From bd7667cc6f8035cfb31d79a303a8bd45d65b5564 Mon Sep 17 00:00:00 2001
From: Alberto Barba <alberto.barba@sysdig.com>
Date: Thu, 14 Nov 2024 17:23:27 +0100
Subject: [PATCH] fix(shield): avoid merge with main context (#2030)

---
 charts/shield/Chart.yaml                        | 2 +-
 charts/shield/templates/cluster/_helpers.tpl    | 2 +-
 charts/shield/templates/cluster/deployment.yaml | 6 +++---
 charts/shield/templates/host/_helpers.tpl       | 2 +-
 charts/shield/templates/host/daemonset.yaml     | 6 +++---
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml
index 2218ce596..34bc550c5 100644
--- a/charts/shield/Chart.yaml
+++ b/charts/shield/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: marcovito.moscaritolo@sysdig.com
 type: application
-version: 0.1.17
+version: 0.1.18
 appVersion: "1.0.0"
diff --git a/charts/shield/templates/cluster/_helpers.tpl b/charts/shield/templates/cluster/_helpers.tpl
index 6faf88c04..60d8e2d4d 100644
--- a/charts/shield/templates/cluster/_helpers.tpl
+++ b/charts/shield/templates/cluster/_helpers.tpl
@@ -78,7 +78,7 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 
 {{- define "cluster.affinity" -}}
-{{- $affinity := merge .Values.affinity .Values.cluster.affinity -}}
+{{- $affinity := merge (dict) .Values.affinity .Values.cluster.affinity -}}
 {{- with $affinity -}}
 {{- . | toYaml -}}
 {{- end -}}
diff --git a/charts/shield/templates/cluster/deployment.yaml b/charts/shield/templates/cluster/deployment.yaml
index 3f6bbc0f4..af0d5f7f4 100644
--- a/charts/shield/templates/cluster/deployment.yaml
+++ b/charts/shield/templates/cluster/deployment.yaml
@@ -115,7 +115,7 @@ spec:
             {{- if $proxyEnvs }}
               {{- $proxyEnvs | nindent 12 }}
             {{- end }}
-            {{- $customCAEnvs := (include "common.custom_ca.envs" (merge . (dict "CACertsPath" "/etc/sysdig/ca-certs/"))) }}
+            {{- $customCAEnvs := (include "common.custom_ca.envs" (merge (dict) . (dict "CACertsPath" "/etc/sysdig/ca-certs/"))) }}
             {{- if $customCAEnvs }}
               {{- $customCAEnvs | nindent 12 }}
             {{- end }}
@@ -133,7 +133,7 @@ spec:
               port: {{ .Values.cluster.additional_settings.monitoring_port }}
             {{- .Values.cluster.probes.readiness | toYaml | nindent 12 }}
           volumeMounts:
-            {{- $customCAMounts := (include "common.custom_ca.volume_mount" .) }}
+            {{- $customCAMounts := (include "common.custom_ca.volume_mount" (merge (dict) . (dict "CACertsPath" "/etc/sysdig/ca-certs/")) ) }}
             {{- if $customCAMounts }}
               {{- $customCAMounts | nindent 12 }}
             {{- end }}
@@ -144,7 +144,7 @@ spec:
               name: {{ printf "secret-%s" $secretName }}
             {{- end }}
             {{- if (include "cluster.tls_certificates.required" .) }}
-            - mountPath: {{ include "cluster.tls_certificates.mount_path" (merge . (dict "CACertsPath" "/etc/sysdig/ca-certs/")) }}
+            - mountPath: {{ include "cluster.tls_certificates.mount_path" . }}
               name: cluster-shield-tls-certificates-secret
             {{- end }}
             {{- include "cluster.volume_mounts" . | nindent 12 }}
diff --git a/charts/shield/templates/host/_helpers.tpl b/charts/shield/templates/host/_helpers.tpl
index 747628ba7..729421004 100644
--- a/charts/shield/templates/host/_helpers.tpl
+++ b/charts/shield/templates/host/_helpers.tpl
@@ -25,7 +25,7 @@ If release name contains chart name it will be used as a full name.
     {{- $_ := set $proxyConfig "proxy_host" $host._0 -}}
     {{- $_ := set $proxyConfig "proxy_port" $host._1 -}}
     {{- if (include "common.custom_ca.enabled" .) }}
-      {{- $_ = set $proxyConfig "ca_certificate" (include "common.custom_ca.path" (mergeOverwrite . (dict "CACertsPath" "certificates/"))) }}
+      {{- $_ = set $proxyConfig "ca_certificate" (include "common.custom_ca.path" (merge (dict) . (dict "CACertsPath" "certificates/"))) }}
     {{- end }}
     {{- $proxyConfig | toYaml -}}
 {{- end -}}
diff --git a/charts/shield/templates/host/daemonset.yaml b/charts/shield/templates/host/daemonset.yaml
index b352194fc..29ed30b5f 100644
--- a/charts/shield/templates/host/daemonset.yaml
+++ b/charts/shield/templates/host/daemonset.yaml
@@ -59,7 +59,7 @@ spec:
             {{- if (include "common.proxy.enabled" .) }}
             {{- include "common.proxy.envs" . | nindent 12 }}
             {{- end }}
-            {{- include "common.custom_ca.envs" (merge . (dict "CACertsPath" "/opt/draios/certificates/")) | nindent 12 }}
+            {{- include "common.custom_ca.envs" (merge (dict) . (dict "CACertsPath" "/opt/draios/certificates/")) | nindent 12 }}
           volumeMounts:
             {{- /* Autopilot = false */}}
             {{- if not (include "common.cluster_type.is_gke_autopilot" .) }}
@@ -151,7 +151,7 @@ spec:
             {{- if (include "common.proxy.enabled" .) }}
             {{- include "common.proxy.envs" . | nindent 12 }}
             {{- end }}
-            {{- include "common.custom_ca.envs" (merge . (dict "CACertsPath" "/opt/draios/certificates/")) | nindent 12 }}
+            {{- include "common.custom_ca.envs" (merge (dict) . (dict "CACertsPath" "/opt/draios/certificates/")) | nindent 12 }}
             {{- if .Values.features.responding.rapid_response.enabled }}
             - name: PASSWORD
               valueFrom:
@@ -182,7 +182,7 @@ spec:
           volumeMounts:
           {{- /* TOOD: Local Forwarder config mount */}}
           {{- /* Custom CA */}}
-          {{- include "common.custom_ca.volume_mount" (merge . (dict "CACertsPath" "/opt/draios/certificates/")) | nindent 12 }}
+          {{- include "common.custom_ca.volume_mount" (merge (dict) . (dict "CACertsPath" "/opt/draios/certificates/")) | nindent 12 }}
           {{- /* Always requested */}}
             - mountPath: /host/dev
               name: dev-vol