From f6960bcc74529b0b9479d63c058286012c38ba72 Mon Sep 17 00:00:00 2001 From: updatecli Date: Thu, 24 Oct 2024 00:09:49 +0000 Subject: [PATCH] chore: bump the bitnami/kubectl image reference in the rapid-response... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... chart Made with ❤️️ by updatecli --- charts/rapid-response/Chart.yaml | 2 +- charts/rapid-response/values.yaml | 64 +++++++------------------------ 2 files changed, 15 insertions(+), 51 deletions(-) diff --git a/charts/rapid-response/Chart.yaml b/charts/rapid-response/Chart.yaml index 84922f51c..9d07bf486 100644 --- a/charts/rapid-response/Chart.yaml +++ b/charts/rapid-response/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.11 +version: 0.9.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. diff --git a/charts/rapid-response/values.yaml b/charts/rapid-response/values.yaml index c64e67f16..23cb43249 100644 --- a/charts/rapid-response/values.yaml +++ b/charts/rapid-response/values.yaml @@ -28,83 +28,63 @@ global: # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D= # -----END CERTIFICATE----- - # Filename that is used when creating the secret. Required if cert is provided. keyName: root_ca_file.crt - # Provide the name of an existing Secret that contains the CA required - existingCaSecret: - # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: - - # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: - # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: - + existingCaSecret: null # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. + existingCaSecretKeyName: null # Provide the name of an existing ConfigMap that contains the CA required + existingCaConfigMap: null # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. + existingCaConfigMapKeyName: null sysdig: # Required: You need your Sysdig access key before running agents, either specifying 'accessKey' here, or using 'existingAccessKeySecret' accessKey: "" - # Alternatively, specify the name of a Kubernetes secret containing an 'access-key' entry existingAccessKeySecret: "" - rapidResponse: # Required: A passphrase used to encrypt all traffic between the user and host, either specifying 'passphrase' here, or using 'existingPassphraseSecret' passphrase: "" - # Alternatively, specify the name of a Kubernetes secret containing an 'passphrase' entry existingPassphraseSecret: "" - # Rapid Response doesn't require to access to any specific Kubernetes resources by default. # Users can specify a Service Account name in order to give some capabilities to Rapid Response pod existingServiceAccount: "" - image: registry: quay.io - pullPolicy: + pullPolicy: null repository: sysdig/rapid-response-host-component # If unset, .Chart.AppVersion is used to create tag # Note: Image tag must be a string specified in double-quotes # tag: "0.3.3" - imagePullSecrets: [] - # The API endpoint for Sysdig Secure, specified with no protocol: # * SaaS default region (US East): secure.sysdig.com # * SaaS US Web: us2.app.sysdig.com # * SaaS European Union: eu1.app.sysdig.com # * On-Prem: sysdig.my.company.com apiEndpoint: "" - # DEPRECATED - this flag has been deprecated, please use `sslVerifyCertificate` # Can be set to true to allow insecure connections to the Sysdig backend, # such as for on-premise installs that use self-signed certificates. # By default, certificates are always verified. # skipTlsVerifyCertificate: true - # Can be set to false to allow insecure connections to the Sysdig backend, # such as for on-premise installs that use self-signed certificates. # By default, certificates are always verified. # sslVerifyCertificate: false - # If is behind a proxy you can set a proxy server # Configure it when Rapid Response needs to connect to Sysdig backend through an HTTP/HTTPS proxy: proxy: httpProxy: "" httpsProxy: "" noProxy: "" - scc: # true here enables creation of Security Context Constraints in Openshift create: true - serviceAccount: # true here enables creation of service account create: true # Use this value as rapidResponseServiceAccountName name: "rapid-response" - ### Not working when is empty # Import custom CA certificates ssl: @@ -128,26 +108,16 @@ rapidResponse: # NjExWjAUMRIwEAYDVQQDEwloYXJib3ItY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB # MMNlTAQ9fvdNOTzZntye0PQYRTTS34D= # -----END CERTIFICATE----- - # Filename that is used when creating the secret. Required if cert is provided. - keyName: - - # Provide the name of an existing Secret that contains the CA required - existingCaSecret: - # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. - existingCaSecretKeyName: - - # Provide the name of an existing ConfigMap that contains the CA required - existingCaConfigMap: - # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. - existingCaConfigMapKeyName: - - # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to - # running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail. - # securityContext: - # privileged: true + keyName: null # Provide the name of an existing Secret that contains the CA required + existingCaSecret: null # Provide the filename that is defined inside the existing Secret. Required if existingCaSecret is set. + existingCaSecretKeyName: null # Provide the name of an existing ConfigMap that contains the CA required + existingCaConfigMap: null # Provide the filename that is defined inside the existing ConfigMap. Required if existingCaConfigMap is set. + existingCaConfigMapKeyName: null # The privileged flag is necessary for OCP 4.x and other Kubernetes setups that deny host filesystem access to +# running containers by default regardless of volume mounts. In those cases, access to the CRI socket would fail. +# securityContext: +# privileged: true securityContext: {} - resources: limits: cpu: 500m @@ -155,7 +125,6 @@ rapidResponse: requests: cpu: 250m memory: 250Mi - extraVolumes: volumes: [] mounts: [] @@ -173,7 +142,6 @@ rapidResponse: # mounts: # - mountPath: /host # name: host-root-vol - # Perform rolling updates by default in the DaemonSet agent # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ updateStrategy: @@ -181,10 +149,8 @@ rapidResponse: # need it type: RollingUpdate rollingUpdate: {} - # ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ nodeSelector: {} - # arch and os will be used to template out a node affinity block matching everything in each list. If affinity is # defined, these fields will be ignored arch: @@ -201,7 +167,6 @@ rapidResponse: daemonSetAnnotations: {} # Allow the DaemonSet to set labels daemonSetLabels: {} - # Allow sysdig to run on Kubernetes 1.6 masters. tolerations: - effect: NoSchedule @@ -216,7 +181,6 @@ rapidResponse: key: node-role.kubernetes.io/etcd operator: Equal value: "true" - tests: rbac: # true here enables creation of rbac resources @@ -224,4 +188,4 @@ tests: timeout: 300s image: repo: bitnami/kubectl - tag: 1.31.1 + tag: 1.31.2