Release v6.12.0 lacework-agent Helm charts

This also contains a fix to nested value evaluation that was not present in the original v6.12.0 Helm chart release.
lacework · Feb 27, 2024 · 10c721e · 10c721e
1 parent 05d9635
commit 10c721e
Show file tree

Hide file tree

Showing 12 changed files with 245 additions and 245 deletions.
diff --git a/index.yaml b/index.yaml
diff --git a/lacework-agent-6.12.0.tgz b/lacework-agent-6.12.0.tgz
diff --git a/lacework-agent/templates/_helpers.tpl b/lacework-agent/templates/_helpers.tpl
@@ -35,12 +35,12 @@ Create chart name and version as used by the chart label.
 Return the proper Lacework Agent image name
 */}}
 {{- define "lacework-agent.image" -}}
-{{- $registryName := .Values.image.registry -}}
-{{- $repositoryName := .Values.image.repository -}}
-{{- $tag := .Values.image.tag | toString -}}
-{{- if .Values.image.overrideValue }}
-    {{- printf .Values.image.overrideValue -}}
-{{- else -}}
+{{- $registryName := (.Values.image).registry -}}
+{{- $repositoryName := (.Values.image).repository -}}
+{{- $tag := (.Values.image).tag | toString -}}
+{{- if (.Values.image).overrideValue }}
+    {{- printf (.Values.image).overrideValue -}}
+{{- else if and ($registryName) ($repositoryName) ($tag) -}}
     {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
 {{- end -}}
 {{- end -}}
@@ -49,12 +49,12 @@ Return the proper Lacework Agent image name
 Return the proper Lacework Cluster Agent image name
 */}}
 {{- define "lacework-cluster-agent.image" -}}
-{{- $registryName := .Values.clusterAgent.image.registry -}}
-{{- $repositoryName := .Values.clusterAgent.image.repository -}}
-{{- $tag := .Values.clusterAgent.image.tag | toString -}}
-{{- if .Values.clusterAgent.image.overrideValue }}
-    {{- printf .Values.clusterAgent.image.overrideValue -}}
-{{- else -}}
+{{- $registryName := ((.Values.clusterAgent).image).registry -}}
+{{- $repositoryName := ((.Values.clusterAgent).image).repository -}}
+{{- $tag := ((.Values.clusterAgent).image).tag | toString -}}
+{{- if ((.Values.clusterAgent).image).overrideValue }}
+    {{- printf ((.Values.clusterAgent.image).overrideValue) -}}
+{{- else if and ($registryName) ($repositoryName) ($tag) -}}
     {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
 {{- end -}}
 {{- end -}}
diff --git a/lacework-agent/templates/access-token.yaml b/lacework-agent/templates/access-token.yaml
@@ -1,5 +1,5 @@
-{{- if not .Values.cloudservice.gke.autopilot }}
-{{- if kindIs "string" .Values.laceworkConfig.accessToken -}}
+{{- if not ((.Values.cloudservice).gke).autopilot }}
+{{- if kindIs "string" (.Values.laceworkConfig).accessToken -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -8,15 +8,15 @@ metadata:
   labels:
     tier: monitoring
     app: {{ include "lacework-agent.name" . }}
-    {{- with .Values.laceworkConfig.labels }}
+    {{- with (.Values.laceworkConfig).labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.laceworkConfig.annotations }}
+  {{- with (.Values.laceworkConfig).annotations }}
   annotations:
     {{- toYaml . | nindent 8 }}
   {{- end }}
 type: Opaque
 data:
-  agent-access-token: {{ required "A valid AccessToken is required! Specify your Lacework agent token in values.yaml" .Values.laceworkConfig.accessToken | b64enc }}
+  agent-access-token: {{ required "A valid AccessToken is required! Specify your Lacework agent token in values.yaml" (.Values.laceworkConfig).accessToken | b64enc }}
 {{- end -}}
 {{- end -}}
diff --git a/lacework-agent/templates/cluster-agent.yaml b/lacework-agent/templates/cluster-agent.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.clusterAgent.enable -}}
+{{- if (.Values.clusterAgent).enable -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -7,10 +7,10 @@ metadata:
   labels:
     tier: monitoring
     app: {{ include "lacework-agent.name" . }}-cluster
-    {{- with .Values.laceworkConfig.labels }}
+    {{- with (.Values.laceworkConfig).labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.laceworkConfig.annotations }}
+  {{- with (.Values.laceworkConfig).annotations }}
   annotations:
     {{- toYaml . | nindent 8 }}
   {{- end }}
@@ -20,7 +20,7 @@ spec:
       name: {{ include "lacework-agent.name" . }}-cluster
   template:
     metadata:
-      {{- with .Values.laceworkConfig.annotations }}
+      {{- with (.Values.laceworkConfig).annotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
@@ -31,18 +31,18 @@ spec:
     spec:
       serviceAccountName: cluster-{{ include "lacework-agent.name" . }}-sa
       affinity:
-{{ toYaml .Values.deployment.affinity | indent 8 }}
+{{ toYaml (.Values.deployment).affinity | indent 8 }}
       tolerations:
-{{ toYaml .Values.deployment.tolerations | indent 8 }}
-{{- if or .Values.deployment.priorityClassCreate .Values.priorityClassName }}
-      priorityClassName: {{ or .Values.deployment.priorityClassName .Values.priorityClassName  | default (include "lacework-agent.fullname" . ) }}
+{{ toYaml (.Values.deployment).tolerations | indent 8 }}
+{{- if or (.Values.deployment).priorityClassCreate .Values.priorityClassName }}
+      priorityClassName: {{ or (.Values.deployment).priorityClassName .Values.priorityClassName  | default (include "lacework-agent.fullname" . ) }}
 {{- end }}
-{{- if .Values.clusterAgent.image.imagePullSecrets }}
+{{- if ((.Values.clusterAgent).image).imagePullSecrets }}
       imagePullSecrets:
-{{ toYaml .Values.clusterAgent.image.imagePullSecrets | indent 8 }}
+{{ toYaml ((.Values.clusterAgent).image).imagePullSecrets | indent 8 }}
 {{- end }}
       terminationGracePeriodSeconds: 20
-{{- if .Values.clusterAgent.hostNetworkAccess }}
+{{- if (.Values.clusterAgent).hostNetworkAccess }}
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
 {{- end }}
@@ -60,23 +60,23 @@ spec:
       containers:
       - name: {{ include "lacework-agent.name" . }}-cluster
         image: {{ template "lacework-cluster-agent.image" . }}
-        imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }}
+        imagePullPolicy: {{ ((.Values.clusterAgent).image).pullPolicy }}
         env:
           - name: LaceworkAccessToken
             valueFrom:
               secretKeyRef:
-{{- if kindIs "string" .Values.laceworkConfig.accessToken }}
+{{- if kindIs "string" (.Values.laceworkConfig).accessToken }}
                 name: {{ include "lacework-agent.name" . }}-access-token
                 key: agent-access-token
 {{- else }}
-                name: {{ required "Secret name required for existing secret" .Values.laceworkConfig.accessToken.existingSecret.name }}
-                key: {{ required "Key name required for existing secret" .Values.laceworkConfig.accessToken.existingSecret.key }}
+                name: {{ required "Secret name required for existing secret" (((.Values.laceworkConfig).accessToken).existingSecret).name }}
+                key: {{ required "Key name required for existing secret" (((.Values.laceworkConfig).accessToken).existingSecret).key }}
 {{- end}}
         resources:
           requests:
-{{ toYaml .Values.resources.requests | indent 12 }}
+{{ toYaml (.Values.resources).requests | indent 12 }}
           limits:
-{{ toYaml .Values.resources.limits | indent 12 }}
+{{ toYaml (.Values.resources).limits | indent 12 }}
         volumeMounts:
           - name: cfgmap
             mountPath: /config

diff --git a/lacework-agent/templates/cluster-configmap.yaml b/lacework-agent/templates/cluster-configmap.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.clusterAgent.enable -}}
+{{- if (.Values.clusterAgent).enable -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -7,37 +7,37 @@ metadata:
   labels:
     tier: monitoring
     app: cluster-{{ include "lacework-agent.name" . }}
-    {{- with .Values.laceworkConfig.labels }}
+    {{- with (.Values.laceworkConfig).labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.laceworkConfig.annotations }}
+  {{- with (.Values.laceworkConfig).annotations }}
   annotations:
     {{- toYaml . | nindent 8 }}
   {{- end }}
 data:
   config.yaml: |
-    {{- if .Values.laceworkConfig.proxyUrl }}
-    proxyurl: {{ .Values.laceworkConfig.proxyUrl}}
+    {{- if (.Values.laceworkConfig).proxyUrl }}
+    proxyurl: {{ (.Values.laceworkConfig).proxyUrl}}
     {{- end }}
-    serverurl: {{ .Values.laceworkConfig.serverUrl}}
-{{- if or (kindIs "int64" .Values.clusterAgent.scrapeInitialDelayMins) (kindIs "float64" .Values.clusterAgent.scrapeInitialDelayMins) }}
-    initialdelaymins: {{ .Values.clusterAgent.scrapeInitialDelayMins }}
+    serverurl: {{ (.Values.laceworkConfig).serverUrl}}
+{{- if or (kindIs "int64" (.Values.clusterAgent).scrapeInitialDelayMins) (kindIs "float64" (.Values.clusterAgent).scrapeInitialDelayMins) }}
+    initialdelaymins: {{ (.Values.clusterAgent).scrapeInitialDelayMins }}
 {{- end }}
-{{- if or (kindIs "int64" .Values.clusterAgent.scrapeIntervalMins) (kindIs "float64" .Values.clusterAgent.scrapeIntervalMins) }}
-    runintervalmins: {{ .Values.clusterAgent.scrapeIntervalMins }}
+{{- if or (kindIs "int64" (.Values.clusterAgent).scrapeIntervalMins) (kindIs "float64" (.Values.clusterAgent).scrapeIntervalMins) }}
+    runintervalmins: {{ (.Values.clusterAgent).scrapeIntervalMins }}
 {{- end }}
-{{- if or (kindIs "string" .Values.clusterAgent.clusterType) (kindIs "string" .Values.laceworkConfig.kubernetesCluster) }}
+{{- if or (kindIs "string" (.Values.clusterAgent).clusterType) (kindIs "string" (.Values.laceworkConfig).kubernetesCluster) }}
     clusterparams:
-{{- if kindIs "string" .Values.clusterAgent.clusterType }}
-      clustertype: {{ .Values.clusterAgent.clusterType }}
+{{- if kindIs "string" (.Values.clusterAgent).clusterType }}
+      clustertype: {{ (.Values.clusterAgent).clusterType }}
 {{- end }}
-{{- if kindIs "string" .Values.laceworkConfig.kubernetesCluster }}
-      clustername: {{ .Values.laceworkConfig.kubernetesCluster }}
+{{- if kindIs "string" (.Values.laceworkConfig).kubernetesCluster }}
+      clustername: {{ (.Values.laceworkConfig).kubernetesCluster }}
 {{- end }}
 {{- end }}
-{{- if kindIs "string" .Values.clusterAgent.clusterRegion }}
+{{- if kindIs "string" (.Values.clusterAgent).clusterRegion }}
     cloudproviderparams:
-      region: {{ .Values.clusterAgent.clusterRegion }}
+      region: {{ (.Values.clusterAgent).clusterRegion }}
 {{- end }}
 
 {{- end }}
diff --git a/lacework-agent/templates/cluster-role-binding.yaml b/lacework-agent/templates/cluster-role-binding.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.clusterAgent.enable -}}
+{{- if (.Values.clusterAgent).enable -}}
 apiVersion: rbac.authorization.k8s.io/v1
 # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
 kind: ClusterRoleBinding

diff --git a/lacework-agent/templates/cluster-role.yaml b/lacework-agent/templates/cluster-role.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.clusterAgent.enable -}}
+{{- if (.Values.clusterAgent).enable -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

diff --git a/lacework-agent/templates/configmap.yaml b/lacework-agent/templates/configmap.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.datacollector.enable -}}
+{{- if (.Values.datacollector).enable -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -7,22 +7,22 @@ metadata:
   labels:
     tier: monitoring
     app: {{ include "lacework-agent.name" . }}
-    {{- with .Values.laceworkConfig.labels }}
+    {{- with (.Values.laceworkConfig).labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.laceworkConfig.annotations }}
+  {{- with (.Values.laceworkConfig).annotations }}
   annotations:
     {{- toYaml . | nindent 8 }}
   {{- end }}
 data:
   config.json: |
-    {"autoupgrade": "{{ required "A value for autoupgrade is required" .Values.laceworkConfig.autoUpgrade }}",
-      {{- with .Values.laceworkConfig.anonymizeIncoming }}
+    {"autoupgrade": "{{ required "A value for autoupgrade is required" (.Values.laceworkConfig).autoUpgrade }}",
+      {{- with (.Values.laceworkConfig).anonymizeIncoming }}
         {{- if .netmask }}
      "AnonymizeIncoming": {"netmask": "{{ .netmask }}"},
         {{- end }}
       {{- end }}
-     {{- with .Values.laceworkConfig.cmdlinefilter }}
+     {{- with (.Values.laceworkConfig).cmdlinefilter }}
        {{- if or .allow .disallow }}
        "cmdlinefilter": {
          {{- if and .allow .disallow }}
@@ -36,7 +36,7 @@ data:
        },
        {{- end }}
      {{- end }}
-     {{- with .Values.laceworkConfig.codeaware }}
+     {{- with (.Values.laceworkConfig).codeaware }}
        {{- if or (eq (quote .enable) "true") (eq (quote .enable) "all") }}
         "codeaware": {
           "enable": "all"
@@ -51,20 +51,20 @@ data:
         },
        {{- end }}
      {{- end }}
-     {{- if .Values.laceworkConfig.containerEngineEndpoint }}
-     "containerengineendpoint": "{{- .Values.laceworkConfig.containerEngineEndpoint }}",
+     {{- if (.Values.laceworkConfig).containerEngineEndpoint }}
+     "containerengineendpoint": "{{- (.Values.laceworkConfig).containerEngineEndpoint }}",
      {{- end }}
-     {{- if .Values.laceworkConfig.containerRuntime }}
-     "containerruntime": "{{- .Values.laceworkConfig.containerRuntime }}",
+     {{- if (.Values.laceworkConfig).containerRuntime }}
+     "containerruntime": "{{- (.Values.laceworkConfig).containerRuntime }}",
      {{- end }}
-     {{- with .Values.laceworkConfig.ebpf }}
+     {{- with (.Values.laceworkConfig).ebpf }}
        {{- if or (kindIs "float64" .shortlivedmsecs) (kindIs "int64" .shortlivedmsecs) }}
         "ebpf": {
           "shortlivedmsecs": "{{ .shortlivedmsecs }}"
         },
        {{- end }}
      {{- end }}
-     {{- with .Values.laceworkConfig.fim }}
+     {{- with (.Values.laceworkConfig).fim }}
      {{- if (kindIs "bool" .enable) }}
        {{- if .enable }}
      "fim": {
@@ -81,7 +81,7 @@ data:
        {{- end }}
      {{- end }}
      {{- end }}
-    {{- with .Values.laceworkConfig.packagescan }}
+    {{- with (.Values.laceworkConfig).packagescan }}
     {{- if .enable }}
     "packagescan": {
       {{- if .interval }}
@@ -91,7 +91,7 @@ data:
     },
     {{- end }}
     {{- end }}
-    {{- with .Values.laceworkConfig.procscan }}
+    {{- with (.Values.laceworkConfig).procscan }}
     {{- if .enable }}
     "procscan": {
       {{- if .interval }}
@@ -101,39 +101,39 @@ data:
     },
     {{- end }}
     {{- end }}
-    {{- if kindIs "string" .Values.laceworkConfig.perfmode }}
-        "perfmode": "{{ .Values.laceworkConfig.perfmode }}",
+    {{- if kindIs "string" (.Values.laceworkConfig).perfmode }}
+        "perfmode": "{{ (.Values.laceworkConfig).perfmode }}",
     {{- end }}
-    {{- if .Values.laceworkConfig.vmprovidercustom }}
-      "vmprovidercustom": "{{- .Values.laceworkConfig.vmprovidercustom }}",
+    {{- if (.Values.laceworkConfig).vmprovidercustom }}
+      "vmprovidercustom": "{{- (.Values.laceworkConfig).vmprovidercustom }}",
     {{- end }}
-{{- if .Values.clusterAgent.enable }}
+{{- if (.Values.clusterAgent).enable }}
      "k8snodecollector": {
-{{- if .Values.clusterAgent.clusterType }}
-             "k8sclustertype": "{{ .Values.clusterAgent.clusterType}}",
+{{- if (.Values.clusterAgent).clusterType }}
+             "k8sclustertype": "{{ (.Values.clusterAgent).clusterType}}",
 {{- end }}
 
-{{- if  not .Values.laceworkConfig.kubernetesCluster }}
-             #kubernetes cluster "{{ required "kubernetesCluster name is a required parameter" .Values.laceworkConfig.kubernetesCluster }}
+{{- if  not (.Values.laceworkConfig).kubernetesCluster }}
+             #kubernetes cluster "{{ required "kubernetesCluster name is a required parameter" (.Values.laceworkConfig).kubernetesCluster }}
 {{- end}}
-             "clusterregion" : "{{ required "A clusterRegion is a required parameter" .Values.clusterAgent.clusterRegion }}",
+             "clusterregion" : "{{ required "A clusterRegion is a required parameter" (.Values.clusterAgent).clusterRegion }}",
 
-{{- if eq .Values.laceworkConfig.datacollector "disable" }}
+{{- if eq (.Values.laceworkConfig).datacollector "disable" }}
              "exclusivemode": "true",
 {{- end }}
-{{- if or (kindIs "int64" .Values.laceworkConfig.k8sNodeScrapeIntervalMins) (kindIs "float64" .Values.laceworkConfig.k8sNodeScrapeIntervalMins) }}
-             "tickerfreqmins": "{{ .Values.laceworkConfig.k8sNodeScrapeIntervalMins }}",
+{{- if or (kindIs "int64" (.Values.laceworkConfig).k8sNodeScrapeIntervalMins) (kindIs "float64" (.Values.laceworkConfig).k8sNodeScrapeIntervalMins) }}
+             "tickerfreqmins": "{{ (.Values.laceworkConfig).k8sNodeScrapeIntervalMins }}",
 {{- end }}
              "state": "enabled"
      },
 {{- end }}
-  {{- if .Values.laceworkConfig.proxyUrl }} "proxyurl" :"{{ .Values.laceworkConfig.proxyUrl}}", {{- end }}
-     "serverurl": "{{ .Values.laceworkConfig.serverUrl}}",
-  {{- if .Values.laceworkConfig.metadataRequestInterval }} 
-     "metadata_request_interval": "{{ .Values.laceworkConfig.metadataRequestInterval}}",
+  {{- if (.Values.laceworkConfig).proxyUrl }} "proxyurl" :"{{ (.Values.laceworkConfig).proxyUrl}}", {{- end }}
+     "serverurl": "{{ (.Values.laceworkConfig).serverUrl}}",
+  {{- if (.Values.laceworkConfig).metadataRequestInterval }} 
+     "metadata_request_interval": "{{ (.Values.laceworkConfig).metadataRequestInterval}}",
   {{- end }}
-{{- if .Values.cloudservice.gke.autopilot }}
-     "tokens":{"AccessToken": "{{ .Values.laceworkConfig.accessToken }}"},
+{{- if ((.Values.cloudservice).gke).autopilot }}
+     "tokens":{"AccessToken": "{{ (.Values.laceworkConfig).accessToken }}"},
      "logstdout" : "true",
 {{- end }}     
   {{- with .Values.laceworkConfig }}