Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sysdig-agent,node-analyzer,kspm-collector,rapid-response,admission-controller): Global Custom CA Bundle Support #961

Merged
merged 2 commits into from
Aug 1, 2023
Merged

feat(sysdig-agent,node-analyzer,kspm-collector,rapid-response,admission-controller): Global Custom CA Bundle Support #961

merged 2 commits into from
Aug 1, 2023

Conversation

saltycr3w
Copy link
Contributor

@saltycr3w saltycr3w commented Feb 28, 2023
edited by mavimo
Loading

What this PR does / why we need it:

This PR adds Global Custom CA Bundles support inside the relevant components.

  • sysdig-agent (Complete)
  • node-analyzer (Complete)
  • kspm-collector (Complete)
  • rapid-response (Complete)
    Rapid Response has local chart Custom CA Support already, this PR takes that into account and adds onto it.
  • admission-controller (Complete)
    admission-controller has local chart Custom CA Support for the scanner and webhook, this PR takes that into account and adds onto it.

TODO

Add more documentation about usage.

Checklist

  • Title of the PR starts with type and scope, (e.g. feat(agent,node-analyzer,sysdig-deploy):)
  • Chart Version bumped for the respective charts
  • Variables are documented in the README.md (or README.tpl in some charts)
  • Check GithubAction checks (like lint) to avoid merge-check stoppers
  • All test files are added in the tests folder of their respective chart and have a "_test" suffix

@saltycr3w saltycr3w requested a review from a team as a code owner February 28, 2023 01:49
github-actions[bot]
github-actions bot previously requested changes Feb 28, 2023
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR title does not comply with regex: ^(\w*)(?:\(([\w\$\.\,\-\*\s]*)\))?\:\s?(.*)$!
Check PR guidelines at https://github.com/sysdiglabs/charts/blob/master/README.md#pull-requests

@github-actions github-actions bot added the no-tests Chart templates modified without test changes label Feb 28, 2023
@saltycr3w saltycr3w changed the title feat(sysdig-agent...) Global Custom CA Bundle Support feat(sysdig-agent,node-analyzer,kspm-collector,rapid-response) Global Custom CA Bundle Support Feb 28, 2023
@saltycr3w saltycr3w changed the title feat(sysdig-agent,node-analyzer,kspm-collector,rapid-response) Global Custom CA Bundle Support feat(sysdig-agent,node-analyzer,kspm-collector,rapid-response): Global Custom CA Bundle Support Feb 28, 2023
@github-actions github-actions bot removed the no-tests Chart templates modified without test changes label Mar 2, 2023
@saltycr3w saltycr3w marked this pull request as draft March 7, 2023 21:55
@saltycr3w saltycr3w changed the title feat(sysdig-agent,node-analyzer,kspm-collector,rapid-response): Global Custom CA Bundle Support feat(sysdig-agent,node-analyzer,kspm-collector,rapid-response,admission-controller): Global Custom CA Bundle Support Mar 8, 2023
@saltycr3w saltycr3w marked this pull request as ready for review March 17, 2023 00:23
@saltycr3w saltycr3w requested a review from a team as a code owner March 17, 2023 00:23
@mavimo mavimo force-pushed the global-ssl-ca-cert branch 3 times, most recently from 860fba2 to 915eb14 Compare May 22, 2023 10:05
@AlbertoBarba AlbertoBarba force-pushed the global-ssl-ca-cert branch 12 times, most recently from 168a145 to de3e5f7 Compare July 12, 2023 13:23
@AlbertoBarba AlbertoBarba force-pushed the global-ssl-ca-cert branch 3 times, most recently from 8de0cc6 to 15bebf5 Compare July 13, 2023 10:33
@AlbertoBarba AlbertoBarba requested review from a team and removed request for github-actions[bot] July 13, 2023 14:48
@AlbertoBarba AlbertoBarba self-assigned this Jul 14, 2023
@AlbertoBarba AlbertoBarba force-pushed the global-ssl-ca-cert branch 11 times, most recently from c5c4120 to 58a5e4e Compare July 26, 2023 10:07
mavimo
mavimo requested changes Jul 31, 2023
View reviewed changes
charts/rapid-response/values.yaml
# -----END CERTIFICATE-----

# Filename that is used when creating the secret. Required if cert is provided.
keyName: root_ca_file.crt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the default here (the default is missing in all the other entries)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing the default here will cause a BC since the current version of rapid-response already accept the .Values.ssl.ca.certs and automatically names it in https://github.com/sysdiglabs/charts/pull/961/files#diff-4dd3290c87066c244c1311d77bc14f6a87e30ceb1bdf42ca0f67239c738854e6L38

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Semi-related question: why we don't have the default file name in all the charts? 😅

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cause almost everywhere else we didn't have this functionality yet...the name has been added here to not cause any issue to who's already using this on rapid-response.

charts/rapid-response/values.yaml Outdated Show resolved Hide resolved
@AlbertoBarba AlbertoBarba requested a review from mavimo July 31, 2023 10:06
@AlbertoBarba
feat(admission-controller,agent,cloud-bench,cloud-connector,cloud-sca…
dee6e04 
…nning,harbor-scanner-sysdig-secure,kspm-collector,node-analyzer,rapid-response,sysdig-deploy,sysdig-mcm-navmenu,sysdig-stackdriver-bridge) Add Custom CA Support
@AlbertoBarba
chore(rapid-response): rename global cert in certs
4157b07
@AlbertoBarba AlbertoBarba merged commit 2dca8e7 into master Aug 1, 2023
5 checks passed
@AlbertoBarba AlbertoBarba deleted the global-ssl-ca-cert branch August 1, 2023 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlbertoBarba AlbertoBarba AlbertoBarba approved these changes

@mavimo mavimo mavimo approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

@AlbertoBarba AlbertoBarba

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@saltycr3w @mavimo @AlbertoBarba