Skip to content

Commit

Permalink
fix(shield): add env var and port to host shield container (#1995)
Browse files Browse the repository at this point in the history
  • Loading branch information
@aroberts87
aroberts87 authored Oct 28, 2024
1 parent cf0bd2b commit 501061f
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 1 deletion.
2 changes: 1 addition & 1 deletion charts/shield/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: mavimo
email: [email protected]
type: application
version: 0.1.9
version: 0.1.10
appVersion: "1.0.0"
11 changes: 11 additions & 0 deletions charts/shield/templates/host/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,17 @@ spec:
key: password
{{- end }}
{{- include "host.env" . | nindent 12 }}
{{ if or .Values.features.posture.host_posture.enabled (dig "kspm_analyzer" "enabled" false .Values.host.additional_settings) }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- end }}
ports:
{{- if or .Values.features.posture.host_posture.enabled (dig "kspm_analyzer" "enabled" false .Values.host.additional_settings) }}
- containerPort: {{ dig "kspm_analyzer" "port" 12000 .Values.host.additional_settings }}
name: kspm-analyzer
{{- end }}
readinessProbe:
httpGet:
host: 127.0.0.1
Expand Down
32 changes: 32 additions & 0 deletions charts/shield/tests/host/daemonset_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -551,3 +551,35 @@ tests:
content:
name: my-cluster-volume
mountPath: /host/my-cluster-mount-path

- it: Ensure port and env var set when host posture is enabled
set:
features:
posture:
host_posture:
enabled: true
asserts:
- contains:
path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].env
content:
name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- contains:
path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].ports
content:
containerPort: 12000
name: kspm-analyzer

- it: Ensure port and env var not set when host posture is disabled
asserts:
- notContains:
path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].env
content:
name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- isNullOrEmpty:
path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].ports

0 comments on commit 501061f

Please sign in to comment.