From f6f68ff0cd31693aaf26e0f3de53bb70a42182ad Mon Sep 17 00:00:00 2001 From: Marco Vito Moscaritolo Date: Thu, 2 Nov 2023 09:53:39 +0100 Subject: [PATCH] feat(node-analyzer,kspm-collector,sysdig-deploy): allow custom proxy for individual containers in node analyzer (#1432) Signed-off-by: Daniele De Lorenzi Co-authored-by: Daniele De Lorenzi --- charts/kspm-collector/Chart.yaml | 2 +- charts/kspm-collector/templates/_helpers.tpl | 8 +- .../tests/cert_validation_test.yaml | 44 ++ charts/kspm-collector/tests/proxy_test.yaml | 68 ++ charts/node-analyzer/Chart.yaml | 2 +- charts/node-analyzer/README.md | 18 + charts/node-analyzer/templates/_helpers.tpl | 13 + .../templates/configmap-benchmark-runner.yaml | 12 +- .../templates/configmap-host-analyzer.yaml | 12 +- .../templates/configmap-host-scanner.yaml | 12 +- .../templates/configmap-image-analyzer.yaml | 12 +- .../templates/configmap-kspm-analyzer.yaml | 16 +- .../eveconnector-api-configmap.yaml | 12 +- .../runtime-scanner-configmap.yaml | 12 +- .../node-analyzer/tests/hostscanner_test.yaml | 44 -- .../tests/kspm_cert_validation_test.yaml | 67 ++ charts/node-analyzer/tests/proxy_test.yaml | 640 ++++++++++++++++++ charts/node-analyzer/values.yaml | 31 + charts/sysdig-deploy/Chart.yaml | 6 +- 19 files changed, 933 insertions(+), 98 deletions(-) create mode 100644 charts/kspm-collector/tests/cert_validation_test.yaml create mode 100644 charts/kspm-collector/tests/proxy_test.yaml create mode 100644 charts/node-analyzer/tests/kspm_cert_validation_test.yaml create mode 100644 charts/node-analyzer/tests/proxy_test.yaml diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml index 258b35c57..12bf533f8 100644 --- a/charts/kspm-collector/Chart.yaml +++ b/charts/kspm-collector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kspm-collector description: Sysdig KSPM collector -version: 0.9.0 +version: 0.9.1 appVersion: 1.34.0 keywords: diff --git a/charts/kspm-collector/templates/_helpers.tpl b/charts/kspm-collector/templates/_helpers.tpl index 1ab2cdbfd..f277fa2e1 100644 --- a/charts/kspm-collector/templates/_helpers.tpl +++ b/charts/kspm-collector/templates/_helpers.tpl @@ -132,12 +132,12 @@ Sysdig NATS service URL Helper to define if to enable nats_insecure */}} {{- define "kspmCollector.natsInsecure" -}} -{{- if and (hasKey .Values "sslVerifyCertificate") ( .Values.sslVerifyCertificate ) -}} +{{- if (.Values.sslVerifyCertificate | default .Values.global.sslVerifyCertificate) -}} "false" -{{- else if and (hasKey .Values.global "sslVerifyCertificate") ( .Values.global.sslVerifyCertificate ) -}} - "false" -{{- else -}} +{{- else if or (eq .Values.sslVerifyCertificate false) (eq .Values.global.sslVerifyCertificate false) -}} "true" +{{- else -}} + "false" {{- end -}} {{- end -}} diff --git a/charts/kspm-collector/tests/cert_validation_test.yaml b/charts/kspm-collector/tests/cert_validation_test.yaml new file mode 100644 index 000000000..86f26917d --- /dev/null +++ b/charts/kspm-collector/tests/cert_validation_test.yaml @@ -0,0 +1,44 @@ +suite: KSPM Collector Skip certificate tests +templates: + - templates/configmap.yaml +tests: + - it: "SSL certificate validation enabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + templates: + - templates/configmap.yaml + asserts: + - equal: + path: data.nats_insecure + value: "false" + + - it: "Global SSL certificate validation disabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + sslVerifyCertificate: false + templates: + - templates/configmap.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" + + - it: "SSL certificate validation disabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + sslVerifyCertificate: false + templates: + - templates/configmap.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" diff --git a/charts/kspm-collector/tests/proxy_test.yaml b/charts/kspm-collector/tests/proxy_test.yaml new file mode 100644 index 000000000..9e8b8b6a3 --- /dev/null +++ b/charts/kspm-collector/tests/proxy_test.yaml @@ -0,0 +1,68 @@ +suite: KSPM Collector Proxy tests +templates: + - templates/configmap.yaml +tests: + - it: "No proxy configured" + set: + clusterName: "test" + global: + kspm: + deploy: true + templates: + - templates/configmap.yaml + asserts: + - notExists: + path: data.http_proxy + - notExists: + path: data.https_proxy + - notExists: + path: data.no_proxy + + - it: "Global proxy settings are set" + set: + clusterName: "test" + global: + kspm: + deploy: true + proxy: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + templates: + - templates/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + + - it: "Proxy settings are set" + set: + clusterName: "test" + global: + kspm: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + templates: + - templates/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml index ea2fbabcd..77e524de5 100644 --- a/charts/node-analyzer/Chart.yaml +++ b/charts/node-analyzer/Chart.yaml @@ -3,7 +3,7 @@ name: node-analyzer description: Sysdig Node Analyzer # currently matching Sysdig's appVersion 1.14.34 -version: 1.17.13 +version: 1.18.0 appVersion: 12.8.0 keywords: - monitoring diff --git a/charts/node-analyzer/README.md b/charts/node-analyzer/README.md index c3ee89ba9..73914ecec 100644 --- a/charts/node-analyzer/README.md +++ b/charts/node-analyzer/README.md @@ -143,6 +143,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.imageAnalyzer.image.tag` | Sets the image tag for the Node Image Analyzer to be pulled. | `0.1.29` | | `nodeAnalyzer.imageAnalyzer.image.digest` | Sets the image digest to pull. | ` ` | | `nodeAnalyzer.imageAnalyzer.image.pullPolicy` | Sets the Image pull policy for the Node Image Analyzer. | `""` | +| `nodeAnalyzer.imageAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the Image Analyzer container. | `""` | +| `nodeAnalyzer.imageAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the Image Analyzer container. | `""` | +| `nodeAnalyzer.imageAnalyzer.no_proxy` | Sets `NO_PROXY` on the Image Analyzer container. | `""` | | `nodeAnalyzer.imageAnalyzer.dockerSocketPath` | Specifies the Docker socket path. | | | `nodeAnalyzer.imageAnalyzer.criSocketPath` | Specifies the socket path to a CRI compatible runtime, such as CRI-O. | | | `nodeAnalyzer.imageAnalyzer.containerdSocketPath` | Specifies the socket path to a CRI-Containerd daemon. | | @@ -158,6 +161,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.hostAnalyzer.image.tag` | Set the image tag to pull the Host Analyzer. | `0.1.17` | | `nodeAnalyzer.hostAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.hostAnalyzer.image.pullPolicy` | Specifies the Image pull policy for the Host Analyzer. | `""` | +| `nodeAnalyzer.hostAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the Host Analyzer container. | `""` | +| `nodeAnalyzer.hostAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the Host Analyzer container. | `""` | +| `nodeAnalyzer.hostAnalyzer.no_proxy` | Sets `NO_PROXY` on the Host Analyzer container. | `""` | | `nodeAnalyzer.hostAnalyzer.schedule` | Specifies the scanning schedule specification for the host analyzer expressed as a crontab. | `@dailydefault` | | `nodeAnalyzer.hostAnalyzer.dirsToScan` | Specifies the list of directories to inspect during the scan. | `/etc,/var/lib/dpkg,/usr/local,/usr/lib/sysimage/rpm,/var/lib/rpm,/lib/apk/db` | | `nodeAnalyzer.hostAnalyzer.maxSendAttempts` | Specifies the number of times the analysis collector is allowed to retry sending results. | `3` | @@ -171,6 +177,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.benchmarkRunner.image.tag` | Specifies the image tag for the Benchmark Runner to be pulled. | `1.1.0.9` | | `nodeAnalyzer.benchmarkRunner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | Specifies the image pull policy for the Benchmark Runner. | `""` | +| `nodeAnalyzer.benchmarkRunner.http_proxy` | Sets `HTTP_PROXY` on the Benchmark Runner container. | `""` | +| `nodeAnalyzer.benchmarkRunner.https_proxy` | Sets `HTTPS_PROXY` on the Benchmark Runner container. | `""` | +| `nodeAnalyzer.benchmarkRunner.no_proxy` | Sets `NO_PROXY` on the Benchmark Runner container. | `""` | | `nodeAnalyzer.benchmarkRunner.includeSensitivePermissions` | Grant the service account elevated permissions to run CIS Benchmark for OS4. | `false` | | `nodeAnalyzer.benchmarkRunner.resources.requests.cpu` | Specifies the Benchmark Runner CPU requests per node. | `150m` | | `nodeAnalyzer.benchmarkRunner.resources.requests.memory` | Specifies the Benchmark Runner memory requests per node. | `128Mi` | @@ -185,6 +194,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.6.5` | | `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` | +| `nodeAnalyzer.hostScanner.http_proxy` | Sets `HTTP_PROXY` on the Host Scanner container. | `""` | +| `nodeAnalyzer.hostScanner.https_proxy` | Sets `HTTPS_PROXY` on the Host Scanner container. | `""` | +| `nodeAnalyzer.hostScanner.no_proxy` | Sets `NO_PROXY` on the Host Scanner container. b | `""` | | `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` | | `nodeAnalyzer.hostScanner.resources.requests.memory` | Specifies the Host Scanner memory requests per node. | `512Mi` | | `nodeAnalyzer.hostScanner.resources.requests.ephemeral-storage` | Specifies the Host Scanner Storage requests per node. | `512Mi` | @@ -199,6 +211,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.runtimeScanner.image.tag` | Specifies the image tag to pull the Runtime Scanner. | `1.6.3` | | `nodeAnalyzer.runtimeScanner.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.runtimeScanner.image.pullPolicy` | Specifies the image pull policy for the Runtime Scanner. | `""` | +| `nodeAnalyzer.runtimeScanner.http_proxy` | Sets `HTTP_PROXY` on the Runtime Scanner container. | `""` | +| `nodeAnalyzer.runtimeScanner.https_proxy` | Sets `HTTPS_PROXY` on the Runtime Scanner container. | `""` | +| `nodeAnalyzer.runtimeScanner.no_proxy` | Sets `NO_PROXY` on the Runtime Scanner container. | `""` | | `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Specifies the Runtime Scanner CPU requests per node. | `150m` | | `nodeAnalyzer.runtimeScanner.resources.requests.memory` | Specifies the Runtime Scanner Memory requests per node. | `512Mi` | | `nodeAnalyzer.runtimeScanner.resources.requests.ephemeral-storage` | Specifies the Runtime Scanner Storage requests per node. | `2Gi` | @@ -222,6 +237,9 @@ The following table lists the configurable parameters of the Sysdig Node Analyze | `nodeAnalyzer.kspmAnalyzer.image.tag` | Specifies the image tag for the KSPM node analyzer image to be pulled. | `1.35.0` | | `nodeAnalyzer.kspmAnalyzer.image.digest` | Specifies the image digest to pull. | ` ` | | `nodeAnalyzer.kspmAnalyzer.image.pullPolicy` | Specifies the The image pull policy for the KSPM node analyzer. | `""` | +| `nodeAnalyzer.kspmAnalyzer.http_proxy` | Sets `HTTP_PROXY` on the KSPM Analyzer container. | `""` | +| `nodeAnalyzer.kspmAnalyzer.https_proxy` | Sets `HTTPS_PROXY` on the KSPM Analyzer container. | `""` | +| `nodeAnalyzer.kspmAnalyzer.no_proxy` | Sets `NO_PROXY` on the KSPM Analyzer container. | `""` | | `nodeAnalyzer.kspmAnalyzer.resources.requests.cpu` | Specifies the KSPM node analyzer CPU requests per node. | `150m` | | `nodeAnalyzer.kspmAnalyzer.resources.requests.memory` | Specifies the KSPM node analyzer memory requests per node. | `256Mi` | | `nodeAnalyzer.kspmAnalyzer.resources.limits.cpu` | Specifies the KSPM node analyzer CPU limits per node. | `500m` | diff --git a/charts/node-analyzer/templates/_helpers.tpl b/charts/node-analyzer/templates/_helpers.tpl index 38bcfe478..dc7ebe8ff 100644 --- a/charts/node-analyzer/templates/_helpers.tpl +++ b/charts/node-analyzer/templates/_helpers.tpl @@ -113,6 +113,19 @@ Return the proper image name for the CSPM Analyzer {{- include "nodeAnalyzer.imageRegistry" . -}} / {{- .Values.nodeAnalyzer.kspmAnalyzer.image.repository -}} {{- if .Values.nodeAnalyzer.kspmAnalyzer.image.digest -}} @ {{- .Values.nodeAnalyzer.kspmAnalyzer.image.digest -}} {{- else -}} : {{- .Values.nodeAnalyzer.kspmAnalyzer.image.tag -}} {{- end -}} {{- end -}} +{{/* + Helper to define if to enable nats_insecure +*/}} +{{- define "kspmAnalyzer.natsInsecure" -}} +{{- if (.Values.nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate | default .Values.nodeAnalyzer.sslVerifyCertificate | default .Values.global.sslVerifyCertificate) -}} + "false" +{{- else if or (eq .Values.nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate false) (eq .Values.nodeAnalyzer.sslVerifyCertificate false) (eq .Values.global.sslVerifyCertificate false) -}} + "true" +{{- else -}} + "false" +{{- end -}} +{{- end -}} + {{/* Node Analyzer labels */}} diff --git a/charts/node-analyzer/templates/configmap-benchmark-runner.yaml b/charts/node-analyzer/templates/configmap-benchmark-runner.yaml index 767b0a0ef..a53006309 100644 --- a/charts/node-analyzer/templates/configmap-benchmark-runner.yaml +++ b/charts/node-analyzer/templates/configmap-benchmark-runner.yaml @@ -13,14 +13,14 @@ data: ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.benchmarkRunner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.benchmarkRunner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.benchmarkRunner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} {{- end }} diff --git a/charts/node-analyzer/templates/configmap-host-analyzer.yaml b/charts/node-analyzer/templates/configmap-host-analyzer.yaml index b6ef3c5bf..3b9011903 100644 --- a/charts/node-analyzer/templates/configmap-host-analyzer.yaml +++ b/charts/node-analyzer/templates/configmap-host-analyzer.yaml @@ -29,14 +29,14 @@ data: {{- if .Values.nodeAnalyzer.hostAnalyzer.maxSendAttempts }} max_send_attempts: {{ .Values.nodeAnalyzer.hostAnalyzer.maxSendAttempts }} {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.hostAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.hostAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.hostAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} {{- end }} diff --git a/charts/node-analyzer/templates/configmap-host-scanner.yaml b/charts/node-analyzer/templates/configmap-host-scanner.yaml index 374eae283..72802bbe5 100644 --- a/charts/node-analyzer/templates/configmap-host-scanner.yaml +++ b/charts/node-analyzer/templates/configmap-host-scanner.yaml @@ -27,14 +27,14 @@ data: ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.hostScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.hostScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.hostScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.hostScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.hostScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.hostScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- if .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion }} vuln_db_version: {{ .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion | quote }} diff --git a/charts/node-analyzer/templates/configmap-image-analyzer.yaml b/charts/node-analyzer/templates/configmap-image-analyzer.yaml index 8131763d6..4415cc0ef 100644 --- a/charts/node-analyzer/templates/configmap-image-analyzer.yaml +++ b/charts/node-analyzer/templates/configmap-image-analyzer.yaml @@ -33,13 +33,13 @@ data: {{- if .Values.nodeAnalyzer.imageAnalyzer.collectorTimeout }} collector_timeout: {{ .Values.nodeAnalyzer.imageAnalyzer.collectorTimeout }} {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.imageAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.imageAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.imageAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.imageAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.imageAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.imageAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} diff --git a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml index e07d06b0d..bbd56c5f0 100644 --- a/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml +++ b/charts/node-analyzer/templates/configmap-kspm-analyzer.yaml @@ -17,17 +17,15 @@ data: nats_max_reconnect: {{ .Values.nodeAnalyzer.natsMaxReconnect | default 0 | quote }} cluster_name: {{ required "A valid clusterName is required" (include "nodeAnalyzer.clusterName" .) }} agent_app_name: {{ include "nodeAnalyzer.name" . }} - {{- if hasKey .Values.nodeAnalyzer "sslVerifyCertificate" }} - nats_insecure: "{{ not .Values.nodeAnalyzer.sslVerifyCertificate }}" - {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + nats_insecure: {{ include "kspmAnalyzer.natsInsecure" . }} + {{- if (.Values.nodeAnalyzer.kspmAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.kspmAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.kspmAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.kspmAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.kspmAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.kspmAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- if .Values.nodeAnalyzer.kspmAnalyzer.port }} agent_port: {{ .Values.nodeAnalyzer.kspmAnalyzer.port | quote }} diff --git a/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml b/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml index b80c09def..a838e3cd6 100644 --- a/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml +++ b/charts/node-analyzer/templates/runtimeScanner/eveconnector-api-configmap.yaml @@ -14,13 +14,13 @@ data: {{- if hasKey .Values.nodeAnalyzer.runtimeScanner "eveConnector" }} cert_dns_name: {{ include "eveconnector.host" . | quote }} {{- end }} - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- end }} diff --git a/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml b/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml index 38db49651..cf28ed588 100644 --- a/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml +++ b/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml @@ -12,14 +12,14 @@ data: ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}" {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" - {{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} - http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }} + http_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} - https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }} + https_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }} {{- end -}} - {{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} - no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} + {{- if (.Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }} + no_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }} {{- end -}} {{- if .Values.nodeAnalyzer.runtimeScanner.settings.eveEnabled }} eve_enabled: "true" diff --git a/charts/node-analyzer/tests/hostscanner_test.yaml b/charts/node-analyzer/tests/hostscanner_test.yaml index d4c93473d..57d227a3f 100644 --- a/charts/node-analyzer/tests/hostscanner_test.yaml +++ b/charts/node-analyzer/tests/hostscanner_test.yaml @@ -156,47 +156,3 @@ tests: of: ConfigMap - isNull: path: data.additional_dirs_to_scan - - - it: "Global proxy settings are set" - set: - clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true - global.proxy.httpProxy: "http://squid.domain.local:3128" - global.proxy.httpsProxy: "http://squid.domain.local:3128" - global.proxy.noProxy: "100.64.0.0/10" - templates: - - ../templates/configmap-host-scanner.yaml - asserts: - - isKind: - of: ConfigMap - - equal: - path: data.http_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.https_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.no_proxy - value: "100.64.0.0/10" - - - it: "Proxy settings are set" - set: - clusterName: "test" - nodeAnalyzer.hostScanner.deploy: true - nodeAnalyzer.httpProxy: "http://squid.domain.local:3128" - nodeAnalyzer.httpsProxy: "http://squid.domain.local:3128" - nodeAnalyzer.noProxy: "100.64.0.0/10" - templates: - - ../templates/configmap-host-scanner.yaml - asserts: - - isKind: - of: ConfigMap - - equal: - path: data.http_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.https_proxy - value: "http://squid.domain.local:3128" - - equal: - path: data.no_proxy - value: "100.64.0.0/10" diff --git a/charts/node-analyzer/tests/kspm_cert_validation_test.yaml b/charts/node-analyzer/tests/kspm_cert_validation_test.yaml new file mode 100644 index 000000000..84b50de35 --- /dev/null +++ b/charts/node-analyzer/tests/kspm_cert_validation_test.yaml @@ -0,0 +1,67 @@ +suite: KSPM Analyzer Skip certificate tests +templates: + - templates/configmap-kspm-analyzer.yaml +tests: + - it: "SSL certificate validation enabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + nodeAnalyzer: + deploy: true + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "false" + + - it: "Global SSL certificate validation disabled" + set: + clusterName: "test" + global: + kspm: + deploy: true + sslVerifyCertificate: false + nodeAnalyzer: + deploy: true + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" + + - it: "SSL certificate validation disabled [Node Analyzer POD]" + set: + clusterName: "test" + global: + kspm: + deploy: true + nodeAnalyzer: + deploy: true + sslVerifyCertificate: false + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" + + - it: "SSL certificate validation disabled [Node Analyzer container]" + set: + clusterName: "test" + global: + kspm: + deploy: true + nodeAnalyzer: + deploy: true + kspmAnalyzer: + sslVerifyCertificate: false + templates: + - templates/configmap-kspm-analyzer.yaml + asserts: + - equal: + path: data.nats_insecure + value: "true" diff --git a/charts/node-analyzer/tests/proxy_test.yaml b/charts/node-analyzer/tests/proxy_test.yaml new file mode 100644 index 000000000..e2450389f --- /dev/null +++ b/charts/node-analyzer/tests/proxy_test.yaml @@ -0,0 +1,640 @@ +suite: Node Analyzer Proxy tests +templates: + - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/configmap-benchmark-runner.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml +tests: + - it: "No proxy configured" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + templates: + - templates/configmap-benchmark-runner.yaml + - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml + asserts: + - notExists: + path: data.http_proxy + - notExists: + path: data.https_proxy + - notExists: + path: data.no_proxy + + - it: "Global proxy settings are set" + set: + clusterName: "test" + global: + proxy: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + kspm: + deploy: true + nodeAnalyzer: + hostAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + templates: + - templates/configmap-benchmark-runner.yaml + - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + + - it: "Proxy settings are set" + set: + clusterName: "test" + global: + kspm: + deploy: true + nodeAnalyzer: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + templates: + - templates/configmap-benchmark-runner.yaml + - templates/configmap-host-analyzer.yaml + - templates/configmap-host-scanner.yaml + - templates/configmap-image-analyzer.yaml + - templates/configmap-kspm-analyzer.yaml + - templates/runtimeScanner/runtime-scanner-configmap.yaml + asserts: + - isKind: + of: ConfigMap + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + + - it: "Proxy settings are set ONLY for host analyzer" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-host-analyzer.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-analyzer.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-analyzer.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for image analyzer" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-image-analyzer.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-image-analyzer.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-image-analyzer.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for kspm analyzer" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + kspmAnalyzer: + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-kspm-analyzer.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-kspm-analyzer.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-kspm-analyzer.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for benchmark runner" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-benchmark-runner.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-benchmark-runner.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-benchmark-runner.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for host scanner" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + hostScanner: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + benchmarkRunner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/configmap-host-scanner.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-scanner.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/configmap-host-scanner.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/configmap-host-scanner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.https_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - notExists: + path: data.no_proxy + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - it: "Proxy settings are set ONLY for runtime scanner" + set: + global: + kspm: + deploy: true + clusterName: "test" + nodeAnalyzer: + hostAnalyzer: + deploy: true + imageAnalyzer: + deploy: true + runtimeScanner: + deploy: true + httpProxy: "http://squid.domain.local:3128" + httpsProxy: "http://squid.domain.local:3128" + noProxy: "100.64.0.0/10" + hostScanner: + deploy: true + benchmarkRunner: + deploy: true + asserts: + - isKind: + of: ConfigMap + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - equal: + path: data.http_proxy + value: "http://squid.domain.local:3128" + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - equal: + path: data.https_proxy + value: "http://squid.domain.local:3128" + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + - equal: + path: data.no_proxy + value: "100.64.0.0/10" + template: templates/runtimeScanner/runtime-scanner-configmap.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-benchmark-runner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-benchmark-runner.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-image-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-image-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-kspm-analyzer.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-kspm-analyzer.yaml + + - notExists: + path: data.http_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.https_proxy + template: templates/configmap-host-scanner.yaml + - notExists: + path: data.no_proxy + template: templates/configmap-host-scanner.yaml diff --git a/charts/node-analyzer/values.yaml b/charts/node-analyzer/values.yaml index 355dbdce0..5da79f22e 100644 --- a/charts/node-analyzer/values.yaml +++ b/charts/node-analyzer/values.yaml @@ -188,6 +188,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + # The Docker socket path. # If a custom path is specified, ensure it is correctly mounted from the host inside the container. # dockerSocketPath: unix:///var/run/docker.sock @@ -241,6 +246,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + # The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”. # The default value of @dailydefault instructs the analyzer to automatically pick a schedule that will start # shortly after it is deployed and will perform a scan every 24 hours. @@ -272,6 +282,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m @@ -292,6 +307,12 @@ nodeAnalyzer: tag: "1.6.3" digest: pullPolicy: + + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + storageClassName: extraMounts: [] # example for bottlerocket @@ -368,6 +389,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m @@ -391,6 +417,11 @@ nodeAnalyzer: digest: pullPolicy: + # Proxy configuration variables + httpProxy: + httpsProxy: + noProxy: + resources: requests: cpu: 150m diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index 8effe3768..938795f4d 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.28.0 +version: 1.29.0 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com @@ -36,7 +36,7 @@ dependencies: - name: node-analyzer # repository: https://charts.sysdig.com repository: file://../node-analyzer - version: ~1.17.13 + version: ~1.18.0 alias: nodeAnalyzer condition: nodeAnalyzer.enabled - name: cluster-scanner @@ -48,7 +48,7 @@ dependencies: - name: kspm-collector # repository: https://charts.sysdig.com repository: file://../kspm-collector - version: ~0.9.0 + version: ~0.9.1 alias: kspmCollector condition: global.kspm.deploy - name: rapid-response