chore(node-analyzer): Improve template to reflect eveEnabled settings in CM (#1536)

airadier · mavimo · web-flow · commit 9895cb002e35 · 2023-12-15T13:05:30.000+01:00
Co-authored-by: Marco Vito Moscaritolo &lt;mavimo@gmail.com&gt;
diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: node-analyzer
 description: Sysdig Node Analyzer
 # currently matching Sysdig's appVersion 1.14.34
-version: 1.20.0
+version: 1.20.1
 appVersion: 12.9.0
 keywords:
   - monitoring
diff --git a/charts/node-analyzer/templates/daemonset-node-analyzer.yaml b/charts/node-analyzer/templates/daemonset-node-analyzer.yaml
@@ -712,7 +712,6 @@ spec:
           - name: "{{ $key }}"
             value: "{{ $value }}"
           {{- end }}
-          {{- if .Values.nodeAnalyzer.runtimeScanner.settings.eveEnabled }}
           - name: EVE_ENABLED
             valueFrom:
               configMapKeyRef:
@@ -725,7 +724,6 @@ spec:
                 name: {{ .Release.Name }}-runtime-scanner
                 key: eve_integration_enabled
                 optional: true
-          {{- end }}
         volumeMounts:
           # Needed for some IBM OpenShift clusters which symlink /var/run/containers/storage to contents of /var/data by default
           - mountPath: /var/data
diff --git a/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml b/charts/node-analyzer/templates/runtimeScanner/runtime-scanner-configmap.yaml
@@ -14,28 +14,26 @@ data:
   {{- end }}
   {{- if (.Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }}
   http_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }}
-  {{- end -}}
+  {{- end }}
   {{- if (.Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }}
   https_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }}
-  {{- end -}}
+  {{- end }}
   {{- if (.Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
   no_proxy: {{ .Values.nodeAnalyzer.runtimeScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
-  {{- end -}}
-  {{- if .Values.nodeAnalyzer.runtimeScanner.settings.eveEnabled }}
-  eve_enabled: "true"
-  eve_integration_enabled: "true"
-  {{- end -}}
+  {{- end }}
+  eve_enabled: {{ .Values.nodeAnalyzer.runtimeScanner.settings.eveEnabled | quote }}
+  eve_integration_enabled: {{ .Values.nodeAnalyzer.runtimeScanner.settings.eveEnabled | quote }}
   {{- if hasKey .Values.nodeAnalyzer.runtimeScanner "settings" }}
   prom_port: {{ .Values.nodeAnalyzer.runtimeScanner.settings.prometheusPort | default 25001 | quote }}
-  {{- end -}}
+  {{- end }}
 
   {{- if .Values.nodeAnalyzer.runtimeScanner.settings.maxImageSizeAllowed }}
   max_image_size_allowed: {{ .Values.nodeAnalyzer.runtimeScanner.settings.maxImageSizeAllowed | int64 | quote }}
-  {{- end -}}
+  {{- end }}
   {{- if .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed }}
   analyzer.maxFileSizeAllowed: {{ .Values.nodeAnalyzer.runtimeScanner.settings.maxFileSizeAllowed | int64 | quote }}
-  {{- end -}}
+  {{- end }}
   {{- if .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion }}
   vuln_db_version: {{ .Values.nodeAnalyzer.runtimeScanner.settings.vulnerabilityDBVersion | quote }}
-  {{- end -}}
+  {{- end }}
 {{- end }}
diff --git a/charts/node-analyzer/tests/runtimescanner_test.yaml b/charts/node-analyzer/tests/runtimescanner_test.yaml
@@ -106,3 +106,46 @@ tests:
       - lengthEqual:
           path: spec.template.spec.containers
           count: 3
+
+  - it: "always expose the EVE_ENABLED and EVE_INTEGRATION_ENABLED variables when eveEnabled is not specified"
+    set:
+      nodeAnalyzer:
+        runtimeScanner:
+          deploy: true
+    templates:
+      - ../templates/daemonset-node-analyzer.yaml
+    asserts:
+      - isNotNull:
+          path: spec.template.spec.containers[?(@.name == "sysdig-runtime-scanner")].env[?(@.name == "EVE_ENABLED")]
+      - isNotNull:
+          path: spec.template.spec.containers[?(@.name == "sysdig-runtime-scanner")].env[?(@.name == "EVE_INTEGRATION_ENABLED")]
+
+  - it: "always expose the EVE_ENABLED and EVE_INTEGRATION_ENABLED variables when eveEnabled is true"
+    set:
+      nodeAnalyzer:
+        runtimeScanner:
+          deploy: true
+          settings:
+            eveEnabled: true
+    templates:
+      - ../templates/daemonset-node-analyzer.yaml
+    asserts:
+      - isNotNull:
+          path: spec.template.spec.containers[?(@.name == "sysdig-runtime-scanner")].env[?(@.name == "EVE_ENABLED")]
+      - isNotNull:
+          path: spec.template.spec.containers[?(@.name == "sysdig-runtime-scanner")].env[?(@.name == "EVE_INTEGRATION_ENABLED")]
+
+  - it: "always expose the EVE_ENABLED and EVE_INTEGRATION_ENABLED variables when eveEnabled is false"
+    set:
+      nodeAnalyzer:
+        runtimeScanner:
+          deploy: true
+          settings:
+            eveEnabled: false
+    templates:
+      - ../templates/daemonset-node-analyzer.yaml
+    asserts:
+      - isNotNull:
+          path: spec.template.spec.containers[?(@.name == "sysdig-runtime-scanner")].env[?(@.name == "EVE_ENABLED")]
+      - isNotNull:
+          path: spec.template.spec.containers[?(@.name == "sysdig-runtime-scanner")].env[?(@.name == "EVE_INTEGRATION_ENABLED")]
