Skip to content

Commit

Permalink
✨ Support helm lookup for injector namespaces
Browse files Browse the repository at this point in the history
  • Loading branch information
@andersonshatch @gamingrobot
andersonshatch authored and gamingrobot committed Sep 24, 2024
1 parent bc76dbb commit c241da9
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 3 deletions.
3 changes: 2 additions & 1 deletion manifests/helm/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
{{ .Chart.Name }} chart version {{ .Chart.Version }} deployed!

{{- if .Values.agentInjectors.enabled }}
✅ {{ len .Values.agentInjectors.injectors }} {{ len .Values.agentInjectors.injectors | plural "injector" "injectors" }} {{ len .Values.agentInjectors.injectors | plural "has" "have" }} been deployed to {{ len .Values.agentInjectors.namespaces | plural "namespace" "namespaces" }}: {{ join ", " .Values.agentInjectors.namespaces}}
{{- $namespaces := include "contrast-agent-operator.filterInjectorNamespaces" . | fromJsonArray }}
✅ {{ len .Values.agentInjectors.injectors }} {{ len .Values.agentInjectors.injectors | plural "injector" "injectors" }} {{ len .Values.agentInjectors.injectors | plural "has" "have" }} been deployed to {{ len $namespaces | plural "namespace" "namespaces" }}: {{ join ", " $namespaces}}
To use with your workloads:

{{- range $injector := $.Values.agentInjectors.injectors }}
Expand Down
27 changes: 27 additions & 0 deletions manifests/helm/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{{/*
Determine namespaces applicable for deploying the agent injectors
*/}}
{{- define "contrast-agent-operator.filterInjectorNamespaces" -}}
{{- $namespaceNames := list }}
{{- if .Values.agentInjectors.lookupNamespaces.deployToAllAccessibleNamespaces }}
{{- $namespaces := lookup "v1" "Namespace" "" "" }}
{{- if $namespaces.items }}
{{- range $ns := $namespaces.items}}
{{- $include := true }}
{{- range $index, $exclude := default (list "gatekeeper*" "kube*") $.Values.agentInjectors.lookupNamespaces.excludePatterns }}
{{- if regexMatch $exclude $ns.metadata.name }}
{{- $include = false}}
{{- end }}
{{- end }}
{{- if $include }}
{{- $namespaceNames = append $namespaceNames $ns.metadata.name }}
{{- end }}
{{- end }}
{{- else }}
{{- $namespaceNames = list "dry-run-namespace-not-representative-of-reality" }}
{{- end }}
{{- else }}
{{- $namespaceNames = default (list .Release.Namespace) .Values.agentInjectors.namespaces -}}
{{- end }}
{{ toJson $namespaceNames }}
{{- end }}
2 changes: 1 addition & 1 deletion manifests/helm/templates/agent-injectors.yaml.tpl
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{ if .Values.agentInjectors.enabled }}
{{- range $namespace := .Values.agentInjectors.namespaces }}
{{- range $namespace := include "contrast-agent-operator.filterInjectorNamespaces" . | fromJsonArray }}
{{- range $injector := $.Values.agentInjectors.injectors }}
---
apiVersion: agents.contrastsecurity.com/v1beta1
Expand Down
9 changes: 8 additions & 1 deletion manifests/helm/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,14 @@ clusterDefaults:
agentInjectors:
enabled: true
# Required. All injectors will be created in each specified namespace.
lookupNamespaces:
# If enabled, Helm will lookup namespaces and deploy AgentInjectors to any accessible namespaces.
deployToAllAccessibleNamespaces: false
# List of namespace patterns to exclude deploying AgentInjectors to only when looking up namespaces.
excludePatterns:
- gatekeeper*
- kube*
# Required if lookupNamespaces.deployToAllAccessibleNamespaces is not enabled. All injectors will be created in each specified namespace.
namespaces:
- default
injectors:
Expand Down

0 comments on commit c241da9

Please sign in to comment.