diff --git a/charts/k8s-reporter/Chart.yaml b/charts/k8s-reporter/Chart.yaml index b712d4b41..1e4d5c153 100644 --- a/charts/k8s-reporter/Chart.yaml +++ b/charts/k8s-reporter/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.6.0 +version: 1.7.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.11.3" +appVersion: "2.11.15" diff --git a/charts/k8s-reporter/README.md b/charts/k8s-reporter/README.md index 8c7259142..6829d79b8 100644 --- a/charts/k8s-reporter/README.md +++ b/charts/k8s-reporter/README.md @@ -4,7 +4,7 @@ title: Kubernetes Reporter Helm Chart # k8s-reporter -![Version: 1.6.0](https://img.shields.io/badge/Version-1.6.0-informational?style=flat-square) +![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) A Helm chart for installing the Kosli K8S reporter as a cronjob. The chart allows you to create a Kubernetes cronjob and all its necessary RBAC to report running images to Kosli at a given cron schedule. diff --git a/charts/k8s-reporter/templates/_validations.tpl b/charts/k8s-reporter/templates/_validations.tpl new file mode 100644 index 000000000..f3df1d357 --- /dev/null +++ b/charts/k8s-reporter/templates/_validations.tpl @@ -0,0 +1,8 @@ +{{/* +Validate that namespacesRegex is not used with namespace-scoped permissions +*/}} +{{- define "k8s-reporter.validateNamespacesRegex" -}} +{{- if and (eq .Values.serviceAccount.permissionScope "namespace") (ne .Values.reporterConfig.namespacesRegex "") -}} +{{- fail "namespacesRegex cannot be used with namespace-scoped permissions (serviceAccount.permissionScope: namespace). namespacesRegex requires cluster-wide permissions." -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/k8s-reporter/templates/cronjob.yaml b/charts/k8s-reporter/templates/cronjob.yaml index 20019bdd2..e74baa283 100644 --- a/charts/k8s-reporter/templates/cronjob.yaml +++ b/charts/k8s-reporter/templates/cronjob.yaml @@ -1,3 +1,4 @@ +{{- include "k8s-reporter.validateNamespacesRegex" . -}} apiVersion: batch/v1 kind: CronJob metadata: @@ -30,7 +31,11 @@ spec: {{ if .Values.reporterConfig.namespaces }} - name: KOSLI_NAMESPACES value: {{ .Values.reporterConfig.namespaces | quote }} + {{ else if .Values.reporterConfig.namespacesRegex }} + - name: KOSLI_NAMESPACES_REGEX + value: {{ .Values.reporterConfig.namespacesRegex | quote }} {{ end }} + {{- range $key, $value := .Values.env }} - name: {{ $key }} value: {{ $value }} diff --git a/charts/k8s-reporter/values.yaml b/charts/k8s-reporter/values.yaml index 5da9c4f8f..817e90bf1 100644 --- a/charts/k8s-reporter/values.yaml +++ b/charts/k8s-reporter/values.yaml @@ -8,7 +8,7 @@ image: # -- the kosli reporter image pull policy pullPolicy: IfNotPresent # -- the kosli reporter image tag, overrides the image tag whose default is the chart appVersion. - tag: "v2.11.3" + tag: "v2.11.15" # -- overrides the name used for the created k8s resources. If `fullnameOverride` is provided, it has higher precedence than this one nameOverride: "" @@ -40,10 +40,16 @@ reporterConfig: kosliOrg: "" # -- the name of Kosli environment that the k8s cluster/namespace correlates to kosliEnvironmentName: "" - # -- the namespaces which represent the environment. + # -- the namespaces to scan and report. # It is a comma separated list of namespace names. - # leave this unset if you want to report what is running in the entire cluster + # leave this and namespacesRegex unset if you want to report what is running in the entire cluster namespaces: "" + # -- the namespaces Regex patterns to scan and report. + # Does not have effect if namespaces is set. + # Requires cluster-wide permissions. + # It is a comma separated list of namespace regex patterns. + # leave this and namespaces unset if you want to report what is running in the entire cluster + namespacesRegex: "" # -- whether the dry run mode is enabled or not. In dry run mode, the reporter logs the reports to stdout and does not send them to kosli. dryRun: false # -- the http proxy url