Skip to content

feat(shield): add option to exclude lease creation #2389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(shield): add option to exclude lease creation #2389

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/shield/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: mavimo
email: [email protected]
type: application
version: 1.19.1
version: 1.19.2
appVersion: "1.0.0"
1 change: 1 addition & 0 deletions charts/shield/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ The following table lists the configurable parameters of the `shield` chart and
| cluster.volume_mounts | The custom volume mounts for cluster shield | <code>[]</code> |
| cluster.pod_disruption_budget.create | Create the PodDisruptionBudget for the cluster shield | <code>true</code> |
| cluster.pod_disruption_budget.min_available | The minimum number of available pods for the cluster shield | <code>1</code> |
| cluster.exclude_lease_creation | Exclude creation of lease objects for leader election | <code>false</code> |
| ssl.verify | Enable SSL verification | <code>true</code> |
| ssl.ca.certs | For outbound connections (secure backend, proxy,...) A PEM-encoded x509 certificate. This can also be a bundle with multiple certificates. | <code>[]</code> |
| ssl.ca.key_name | Filename that is used when creating the secret. Required if cert is provided. | <code></code> |
Expand Down
2 changes: 1 addition & 1 deletion charts/shield/templates/cluster/lease-container-vulnerability-management.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if (include "cluster.container_vulnerability_management_enabled" .) }}
{{- if and (include "cluster.container_vulnerability_management_enabled" .) (not .Values.cluster.exclude_lease_creation) }}
apiVersion: coordination.k8s.io/v1
kind: Lease
metadata:
Expand Down
28 changes: 28 additions & 0 deletions charts/shield/tests/cluster/lease-container-vulnerability-management_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,18 @@ tests:
- hasDocuments:
count: 0

- it: Does not contain a Lease resource when lease creation is excluded
set:
cluster:
exclude_lease_creation: true
features:
vulnerability_management:
container_vulnerability_management:
enabled: true
asserts:
- hasDocuments:
count: 0

- it: Contains a Lease resource when container vulnerability management is enabled
set:
features:
Expand All @@ -47,6 +59,22 @@ tests:
path: spec
value:

- it: Contains a Lease resource when container vulnerability management is enabled and lease creation is not excluded
set:
features:
vulnerability_management:
container_vulnerability_management:
enabled: true
asserts:
- containsDocument:
kind: Lease
apiVersion: coordination.k8s.io/v1
name: release-name-shield-cluster-container-vulnerability-management
namespace: shield-namespace
- equal:
path: spec
value:

- it: Override Lease name
set:
cluster:
Expand Down
5 changes: 5 additions & 0 deletions charts/shield/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,11 @@
},
"additionalProperties": false
},
"exclude_lease_creation": {
"type": "boolean",
"description": "Exclude creation of lease objects for leader election",
"default": false
},
"security_context": {
"type": "object"
},
Expand Down
3 changes: 3 additions & 0 deletions charts/shield/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -507,6 +507,9 @@ cluster:
# The minimum number of available pods for the cluster shield
min_available: 1

# Exclude creation of lease objects for leader election
exclude_lease_creation: false

ssl:
# Enable SSL verification
verify: true
Expand Down
Loading