From 5c1499e331f6b34b013648f530eecfb2d57e7f18 Mon Sep 17 00:00:00 2001 From: Falcon Pioupiou Date: Wed, 31 Jan 2024 17:38:42 +0100 Subject: [PATCH] bumping the chart version to 1.0.2 (but not the appVersion) updating using a single secret and using the same check as falcon-sensor / falcon-kac - between dockerAPIToken and registryConfigJSON --- helm-charts/cs-k8s-protection-agent/Chart.yaml | 2 +- .../templates/deployment.yaml | 9 +++++---- .../templates/docker-secret.yaml | 18 +++++------------- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/helm-charts/cs-k8s-protection-agent/Chart.yaml b/helm-charts/cs-k8s-protection-agent/Chart.yaml index 53ec9a09..85332d3a 100644 --- a/helm-charts/cs-k8s-protection-agent/Chart.yaml +++ b/helm-charts/cs-k8s-protection-agent/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "1.0.1" +version: "1.0.2" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm-charts/cs-k8s-protection-agent/templates/deployment.yaml b/helm-charts/cs-k8s-protection-agent/templates/deployment.yaml index 10afd199..0446e948 100644 --- a/helm-charts/cs-k8s-protection-agent/templates/deployment.yaml +++ b/helm-charts/cs-k8s-protection-agent/templates/deployment.yaml @@ -22,15 +22,16 @@ spec: spec: {{- if or (.Values.image.pullSecrets) (.Values.image.registryConfigJSON) (.Values.crowdstrikeConfig.dockerAPIToken) }} imagePullSecrets: - {{ if .Values.crowdstrikeConfig.dockerAPIToken }} + {{- if and (.Values.crowdstrikeConfig.dockerAPIToken) (.Values.image.registryConfigJSON) }} + {{- fail "crowdstrikeConfig.dockerAPIToken and image.registryConfigJSON cannot be used together." }} + {{- else -}} + {{ if or (.Values.crowdstrikeConfig.dockerAPIToken) (.Values.image.registryConfigJSON) }} - name: {{ include "cs-k8s-protection-agent.fullname" . }}-regsecret {{- end }} + {{- end }} {{ if .Values.image.pullSecrets }} - name: {{ .Values.image.pullSecrets }} {{- end }} - {{ if .Values.image.registryConfigJSON }} - - name: {{ include "cs-k8s-protection-agent.fullname" . }}-regsecret-registryconfigjson - {{- end }} {{- end }} serviceAccountName: {{ .Values.serviceAccount.name | default ( include "cs-k8s-protection-agent.fullname" . ) }} securityContext: diff --git a/helm-charts/cs-k8s-protection-agent/templates/docker-secret.yaml b/helm-charts/cs-k8s-protection-agent/templates/docker-secret.yaml index 55cec44d..f228f3de 100644 --- a/helm-charts/cs-k8s-protection-agent/templates/docker-secret.yaml +++ b/helm-charts/cs-k8s-protection-agent/templates/docker-secret.yaml @@ -1,4 +1,4 @@ -{{ if .Values.crowdstrikeConfig.dockerAPIToken }} +{{ if or (.Values.crowdstrikeConfig.dockerAPIToken) (.Values.image.registryConfigJSON) }} apiVersion: v1 kind: Secret metadata: @@ -8,18 +8,10 @@ metadata: {{- include "cs-k8s-protection-agent.labels" . | nindent 4 }} type: kubernetes.io/dockerconfigjson data: +{{- if .Values.crowdstrikeConfig.dockerAPIToken }} .dockerconfigjson: {{ template "imagePullSecret" . }} -{{- end}} +{{- end }} {{- if .Values.image.registryConfigJSON }} -{{- $registry := .Values.image.registryConfigJSON }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "cs-k8s-protection-agent.fullname" . }}-regsecret - namespace: {{ .Release.Namespace }} - labels: - {{- include "cs-k8s-protection-agent.labels" . | nindent 4 }} -data: - .dockerconfigjson: {{ $registry }} -type: kubernetes.io/dockerconfigjson + .dockerconfigjson: {{ .Values.image.registryConfigJSON }} {{- end }} +{{- end}}