diff --git a/charts/cluster-shield/Chart.yaml b/charts/cluster-shield/Chart.yaml
index 88890db6a..a75336568 100644
--- a/charts/cluster-shield/Chart.yaml
+++ b/charts/cluster-shield/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
name: cluster-shield
description: Cluster Shield Helm Chart for Kubernetes
type: application
-version: 1.4.0
+version: 1.4.1
appVersion: "1.4.0"
maintainers:
- name: AlbertoBarba
diff --git a/charts/cluster-shield/README.md b/charts/cluster-shield/README.md
index c6ea70b0b..a02044f7c 100644
--- a/charts/cluster-shield/README.md
+++ b/charts/cluster-shield/README.md
@@ -179,6 +179,9 @@ The following table lists the configurable parameters of the `cluster-shield` ch
| existingTLSSecret.tlsCertName | Provide the certificate filename that is defined inside the existing Secret (default tls.crt) |
|
| existingTLSSecret.tlsCertKeyName | Provide the certificate key filename that is defined inside the existing Secret (default tls.key) |
|
| existingTLSSecret.caCertName | Provide the certificate authority filename that is defined inside the existing Secret (default ca.crt) |
|
+| env | Optional parameter used to add environment variables to the Cluster Shield pods | []
|
+| volumes | Optional parameter to specify additional host volumes for the Cluster Shield pods | []
|
+| volumeMounts | Optional parameter to specify additional volume mounts for the Cluster Shield pods | []
|
## Running helm unit tests
diff --git a/charts/cluster-shield/templates/_helpers.tpl b/charts/cluster-shield/templates/_helpers.tpl
index 505b11d7e..3f71c3578 100644
--- a/charts/cluster-shield/templates/_helpers.tpl
+++ b/charts/cluster-shield/templates/_helpers.tpl
@@ -453,6 +453,6 @@ run-all-namespaced
{{- $tags := (include "cluster-shield.dict.flatten" (list .Values.global.sysdig.tags "") | split ",") -}}
{{- range $tags -}}
{{- $tag := (split ":" .) -}}
-{{- $tag._0 }}: {{ $tag._1 }}
+{{- $tag._0 }}: {{ $tag._1 | quote }}
{{ end -}}
{{- end -}}
diff --git a/charts/cluster-shield/templates/deployment.yaml b/charts/cluster-shield/templates/deployment.yaml
index 71edbc84d..3400114e4 100644
--- a/charts/cluster-shield/templates/deployment.yaml
+++ b/charts/cluster-shield/templates/deployment.yaml
@@ -104,6 +104,9 @@ spec:
mountPath: /ca-certs
readOnly: true
{{- end }}
+ {{- with .Values.volumeMounts }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
env:
- name: KUBE_POD_NAME
valueFrom:
@@ -139,6 +142,9 @@ spec:
key: noProxy
optional: true
{{- end }}
+ {{- with .Values.env }}
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
volumes:
- name: cluster-shield
configMap:
@@ -166,6 +172,9 @@ spec:
configMap:
name: {{ .Values.ca.existingCaConfigMap | default .Values.global.ssl.ca.existingCaConfigMap }}
{{- end }}
+ {{- with .Values.volumes }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
diff --git a/charts/cluster-shield/tests/configmap_test.yaml b/charts/cluster-shield/tests/configmap_test.yaml
index f5f633bf5..676d23bbe 100644
--- a/charts/cluster-shield/tests/configmap_test.yaml
+++ b/charts/cluster-shield/tests/configmap_test.yaml
@@ -332,7 +332,7 @@ tests:
key2:
subkey1: subvalue2
subkey2:
- subsubkey1: subsubvalue1
+ subsubkey1: "true"
asserts:
- containsDocument:
kind: ConfigMap
@@ -351,7 +351,7 @@ tests:
tags:
key1: value1
key2.subkey1: subvalue2
- key2.subkey2.subsubkey1: subsubvalue1
+ key2.subkey2.subsubkey1: "true"
- it: Cluster Config Tags
set:
@@ -359,7 +359,7 @@ tests:
cluster_config:
tags:
key1: value1
- key2: value2
+ key2: "true"
asserts:
- containsDocument:
kind: ConfigMap
@@ -377,7 +377,7 @@ tests:
name: lint-cluster
tags:
key1: value1
- key2: value2
+ key2: "true"
- it: Test Cluster Config Tags overrides Global Tags
set:
@@ -393,7 +393,7 @@ tests:
cluster_config:
tags:
key1: value1
- key2: value2
+ key2: "true"
asserts:
- containsDocument:
kind: ConfigMap
@@ -411,4 +411,4 @@ tests:
name: lint-cluster
tags:
key1: value1
- key2: value2
+ key2: "true"
diff --git a/charts/cluster-shield/tests/deployment_test.yaml b/charts/cluster-shield/tests/deployment_test.yaml
index 80a60d0da..3b6649171 100644
--- a/charts/cluster-shield/tests/deployment_test.yaml
+++ b/charts/cluster-shield/tests/deployment_test.yaml
@@ -452,3 +452,39 @@ tests:
name: cert
secret:
secretName: my-custom-tls-secret
+
+ - it: Test setting custom environment variables
+ set:
+ env:
+ - name: MY_ENV_VAR
+ value: my-value
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[?(@.name == "cluster-shield")].env
+ content:
+ name: MY_ENV_VAR
+ value: my-value
+
+ - it: Test adding custom volume and volume mounts
+ set:
+ volumes:
+ - name: my-volume
+ hostPath:
+ path: /opt/my-dir
+ volumeMounts:
+ - name: my-volume
+ mountPath: /host/opt/my-dir
+ readOnly: true
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts
+ content:
+ name: my-volume
+ mountPath: /host/opt/my-dir
+ readOnly: true
+ - contains:
+ path: spec.template.spec.volumes
+ content:
+ name: my-volume
+ hostPath:
+ path: /opt/my-dir
diff --git a/charts/cluster-shield/values.schema.json b/charts/cluster-shield/values.schema.json
index b1fd0ce55..d358552aa 100644
--- a/charts/cluster-shield/values.schema.json
+++ b/charts/cluster-shield/values.schema.json
@@ -188,6 +188,75 @@
"Default",
"None"
]
+ },
+ "env": {
+ "type": "array",
+ "description": "Define additional environment variables to be used by the Cluster Shield",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the environment variable"
+ },
+ "value": {
+ "type": "string",
+ "description": "The value of the environment variable"
+ }
+ },
+ "required": [
+ "name",
+ "value"
+ ]
+ }
+ },
+ "volumes": {
+ "type": "array",
+ "description": "Define additional volumes to be used by the Cluster Shield",
+ "items": {
+ "type": "object",
+ "additionalProperties": true,
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the volume"
+ }
+ },
+ "required": [
+ "name"
+ ]
+ }
+ },
+ "volumeMounts": {
+ "type": "array",
+ "description": "Define additional volume mounts to be used by the Cluster Shield pods",
+ "items": {
+ "type": "object",
+ "additionalProperties": true,
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the volume"
+ },
+ "mountPath": {
+ "type": "string",
+ "description": "The path where the volume will be mounted"
+ },
+ "subPath": {
+ "type": "string",
+ "description": "The subpath of the volume to mount"
+ },
+ "readOnly": {
+ "type": "boolean",
+ "description": "Set the volume read-only",
+ "default": false
+ }
+ },
+ "required": [
+ "name",
+ "mountPath"
+ ]
+ }
}
},
"allOf": [
diff --git a/charts/cluster-shield/values.yaml b/charts/cluster-shield/values.yaml
index fbe895fa6..ab7b81ff1 100644
--- a/charts/cluster-shield/values.yaml
+++ b/charts/cluster-shield/values.yaml
@@ -273,3 +273,19 @@ existingTLSSecret:
tlsCertKeyName:
# Provide the certificate authority filename that is defined inside the existing Secret (default ca.crt)
caCertName:
+# Optional parameter used to add environment variables to the Cluster Shield pods
+env: []
+# - name: MY_ENV_VAR
+# value: my-env-var-value
+
+# Optional parameter to specify additional host volumes for the Cluster Shield pods
+volumes: []
+# - name: my-volume
+# hostPath:
+# path: /path/to/host/folder
+
+# Optional parameter to specify additional volume mounts for the Cluster Shield pods
+volumeMounts: []
+# - name: my-volume
+# mountPath: /host/path/to/mount/folder
+# readOnly: true