From f70afc3f52e38d195d42f2e55fee5958c1261515 Mon Sep 17 00:00:00 2001 From: Alberto Barba Date: Fri, 30 Aug 2024 10:06:32 +0200 Subject: [PATCH] feat(agent): always mount http-proxy credentials secrets but mark it as optional --- charts/agent/templates/daemonset-windows.yaml | 5 +---- charts/agent/templates/daemonset.yaml | 11 ++++------- charts/agent/templates/deployment.yaml | 5 +---- charts/agent/tests/volumes_test.yaml | 15 ++++++++++----- 4 files changed, 16 insertions(+), 20 deletions(-) diff --git a/charts/agent/templates/daemonset-windows.yaml b/charts/agent/templates/daemonset-windows.yaml index e1efdeb00..361e8189d 100644 --- a/charts/agent/templates/daemonset-windows.yaml +++ b/charts/agent/templates/daemonset-windows.yaml @@ -65,10 +65,8 @@ spec: mountPath: Sysdig/Agent/certificates readOnly: true {{- end }} - {{- if (include "agent.httpProxyCredentials" .) }} - mountPath: Sysdig/Agent/Secrets/http_proxy name: sysdig-agent-http-proxy-secrets - {{- end }} terminationGracePeriodSeconds: 0 volumes: - name: config @@ -81,11 +79,10 @@ spec: {{- else }} secretName: {{ include "agent.accessKeySecret" . }} {{- end }} - {{- if (include "agent.httpProxyCredentials" .) }} - name: sysdig-agent-http-proxy-secrets secret: secretName: {{ template "agent.fullname" . }}-proxy - {{- end }} + optional: true {{- if eq (include "sysdig.custom_ca.useValues" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} - name: ca-cert secret: diff --git a/charts/agent/templates/daemonset.yaml b/charts/agent/templates/daemonset.yaml index 8e340ee18..b18aa3c97 100644 --- a/charts/agent/templates/daemonset.yaml +++ b/charts/agent/templates/daemonset.yaml @@ -279,10 +279,8 @@ spec: name: sysdig-agent-config - mountPath: /opt/draios/etc/kubernetes/secrets name: sysdig-agent-secrets - {{- if (include "agent.httpProxyCredentials" .) }} - mountPath: /opt/draios/etc/secrets/http_proxy name: sysdig-agent-http-proxy-secrets - {{- end }} - mountPath: /etc/podinfo name: podinfo @@ -391,6 +389,10 @@ spec: configMap: name: {{ include "agent.configmapName" . }} optional: true + - name: sysdig-agent-http-proxy-secrets + secret: + secretName: {{ template "agent.fullname" . }}-proxy + optional: true {{- if .Values.localForwarder.enabled }} - name: local-forwarder-config configMap: @@ -404,11 +406,6 @@ spec: {{- else }} secretName: {{ include "agent.accessKeySecret" . }} {{- end }} - {{- if (include "agent.httpProxyCredentials" .) }} - - name: sysdig-agent-http-proxy-secrets - secret: - secretName: {{ template "agent.fullname" . }}-proxy - {{- end }} - name: podinfo downwardAPI: defaultMode: 420 diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml index 9a3f5fe09..e57d53e3f 100644 --- a/charts/agent/templates/deployment.yaml +++ b/charts/agent/templates/deployment.yaml @@ -126,10 +126,8 @@ spec: name: sysdig-agent-config - mountPath: /opt/draios/etc/kubernetes/secrets name: sysdig-agent-secrets - {{- if and (include "agent.httpProxyCredentials" .) }} - mountPath: /opt/draios/etc/secrets/http_proxy name: sysdig-agent-http-proxy-secrets - {{- end }} - mountPath: /etc/podinfo name: podinfo {{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} @@ -258,11 +256,10 @@ spec: {{- else }} secretName: {{ include "agent.accessKeySecret" . }} {{- end }} - {{- if and (include "agent.httpProxyCredentials" .) }} - name: sysdig-agent-http-proxy-secrets secret: secretName: {{ template "agent.fullname" . }}-proxy - {{- end }} + optional: true - name: podinfo downwardAPI: defaultMode: 420 diff --git a/charts/agent/tests/volumes_test.yaml b/charts/agent/tests/volumes_test.yaml index 9e0bc69e6..88441db8b 100644 --- a/charts/agent/tests/volumes_test.yaml +++ b/charts/agent/tests/volumes_test.yaml @@ -112,17 +112,21 @@ tests: templates: - daemonset.yaml - - it: Ensure agent http proxy volume is not mounted when http_proxy settings is not set + - it: Ensure agent http proxy volume is mounted as optional set: sysdig: accessKey: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE delegatedAgentDeployment: enabled: true asserts: - - isNull: - path: spec.template.spec.volumes[?(@.name == "sysdig-agent-http-proxy-secrets")] - - isNull: - path: spec.template.spec.containers[*].volumeMounts[?(@.name == "sysdig-agent-http-proxy-secrets")] + - equal: + path: spec.template.spec.volumes[?(@.name == "sysdig-agent-http-proxy-secrets")].secret + value: + secretName: RELEASE-NAME-agent-proxy + optional: true + - equal: + path: spec.template.spec.containers[*].volumeMounts[?(@.name == "sysdig-agent-http-proxy-secrets")].mountPath + value: /opt/draios/etc/secrets/http_proxy templates: - deployment.yaml - daemonset.yaml @@ -142,6 +146,7 @@ tests: path: spec.template.spec.volumes[?(@.name == "sysdig-agent-http-proxy-secrets")].secret value: secretName: RELEASE-NAME-agent-proxy + optional: true - equal: path: spec.template.spec.containers[*].volumeMounts[?(@.name == "sysdig-agent-http-proxy-secrets")].mountPath value: /opt/draios/etc/secrets/http_proxy