false |
| features.investigations.event_forwarder.integrations | | [] |
| features.investigations.event_forwarder.transmit_message_types | | [] |
-| features.respond.rapid_response.enabled | | false |
-| features.monitor.app_checks.enabled | | false |
-| features.monitor.java_management_extensions.enabled | | false |
-| features.monitor.prometheus.enabled | | false |
-| features.monitor.prometheus.prometheus_yaml | The content of the prometheus.yaml file | {} |
-| features.monitor.statsd.enabled | | false |
+| features.responding.rapid_response.enabled | | false |
+| features.monitoring.app_checks.enabled | | false |
+| features.monitoring.java_management_extensions.enabled | | false |
+| features.monitoring.prometheus.enabled | | false |
+| features.monitoring.prometheus.prometheus_yaml | The content of the prometheus.yaml file | {} |
+| features.monitoring.statsd.enabled | | false |
| host.driver | The driver to use for the host agent (Accepted Values: kmod, legacy_ebpf, universal_ebpf) | kmod |
| host.additional_settings | Additional settings to be passed to the host shield (overrides the helm generated settings) | {} |
| host.custom_security_context | Allows overriding the Security Context of the Agent pod(s). Primarily intended resolving targeted incidents and debugging | {} |
diff --git a/charts/shield/templates/host/_configmap_helpers.tpl b/charts/shield/templates/host/_configmap_helpers.tpl
index 8dab2efc6..52c120930 100644
--- a/charts/shield/templates/host/_configmap_helpers.tpl
+++ b/charts/shield/templates/host/_configmap_helpers.tpl
@@ -8,8 +8,8 @@
{{- dict "vulnerability_management" (pick . "host_vulnerability_management" "in_use") | toYaml }}
{{- end }}
-{{- define "host.configmap.respond" }}
-{{- dict "respond" (pick . "rapid_response") | toYaml }}
+{{- define "host.configmap.responding" }}
+{{- dict "responding" (pick . "rapid_response") | toYaml }}
{{- end }}
{{- define "host.configmap.detections" }}
@@ -25,8 +25,8 @@
{{- with .Values.features.vulnerability_management }}
{{- $config = merge $config ((include "host.configmap.vm" .) | fromYaml) }}
{{- end }}
-{{- with .Values.features.respond }}
-{{- $config = merge $config ((include "host.configmap.respond" .) | fromYaml) }}
+{{- with .Values.features.responding }}
+{{- $config = merge $config ((include "host.configmap.responding" .) | fromYaml) }}
{{- end }}
{{- with .Values.features.detections }}
{{- $config = merge $config ((include "host.configmap.detections" .) | fromYaml)}}
@@ -42,10 +42,10 @@ true
{{- end }}
{{- define "host.features.monitor_enabled" }}
-{{- if or .Values.features.monitor.app_checks.enabled
- .Values.features.monitor.java_management_extensions.enabled
- .Values.features.monitor.prometheus.enabled
- .Values.features.monitor.statsd.enabled
+{{- if or (dig (include "host.monitor_key" .) "app_checks" "enabled" false .Values.features)
+ (dig (include "host.monitor_key" .) "java_management_extensions" "enabled" false .Values.features)
+ (dig (include "host.monitor_key" .) "prometheus" "enabled" false .Values.features)
+ (dig (include "host.monitor_key" .) "statsd" "enabled" false .Values.features)
(dig "app_checks_enabled" false .Values.host.additional_settings)
(dig "jmx" "enabled" false .Values.host.additional_settings)
(dig "prometheus" "enabled" false .Values.host.additional_settings)
@@ -70,13 +70,13 @@ true
{{/* TODO: Kubernetes metadata */}}
{{- with .Values.features }}
{{- $config := dict
- "app_checks_enabled" .monitor.app_checks.enabled
+ "app_checks_enabled" ((dig (include "host.monitor_key" .) "app_checks" "enabled" false .))
"audit_tap"
(dict "enabled" .investigations.audit_tap.enabled)
"drift_control"
(dict "enabled" .detections.drift_control.enabled)
"jmx"
- (dict "enabled" .monitor.java_management_extensions.enabled)
+ (dict "enabled" (dig (include "host.monitor_key" .) "java_management_extensions" "enabled" false .))
"live_logs"
(dict "enabled" .investigations.live_logs.enabled)
"local_forwarder"
@@ -86,11 +86,11 @@ true
"network_topology"
(dict "enabled" .investigations.network_security.enabled)
"prometheus"
- (dict "enabled" .monitor.prometheus.enabled)
+ (dict "enabled" (dig (include "host.monitor_key" .) "prometheus" "enabled" false .))
"secure_audit_streams"
(dict "enabled" .investigations.activity_audit.enabled)
"statsd"
- (dict "enabled" .monitor.statsd.enabled)
+ (dict "enabled" (dig (include "host.monitor_key" .) "statsd" "enabled" false .))
"sysdig_capture_enabled" .investigations.captures.enabled }}
{{- $config | toYaml }}
{{- end }}
@@ -113,7 +113,7 @@ true
{{- if (include "common.proxy.enabled" . ) }}
{{- $config := merge $config (dict "http_proxy" (include "host.proxy_config" . | fromYaml)) }}
{{- end }}
-{{- if .Values.features.respond.rapid_response.enabled }}
+{{- if (include "host.rapid_response_enabled" .) }}
{{- $config = merge $config (dict "rapid_response" (dict "enabled" true)) }}
{{- end }}
{{- $config = merge $config (include "host.parse_features" . | fromYaml) }}
diff --git a/charts/shield/templates/host/_helpers.tpl b/charts/shield/templates/host/_helpers.tpl
index 5d2f822f2..a677c8419 100644
--- a/charts/shield/templates/host/_helpers.tpl
+++ b/charts/shield/templates/host/_helpers.tpl
@@ -169,3 +169,51 @@ capabilities:
{{- include "host.capabilities" . | nindent 4 }}
{{- end }}
{{- end -}}
+
+{{- define "host.respond_key" }}
+{{- if hasKey . "respond" }}
+{{- print "respond" }}
+{{- else }}
+{{- print "responding" }}
+{{- end }}
+{{- end }}
+
+{{- define "host.rapid_response_enabled" }}
+{{- with .Values.features }}
+{{- if (dig (include "host.respond_key" .) "rapid_response" "enabled" false .) }}
+true
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "host.monitor_key" }}
+{{- if hasKey . "monitor" }}
+{{- print "monitor" }}
+{{- else }}
+{{- print "monitoring" }}
+{{- end }}
+{{- end }}
+
+{{- define "host.app_checks_enabled" }}
+{{- if dig (include "host.monitor_key" .) "app_checks" "enabled" false . }}
+true
+{{- end }}
+{{- end }}
+
+{{- define "host.jmx_enabled" }}
+{{- if dig (include "host.monitor_key" .) "java_mangement_extensions" "enabled" false . }}
+true
+{{- end }}
+{{- end }}
+
+{{- define "host.prometheus_enabled" }}
+{{- if dig (include "host.monitor_key" .) "prometheus" "enabled" false . }}
+true
+{{- end }}
+{{- end }}
+
+{{- define "host.statsd_enabled" }}
+{{- if dig (include "host.monitor_key" .) "statsd" "enabled" false . }}
+true
+{{- end }}
+{{- end }}
diff --git a/charts/shield/templates/host/configmap.yaml b/charts/shield/templates/host/configmap.yaml
index a320e3310..a7bf36449 100644
--- a/charts/shield/templates/host/configmap.yaml
+++ b/charts/shield/templates/host/configmap.yaml
@@ -15,7 +15,9 @@ data:
integrations:
{{- toYaml .Values.features.investigations.event_forwarder.integrations | nindent 6 }}
{{- end }}
- {{- if .Values.features.monitor.prometheus.enabled }}
+ {{- if (include "host.prometheus_enabled" .Values.features) }}
prometheus.yaml: |
- {{- toYaml .Values.features.monitor.prometheus.prometheus_yaml | nindent 4 }}
+ {{- with .Values.features }}
+ {{- toYaml (dig (include "host.monitor_key" .) "prometheus" "prometheus_yaml" list .) | nindent 4 }}
+ {{- end }}
{{- end }}
diff --git a/charts/shield/templates/host/daemonset.yaml b/charts/shield/templates/host/daemonset.yaml
index b2a2b1f43..ef55c15dd 100644
--- a/charts/shield/templates/host/daemonset.yaml
+++ b/charts/shield/templates/host/daemonset.yaml
@@ -130,7 +130,7 @@ spec:
{{- include "common.proxy.envs" . | nindent 12 }}
{{- end }}
{{- include "common.custom_ca.envs" (merge (dict) . (dict "CACertsPath" "/opt/draios/certificates/")) | nindent 12 }}
- {{- if .Values.features.respond.rapid_response.enabled }}
+ {{- if (include "host.rapid_response_enabled" .) }}
- name: PASSWORD
valueFrom:
secretKeyRef:
diff --git a/charts/shield/templates/host/secrets.yaml b/charts/shield/templates/host/secrets.yaml
index 96d7c2f86..5387363d8 100644
--- a/charts/shield/templates/host/secrets.yaml
+++ b/charts/shield/templates/host/secrets.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.features.respond.rapid_response.enabled }}
+{{- if (include "host.rapid_response_enabled" .) }}
---
apiVersion: v1
kind: Secret
diff --git a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml
index febb8ecc6..87c55c01a 100644
--- a/charts/shield/tests/host/configmap-dragent-yaml_test.yaml
+++ b/charts/shield/tests/host/configmap-dragent-yaml_test.yaml
@@ -693,7 +693,7 @@ tests:
- it: Enable App Checks
set:
features:
- monitor:
+ monitoring:
app_checks:
enabled: true
asserts:
@@ -731,7 +731,7 @@ tests:
- it: Enable JMX
set:
features:
- monitor:
+ monitoring:
java_management_extensions:
enabled: true
asserts:
@@ -796,7 +796,7 @@ tests:
- it: Enable Prometheus
set:
features:
- monitor:
+ monitoring:
prometheus:
enabled: true
asserts:
@@ -822,7 +822,7 @@ tests:
- it: Enable StatsD
set:
features:
- monitor:
+ monitoring:
statsd:
enabled: true
asserts:
@@ -963,7 +963,7 @@ tests:
- it: Test manual override of feature mode
set:
features:
- monitor:
+ monitoring:
app_checks:
enabled: true
host:
@@ -1006,7 +1006,7 @@ tests:
- it: Test enabling a monitor feature forces agent mode to monitor
set:
features:
- monitor:
+ monitoring:
app_checks:
enabled: true
asserts:
@@ -1110,7 +1110,7 @@ tests:
- it: Check prometheus.yaml key is created when needed
set:
features:
- monitor:
+ monitoring:
prometheus:
enabled: true
asserts:
@@ -1120,7 +1120,7 @@ tests:
- it: Check that expected content is present in prometheus.yaml
set:
features:
- monitor:
+ monitoring:
prometheus:
enabled: true
prometheus_yaml:
@@ -1140,7 +1140,7 @@ tests:
- it: Check prometheus.yaml key is not created when not needed
set:
features:
- monitor:
+ monitoring:
prometheus:
enabled: false
asserts:
diff --git a/charts/shield/tests/host/configmap-host-shield-config_test.yaml b/charts/shield/tests/host/configmap-host-shield-config_test.yaml
index 8cf3d1c6c..f3412e2d6 100644
--- a/charts/shield/tests/host/configmap-host-shield-config_test.yaml
+++ b/charts/shield/tests/host/configmap-host-shield-config_test.yaml
@@ -26,7 +26,7 @@ tests:
posture:
host_posture:
enabled: false
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -53,7 +53,7 @@ tests:
posture:
host_posture:
enabled: true
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -80,7 +80,7 @@ tests:
posture:
host_posture:
enabled: false
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -107,7 +107,7 @@ tests:
posture:
host_posture:
enabled: false
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -134,7 +134,7 @@ tests:
posture:
host_posture:
enabled: false
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -156,7 +156,7 @@ tests:
posture:
host_posture:
enabled: false
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -186,7 +186,7 @@ tests:
posture:
host_posture:
enabled: true
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -215,7 +215,7 @@ tests:
posture:
host_posture:
enabled: true
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
@@ -228,7 +228,7 @@ tests:
- it: Enable Rapid Response
set:
features:
- respond:
+ responding:
rapid_response:
enabled: true
asserts:
@@ -242,7 +242,7 @@ tests:
posture:
host_posture:
enabled: false
- respond:
+ responding:
rapid_response:
enabled: true
vulnerability_management:
@@ -269,7 +269,7 @@ tests:
posture:
host_posture:
enabled: false
- respond:
+ responding:
rapid_response:
enabled: false
vulnerability_management:
diff --git a/charts/shield/tests/host/daemonset_test.yaml b/charts/shield/tests/host/daemonset_test.yaml
index d22873742..baad79dff 100644
--- a/charts/shield/tests/host/daemonset_test.yaml
+++ b/charts/shield/tests/host/daemonset_test.yaml
@@ -224,7 +224,7 @@ tests:
- it: Test Rapid Response password secret
set:
features:
- respond:
+ responding:
rapid_response:
enabled: true
host:
diff --git a/charts/shield/tests/host/secrets_test.yaml b/charts/shield/tests/host/secrets_test.yaml
index 5a74f229f..48b3ec698 100644
--- a/charts/shield/tests/host/secrets_test.yaml
+++ b/charts/shield/tests/host/secrets_test.yaml
@@ -10,7 +10,7 @@ tests:
- it: Test Rapid Response secret is created when needed
set:
features:
- respond:
+ responding:
rapid_response:
enabled: true
host:
diff --git a/charts/shield/values.schema.json b/charts/shield/values.schema.json
index f2ad02d8f..5f8341b32 100644
--- a/charts/shield/values.schema.json
+++ b/charts/shield/values.schema.json
@@ -416,11 +416,11 @@
"investigations": {
"$ref": "#/$defs/FeatureGroupInvestigations"
},
- "respond": {
- "$ref": "#/$defs/FeatureGroupRespond"
+ "responding": {
+ "$ref": "#/$defs/FeatureGroupResponding"
},
- "monitor": {
- "$ref": "#/$defs/FeatureGroupMonitor"
+ "monitoring": {
+ "$ref": "#/$defs/FeatureGroupMonitoring"
}
}
},
@@ -886,11 +886,11 @@
}
}
},
- "FeatureGroupRespond": {
+ "FeatureGroupResponding": {
"type": "object",
"properties": {
"rapid_response": {
- "$ref": "#/$defs/FeatureGroupRespond/$defs/RapidResponse"
+ "$ref": "#/$defs/FeatureGroupResponding/$defs/RapidResponse"
}
},
"$defs": {
@@ -906,20 +906,20 @@
}
}
},
- "FeatureGroupMonitor": {
+ "FeatureGroupMonitoring": {
"type": "object",
"properties": {
"app_checks": {
- "$ref": "#/$defs/FeatureGroupMonitor/$defs/AppChecks"
+ "$ref": "#/$defs/FeatureGroupMonitoring/$defs/AppChecks"
},
"java_management_extensions": {
- "$ref": "#/$defs/FeatureGroupMonitor/$defs/JavaManagementExtensions"
+ "$ref": "#/$defs/FeatureGroupMonitoring/$defs/JavaManagementExtensions"
},
"prometheus": {
- "$ref": "#/$defs/FeatureGroupMonitor/$defs/Prometheus"
+ "$ref": "#/$defs/FeatureGroupMonitoring/$defs/Prometheus"
},
"statsd": {
- "$ref": "#/$defs/FeatureGroupMonitor/$defs/Statsd"
+ "$ref": "#/$defs/FeatureGroupMonitoring/$defs/Statsd"
}
},
"$defs": {
diff --git a/charts/shield/values.yaml b/charts/shield/values.yaml
index 59295c338..51c4b3721 100644
--- a/charts/shield/values.yaml
+++ b/charts/shield/values.yaml
@@ -137,10 +137,10 @@ features:
enabled: false
integrations: []
transmit_message_types: []
- respond:
+ responding:
rapid_response:
enabled: false
- monitor:
+ monitoring:
app_checks:
enabled: false
java_management_extensions: