d4): Make ValidatingWebhookConfiguration part of the resource lifecycle ([#1217](https://github.com/sysdiglabs/charts/issues/1217))
+# v0.11.1
+### Bug Fixes
+* **common** [0e37805f](https://github.com/sysdiglabs/charts/commit/0e37805f0190b74b53f7d9b47e5528009f58aa4b): add missing CHANGELOG file and bump version ([#1223](https://github.com/sysdiglabs/charts/issues/1223))
+### New Features
+* **admission-controller,agent,common,kspm-collector,node-analyzer,rapid-response,sysdig-deploy** [47483bc0](https://github.com/sysdiglabs/charts/commit/47483bc0d5f872bc6d406a48491ac930d1d75f8f): Improve region resolution in all charts ([#946](https://github.com/sysdiglabs/charts/issues/946))
+# v0.10.0
+### New Features
+* **admission-controller, sysdig-deploy** [120a3676](https://github.com/sysdiglabs/charts/commit/120a3676b81af7c22e21517ddca3be6039b7aa6c): Add logic to toggle enable/disable HPA and set replica count based on that value. ([#1204](https://github.com/sysdiglabs/charts/issues/1204))
# v0.9.0
### New Features
* **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170))
diff --git a/charts/admission-controller/Chart.yaml b/charts/admission-controller/Chart.yaml
index abd9a17df..3b4f3f4ad 100644
--- a/charts/admission-controller/Chart.yaml
+++ b/charts/admission-controller/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: admission-controller
description: Sysdig Admission Controller using Sysdig Secure inline image scanner
type: application
-version: 0.9.0
+version: 0.11.2
appVersion: 3.9.22
home: https://sysdiglabs.github.io/admission-controller/
icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
@@ -17,3 +17,8 @@ maintainers:
email: miguel.baztan@sysdig.com
- name: jprieto92
email: javier.prieto@sysdig.com
+dependencies:
+ - name: common
+ # repository: https://charts.sysdig.com
+ repository: file://../common
+ version: ~1.0.1
diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md
index da44913cb..8ccf7b158 100644
--- a/charts/admission-controller/README.md
+++ b/charts/admission-controller/README.md
@@ -23,7 +23,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
- --create-namespace -n sysdig-admission-controller --version=0.9.0 \
+ --create-namespace -n sysdig-admission-controller --version=0.11.2 \
--set clusterName=CLUSTER_NAME \
--set sysdig.secureAPIToken=SECURE_API_TOKEN
```
@@ -55,7 +55,7 @@ This chart deploys the Sysdig Admission Controller on a [Kubernetes](http://kube
To install the chart with the release name `admission-controller`:
```console
-$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.9.0
+$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.2
```
The command deploys the Sysdig Admission Controller on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -130,6 +130,7 @@ The following table lists the configurable parameters of the `admission-controll
| webhook.hostNetwork | Specifies if the webhook should be started in hostNetwork mode.
This is required if using a custom CNI where the managed control plane nodes are unable to initiate network connections to the pods, for example using Calico CNI plugin on EKS.
This is not required or recommended in most contexts. | false |
| webhook.imagePullSecrets | The image pull secrets for webhook | [] |
| webhook.resources | Resource request and limits for webhook | {"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}} |
+| webhook.autoscaling.enabled | Enable horizontal pod autoscaling | true |
| webhook.autoscaling.minReplicas | Min replicas to use while autoscaling the webhook | 2 |
| webhook.autoscaling.maxReplicas | Max replicas to use while autoscaling the webhook | 5 |
| webhook.autoscaling.targetCPUUtilizationPercentage | Target CPU to use when the number of replicas must be increased | 80 |
@@ -183,7 +184,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
```console
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
- --create-namespace -n sysdig-admission-controller --version=0.9.0 \
+ --create-namespace -n sysdig-admission-controller --version=0.11.2 \
--set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
```
@@ -192,7 +193,7 @@ installing the chart. For example:
```console
$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
- --create-namespace -n sysdig-admission-controller --version=0.9.0 \
+ --create-namespace -n sysdig-admission-controller --version=0.11.2 \
--values values.yaml
```
diff --git a/charts/admission-controller/RELEASE-NOTES.md b/charts/admission-controller/RELEASE-NOTES.md
index 748a0ac51..772fc3731 100644
--- a/charts/admission-controller/RELEASE-NOTES.md
+++ b/charts/admission-controller/RELEASE-NOTES.md
@@ -1,6 +1,5 @@
# What's Changed
-### New Features
-- **admission-controller,agent,cloud-bench,cloud-connector,cloud-scanning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,registry-scanner,sysdig,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge** [5d99a03d](https://github.com/sysdiglabs/charts/commit/5d99a03dced132b4771dde1ce5b90b63c518b408): use a PGP private key to sign charts on release ([#1170](https://github.com/sysdiglabs/charts/issues/1170))
-
-#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.8.6...admission-controller-0.9.0
+### Bug Fixes
+- **admission-controller** [d03dc2ce](https://github.com/sysdiglabs/charts/commit/d03dc2ce1d7056304b7a1f803bb1dd92e4feb9d4): Make ValidatingWebhookConfiguration part of the resource lifecycle ([#1217](https://github.com/sysdiglabs/charts/issues/1217))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.11.1...admission-controller-0.11.2
diff --git a/charts/admission-controller/templates/_helpers.tpl b/charts/admission-controller/templates/_helpers.tpl
index 70a6f2bc2..737137669 100644
--- a/charts/admission-controller/templates/_helpers.tpl
+++ b/charts/admission-controller/templates/_helpers.tpl
@@ -116,18 +116,8 @@ Determine Secure endpoint based on provided region or .Values.sysdig.apiEndpoint
{{- define "admissionController.apiEndpoint" -}}
{{- if (or .Values.sysdig.apiEndpoint (eq .Values.global.sysdig.region "custom")) -}}
{{- required "A valid Sysdig API endpoint (.sysdig.apiEndpoint) is required" .Values.sysdig.apiEndpoint -}}
- {{- else if (eq .Values.global.sysdig.region "us1") -}}
- {{- "secure.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us2") -}}
- {{- "us2.app.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us3") -}}
- {{- "app.us3.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us4") -}}
- {{- "app.us4.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "eu1") -}}
- {{- "eu1.app.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "au1") -}}
- {{- "app.au1.sysdig.com" -}}
+ {{- else if hasKey ((include "sysdig.regions" .) | fromYaml) .Values.global.sysdig.region }}
+ {{- include "sysdig.secureApiEndpoint" . }}
{{- end -}}
{{- end -}}
diff --git a/charts/admission-controller/templates/webhook/admissionregistration.yaml b/charts/admission-controller/templates/webhook/admissionregistration.yaml
index 6ecdc5b85..ea81150bb 100644
--- a/charts/admission-controller/templates/webhook/admissionregistration.yaml
+++ b/charts/admission-controller/templates/webhook/admissionregistration.yaml
@@ -7,6 +7,13 @@ so the template is executed just once
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
+metadata:
+ name: {{ include "admissionController.webhook.fullname" . }}
+ namespace: {{ include "admissionController.namespace" . }}
+webhooks: []
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
metadata:
name: {{ include "admissionController.webhook.fullname" . }}
namespace: {{ include "admissionController.namespace" . }}
diff --git a/charts/admission-controller/templates/webhook/autoscaler.yaml b/charts/admission-controller/templates/webhook/autoscaler.yaml
index d69c70bd8..02a7eb162 100644
--- a/charts/admission-controller/templates/webhook/autoscaler.yaml
+++ b/charts/admission-controller/templates/webhook/autoscaler.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.webhook.autoscaling.enabled }}
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
@@ -11,3 +12,4 @@ spec:
kind: Deployment
name: {{ include "admissionController.webhook.fullname" . }}
targetCPUUtilizationPercentage: {{ .Values.webhook.autoscaling.targetCPUUtilizationPercentage }}
+{{- end }}
diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml
index 3161330f5..a89547eba 100644
--- a/charts/admission-controller/templates/webhook/deployment.yaml
+++ b/charts/admission-controller/templates/webhook/deployment.yaml
@@ -6,7 +6,9 @@ metadata:
labels:
{{- include "admissionController.webhook.labels" . | nindent 4 }}
spec:
+ {{- if not .Values.webhook.autoscaling.enabled }}
replicas: {{ .Values.webhook.replicaCount }}
+ {{- end }}
selector:
matchLabels:
{{- include "admissionController.webhook.selectorLabels" . | nindent 6 }}
diff --git a/charts/admission-controller/tests/conditional_flag_test.yaml b/charts/admission-controller/tests/conditional_flag_test.yaml
index e564647ef..865e9df08 100644
--- a/charts/admission-controller/tests/conditional_flag_test.yaml
+++ b/charts/admission-controller/tests/conditional_flag_test.yaml
@@ -65,3 +65,29 @@ tests:
kind: PodMonitor
apiVersion: monitoring.coreos.com/v1
template: webhook/podmonitor.yaml
+
+ - it: Checking if replica count is not set when HPA is enabled
+ set:
+ webhook:
+ autoscaling:
+ enabled: true
+ clusterName: test-k8s
+ sysdig:
+ secureAPIToken: standard_token
+ asserts:
+ - isNull:
+ path: spec.replicas
+ template: webhook/deployment.yaml
+
+ - it: Checking if replica count is set when HPA is disabled
+ set:
+ webhook:
+ autoscaling:
+ enabled: false
+ clusterName: test-k8s
+ sysdig:
+ secureAPIToken: standard_token
+ asserts:
+ - isNotNull:
+ path: spec.replicas
+ template: webhook/deployment.yaml
diff --git a/charts/admission-controller/values.yaml b/charts/admission-controller/values.yaml
index ae91fa792..081bef3e6 100644
--- a/charts/admission-controller/values.yaml
+++ b/charts/admission-controller/values.yaml
@@ -206,6 +206,8 @@ webhook:
memory: 256Mi
autoscaling:
+ # Enable horizontal pod autoscaling
+ enabled: true
# Min replicas to use while autoscaling the webhook
minReplicas: 2
# Max replicas to use while autoscaling the webhook
diff --git a/charts/agent/CHANGELOG.md b/charts/agent/CHANGELOG.md
index fc5338948..6cb90440c 100644
--- a/charts/agent/CHANGELOG.md
+++ b/charts/agent/CHANGELOG.md
@@ -10,6 +10,17 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v1.10.3
+### New Features
+* **agent** [07b8704c](https://github.com/sysdiglabs/charts/commit/07b8704cafb51b2dab6e99cac0e3fd6b4ad2449f): lower default cpu requests for kmodule container ([#1230](https://github.com/sysdiglabs/charts/issues/1230))
+# v1.10.2
+### Bug Fixes
+* **agent** [0eee32a2](https://github.com/sysdiglabs/charts/commit/0eee32a2d85d65924df2c964e431b2bb1a78b5fc): trim newlines when applying nodeSelectors in delegatedAgentDeployments ([#1159](https://github.com/sysdiglabs/charts/issues/1159))
+# v1.10.1
+### Bug Fixes
+* **common** [0e37805f](https://github.com/sysdiglabs/charts/commit/0e37805f0190b74b53f7d9b47e5528009f58aa4b): add missing CHANGELOG file and bump version ([#1223](https://github.com/sysdiglabs/charts/issues/1223))
+### New Features
+* **admission-controller,agent,common,kspm-collector,node-analyzer,rapid-response,sysdig-deploy** [47483bc0](https://github.com/sysdiglabs/charts/commit/47483bc0d5f872bc6d406a48491ac930d1d75f8f): Improve region resolution in all charts ([#946](https://github.com/sysdiglabs/charts/issues/946))
# v1.9.2
# v1.9.1
### Chores
diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
index 911db55b5..22c99f7d5 100644
--- a/charts/agent/Chart.yaml
+++ b/charts/agent/Chart.yaml
@@ -5,7 +5,7 @@ description: Sysdig Monitor and Secure agent
type: application
# currently matching sysdig 1.14.32
-version: 1.9.2
+version: 1.10.3
appVersion: 12.15.0
@@ -26,4 +26,8 @@ maintainers:
email: adam.roberts@sysdig.com
- name: lilx1ao
email: zhongcheng.xiao@sysdig.com
-dependencies: []
+dependencies:
+ - name: common
+ # repository: https://charts.sysdig.com
+ repository: file://../common
+ version: ~1.0.1
diff --git a/charts/agent/README.md b/charts/agent/README.md
index 3bd3ae3e1..44fb94cd2 100644
--- a/charts/agent/README.md
+++ b/charts/agent/README.md
@@ -139,7 +139,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `slim.image.repository` | Specifies the slim agent image repository. | `sysdig/agent-slim` |
| `slim.kmoduleImage.repository` | Specifies the repository to pull the kernel module image builder from. | `sysdig/agent-kmodule` |
| `slim.kmoduleImage.digest` | Specifies the image digest to pull. | ` ` |
-| `slim.resources.requests.cpu` | Specifies the CPU requested for building the kernel module. | `1000m` |
+| `slim.resources.requests.cpu` | Specifies the CPU requested for building the kernel module. | `250m` |
| `slim.resources.requests.memory` | Specifies the memory requested for building the kernel module. | `348Mi` |
| `slim.resources.limits.cpu` | Specifies the CPU limit for building the kernel module | `1000m` |
| `slim.resources.limits.memory` | Specifies the memory limit for building the kernel module. | `512Mi` |
diff --git a/charts/agent/RELEASE-NOTES.md b/charts/agent/RELEASE-NOTES.md
index 40efa9904..969a81301 100644
--- a/charts/agent/RELEASE-NOTES.md
+++ b/charts/agent/RELEASE-NOTES.md
@@ -1,4 +1,5 @@
# What's Changed
-
-#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.9.1...agent-1.9.2
+### New Features
+- **agent** [07b8704c](https://github.com/sysdiglabs/charts/commit/07b8704cafb51b2dab6e99cac0e3fd6b4ad2449f): lower default cpu requests for kmodule container ([#1230](https://github.com/sysdiglabs/charts/issues/1230))
+#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.10.2...agent-1.10.3
diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
index d3614788e..53ee1f6ff 100644
--- a/charts/agent/templates/_helpers.tpl
+++ b/charts/agent/templates/_helpers.tpl
@@ -247,19 +247,9 @@ Determine collector endpoint based on provided region
{{- define "agent.collectorEndpoint" -}}
{{- if (or .Values.collectorSettings.collectorHost (eq .Values.global.sysdig.region "custom")) -}}
{{- required "collectorSettings.collectorHost is required for custom regions" (.Values.collectorSettings.collectorHost) -}}
- {{- else if (eq .Values.global.sysdig.region "us1") -}}
- {{- "collector.sysdigcloud.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us2") -}}
- {{- "ingest-us2.app.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us3") -}}
- {{- "ingest.us3.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us4") -}}
- {{- "ingest.us4.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "eu1") -}}
- {{- "ingest-eu1.app.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "au1") -}}
- {{- "ingest.au1.sysdig.com" -}}
- {{- else -}}
+ {{- else if hasKey ((include "sysdig.regions" .) | fromYaml) .Values.global.sysdig.region }}
+ {{- include "sysdig.collectorEndpoint" . }}
+ {{- else }}
{{- fail (printf "global.sysdig.region=%s provided is not recognized." .Values.global.sysdig.region ) -}}
{{- end -}}
{{- end -}}
@@ -270,18 +260,8 @@ Determine sysdig monitor endpoint based on provided region
{{- define "monitorUrl" -}}
{{- if (or .Values.collectorSettings.collectorHost (eq .Values.global.sysdig.region "custom")) -}}
{{- required "collectorSettings.collectorHost is required for custom regions" (.Values.collectorSettings.collectorHost) -}}
- {{- else if (eq .Values.global.sysdig.region "us1") -}}
- {{- "app.sysdigcloud.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us2") -}}
- {{- "us2.app.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us3") -}}
- {{- "app.us3.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us4") -}}
- {{- "app.us4.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "eu1") -}}
- {{- "eu1.app.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "au1") -}}
- {{- "app.au1.sysdig.com" -}}
+ {{- else if hasKey ((include "sysdig.regions" .) | fromYaml) .Values.global.sysdig.region }}
+ {{- include "sysdig.monitorApiEndpoint" . }}
{{- else -}}
{{- fail (printf "global.sysdig.region=%s provided is not recognized." .Values.global.sysdig.region ) -}}
{{- end -}}
@@ -293,18 +273,8 @@ Determine sysdig secure endpoint based on provided region
{{- define "secureUrl" -}}
{{- if (or .Values.collectorSettings.collectorHost (eq .Values.global.sysdig.region "custom")) -}}
{{- required "collectorSettings.collectorHost is required for custom regions" (.Values.collectorSettings.collectorHost) -}}
- {{- else if (eq .Values.global.sysdig.region "us1") -}}
- {{- "secure.sysdig.com" -}}
- {{- else if (eq .Values.global.sysdig.region "us2") -}}
- {{- "us2.app.sysdig.com/secure" -}}
- {{- else if (eq .Values.global.sysdig.region "us3") -}}
- {{- "app.us3.sysdig.com/secure" -}}
- {{- else if (eq .Values.global.sysdig.region "us4") -}}
- {{- "app.us4.sysdig.com/secure" -}}
- {{- else if (eq .Values.global.sysdig.region "eu1") -}}
- {{- "eu1.app.sysdig.com/secure" -}}
- {{- else if (eq .Values.global.sysdig.region "au1") -}}
- {{- "app.au1.sysdig.com/secure" -}}
+ {{- else if hasKey ((include "sysdig.regions" .) | fromYaml) .Values.global.sysdig.region -}}
+ {{- include "sysdig.secureUi" . }}
{{- else -}}
{{- fail (printf "global.sysdig.region=%s provided is not recognized." .Values.global.sysdig.region ) -}}
{{- end -}}
diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml
index 03fc87295..6814f0fd0 100644
--- a/charts/agent/templates/deployment.yaml
+++ b/charts/agent/templates/deployment.yaml
@@ -26,7 +26,7 @@ spec:
spec:
{{- if .Values.delegatedAgentDeployment.deployment.nodeSelector }}
nodeSelector:
- {{ toYaml .Values.delegatedAgentDeployment.deployment.nodeSelector | nindent 8 }}
+ {{- toYaml .Values.delegatedAgentDeployment.deployment.nodeSelector | nindent 8 }}
{{- end }}
affinity:
{{- if .Values.delegatedAgentDeployment.deployment.affinity }}
diff --git a/charts/agent/tests/api_endpoint_region_test.yaml b/charts/agent/tests/api_endpoint_region_test.yaml
index 82cc6e103..4aa7db18a 100644
--- a/charts/agent/tests/api_endpoint_region_test.yaml
+++ b/charts/agent/tests/api_endpoint_region_test.yaml
@@ -1,4 +1,4 @@
-suite: Test agent configmap collector value set by api_endpoint for all regions (us1,us2,us3,us4,eu1,au1)
+suite: Test agent configmap collector value set by api_endpoint for all regions
templates:
- templates/configmap.yaml
tests:
@@ -70,6 +70,438 @@ tests:
path: data['dragent.yaml']
pattern: .*ingest\.au1\.sysdig\.com.*
+ - it: Checking region 'au-syd-monitor'
+ set:
+ global:
+ sysdig:
+ region: au-syd-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.au-syd.monitoring.cloud.ibm.com
+
+ - it: Checking region 'br-sao-monitor'
+ set:
+ global:
+ sysdig:
+ region: br-sao-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.br-sao.monitoring.cloud.ibm.com
+
+ - it: Checking region 'ca-tor-monitor'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.ca-tor.monitoring.cloud.ibm.com
+
+ - it: Checking region 'eu-de-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-de-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.eu-de.monitoring.cloud.ibm.com
+
+ - it: Checking region 'eu-gb-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.eu-gb.monitoring.cloud.ibm.com
+
+ - it: Checking region 'jp-osa-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.jp-osa.monitoring.cloud.ibm.com
+
+ - it: Checking region 'jp-tok-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.jp-tok.monitoring.cloud.ibm.com
+
+ - it: Checking region 'us-east-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-east-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.us-east.monitoring.cloud.ibm.com
+
+ - it: Checking region 'us-south-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-south-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.us-south.monitoring.cloud.ibm.com
+
+ - it: Checking region 'au-syd-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: au-syd-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.au-syd.monitoring.cloud.ibm.com
+
+ - it: Checking region 'br-sao-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: br-sao-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.br-sao.monitoring.cloud.ibm.com
+
+ - it: Checking region 'ca-tor-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.ca-tor.monitoring.cloud.ibm.com
+
+ - it: Checking region 'eu-de-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-de-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.eu-de.monitoring.cloud.ibm.com
+
+ - it: Checking region 'eu-gb-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.eu-gb.monitoring.cloud.ibm.com
+
+ - it: Checking region 'jp-osa-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.jp-osa.monitoring.cloud.ibm.com
+
+ - it: Checking region 'jp-tok-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.jp-tok.monitoring.cloud.ibm.com
+
+ - it: Checking region 'us-east-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-east-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.us-east.monitoring.cloud.ibm.com
+
+ - it: Checking region 'us-south-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-south-private-monitor
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.us-south.monitoring.cloud.ibm.com
+
+ - it: Checking region 'au-syd-secure'
+ set:
+ global:
+ sysdig:
+ region: au-syd-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.au-syd.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'br-sao-secure'
+ set:
+ global:
+ sysdig:
+ region: br-sao-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.br-sao.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'ca-tor-secure'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.ca-tor.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'eu-de-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-de-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.eu-de.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'eu-gb-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.eu-gb.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'jp-osa-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.jp-osa.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'jp-tok-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.jp-tok.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'us-east-secure'
+ set:
+ global:
+ sysdig:
+ region: us-east-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.us-east.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'us-south-secure'
+ set:
+ global:
+ sysdig:
+ region: us-south-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.us-south.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'au-syd-private-secure'
+ set:
+ global:
+ sysdig:
+ region: au-syd-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.au-syd.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'br-sao-private-secure'
+ set:
+ global:
+ sysdig:
+ region: br-sao-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.br-sao.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'ca-tor-private-secure'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.ca-tor.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'eu-de-private-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-de-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.eu-de.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'eu-gb-private-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.eu-gb.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'jp-osa-private-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.jp-osa.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'jp-tok-private-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.jp-tok.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'us-east-private-secure'
+ set:
+ global:
+ sysdig:
+ region: us-east-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.us-east.security-compliance-secure.cloud.ibm.com
+
+ - it: Checking region 'us-south-private-secure'
+ set:
+ global:
+ sysdig:
+ region: us-south-private-secure
+ asserts:
+ - isKind:
+ of: ConfigMap
+ - matchRegex:
+ path: data['dragent.yaml']
+ pattern: ingest.private.us-south.security-compliance-secure.cloud.ibm.com
+
- it: Checking wrong region input
set:
global:
diff --git a/charts/agent/tests/notes_test.yaml b/charts/agent/tests/notes_test.yaml
index b540924fa..045968808 100644
--- a/charts/agent/tests/notes_test.yaml
+++ b/charts/agent/tests/notes_test.yaml
@@ -1,4 +1,4 @@
-suite: Test links in the notes section for regions (us1,us2,us3,us4,eu1,au1)
+suite: Test links in the notes section for regions
templates:
- templates/NOTES.txt
tests:
@@ -64,6 +64,402 @@ tests:
- matchRegexRaw:
pattern: https://app.au1.sysdig.com/secure/#/data-sources/agents
+ - it: Checking region 'au-syd-monitor'
+ set:
+ global:
+ sysdig:
+ region: au-syd-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://au-syd.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://au-syd.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'br-sao-monitor'
+ set:
+ global:
+ sysdig:
+ region: br-sao-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://br-sao.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://br-sao.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'ca-tor-monitor'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://ca-tor.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://ca-tor.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-de-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-de-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://eu-de.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://eu-de.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-gb-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://eu-gb.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://eu-gb.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-osa-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://jp-osa.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://jp-osa.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-tok-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://jp-tok.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://jp-tok.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-east-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-east-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://us-east.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://us-east.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-south-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-south-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://us-south.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://us-south.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'au-syd-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: au-syd-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.au-syd.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.au-syd.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'br-sao-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: br-sao-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.br-sao.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.br-sao.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'ca-tor-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.ca-tor.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.ca-tor.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-de-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-de-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.eu-de.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.eu-de.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-gb-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.eu-gb.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.eu-gb.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-osa-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.jp-osa.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.jp-osa.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-tok-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.jp-tok.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.jp-tok.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-east-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-east-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.us-east.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.us-east.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-south-private-monitor'
+ set:
+ global:
+ sysdig:
+ region: us-south-private-monitor
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.us-south.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.us-south.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'au-syd-secure'
+ set:
+ global:
+ sysdig:
+ region: au-syd-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://au-syd.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://au-syd.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'br-sao-secure'
+ set:
+ global:
+ sysdig:
+ region: br-sao-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://br-sao.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://br-sao.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'ca-tor-secure'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://ca-tor.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://ca-tor.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-de-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-de-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://eu-de.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://eu-de.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-gb-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://eu-gb.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://eu-gb.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-osa-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://jp-osa.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://jp-osa.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-tok-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://jp-tok.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://jp-tok.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-east-secure'
+ set:
+ global:
+ sysdig:
+ region: us-east-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://us-east.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://us-east.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-south-secure'
+ set:
+ global:
+ sysdig:
+ region: us-south-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://us-south.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://us-south.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'au-syd-private-secure'
+ set:
+ global:
+ sysdig:
+ region: au-syd-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.au-syd.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.au-syd.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'br-sao-private-secure'
+ set:
+ global:
+ sysdig:
+ region: br-sao-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.br-sao.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.br-sao.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'ca-tor-private-secure'
+ set:
+ global:
+ sysdig:
+ region: ca-tor-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.ca-tor.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.ca-tor.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-de-private-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-de-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.eu-de.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.eu-de.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'eu-gb-private-secure'
+ set:
+ global:
+ sysdig:
+ region: eu-gb-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.eu-gb.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.eu-gb.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-osa-private-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-osa-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.jp-osa.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.jp-osa.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'jp-tok-private-secure'
+ set:
+ global:
+ sysdig:
+ region: jp-tok-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.jp-tok.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.jp-tok.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-east-private-secure'
+ set:
+ global:
+ sysdig:
+ region: us-east-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.us-east.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.us-east.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
+ - it: Checking region 'us-south-private-secure'
+ set:
+ global:
+ sysdig:
+ region: us-south-private-secure
+ asserts:
+ - matchRegexRaw:
+ pattern: https://private.us-south.monitoring.cloud.ibm.com/#/dashboard-template/view.sysdig.agents\?last=10
+ - matchRegexRaw:
+ pattern: https://private.us-south.security-compliance-secure.cloud.ibm.com/#/data-sources/agents
+
- it: Checking incorrect region 'ap3' should fail
set:
global:
diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
index 318b4dd0a..5a0e29fc5 100644
--- a/charts/agent/values.yaml
+++ b/charts/agent/values.yaml
@@ -175,7 +175,7 @@ slim:
# a sane defaults ones, but you can tweak or ask Sysdig Support for more
# info about this
requests:
- cpu: 1000m
+ cpu: 250m
memory: 348Mi
limits:
cpu: 1000m
diff --git a/charts/cloud-connector/CHANGELOG.md b/charts/cloud-connector/CHANGELOG.md
index 27e2f5d43..637d3c214 100644
--- a/charts/cloud-connector/CHANGELOG.md
+++ b/charts/cloud-connector/CHANGELOG.md
@@ -11,6 +11,9 @@ exclusively to fix incorrect entries and not to add new ones.
## Change Log
+# v0.8.2
+### Documentation
+* **cloud-connector** [6ad0ef92](https://github.com/sysdiglabs/charts/commit/6ad0ef926ebf7600ba7730c43219036eb1d0b57c): DOC-3215- Update Cloud connector Readme for clarity and correctness ([#1172](https://github.com/sysdiglabs/charts/issues/1172))
# v0.8.1
* fix for "found definition of rule called in append mode before the definition of the actual rule"
diff --git a/charts/cloud-connector/Chart.yaml b/charts/cloud-connector/Chart.yaml
index 17e56019d..62b4d0136 100644
--- a/charts/cloud-connector/Chart.yaml
+++ b/charts/cloud-connector/Chart.yaml
@@ -3,7 +3,7 @@ name: cloud-connector
description: Sysdig Cloud Connector
type: application
-version: 0.8.1
+version: 0.8.2
appVersion: 0.16.43
home: https://sysdiglabs.github.io/cloud-connector
diff --git a/charts/cloud-connector/README.md b/charts/cloud-connector/README.md
index 9b20054f1..a4fe209e2 100644
--- a/charts/cloud-connector/README.md
+++ b/charts/cloud-connector/README.md
@@ -14,57 +14,69 @@ $ pre-commit run -a
# Cloud Connector
-[Cloud Connector](https://docs.sysdig.com/en/docs/installation/sysdig-secure-for-cloud/) - This chart deploys the Sysdig Cloud connector on your Kubernetes cluster to enable threat-detection and image scanning.
+## Overview
+This chart deploys Sysdig Cloud Connector on your Kubernetes cluster, enabling Threat Detection and Image Scanning for the AWS, GCP, and Azure Cloud providers.
-## TL;DR;
-```
-$ helm repo add sysdig https://charts.sysdig.com
-$ helm repo update
-$ helm upgrade --install cloud-connector sysdig/cloud-connector \
- --create-namespace -n cloud-connector --version=0.8.1 \
- --set sysdig.secureAPIToken=SECURE_API_TOKEN
-```
-
-- [Configuration](#configuration)
-- [Configuration Detail](#configuration-detail)
-- [Usage examples](#usage-examples)
-- [Troubleshooting](#troubleshooting)
-
-
-## Introduction
+Use [Cloud Connector](https://docs.sysdig.com/en/docs/installation/sysdig-secure-for-cloud/) only if your Sysdig representative recommends it to you. For the official installation instruction, see [Install Sysdig Secure for Cloud ](https://docs.sysdig.com/en/docs/installation/sysdig-secure-for-cloud/).
-This chart deploys the Sysdig Cloud Connector on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager
-to enable threat-detection and image scanning capabilities for the main three providers: AWS, GCP and Azure.
### Prerequisites
-- Helm 3
+
+- Helm v3
- Sysdig Secure API Token
-### Installing the Chart
+### Installation
-To install the chart with the release name `cloud-connector`:
+To install the chart:
```console
-$ helm upgrade --install cloud-connector sysdig/cloud-connector -n cloud-connector --version=0.8.1
+helm repo add sysdig https://charts.sysdig.com
+helm repo update
+helm upgrade --install cloud-connector sysdig/cloud-connector \
+ --create-namespace -n cloud-connector --version=0.8.2 \
+ --set sysdig.secureAPIToken=
```
-The command deploys the Sysdig Cloud Connector on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+The command deploys the Sysdig Cloud Connector on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the additional parameters that can be configured during installation.
-> **Tip**: List all releases using `helm list -A`
+> **Tip**: Use `helm list -A` to list all the releases.
-### Uninstalling the Chart
+## Configuration
-To uninstall/delete the `cloud-connector`:
+You can use the Helm chart to update the default Cloud Connector configurations by using either of the following:
-```console
-$ helm uninstall cloud-connector -n cloud-connector
+- Using the key-value pair: `--set sysdig.settings.key = value`
+- `values.yaml` file
+
+### Using the Key-Value Pair
+
+Specify each parameter using the `--set key=value[,key=value]` argument to the `helm install`command.
+
+For example:
+
+```bash
+helm upgrade --install cloud-connector sysdig/cloud-connector \
+ --create-namespace -n cloud-connector --version=0.8.2 \
+ --set sysdig.secureAPIToken=
+```
+
+### Using values.yaml
+
+The `values.yaml` file specifies the values for the agent configuration parameters. You can add the configuration to the `values.yaml` file, then use it in the `helm install` command.
+
+For example:
+
+```bash
+helm upgrade --install cloud-connector sysdig/cloud-connector \
+ --create-namespace -n cloud-connector --version=0.8.2 \
+ --values values.yaml
```
-The command removes all the Kubernetes components associated with the chart and deletes the release.
+See the default [`values.yaml`](./values.yaml) file for more information.
### Verify the integrity and origin
Sysdig Helm Charts are signed so users can verify the integrity and origin of each chart, the steps are as follows:
@@ -80,81 +92,61 @@ $ gpg --import /tmp/sysdig_public.gpg
To check the integrity and the origin of the charts you can now append the `--verify` flag to the `install`, `upgrade` and `pull` helm commands.
-## Configuration
+## Configuration Parameters
The following table lists the configurable parameters of the `cloud-connector` chart and their default values.
-| Parameter | Description | Default |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
-| replicaCount | Amount of replicas for Cloud Connector | 1 |
-| image.repository | The image repository to pull from. | quay.io/sysdig/cloud-connector |
-| image.pullPolicy | The image pull policy. | IfNotPresent |
-| image.tag | The image tag (immutable tags are recommended). Overrides the image tag whose default is the chart appVersion. | [] |
-| nameOverride | Chart name override | "" |
-| fullnameOverride | Chart full name override | "" |
-| serviceAccount.create | Create the service account | true |
-| serviceAccount.annotations | Extra annotations for serviceAccount | {} |
-| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | "" |
-| podAnnotations | Pod annotations | {"prometheus.io/path":"/metrics","prometheus.io/port":"5000","prometheus.io/scrape":"true"} |
-| podSecurityContext | Configure deployment PSP's | {} |
-| securityContext | Configure securityContext | {"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true} |
-| service.type | Use this type as service | ClusterIP |
-| service.port | Configure port for the service | 80 |
-| service.labels | Additional labels to specify for the service | {} |
-| resources | Configure resource requests and limits | {} |
-| nodeSelector | Configure nodeSelector for scheduling | {} |
-| tolerations | Tolerations for scheduling | [] |
-| affinity | Configure affinity rules | {} |
-| telemetryDeploymentMethod | Configure deployment source for inner telemetry | "helm" |
-| extraEnvVars | Extra environment variables to be set | [] |
-| aws.accessKeyId | AWS Credentials AccessKeyID | "" |
-| aws.secretAccessKey | AWS Credentials: SecretAccessKey | "" |
-| aws.region | AWS Region | "" |
-| gcpCredentials | GCP Credentials JSON | "" |
-| azure.eventHubConnectionString | Azure EventHub Connection String | "" |
-| azure.eventGridEventHubConnectionString | Azure Event Grid EventHub Connection String | "" |
-| azure.tenantId | Azure service principal tenant id | "" |
-| azure.clientId | Azure service principal client id | "" |
-| azure.clientSecret | Azure service principal client secret | "" |
-| azure.region | Azure region | "" |
-| sysdig.url | Sysdig Secure URL | "https://secure.sysdig.com" |
-| sysdig.secureAPIToken | API Token to access Sysdig Secure | "" |
-| sysdig.verifySSL | Verify SSL certificate | true |
-| existingSecretName | Provide an existing secret name (see details in 'templates/secret.yaml') for the entries it uses. | "" |
-| rules | Rules Section for Cloud Connector | [] |
-| ingestors | Thread-Detection event ingestion configuration ([config](#ingestors)) | [] |
-| scanners | Scanning capabilities configuration ([config](#scanners)) | [] |
-| bruteForceDetection.enabled | Enable Brute Force detection | true |
-| bruteForceDetection.duration | Time window for a bruteforce attack try | 24h |
-| bruteForceDetection.maximumTries | Maximum number of tries for given time window | 10 |
-
-
-Specify each parameter using the **`--set key=value[,key=value]`** argument to `helm upgrade --install`. For example:
-
-```console
-$ helm upgrade --install cloud-connector sysdig/cloud-connector \
- --create-namespace -n cloud-connector --version=0.8.1 \
- --set sysdig.secureAPIToken=YOUR-KEY-HERE
-```
-
-**Alternatively, a YAML file** that specifies the values for the parameters can be provided while
-installing the chart. For example:
+| Parameter | Description | Default |
+|-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
+| replicaCount | The number of replicas for the Cloud Connector. | 1 |
+| image.repository | Sets the image repository to pull from. | quay.io/sysdig/cloud-connector |
+| image.pullPolicy | Sets the image pull policy. | IfNotPresent |
+| image.tag | Sets the image tag. Immutable tags are recommended. Overrides the image tag whose default is the chart appVersion. | [] |
+| nameOverride | Specifies the chart name override. | "" |
+| fullnameOverride | Specifies the chart full name override. | "" |
+| serviceAccount.create | Creates the service account. | true |
+| serviceAccount.annotations | Specifies the additional annotations for serviceAccount. | {} |
+| serviceAccount.name | Sets the name of the service account to use. If not set and create is `true`, a name is generated using the fullname template. | "" |
+| podAnnotations | Pod annotations | {"prometheus.io/path":"/metrics","prometheus.io/port":"5000","prometheus.io/scrape":"true"} |
+| podSecurityContext | Enables deployment PSPs. | {} |
+| securityContext | Enables securityContext. | {"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true} |
+| service.type | Uses this type as a service. | ClusterIP |
+| service.port | Enables the port for the service. | 80 |
+| service.labels | Specifies the additional labels for the service. | {} |
+| resources | Enables resource requests and limits. | {} |
+| nodeSelector | Enables nodeSelector for scheduling. | {} |
+| tolerations | Sets tolerations for scheduling. | [] |
+| affinity | Enables affinity rules. | {} |
+| telemetryDeploymentMethod | Enables deployment source for inner telemetry. | "helm" |
+| extraEnvVars | Specifies additional environment variables to be set. | [] |
+| aws.accessKeyId | Specifies the AWS Credentials AccessKeyID. | "" |
+| aws.secretAccessKey | Specifies the AWS Credentials: `SecretAccessKey`. | "" |
+| aws.region | Specifies the AWS Region. | "" |
+| gcpCredentials | Specifies the GCP credentials in JSON. | "" |
+| azure.eventHubConnectionString | Specifies the Azure EventHub connection string. | "" |
+| azure.eventGridEventHubConnectionString | Specifies the Azure Event Grid EventHub connection string. | "" |
+| azure.tenantId | Specifies the Azure service principal tenant ID. | "" |
+| azure.clientId | Specifies the Azure service principal client ID. | "" |
+| azure.clientSecret | Specifies the Azure service principal client secret. | "" |
+| azure.region | Specifies the Azure region. | "" |
+| sysdig.url | Specifies the Sysdig Secure URL. | "https://secure.sysdig.com" |
+| sysdig.secureAPIToken | Specifies the API Token to access Sysdig Secure. | "" |
+| sysdig.verifySSL | Verifies the SSL certificate. | true |
+| existingSecretName | Provides an existing secret name for the entries it uses. See `templates/secret.yaml` for more information. | "" |
+| rules | Specifies the Rules Section for Cloud Connector. | [] |
+| ingestors | Specifies configuration for the threat detection event ingestion. See [ingestors](#ingestors) for more information. | [] |
+| scanners | Specifies configuration for scanning capabilities. See [scanners](#scanners) for more information. | [] |
+| bruteForceDetection.enabled | Enables Brute Force detection. | true |
+| bruteForceDetection.duration | Specifies a time window for a bruteforce attack try. | 24h |
+| bruteForceDetection.maximumTries | Specifies the maximum number of tries for a given time window. | 10 |
-```console
-$ helm upgrade --install cloud-connector sysdig/cloud-connector \
- --create-namespace -n cloud-connector --version=0.8.1 \
- --values values.yaml
-```
## Examples
-- [Default `values.yaml`](./values.yaml)
-
-## Configuration Detail
### Ingestors
-Where to ingest events from
+Specifies where to ingest the events:
```yaml
ingestors:
@@ -202,7 +194,7 @@ ingestors:
### Scanners
-Trigger scanners when a new image is detected
+Specifies the trigger scanners when a new image is detected:
```yaml
scanners:
@@ -236,9 +228,9 @@ scanners:
# containerRegistry: sfccontainerregistry # container registry name where to run the scan
```
-### Usage examples
+### Usage Examples
-Check live examples present in our different Terraform Modules:
+See additional examples in the Terraform modules:
* [Single Account Deployment for AWS in K8s](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/examples/single-account-k8s/cloud-connector.tf#L27)
* [Single Project Deployment for GCP in K8s](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/blob/master/examples/single-project-k8s/cloud-connector.tf#L32)
@@ -247,8 +239,10 @@ Check live examples present in our different Terraform Modules:
### Troubleshooting
-#### Q: How do I enable `debug` logs?
-A: By editing the configmap and killing pod(s)/deployment so it restart
+#### Enable `debug` Logs
+
+To enable `debug logs`, edit the ConfigMap and terminate the pod or deployment.
+
```yaml
data:
cloud-connector.yaml: |
@@ -256,6 +250,17 @@ A: By editing the configmap and killing pod(s)/deployment so it restart
> logging: debug
```
+## Uninstall the Chart
+
+To uninstall the `cloud-connector`:
+
+```console
+$ helm uninstall cloud-connector -n cloud-connector
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release artifacts.
+
+