Merge pull request #9522 from zalando-incubator/vthupili

feat: WIZ Helm upgrade to recent version

Author: zaklawrencea

cluster/manifests/wiz/002-connector-broker-serviceaccount.yaml

@@ -8,7 +8,7 @@ metadata:
   name: wiz-broker
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-broker-2.3.8
     application: "wiz"
     component: "connector"
 ---
@@ -19,7 +19,7 @@ metadata:
   name: wiz-cluster-reader
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
 {{end}}

cluster/manifests/wiz/002-connector-job-serviceaccount.yaml

@@ -7,7 +7,7 @@ metadata:
   name: wiz-auto-modify-connector
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
-{{ end }}
+{{ end }}

cluster/manifests/wiz/002-sensor-serviceaccount.yaml

@@ -7,7 +7,7 @@ metadata:
   name: wiz-sensor
   namespace: wiz
   labels:
-    helm.sh/chart: wiz-sensor-1.0.4760
+    helm.sh/chart: wiz-sensor-1.0.6440
     application: "wiz"
     component: "connector"
 {{end}}

cluster/manifests/wiz/003-connector-broker-clusterrole.yaml

@@ -8,7 +8,7 @@ kind: ClusterRoleBinding
 metadata:
   name: wiz-cluster-reader
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
 roleRef:

cluster/manifests/wiz/003-connector-job-role.yaml

@@ -7,7 +7,7 @@ metadata:
   name: wiz-auto-modify-connector
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
 rules:
@@ -29,7 +29,7 @@ metadata:
   name: wiz-auto-modify-connector
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
 roleRef:

cluster/manifests/wiz/003-sensor-clusterrole.yaml

@@ -6,7 +6,7 @@ kind: ClusterRole
 metadata:
   name: wiz-sensor
   labels:
-    helm.sh/chart: wiz-sensor-1.0.4760
+    helm.sh/chart: wiz-sensor-1.0.6440
     application: "wiz"
     component: "sensor"
 rules:
@@ -28,7 +28,7 @@ kind: ClusterRoleBinding
 metadata:
   name: wiz-sensor
   labels:
-    helm.sh/chart: wiz-sensor-1.0.4760
+    helm.sh/chart: wiz-sensor-1.0.6440
     application: "wiz"
     component: "sensor"
 subjects:

cluster/manifests/wiz/004-connector-broker-secrets.yaml

@@ -9,7 +9,7 @@ metadata:
   name: wiz-connector-connector
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
 type: Opaque
@@ -25,21 +25,21 @@ metadata:
   name: wiz-cluster-reader-token
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
   annotations:
     kubernetes.io/service-account.name: wiz-cluster-reader
 type: kubernetes.io/service-account-token
 ---
-# Source: wiz-sensor/templates/apikeysecret.yaml
+# Source: wiz-sensor/templates/secrets-wiz-api-token.yaml
 apiVersion: v1
 kind: Secret
 metadata:
   name: wiz-api-token
   namespace: wiz
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-integration-0.2.91
     application: "wiz"
     component: "connector"
 type: Opaque

cluster/manifests/wiz/004-sensor-secrets.yaml

@@ -1,13 +1,13 @@
 {{ if eq .Cluster.ConfigItems.wiz_enable_runtime_sensor "true"}}
 ---
-# Source: wiz-sensor/templates/apikeysecret.yaml
+# Source: wiz-sensor/templates/secrets-wiz-api-token.yaml
 apiVersion: v1
 kind: Secret
 metadata:
   name: wiz-sensor-apikey
   namespace: wiz
   labels:
-    helm.sh/chart: wiz-sensor-1.0.4760
+    helm.sh/chart: wiz-kubernetes-integration-0.2.91
     application: "wiz"
     component: "sensor"
 type: Opaque

cluster/manifests/wiz/005-connector-job.yaml

@@ -7,7 +7,7 @@ metadata:
   name: wiz-kubernetes-connector-create-connector
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-kubernetes-connector-3.3.11
     application: "wiz"
     component: "connector"
     job: "wiz-connector-agent"
@@ -21,7 +21,7 @@ spec:
   template:
     metadata:
       labels: 
-        helm.sh/chart: wiz-broker-2.1.0
+        helm.sh/chart: wiz-kubernetes-connector-3.3.11
         application: "wiz"
         component: "connector"
         job: "wiz-connector-agent"
@@ -31,6 +31,10 @@ spec:
       securityContext:
         runAsNonRoot: true
         runAsUser: 1000
+      volumes:
+      - name: api-client
+        secret:
+          secretName: wiz-api-token
       containers:
         - name: wiz-connector-creator
           securityContext:
@@ -58,20 +62,10 @@ spec:
             - --connector-name
             - {{.Cluster.Alias}}
           env:
+          - name: CLI_FILES_AS_ARGS
+            value: "/var/api-client/clientToken,/var/api-client/clientId"
           - name: LOG_LEVEL
             value: info
-          - name: WIZ_CLIENT_ID
-            valueFrom:
-              secretKeyRef:
-                name: wiz-api-token
-                key: clientId
-                optional: false
-          - name: WIZ_CLIENT_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: wiz-api-token
-                key: clientToken
-                optional: false
           - name: WIZ_ENV
             value: 
           resources:
@@ -81,4 +75,8 @@ spec:
             requests:
               cpu: {{ .Cluster.ConfigItems.wiz_connector_cpu }}
               memory: {{ .Cluster.ConfigItems.wiz_connector_memory }}
+          volumeMounts:
+          - name: api-client
+            mountPath: /var/api-client
+            readOnly: true
 {{end}}

cluster/manifests/wiz/connector-deployment.yaml

@@ -7,7 +7,7 @@ metadata:
   name: wiz-connector-agent
   namespace: "wiz"
   labels:
-    helm.sh/chart: wiz-broker-2.1.0
+    helm.sh/chart: wiz-broker-2.3.8
     application: "wiz"
     component: "connector"
     deployment: "wiz-connector-agent"
@@ -19,7 +19,7 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: wiz-broker-2.1.0
+        helm.sh/chart: wiz-broker-2.3.8
         application: "wiz"
         component: "connector"
         deployment: "wiz-connector-agent"
@@ -29,6 +29,9 @@ spec:
         runAsNonRoot: true
         runAsUser: 1000
       volumes:
+        - name: api-client
+          secret:
+            secretName: wiz-api-token
         - name: connector-data
           secret:
             secretName: wiz-connector-connector
@@ -44,6 +47,9 @@ spec:
           image: "container-registry.zalando.net/secops-systems/wiz-broker:2.7-main-4"
           imagePullPolicy: IfNotPresent
           volumeMounts:
+          - name: api-client
+            mountPath: /var/api-client
+            readOnly: true
           - name: connector-data
             mountPath: /etc/connectorData
             readOnly: true
@@ -54,16 +60,8 @@ spec:
             value: info
           - name: WIZ_ENV
             value: 
-          - name: WIZ_CLIENT_ID
-            valueFrom:
-              secretKeyRef:
-                name: wiz-api-token
-                key: clientId
-          - name: WIZ_CLIENT_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: wiz-api-token
-                key: clientToken
+          - name: CLI_FILES_AS_ARGS
+            value: "/var/api-client/clientToken,/var/api-client/clientId"
           - name: TARGET_IP
             value: kubernetes.default.svc.cluster.local
           - name: TARGET_PORT