feat(registry-scanner): add support for cronjob timezone selection

charts/registry-scanner/Chart.yaml

@@ -4,7 +4,7 @@ description: Sysdig Registry Scanner
 type: application
 home: https://sysdiglabs.github.io/registry-scanner/
 icon: https://478h5m1yrfsa3bbe262u7muv-wpengine.netdna-ssl.com/wp-content/uploads/2019/02/Shovel_600px.png
-version: 1.1.19
+version: 1.1.20
 appVersion: 0.2.58
 maintainers:
   - name: giuse-sysdig

charts/registry-scanner/README.md

@@ -55,6 +55,7 @@ The following table lists the configurable parameters of the Sysdig Registry Sca
 | cronjob.failedJobsHistoryLimit                   | The number of failed job history to keep on the cluster.                                                                                                                                                                                   | <code>5</code>                               |
 | cronjob.successfulJobsHistoryLimit               | The number of successful job history to keep on the cluster.                                                                                                                                                                               | <code>2</code>                               |
 | cronjob.restartPolicy                            | The restart policy for a failed registry scan execution.                                                                                                                                                                                   | <code>Never</code>                           |
+| cronjob.timeZone                                 | Timezone settings for the cronjob. Value default will be null to guarantee we only set the timezone if the user provides it.                                                                                                               | <code>""</code>                              |
 | reportToPersistentVolumeClaim                    | Specify a volume claim to write the final JSON report there instead of standard output.                                                                                                                                                    | <code>""</code>                              |
 | config.logging                                   | The log level. Use one of the following: trace, debug, info, error.                                                                                                                                                                        | <code>"info"</code>                          |
 | config.registryURL                               | The URL of the registry to scan.                                                                                                                                                                                                           | <code>""</code>                              |
@@ -127,7 +128,7 @@ Use the following command to deploy:
 helm upgrade --install registry-scanner \
    --namespace sysdig-agent \
    --create-namespace \
-   --version=1.1.19  \
+   --version=1.1.20  \
    --set config.secureBaseURL=<SYSDIG_SECURE_URL> \
    --set config.secureAPIToken=<SYSDIG_SECURE_API_TOKEN> \
    --set config.secureSkipTLS=true \

charts/registry-scanner/templates/_helpers.tpl

@@ -129,3 +129,12 @@ Allow overriding registry and repository for air-gapped environments
 true
 {{- end }}
 {{- end }}
+
+{{/*
+Fail if cronjob.timeZone is set for Kubernetes < 1.24
+*/}}
+{{- define "registry-scanner.validateTimeZone" -}}
+  {{- if and .Values.cronjob.timeZone (include "registry-scanner.kubeVersionLessThan" (dict "root" . "major" 1 "minor" 24)) }}
+    {{ fail "cronjob.timeZone was specified but kubernetes version is smaller than 1.24." }}
+  {{- end }}
+{{- end }}

charts/registry-scanner/templates/cronjob.yaml

@@ -1,3 +1,4 @@
+{{- include "registry-scanner.validateTimeZone" . }}
 {{- if (include "registry-scanner.kubeVersionLessThan" (dict "root" . "major" 1 "minor" 21)) }}
 apiVersion: batch/v1beta1
 {{- else }}
@@ -11,6 +12,9 @@ metadata:
 {{- include "registry-scanner.customLabels" . | nindent 4 }}
 spec:
   schedule: {{ .Values.cronjob.schedule | quote }}
+  {{- if .Values.cronjob.timeZone }}
+  timeZone: {{ .Values.cronjob.timeZone | quote }}
+  {{- end }}
   failedJobsHistoryLimit: {{ .Values.cronjob.failedJobsHistoryLimit }}
   successfulJobsHistoryLimit: {{ .Values.cronjob.successfulJobsHistoryLimit }}
   concurrencyPolicy:  Forbid

charts/registry-scanner/tests/cronjob_test.yaml

@@ -92,3 +92,32 @@ tests:
     asserts:
       - isNull:
           path: spec.jobTemplate.spec.ttlSecondsAfterFinished
+
+  - it: sets timeZone when specified and Kube >=1.24
+    set:
+      cronjob.timeZone: "America/New_York"
+    capabilities:
+      majorVersion: 1
+      minorVersion: 24
+    asserts:
+      - equal:
+          path: spec.timeZone
+          value: "America/New_York"
+
+  - it: do not set timeZone
+    set:
+      cronjob.timeZone: ""
+    asserts:
+      - isNull:
+          path: spec.timeZone
+
+  - it: sets timeZone when specified and Kube <1.24
+    set:
+      cronjob.timeZone: "America/New_York"
+    capabilities:
+      majorVersion: 1
+      minorVersion: 23
+    asserts:
+      - failedTemplate:
+          # errorMessage: spec.timeZone
+          errorMessage: "cronjob.timeZone was specified but kubernetes version is smaller than 1.24."

charts/registry-scanner/values.yaml

@@ -11,6 +11,8 @@ cronjob:
   successfulJobsHistoryLimit: 2
   # The restart policy for a failed registry scan execution.
   restartPolicy: Never
+  # Timezone settings for the cronjob. Value default will be null to guarantee we only set the timezone if the user provides it.
+  timeZone: ""
 
 # Specify a volume claim to write the final JSON report there instead of standard output.
 reportToPersistentVolumeClaim: ""