feat(agent): always mount http-proxy credentials secrets but mark it …

…as optional
sysdiglabs · Oct 7, 2024 · f70afc3 · f70afc3
1 parent 4ce7da5
commit f70afc3
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 20 deletions.
diff --git a/charts/agent/templates/daemonset-windows.yaml b/charts/agent/templates/daemonset-windows.yaml
@@ -65,10 +65,8 @@ spec:
             mountPath: Sysdig/Agent/certificates
             readOnly: true
           {{- end }}
-          {{- if (include "agent.httpProxyCredentials" .) }}
           - mountPath: Sysdig/Agent/Secrets/http_proxy
             name: sysdig-agent-http-proxy-secrets
-          {{- end }}
       terminationGracePeriodSeconds: 0
       volumes:
       - name: config
@@ -81,11 +79,10 @@ spec:
           {{- else }}
           secretName: {{ include "agent.accessKeySecret" . }}
           {{- end }}
-      {{- if (include "agent.httpProxyCredentials" .) }}
       - name: sysdig-agent-http-proxy-secrets
         secret:
           secretName: {{ template "agent.fullname" . }}-proxy
-      {{- end }}
+          optional: true
       {{- if eq (include "sysdig.custom_ca.useValues"  (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }}
       - name: ca-cert
         secret:

diff --git a/charts/agent/templates/daemonset.yaml b/charts/agent/templates/daemonset.yaml
@@ -279,10 +279,8 @@ spec:
               name: sysdig-agent-config
             - mountPath: /opt/draios/etc/kubernetes/secrets
               name: sysdig-agent-secrets
-            {{- if (include "agent.httpProxyCredentials" .) }}
             - mountPath: /opt/draios/etc/secrets/http_proxy
               name: sysdig-agent-http-proxy-secrets
-            {{- end }}
             - mountPath: /etc/podinfo
               name: podinfo
 
@@ -391,6 +389,10 @@ spec:
           configMap:
             name: {{ include "agent.configmapName" . }}
             optional: true
+        - name: sysdig-agent-http-proxy-secrets
+          secret:
+            secretName: {{ template "agent.fullname" . }}-proxy
+            optional: true
         {{- if .Values.localForwarder.enabled }}
         - name: local-forwarder-config
           configMap:
@@ -404,11 +406,6 @@ spec:
             {{- else }}
             secretName: {{ include "agent.accessKeySecret" . }}
             {{- end }}
-        {{- if (include "agent.httpProxyCredentials" .) }}
-        - name: sysdig-agent-http-proxy-secrets
-          secret:
-            secretName: {{ template "agent.fullname" . }}-proxy
-        {{- end }}
         - name: podinfo
           downwardAPI:
             defaultMode: 420

diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml
@@ -126,10 +126,8 @@ spec:
               name: sysdig-agent-config
             - mountPath: /opt/draios/etc/kubernetes/secrets
               name: sysdig-agent-secrets
-            {{- if and (include "agent.httpProxyCredentials" .) }}
             - mountPath: /opt/draios/etc/secrets/http_proxy
               name: sysdig-agent-http-proxy-secrets
-            {{- end }}
             - mountPath: /etc/podinfo
               name: podinfo
             {{- if eq (include "sysdig.custom_ca.enabled"  (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }}
@@ -258,11 +256,10 @@ spec:
             {{- else }}
             secretName: {{ include "agent.accessKeySecret" . }}
             {{- end }}
-        {{- if and (include "agent.httpProxyCredentials" .) }}
         - name: sysdig-agent-http-proxy-secrets
           secret:
             secretName: {{ template "agent.fullname" . }}-proxy
-        {{- end }}
+            optional: true
         - name: podinfo
           downwardAPI:
             defaultMode: 420

diff --git a/charts/agent/tests/volumes_test.yaml b/charts/agent/tests/volumes_test.yaml
@@ -112,17 +112,21 @@ tests:
     templates:
       - daemonset.yaml
 
-  - it: Ensure agent http proxy volume is not mounted when http_proxy settings is not set
+  - it: Ensure agent http proxy volume is mounted as optional
     set:
       sysdig:
         accessKey: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
       delegatedAgentDeployment:
         enabled: true
     asserts:
-      - isNull:
-          path: spec.template.spec.volumes[?(@.name == "sysdig-agent-http-proxy-secrets")]
-      - isNull:
-          path: spec.template.spec.containers[*].volumeMounts[?(@.name == "sysdig-agent-http-proxy-secrets")]
+      - equal:
+          path: spec.template.spec.volumes[?(@.name == "sysdig-agent-http-proxy-secrets")].secret
+          value:
+            secretName: RELEASE-NAME-agent-proxy
+            optional: true
+      - equal:
+          path: spec.template.spec.containers[*].volumeMounts[?(@.name == "sysdig-agent-http-proxy-secrets")].mountPath
+          value: /opt/draios/etc/secrets/http_proxy
     templates:
       - deployment.yaml
       - daemonset.yaml
@@ -142,6 +146,7 @@ tests:
           path: spec.template.spec.volumes[?(@.name == "sysdig-agent-http-proxy-secrets")].secret
           value:
             secretName: RELEASE-NAME-agent-proxy
+            optional: true
       - equal:
           path: spec.template.spec.containers[*].volumeMounts[?(@.name == "sysdig-agent-http-proxy-secrets")].mountPath
           value: /opt/draios/etc/secrets/http_proxy