diff --git a/manifests/helm/templates/operator/deployment.yaml.tpl b/manifests/helm/templates/operator/deployment.yaml.tpl index 351f445..b53e8d9 100644 --- a/manifests/helm/templates/operator/deployment.yaml.tpl +++ b/manifests/helm/templates/operator/deployment.yaml.tpl @@ -90,34 +90,76 @@ spec: value: $(CONTRAST_WEBHOOK_SERVICENAME),$(CONTRAST_WEBHOOK_SERVICENAME).$(POD_NAMESPACE).svc,$(CONTRAST_WEBHOOK_SERVICENAME).$(POD_NAMESPACE).svc.cluster.local - name: CONTRAST_DEFAULT_REGISTRY value: '{{ required "operator.defaultRegistry is required." .Values.operator.defaultRegistry }}' + - name: CONTRAST_INSTALL_SOURCE + value: helm + {{- if hasKey .Values.operator "settleDuration" }} - name: CONTRAST_SETTLE_DURATION value: '{{ .Values.operator.settleDuration }}' + {{- end }} + {{- if hasKey .Values.operator "eventQueueSize" }} - name: CONTRAST_EVENT_QUEUE_SIZE value: '{{ .Values.operator.eventQueueSize }}' + {{- end }} + {{- if hasKey .Values.operator "eventQueueFullMode" }} - name: CONTRAST_EVENT_QUEUE_FULL_MODE value: '{{ .Values.operator.eventQueueFullMode }}' + {{- end }} + {{- if hasKey .Values.operator "eventQueueMergeWindowSeconds" }} + - name: CONTRAST_EVENT_QUEUE_MERGE_WINDOW_SECONDS + value: '{{ .Values.operator.eventQueueMergeWindowSeconds }}' + {{- end }} + {{- if hasKey .Values.operator "webhookSecretName" }} - name: CONTRAST_WEBHOOK_SECRET value: '{{ .Values.operator.webhookSecretName }}' + {{- end }} + {{- if hasKey .Values.operator "webhookConfiguration" }} - name: CONTRAST_WEBHOOK_CONFIGURATION value: '{{ .Values.operator.webhookConfiguration }}' + {{- end }} + {{- if hasKey .Values.operator "enableEarlyChaining" }} - name: CONTRAST_ENABLE_EARLY_CHAINING value: '{{ .Values.operator.enableEarlyChaining }}' + {{- end }} + {{- if hasKey .Values.operator "enableAgentStdout" }} - name: CONTRAST_ENABLE_AGENT_STDOUT value: '{{ .Values.operator.enableAgentStdout }}' - - name: CONTRAST_INSTALL_SOURCE - value: helm + {{- end }} + {{- if hasKey .Values.operator "telemetryOptOut" }} + - name: CONTRAST_AGENT_TELEMETRY_OPTOUT + value: '{{ .Values.operator.telemetryOptOut }}' + {{- end }} + {{- if hasKey .Values.operator "operatorLogLevel" }} + - name: CONTRAST_LOG_LEVEL + value: '{{ .Values.operator.operatorLogLevel }}' + {{- end }} + {{- if hasKey .Values.operator.initContainer "nonRoot" }} + - name: CONTRAST_RUN_INIT_CONTAINER_AS_NON_ROOT + value: '{{ .Values.operator.initContainer.nonRoot }}' + {{- end }} + {{- if hasKey .Values.operator.initContainer.resources.requests "cpu" }} - name: CONTRAST_INITCONTAINER_CPU_REQUEST value: '{{ .Values.operator.initContainer.resources.requests.cpu }}' + {{- end }} + {{- if hasKey .Values.operator.initContainer.resources.limits "cpu" }} - name: CONTRAST_INITCONTAINER_CPU_LIMIT value: '{{ .Values.operator.initContainer.resources.limits.cpu }}' + {{- end }} + {{- if hasKey .Values.operator.initContainer.resources.requests "memory" }} - name: CONTRAST_INITCONTAINER_MEMORY_REQUEST value: '{{ .Values.operator.initContainer.resources.requests.memory }}' + {{- end }} + {{- if hasKey .Values.operator.initContainer.resources.limits "memory" }} - name: CONTRAST_INITCONTAINER_MEMORY_LIMIT value: '{{ .Values.operator.initContainer.resources.limits.memory }}' + {{- end }} + {{- if hasKey .Values.operator.initContainer.resources.requests "ephemeralStorage" }} - name: CONTRAST_INITCONTAINER_EPHEMERALSTORAGE_REQUEST value: '{{ .Values.operator.initContainer.resources.requests.ephemeralStorage }}' + {{- end }} + {{- if hasKey .Values.operator.initContainer.resources.limits "ephemeralStorage" }} - name: CONTRAST_INITCONTAINER_EPHEMERALSTORAGE_LIMIT value: '{{ .Values.operator.initContainer.resources.limits.ephemeralStorage }}' + {{- end }} livenessProbe: httpGet: path: /health diff --git a/manifests/helm/values.schema.json b/manifests/helm/values.schema.json index 281d3e2..e9b405a 100644 --- a/manifests/helm/values.schema.json +++ b/manifests/helm/values.schema.json @@ -354,6 +354,11 @@ "DropOldest" ] }, + "eventQueueMergeWindowSeconds": { + "description": "Time window to merge events in the eventQueue", + "default": 10, + "type": "integer" + }, "eventQueueSize": { "description": "Max number of events to queue from the K8s event stream.", "default": 10000, @@ -363,6 +368,11 @@ "description": "Resource management for the agent initContainers", "type": "object", "properties": { + "nonRoot": { + "description": "Run init-containers as non-root", + "default": true, + "type": "boolean" + }, "resources": { "type": "object", "properties": { @@ -428,6 +438,18 @@ "description": "Deployment Labels for the operator deployment.", "type": "object" }, + "operatorLogLevel": { + "description": "Operator Log Level", + "default": "Info", + "type": "string", + "enum": [ + "Trace", + "Debug", + "Info", + "Warn", + "Error" + ] + }, "podAnnotations": { "description": "Pod Annotations for the operator pod(s).", "type": "object" @@ -504,6 +526,11 @@ "default": 10, "type": "integer" }, + "telemetryOptOut": { + "description": "Opt-Out of telemetry collection", + "default": false, + "type": "boolean" + }, "webhookConfiguration": { "description": "The name of the webhook to patch after certificate generation occurs.", "default": "contrast-web-hook-configuration", diff --git a/manifests/helm/values.schema.yaml b/manifests/helm/values.schema.yaml index d05bcd5..e3a8d81 100644 --- a/manifests/helm/values.schema.yaml +++ b/manifests/helm/values.schema.yaml @@ -39,6 +39,8 @@ operator: # DropOldest: # Removes and ignores the oldest item in the channel in order to make room for the item being written. eventQueueFullMode: # @schema type:[string];enum:[Wait, DropOldest];default:DropOldest + # -- Time window to merge events in the eventQueue + eventQueueMergeWindowSeconds: # @schema type:[integer];default:10 # -- The secret containing the TLS certificates used for the webhook. Used for to cache TLS certificate generation across restarts, and to share the same certificate across operator instances (when running in HA mode). webhookSecretName: # @schema type:[string];default:contrast-web-hook-secret # -- The name of the webhook to patch after certificate generation occurs. @@ -47,6 +49,10 @@ operator: enableEarlyChaining: # @schema type:[boolean];default:false # -- Globally enable agents logging to stdout enableAgentStdout: # @schema type:[boolean];default:false + # -- Opt-Out of telemetry collection + telemetryOptOut: # @schema type:[boolean];default:false + # -- Operator Log Level + operatorLogLevel: # @schema type:[string];enum:[Trace, Debug, Info, Warn, Error];default:Info # -- Deployment Labels for the operator deployment. labels: {} # -- Deployment Annotations for the operator deployment. @@ -69,6 +75,8 @@ operator: ephemeralStorage: # @schema type:[string, null] # -- Resource management for the agent initContainers initContainer: + # -- Run init-containers as non-root + nonRoot: # @schema type:[boolean];default:true resources: limits: cpu: # @schema type:[string, null];default:100m diff --git a/manifests/helm/values.yaml b/manifests/helm/values.yaml index fd86d70..337855c 100644 --- a/manifests/helm/values.yaml +++ b/manifests/helm/values.yaml @@ -36,6 +36,8 @@ operator: # DropOldest: # Removes and ignores the oldest item in the channel in order to make room for the item being written. eventQueueFullMode: DropOldest + # Time window to merge events in the eventQueue + eventQueueMergeWindowSeconds: 10 # The secret containing the TLS certificates used for the webhook. # Used for to cache TLS certificate generation across restarts, # and to share the same certificate across operator instances (when running in HA mode). @@ -48,6 +50,10 @@ operator: enableEarlyChaining: false # Globally enable agents logging to stdout enableAgentStdout: false + # Opt-Out of telemetry collection + #telemetryOptOut: false + # Operator Log Level + operatorLogLevel: Info # Metadata for the operator deployment. labels: {} annotations: {} @@ -75,6 +81,8 @@ operator: #ephemeralStorage: # Resource management for the agent initContainers initContainer: + # Run init-containers as non-root + nonRoot: true resources: limits: cpu: 100m