From 501061f4753696f6f7ef12888eeecbf242091891 Mon Sep 17 00:00:00 2001
From: Adam Roberts <adam.roberts@sysdig.com>
Date: Mon, 28 Oct 2024 13:06:38 -0400
Subject: [PATCH] fix(shield): add env var and port to host shield container
 (#1995)

---
 charts/shield/Chart.yaml                     |  2 +-
 charts/shield/templates/host/daemonset.yaml  | 11 +++++++
 charts/shield/tests/host/daemonset_test.yaml | 32 ++++++++++++++++++++
 3 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml
index 961771845..06324b17a 100644
--- a/charts/shield/Chart.yaml
+++ b/charts/shield/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: marcovito.moscaritolo@sysdig.com
 type: application
-version: 0.1.9
+version: 0.1.10
 appVersion: "1.0.0"
diff --git a/charts/shield/templates/host/daemonset.yaml b/charts/shield/templates/host/daemonset.yaml
index e693204fb..045049be1 100644
--- a/charts/shield/templates/host/daemonset.yaml
+++ b/charts/shield/templates/host/daemonset.yaml
@@ -158,6 +158,17 @@ spec:
                   key: password
             {{- end }}
             {{- include "host.env" . | nindent 12 }}
+            {{ if or .Values.features.posture.host_posture.enabled (dig "kspm_analyzer" "enabled" false .Values.host.additional_settings) }}
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+          ports:
+            {{- if or .Values.features.posture.host_posture.enabled (dig "kspm_analyzer" "enabled" false .Values.host.additional_settings) }}
+            - containerPort: {{ dig "kspm_analyzer" "port" 12000 .Values.host.additional_settings }}
+              name: kspm-analyzer
+            {{- end }}
           readinessProbe:
             httpGet:
               host: 127.0.0.1
diff --git a/charts/shield/tests/host/daemonset_test.yaml b/charts/shield/tests/host/daemonset_test.yaml
index 3550dc503..85e36dbf1 100644
--- a/charts/shield/tests/host/daemonset_test.yaml
+++ b/charts/shield/tests/host/daemonset_test.yaml
@@ -551,3 +551,35 @@ tests:
           content:
             name: my-cluster-volume
             mountPath: /host/my-cluster-mount-path
+
+  - it: Ensure port and env var set when host posture is enabled
+    set:
+      features:
+        posture:
+          host_posture:
+            enabled: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].env
+          content:
+            name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                  fieldPath: metadata.namespace
+      - contains:
+          path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].ports
+          content:
+            containerPort: 12000
+            name: kspm-analyzer
+
+  - it: Ensure port and env var not set when host posture is disabled
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].env
+          content:
+            name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+      - isNullOrEmpty:
+          path: spec.template.spec.containers[?(@.name == "sysdig-host-shield")].ports