Skip to content

Commit 40611ea

Browse files
JorTurFerJaydipGabaniCopilot
authored
feat: Support disabling audit sidecar (#4280)
Signed-off-by: Jorge Turrado <jorge.turrado@mail.schwarz> Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Jaydip Gabani <gabanijaydip@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent c9a0875 commit 40611ea

File tree

6 files changed

+6
-2
lines changed

6 files changed

+6
-2
lines changed

cmd/build/helmify/main.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ func (ks *kindSet) Write() error {
147147
obj = strings.Replace(obj, " labels:", " labels:\n {{- include \"gatekeeper.podLabels\" . | nindent 8 }}\n {{- include \"audit.podLabels\" . | nindent 8 }}\n {{- include \"gatekeeper.commonLabels\" . | nindent 8 }}", 1)
148148
obj = strings.Replace(obj, " priorityClassName: system-cluster-critical", " {{- if .Values.audit.priorityClassName }}\n priorityClassName: {{ .Values.audit.priorityClassName }}\n {{- end }}", 1)
149149
// Inject export-related volume mount and possible export sidecar
150-
obj = strings.Replace(obj, " name: tmp-volume", " name: tmp-volume\n {{- if and (.Values.enableViolationExport) (eq (.Values.exportBackend | default \"\" | lower) \"disk\") }}\n - mountPath: {{ .Values.audit.exportVolumeMount.path }}\n name: {{ .Values.audit.exportVolume.name }}\n {{- end }}\n {{ if and (.Values.enableViolationExport) (eq (.Values.exportBackend | default \"\" | lower) \"disk\") }}\n - {{ toYaml .Values.audit.exportSidecar | nindent 8 }}\n {{- end }}", 1)
150+
obj = strings.Replace(obj, " name: tmp-volume", " name: tmp-volume\n {{- if and (.Values.enableViolationExport) (eq (.Values.exportBackend | default \"\" | lower) \"disk\") }}\n - mountPath: {{ .Values.audit.exportVolumeMount.path }}\n name: {{ .Values.audit.exportVolume.name }}\n {{- end }}\n {{ if and (.Values.enableViolationExport) (eq (.Values.exportBackend | default \"\" | lower) \"disk\") (not .Values.audit.disableAuditSidecar) }}\n - {{ toYaml .Values.audit.exportSidecar | nindent 8 }}\n {{- end }}", 1)
151151
obj = strings.Replace(obj, " - emptyDir: {}", " {{- if and (.Values.enableViolationExport) (eq (.Values.exportBackend | default \"\" | lower) \"disk\") }}\n - {{- toYaml .Values.audit.exportVolume | nindent 8 }}\n {{- end }}\n {{- if .Values.audit.writeToRAMDisk }}\n - emptyDir:\n medium: Memory\n {{ else }}\n - emptyDir: {}\n {{- end }}", 1)
152152
// Inject extra mounts/volumes at the headers for stability
153153
obj = strings.Replace(obj, " volumeMounts:", " volumeMounts:\n {{- include \"gatekeeper.extraVolumeMounts\" . | nindent 8 }}", 1)

cmd/build/helmify/static/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -230,6 +230,7 @@ information._
230230
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
231231
| audit.disableGenerateOperation | Disable generate operation for audit | `false` |
232232
| audit.disableAuditOperation | Disable audit operation for audit | `false` |
233+
| audit.disableAuditSidecar | Disable audit sidecar | `false` |
233234
| audit.disableStatusOperation | Disable status operation for audit | `false` |
234235
| enableViolationExport | (alpha) Enable exporting violations to external systems | `false` |
235236
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |

cmd/build/helmify/static/values.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -302,6 +302,7 @@ audit:
302302
extraRules: []
303303
disableGenerateOperation: false
304304
disableAuditOperation: false
305+
disableAuditSidecar: false
305306
disableStatusOperation: false
306307
crds:
307308
affinity: {}

manifest_staging/charts/gatekeeper/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -230,6 +230,7 @@ information._
230230
| audit.logLevel | The minimum log level for audit, takes precedence over `logLevel` when specified | `null` |
231231
| audit.disableGenerateOperation | Disable generate operation for audit | `false` |
232232
| audit.disableAuditOperation | Disable audit operation for audit | `false` |
233+
| audit.disableAuditSidecar | Disable audit sidecar | `false` |
233234
| audit.disableStatusOperation | Disable status operation for audit | `false` |
234235
| enableViolationExport | (alpha) Enable exporting violations to external systems | `false` |
235236
| audit.connection | (alpha) Connection name for exporting audit violation messages | `audit-connection` |

manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,7 @@ spec:
192192
- mountPath: {{ .Values.audit.exportVolumeMount.path }}
193193
name: {{ .Values.audit.exportVolume.name }}
194194
{{- end }}
195-
{{ if and (.Values.enableViolationExport) (eq (.Values.exportBackend | default "" | lower) "disk") }}
195+
{{ if and (.Values.enableViolationExport) (eq (.Values.exportBackend | default "" | lower) "disk") (not .Values.audit.disableAuditSidecar) }}
196196
- {{ toYaml .Values.audit.exportSidecar | nindent 8 }}
197197
{{- end }}
198198
dnsPolicy: {{ .Values.audit.dnsPolicy }}

manifest_staging/charts/gatekeeper/values.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -302,6 +302,7 @@ audit:
302302
extraRules: []
303303
disableGenerateOperation: false
304304
disableAuditOperation: false
305+
disableAuditSidecar: false
305306
disableStatusOperation: false
306307
crds:
307308
affinity: {}

0 commit comments

Comments
 (0)