diff --git a/charts/cluster-shield/Chart.yaml b/charts/cluster-shield/Chart.yaml index 88890db6a..a75336568 100644 --- a/charts/cluster-shield/Chart.yaml +++ b/charts/cluster-shield/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cluster-shield description: Cluster Shield Helm Chart for Kubernetes type: application -version: 1.4.0 +version: 1.4.1 appVersion: "1.4.0" maintainers: - name: AlbertoBarba diff --git a/charts/cluster-shield/README.md b/charts/cluster-shield/README.md index c6ea70b0b..a02044f7c 100644 --- a/charts/cluster-shield/README.md +++ b/charts/cluster-shield/README.md @@ -179,6 +179,9 @@ The following table lists the configurable parameters of the `cluster-shield` ch | existingTLSSecret.tlsCertName | Provide the certificate filename that is defined inside the existing Secret (default tls.crt) | | | existingTLSSecret.tlsCertKeyName | Provide the certificate key filename that is defined inside the existing Secret (default tls.key) | | | existingTLSSecret.caCertName | Provide the certificate authority filename that is defined inside the existing Secret (default ca.crt) | | +| env | Optional parameter used to add environment variables to the Cluster Shield pods | [] | +| volumes | Optional parameter to specify additional host volumes for the Cluster Shield pods | [] | +| volumeMounts | Optional parameter to specify additional volume mounts for the Cluster Shield pods | [] | ## Running helm unit tests diff --git a/charts/cluster-shield/templates/_helpers.tpl b/charts/cluster-shield/templates/_helpers.tpl index 505b11d7e..3f71c3578 100644 --- a/charts/cluster-shield/templates/_helpers.tpl +++ b/charts/cluster-shield/templates/_helpers.tpl @@ -453,6 +453,6 @@ run-all-namespaced {{- $tags := (include "cluster-shield.dict.flatten" (list .Values.global.sysdig.tags "") | split ",") -}} {{- range $tags -}} {{- $tag := (split ":" .) -}} -{{- $tag._0 }}: {{ $tag._1 }} +{{- $tag._0 }}: {{ $tag._1 | quote }} {{ end -}} {{- end -}} diff --git a/charts/cluster-shield/templates/deployment.yaml b/charts/cluster-shield/templates/deployment.yaml index 71edbc84d..3400114e4 100644 --- a/charts/cluster-shield/templates/deployment.yaml +++ b/charts/cluster-shield/templates/deployment.yaml @@ -104,6 +104,9 @@ spec: mountPath: /ca-certs readOnly: true {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} env: - name: KUBE_POD_NAME valueFrom: @@ -139,6 +142,9 @@ spec: key: noProxy optional: true {{- end }} + {{- with .Values.env }} + {{- toYaml . | nindent 12 }} + {{- end }} volumes: - name: cluster-shield configMap: @@ -166,6 +172,9 @@ spec: configMap: name: {{ .Values.ca.existingCaConfigMap | default .Values.global.ssl.ca.existingCaConfigMap }} {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/cluster-shield/tests/configmap_test.yaml b/charts/cluster-shield/tests/configmap_test.yaml index f5f633bf5..676d23bbe 100644 --- a/charts/cluster-shield/tests/configmap_test.yaml +++ b/charts/cluster-shield/tests/configmap_test.yaml @@ -332,7 +332,7 @@ tests: key2: subkey1: subvalue2 subkey2: - subsubkey1: subsubvalue1 + subsubkey1: "true" asserts: - containsDocument: kind: ConfigMap @@ -351,7 +351,7 @@ tests: tags: key1: value1 key2.subkey1: subvalue2 - key2.subkey2.subsubkey1: subsubvalue1 + key2.subkey2.subsubkey1: "true" - it: Cluster Config Tags set: @@ -359,7 +359,7 @@ tests: cluster_config: tags: key1: value1 - key2: value2 + key2: "true" asserts: - containsDocument: kind: ConfigMap @@ -377,7 +377,7 @@ tests: name: lint-cluster tags: key1: value1 - key2: value2 + key2: "true" - it: Test Cluster Config Tags overrides Global Tags set: @@ -393,7 +393,7 @@ tests: cluster_config: tags: key1: value1 - key2: value2 + key2: "true" asserts: - containsDocument: kind: ConfigMap @@ -411,4 +411,4 @@ tests: name: lint-cluster tags: key1: value1 - key2: value2 + key2: "true" diff --git a/charts/cluster-shield/tests/deployment_test.yaml b/charts/cluster-shield/tests/deployment_test.yaml index 80a60d0da..3b6649171 100644 --- a/charts/cluster-shield/tests/deployment_test.yaml +++ b/charts/cluster-shield/tests/deployment_test.yaml @@ -452,3 +452,39 @@ tests: name: cert secret: secretName: my-custom-tls-secret + + - it: Test setting custom environment variables + set: + env: + - name: MY_ENV_VAR + value: my-value + asserts: + - contains: + path: spec.template.spec.containers[?(@.name == "cluster-shield")].env + content: + name: MY_ENV_VAR + value: my-value + + - it: Test adding custom volume and volume mounts + set: + volumes: + - name: my-volume + hostPath: + path: /opt/my-dir + volumeMounts: + - name: my-volume + mountPath: /host/opt/my-dir + readOnly: true + asserts: + - contains: + path: spec.template.spec.containers[?(@.name == "cluster-shield")].volumeMounts + content: + name: my-volume + mountPath: /host/opt/my-dir + readOnly: true + - contains: + path: spec.template.spec.volumes + content: + name: my-volume + hostPath: + path: /opt/my-dir diff --git a/charts/cluster-shield/values.schema.json b/charts/cluster-shield/values.schema.json index b1fd0ce55..d358552aa 100644 --- a/charts/cluster-shield/values.schema.json +++ b/charts/cluster-shield/values.schema.json @@ -188,6 +188,75 @@ "Default", "None" ] + }, + "env": { + "type": "array", + "description": "Define additional environment variables to be used by the Cluster Shield", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the environment variable" + }, + "value": { + "type": "string", + "description": "The value of the environment variable" + } + }, + "required": [ + "name", + "value" + ] + } + }, + "volumes": { + "type": "array", + "description": "Define additional volumes to be used by the Cluster Shield", + "items": { + "type": "object", + "additionalProperties": true, + "properties": { + "name": { + "type": "string", + "description": "The name of the volume" + } + }, + "required": [ + "name" + ] + } + }, + "volumeMounts": { + "type": "array", + "description": "Define additional volume mounts to be used by the Cluster Shield pods", + "items": { + "type": "object", + "additionalProperties": true, + "properties": { + "name": { + "type": "string", + "description": "The name of the volume" + }, + "mountPath": { + "type": "string", + "description": "The path where the volume will be mounted" + }, + "subPath": { + "type": "string", + "description": "The subpath of the volume to mount" + }, + "readOnly": { + "type": "boolean", + "description": "Set the volume read-only", + "default": false + } + }, + "required": [ + "name", + "mountPath" + ] + } } }, "allOf": [ diff --git a/charts/cluster-shield/values.yaml b/charts/cluster-shield/values.yaml index fbe895fa6..ab7b81ff1 100644 --- a/charts/cluster-shield/values.yaml +++ b/charts/cluster-shield/values.yaml @@ -273,3 +273,19 @@ existingTLSSecret: tlsCertKeyName: # Provide the certificate authority filename that is defined inside the existing Secret (default ca.crt) caCertName: +# Optional parameter used to add environment variables to the Cluster Shield pods +env: [] +# - name: MY_ENV_VAR +# value: my-env-var-value + +# Optional parameter to specify additional host volumes for the Cluster Shield pods +volumes: [] +# - name: my-volume +# hostPath: +# path: /path/to/host/folder + +# Optional parameter to specify additional volume mounts for the Cluster Shield pods +volumeMounts: [] +# - name: my-volume +# mountPath: /host/path/to/mount/folder +# readOnly: true