From e3b31ec3f00086cce073e4f8516799c42ab486a0 Mon Sep 17 00:00:00 2001 From: Alberto Barba Date: Thu, 14 Sep 2023 13:08:32 +0200 Subject: [PATCH] fix: admission controller read does not read global.sysdig.accessKeySecret --- charts/admission-controller/Chart.yaml | 2 +- charts/admission-controller/README.md | 4 +- .../templates/_helpers.tpl | 2 +- .../tests/global_overrides_test.yaml | 39 +++++++++++++++++++ 4 files changed, 43 insertions(+), 4 deletions(-) diff --git a/charts/admission-controller/Chart.yaml b/charts/admission-controller/Chart.yaml index b58479b19..72f7049b2 100644 --- a/charts/admission-controller/Chart.yaml +++ b/charts/admission-controller/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: admission-controller description: Sysdig Admission Controller using Sysdig Secure inline image scanner type: application -version: 0.14.5 +version: 0.14.6 appVersion: 3.9.29 home: https://sysdiglabs.github.io/admission-controller/ icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md index 8e6733a60..e886a50a4 100644 --- a/charts/admission-controller/README.md +++ b/charts/admission-controller/README.md @@ -68,7 +68,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.14.5 \ + --create-namespace -n sysdig-admission-controller --version=0.14.6 \ --set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME ``` @@ -80,7 +80,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.14.5 \ + --create-namespace -n sysdig-admission-controller --version=0.14.6 \ --values values.yaml ``` diff --git a/charts/admission-controller/templates/_helpers.tpl b/charts/admission-controller/templates/_helpers.tpl index 2a6b844c8..75016130b 100644 --- a/charts/admission-controller/templates/_helpers.tpl +++ b/charts/admission-controller/templates/_helpers.tpl @@ -298,7 +298,7 @@ the following helper function designed to take the accessKey if specified locall {{- end -}} {{- define "sysdig.existingAccessKeySecret" -}} - {{- .Values.sysdig.existingAccessKeySecret | default .Values.global.sysdig.existingAccessKeySecret | default "" -}} + {{- .Values.sysdig.existingAccessKeySecret | default .Values.global.sysdig.accessKeySecret | default .Values.global.sysdig.existingAccessKeySecret | default "" -}} {{- end -}} {{/* diff --git a/charts/admission-controller/tests/global_overrides_test.yaml b/charts/admission-controller/tests/global_overrides_test.yaml index a2b51c066..e04019932 100644 --- a/charts/admission-controller/tests/global_overrides_test.yaml +++ b/charts/admission-controller/tests/global_overrides_test.yaml @@ -236,6 +236,45 @@ tests: value: some-secret template: webhook/deployment.yaml + - it: check value of accessKeySecret without local chart override + documentIndex: 0 + set: + global: + sysdig: + accessKeySecret: some-secret + sysdig: + url: secure.sysdigcloud.com + features: + kspmAdmissionController: true + k8sAuditDetections: false + clusterName: test-k8s + version: 0.7.3 + asserts: + - equal: + path: spec.template.spec.volumes[0].secret.secretName + value: some-secret + template: webhook/deployment.yaml + + - it: check value of accessKeySecret with local chart override + documentIndex: 0 + set: + global: + sysdig: + accessKeySecret: some-secret + sysdig: + url: secure.sysdigcloud.com + existingAccessKeySecret: override-secret + features: + kspmAdmissionController: true + k8sAuditDetections: false + clusterName: test-k8s + version: 0.7.3 + asserts: + - equal: + path: spec.template.spec.volumes[0].secret.secretName + value: override-secret + template: webhook/deployment.yaml + - it: uses the specified region documentIndex: 0 set: