Skip to content

Commit

Permalink
chore(node-analyzer): bump host-scanner to v0.9.0 (#1713)
Browse files Browse the repository at this point in the history 
Co-authored-by: Michele Mangili <[email protected]>
  • Loading branch information
@mech-pig @michele-mangili
mech-pig and michele-mangili authored May 2, 2024
1 parent d2b0fe4 commit c702f9d
Show file tree
Hide file tree
Showing 7 changed files with 125 additions and 11 deletions.
2 changes: 1 addition & 1 deletion charts/node-analyzer/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: node-analyzer
description: Sysdig Node Analyzer
# currently matching Sysdig's appVersion 1.14.34
version: 1.26.5
version: 1.27.0
appVersion: 12.9.0

keywords:
Expand Down
7 changes: 5 additions & 2 deletions charts/node-analyzer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,12 +196,15 @@ The following table lists the configurable parameters of the Sysdig Node Analyze
| `nodeAnalyzer.hostScanner.additionalDirsToScan` | Sets the optional comma-separated list of directories in addition to the default ones. | ` ` |
| `nodeAnalyzer.hostScanner.env` | Specifies the extra environment variables that will be passed onto pods. | `{}` |
| `nodeAnalyzer.hostScanner.image.repository` | Specifies the image repository to pull the Host Scanner from. | `sysdig/vuln-host-scanner` |
| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.8.1` |
| `nodeAnalyzer.hostScanner.image.tag` | Specifies the image tag to pull the Host Scanner. | `0.9.0` |
| `nodeAnalyzer.hostScanner.image.digest` | Specifies the image digest to pull. | ` ` |
| `nodeAnalyzer.hostScanner.image.pullPolicy` | Specifies the image pull policy for the Host Scanner. | `""` |
| `nodeAnalyzer.hostScanner.http_proxy` | Sets `HTTP_PROXY` on the Host Scanner container. | `""` |
| `nodeAnalyzer.hostScanner.https_proxy` | Sets `HTTPS_PROXY` on the Host Scanner container. | `""` |
| `nodeAnalyzer.hostScanner.no_proxy` | Sets `NO_PROXY` on the Host Scanner container. b | `""` |
| `nodeAnalyzer.hostScanner.no_proxy` | Sets `NO_PROXY` on the Host Scanner container. | `""` |
| `nodeAnalyzer.hostScanner.prometheus.enabled` | Enables prometheus | `false` |
| `nodeAnalyzer.hostScanner.prometheus.port` | Overrides the default prometheus port | `""` |
| `nodeAnalyzer.hostScanner.prometheus.endpoint` | Overrides the default prometheus metrics endpoint | `""` |
| `nodeAnalyzer.hostScanner.resources.requests.cpu` | Specifies the Host Scanner CPU requests per node. | `150m` |
| `nodeAnalyzer.hostScanner.resources.requests.memory` | Specifies the Host Scanner memory requests per node. | `512Mi` |
| `nodeAnalyzer.hostScanner.resources.requests.ephemeral-storage` | Specifies the Host Scanner Storage requests per node. | `512Mi` |
Expand Down
7 changes: 7 additions & 0 deletions charts/node-analyzer/templates/configmap-host-scanner.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,11 @@ data:
podman_socket_path: {{ .Values.nodeAnalyzer.hostScanner.scanContainers.podmanSocketPath | quote}}
{{- end }}
{{- end}}
prom_enabled: {{ .Values.nodeAnalyzer.hostScanner.prometheus.enabled | default false | quote }}
{{- if .Values.nodeAnalyzer.hostScanner.prometheus.endpoint }}
prom_endpoint: {{ .Values.nodeAnalyzer.hostScanner.prometheus.endpoint | quote }}
{{- end }}
{{- if .Values.nodeAnalyzer.hostScanner.prometheus.port }}
prom_port: {{ .Values.nodeAnalyzer.hostScanner.prometheus.port | quote }}
{{- end }}
{{- end }}
19 changes: 17 additions & 2 deletions charts/node-analyzer/templates/daemonset-node-analyzer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -899,6 +899,23 @@ spec:
value: "/tmp"
- name: PROBES_PORT
value: {{ .Values.nodeAnalyzer.hostScanner.probesPort | quote }}
- name: PROM_ENABLED
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-host-scanner
key: prom_enabled
- name: PROM_PORT
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-host-scanner
key: prom_port
optional: true
- name: PROM_ENDPOINT
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-host-scanner
key: prom_endpoint
optional: true
{{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.nodeAnalyzer.ssl)) "true" }}
- name: SSL_CERT_FILE
value: /ca-certs/{{- include "sysdig.custom_ca.keyName" (dict "global" .Values.global.ssl "component" .Values.nodeAnalyzer.ssl) -}}
Expand All @@ -910,8 +927,6 @@ spec:

{{- if .Values.nodeAnalyzer.hostScanner.scanContainers.enabled }}
# Container scanner
- name: USE_COMBINED_SCANNER
value: "true"
- name: SCAN_CONTAINERS_ENABLED
value: "true"
- name: DOCKER_SOCKET_PATHS
Expand Down
89 changes: 86 additions & 3 deletions charts/node-analyzer/tests/hostscanner_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,8 +178,6 @@ tests:
asserts:
- isKind:
of: DaemonSet
- isNull:
path: spec.template.spec.containers[3].env[?(@.name == "USE_COMBINED_SCANNER")].value
- isNull:
path: spec.template.spec.containers[3].env[?(@.name == "SCAN_CONTAINERS_ENABLED")].value
- it: "Container scanner enabled - daemonset"
Expand All @@ -193,7 +191,7 @@ tests:
- isKind:
of: DaemonSet
- equal:
path: spec.template.spec.containers[3].env[?(@.name == "USE_COMBINED_SCANNER")].value
path: spec.template.spec.containers[3].env[?(@.name == "SCAN_CONTAINERS_ENABLED")].value
value: "true"
- it: "Container scanner enabled and empty socket paths - configmap"
set:
Expand Down Expand Up @@ -227,3 +225,88 @@ tests:
- equal:
path: data.podman_socket_path
value: "/podman/socket"
- it: "Prometheus is disabled by default"
set:
clusterName: "test"
nodeAnalyzer.hostScanner.deploy: true
templates:
- ../templates/configmap-host-scanner.yaml
asserts:
- isKind:
of: ConfigMap
- equal:
path: data.prom_enabled
value: "false"
- isNull:
path: data.prom_port
- isNull:
path: data.prom_endpoint
- it: "Prometheus is explicitly disabled"
set:
clusterName: "test"
nodeAnalyzer.hostScanner.deploy: true
nodeAnalyzer.hostScanner.prometheus.enabled: false
templates:
- ../templates/configmap-host-scanner.yaml
asserts:
- isKind:
of: ConfigMap
- equal:
path: data.prom_enabled
value: "false"
- it: "Prometheus is enabled"
set:
clusterName: "test"
nodeAnalyzer.hostScanner.deploy: true
nodeAnalyzer.hostScanner.prometheus.enabled: true
templates:
- ../templates/configmap-host-scanner.yaml
asserts:
- isKind:
of: ConfigMap
- equal:
path: data.prom_enabled
value: "true"
- isNull:
path: data.prom_port
- isNull:
path: data.prom_endpoint
- it: "Prometheus endpoint is set"
set:
clusterName: "test"
nodeAnalyzer.hostScanner.deploy: true
nodeAnalyzer.hostScanner.prometheus.endpoint: "/metrics"
templates:
- ../templates/configmap-host-scanner.yaml
asserts:
- isKind:
of: ConfigMap
- equal:
path: data.prom_endpoint
value: "/metrics"
- it: "Prometheus port is set"
set:
clusterName: "test"
nodeAnalyzer.hostScanner.deploy: true
nodeAnalyzer.hostScanner.prometheus.port: "1234"
templates:
- ../templates/configmap-host-scanner.yaml
asserts:
- isKind:
of: ConfigMap
- equal:
path: data.prom_port
value: "1234"
- it: "Prometheus port is set as number"
set:
clusterName: "test"
nodeAnalyzer.hostScanner.deploy: true
nodeAnalyzer.hostScanner.prometheus.port: 1234
templates:
- ../templates/configmap-host-scanner.yaml
asserts:
- isKind:
of: ConfigMap
- equal:
path: data.prom_port
value: "1234"
8 changes: 7 additions & 1 deletion charts/node-analyzer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,7 +393,7 @@ nodeAnalyzer:

image:
repository: sysdig/vuln-host-scanner
tag: "0.8.1"
tag: "0.9.0"
digest:
pullPolicy:

Expand All @@ -402,6 +402,12 @@ nodeAnalyzer:
httpsProxy:
noProxy:

# Prometheus configuration
prometheus:
enabled: false
# endpoint: "/metrics"
# port: "25000"

resources:
requests:
cpu: 150m
Expand Down
4 changes: 2 additions & 2 deletions charts/sysdig-deploy/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
version: 1.51.6
version: 1.52.0
maintainers:
- name: AlbertoBarba
email: [email protected]
Expand Down Expand Up @@ -36,7 +36,7 @@ dependencies:
- name: node-analyzer
# repository: https://charts.sysdig.com
repository: file://../node-analyzer
version: ~1.26.5
version: ~1.27.0
alias: nodeAnalyzer
condition: nodeAnalyzer.enabled
- name: cluster-scanner
Expand Down

0 comments on commit c702f9d

Please sign in to comment.