From 89a2df75195aeb2aa7c2c184ded2ec6001b35391 Mon Sep 17 00:00:00 2001 From: Edo Dekel Date: Sun, 24 Dec 2023 08:41:29 +0200 Subject: [PATCH] merged sergeykostov:skostov-fix-cndr-liveness to main --- .gitignore | 2 ++ api/v1/cndr_types.go | 2 ++ .../state/components/sensor_daemon_set.go | 1 + .../example-values.yaml | 1 + .../templates/containers-agent.yaml | 1 + .../templates/deployment.yaml | 10 +++--- .../templates/operator.yaml | 32 ++++++++++++++++++- ...ers.carbonblack.io_cbcontainersagents.yaml | 30 +++++++++++++++++ ...ers.carbonblack.io_cbcontainersagents.yaml | 30 +++++++++++++++++ 9 files changed, 103 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 83b2ca74..54233012 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,5 @@ testbin /operator.yaml /cbcontainers-operator + +*.bak \ No newline at end of file diff --git a/api/v1/cndr_types.go b/api/v1/cndr_types.go index 599a6ba8..cc600c56 100644 --- a/api/v1/cndr_types.go +++ b/api/v1/cndr_types.go @@ -17,6 +17,8 @@ type CBContainersCndrSensorSpec struct { Image CBContainersImageSpec `json:"image,omitempty"` // +kubebuilder:default:={requests: {memory: "64Mi", cpu: "30m"}, limits: {memory: "1024Mi", cpu: "500m"}} Resources coreV1.ResourceRequirements `json:"resources,omitempty"` + // +kubebuilder:default:={initialDelaySeconds: 240, timeoutSeconds: 1, periodSeconds: 30, successThreshold: 1, failureThreshold: 5, readinessPath: "/tmp/ready", livenessPath: "/tmp/alive" } + Probes CBContainersFileProbesSpec `json:"probes,omitempty"` // +kubebuilder:default:={port: 7071} Prometheus CBContainersPrometheusSpec `json:"prometheus,omitempty"` // +kubebuilder:default:=2 diff --git a/cbcontainers/state/components/sensor_daemon_set.go b/cbcontainers/state/components/sensor_daemon_set.go index f67a3f89..a651d1bd 100644 --- a/cbcontainers/state/components/sensor_daemon_set.go +++ b/cbcontainers/state/components/sensor_daemon_set.go @@ -457,6 +457,7 @@ func (obj *SensorDaemonSetK8sObject) mutateCndrContainer(container *coreV1.Conta container.Name = CndrContainerName container.Resources = cndrSpec.Resources commonState.MutateImage(container, cndrSpec.Image, agentSpec.Version, agentSpec.Components.Settings.DefaultImagesRegistry) + commonState.MutateContainerFileProbes(container, cndrSpec.Probes) if commonState.IsEnabled(cndrSpec.Prometheus.Enabled) { container.Ports = []coreV1.ContainerPort{{Name: "metrics", ContainerPort: int32(cndrSpec.Prometheus.Port)}} } diff --git a/charts/cbcontainers-agent/cbcontainers-agent-chart/example-values.yaml b/charts/cbcontainers-agent/cbcontainers-agent-chart/example-values.yaml index cfdef89a..10705908 100644 --- a/charts/cbcontainers-agent/cbcontainers-agent-chart/example-values.yaml +++ b/charts/cbcontainers-agent/cbcontainers-agent-chart/example-values.yaml @@ -205,5 +205,6 @@ components: enabled: false cndr: enabled: true + probes: {} # accessTokenSecretName is the name of the Kubernetes object of type Secret that holds the values of the Company Code companyCodeSecretName: "my-company-code-secret-name" \ No newline at end of file diff --git a/charts/cbcontainers-agent/cbcontainers-agent-chart/templates/containers-agent.yaml b/charts/cbcontainers-agent/cbcontainers-agent-chart/templates/containers-agent.yaml index 4521bb6e..45a217c2 100644 --- a/charts/cbcontainers-agent/cbcontainers-agent-chart/templates/containers-agent.yaml +++ b/charts/cbcontainers-agent/cbcontainers-agent-chart/templates/containers-agent.yaml @@ -15,6 +15,7 @@ spec: gateways: apiGateway: host: {{ required "gateways.apiGatewayHost is required" .Values.gateways.apiGatewayHost }} + adapter: {{ default "containers" .Values.gateways.adapter }} coreEventsGateway: host: {{ required "gateways.coreEventsGatewayHost is required" .Values.gateways.coreEventsGatewayHost }} hardeningEventsGateway: diff --git a/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/deployment.yaml b/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/deployment.yaml index c4bf017a..5220c5a3 100644 --- a/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/deployment.yaml +++ b/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: - --logtostderr=true - --http2-disable - --v=0 - image: "{{ .Values.rbacProxy.image.repository }}:{{.Values.rbacProxy.image.version }}" + image: "{{ .Values.imagesRegistry | default "" }}{{ .Values.rbacProxy.image.repository }}:{{.Values.rbacProxy.image.version }}" name: kube-rbac-proxy ports: - containerPort: 8443 @@ -61,7 +61,7 @@ spec: - --leader-elect command: - /manager - image: "{{ .Values.operator.image.repository | default "cbartifactory/octarine-operator" }}:{{ .Values.operator.image.version | default .Chart.AppVersion }}" + image: "{{ .Values.imagesRegistry | default "" }}{{ .Values.operator.image.repository | default "cbartifactory/octarine-operator" }}:{{ .Values.operator.image.version | default .Chart.AppVersion }}" env: - name: OPERATOR_NAMESPACE valueFrom: @@ -70,11 +70,11 @@ spec: {{/* If you want to enable HTTP Proxy you need to set all 3 of the values - operator.proxy.http, operator.proxy.https and operator.proxy.noProxy */}} {{- if .Values.operator.proxy -}} - name: HTTP_PROXY - value: {{ required "all values under spec.operator.proxy are required if even one is set" .Values.operator.proxy.http }} + value: {{ .Values.operator.proxy.http }} - name: HTTPS_PROXY - value: {{ required "all values under spec.operator.proxy are required if even one is set" .Values.operator.proxy.https }} + value: {{ .Values.operator.proxy.https }} - name: NO_PROXY - value: {{ required "all values under spec.operator.proxy are required if even one is set" .Values.operator.proxy.noProxy }} + value: {{ .Values.operator.proxy.noProxy }} {{- end -}} {{- if .Values.operator.environment -}} {{- with .Values.operator.environment -}} diff --git a/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml b/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml index 2fa01532..f85a4d15 100644 --- a/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml +++ b/charts/cbcontainers-operator/cbcontainers-operator-chart/templates/operator.yaml @@ -4837,6 +4837,36 @@ spec: type: string default: {} type: object + probes: + default: {} + properties: + failureThreshold: + default: 5 + format: int32 + type: integer + initialDelaySeconds: + default: 240 + format: int32 + type: integer + livenessPath: + default: /tmp/alive + type: string + periodSeconds: + default: 30 + format: int32 + type: integer + readinessPath: + default: /tmp/ready + type: string + successThreshold: + default: 1 + format: int32 + type: integer + timeoutSeconds: + default: 1 + format: int32 + type: integer + type: object prometheus: default: port: 7071 @@ -6432,7 +6462,7 @@ spec: --- apiVersion: v1 imagePullSecrets: -- name: cbcontainers-operator-public-registry-secret +- name: {{ default "cbcontainers-operator-public-registry-secret" .Values.imagesPullSecret }} kind: ServiceAccount metadata: name: cbcontainers-operator diff --git a/config/crd/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml b/config/crd/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml index 8536a840..3d1a550c 100644 --- a/config/crd/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml +++ b/config/crd/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml @@ -4827,6 +4827,36 @@ spec: type: string default: {} type: object + probes: + default: {} + properties: + failureThreshold: + default: 5 + format: int32 + type: integer + initialDelaySeconds: + default: 240 + format: int32 + type: integer + livenessPath: + default: /tmp/alive + type: string + periodSeconds: + default: 30 + format: int32 + type: integer + readinessPath: + default: /tmp/ready + type: string + successThreshold: + default: 1 + format: int32 + type: integer + timeoutSeconds: + default: 1 + format: int32 + type: integer + type: object prometheus: default: port: 7071 diff --git a/config/crd_v1beta1/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml b/config/crd_v1beta1/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml index 27d1607b..f62d638f 100644 --- a/config/crd_v1beta1/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml +++ b/config/crd_v1beta1/bases/operator.containers.carbonblack.io_cbcontainersagents.yaml @@ -4472,6 +4472,36 @@ spec: additionalProperties: type: string type: object + probes: + default: {} + properties: + failureThreshold: + default: 5 + format: int32 + type: integer + initialDelaySeconds: + default: 240 + format: int32 + type: integer + livenessPath: + default: /tmp/alive + type: string + periodSeconds: + default: 30 + format: int32 + type: integer + readinessPath: + default: /tmp/ready + type: string + successThreshold: + default: 1 + format: int32 + type: integer + timeoutSeconds: + default: 1 + format: int32 + type: integer + type: object prometheus: properties: enabled: