Skip to content

Commit f6f68ff

Browse files
mavimoDaniele De Lorenzi
mavimo
and
Daniele De Lorenzi
authored
feat(node-analyzer,kspm-collector,sysdig-deploy): allow custom proxy for individual containers in node analyzer (#1432)
Signed-off-by: Daniele De Lorenzi <[email protected]> Co-authored-by: Daniele De Lorenzi <[email protected]>
1 parent a116d90 commit f6f68ff

19 files changed

+933
-98
lines changed

charts/kspm-collector/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: kspm-collector
33
description: Sysdig KSPM collector
44

5-
version: 0.9.0
5+
version: 0.9.1
66
appVersion: 1.34.0
77

88
keywords:

charts/kspm-collector/templates/_helpers.tpl

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -132,12 +132,12 @@ Sysdig NATS service URL
132132
Helper to define if to enable nats_insecure
133133
*/}}
134134
{{- define "kspmCollector.natsInsecure" -}}
135-
{{- if and (hasKey .Values "sslVerifyCertificate") ( .Values.sslVerifyCertificate ) -}}
135+
{{- if (.Values.sslVerifyCertificate | default .Values.global.sslVerifyCertificate) -}}
136136
"false"
137-
{{- else if and (hasKey .Values.global "sslVerifyCertificate") ( .Values.global.sslVerifyCertificate ) -}}
138-
"false"
139-
{{- else -}}
137+
{{- else if or (eq .Values.sslVerifyCertificate false) (eq .Values.global.sslVerifyCertificate false) -}}
140138
"true"
139+
{{- else -}}
140+
"false"
141141
{{- end -}}
142142
{{- end -}}
143143

charts/kspm-collector/tests/cert_validation_test.yaml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
suite: KSPM Collector Skip certificate tests
2+
templates:
3+
- templates/configmap.yaml
4+
tests:
5+
- it: "SSL certificate validation enabled"
6+
set:
7+
clusterName: "test"
8+
global:
9+
kspm:
10+
deploy: true
11+
templates:
12+
- templates/configmap.yaml
13+
asserts:
14+
- equal:
15+
path: data.nats_insecure
16+
value: "false"
17+
18+
- it: "Global SSL certificate validation disabled"
19+
set:
20+
clusterName: "test"
21+
global:
22+
kspm:
23+
deploy: true
24+
sslVerifyCertificate: false
25+
templates:
26+
- templates/configmap.yaml
27+
asserts:
28+
- equal:
29+
path: data.nats_insecure
30+
value: "true"
31+
32+
- it: "SSL certificate validation disabled"
33+
set:
34+
clusterName: "test"
35+
global:
36+
kspm:
37+
deploy: true
38+
sslVerifyCertificate: false
39+
templates:
40+
- templates/configmap.yaml
41+
asserts:
42+
- equal:
43+
path: data.nats_insecure
44+
value: "true"

charts/kspm-collector/tests/proxy_test.yaml

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
suite: KSPM Collector Proxy tests
2+
templates:
3+
- templates/configmap.yaml
4+
tests:
5+
- it: "No proxy configured"
6+
set:
7+
clusterName: "test"
8+
global:
9+
kspm:
10+
deploy: true
11+
templates:
12+
- templates/configmap.yaml
13+
asserts:
14+
- notExists:
15+
path: data.http_proxy
16+
- notExists:
17+
path: data.https_proxy
18+
- notExists:
19+
path: data.no_proxy
20+
21+
- it: "Global proxy settings are set"
22+
set:
23+
clusterName: "test"
24+
global:
25+
kspm:
26+
deploy: true
27+
proxy:
28+
httpProxy: "http://squid.domain.local:3128"
29+
httpsProxy: "http://squid.domain.local:3128"
30+
noProxy: "100.64.0.0/10"
31+
templates:
32+
- templates/configmap.yaml
33+
asserts:
34+
- isKind:
35+
of: ConfigMap
36+
- equal:
37+
path: data.http_proxy
38+
value: "http://squid.domain.local:3128"
39+
- equal:
40+
path: data.https_proxy
41+
value: "http://squid.domain.local:3128"
42+
- equal:
43+
path: data.no_proxy
44+
value: "100.64.0.0/10"
45+
46+
- it: "Proxy settings are set"
47+
set:
48+
clusterName: "test"
49+
global:
50+
kspm:
51+
deploy: true
52+
httpProxy: "http://squid.domain.local:3128"
53+
httpsProxy: "http://squid.domain.local:3128"
54+
noProxy: "100.64.0.0/10"
55+
templates:
56+
- templates/configmap.yaml
57+
asserts:
58+
- isKind:
59+
of: ConfigMap
60+
- equal:
61+
path: data.http_proxy
62+
value: "http://squid.domain.local:3128"
63+
- equal:
64+
path: data.https_proxy
65+
value: "http://squid.domain.local:3128"
66+
- equal:
67+
path: data.no_proxy
68+
value: "100.64.0.0/10"

charts/node-analyzer/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: node-analyzer
33
description: Sysdig Node Analyzer
44

55
# currently matching Sysdig's appVersion 1.14.34
6-
version: 1.17.13
6+
version: 1.18.0
77
appVersion: 12.8.0
88
keywords:
99
- monitoring

charts/node-analyzer/README.md

Lines changed: 18 additions & 0 deletions
Large diffs are not rendered by default.

charts/node-analyzer/templates/_helpers.tpl

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,19 @@ Return the proper image name for the CSPM Analyzer
113113
{{- include "nodeAnalyzer.imageRegistry" . -}} / {{- .Values.nodeAnalyzer.kspmAnalyzer.image.repository -}} {{- if .Values.nodeAnalyzer.kspmAnalyzer.image.digest -}} @ {{- .Values.nodeAnalyzer.kspmAnalyzer.image.digest -}} {{- else -}} : {{- .Values.nodeAnalyzer.kspmAnalyzer.image.tag -}} {{- end -}}
114114
{{- end -}}
115115

116+
{{/*
117+
Helper to define if to enable nats_insecure
118+
*/}}
119+
{{- define "kspmAnalyzer.natsInsecure" -}}
120+
{{- if (.Values.nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate | default .Values.nodeAnalyzer.sslVerifyCertificate | default .Values.global.sslVerifyCertificate) -}}
121+
"false"
122+
{{- else if or (eq .Values.nodeAnalyzer.kspmAnalyzer.sslVerifyCertificate false) (eq .Values.nodeAnalyzer.sslVerifyCertificate false) (eq .Values.global.sslVerifyCertificate false) -}}
123+
"true"
124+
{{- else -}}
125+
"false"
126+
{{- end -}}
127+
{{- end -}}
128+
116129
{{/*
117130
Node Analyzer labels
118131
*/}}

charts/node-analyzer/templates/configmap-benchmark-runner.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,14 +13,14 @@ data:
1313
ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}"
1414
{{- end }}
1515
debug: "{{ .Values.nodeAnalyzer.debug | default false }}"
16-
{{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }}
17-
http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }}
16+
{{- if (.Values.nodeAnalyzer.benchmarkRunner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }}
17+
http_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }}
1818
{{- end -}}
19-
{{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }}
20-
https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }}
19+
{{- if (.Values.nodeAnalyzer.benchmarkRunner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }}
20+
https_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }}
2121
{{- end -}}
22-
{{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
23-
no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
22+
{{- if (.Values.nodeAnalyzer.benchmarkRunner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
23+
no_proxy: {{ .Values.nodeAnalyzer.benchmarkRunner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
2424
{{- end -}}
2525
{{- end }}
2626
{{- end }}

charts/node-analyzer/templates/configmap-host-analyzer.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -29,14 +29,14 @@ data:
2929
{{- if .Values.nodeAnalyzer.hostAnalyzer.maxSendAttempts }}
3030
max_send_attempts: {{ .Values.nodeAnalyzer.hostAnalyzer.maxSendAttempts }}
3131
{{- end }}
32-
{{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }}
33-
http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }}
32+
{{- if (.Values.nodeAnalyzer.hostAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }}
33+
http_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }}
3434
{{- end -}}
35-
{{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }}
36-
https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }}
35+
{{- if (.Values.nodeAnalyzer.hostAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }}
36+
https_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }}
3737
{{- end -}}
38-
{{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
39-
no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
38+
{{- if (.Values.nodeAnalyzer.hostAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
39+
no_proxy: {{ .Values.nodeAnalyzer.hostAnalyzer.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
4040
{{- end -}}
4141
{{- end }}
4242
{{- end }}

charts/node-analyzer/templates/configmap-host-scanner.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,14 @@ data:
2727
ssl_verify_certificate: "{{ .Values.nodeAnalyzer.sslVerifyCertificate }}"
2828
{{- end }}
2929
debug: "{{ .Values.nodeAnalyzer.debug | default false }}"
30-
{{- if (.Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }}
31-
http_proxy: {{ .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }}
30+
{{- if (.Values.nodeAnalyzer.hostScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy) }}
31+
http_proxy: {{ .Values.nodeAnalyzer.hostScanner.httpProxy | default .Values.nodeAnalyzer.httpProxy | default .Values.global.proxy.httpProxy }}
3232
{{- end -}}
33-
{{- if (.Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }}
34-
https_proxy: {{ .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }}
33+
{{- if (.Values.nodeAnalyzer.hostScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy) }}
34+
https_proxy: {{ .Values.nodeAnalyzer.hostScanner.httpsProxy | default .Values.nodeAnalyzer.httpsProxy | default .Values.global.proxy.httpsProxy }}
3535
{{- end -}}
36-
{{- if (.Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
37-
no_proxy: {{ .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
36+
{{- if (.Values.nodeAnalyzer.hostScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy) }}
37+
no_proxy: {{ .Values.nodeAnalyzer.hostScanner.noProxy | default .Values.nodeAnalyzer.noProxy | default .Values.global.proxy.noProxy }}
3838
{{- end -}}
3939
{{- if .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion }}
4040
vuln_db_version: {{ .Values.nodeAnalyzer.hostScanner.vulnerabilityDBVersion | quote }}

0 commit comments

Comments
 (0)