Skip to content

Commit

Permalink
Helm chart update: 2.26.0-id.2-rc
Browse files Browse the repository at this point in the history
  • Loading branch information
helm authored and helm committed Nov 27, 2023
1 parent 6a8f079 commit e1e8288
Show file tree
Hide file tree
Showing 14 changed files with 194 additions and 107 deletions.
4 changes: 2 additions & 2 deletions checkpoint/cloudguard/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 2.24.3
appVersion: 2.26.0-id.2
description: A Helm chart for Check Point CloudGuard Workload Security
home: https://portal.checkpoint.com
icon: https://www.checkpoint.com/wp-content/uploads/icon-cloudguard-nav.png
Expand Down Expand Up @@ -32,4 +32,4 @@ keywords:
- gke
- autopilot
name: cloudguard
version: 2.24.3
version: 2.26.0-id.2
2 changes: 1 addition & 1 deletion checkpoint/cloudguard/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ The following table list the configurable parameters of this chart and their def
| `seccompProfile` | Computer Security facility profile. (to be used in kubernetes 1.19 and up) | `RuntimeDefault` |
| `podAnnotations.seccomp` | Computer Security facility profile. (to be used in kubernetes below 1.19) | `runtime/default` |
| `podAnnotations.apparmor` | Apparmor Linux kernel security module profile. | `{}` |
| `autoUpgrade` | Enable auto-upgrade (true or false). 'major.minor' tags will be set for images rather than 'major.minor.patch'" | `false` |
| `autoUpgrade` | Enable auto-upgrade (preserve, true or false). 'major.minor' tags will be set for images rather than 'major.minor.patch'" | `preserve` |
| `podAnnotations.custom` | Custom Pod annotations (for all agent Pods) | `{}` |
| `priorityClassName` | Specifies custom priorityClassName | `` |
| `daemonSetStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable daemonset pods during a rolling update | `50%` |
Expand Down
16 changes: 8 additions & 8 deletions checkpoint/cloudguard/defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ platform: kubernetes # kubernetes, openshift, openshift.v3, tanzu, eks, eks.bott
seccompProfile:
type: RuntimeDefault

autoUpgrade: false # true or false
autoUpgrade: preserve # true, false or preserve

daemonSetStrategy:
rollingUpdate:
Expand Down Expand Up @@ -111,7 +111,7 @@ addons:
priorityClassName: "system-node-critical"
## Specify image and tag
image: checkpoint/consec-imagescan-daemon
tag: 2.25.0
tag: 2.27.0

## Specify existing service account name ("" to create)
serviceAccountName: ""
Expand All @@ -133,7 +133,7 @@ addons:
shim:
## Specify image and tag
image: checkpoint/consec-imagescan-shim
tag: 2.25.0
tag: 2.27.0

## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
Expand Down Expand Up @@ -169,7 +169,7 @@ addons:
engine:
## Specify image and tag
image: checkpoint/consec-imagescan-engine
tag: 2.25.0
tag: 2.27.0

## Specify existing service account name ("" to create)
serviceAccountName: ""
Expand Down Expand Up @@ -202,7 +202,7 @@ addons:
list:
## Specify image and tag
image: checkpoint/consec-imagescan-engine
tag: 2.25.0
tag: 2.27.0

## Specify existing service account name ("" to create)
serviceAccountName: ""
Expand Down Expand Up @@ -309,7 +309,7 @@ addons:
enforcer:
## Specify image and tag
image: checkpoint/consec-admission-enforcer
tag: 2.9.0
tag: 2.10.0

## Specify existing service account name ("" to create)
serviceAccountName: ""
Expand Down Expand Up @@ -351,7 +351,7 @@ addons:
## Main container settings
## Specify image and tag
image: checkpoint/consec-runtime-daemon
tag: 1.8.8
tag: 1.11.5

## Specify existing service account name ("" to create)
serviceAccountName: ""
Expand All @@ -373,7 +373,7 @@ addons:
probe:
## Specify image and tag
image: checkpoint/consec-runtime-probe
tag: 0.30.2-cp-5
tag: 0.30.2-cp-6

## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
Expand Down
54 changes: 43 additions & 11 deletions checkpoint/cloudguard/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
{{- if or .Values.debugImages .featureConfig.debugImages .agentConfig.debugImages }}
{{- $tag = printf "%s-debug" .agentConfig.tag }}
{{- end }}
{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne .agentConfig.image "checkpoint/consec-runtime-daemon") -}}
{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) -}}
{{- $tag = regexFind "\\d+.\\d+" $tag }}
{{- end -}}
{{- $image := printf "%s/%s:%s" .Values.imageRegistry.url .agentConfig.image $tag }}
Expand All @@ -67,7 +67,7 @@
{{- if or .Values.debugImages .featureConfig.debugImages .agentConfig.debugImages $containerConfig.debugImage }}
{{- $tag = printf "%s-debug" $containerConfig.tag }}
{{- end }}
{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne .agentConfig.image "checkpoint/consec-runtime-probe") -}}
{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne $containerConfig.image "checkpoint/consec-runtime-probe") (ne $containerConfig.image "checkpoint/consec-runtime-cos-compat") -}}
{{- $tag = regexFind "\\d+.\\d+" $tag }}
{{- end -}}
{{- $image := printf "%s/%s:%s" .Values.imageRegistry.url $containerConfig.image $tag }}
Expand Down Expand Up @@ -179,10 +179,8 @@ imagePullSecrets:
fieldPath: spec.nodeName
- name: PLATFORM
value: {{ .platform }}
{{- if eq (include "get.autoUpgrade" .) "true" }}
- name: AUTO_UPGRADE_ENABLED
value: "true"
{{- end -}}
value: {{ (include "get.autoUpgrade" .) | quote }}
{{- if .Values.proxy }}
- name: HTTPS_PROXY
value: "{{ .Values.proxy }}"
Expand Down Expand Up @@ -343,16 +341,50 @@ takes a context (such as $config, .Values or (dict "containerRuntime" $container
{{- end -}}
{{- end -}}

{{- define "inventory.resource.name" -}}
{{- $inventoryConfig := fromYaml (include "inventory.agent.config" .) -}}
{{ template "agent.resource.name" $inventoryConfig }}
{{- end }}

{{/*
if registry is not quay do not enable auto upgrade
If the registry is not "quay" do not enable automatic upgrades.
If a user manually defines a value, that choice takes precedence.
If a user opts for the default "preserve" option:
If there was no prior deployment, automatic upgrades are enabled.
If there was a previous deployment, we examine the value that deployment had and apply it.
If there was no previous value, automatic upgrades are enabled.
note: In the case of Helm templates, we won't have knowledge of the previous value, and unless a value is provided, "autoUpgrade" will default to "true"
*/}}
{{- define "get.autoUpgrade" -}}
{{- if ne .Values.imageRegistry.url "quay.io" -}}
{{- printf "false" -}}
{{- else -}}
{{- printf (.Values.autoUpgrade | toString) -}}
{{- end -}}
{{- if ne .Values.imageRegistry.url "quay.io" -}}
{{- printf "false" -}}
{{- else -}}
{{- if eq (.Values.autoUpgrade | toString) "true" -}}
{{- printf "true" -}}
{{- else -}}
{{- if eq (.Values.autoUpgrade | toString) "false" -}}
{{- printf "false" -}}
{{- else -}}
{{/* preserve */}}
{{- $inventoryDeploymentName := trim (include "inventory.resource.name" .) -}}
{{- $inventoryDeployment := lookup "apps/v1" "Deployment" .Release.Namespace $inventoryDeploymentName -}}
{{- if not $inventoryDeployment -}}
{{- printf "true" -}}
{{- else -}}
{{- $isAutoUpgradeEnv := true -}}
{{- $firstContainer := first $inventoryDeployment.spec.template.spec.containers -}}
{{- range $index, $env := $firstContainer.env -}}
{{- if eq $env.name "AUTO_UPGRADE_ENABLED"}}
{{- if eq $env.value "false" -}}
{{- $isAutoUpgradeEnv = false -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- printf ($isAutoUpgradeEnv | toString) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
{{- $config := fromYaml (include "admission.enforcer.config" .) -}}
{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}}
{{- $_ := set $config "Files" .Files -}}
{{ if $config.featureConfig.enabled }}
apiVersion: apps/v1
kind: Deployment
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
{{- $config := fromYaml (include "admission.policy.config" .) -}}
{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}}
{{- $_ := set $config "Files" .Files -}}
{{- if $config.featureConfig.enabled -}}
apiVersion: apps/v1
kind: Deployment
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
{{- $configs := fromYaml (include "flowlogs.daemon.config.multiple" .) -}}
{{- range $_, $config := $configs -}}
{{- $config = $config | fromYaml -}}
{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}}
{{- $_ := set $config "Files" $.Files -}}
{{- if $config.featureConfig.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
{{- $configs := fromYaml (include "imagescan.daemon.config.multiple" .) -}}
{{- range $_, $config := $configs -}}
{{- $config = $config | fromYaml -}}
{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}}
{{- $_ := set $config "Files" $.Files -}}
{{- if $config.featureConfig.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,12 +53,14 @@ spec:
value: {{ include "name.prefix" $config }}
- name: CLOUDGUARD_REGION
value: {{ include "dome9.subdomain" $config | default "us" }}
- name: CP_RUNTIME
value: {{ $config.containerRuntime }}
{{- if eq $config.containerRuntime "cri-o" }}
{{- if $config.featureConfig.mountPodman }}
- name: USE_PODMAN_EXPORT
- name: CP_USE_PODMAN_EXPORT
value: "both"
{{- else }}
- name: USE_PODMAN_EXPORT
- name: CP_USE_PODMAN_EXPORT
value: "false"
{{- end }}
{{- end }}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
{{- $config := fromYaml (include "inventory.agent.config" .) -}}
{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}}
{{- $_ := set $config "Files" .Files -}}
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down
2 changes: 2 additions & 0 deletions checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
{{- $configs := fromYaml (include "runtime.daemon.config.multiple" .) -}}
{{- range $_, $config := $configs -}}
{{- $config = $config | fromYaml -}}
{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}}
{{- $_ := set $config "Files" $.Files -}}
{{- if $config.featureConfig.enabled -}}
apiVersion: apps/v1
kind: DaemonSet
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
{{- $config := fromYaml (include "runtime.policy.config" .) }}
{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}}
{{- $_ := set $config "Files" .Files -}}
{{- if $config.featureConfig.enabled -}}
apiVersion: apps/v1
kind: Deployment
Expand Down
Binary file added repository/cloudguard-2.26.0-id.2.tgz
Binary file not shown.
Loading

0 comments on commit e1e8288

Please sign in to comment.