From 8c1664f63ec520210fcd68cbabd8e49ad20f7849 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Fri, 27 Oct 2023 14:50:52 +0200 Subject: [PATCH 01/17] feat(node-analyser): add configuration for proxy --- charts/node-analyzer/values.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml index 355dbdce0..5da79f22e 100644 --- a/charts/node-analyzer/values.yaml +++ b/charts/node-analyzer/values.yaml @@ -188,6 +188,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + # The Docker socket path. # If a custom path is specified, ensure it is correctly mounted from the host inside the container. # dockerSocketPath: unix:///var/run/docker.sock @@ -241,6 +246,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + # The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”. # The default value of @dailydefault instructs the analyzer to automatically pick a schedule that will start # shortly after it is deployed and will perform a scan every 24 hours. @@ -272,6 +282,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m @@ -292,6 +307,12 @@ nodeAnalyzer: tag: "1.6.3" digest: pullPolicy: + + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + storageClassName: extraMounts: [] # example for bottlerocket @@ -368,6 +389,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m @@ -391,6 +417,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m From fcdba83ec8ba8626c5526fbf97344cfa1be69ee5 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Fri, 27 Oct 2023 14:51:32 +0200 Subject: [PATCH 02/17] feat(node-analyser): add custom proxy for hostAnalyser --- .../templates/configmap-host-analyzer.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/node-analyzer/templates/configmap-host-analyzer.yaml b/charts/node-analyzer/templates/configmap-host-analyzer.yaml index b6ef3c5bf..3b9011903 100644 --- a/charts/node-analyzer/templates/configmap-host-analyzer.yaml +++ b/charts/node-analyzer/templates/configmap-host-analyzer.yaml @@ -29,14 +29,14 @@ data: {{- if .Values.nodeAnalyzer.hostAnalyzer.maxSendAttempts }} max_send_attempts: {{ .Values.nodeAnalyzer.hostAnalyzer.maxSendAttempts }} {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.hostAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.hostAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.hostAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} {{- end }} From feed99fd85a1276affacee5aa684bb69867611c2 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Fri, 27 Oct 2023 14:52:40 +0200 Subject: [PATCH 03/17] feat(node-analyser): add test for host-analyser custom proxy --- .../node-analyzer/tests/hostscanner_test.yaml | 44 ----- charts/node-analyzer/tests/proxy_test.yaml | 150 ++++++++++++++++++ 2 files changed, 150 insertions(+), 44 deletions(-) create mode 100644 charts/node-analyzer/tests/proxy_test.yaml diff --git a/charts/node-analyzer/tests/hostscanner_test.yaml b/charts/node-analyzer/tests/hostscanner_test.yaml index d4c93473d..57d227a3f 100644 --- a/charts/node-analyzer/tests/hostscanner_test.yaml +++ b/charts/node-analyzer/tests/hostscanner_test.yaml @@ -156,47 +156,3 @@ tests: of: ConfigMap - isNull: path: data.additional_dirs_to_scan - - - it: "Global proxy settings are set" - set: - clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true - global.proxy.httpProxy: "http://squid.domain.local:3128" - global.proxy.httpsProxy: "http://squid.domain.local:3128" - global.proxy.noProxy: "100.64.0.0/10" - templates: - - ../templates/configmap-host-scanner.yaml - asserts: - - isKind: - of: ConfigMap - - equal: - path: data.http_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.https_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.no_proxy - value: "100.64.0.0/10" - - - it: "Proxy settings are set" - set: - clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true - nodeAnalyzer.httpProxy: "http://squid.domain.local:3128" - nodeAnalyzer.httpsProxy: "http://squid.domain.local:3128" - nodeAnalyzer.noProxy: "100.64.0.0/10" - templates: - - ../templates/configmap-host-scanner.yaml - asserts: - - isKind: - of: ConfigMap - - equal: - path: data.http_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.https_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.no_proxy - value: "100.64.0.0/10" diff --git a/charts/node-analyzer/tests/proxy_test.yaml b/charts/node-analyzer/tests/proxy_test.yaml new file mode 100644 index 000000000..accf0f7ea --- /dev/null +++ b/charts/node-analyzer/tests/proxy_test.yaml @@ -0,0 +1,150 @@ +suite: Node Analyzer PriorityClass tests +templates: + - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/configmap-benchmark-runner.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml +tests: + - it: "No proxy configured" + set: + clusterName: "test" + nodeAnalyzer.hostScanner.deploy: true + templates: + - templates/configmap-host-analyzer.yaml + asserts: + - notExists: + path: data.http_proxy + - notExists: + path: data.https_proxy + - notExists: + path: data.no_proxy + + - it: "Global proxy settings are set" + set: + clusterName: "test" + nodeAnalyzer.hostScanner.deploy: true + global: + proxy: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + templates: + - templates/configmap-host-analyzer.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + + - it: "Proxy settings are set" + set: + clusterName: "test" + nodeAnalyzer.hostScanner.deploy: true + nodeAnalyzer: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + templates: + - templates/configmap-host-analyzer.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + + - it: "Proxy settings are set ONLY for host analyser" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer.hostScanner.deploy: true + nodeAnalyzer: + hostAnalyzer: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + runtimeScanner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-host-analyzer.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-analyzer.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-analyzer.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml From 49009335c810e4aaba382054a2335403cc7111a5 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Fri, 27 Oct 2023 14:55:32 +0200 Subject: [PATCH 04/17] feat(node-analyser): add docs for host-analyser custom proxy --- charts/node-analyzer/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md index c3ee89ba9..7254a7753 100644 --- a/charts/node-analyzer/README.md +++ b/charts/node-analyzer/README.md @@ -158,6 +158,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.hostAnalyzer.image.tag` | Set the image tag to pull the Host Analyzer. | `0.1.17` | | `nodeAnalyzer.hostAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | Specifies the Image pull policy for the Host Analyzer. | `""` | +| `nodeAnalyzer.hostAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the Host Analyzer container. | `""` | +| `nodeAnalyzer.hostAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the Host Analyzer container. | `""` | +| `nodeAnalyzer.hostAnalyzer.no_proxy` | Sets `NO_PROXY` on the Host Analyzer container. | `""` | | `nodeAnalyzer.hostAnalyzer.schedule` | Specifies the scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault` | | `nodeAnalyzer.hostAnalyzer.dirsToScan` | Specifies the list of directories to inspect during the scan. | `/etc,/var/lib/dpkg,/usr/local,/usr/lib/sysimage/rpm,/var/lib/rpm,/lib/apk/db` | | `nodeAnalyzer.hostAnalyzer.maxSendAttempts` | Specifies the number of times the analysis collector is allowed to retry sending results. | `3` | From d1156bd73c89df88384c5e7e0ce9c0191426ae01 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Fri, 27 Oct 2023 14:55:55 +0200 Subject: [PATCH 05/17] feat(node-analyzer): bump chart version --- charts/node-analyzer/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml index ea2fbabcd..77e524de5 100644 --- a/charts/node-analyzer/Chart.yaml +++ b/charts/node-analyzer/Chart.yaml @@ -3,7 +3,7 @@ name: node-analyzer description: Sysdig Node Analyzer # currently matching Sysdig's appVersion 1.14.34 -version: 1.17.13 +version: 1.18.0 appVersion: 12.8.0 keywords: - monitoring From 1ad8b36c046143bbe30dd30196b78549ca5dddd1 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Fri, 27 Oct 2023 15:59:30 +0200 Subject: [PATCH 06/17] Per container proxy configuration for kspm-analyzer, benchmark, runtime-scanner, host-scanner, eve Signed-off-by: Daniele De Lorenzi --- .../templates/configmap-benchmark-runner.yaml | 12 ++++++------ .../templates/configmap-host-scanner.yaml | 12 ++++++------ .../templates/configmap-image-analyzer.yaml | 12 ++++++------ .../templates/configmap-kspm-analyzer.yaml | 12 ++++++------ .../runtimeScanner/eveconnector-api-configmap.yaml | 12 ++++++------ .../runtimeScanner/runtime-scanner-configmap.yaml | 12 ++++++------ 6 files changed, 36 insertions(+), 36 deletions(-) diff --git a/charts/node-analyzer/templates/configmap-benchmark-runner.yaml b/charts/node-analyzer/templates/configmap-benchmark-runner.yaml index 767b0a0ef..171ebf208 100644 --- a/charts/node-analyzer/templates/configmap-benchmark-runner.yaml +++ b/charts/node-analyzer/templates/configmap-benchmark-runner.yaml @@ -13,14 +13,14 @@ data: ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.benchmark.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.benchmark.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.benchmark.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} {{- end }} diff --git a/charts/node-analyzer/templates/configmap-host-scanner.yaml b/charts/node-analyzer/templates/configmap-host-scanner.yaml index 374eae283..72802bbe5 100644 --- a/charts/node-analyzer/templates/configmap-host-scanner.yaml +++ b/charts/node-analyzer/templates/configmap-host-scanner.yaml @@ -27,14 +27,14 @@ data: ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.hostScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.hostScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.hostScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.hostScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.hostScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.hostScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- if .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion }} vuln_db_version: {{ .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion | quote }} diff --git a/charts/node-analyzer/templates/configmap-image-analyzer.yaml b/charts/node-analyzer/templates/configmap-image-analyzer.yaml index 8131763d6..4415cc0ef 100644 --- a/charts/node-analyzer/templates/configmap-image-analyzer.yaml +++ b/charts/node-analyzer/templates/configmap-image-analyzer.yaml @@ -33,13 +33,13 @@ data: {{- if .Values.nodeAnalyzer.imageAnalyzer.collectorTimeout }} collector_timeout: {{ .Values.nodeAnalyzer.imageAnalyzer.collectorTimeout }} {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.imageAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.imageAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.imageAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.imageAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.imageAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.imageAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} diff --git a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml index e07d06b0d..af0789e75 100644 --- a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml +++ b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml @@ -20,14 +20,14 @@ data: {{- if hasKey .Values.nodeAnalyzer "sslVerifyCertificate" }} nats_insecure: "{{ not .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.kspmAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.kspmAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.kspmAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.kspmAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.kspmAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.kspmAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- if .Values.nodeAnalyzer.kspmAnalyzer.port }} agent_port: {{ .Values.nodeAnalyzer.kspmAnalyzer.port | quote }} diff --git a/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml b/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml index b80c09def..a838e3cd6 100644 --- a/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml +++ b/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml @@ -14,13 +14,13 @@ data: {{- if hasKey .Values.nodeAnalyzer.runtimeScanner "eveConnector" }} cert_dns_name: {{ include "eveconnector.host" . | quote }} {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} diff --git a/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml b/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml index 38db49651..cf28ed588 100644 --- a/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml +++ b/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml @@ -12,14 +12,14 @@ data: ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- if .Values.nodeAnalyzer.runtimeScanner.settings.eveEnabled }} eve_enabled: "true" From 8f160e42cbae5eea64ecd2a59ed060f4ee35f8e0 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Fri, 27 Oct 2023 16:07:35 +0200 Subject: [PATCH 07/17] Updated README.md with new parameters Signed-off-by: Daniele De Lorenzi --- charts/node-analyzer/README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md index 7254a7753..a9c6c48aa 100644 --- a/charts/node-analyzer/README.md +++ b/charts/node-analyzer/README.md @@ -143,6 +143,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.imageAnalyzer.image.tag` | Sets the image tag for the Node Image Analyzer to be pulled. | `0.1.29` | | `nodeAnalyzer.imageAnalyzer.image.digest` | Sets the image digest to pull. | ` ` | | `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | Sets the Image pull policy for the Node Image Analyzer. | `""` | +| `nodeAnalyzer.imageAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the Image Analyzer container. | `""` | +| `nodeAnalyzer.imageAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the Image Analyzer container. | `""` | +| `nodeAnalyzer.imageAnalyzer.no_proxy` | Sets `NO_PROXY` on the Image Analyzer container. | `""` | | `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | Specifies the Docker socket path. | | | `nodeAnalyzer.imageAnalyzer.criSocketPath` | Specifies the socket path to a CRI compatible runtime, such as CRI-O. | | | `nodeAnalyzer.imageAnalyzer.containerdSocketPath` | Specifies the socket path to a CRI-Containerd daemon. | | @@ -174,6 +177,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.benchmarkRunner.image.tag` | Specifies the image tag for the Benchmark Runner to be pulled. | `1.1.0.9` | | `nodeAnalyzer.benchmarkRunner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | Specifies the image pull policy for the Benchmark Runner. | `""` | +| `nodeAnalyzer.benchmarkRunner.http_proxy` | Sets `HTTP_PROXY` on the Benchmark Runner container. | `""` | +| `nodeAnalyzer.benchmarkRunner.https_proxy` | Sets `HTTPS_PROXY` on the Benchmark Runner container. | `""` | +| `nodeAnalyzer.benchmarkRunner.no_proxy` | Sets `NO_PROXY` on the Benchmark Runner container. | `""` | | `nodeAnalyzer.benchmarkRunner.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4. | `false` | | `nodeAnalyzer.benchmarkRunner.resources.requests.cpu` | Specifies the Benchmark Runner CPU requests per node. | `150m` | | `nodeAnalyzer.benchmarkRunner.resources.requests.memory` | Specifies the Benchmark Runner memory requests per node. | `128Mi` | @@ -188,6 +194,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.6.5` | | `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` | +| `nodeAnalyzer.hostScanner.http_proxy` | Sets `HTTP_PROXY` on the Host Scanner container. | `""` | +| `nodeAnalyzer.hostScanner.https_proxy` | Sets `HTTPS_PROXY` on the Host Scanner container. | `""` | +| `nodeAnalyzer.hostScanner.no_proxy` | Sets `NO_PROXY` on the Host Scanner container. | `""` | | `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` | | `nodeAnalyzer.hostScanner.resources.requests.memory` | Specifies the Host Scanner memory requests per node. | `512Mi` | | `nodeAnalyzer.hostScanner.resources.requests.ephemeral-storage` | Specifies the Host Scanner Storage requests per node. | `512Mi` | @@ -202,6 +211,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.6.3` | | `nodeAnalyzer.runtimeScanner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.runtimeScanner.image.pullPolicy` | Specifies the image pull policy for the Runtime Scanner. | `""` | +| `nodeAnalyzer.runtimeScanner.http_proxy` | Sets `HTTP_PROXY` on the Runtime Scanner container. | `""` | +| `nodeAnalyzer.runtimeScanner.https_proxy` | Sets `HTTPS_PROXY` on the Runtime Scanner container. | `""` | +| `nodeAnalyzer.runtimeScanner.no_proxy` | Sets `NO_PROXY` on the Runtime Scanner container. | `""` | | `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Specifies the Runtime Scanner CPU requests per node. | `150m` | | `nodeAnalyzer.runtimeScanner.resources.requests.memory` | Specifies the Runtime Scanner Memory requests per node. | `512Mi` | | `nodeAnalyzer.runtimeScanner.resources.requests.ephemeral-storage` | Specifies the Runtime Scanner Storage requests per node. | `2Gi` | @@ -225,6 +237,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.35.0` | | `nodeAnalyzer.kspmAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.kspmAnalyzer.image.pullPolicy` | Specifies the The image pull policy for the KSPM node analyzer. | `""` | +| `nodeAnalyzer.kspmAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the KSPM Analyzer container. | `""` | +| `nodeAnalyzer.kspmAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the KSPM Analyzer container. | `""` | +| `nodeAnalyzer.kspmAnalyzer.no_proxy` | Sets `NO_PROXY` on the KSPM Analyzer container. | `""` | | `nodeAnalyzer.kspmAnalyzer.resources.requests.cpu` | Specifies the KSPM node analyzer CPU requests per node. | `150m` | | `nodeAnalyzer.kspmAnalyzer.resources.requests.memory` | Specifies the KSPM node analyzer memory requests per node. | `256Mi` | | `nodeAnalyzer.kspmAnalyzer.resources.limits.cpu` | Specifies the KSPM node analyzer CPU limits per node. | `500m` | From 684ebff09bf403fe3833dcc400c3cef178c3a7a8 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Fri, 27 Oct 2023 17:19:08 +0200 Subject: [PATCH 08/17] Fixed a bug on KSPM Collector where nats_insecure was set to wrong values, added tests for proxy and skip of certificate Signed-off-by: Daniele De Lorenzi --- charts/kspm-collector/templates/_helpers.tpl | 8 +-- .../tests/cert_validation_test.yaml | 45 ++++++++++++ charts/kspm-collector/tests/proxy_test.yaml | 68 +++++++++++++++++++ 3 files changed, 117 insertions(+), 4 deletions(-) create mode 100644 charts/kspm-collector/tests/cert_validation_test.yaml create mode 100644 charts/kspm-collector/tests/proxy_test.yaml diff --git a/charts/kspm-collector/templates/_helpers.tpl b/charts/kspm-collector/templates/_helpers.tpl index 1ab2cdbfd..f277fa2e1 100644 --- a/charts/kspm-collector/templates/_helpers.tpl +++ b/charts/kspm-collector/templates/_helpers.tpl @@ -132,12 +132,12 @@ Sysdig NATS service URL Helper to define if to enable nats_insecure */}} {{- define "kspmCollector.natsInsecure" -}} -{{- if and (hasKey .Values "sslVerifyCertificate") ( .Values.sslVerifyCertificate ) -}} +{{- if (.Values.sslVerifyCertificate | default .Values.global.sslVerifyCertificate) -}} "false" -{{- else if and (hasKey .Values.global "sslVerifyCertificate") ( .Values.global.sslVerifyCertificate ) -}} - "false" -{{- else -}} +{{- else if or (eq .Values.sslVerifyCertificate false) (eq .Values.global.sslVerifyCertificate false) -}} "true" +{{- else -}} + "false" {{- end -}} {{- end -}} diff --git a/charts/kspm-collector/tests/cert_validation_test.yaml b/charts/kspm-collector/tests/cert_validation_test.yaml new file mode 100644 index 000000000..6a3d5b63b --- /dev/null +++ b/charts/kspm-collector/tests/cert_validation_test.yaml @@ -0,0 +1,45 @@ +suite: KSPM Collector Skip certificate tests +templates: + - templates/configmap.yaml +tests: + - it: "SSL certificate validation enabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + templates: + - templates/configmap.yaml + asserts: + - equal: + path: data.nats_insecure + value: "false" + + - it: "Global SSL certificate validation disabled" + set: + clusterName: "test" + nodeAnalyzer.hostScanner.deploy: true + global: + kspm: + deploy: true + sslVerifyCertificate: false + templates: + - templates/configmap.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" + + - it: "SSL certificate validation disabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + sslVerifyCertificate: false + templates: + - templates/configmap.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" diff --git a/charts/kspm-collector/tests/proxy_test.yaml b/charts/kspm-collector/tests/proxy_test.yaml new file mode 100644 index 000000000..9e8b8b6a3 --- /dev/null +++ b/charts/kspm-collector/tests/proxy_test.yaml @@ -0,0 +1,68 @@ +suite: KSPM Collector Proxy tests +templates: + - templates/configmap.yaml +tests: + - it: "No proxy configured" + set: + clusterName: "test" + global: + kspm: + deploy: true + templates: + - templates/configmap.yaml + asserts: + - notExists: + path: data.http_proxy + - notExists: + path: data.https_proxy + - notExists: + path: data.no_proxy + + - it: "Global proxy settings are set" + set: + clusterName: "test" + global: + kspm: + deploy: true + proxy: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + templates: + - templates/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + + - it: "Proxy settings are set" + set: + clusterName: "test" + global: + kspm: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + templates: + - templates/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" From 6a38dd6ca3cf3254e114827ebe7b2a77b2ea3e47 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Fri, 27 Oct 2023 17:46:04 +0200 Subject: [PATCH 09/17] Added per container sslVerifyCertificate Signed-off-by: Daniele De Lorenzi --- .../tests/cert_validation_test.yaml | 1 - charts/node-analyzer/templates/_helpers.tpl | 13 ++++ .../templates/configmap-benchmark-runner.yaml | 6 +- .../templates/configmap-kspm-analyzer.yaml | 4 +- .../tests/kspm_cert_validation_test.yaml | 67 +++++++++++++++++++ charts/node-analyzer/tests/proxy_test.yaml | 2 +- 6 files changed, 85 insertions(+), 8 deletions(-) create mode 100644 charts/node-analyzer/tests/kspm_cert_validation_test.yaml diff --git a/charts/kspm-collector/tests/cert_validation_test.yaml b/charts/kspm-collector/tests/cert_validation_test.yaml index 6a3d5b63b..86f26917d 100644 --- a/charts/kspm-collector/tests/cert_validation_test.yaml +++ b/charts/kspm-collector/tests/cert_validation_test.yaml @@ -18,7 +18,6 @@ tests: - it: "Global SSL certificate validation disabled" set: clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true global: kspm: deploy: true diff --git a/charts/node-analyzer/templates/_helpers.tpl b/charts/node-analyzer/templates/_helpers.tpl index 38bcfe478..dc7ebe8ff 100644 --- a/charts/node-analyzer/templates/_helpers.tpl +++ b/charts/node-analyzer/templates/_helpers.tpl @@ -113,6 +113,19 @@ Return the proper image name for the CSPM Analyzer {{- include "nodeAnalyzer.imageRegistry" . -}} / {{- .Values.nodeAnalyzer.kspmAnalyzer.image.repository -}} {{- if .Values.nodeAnalyzer.kspmAnalyzer.image.digest -}} @ {{- .Values.nodeAnalyzer.kspmAnalyzer.image.digest -}} {{- else -}} : {{- .Values.nodeAnalyzer.kspmAnalyzer.image.tag -}} {{- end -}} {{- end -}} +{{/* + Helper to define if to enable nats_insecure +*/}} +{{- define "kspmAnalyzer.natsInsecure" -}} +{{- if (.Values.nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate | default .Values.nodeAnalyzer.sslVerifyCertificate | default .Values.global.sslVerifyCertificate) -}} + "false" +{{- else if or (eq .Values.nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate false) (eq .Values.nodeAnalyzer.sslVerifyCertificate false) (eq .Values.global.sslVerifyCertificate false) -}} + "true" +{{- else -}} + "false" +{{- end -}} +{{- end -}} + {{/* Node Analyzer labels */}} diff --git a/charts/node-analyzer/templates/configmap-benchmark-runner.yaml b/charts/node-analyzer/templates/configmap-benchmark-runner.yaml index 171ebf208..a53006309 100644 --- a/charts/node-analyzer/templates/configmap-benchmark-runner.yaml +++ b/charts/node-analyzer/templates/configmap-benchmark-runner.yaml @@ -13,13 +13,13 @@ data: ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" - {{- if (.Values.nodeAnalyzer.benchmark.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + {{- if (.Values.nodeAnalyzer.benchmarkRunner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} http_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.benchmark.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + {{- if (.Values.nodeAnalyzer.benchmarkRunner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} https_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.benchmark.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + {{- if (.Values.nodeAnalyzer.benchmarkRunner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} no_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} diff --git a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml index af0789e75..bbd56c5f0 100644 --- a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml +++ b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml @@ -17,9 +17,7 @@ data: nats_max_reconnect: {{ .Values.nodeAnalyzer.natsMaxReconnect | default 0 | quote }} cluster_name: {{ required "A valid clusterName is required" (include "nodeAnalyzer.clusterName" .) }} agent_app_name: {{ include "nodeAnalyzer.name" . }} - {{- if hasKey .Values.nodeAnalyzer "sslVerifyCertificate" }} - nats_insecure: "{{ not .Values.nodeAnalyzer.sslVerifyCertificate }}" - {{- end }} + nats_insecure: {{ include "kspmAnalyzer.natsInsecure" . }} {{- if (.Values.nodeAnalyzer.kspmAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} http_proxy: {{ .Values.nodeAnalyzer.kspmAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} diff --git a/charts/node-analyzer/tests/kspm_cert_validation_test.yaml b/charts/node-analyzer/tests/kspm_cert_validation_test.yaml new file mode 100644 index 000000000..84b50de35 --- /dev/null +++ b/charts/node-analyzer/tests/kspm_cert_validation_test.yaml @@ -0,0 +1,67 @@ +suite: KSPM Analyzer Skip certificate tests +templates: + - templates/configmap-kspm-analyzer.yaml +tests: + - it: "SSL certificate validation enabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + nodeAnalyzer: + deploy: true + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "false" + + - it: "Global SSL certificate validation disabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + sslVerifyCertificate: false + nodeAnalyzer: + deploy: true + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" + + - it: "SSL certificate validation disabled [Node Analyzer POD]" + set: + clusterName: "test" + global: + kspm: + deploy: true + nodeAnalyzer: + deploy: true + sslVerifyCertificate: false + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" + + - it: "SSL certificate validation disabled [Node Analyzer container]" + set: + clusterName: "test" + global: + kspm: + deploy: true + nodeAnalyzer: + deploy: true + kspmAnalyzer: + sslVerifyCertificate: false + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" diff --git a/charts/node-analyzer/tests/proxy_test.yaml b/charts/node-analyzer/tests/proxy_test.yaml index accf0f7ea..ffa9aa49e 100644 --- a/charts/node-analyzer/tests/proxy_test.yaml +++ b/charts/node-analyzer/tests/proxy_test.yaml @@ -1,4 +1,4 @@ -suite: Node Analyzer PriorityClass tests +suite: Node Analyzer Proxy tests templates: - templates/configmap-host-analyzer.yaml - templates/configmap-host-scanner.yaml From 7e7f2fcedb0dcb4498c285c884fe88417f0b9c18 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Fri, 27 Oct 2023 20:51:15 +0200 Subject: [PATCH 10/17] Added node-analyzer tests and kspm-collector chart bump Signed-off-by: Daniele De Lorenzi --- charts/kspm-collector/Chart.yaml | 2 +- charts/node-analyzer/tests/proxy_test.yaml | 500 ++++++++++++++++++++- 2 files changed, 496 insertions(+), 6 deletions(-) diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml index 258b35c57..9bda38fdb 100644 --- a/charts/kspm-collector/Chart.yaml +++ b/charts/kspm-collector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kspm-collector description: Sysdig KSPM collector -version: 0.9.0 +version: 0.10.0 appVersion: 1.34.0 keywords: diff --git a/charts/node-analyzer/tests/proxy_test.yaml b/charts/node-analyzer/tests/proxy_test.yaml index ffa9aa49e..e358193fc 100644 --- a/charts/node-analyzer/tests/proxy_test.yaml +++ b/charts/node-analyzer/tests/proxy_test.yaml @@ -9,10 +9,26 @@ templates: tests: - it: "No proxy configured" set: + global: + kspm: + deploy: true clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true + nodeAnalyzer: + hostAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true templates: + - templates/configmap-benchmark-runner.yaml - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml asserts: - notExists: path: data.http_proxy @@ -24,14 +40,29 @@ tests: - it: "Global proxy settings are set" set: clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true global: proxy: httpProxy: "http://squid.domain.local:3128" httpsProxy: "http://squid.domain.local:3128" noProxy: "100.64.0.0/10" + kspm: + deploy: true + nodeAnalyzer: + hostAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true templates: + - templates/configmap-benchmark-runner.yaml - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml asserts: - isKind: of: ConfigMap @@ -48,13 +79,30 @@ tests: - it: "Proxy settings are set" set: clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true + global: + kspm: + deploy: true nodeAnalyzer: httpProxy: "http://squid.domain.local:3128" httpsProxy: "http://squid.domain.local:3128" noProxy: "100.64.0.0/10" + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true templates: + - templates/configmap-benchmark-runner.yaml - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml asserts: - isKind: of: ConfigMap @@ -68,20 +116,26 @@ tests: path: data.no_proxy value: "100.64.0.0/10" - - it: "Proxy settings are set ONLY for host analyser" + - it: "Proxy settings are set ONLY for host analyzer" set: global: kspm: deploy: true clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true nodeAnalyzer: hostAnalyzer: + deploy: true httpProxy: "http://squid.domain.local:3128" httpsProxy: "http://squid.domain.local:3128" noProxy: "100.64.0.0/10" + imageAnalyzer: + deploy: true runtimeScanner: deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true asserts: - isKind: of: ConfigMap @@ -148,3 +202,439 @@ tests: - notExists: path: data.no_proxy template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for image analyzer" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-image-analyzer.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-image-analyzer.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-image-analyzer.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for kspm analyzer" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + kspmAnalyzer: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-kspm-analyzer.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-kspm-analyzer.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-kspm-analyzer.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for benchmark runner" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-benchmark-runner.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-benchmark-runner.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-benchmark-runner.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for host scanner" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + benchmarkRunner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-host-scanner.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-scanner.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-scanner.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for runtime scanner" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml From de92576c435d0f4873d4ed7b41f049e54f3940c9 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Sun, 29 Oct 2023 11:49:14 +0100 Subject: [PATCH 11/17] change chart version to 0.9.0 Co-authored-by: Marco Vito Moscaritolo --- charts/kspm-collector/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml index 9bda38fdb..510c6b19d 100644 --- a/charts/kspm-collector/Chart.yaml +++ b/charts/kspm-collector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kspm-collector description: Sysdig KSPM collector -version: 0.10.0 +version: 0.11.0 appVersion: 1.34.0 keywords: From 3c8e7a17205277e9b6c5652a8c6f3c76571afd96 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Sun, 29 Oct 2023 11:59:59 +0100 Subject: [PATCH 12/17] Fix pre-commit trim trailing whitespace Signed-off-by: Daniele De Lorenzi --- charts/node-analyzer/tests/proxy_test.yaml | 44 +++++++++++----------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/charts/node-analyzer/tests/proxy_test.yaml b/charts/node-analyzer/tests/proxy_test.yaml index e358193fc..e2450389f 100644 --- a/charts/node-analyzer/tests/proxy_test.yaml +++ b/charts/node-analyzer/tests/proxy_test.yaml @@ -9,8 +9,8 @@ templates: tests: - it: "No proxy configured" set: - global: - kspm: + global: + kspm: deploy: true clusterName: "test" nodeAnalyzer: @@ -45,7 +45,7 @@ tests: httpProxy: "http://squid.domain.local:3128" httpsProxy: "http://squid.domain.local:3128" noProxy: "100.64.0.0/10" - kspm: + kspm: deploy: true nodeAnalyzer: hostAnalyzer: @@ -80,7 +80,7 @@ tests: set: clusterName: "test" global: - kspm: + kspm: deploy: true nodeAnalyzer: httpProxy: "http://squid.domain.local:3128" @@ -118,8 +118,8 @@ tests: - it: "Proxy settings are set ONLY for host analyzer" set: - global: - kspm: + global: + kspm: deploy: true clusterName: "test" nodeAnalyzer: @@ -162,7 +162,7 @@ tests: - notExists: path: data.no_proxy template: templates/configmap-host-scanner.yaml - + - notExists: path: data.http_proxy template: templates/configmap-image-analyzer.yaml @@ -205,8 +205,8 @@ tests: - it: "Proxy settings are set ONLY for image analyzer" set: - global: - kspm: + global: + kspm: deploy: true clusterName: "test" nodeAnalyzer: @@ -249,7 +249,7 @@ tests: - notExists: path: data.no_proxy template: templates/configmap-host-scanner.yaml - + - notExists: path: data.http_proxy template: templates/configmap-host-analyzer.yaml @@ -292,8 +292,8 @@ tests: - it: "Proxy settings are set ONLY for kspm analyzer" set: - global: - kspm: + global: + kspm: deploy: true clusterName: "test" nodeAnalyzer: @@ -337,7 +337,7 @@ tests: - notExists: path: data.no_proxy template: templates/configmap-host-scanner.yaml - + - notExists: path: data.http_proxy template: templates/configmap-host-analyzer.yaml @@ -380,8 +380,8 @@ tests: - it: "Proxy settings are set ONLY for benchmark runner" set: - global: - kspm: + global: + kspm: deploy: true clusterName: "test" nodeAnalyzer: @@ -424,7 +424,7 @@ tests: - notExists: path: data.no_proxy template: templates/configmap-host-scanner.yaml - + - notExists: path: data.http_proxy template: templates/configmap-host-analyzer.yaml @@ -467,8 +467,8 @@ tests: - it: "Proxy settings are set ONLY for host scanner" set: - global: - kspm: + global: + kspm: deploy: true clusterName: "test" nodeAnalyzer: @@ -511,7 +511,7 @@ tests: - notExists: path: data.no_proxy template: templates/configmap-benchmark-runner.yaml - + - notExists: path: data.http_proxy template: templates/configmap-host-analyzer.yaml @@ -554,8 +554,8 @@ tests: - it: "Proxy settings are set ONLY for runtime scanner" set: - global: - kspm: + global: + kspm: deploy: true clusterName: "test" nodeAnalyzer: @@ -598,7 +598,7 @@ tests: - notExists: path: data.no_proxy template: templates/configmap-benchmark-runner.yaml - + - notExists: path: data.http_proxy template: templates/configmap-host-analyzer.yaml From be5ac253b948c031b5106513f6e46cc77e632eb8 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Sun, 29 Oct 2023 12:13:41 +0100 Subject: [PATCH 13/17] Bump chart version on sysdig-deploy Signed-off-by: Daniele De Lorenzi --- charts/sysdig-deploy/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index 8effe3768..c8906b226 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -36,7 +36,7 @@ dependencies: - name: node-analyzer # repository: https://charts.sysdig.com repository: file://../node-analyzer - version: ~1.17.13 + version: ~1.18.0 alias: nodeAnalyzer condition: nodeAnalyzer.enabled - name: cluster-scanner From 57a44ff039613e601a13086c56990cc8c60ef84f Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Sun, 29 Oct 2023 12:18:57 +0100 Subject: [PATCH 14/17] Bump chart version on sysdig-deploy Signed-off-by: Daniele De Lorenzi --- charts/sysdig-deploy/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index c8906b226..436e1794c 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.28.0 +version: 1.29.0 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com @@ -48,7 +48,7 @@ dependencies: - name: kspm-collector # repository: https://charts.sysdig.com repository: file://../kspm-collector - version: ~0.9.0 + version: ~0.11.0 alias: kspmCollector condition: global.kspm.deploy - name: rapid-response From c7e8e815be7ea4e00e4817570a8a9132172a1433 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Tue, 31 Oct 2023 10:19:26 +0100 Subject: [PATCH 15/17] fix post rebase chart versions --- charts/kspm-collector/Chart.yaml | 2 +- charts/sysdig-deploy/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml index 510c6b19d..9bda38fdb 100644 --- a/charts/kspm-collector/Chart.yaml +++ b/charts/kspm-collector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kspm-collector description: Sysdig KSPM collector -version: 0.11.0 +version: 0.10.0 appVersion: 1.34.0 keywords: diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index 436e1794c..0889224c6 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -48,7 +48,7 @@ dependencies: - name: kspm-collector # repository: https://charts.sysdig.com repository: file://../kspm-collector - version: ~0.11.0 + version: ~0.10.0 alias: kspmCollector condition: global.kspm.deploy - name: rapid-response From 155e3ac50d7380ad210095bb25eb38a52a4034c8 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Tue, 31 Oct 2023 11:09:29 +0100 Subject: [PATCH 16/17] fix(kspm-collector): move from minor to patch bump since is an hotfix --- charts/kspm-collector/Chart.yaml | 2 +- charts/sysdig-deploy/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml index 9bda38fdb..12bf533f8 100644 --- a/charts/kspm-collector/Chart.yaml +++ b/charts/kspm-collector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kspm-collector description: Sysdig KSPM collector -version: 0.10.0 +version: 0.9.1 appVersion: 1.34.0 keywords: diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index 0889224c6..938795f4d 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -48,7 +48,7 @@ dependencies: - name: kspm-collector # repository: https://charts.sysdig.com repository: file://../kspm-collector - version: ~0.10.0 + version: ~0.9.1 alias: kspmCollector condition: global.kspm.deploy - name: rapid-response From f65f225e824804387881928ecbaefb61c39111d7 Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Tue, 31 Oct 2023 11:10:00 +0100 Subject: [PATCH 17/17] fix(node-analyser): table formatting in the README.md --- charts/node-analyzer/README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md index a9c6c48aa..73914ecec 100644 --- a/charts/node-analyzer/README.md +++ b/charts/node-analyzer/README.md @@ -143,9 +143,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.imageAnalyzer.image.tag` | Sets the image tag for the Node Image Analyzer to be pulled. | `0.1.29` | | `nodeAnalyzer.imageAnalyzer.image.digest` | Sets the image digest to pull. | ` ` | | `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | Sets the Image pull policy for the Node Image Analyzer. | `""` | -| `nodeAnalyzer.imageAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the Image Analyzer container. | `""` | -| `nodeAnalyzer.imageAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the Image Analyzer container. | `""` | -| `nodeAnalyzer.imageAnalyzer.no_proxy` | Sets `NO_PROXY` on the Image Analyzer container. | `""` | +| `nodeAnalyzer.imageAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the Image Analyzer container. | `""` | +| `nodeAnalyzer.imageAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the Image Analyzer container. | `""` | +| `nodeAnalyzer.imageAnalyzer.no_proxy` | Sets `NO_PROXY` on the Image Analyzer container. | `""` | | `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | Specifies the Docker socket path. | | | `nodeAnalyzer.imageAnalyzer.criSocketPath` | Specifies the socket path to a CRI compatible runtime, such as CRI-O. | | | `nodeAnalyzer.imageAnalyzer.containerdSocketPath` | Specifies the socket path to a CRI-Containerd daemon. | | @@ -177,9 +177,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.benchmarkRunner.image.tag` | Specifies the image tag for the Benchmark Runner to be pulled. | `1.1.0.9` | | `nodeAnalyzer.benchmarkRunner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | Specifies the image pull policy for the Benchmark Runner. | `""` | -| `nodeAnalyzer.benchmarkRunner.http_proxy` | Sets `HTTP_PROXY` on the Benchmark Runner container. | `""` | -| `nodeAnalyzer.benchmarkRunner.https_proxy` | Sets `HTTPS_PROXY` on the Benchmark Runner container. | `""` | -| `nodeAnalyzer.benchmarkRunner.no_proxy` | Sets `NO_PROXY` on the Benchmark Runner container. | `""` | +| `nodeAnalyzer.benchmarkRunner.http_proxy` | Sets `HTTP_PROXY` on the Benchmark Runner container. | `""` | +| `nodeAnalyzer.benchmarkRunner.https_proxy` | Sets `HTTPS_PROXY` on the Benchmark Runner container. | `""` | +| `nodeAnalyzer.benchmarkRunner.no_proxy` | Sets `NO_PROXY` on the Benchmark Runner container. | `""` | | `nodeAnalyzer.benchmarkRunner.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4. | `false` | | `nodeAnalyzer.benchmarkRunner.resources.requests.cpu` | Specifies the Benchmark Runner CPU requests per node. | `150m` | | `nodeAnalyzer.benchmarkRunner.resources.requests.memory` | Specifies the Benchmark Runner memory requests per node. | `128Mi` | @@ -194,9 +194,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.6.5` | | `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` | -| `nodeAnalyzer.hostScanner.http_proxy` | Sets `HTTP_PROXY` on the Host Scanner container. | `""` | -| `nodeAnalyzer.hostScanner.https_proxy` | Sets `HTTPS_PROXY` on the Host Scanner container. | `""` | -| `nodeAnalyzer.hostScanner.no_proxy` | Sets `NO_PROXY` on the Host Scanner container. | `""` | +| `nodeAnalyzer.hostScanner.http_proxy` | Sets `HTTP_PROXY` on the Host Scanner container. | `""` | +| `nodeAnalyzer.hostScanner.https_proxy` | Sets `HTTPS_PROXY` on the Host Scanner container. | `""` | +| `nodeAnalyzer.hostScanner.no_proxy` | Sets `NO_PROXY` on the Host Scanner container. b | `""` | | `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` | | `nodeAnalyzer.hostScanner.resources.requests.memory` | Specifies the Host Scanner memory requests per node. | `512Mi` | | `nodeAnalyzer.hostScanner.resources.requests.ephemeral-storage` | Specifies the Host Scanner Storage requests per node. | `512Mi` | @@ -211,9 +211,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.6.3` | | `nodeAnalyzer.runtimeScanner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.runtimeScanner.image.pullPolicy` | Specifies the image pull policy for the Runtime Scanner. | `""` | -| `nodeAnalyzer.runtimeScanner.http_proxy` | Sets `HTTP_PROXY` on the Runtime Scanner container. | `""` | -| `nodeAnalyzer.runtimeScanner.https_proxy` | Sets `HTTPS_PROXY` on the Runtime Scanner container. | `""` | -| `nodeAnalyzer.runtimeScanner.no_proxy` | Sets `NO_PROXY` on the Runtime Scanner container. | `""` | +| `nodeAnalyzer.runtimeScanner.http_proxy` | Sets `HTTP_PROXY` on the Runtime Scanner container. | `""` | +| `nodeAnalyzer.runtimeScanner.https_proxy` | Sets `HTTPS_PROXY` on the Runtime Scanner container. | `""` | +| `nodeAnalyzer.runtimeScanner.no_proxy` | Sets `NO_PROXY` on the Runtime Scanner container. | `""` | | `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Specifies the Runtime Scanner CPU requests per node. | `150m` | | `nodeAnalyzer.runtimeScanner.resources.requests.memory` | Specifies the Runtime Scanner Memory requests per node. | `512Mi` | | `nodeAnalyzer.runtimeScanner.resources.requests.ephemeral-storage` | Specifies the Runtime Scanner Storage requests per node. | `2Gi` |