Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 5.5.1 Lacework Agent Charts #60

Merged
merged 1 commit into from
May 9, 2022
Merged

Release 5.5.1 Lacework Agent Charts #60

merged 1 commit into from
May 9, 2022

Conversation

cirego
Copy link
Contributor

@cirego cirego commented May 9, 2022

No description provided.

@cirego cirego self-assigned this May 9, 2022
@cirego cirego requested review from mattiv-lw and nschmeller May 9, 2022 21:24
nschmeller
nschmeller approved these changes May 9, 2022
View reviewed changes
index.yaml
@@ -3,7 +3,7 @@ entries:
admission-controller:
- apiVersion: v2
appVersion: 0.0.1
created: "2022-05-05T22:09:37.397718-07:00"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we updated time stamps of charts that are not in this PR?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, sadly, helm doesn't have a flag to avoid updating these timestamps.

@cirego cirego merged commit 1e51390 into main May 9, 2022
@cirego cirego deleted the cirego/release-5.5.1-charts branch May 9, 2022 22:04
joebowbeer
joebowbeer reviewed Sep 19, 2022
View reviewed changes
lacework-agent/templates/daemonset.yaml
Comment on lines +99 to +101
{{- if kindIs "string" .Values.laceworkConfig.serviceAccountName }}
serviceAccountName: {{ .Values.laceworkConfig.serviceAccountName | quote }}
{{- end}}
Copy link

@joebowbeer joebowbeer Sep 19, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cirego Is this documented anywhere except with respect to OpenShift?

Why isn't there a corresponding template to create a service account with this name?

By default, Lacework uses the default service account, which is something that CIS Benchmark recommends against.

However, if I specify serviceAccountName, then I need to create that service account myself.

Copy link
Contributor Author

@cirego cirego Sep 19, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @joebowbeer, great question! We have not documented this outside of Lacework as this functionality was only required for OpenShift. As for why we didn't add this functionality before? I commented in more detail on #105.

If you would like us to add a flag to auto-create the Service Account, even for agents that don't access the K8s API Server, please let us know!

@nschmeller nschmeller mentioned this pull request Feb 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joebowbeer joebowbeer joebowbeer left review comments

@nschmeller nschmeller nschmeller approved these changes

@mattiv-lw mattiv-lw Awaiting requested review from mattiv-lw

Assignees

@cirego cirego

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cirego @joebowbeer @nschmeller