diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml index c6fbbecf6..fe28bc1c2 100644 --- a/charts/shield/Chart.yaml +++ b/charts/shield/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: mavimo email: marcovito.moscaritolo@sysdig.com type: application -version: 1.19.1 +version: 1.19.2 appVersion: "1.0.0" diff --git a/charts/shield/README.md b/charts/shield/README.md index f9ac7c946..f536b05b7 100644 --- a/charts/shield/README.md +++ b/charts/shield/README.md @@ -247,6 +247,7 @@ The following table lists the configurable parameters of the `shield` chart and | cluster.volume_mounts | The custom volume mounts for cluster shield | [] | | cluster.pod_disruption_budget.create | Create the PodDisruptionBudget for the cluster shield | true | | cluster.pod_disruption_budget.min_available | The minimum number of available pods for the cluster shield | 1 | +| cluster.exclude_lease_creation | Exclude creation of lease objects for leader election | false | | ssl.verify | Enable SSL verification | true | | ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | [] | | ssl.ca.key_name | Filename that is used when creating the secret. Required if cert is provided. | | diff --git a/charts/shield/templates/cluster/lease-container-vulnerability-management.yaml b/charts/shield/templates/cluster/lease-container-vulnerability-management.yaml index 409ec8fb7..2cf9fc4e2 100644 --- a/charts/shield/templates/cluster/lease-container-vulnerability-management.yaml +++ b/charts/shield/templates/cluster/lease-container-vulnerability-management.yaml @@ -1,4 +1,4 @@ -{{- if (include "cluster.container_vulnerability_management_enabled" .) }} +{{- if and (include "cluster.container_vulnerability_management_enabled" .) (not .Values.cluster.exclude_lease_creation) }} apiVersion: coordination.k8s.io/v1 kind: Lease metadata: diff --git a/charts/shield/tests/cluster/lease-container-vulnerability-management_test.yaml b/charts/shield/tests/cluster/lease-container-vulnerability-management_test.yaml index 403c76a7e..7cb624f81 100644 --- a/charts/shield/tests/cluster/lease-container-vulnerability-management_test.yaml +++ b/charts/shield/tests/cluster/lease-container-vulnerability-management_test.yaml @@ -31,6 +31,18 @@ tests: - hasDocuments: count: 0 + - it: Does not contain a Lease resource when lease creation is excluded + set: + cluster: + exclude_lease_creation: true + features: + vulnerability_management: + container_vulnerability_management: + enabled: true + asserts: + - hasDocuments: + count: 0 + - it: Contains a Lease resource when container vulnerability management is enabled set: features: @@ -47,6 +59,22 @@ tests: path: spec value: + - it: Contains a Lease resource when container vulnerability management is enabled and lease creation is not excluded + set: + features: + vulnerability_management: + container_vulnerability_management: + enabled: true + asserts: + - containsDocument: + kind: Lease + apiVersion: coordination.k8s.io/v1 + name: release-name-shield-cluster-container-vulnerability-management + namespace: shield-namespace + - equal: + path: spec + value: + - it: Override Lease name set: cluster: diff --git a/charts/shield/values.schema.json b/charts/shield/values.schema.json index b3c6bda5f..205cfa9e2 100644 --- a/charts/shield/values.schema.json +++ b/charts/shield/values.schema.json @@ -356,6 +356,11 @@ }, "additionalProperties": false }, + "exclude_lease_creation": { + "type": "boolean", + "description": "Exclude creation of lease objects for leader election", + "default": false + }, "security_context": { "type": "object" }, diff --git a/charts/shield/values.yaml b/charts/shield/values.yaml index 9b2dca390..dac1c0c9a 100644 --- a/charts/shield/values.yaml +++ b/charts/shield/values.yaml @@ -507,6 +507,9 @@ cluster: # The minimum number of available pods for the cluster shield min_available: 1 + # Exclude creation of lease objects for leader election + exclude_lease_creation: false + ssl: # Enable SSL verification verify: true