Included tag v1.0.4 chart

PaloAltoNetworks · Aug 28, 2024 · beb2e6b · beb2e6b
1 parent 128d5ed
commit beb2e6b
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 4 deletions.
diff --git a/Chart/twistlock-updater-helm/Chart.yaml b/Chart/twistlock-updater-helm/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v1
 description: Twistlock Defender Updater CronJob Helm Chart
 name: twistlock-updater
-version: 1.0.3
+version: 1.0.4
diff --git a/Chart/twistlock-updater-helm/templates/computesecret.yaml b/Chart/twistlock-updater-helm/templates/computesecret.yaml
@@ -1,4 +1,32 @@
-{{- if and .Values.compute.username .Values.compute.password }}
+{{- if and .Values.compute.secret_store.name .Values.compute.secret_store.remote_key }}
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: {{ .Values.compute.secret }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: {{ .Values.compute.secret_store.refresh_interval }}
+  secretStoreRef:
+    name: {{ .Values.compute.secret_store.name }}
+    kind: {{ .Values.compute.secret_store.kind }}
+  target:
+    name: {{ .Values.compute.secret }}
+    creationPolicy: Owner
+  data:
+  - secretKey: username
+    remoteRef:
+      key: {{ .Values.compute.secret_store.remote_key }}
+      property: PRISMA_USERNAME
+  - secretKey: password
+    remoteRef:
+      key: {{ .Values.compute.secret_store.remote_key }}
+      property: PRISMA_PASSWORD
+  - secretKey: compute_api_endpoint
+    remoteRef:
+      key: {{ .Values.compute.secret_store.remote_key }}
+      property: COMPUTE_API_ENDPOINT
+
+{{- else if and .Values.compute.username .Values.compute.password }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -8,4 +36,5 @@ type: Opaque
 data:
   username: {{ .Values.compute.username | b64enc }}
   password: {{ .Values.compute.password | b64enc }}
+  compute_api_endpoint: {{ .Values.compute.api_endpoint | b64enc }}
 {{- end }}
diff --git a/Chart/twistlock-updater-helm/templates/cronjob.yaml b/Chart/twistlock-updater-helm/templates/cronjob.yaml
@@ -54,7 +54,10 @@ spec:
             name: twistlock-updater
             env:
             - name: COMPUTE_API_ENDPOINT
-              value: {{ .Values.compute.api_endpoint | quote  }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.compute.secret }}
+                  key: compute_api_endpoint
             - name: PRISMA_USERNAME
               valueFrom:
                 secretKeyRef:

diff --git a/Chart/twistlock-updater-helm/templates/startjob.yaml b/Chart/twistlock-updater-helm/templates/startjob.yaml
@@ -53,7 +53,10 @@ spec:
         name: twistlock-updater-start
         env:
         - name: COMPUTE_API_ENDPOINT
-          value: {{ .Values.compute.api_endpoint | quote  }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.compute.secret }}
+              key: compute_api_endpoint
         - name: PRISMA_USERNAME
           valueFrom:
             secretKeyRef:

diff --git a/Chart/twistlock-updater-helm/values.yaml b/Chart/twistlock-updater-helm/values.yaml
@@ -3,6 +3,11 @@ compute:
   username:                       # Username to be used for Prisma Cloud Compute API calls. For SaaS, it can be the value of Access Key
   password:                       # Password to be used for Prisma Cloud Compute API calls. For SaaS, it can be the value of Secret Key
   secret:  compute-secret         # Name of the Secret to be used
+  secret_store:                   # Integrate with External Secrets Operator 
+    name:                         # Name of the Secrets Store where the Access to Prisma is located
+    kind: ClusterSecretStore      # Secrets Store kind
+    refresh_interval: 1h          # Secrets refresh interval
+    remote_key:                   # Remote secret name
   skip_verify: false              # Skip TLS verification
 
 job:
@@ -18,6 +23,11 @@ job:
     username:                     # Username used for authentication.
     password:                     # Password used for authentication.
   pull_secret_dockerconfigjson:   # Credentials for pulling the CronJob image. It is the base 64 encoded of a Docker config file in JSON format. Not needed if the secret has already been created or registry values are set. 
+  secret_store:                   # Integrate with External Secrets Operator
+    name:                         # Name of the Secrets Store
+    kind: ClusterSecretStore      # Secrets Store kind
+    refresh_interval: 1h          # Secrets refresh interval
+    remote_key:                   # Remote secret name
   role_arn:                       # AWS role ARN for CronJob
   storage:                        # Storage settings for PersistantVolumeClaim. Refer to https://kubernetes.io/docs/concepts/storage/persistent-volumes/
     access_mode: ReadWriteOnce    # Storage access mode for CronJob Persistant Volume

diff --git a/docs/index.yaml b/docs/index.yaml
@@ -33,4 +33,12 @@ entries:
       urls:
       - twistlock-updater-1.0.3.tgz
       version: 1.0.3
+    - apiVersion: v1
+      created: 2024-01-23T08:50:00.499029981-06:00
+      description: Deploy Twistlock Defender Auto Updater version 1.0.4
+      digest: a7a9301a44d7dd6c0b7f11c857fddde73118c723b17c47961bab797e5aad8b67
+      name: twistlock-updater
+      urls:
+      - twistlock-updater-1.0.4.tgz
+      version: 1.0.4
 generated: 2024-01-02T09:53:50.499029981-06:00
diff --git a/docs/twistlock-updater-1.0.4.tgz b/docs/twistlock-updater-1.0.4.tgz