Skip to content

Commit 43fd8ff

Browse files
francesco-furlanfrancesco-furlan
authored
chore(agent,sysdig-deploy,shield): bump agent to 14.0.0 (#2277)
1 parent be4786c commit 43fd8ff

File tree

8 files changed

+114
-27
lines changed

8 files changed

+114
-27
lines changed

charts/agent/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
apiVersion: v2
2-
appVersion: 13.9.2
2+
appVersion: 14.0.0
33
dependencies:
44
- name: common
55
repository: file://../common
@@ -30,4 +30,4 @@ sources:
3030
- https://app.sysdigcloud.com/#/settings/user
3131
- https://github.com/draios/sysdig
3232
type: application
33-
version: 1.38.2
33+
version: 2.0.0

charts/agent/templates/_helpers.tpl

Lines changed: 31 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -459,6 +459,14 @@ agent config to prevent a backend push from enabling them after installation.
459459
{{- end }}
460460
{{- end }}
461461
{{- end }}
462+
463+
{{- $isAgent14OrAbove := and (include "agent.isSemVer" .Values.image.tag) (semverCompare ">= 14.0.0" .Values.image.tag) }}
464+
465+
{{/* from Host Shield >= 14.0.0 when monitor is disabled we set secure_light mode */}}
466+
{{- if and $isAgent14OrAbove (not .Values.monitor.enabled) }}
467+
{{- $secureLightMode = true }}
468+
{{- end }}
469+
462470
{{- if (not .Values.secure.enabled) }}
463471
{{- range $secureFeature := (list
464472
"commandlines_capture"
@@ -470,26 +478,31 @@ agent config to prevent a backend push from enabling them after installation.
470478
"secure_audit_streams") }}
471479
{{- $_ := set $secureConfig $secureFeature (dict "enabled" false) }}
472480
{{- end }}
473-
{{ else if and (include "agent.enableFalcoBaselineSecureLight" .) $secureLightMode }}
474-
{{- range $secureFeature := (list
475-
"network_topology") }}
476-
{{- $_ := set $secureConfig $secureFeature (dict "enabled" false) }}
477-
{{- end }}
478-
{{- if not (hasKey .Values.sysdig.settings "memdump") }}
479-
{{- $_ := set $secureConfig "memdump" (dict "enabled" false) }}
480-
{{- end }}
481-
{{ else if $secureLightMode }}
482-
{{- range $secureFeature := (list
483-
"drift_control"
484-
"drift_killer"
485-
"falcobaseline"
486-
"network_topology") }}
487-
{{- $_ := set $secureConfig $secureFeature (dict "enabled" false) }}
488-
{{- end }}
489-
{{- if not (hasKey .Values.sysdig.settings "memdump") }}
490-
{{- $_ := set $secureConfig "memdump" (dict "enabled" false) }}
481+
{{- else if (not $isAgent14OrAbove) }}
482+
{{ if and (include "agent.enableFalcoBaselineSecureLight" .) $secureLightMode }}
483+
{{- range $secureFeature := (list
484+
"network_topology") }}
485+
{{- $_ := set $secureConfig $secureFeature (dict "enabled" false) }}
486+
{{- end }}
487+
{{- if not (hasKey .Values.sysdig.settings "memdump") }}
488+
{{- $_ := set $secureConfig "memdump" (dict "enabled" false) }}
489+
{{- end }}
490+
{{ else if $secureLightMode }}
491+
{{- range $secureFeature := (list
492+
"drift_control"
493+
"drift_killer"
494+
"falcobaseline"
495+
"network_topology") }}
496+
{{- $_ := set $secureConfig $secureFeature (dict "enabled" false) }}
497+
{{- end }}
498+
{{- if not (hasKey .Values.sysdig.settings "memdump") }}
499+
{{- $_ := set $secureConfig "memdump" (dict "enabled" false) }}
500+
{{- end }}
491501
{{- end }}
502+
{{- else if $secureLightMode }}
503+
{{- $_ := set $secureConfig "feature" (dict "mode" "secure_light") }}
492504
{{- end }}
505+
493506
{{- if include "agent.gke.autopilot" . }}
494507
{{- $_ := set $secureConfig "drift_control" (dict "enabled" false) }}
495508
{{- $_ := set $secureConfig "drift_killer" (dict "enabled" false) }}

charts/agent/tests/secure_enable_test.yaml

Lines changed: 75 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,12 +89,86 @@ tests:
8989
path: data['dragent.yaml']
9090
pattern: security:\n\ {2}enabled:\ false\n {2}k8s_audit_server_enabled:\ true\n\ {2}k8s_audit_server_port:\ 7765\n\ {2}k8s_audit_server_url:\ 0\.0\.0\.0
9191

92-
- it: Test secure.enabled with secure_light mode specified
92+
- it: Test secure.enabled on image >= 14.0.0 (secure_light mode should be default)
9393
set:
9494
monitor:
9595
enabled: false
9696
secure:
9797
enabled: true
98+
image:
99+
tag: 14.0.0
100+
asserts:
101+
- isKind:
102+
of: ConfigMap
103+
- matchRegex:
104+
path: data['dragent.yaml']
105+
pattern: |-
106+
security:
107+
enabled: true
108+
- matchRegex:
109+
path: data['dragent.yaml']
110+
pattern: |-
111+
feature:
112+
mode: secure_light
113+
- matchRegex:
114+
path: data['dragent.yaml']
115+
pattern: |-
116+
app_checks_enabled: false
117+
- matchRegex:
118+
path: data['dragent.yaml']
119+
pattern: |-
120+
jmx:
121+
enabled: false
122+
- matchRegex:
123+
path: data['dragent.yaml']
124+
pattern: |-
125+
prometheus:
126+
enabled: false
127+
- matchRegex:
128+
path: data['dragent.yaml']
129+
pattern: |-
130+
statsd:
131+
enabled: false
132+
- notMatchRegex:
133+
path: data['dragent.yaml']
134+
pattern: |-
135+
commandlines_capture:
136+
enabled: false
137+
- notMatchRegex:
138+
path: data['dragent.yaml']
139+
pattern: |-
140+
secure_audit_streams:
141+
enabled: false
142+
143+
- it: Test secure.enabled with secure mode on image >= 14.0.0
144+
set:
145+
monitor:
146+
enabled: false
147+
secure:
148+
enabled: true
149+
image:
150+
tag: 14.0.0
151+
settings:
152+
sysdig:
153+
feature:
154+
mode: secure
155+
asserts:
156+
- isKind:
157+
of: ConfigMap
158+
- matchRegex:
159+
path: data['dragent.yaml']
160+
pattern: |-
161+
feature:
162+
mode: secure
163+
164+
- it: Test secure.enabled with secure_light mode specified on image < 14.0.0
165+
set:
166+
monitor:
167+
enabled: false
168+
secure:
169+
enabled: true
170+
image:
171+
tag: 13.9.2
98172
sysdig:
99173
settings:
100174
feature:

charts/agent/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ image:
5151
overrideValue: null
5252
registry: quay.io
5353
repository: sysdig/agent
54-
tag: 13.9.2
54+
tag: 14.0.0
5555
# Specify a imagePullPolicy
5656
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
5757
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images

charts/shield/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,5 @@ maintainers:
1313
- name: mavimo
1414
email: [email protected]
1515
type: application
16-
version: 1.8.3
16+
version: 1.9.0
1717
appVersion: "1.0.0"

charts/shield/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ The following table lists the configurable parameters of the `shield` chart and
156156
| host.image.repository | The repository where the host shield images are stored | <code>sysdig</code> |
157157
| host.image.kmodule_name | The image name for the host shield kmodule drive | <code>agent-kmodule</code> |
158158
| host.image.shield_name | The image name for the host shield | <code>agent-slim</code> |
159-
| host.image.tag | The tag for the host shield images | <code>13.9.2</code> |
159+
| host.image.tag | The tag for the host shield images | <code>14.0.0</code> |
160160
| host.image.pull_policy | The pull policy for the host shield images | <code>IfNotPresent</code> |
161161
| host.image.pull_secrets | The pull secrets for the host shield images | <code>[]</code> |
162162
| host.priority_class.create | Create a priority class for the host shield | <code>false</code> |

charts/shield/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,7 @@ host:
254254
# The image name for the host shield
255255
shield_name: agent-slim
256256
# The tag for the host shield images
257-
tag: 13.9.2
257+
tag: 14.0.0
258258
# The pull policy for the host shield images
259259
pull_policy: IfNotPresent
260260
# The pull secrets for the host shield images

charts/sysdig-deploy/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: sysdig-deploy
33
description: A chart with various Sysdig components for Kubernetes
44
type: application
5-
version: 1.85.4
5+
version: 1.86.0
66
maintainers:
77
- name: AlbertoBarba
88
email: [email protected]
@@ -26,7 +26,7 @@ dependencies:
2626
- name: agent
2727
# repository: https://charts.sysdig.com
2828
repository: file://../agent
29-
version: ~1.38.2
29+
version: ~2.0.0
3030
alias: agent
3131
condition: agent.enabled
3232
- name: common

0 commit comments

Comments
 (0)