chore: bump the bitnami/kubectl image reference in the rapid-response...

... chart Made with ❤️️ by updatecli
sysdiglabs · Oct 24, 2024 · f6960bc · f6960bc
1 parent f1a6f9b
commit f6960bc
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 51 deletions.
diff --git a/charts/rapid-response/Chart.yaml b/charts/rapid-response/Chart.yaml
@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.9.11
+version: 0.9.12
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

diff --git a/charts/rapid-response/values.yaml b/charts/rapid-response/values.yaml
@@ -28,83 +28,63 @@ global:
       #       NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
       #       MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
       #       -----END CERTIFICATE-----
-
       # Filename that is used when creating the secret.  Required if cert is provided.
       keyName: root_ca_file.crt
-
       # Provide the name of an existing Secret that contains the CA required
-      existingCaSecret:
-      # Provide the filename that is defined inside the existing Secret.  Required if existingCaSecret is set.
-      existingCaSecretKeyName:
-
-      # Provide the name of an existing ConfigMap that contains the CA required
-      existingCaConfigMap:
-      # Provide the filename that is defined inside the existing ConfigMap.  Required if existingCaConfigMap is set.
-      existingCaConfigMapKeyName:
-
+      existingCaSecret: null # Provide the filename that is defined inside the existing Secret.  Required if existingCaSecret is set.
+      existingCaSecretKeyName: null # Provide the name of an existing ConfigMap that contains the CA required
+      existingCaConfigMap: null # Provide the filename that is defined inside the existing ConfigMap.  Required if existingCaConfigMap is set.
+      existingCaConfigMapKeyName: null
 sysdig:
   # Required: You need your Sysdig access key before running agents, either specifying 'accessKey' here, or using 'existingAccessKeySecret'
   accessKey: ""
-
   # Alternatively, specify the name of a Kubernetes secret containing an 'access-key' entry
   existingAccessKeySecret: ""
-
 rapidResponse:
   # Required: A passphrase used to encrypt all traffic between the user and host, either specifying 'passphrase' here, or using 'existingPassphraseSecret'
   passphrase: ""
-
   # Alternatively, specify the name of a Kubernetes secret containing an 'passphrase' entry
   existingPassphraseSecret: ""
-
   # Rapid Response doesn't require to access to any specific Kubernetes resources by default.
   # Users can specify a Service Account name in order to give some capabilities to Rapid Response pod
   existingServiceAccount: ""
-
   image:
     registry: quay.io
-    pullPolicy:
+    pullPolicy: null
     repository: sysdig/rapid-response-host-component
     # If unset, .Chart.AppVersion is used to create tag
     # Note: Image tag must be a string specified in double-quotes
     # tag: "0.3.3"
-
   imagePullSecrets: []
-
   # The API endpoint for Sysdig Secure, specified with no protocol:
   # * SaaS default region (US East): secure.sysdig.com
   # * SaaS US Web: us2.app.sysdig.com
   # * SaaS European Union: eu1.app.sysdig.com
   # * On-Prem: sysdig.my.company.com
   apiEndpoint: ""
-
   # DEPRECATED - this flag has been deprecated, please use `sslVerifyCertificate`
   # Can be set to true to allow insecure connections to the Sysdig backend,
   # such as for on-premise installs that use self-signed certificates.
   # By default, certificates are always verified.
   # skipTlsVerifyCertificate: true
-
   # Can be set to false to allow insecure connections to the Sysdig backend,
   # such as for on-premise installs that use self-signed certificates.
   # By default, certificates are always verified.
   # sslVerifyCertificate: false
-
   # If is behind a proxy you can set a proxy server
   # Configure it when Rapid Response needs to connect to Sysdig backend through an HTTP/HTTPS proxy:
   proxy:
     httpProxy: ""
     httpsProxy: ""
     noProxy: ""
-
   scc:
     # true here enables creation of Security Context Constraints in Openshift
     create: true
-
   serviceAccount:
     # true here enables creation of service account
     create: true
     # Use this value as rapidResponseServiceAccountName
     name: "rapid-response"
-
   ### Not working when is empty
   # Import custom CA certificates
   ssl:
@@ -128,34 +108,23 @@ rapidResponse:
       #       NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
       #       MMNlTAQ9fvdNOTzZntye0PQYRTTS34D=
       #       -----END CERTIFICATE-----
-
       # Filename that is used when creating the secret.  Required if cert is provided.
-      keyName:
-
-      # Provide the name of an existing Secret that contains the CA required
-      existingCaSecret:
-      # Provide the filename that is defined inside the existing Secret.  Required if existingCaSecret is set.
-      existingCaSecretKeyName:
-
-      # Provide the name of an existing ConfigMap that contains the CA required
-      existingCaConfigMap:
-      # Provide the filename that is defined inside the existing ConfigMap.  Required if existingCaConfigMap is set.
-      existingCaConfigMapKeyName:
-
-  # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to
-  # running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail.
-  # securityContext:
-  #   privileged: true
+      keyName: null # Provide the name of an existing Secret that contains the CA required
+      existingCaSecret: null # Provide the filename that is defined inside the existing Secret.  Required if existingCaSecret is set.
+      existingCaSecretKeyName: null # Provide the name of an existing ConfigMap that contains the CA required
+      existingCaConfigMap: null # Provide the filename that is defined inside the existing ConfigMap.  Required if existingCaConfigMap is set.
+      existingCaConfigMapKeyName: null # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to
+# running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail.
+# securityContext:
+#   privileged: true
   securityContext: {}
-
   resources:
     limits:
       cpu: 500m
       memory: 500Mi
     requests:
       cpu: 250m
       memory: 250Mi
-
   extraVolumes:
     volumes: []
     mounts: []
@@ -173,18 +142,15 @@ rapidResponse:
     #   mounts:
     #     - mountPath: /host
     #       name: host-root-vol
-
   # Perform rolling updates by default in the DaemonSet agent
   # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
   updateStrategy:
     # You can also customize maxUnavailable, maxSurge or minReadySeconds if you
     # need it
     type: RollingUpdate
     rollingUpdate: {}
-
   # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
   nodeSelector: {}
-
   # arch and os will be used to template out a node affinity block matching everything in each list. If affinity is
   # defined, these fields will be ignored
   arch:
@@ -201,7 +167,6 @@ rapidResponse:
   daemonSetAnnotations: {}
   # Allow the DaemonSet to set labels
   daemonSetLabels: {}
-
   # Allow sysdig to run on Kubernetes 1.6 masters.
   tolerations:
     - effect: NoSchedule
@@ -216,12 +181,11 @@ rapidResponse:
       key: node-role.kubernetes.io/etcd
       operator: Equal
       value: "true"
-
 tests:
   rbac:
     # true here enables creation of rbac resources
     create: true
   timeout: 300s
   image:
     repo: bitnami/kubectl
-    tag: 1.31.1
+    tag: 1.31.2