Skip to content

Commit f326a30

Browse files
francesco-furlanfrancesco-furlan
authored
chore(shield): bump cluster-shield to 1.9.1 (#2191)
1 parent df2b5ca commit f326a30

7 files changed

Lines changed: 184 additions & 3 deletions

File tree

charts/shield/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,5 @@ maintainers:
1313
- name: mavimo
1414
email: [email protected]
1515
type: application
16-
version: 0.10.0
16+
version: 0.10.1
1717
appVersion: "1.0.0"

charts/shield/README.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,7 @@ The following table lists the configurable parameters of the `shield` chart and
172172
| host.volume_mounts | The custom volume mounts for the host shield | <code>[]</code> |
173173
| cluster.image.registry | The registry where the cluster shield image is stored | <code>quay.io</code> |
174174
| cluster.image.repository | The repository where the cluster shield image is stored | <code>sysdig/cluster-shield</code> |
175-
| cluster.image.tag | The tag for the cluster shield image | <code>1.9.0</code> |
175+
| cluster.image.tag | The tag for the cluster shield image | <code>1.9.1</code> |
176176
| cluster.image.pull_policy | The pull policy for the cluster shield image | <code>IfNotPresent</code> |
177177
| cluster.image.pull_secrets | The pull secrets for the cluster shield image | <code>[]</code> |
178178
| cluster.run_mode | The mode in which the cluster shield should run (Accepted Values: single-process, multi-process) | <code>multi-process</code> |
@@ -185,6 +185,9 @@ The following table lists the configurable parameters of the `shield` chart and
185185
| cluster.rbac.service_account_name | The name of the service account for the cluster shield (if create is set to false, this will be used as the name of the existing service account) | <code></code> |
186186
| cluster.rbac.labels | The labels for the service account | <code>{}</code> |
187187
| cluster.rbac.annotations | The annotations for the service account | <code>{}</code> |
188+
| cluster.service.type | The Cluster Shield service type | <code>ClusterIP</code> |
189+
| cluster.service.labels | Additional service labels | <code>{}</code> |
190+
| cluster.service.annotations | Additional service annotations | <code>{}</code> |
188191
| cluster.security_context | The default security context of the cluster shield pods | <code>{}</code> |
189192
| cluster.validatingwebhookconfiguration.create | Create the validatingwebhookconfiguration resources for the cluster shield | <code>true</code> |
190193
| cluster.tls_certificates.create | Create the TLS certificates for the cluster shield | <code>true</code> |

charts/shield/templates/cluster/service-container-vulnerability-management.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,19 @@ metadata:
66
namespace: {{ .Release.Namespace }}
77
labels:
88
{{- include "cluster.labels" . | nindent 4 }}
9+
{{- if and .Values.cluster.service .Values.cluster.service.labels }}
10+
{{- toYaml .Values.cluster.service.labels | nindent 4 }}
11+
{{- end }}
12+
{{- if and .Values.cluster.service .Values.cluster.service.annotations }}
13+
annotations:
14+
{{- toYaml .Values.cluster.service.annotations | nindent 4 }}
15+
{{- end }}
916
spec:
17+
{{- if and .Values.cluster.service .Values.cluster.service.type }}
18+
type: {{ .Values.cluster.service.type }}
19+
{{- else }}
1020
type: ClusterIP
21+
{{- end }}
1122
ports:
1223
- port: 4222
1324
targetPort: cvm-nats

charts/shield/templates/cluster/service.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,19 @@ metadata:
55
namespace: {{ .Release.Namespace }}
66
labels:
77
{{- include "cluster.labels" . | nindent 4 }}
8+
{{- if and .Values.cluster.service .Values.cluster.service.labels }}
9+
{{- toYaml .Values.cluster.service.labels | nindent 4 }}
10+
{{- end }}
11+
{{- if and .Values.cluster.service .Values.cluster.service.annotations }}
12+
annotations:
13+
{{- toYaml .Values.cluster.service.annotations | nindent 4 }}
14+
{{- end }}
815
spec:
16+
{{- if and .Values.cluster.service .Values.cluster.service.type }}
17+
type: {{ .Values.cluster.service.type }}
18+
{{- else }}
919
type: ClusterIP
20+
{{- end }}
1021
ports:
1122
- port: {{ .Values.cluster.additional_settings.monitoring_port }}
1223
targetPort: monitoring

charts/shield/tests/cluster/service-container-vulnerability-management_test.yaml

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@ tests:
2323
kind: Service
2424
apiVersion: v1
2525
name: release-name-shield-cluster-container-vm
26+
- notExists:
27+
path: metadata.annotations
2628
- equal:
2729
path: metadata.namespace
2830
value: shield-namespace
@@ -90,3 +92,83 @@ tests:
9092
- equal:
9193
path: spec.ports[?(@.name == "grpc")].targetPort
9294
value: cvm-grpc
95+
96+
- it: Service setup with different service type
97+
set:
98+
features:
99+
admission_control:
100+
enabled: true
101+
container_vulnerability_management:
102+
enabled: true
103+
cluster:
104+
service:
105+
type: NodePort
106+
asserts:
107+
- containsDocument:
108+
kind: Service
109+
apiVersion: v1
110+
name: release-name-shield-cluster-container-vm
111+
- equal:
112+
path: spec.type
113+
value: NodePort
114+
115+
- it: Custom Lables
116+
set:
117+
features:
118+
admission_control:
119+
enabled: true
120+
container_vulnerability_management:
121+
enabled: true
122+
cluster:
123+
service:
124+
labels:
125+
custom-1: label-1
126+
custom-2: label-2
127+
asserts:
128+
- isKind:
129+
of: Service
130+
- equal:
131+
path: metadata.name
132+
value: release-name-shield-cluster-container-vm
133+
- equal:
134+
path: metadata.labels["app.kubernetes.io/name"]
135+
value: shield
136+
- equal:
137+
path: metadata.labels["app.kubernetes.io/instance"]
138+
value: release-name
139+
- equal:
140+
path: metadata.labels["app.kubernetes.io/managed-by"]
141+
value: Helm
142+
- equal:
143+
path: metadata.labels["custom-1"]
144+
value: label-1
145+
- equal:
146+
path: metadata.labels["custom-2"]
147+
value: label-2
148+
149+
- it: Custom Annotations
150+
set:
151+
features:
152+
admission_control:
153+
enabled: true
154+
container_vulnerability_management:
155+
enabled: true
156+
cluster:
157+
service:
158+
annotations:
159+
custom-1: annotation-1
160+
custom-2: annotation-2
161+
asserts:
162+
- isKind:
163+
of: Service
164+
- equal:
165+
path: metadata.name
166+
value: release-name-shield-cluster-container-vm
167+
- exists:
168+
path: metadata.annotations
169+
- equal:
170+
path: metadata.annotations["custom-1"]
171+
value: annotation-1
172+
- equal:
173+
path: metadata.annotations["custom-2"]
174+
value: annotation-2

0 commit comments

Comments
 (0)