diff --git a/charts/kubecollector/Chart.yaml b/charts/kubecollector/Chart.yaml index 9ee3340..fb7d41b 100644 --- a/charts/kubecollector/Chart.yaml +++ b/charts/kubecollector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubecollector description: A Helm chart for Lightspin Kuberenetes CSPM type: application -version: 0.1.7 +version: 0.1.8 appVersion: "2.0.0" home: https://lightspin.io/ maintainers: diff --git a/charts/kubecollector/README.md b/charts/kubecollector/README.md index c61a621..2857aa8 100644 --- a/charts/kubecollector/README.md +++ b/charts/kubecollector/README.md @@ -1,6 +1,6 @@ # Lightspin KubeCollector -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) [Lightspin](https://www.lightspin.io/) is a graph-based technology immediately visualizes, prioritizes, and dynamically remediates critical cloud risks with no custom configuration needed. This repository contains the Helm chart for the Lightspin KubeCollector application to be deployed on customers Kubernetes clusters. @@ -132,6 +132,7 @@ The following table lists the configurable parameters of the Lightspin KubeColle | runtime.falco.image.repository | string | `"public.ecr.aws/falcosecurity/falco"` | falco agent image repository | | runtime.falco.image.tag | string | `"0.33.1"` | falco agent image tag | | runtime.falco.name | string | `"runtime"` | name of the falco daemonset service | +| runtime.falco.tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]` | tolerations for the falco daemonset | | tenantId | string | `nil` | Lightspin tenant id (id-xyz). | | worker.config.api_rate_limit | float | `0` | kubernetes api calls sleep time between each call. | | worker.config.cmd_poller_interval | int | `60` | check for command message interval. | diff --git a/charts/kubecollector/templates/daemonsets/runtime-daemonset.yaml b/charts/kubecollector/templates/daemonsets/runtime-daemonset.yaml index fd7fdb0..76153d5 100644 --- a/charts/kubecollector/templates/daemonsets/runtime-daemonset.yaml +++ b/charts/kubecollector/templates/daemonsets/runtime-daemonset.yaml @@ -19,9 +19,10 @@ spec: role: security spec: serviceAccountName: {{ template "lightspin-kubecollector.runtime.falco.serviceAccountName" . }} + {{- with .Values.runtime.falco.tolerations }} tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: falco image: "{{ .Values.runtime.falco.image.repository }}:{{ .Values.runtime.falco.image.tag }}" diff --git a/charts/kubecollector/values.yaml b/charts/kubecollector/values.yaml index 5beeaaf..e7c068c 100644 --- a/charts/kubecollector/values.yaml +++ b/charts/kubecollector/values.yaml @@ -144,6 +144,10 @@ runtime: ebpf_probe: # runtime.falco.ebpf_probe.enabled -- enable ebpf probe for falco. enabled: false + tolerations: + # runtime.falco.tolerations -- tolerations for the falco daemonset + - effect: NoSchedule + key: node-role.kubernetes.io/master events: # runtime.events.fullnameOverride -- fully qualified name of the runtime events service fullnameOverride: light-kuberuntime-events