Skip to content

Commit

Permalink
Merge branch 'master' into SSPROD-7700
Browse files Browse the repository at this point in the history
  • Loading branch information
@thesw4rm
thesw4rm authored Oct 23, 2023
2 parents cfdd50e + 94327ee commit 91e08bb
Show file tree
Hide file tree
Showing 71 changed files with 951 additions and 580 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
.PHONY: unittest

deps-docs:
go install kubepack.dev/chart-doc-gen@latest
go install kubepack.dev/chart-doc-gen@v0.4.7

docs: deps-docs
find . -name "doc.yaml" | \
Expand Down
3 changes: 3 additions & 0 deletions charts/admission-controller/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.

## Change Log
# v0.14.12
### Bug Fixes
* **common,agent,admission-controller,cluster-scanner,kspm-collector,node-analyzer,rapid-response** [e76f1c17](https://github.com/sysdiglabs/charts/commit/e76f1c17e48491dd8ea21293ec1fed2619eed204): Update Sysdig CA ([#1393](https://github.com/sysdiglabs/charts/issues/1393))
# v0.14.11
### Chores
* **admission-controller** [684e44a1](https://github.com/sysdiglabs/charts/commit/684e44a18df462051a9a81ba2cdfb421d31d20f7): Update to v3.9.33 ([#1390](https://github.com/sysdiglabs/charts/issues/1390))
Expand Down
4 changes: 2 additions & 2 deletions charts/admission-controller/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: admission-controller
description: Sysdig Admission Controller using Sysdig Secure inline image scanner
type: application
version: 0.14.11
version: 0.14.12
appVersion: 3.9.33
home: https://sysdiglabs.github.io/admission-controller/
icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
Expand All @@ -14,4 +14,4 @@ maintainers:
dependencies:
- name: common
repository: file://../common
version: ~1.2.0
version: ~1.2.2
4 changes: 2 additions & 2 deletions charts/admission-controller/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ For example:

```bash
helm upgrade --install admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.14.11 \
--create-namespace -n sysdig-admission-controller --version=0.14.12 \
--set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
```

Expand All @@ -80,7 +80,7 @@ For example:

```bash
helm upgrade --install admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.14.11 \
--create-namespace -n sysdig-admission-controller --version=0.14.12 \
--values values.yaml

```
Expand Down
6 changes: 3 additions & 3 deletions charts/admission-controller/RELEASE-NOTES.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# What's Changed

### Chores
- **admission-controller** [684e44a1](https://github.com/sysdiglabs/charts/commit/684e44a18df462051a9a81ba2cdfb421d31d20f7): Update to v3.9.33 ([#1390](https://github.com/sysdiglabs/charts/issues/1390))
#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.14.10...admission-controller-0.14.11
### Bug Fixes
- **common,agent,admission-controller,cluster-scanner,kspm-collector,node-analyzer,rapid-response** [e76f1c17](https://github.com/sysdiglabs/charts/commit/e76f1c17e48491dd8ea21293ec1fed2619eed204): Update Sysdig CA ([#1393](https://github.com/sysdiglabs/charts/issues/1393))
#### Full diff: https://github.com/sysdiglabs/charts/compare/admission-controller-0.14.11...admission-controller-0.14.12
10 changes: 10 additions & 0 deletions charts/agent/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,16 @@ Manual edits are supported only below '## Change Log' and should be used
exclusively to fix incorrect entries and not to add new ones.

## Change Log
# v1.14.0
# v1.13.15
### New Features
* [eda0e7cd](https://github.com/sysdiglabs/charts/commit/eda0e7cdf12c0b40f0bb77c0a16e0fd5f0173256): release agent 12.17.0 ([#1410](https://github.com/sysdiglabs/charts/issues/1410))
# v1.13.14
### New Features
* [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395))
# v1.13.13
### Bug Fixes
* **common,agent,admission-controller,cluster-scanner,kspm-collector,node-analyzer,rapid-response** [e76f1c17](https://github.com/sysdiglabs/charts/commit/e76f1c17e48491dd8ea21293ec1fed2619eed204): Update Sysdig CA ([#1393](https://github.com/sysdiglabs/charts/issues/1393))
# v1.13.12
### New Features
* [45e2f7a9](https://github.com/sysdiglabs/charts/commit/45e2f7a96c565bfe0687acaacf350e81f94a23bb): release agent 12.16.2 ([#1381](https://github.com/sysdiglabs/charts/issues/1381))
Expand Down
7 changes: 4 additions & 3 deletions charts/agent/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
apiVersion: v2
appVersion: 12.16.2
appVersion: 12.17.0
dependencies:
- name: common
repository: file://../common
version: ~1.2.1
version: ~1.2.2
description: Sysdig Monitor and Secure agent
home: https://www.sysdig.com/
icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
Expand All @@ -30,4 +30,5 @@ sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
type: application
version: 1.13.13
version: 1.14.1

7 changes: 4 additions & 3 deletions charts/agent/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,8 @@ The following table lists the configurable parameters of the Sysdig chart and th
| Parameter | Description | Default |
|---------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------|
| `global.clusterConfig.name` | Sets a unique name to the cluster. You can then use the cluster name to identify events using the `kubernetes.cluster.name` tag. | `quay.io` |
| `global.sysdig.accessKey` | Specify your Sysdig Agent Access Key. | Either `accessKey` or `accessKeySecret` is required |
| `global.sysdig.accessKeySecret` | An alternative to using the Sysdig Agent access key. Specify the name of a Kubernetes secret containing an `access-key` entry. | Either `accessKey` or `accessKeySecret` is required |
| `global.sysdig.accessKey` | Specify your Sysdig Agent Access Key. | Either `accessKey` or `accessKeySecret` is required |
| `global.sysdig.accessKeySecret` | An alternative to using the Sysdig Agent access key. Specify the name of a Kubernetes secret containing an `access-key` entry. | Either `accessKey` or `accessKeySecret` is required |
| `global.sysdig.region` | The SaaS region for these agents. Possible values: `"us1"`, `"us2"`, `"us3"`, `"us4"`, `"eu1"`, `"au1"`, and `"custom"` | `"us1"` |
| `global.proxy.httpProxy` | Sets `http_proxy` on the `agent` container. | `""` |
| `global.proxy.httpsProxy` | Sets `https_proxy` on the `agent` container. | `""` |
Expand Down Expand Up @@ -146,6 +146,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `slim.resources.limits.cpu` | Specifies the CPU limit for building the kernel module | `1000m` |
| `slim.resources.limits.memory` | Specifies the memory limit for building the kernel module. | `512Mi` |
| `ebpf.enabled` | Enables eBPF support for Sysdig instead of `sysdig-probe` kernel module. | `false` |
| `ebpf.kind` | Define which eBPF driver to use, can be `legacy_ebpf` or `universal_ebpf` | `legacy_ebpf` |
| `clusterName` | Sets a unique cluster name which is used to identify events with the `kubernetes.cluster.name` tag. Overrides `global.clusterConfig.name`. | ` ` |
| `sysdig.accessKey` | Your Sysdig Agent Access Key. Overrides `global.sysdig.accessKey` | Either `accessKey` or `existingAccessKeySecret` is required |
| `sysdig.existingAccessKeySecret` | Specifies the name of a Kubernetes secret containing an `access-key ` entry. Overrides `global.sysdig.existingAccessKeySecret` | Either `accessKey` or `existingAccessKeySecret` is required |
Expand All @@ -158,7 +159,7 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `auditLog.auditServerUrl` | Specifies the URL where Sysdig Agent listens for the Kubernetes audit log events. | `0.0.0.0` |
| `auditLog.auditServerPort` | Specifies the port where Sysdig Agent listens for the Kubernetes audit log events. | `7765` |
| `auditLog.dynamicBackend.enabled` | Deploys the Audit Sink where Sysdig listens for Kubernetes audit log events. | `false` |
| `tolerations` | Specifies the tolerations for scheduling. | <pre>node-role.kubernetes.io/master:NoSchedule,<br>node-role.kubernetes.io/control-plane:NoSchedule</pre> | |
| `tolerations` | Specifies the tolerations for scheduling. | <pre>node-role.kubernetes.io/master:NoSchedule,<br>node-role.kubernetes.io/control-plane:NoSchedule</pre> |
| `leaderelection.enable` | Enables the agent leader election algorithm. | `false` |
| `prometheus.file` | Specifies the file to configure promscrape. | `false` |
| `prometheus.yaml` | Configures the Prometheus metric collection. Performs relabelling and filtering. | ` ` |
Expand Down
4 changes: 1 addition & 3 deletions charts/agent/RELEASE-NOTES.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
# What's Changed

### New Features
- [45e2f7a9](https://github.com/sysdiglabs/charts/commit/45e2f7a96c565bfe0687acaacf350e81f94a23bb): release agent 12.16.2 ([#1381](https://github.com/sysdiglabs/charts/issues/1381))
#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.13.11...agent-1.13.12
#### Full diff: https://github.com/sysdiglabs/charts/compare/agent-1.13.15...agent-1.14.0
18 changes: 17 additions & 1 deletion charts/agent/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,15 @@ Define the proper imageRegistry to use for agent and kmodule image
{{- end -}}

{{/*
Return the proper Sysdig Agent image name
Return the proper Sysdig Agent repository name
Force the slim version if customer specify enable the slim mode or if the Universal eBPF driver is enforced
*/}}
{{- define "agent.repositoryName" -}}
{{- if .Values.slim.enabled -}}
{{- .Values.slim.image.repository -}}
{{- else if (include "agent.universalEbpfEnforced" . ) -}}
{{- .Values.slim.image.repository -}}
{{- else -}}
{{- .Values.image.repository -}}
{{- end -}}
Expand Down Expand Up @@ -219,6 +223,18 @@ it can act like a boolean
{{- end -}}
{{- end -}}

{{- define "agent.universalEbpfEnforced" -}}
{{- if (and (eq "true" (include "agent.ebpfEnabled" .)) (eq "universal_ebpf" .Values.ebpf.kind )) -}}
true
{{- end -}}
{{- end -}}

{{- define "agent.legacyEbpfEnforced" -}}
{{- if (and (eq "true" (include "agent.ebpfEnabled" .)) (eq "legacy_ebpf" .Values.ebpf.kind )) -}}
true
{{- end -}}
{{- end -}}

{{/*
to help the maxUnavailable pick a reasonable value depending on the cluster size
*/}}
Expand Down
16 changes: 14 additions & 2 deletions charts/agent/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,8 @@ spec:
imagePullSecrets:
{{ toYaml .Values.global.image.pullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.slim.enabled }}
{{/* When the Universal eBPF is enforced by customer choice there is no reason to start the init container to build the driver */}}
{{- if and .Values.slim.enabled (not (include "agent.universalEbpfEnforced" . )) }}
initContainers:
- name: sysdig-agent-kmodule
image: {{ template "agent.image.kmodule" . }}
Expand All @@ -95,6 +96,10 @@ spec:
- name: SYSDIG_BPF_PROBE
value:
{{- end }}
{{- if (include "agent.legacyEbpfEnforced" .) }}
- name: SYSDIG_AGENT_DRIVER
value: legacy_ebpf
{{- end }}
{{- range $key, $value := .Values.daemonset.kmodule.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
Expand Down Expand Up @@ -178,10 +183,17 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if or (include "agent.ebpfEnabled" .) (include "agent.gke.autopilot" .)}}
{{- if and (or (include "agent.ebpfEnabled" .) (include "agent.gke.autopilot" .)) (not (include "agent.universalEbpfEnforced" . )) }}
- name: SYSDIG_BPF_PROBE
value:
{{- end }}
{{- if (include "agent.universalEbpfEnforced" .) }}
- name: SYSDIG_AGENT_DRIVER
value: universal_ebpf
{{- else if (include "agent.legacyEbpfEnforced" .) }}
- name: SYSDIG_AGENT_DRIVER
value: legacy_ebpf
{{- end }}
{{- if (.Values.proxy.httpProxy | default .Values.global.proxy.httpProxy) }}
- name: http_proxy
value: {{ .Values.proxy.httpProxy | default .Values.global.proxy.httpProxy }}
Expand Down
Loading

0 comments on commit 91e08bb

Please sign in to comment.