Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(admission-controller): Bump Admission-controller to 0.16.8 #2128

Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

chore(admission-controller): Bump Admission-controller to 0.16.8 #2128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
d2cedd5
chore(admission-controller): Bump Admission-controller to 0.16.8
lior-alafi-work Jan 23, 2025
370e13c
fixing according to github copilot
lior-alafi-work Jan 23, 2025
bd8ae76
justnamts
lior-alafi-work Jan 23, 2025
980a9ec
fix
lior-alafi-work Jan 23, 2025
1837e4a
empty space removed
lior-alafi-work Jan 23, 2025
0efccbb
fix (define can't be under if)
lior-alafi-work Jan 26, 2025
87c8810
Merge branch 'main' into admission_controller_http_rc
lior-alafi-work Jan 26, 2025
49eb24a
fix
lior-alafi-work Jan 26, 2025
0eedec0
lint problem
lior-alafi-work Jan 26, 2025
a4fe03b
format
lior-alafi-work Jan 26, 2025
cb649cb
lint
lior-alafi-work Jan 26, 2025
a8a4e10
not rc- just cola
lior-alafi-work Jan 26, 2025
27b4435
.
lior-alafi-work Jan 26, 2025
db60d88
revert readme
lior-alafi-work Jan 26, 2025
bacfaca
chore(admission-controller): Bump Admission-controller to 0.16.8
lior-alafi-work Jan 23, 2025
8ab6ae5
fixing according to github copilot
lior-alafi-work Jan 23, 2025
152ff99
justnamts
lior-alafi-work Jan 23, 2025
123f7c9
fix
lior-alafi-work Jan 23, 2025
ef19ae2
empty space removed
lior-alafi-work Jan 23, 2025
576d596
fix (define can't be under if)
lior-alafi-work Jan 26, 2025
639477b
fix
lior-alafi-work Jan 26, 2025
1f8085e
lint problem
lior-alafi-work Jan 26, 2025
31a62b4
format
lior-alafi-work Jan 26, 2025
343866d
lint
lior-alafi-work Jan 26, 2025
fb107ba
not rc- just cola
lior-alafi-work Jan 26, 2025
96cb361
.
lior-alafi-work Jan 26, 2025
85c0eab
revert readme
lior-alafi-work Jan 26, 2025
03e329b
docs(admission-controller): update the doc accordingly
mavimo Jan 27, 2025
bff3345
Merge branch 'admission_controller_http_rc' of github.com:sysdiglabs/…
lior-alafi-work Jan 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/admission-controller/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: admission-controller
description: Sysdig Admission Controller using Sysdig Secure inline image scanner
type: application
version: 0.16.7
version: 0.16.8
appVersion: 3.9.47
home: https://sysdiglabs.github.io/admission-controller/
icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
Expand Down
11 changes: 7 additions & 4 deletions charts/admission-controller/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ For example:

```bash
helm upgrade --install admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.16.7 \
--create-namespace -n sysdig-admission-controller --version=0.16.8 \
--set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
```

Expand All @@ -80,7 +80,7 @@ For example:

```bash
helm upgrade --install admission-controller sysdig/admission-controller \
--create-namespace -n sysdig-admission-controller --version=0.16.7 \
--create-namespace -n sysdig-admission-controller --version=0.16.8 \
--values values.yaml

```
Expand Down Expand Up @@ -134,14 +134,17 @@ The following table lists the configurable parameters of the `admission-controll
| podMonitors.scanner.enabled | Enable the scanner PodMonitor to scrape metrics. | <code>false</code> |
| podMonitors.scanner.labels | Specifies the labels on the scanner PodMonitor. | <code>{}</code> |
| podMonitors.scanner.annotations | The annotatons on the scanner PodMonitor | <code>{}</code> |
| webhook.v2.transportLayer | Allow to connect from ac to acprovider via: "nats"/"http" | <code>nats</code> |
| webhook.v2.http.url | Sysdig api endpoint | <code>""</code> |
| webhook.v2.http.insecure | Allow insecure TLS certificates in backend connection to HTTP service | <code>false</code> |
| webhook.v2.http.port | HTTP serve port where the requests will be served from | <code>6443</code> |
| webhook.v2.nats.insecure | Allow insecure TLS certificates in backend connection to NATS service | <code>false</code> |
| webhook.v2.nats.url | Override the NATS service connection URL | <code>""</code> |
| webhook.v2.service.type | Use this type as webhook service | <code>ClusterIP</code> |
| webhook.v2.service.port | Configure port for the V2 webhook service | <code>6443</code> |
| webhook.v2.http.port | HTTP serve port where the requests will be served from | <code>6443</code> |
| webhook.v2.image.registry | The KSPM Admission Controller image registry | <code>quay.io</code> |
| webhook.v2.image.repository | The KSPM Admission Controller image repository | <code>sysdig/secure-admission-controller</code> |
| webhook.v2.image.tag | The KSPM Admission Controller image tag | <code>1.27.5</code> |
| webhook.v2.image.tag | The KSPM Admission Controller image tag | <code>1.27.6</code> |
| webhook.v2.image.digest | Specifies the image digest value. If set, this value is used instead of the tag value | <code></code> |
| webhook.v2.image.pullPolicy | The PullPolicy for KSPM Admission Controller image | <code></code> |
| webhook.name | The service name for Webhook deployment | <code>webhook</code> |
Expand Down
10 changes: 10 additions & 0 deletions charts/admission-controller/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,16 @@ Sysdig NATS service URL
{{- end -}}
{{- end -}}

{{/*
Sysdig http service URL
*/}}
{{- define "admissionController.httpUrl" -}}
{{- if .Values.webhook.v2.http.url -}}
{{- .Values.webhook.v2.http.url -}}
{{- else -}}
https://{{ include "admissionController.apiEndpoint" . }}
{{- end -}}
{{- end -}}

{{/*
Common labels
Expand Down
7 changes: 6 additions & 1 deletion charts/admission-controller/templates/webhook/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,14 @@ data:
{{- if .Values.features.kspmAdmissionController}}
SERVICE_PORT: "{{ .Values.webhook.v2.http.port }}"
CERT_LOCATION: /cert
{{- if eq .Values.webhook.v2.transportLayer "nats"}}
EXTERNAL_NATS_URL: {{ include "admissionController.natsUrl" . }}
NATS_INSECURE: "{{.Values.webhook.v2.nats.insecure}}"
BACKEND_URL: "{{ .Values.sysdig.url | default (printf "https://%s" (include "admissionController.apiEndpoint" .)) }}"
{{- end}}
{{- if eq .Values.webhook.v2.transportLayer "http"}}
BACKEND_URL: {{ include "admissionController.httpUrl" . }}
VERIFY_SSL: "{{.Values.webhook.v2.http.insecure}}"
{{- end}}
{{- end}}
{{- if .Values.webhook.acConfig }}
CACHE_FLUSH_PERIOD: "{{ .Values.webhook.cacheFlushPeriod | default "24h" }}"
Expand Down
16 changes: 11 additions & 5 deletions charts/admission-controller/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,15 @@ podMonitors:

webhook:
v2:
# Allow to connect from ac to acprovider via: "nats"/"http"
transportLayer: nats
http:
# Sysdig api endpoint
url: ""
# Allow insecure TLS certificates in backend connection to HTTP service
insecure: false
# HTTP serve port where the requests will be served from
port: 6443
nats:
# Allow insecure TLS certificates in backend connection to NATS service
insecure: false
Expand All @@ -178,17 +187,14 @@ webhook:
type: ClusterIP
# Configure port for the V2 webhook service
port: 6443
http:
# HTTP serve port where the requests will be served from
port: 6443
# KSPM Admission Controller container image
# KSPM Admission Controller container image
image:
# The KSPM Admission Controller image registry
registry: quay.io
# The KSPM Admission Controller image repository
repository: sysdig/secure-admission-controller
# The KSPM Admission Controller image tag
tag: 1.27.5
tag: 1.27.6
# Specifies the image digest value. If set, this value is used instead of the tag value
digest:
# The PullPolicy for KSPM Admission Controller image
Expand Down
Loading