Skip to content

Commit

Permalink
feat(cluster-scanner): add verify registry as option in values (#1516)
Browse files Browse the repository at this point in the history 
Co-authored-by: Marco Vito Moscaritolo <[email protected]>
Co-authored-by: draios-jenkins <[email protected]>
Co-authored-by: draios-jenkins <[email protected]>
Co-authored-by: aroberts87 <[email protected]>
Co-authored-by: chen-shmilovich-sysdig <[email protected]>
Co-authored-by: Fede Barcelona <[email protected]>
Co-authored-by: hayk99 <[email protected]>
  • Loading branch information
@IgorEulalio @mavimo
@draios-jenkins @aroberts87 @chen-shmilovich-sysdig @tembleking @hayk99
8 people authored Dec 5, 2023
1 parent 96ead14 commit 4d5254f
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 7 deletions.
2 changes: 1 addition & 1 deletion charts/cluster-scanner/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner

type: application

version: 0.8.4
version: 0.8.5

appVersion: "0.1.0"
home: https://www.sysdig.com/
Expand Down
9 changes: 5 additions & 4 deletions charts/cluster-scanner/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ $ pre-commit run -a
$ helm repo add sysdig https://charts.sysdig.com
$ helm repo update
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
--create-namespace -n sysdig --version=0.8.4 \
--create-namespace -n sysdig --version=0.8.5 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
Expand Down Expand Up @@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run:

```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
--create-namespace -n sysdig --version=0.8.4 \
--create-namespace -n sysdig --version=0.8.5 \
--set global.clusterConfig.name=CLUSTER_NAME \
--set global.sysdig.region=SYSDIG_REGION \
--set global.sysdig.accessKey=YOUR-KEY-HERE
Expand Down Expand Up @@ -107,6 +107,7 @@ The following table lists the configurable parameters of the `cluster-scanner` c
| replicaCount | | <code>2</code> |
| scannerMode | The scannerMode of the Cluster Scanner. Supported values are `local` or `multi`. Please refer to docs.sysdig.com for further documentation. | <code>"local"</code> |
| sslVerifyCertificate | Optional parameter used to check the compatibility of cluster-scanner component versions with the on-premised backend version. If you are running an on-prem version of the Sysdig backend, you MUST set this parameter with the version of Sysdig backend you are using. If you are runinng on SaaS, do NOT provide this parameter. E.g. if `onPremCompatibilityVersion=6.2`, we ensure that the image tag is < 0.5.0 for both the Runtime Status Integrator and the Image SBOM Extractor. onPremCompatibilityVersion: "6.2" Can be set to false to allow insecure connections to the Sysdig backend, such as for on-premise installs that use self-signed certificates. By default, certificates are always verified. | <code>true</code> |
| sslVerifyRegistryCertificate | Can be set to false to allow insecure connections registries, Such as for registries with self-signed or private certificates. By default, certificates are always verified. | <code>true</code> |
| runtimeStatusIntegrator.image.registry | The image registry to use for the Runtime Status Integrator component of Cluster Scanner | <code>quay.io</code> |
| runtimeStatusIntegrator.image.repository | The image repository to use for pulling the Runtime Status Integrator image | <code>sysdig/runtime-status-integrator</code> |
| runtimeStatusIntegrator.image.tag | | <code>"0.5.3"</code> |
Expand Down Expand Up @@ -161,7 +162,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `

```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
--create-namespace -n sysdig --version=0.8.4 \
--create-namespace -n sysdig --version=0.8.5 \
--set global.sysdig.region="us1"
```

Expand All @@ -170,7 +171,7 @@ installing the chart. For example:

```console
$ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
--create-namespace -n sysdig --version=0.8.4 \
--create-namespace -n sysdig --version=0.8.5 \
--values values.yaml
```

Expand Down
1 change: 1 addition & 0 deletions charts/cluster-scanner/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ data:
sysdig_host: https://{{ include "cluster-scanner.apiHost" . }}
{{ end -}}
sysdig_verify_certificate: {{ .Values.sslVerifyCertificate | quote }}
sysdig_verify_registry_certificate: {{ .Values.sslVerifyRegistryCertificate | quote }}
cluster_name: {{ .Values.global.clusterConfig.name }}
root_namespace: {{ .Values.rootNamespace }}
eve_enabled: {{ .Values.eveEnabled | quote }}
Expand Down
6 changes: 6 additions & 0 deletions charts/cluster-scanner/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,12 @@ spec:
name: {{ include "cluster-scanner.fullname" . }}
key: sysdig_verify_certificate
optional: true
- name: REGISTRY_VERIFY_CERTIFICATE
valueFrom:
configMapKeyRef:
name: {{ include "cluster-scanner.fullname" . }}
key: sysdig_verify_registry_certificate
optional: true
- name: NATS_URL
valueFrom:
configMapKeyRef:
Expand Down
4 changes: 4 additions & 0 deletions charts/cluster-scanner/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,10 @@ scannerMode: "local"
# By default, certificates are always verified.
sslVerifyCertificate: true

# Can be set to false to allow insecure connections registries,
# Such as for registries with self-signed or private certificates.
# By default, certificates are always verified.
sslVerifyRegistryCertificate: true
runtimeStatusIntegrator:
image:
# The image registry to use for the Runtime Status Integrator component of
Expand Down
4 changes: 2 additions & 2 deletions charts/sysdig-deploy/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
version: 1.32.0
version: 1.32.1
maintainers:
- name: AlbertoBarba
email: [email protected]
Expand Down Expand Up @@ -42,7 +42,7 @@ dependencies:
- name: cluster-scanner
# repository: https://charts.sysdig.com
repository: file://../cluster-scanner
version: ~0.8.4
version: ~0.8.5
alias: clusterScanner
condition: clusterScanner.enabled
- name: kspm-collector
Expand Down

0 comments on commit 4d5254f

Please sign in to comment.