From bedfbe324ca5e295aa0dc6ae41d8b02b9eff35fe Mon Sep 17 00:00:00 2001 From: Federico Feresini Date: Wed, 18 Oct 2023 13:44:47 +0200 Subject: [PATCH 1/4] feat(cluster-scanner): Enable platform services only in regions which support it --- charts/cluster-scanner/Chart.yaml | 2 +- charts/cluster-scanner/README.md | 8 ++-- charts/cluster-scanner/templates/_helpers.tpl | 4 ++ .../cluster-scanner/tests/configmap_test.yaml | 48 +++++++++++++++++-- charts/sysdig-deploy/Chart.yaml | 4 +- 5 files changed, 54 insertions(+), 12 deletions(-) diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml index 5b6a0b43c..8b481bcc4 100644 --- a/charts/cluster-scanner/Chart.yaml +++ b/charts/cluster-scanner/Chart.yaml @@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner type: application -version: 0.7.2 +version: 0.8.0 appVersion: "0.1.0" home: https://www.sysdig.com/ diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md index b4136848b..0c6bc58fd 100644 --- a/charts/cluster-scanner/README.md +++ b/charts/cluster-scanner/README.md @@ -25,7 +25,7 @@ $ pre-commit run -a $ helm repo add sysdig https://charts.sysdig.com $ helm repo update $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.7.2 \ + --create-namespace -n sysdig --version=0.8.0 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.7.2 \ + --create-namespace -n sysdig --version=0.8.0 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -161,7 +161,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to ` ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.7.2 \ + --create-namespace -n sysdig --version=0.8.0 \ --set global.sysdig.region="us1" ``` @@ -170,7 +170,7 @@ installing the chart. For example: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.7.2 \ + --create-namespace -n sysdig --version=0.8.0 \ --values values.yaml ``` diff --git a/charts/cluster-scanner/templates/_helpers.tpl b/charts/cluster-scanner/templates/_helpers.tpl index a26d4e5da..b4d0f68c2 100644 --- a/charts/cluster-scanner/templates/_helpers.tpl +++ b/charts/cluster-scanner/templates/_helpers.tpl @@ -207,10 +207,14 @@ Define the proper imageRegistry to use for imageSbomExtractor {{/* Generates configmap data to enable platform services if onPremCompatibility version is not set, or it is greater than 6.6.0 +It also makes sure that the plarform services are enabled in regions which support them. */}} {{- define "cluster-scanner.enablePlatformServicesConfig" -}} {{- if ( semverCompare ">= 6.6.0" (.Values.onPremCompatibilityVersion | default "6.6.0" )) -}} + {{- $regionsPlatformEnabled := dict "us1" "" "us2" "" "us3" "" "au1" "" "eu1" -}} + {{- if hasKey $regionsPlatformEnabled .Values.global.sysdig.region -}} enable_platform_services: "true" + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/cluster-scanner/tests/configmap_test.yaml b/charts/cluster-scanner/tests/configmap_test.yaml index 31ca041ad..e4ecc0348 100644 --- a/charts/cluster-scanner/tests/configmap_test.yaml +++ b/charts/cluster-scanner/tests/configmap_test.yaml @@ -342,34 +342,73 @@ tests: path: data.no_proxy value: "fake-no-proxy" - - it: "has correct platform services value when onPremCompatibilityVersion is NOT provided" + - it: "has correct platform services value when onPremCompatibilityVersion is NOT provided and region does NOT support platform services" set: global.sysdig.apiHost: "http://test.com" + global.sysdig.region: "" + asserts: + - isNull: + path: data.enable_platform_services + + - it: "has correct platform services value when onPremCompatibilityVersion is NOT provided and region supports platform services" + set: + global.sysdig.apiHost: "http://test.com" + global.sysdig.region: "us1" asserts: - equal: path: data.enable_platform_services value: "true" - - it: "has correct platform services value when onPremCompatibilityVersion is < 6.6" + - it: "has correct platform services value when onPremCompatibilityVersion is < 6.6 and region does NOT support platform services" + set: + global.sysdig.apiHost: "http://test.com" + onPremCompatibilityVersion: "6.5.99" + global.sysdig.region: "" + asserts: + - isNull: + path: data.enable_platform_services + + - it: "has correct platform services value when onPremCompatibilityVersion is < 6.6 and region supports platform services" set: global.sysdig.apiHost: "http://test.com" onPremCompatibilityVersion: "6.5.99" + global.sysdig.region: "us1" + asserts: + - isNull: + path: data.enable_platform_services + + - it: "has correct platform services value when onPremCompatibilityVersion is = 6.5 and region does NOT support platform services" + set: + global.sysdig.apiHost: "http://test.com" + onPremCompatibilityVersion: "6.5" + global.sysdig.region: "" asserts: - isNull: path: data.enable_platform_services - - it: "has correct platform services value when onPremCompatibilityVersion is = 6.5" + - it: "has correct platform services value when onPremCompatibilityVersion is = 6.5 and region supports platform services" set: global.sysdig.apiHost: "http://test.com" onPremCompatibilityVersion: "6.5" + global.sysdig.region: "us1" + asserts: + - isNull: + path: data.enable_platform_services + + - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0 and region does NOT support platform services" + set: + global.sysdig.apiHost: "http://test.com" + onPremCompatibilityVersion: "6.6.0" + global.sysdig.region: "" asserts: - isNull: path: data.enable_platform_services - - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0" + - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0 and region supports platform services" set: global.sysdig.apiHost: "http://test.com" onPremCompatibilityVersion: "6.6.0" + global.sysdig.region: "us1" asserts: - equal: path: data.enable_platform_services @@ -393,7 +432,6 @@ tests: path: data.enable_platform_services value: "true" - - it: "fails if onPremCompatibilityVersion is not a valid semver" set: global.sysdig.apiHost: "http://test.com" diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index d318f3e36..a6d540e1f 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.25.0 +version: 1.25.1 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com @@ -42,7 +42,7 @@ dependencies: - name: cluster-scanner # repository: https://charts.sysdig.com repository: file://../cluster-scanner - version: ~0.7.2 + version: ~0.8.0 alias: clusterScanner condition: clusterScanner.enabled - name: kspm-collector From c7761bda77fccbc453a81d9e5739cef71c9a7958 Mon Sep 17 00:00:00 2001 From: Federico Feresini Date: Wed, 18 Oct 2023 15:16:25 +0200 Subject: [PATCH 2/4] check only when onPremCompatibilityVersion is not provided --- charts/cluster-scanner/templates/_helpers.tpl | 6 +++--- charts/cluster-scanner/tests/configmap_test.yaml | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/cluster-scanner/templates/_helpers.tpl b/charts/cluster-scanner/templates/_helpers.tpl index b4d0f68c2..13e5f68c5 100644 --- a/charts/cluster-scanner/templates/_helpers.tpl +++ b/charts/cluster-scanner/templates/_helpers.tpl @@ -207,12 +207,12 @@ Define the proper imageRegistry to use for imageSbomExtractor {{/* Generates configmap data to enable platform services if onPremCompatibility version is not set, or it is greater than 6.6.0 -It also makes sure that the plarform services are enabled in regions which support them. +It also makes sure that the plarform services are enabled in regions which support them when onPremCompatibility is not defined. */}} {{- define "cluster-scanner.enablePlatformServicesConfig" -}} {{- if ( semverCompare ">= 6.6.0" (.Values.onPremCompatibilityVersion | default "6.6.0" )) -}} - {{- $regionsPlatformEnabled := dict "us1" "" "us2" "" "us3" "" "au1" "" "eu1" -}} - {{- if hasKey $regionsPlatformEnabled .Values.global.sysdig.region -}} + {{- $regionsPlatformEnabled := list "us1" "us2" "us3" "au1" "eu1" -}} + {{- if or (has .Values.global.sysdig.region $regionsPlatformEnabled) .Values.onPremCompatibilityVersion -}} enable_platform_services: "true" {{- end -}} {{- end -}} diff --git a/charts/cluster-scanner/tests/configmap_test.yaml b/charts/cluster-scanner/tests/configmap_test.yaml index e4ecc0348..865da59ef 100644 --- a/charts/cluster-scanner/tests/configmap_test.yaml +++ b/charts/cluster-scanner/tests/configmap_test.yaml @@ -401,8 +401,9 @@ tests: onPremCompatibilityVersion: "6.6.0" global.sysdig.region: "" asserts: - - isNull: + - equal: path: data.enable_platform_services + value: "true" - it: "has correct platform services value when onPremCompatibilityVersion is = 6.6.0 and region supports platform services" set: From 701d57743b9f9eb604b68937cd5bb03899bb7ae1 Mon Sep 17 00:00:00 2001 From: Federico Feresini Date: Wed, 18 Oct 2023 15:50:39 +0200 Subject: [PATCH 3/4] typo --- charts/cluster-scanner/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/cluster-scanner/templates/_helpers.tpl b/charts/cluster-scanner/templates/_helpers.tpl index 13e5f68c5..abe723e34 100644 --- a/charts/cluster-scanner/templates/_helpers.tpl +++ b/charts/cluster-scanner/templates/_helpers.tpl @@ -207,7 +207,7 @@ Define the proper imageRegistry to use for imageSbomExtractor {{/* Generates configmap data to enable platform services if onPremCompatibility version is not set, or it is greater than 6.6.0 -It also makes sure that the plarform services are enabled in regions which support them when onPremCompatibility is not defined. +It also makes sure that the platform services are enabled in regions which support them when onPremCompatibility is not defined. */}} {{- define "cluster-scanner.enablePlatformServicesConfig" -}} {{- if ( semverCompare ">= 6.6.0" (.Values.onPremCompatibilityVersion | default "6.6.0" )) -}} From 1f024611f1e43bb63c7ec10ef32e02589aa8acb8 Mon Sep 17 00:00:00 2001 From: Federico Feresini Date: Wed, 18 Oct 2023 16:05:46 +0200 Subject: [PATCH 4/4] bump minor ss depl --- charts/sysdig-deploy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index a6d540e1f..c01b7a7a7 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.25.1 +version: 1.26.0 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com