From b84c1db65028ca44abb9b3449dbb509ff5519d8d Mon Sep 17 00:00:00 2001 From: Noah Kraemer Date: Tue, 18 May 2021 10:58:17 -0700 Subject: [PATCH 1/2] Update default registry, correct host analyer schedule, fix readme --- charts/sysdig/CHANGELOG.md | 8 ++++++++ charts/sysdig/Chart.yaml | 2 +- charts/sysdig/README.md | 8 ++++---- charts/sysdig/templates/configmap-host-analyzer.yaml | 2 +- charts/sysdig/values.yaml | 6 +++--- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/charts/sysdig/CHANGELOG.md b/charts/sysdig/CHANGELOG.md index c607a6cdd..002eae4aa 100644 --- a/charts/sysdig/CHANGELOG.md +++ b/charts/sysdig/CHANGELOG.md @@ -4,6 +4,14 @@ This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.12.1 + +### Minor changes + +* Switch default registry from `docker.io` to `quay.io` +* Update Benchmark Runner to 1.0.6.0 +* Correct error in Host Analyzer Configmap + ## v1.12.0 ### Major changes diff --git a/charts/sysdig/Chart.yaml b/charts/sysdig/Chart.yaml index e809191d7..ac237f0e4 100755 --- a/charts/sysdig/Chart.yaml +++ b/charts/sysdig/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: sysdig -version: 1.12.0 +version: 1.12.1 appVersion: 11.2.1 description: Sysdig Monitor and Secure agent keywords: diff --git a/charts/sysdig/README.md b/charts/sysdig/README.md index 42f423794..385700325 100644 --- a/charts/sysdig/README.md +++ b/charts/sysdig/README.md @@ -87,7 +87,7 @@ The following table lists the configurable parameters of the Sysdig chart and th | `prometheus.yaml` | prometheus.yaml content to configure metric collection: relabelling and filtering | ` ` | | `extraVolumes.volumes` | Additional volumes to mount in the sysdig agent to pass new secrets or configmaps | `[]` | | `extraVolumes.mounts` | Mount points for additional volumes | `[]` | -| `nodeImageAnalyzer.deploy` | Deploy the Node Image Analyzer (See https://docs.sysdig.com/en/scan-running-images.html) | `false` | +| `nodeImageAnalyzer.deploy` | Deploy the Node Image Analyzer (See https://docs.sysdig.com/en/scan-running-images.html) | `false` | | `nodeImageAnalyzer.settings.dockerSocketPath` | The Docker socket path | | | `nodeImageAnalyzer.settings.criSocketPath` | The socket path to a CRI compatible runtime, such as CRI-O | | | `nodeImageAnalyzer.settings.containerdSocketPath` | The socket path to a CRI-Containerd daemon | | @@ -107,7 +107,7 @@ The following table lists the configurable parameters of the Sysdig chart and th | `nodeImageAnalyzer.resources.limits.memory` | Node Image Analyzer Memory limit per node | `1024Mi` | | `nodeImageAnalyzer.extraVolumes.volumes` | Additional volumes to mount in the Node Image Analyzer (i.e. for docker socket) | `[]` | | `nodeImageAnalyzer.extraVolumes.mounts` | Mount points for additional volumes | `[]` | -| `nodeAnalyzer.deploy` | Deploy the Node Analyzer | `true` | +| `nodeAnalyzer.deploy` | Deploy the Node Analyzer | `true` | | `nodeAnalyzer.collectorEndpoint` | The endpoint to the Scanning Analysis collector | | | `nodeAnalyzer.sslVerifyCertificate` | Can be set to false to allow insecure connections to the Sysdig backend, such as On-Prem | | | `nodeAnalyzer.debug` | Can be set to true to show debug logging, useful for troubleshooting | | @@ -138,8 +138,8 @@ The following table lists the configurable parameters of the Sysdig chart and th | `nodeAnalyzer.hostAnalyzer.resources.limits.cpu` | Host Analyzer CPU limit per node | `500m` | | `nodeAnalyzer.hostAnalyzer.resources.limits.memory` | Host Analyzer Memory limit per node | `1536Mi` | | `nodeAnalyzer.benchmarkRunner.image.repository` | The image repository to pull the Benchmark Runner from | `sysdig/compliance-benchmark-runner` | -| `nodeAnalyzer.benchmarkRunner.image.tag` | The image tag to pull the Benchmark Runner | `latest` | -| `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | The Image pull policy for the Benchmark Runner | `Always` | +| `nodeAnalyzer.benchmarkRunner.image.tag` | The image tag to pull the Benchmark Runner | `1.0.6.0` | +| `nodeAnalyzer.benchmarkRunner.image.pullPolicy` | The Image pull policy for the Benchmark Runner | `IfNotPresent` | | `nodeAnalyzer.benchmarkRunner.resources.requests.cpu` | Benchmark Runner CPU requests per node | `150m` | | `nodeAnalyzer.benchmarkRunner.resources.requests.memory` | Benchmark Runner Memory requests per node | `128Mi` | | `nodeAnalyzer.benchmarkRunner.resources.limits.cpu` | Benchmark Runner CPU limit per node | `500m` | diff --git a/charts/sysdig/templates/configmap-host-analyzer.yaml b/charts/sysdig/templates/configmap-host-analyzer.yaml index f3452e53e..04be20a1e 100644 --- a/charts/sysdig/templates/configmap-host-analyzer.yaml +++ b/charts/sysdig/templates/configmap-host-analyzer.yaml @@ -17,7 +17,7 @@ data: {{- end }} debug: "{{ .Values.nodeAnalyzer.debug | default false }}" {{- if .Values.nodeAnalyzer.hostAnalyzer.schedule }} - schedule: {{ .Values.nodeAnalyzer.hostAnalyzer.schedule }} + schedule: {{ .Values.nodeAnalyzer.hostAnalyzer.schedule | quote }} {{- end }} {{- if .Values.nodeAnalyzer.hostAnalyzer.analyzeAtStartup }} analyze_at_startup: {{ .Values.nodeAnalyzer.hostAnalyzer.analyzeAtStartup }} diff --git a/charts/sysdig/values.yaml b/charts/sysdig/values.yaml index 05adae216..d6432f799 100644 --- a/charts/sysdig/values.yaml +++ b/charts/sysdig/values.yaml @@ -7,7 +7,7 @@ image: # As long as I don't want to people to use this, I will keep it undocumented overrideValue: - registry: docker.io + registry: quay.io repository: sysdig/agent tag: 11.2.1 # Specify a imagePullPolicy @@ -327,7 +327,7 @@ nodeAnalyzer: # The scanning schedule specification for the host analyzer expressed as a crontab string such as “5 4 * * *”. # The default value of @dailydefault instructs the analyzer to automatically pick a schedule that will start # shortly after it is deployed and will perform a scan every 24 hours. - # schedule: “5 4 * * *” + schedule: "@dailydefault" # The list of directories to inspect during the scan, expressed as a comma separated list. # dirsToScan: "/etc,/var/lib/dpkg,/usr/local,/usr/lib/sysimage/rpm,/var/lib/rpm,/lib/apk/db" @@ -345,7 +345,7 @@ nodeAnalyzer: benchmarkRunner: image: repository: sysdig/compliance-benchmark-runner - tag: 1.0.4.0 + tag: 1.0.6.0 pullPolicy: IfNotPresent resources: From 8d58c2ee9a016252457381909f035eb520bda33a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Tue, 18 May 2021 21:13:52 +0200 Subject: [PATCH 2/2] fix: Why this file has execution permissions? --- charts/sysdig/Chart.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 charts/sysdig/Chart.yaml diff --git a/charts/sysdig/Chart.yaml b/charts/sysdig/Chart.yaml old mode 100755 new mode 100644