From 2769cc2db02aa2217158804426526b2cafab67b5 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Wed, 9 Aug 2023 18:04:45 +0200 Subject: [PATCH 01/19] feat: enable new evaluator --- charts/admission-controller/templates/webhook/clusterrole.yaml | 1 + charts/admission-controller/templates/webhook/deployment.yaml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/charts/admission-controller/templates/webhook/clusterrole.yaml b/charts/admission-controller/templates/webhook/clusterrole.yaml index 2372501de..d533805b9 100644 --- a/charts/admission-controller/templates/webhook/clusterrole.yaml +++ b/charts/admission-controller/templates/webhook/clusterrole.yaml @@ -16,6 +16,7 @@ rules: - "" resources: - pods + - configmaps verbs: - get - apiGroups: diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml index 2171000c7..204efa106 100644 --- a/charts/admission-controller/templates/webhook/deployment.yaml +++ b/charts/admission-controller/templates/webhook/deployment.yaml @@ -88,6 +88,9 @@ spec: - name: SSL_CERT_DIR value: /ca-certs {{- end }} + {{- if .Values.extraEnvVars }} + {{- toYaml .Values.extraEnvVars | nindent 12 }} + {{- end }} ports: - name: http containerPort: {{ .Values.webhook.http.port }} From c6f1a5b73216823140cfa7d836b43455aea0fee0 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Wed, 9 Aug 2023 18:05:46 +0200 Subject: [PATCH 02/19] feat: add new configmap --- .../webhook/admissioncontrollerconfigmap.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml diff --git a/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml b/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml new file mode 100644 index 000000000..fb0271528 --- /dev/null +++ b/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml @@ -0,0 +1,24 @@ +{{- if .Values.extraEnvVars }} +{{- range .Values.extraEnvVars }} +{{- if ne .name "CONFIG_FROM_FILE" }} +{{- end }} +{{- end }} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: admissioncontrollerconfigmap + namespace: {{ include "admissionController.namespace" . }} + labels: + {{ include "admissionController.webhook.labels" . | nindent 4 }} +data: + {{- if .Values.webhook.acConfig }} + acConfig: | + {{ .Values.webhook.acConfig | nindent 4 }} + {{- else }} + acConfig: | + enabled: true + defaultBehaviour: "allow" + assignments: [] + {{- end }} +{{- end }} From bc2b8be5ee96f5ae252e49f9781d798acb96e9ec Mon Sep 17 00:00:00 2001 From: hayk99 Date: Thu, 10 Aug 2023 11:28:02 +0200 Subject: [PATCH 03/19] refactor: make configmap simplier --- .../webhook/admissioncontrollerconfigmap.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml b/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml index fb0271528..aeef74c7b 100644 --- a/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml +++ b/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml @@ -1,9 +1,4 @@ -{{- if .Values.extraEnvVars }} -{{- range .Values.extraEnvVars }} -{{- if ne .name "CONFIG_FROM_FILE" }} -{{- end }} -{{- end }} - +{{- if .Values.webhook.acConfig }} apiVersion: v1 kind: ConfigMap metadata: @@ -12,13 +7,6 @@ metadata: labels: {{ include "admissionController.webhook.labels" . | nindent 4 }} data: - {{- if .Values.webhook.acConfig }} acConfig: | {{ .Values.webhook.acConfig | nindent 4 }} - {{- else }} - acConfig: | - enabled: true - defaultBehaviour: "allow" - assignments: [] - {{- end }} {{- end }} From 6e19f745a6f2c84a16f3ea6ac2973791aa98d430 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Thu, 10 Aug 2023 11:55:49 +0200 Subject: [PATCH 04/19] refactor: move extraEnvVars under webhook --- charts/admission-controller/templates/webhook/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml index 204efa106..4deffe7e6 100644 --- a/charts/admission-controller/templates/webhook/deployment.yaml +++ b/charts/admission-controller/templates/webhook/deployment.yaml @@ -88,8 +88,8 @@ spec: - name: SSL_CERT_DIR value: /ca-certs {{- end }} - {{- if .Values.extraEnvVars }} - {{- toYaml .Values.extraEnvVars | nindent 12 }} + {{- if .Values.webhook.extraEnvVars }} + {{- toYaml .Values.webhook.extraEnvVars | nindent 12 }} {{- end }} ports: - name: http From 59ee0ba68dcd22dd18af8651a55a4931d7345fbc Mon Sep 17 00:00:00 2001 From: hayk99 Date: Thu, 10 Aug 2023 12:30:30 +0200 Subject: [PATCH 05/19] test: add test --- .../tests/configmap_test.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 charts/admission-controller/tests/configmap_test.yaml diff --git a/charts/admission-controller/tests/configmap_test.yaml b/charts/admission-controller/tests/configmap_test.yaml new file mode 100644 index 000000000..4db999577 --- /dev/null +++ b/charts/admission-controller/tests/configmap_test.yaml @@ -0,0 +1,15 @@ +suite: Test admissioncontrollerconfigmap +templates: + - webhook/admissioncontrollerconfigmap.yaml +tests: + - it: Creates the configmap if webhook.acConfig is present + set: + webhook: + acConfig: | + foo: bar + fizz: buzz + asserts: + - containsDocument: + kind: ConfigMap + apiVersion: v1 + template: webhook/admissioncontrollerconfigmap.yaml From 5fa4dc37c5f11d06f33376f8519ae4ac291131be Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 11 Aug 2023 10:22:43 +0200 Subject: [PATCH 06/19] test: add not working commented test --- charts/admission-controller/tests/configmap_test.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/admission-controller/tests/configmap_test.yaml b/charts/admission-controller/tests/configmap_test.yaml index 4db999577..5e5edb6a7 100644 --- a/charts/admission-controller/tests/configmap_test.yaml +++ b/charts/admission-controller/tests/configmap_test.yaml @@ -13,3 +13,10 @@ tests: kind: ConfigMap apiVersion: v1 template: webhook/admissioncontrollerconfigmap.yaml +# - it: Creates the configmap if webhook.acConfig is present +# asserts: +# - containsDocument: +# kind: ConfigMap +# apiVersion: v1 +# template: webhook/admissioncontrollerconfigmap.yaml +# not: true \ No newline at end of file From c7bc5accbb47e59bbd9e97e9bf5ee0831909b7f9 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 11 Aug 2023 10:25:15 +0200 Subject: [PATCH 07/19] fix: merge --- charts/admission-controller/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/admission-controller/values.yaml b/charts/admission-controller/values.yaml index 85f3b5625..9af0eb981 100644 --- a/charts/admission-controller/values.yaml +++ b/charts/admission-controller/values.yaml @@ -208,7 +208,8 @@ webhook: # The image pull secrets for webhook. imagePullSecrets: [] - # Resource request and limits for webhook. + + # Resource request and limits for webhook resources: # +doc-gen:break limits: cpu: 250m From b2c0e7e44a39d2b5efa13fd0ca3362f2f8178f62 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 11 Aug 2023 10:26:54 +0200 Subject: [PATCH 08/19] docs: add doc to configmap --- .../templates/webhook/admissioncontrollerconfigmap.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml b/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml index aeef74c7b..16c0daf1f 100644 --- a/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml +++ b/charts/admission-controller/templates/webhook/admissioncontrollerconfigmap.yaml @@ -1,3 +1,4 @@ +# Warning! This file is for internal tests only. {{- if .Values.webhook.acConfig }} apiVersion: v1 kind: ConfigMap From d511f0bb4847a038a50dec262b8225e4d30f5d48 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 11 Aug 2023 10:27:18 +0200 Subject: [PATCH 09/19] build: bump chart version --- charts/admission-controller/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/admission-controller/Chart.yaml b/charts/admission-controller/Chart.yaml index cf79bdc7e..df3a7207a 100644 --- a/charts/admission-controller/Chart.yaml +++ b/charts/admission-controller/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: admission-controller description: Sysdig Admission Controller using Sysdig Secure inline image scanner type: application -version: 0.12.3 +version: 0.12.4 appVersion: 3.9.26 home: https://sysdiglabs.github.io/admission-controller/ icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 From ccedfac82c8435c2eac95b2deebf53f66e9e7826 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 11 Aug 2023 10:35:36 +0200 Subject: [PATCH 10/19] style: lint --- charts/admission-controller/tests/configmap_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/admission-controller/tests/configmap_test.yaml b/charts/admission-controller/tests/configmap_test.yaml index 5e5edb6a7..6379f9648 100644 --- a/charts/admission-controller/tests/configmap_test.yaml +++ b/charts/admission-controller/tests/configmap_test.yaml @@ -19,4 +19,4 @@ tests: # kind: ConfigMap # apiVersion: v1 # template: webhook/admissioncontrollerconfigmap.yaml -# not: true \ No newline at end of file +# not: true From 4e9d8bce0f53165839bfdb0350ad051122ab984d Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 11 Aug 2023 10:47:11 +0200 Subject: [PATCH 11/19] test: fix description --- charts/admission-controller/tests/configmap_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/admission-controller/tests/configmap_test.yaml b/charts/admission-controller/tests/configmap_test.yaml index 6379f9648..6b7c008b8 100644 --- a/charts/admission-controller/tests/configmap_test.yaml +++ b/charts/admission-controller/tests/configmap_test.yaml @@ -13,7 +13,7 @@ tests: kind: ConfigMap apiVersion: v1 template: webhook/admissioncontrollerconfigmap.yaml -# - it: Creates the configmap if webhook.acConfig is present +# - it: Does not create the configmap if webhook.acConfig is not present # asserts: # - containsDocument: # kind: ConfigMap From 896c49d3f991374e5a2948197e4da14bac7dbe02 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 11 Aug 2023 10:48:18 +0200 Subject: [PATCH 12/19] docs: update --- charts/admission-controller/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md index cca9b8125..9a7140639 100644 --- a/charts/admission-controller/README.md +++ b/charts/admission-controller/README.md @@ -68,7 +68,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.12.3 \ + --create-namespace -n sysdig-admission-controller --version=0.12.4 \ --set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME ``` @@ -80,7 +80,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.12.3 \ + --create-namespace -n sysdig-admission-controller --version=0.12.4 \ --values values.yaml ``` @@ -149,7 +149,7 @@ The following table lists the configurable parameters of the `admission-controll | webhook.securityContext | Configure securityContext for webhook. If empty, some security context are automatically generated. | {} | | webhook.hostNetwork | Specifies if the webhook should be started in hostNetwork mode.
This field is required if you are using a custom CNI where the managed control plane nodes are unable to initiate network connections to the pods, for example, using Calico CNI plugin on EKS.
This is not required or recommended in most contexts. | false | | webhook.imagePullSecrets | The image pull secrets for webhook. | [] | -| webhook.resources | Resource request and limits for webhook. | {"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}} | +| webhook.resources | Resource request and limits for webhook | {"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}} | | webhook.autoscaling.minReplicas | The minimum replicas to use while autoscaling the webhook. | 2 | | webhook.autoscaling.maxReplicas | The maximum replicas to use while autoscaling the webhook. | 5 | | webhook.autoscaling.targetCPUUtilizationPercentage | The target CPU to use when the number of replicas must be increased. | 80 | From 05505709d2146cbcc5b4a6280c7de108b41284d6 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Wed, 16 Aug 2023 09:05:46 +0200 Subject: [PATCH 13/19] feat: create configmap policy if acConfig is set --- .../templates/webhook/clusterrole.yaml | 10 +++++++ .../tests/configmap_test.yaml | 29 ++++++++++++++----- 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/charts/admission-controller/templates/webhook/clusterrole.yaml b/charts/admission-controller/templates/webhook/clusterrole.yaml index d533805b9..43ce3090c 100644 --- a/charts/admission-controller/templates/webhook/clusterrole.yaml +++ b/charts/admission-controller/templates/webhook/clusterrole.yaml @@ -19,6 +19,16 @@ rules: - configmaps verbs: - get +{{- if .Values.webhook.acConfig }} +- apiGroups: + - "batch" + resources: + - jobs + verbs: + - create + - get + - delete +{{- end }} - apiGroups: - "apps" resources: diff --git a/charts/admission-controller/tests/configmap_test.yaml b/charts/admission-controller/tests/configmap_test.yaml index 6b7c008b8..9129a032a 100644 --- a/charts/admission-controller/tests/configmap_test.yaml +++ b/charts/admission-controller/tests/configmap_test.yaml @@ -1,6 +1,7 @@ suite: Test admissioncontrollerconfigmap templates: - - webhook/admissioncontrollerconfigmap.yaml + - templates/webhook/admissioncontrollerconfigmap.yaml + - templates/webhook/clusterrole.yaml tests: - it: Creates the configmap if webhook.acConfig is present set: @@ -12,11 +13,23 @@ tests: - containsDocument: kind: ConfigMap apiVersion: v1 - template: webhook/admissioncontrollerconfigmap.yaml -# - it: Does not create the configmap if webhook.acConfig is not present + template: templates/webhook/admissioncontrollerconfigmap.yaml + - contains: + path: rules + content: + apiGroups: ["batch"] + any: true + template: templates/webhook/clusterrole.yaml + - it: Does not create the configmap if webhook.acConfig is not present + set: {} + asserts: + - notContains: + path: rules + content: + apiGroups: [ "batch" ] + any: true + template: templates/webhook/clusterrole.yaml # asserts: -# - containsDocument: -# kind: ConfigMap -# apiVersion: v1 -# template: webhook/admissioncontrollerconfigmap.yaml -# not: true +# - isNullOrEmpty: +# path: data +# template: templates/webhook/admissioncontrollerconfigmap.yaml \ No newline at end of file From 5f22638ff23bafc7b48edc3391971c5396b34a8e Mon Sep 17 00:00:00 2001 From: hayk99 Date: Wed, 16 Aug 2023 10:53:21 +0200 Subject: [PATCH 14/19] style: lint --- charts/admission-controller/tests/configmap_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/admission-controller/tests/configmap_test.yaml b/charts/admission-controller/tests/configmap_test.yaml index 9129a032a..8472687f0 100644 --- a/charts/admission-controller/tests/configmap_test.yaml +++ b/charts/admission-controller/tests/configmap_test.yaml @@ -32,4 +32,4 @@ tests: # asserts: # - isNullOrEmpty: # path: data -# template: templates/webhook/admissioncontrollerconfigmap.yaml \ No newline at end of file +# template: templates/webhook/admissioncontrollerconfigmap.yaml From ccde72a88148a070b26092fd2d021adb193edf4a Mon Sep 17 00:00:00 2001 From: hayk99 Date: Wed, 16 Aug 2023 11:07:14 +0200 Subject: [PATCH 15/19] docs: update --- charts/admission-controller/README.md | 2 +- charts/admission-controller/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md index 9a7140639..303ea0da3 100644 --- a/charts/admission-controller/README.md +++ b/charts/admission-controller/README.md @@ -149,7 +149,7 @@ The following table lists the configurable parameters of the `admission-controll | webhook.securityContext | Configure securityContext for webhook. If empty, some security context are automatically generated. | {} | | webhook.hostNetwork | Specifies if the webhook should be started in hostNetwork mode.
This field is required if you are using a custom CNI where the managed control plane nodes are unable to initiate network connections to the pods, for example, using Calico CNI plugin on EKS.
This is not required or recommended in most contexts. | false | | webhook.imagePullSecrets | The image pull secrets for webhook. | [] | -| webhook.resources | Resource request and limits for webhook | {"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}} | +| webhook.resources | Resource request and limits for webhook. | {"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"256Mi"}} | | webhook.autoscaling.minReplicas | The minimum replicas to use while autoscaling the webhook. | 2 | | webhook.autoscaling.maxReplicas | The maximum replicas to use while autoscaling the webhook. | 5 | | webhook.autoscaling.targetCPUUtilizationPercentage | The target CPU to use when the number of replicas must be increased. | 80 | diff --git a/charts/admission-controller/values.yaml b/charts/admission-controller/values.yaml index 9af0eb981..b7beb7854 100644 --- a/charts/admission-controller/values.yaml +++ b/charts/admission-controller/values.yaml @@ -209,7 +209,7 @@ webhook: # The image pull secrets for webhook. imagePullSecrets: [] - # Resource request and limits for webhook + # Resource request and limits for webhook. resources: # +doc-gen:break limits: cpu: 250m From 1d3ec610dff54c404513d31da193635273e20039 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Wed, 16 Aug 2023 11:28:11 +0200 Subject: [PATCH 16/19] test: add test for roles --- .../templates/webhook/clusterrole.yaml | 2 ++ .../tests/configmap_test.yaml | 29 ++++++++++++++++--- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/charts/admission-controller/templates/webhook/clusterrole.yaml b/charts/admission-controller/templates/webhook/clusterrole.yaml index 43ce3090c..7b5861ae2 100644 --- a/charts/admission-controller/templates/webhook/clusterrole.yaml +++ b/charts/admission-controller/templates/webhook/clusterrole.yaml @@ -16,7 +16,9 @@ rules: - "" resources: - pods +{{- if .Values.webhook.acConfig }} - configmaps +{{- end }} verbs: - get {{- if .Values.webhook.acConfig }} diff --git a/charts/admission-controller/tests/configmap_test.yaml b/charts/admission-controller/tests/configmap_test.yaml index 8472687f0..fedf29101 100644 --- a/charts/admission-controller/tests/configmap_test.yaml +++ b/charts/admission-controller/tests/configmap_test.yaml @@ -14,11 +14,26 @@ tests: kind: ConfigMap apiVersion: v1 template: templates/webhook/admissioncontrollerconfigmap.yaml - - contains: - path: rules + - it: Creates the clusterrole if webhook.acConfig is present + set: + webhook: + acConfig: | + foo: bar + fizz: buzz + asserts: + - isSubset: + path: rules[2] content: apiGroups: ["batch"] - any: true + resources: ["jobs"] + verbs: ["create", "get", "delete"] + template: templates/webhook/clusterrole.yaml + - isSubset: + path: rules[1] + content: + apiGroups: [""] + resources: ["pods", "configmaps"] + verbs: ["get"] template: templates/webhook/clusterrole.yaml - it: Does not create the configmap if webhook.acConfig is not present set: {} @@ -27,7 +42,13 @@ tests: path: rules content: apiGroups: [ "batch" ] - any: true + template: templates/webhook/clusterrole.yaml + - isSubset: + path: rules[1] + content: + apiGroups: [""] + resources: ["pods"] + verbs: ["get"] template: templates/webhook/clusterrole.yaml # asserts: # - isNullOrEmpty: From ba09291715d20fb7c7e893f8af164b1ec16869dc Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 18 Aug 2023 17:22:30 +0200 Subject: [PATCH 17/19] feat: avoid using extraEnvVars --- .../admission-controller/templates/webhook/deployment.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml index 4deffe7e6..339f1ede2 100644 --- a/charts/admission-controller/templates/webhook/deployment.yaml +++ b/charts/admission-controller/templates/webhook/deployment.yaml @@ -83,13 +83,16 @@ spec: value: {{ include "webhook.httpsProxy" . }} - name: NO_PROXY value: {{ include "webhook.noProxy" . }},{{ include "admissionController.scanner.fullname" . }} + - name: AC_NAMESPACE + value: {{ include "admissionController.namespace" . }} {{- end }} {{- if or .Values.webhook.ssl.ca.cert (eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.webhook.ssl)) "true") }} - name: SSL_CERT_DIR value: /ca-certs {{- end }} - {{- if .Values.webhook.extraEnvVars }} - {{- toYaml .Values.webhook.extraEnvVars | nindent 12 }} + {{- if .Values.webhook.acConfig }} + - name: VM_ENGINE_V2_ENABLED + value: true {{- end }} ports: - name: http From 5b0cab7528aa013d0f0285c3a50143a14ec73a25 Mon Sep 17 00:00:00 2001 From: hayk99 Date: Fri, 18 Aug 2023 17:44:24 +0200 Subject: [PATCH 18/19] fix: use string --- charts/admission-controller/templates/webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml index 339f1ede2..db831c3c4 100644 --- a/charts/admission-controller/templates/webhook/deployment.yaml +++ b/charts/admission-controller/templates/webhook/deployment.yaml @@ -92,7 +92,7 @@ spec: {{- end }} {{- if .Values.webhook.acConfig }} - name: VM_ENGINE_V2_ENABLED - value: true + value: "true" {{- end }} ports: - name: http From 0dc6e930a566f9eb498fa4c6de64694f15a5903f Mon Sep 17 00:00:00 2001 From: hayk99 Date: Mon, 21 Aug 2023 11:32:59 +0200 Subject: [PATCH 19/19] fix: enable admissionregistration for new vm --- .../templates/webhook/admissionregistration.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/admission-controller/templates/webhook/admissionregistration.yaml b/charts/admission-controller/templates/webhook/admissionregistration.yaml index 7b578787a..7a46d5dbd 100644 --- a/charts/admission-controller/templates/webhook/admissionregistration.yaml +++ b/charts/admission-controller/templates/webhook/admissionregistration.yaml @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/managed-by: Helm webhooks: -{{- if .Values.scanner.enabled }} +{{- if or .Values.scanner.enabled .Values.webhook.acConfig }} - name: scanning.secure.sysdig.com matchPolicy: Equivalent rules: