Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 5.5.1 Lacework Agent Charts #60

Merged
merged 1 commit into from
May 9, 2022
Merged

Release 5.5.1 Lacework Agent Charts #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 52 additions & 31 deletions index.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ entries:
admission-controller:
- apiVersion: v2
appVersion: 0.0.1
created: "2022-05-05T22:09:37.397718-07:00"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we updated time stamps of charts that are not in this PR?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, sadly, helm doesn't have a flag to avoid updating these timestamps.

created: "2022-05-09T14:23:28.968000547-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -25,7 +25,7 @@ entries:
version: 0.1.8
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.154485-04:00"
created: "2022-05-09T14:23:28.96701051-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -47,7 +47,7 @@ entries:
version: 0.1.7
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.15205-04:00"
created: "2022-05-09T14:23:28.966084985-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -69,7 +69,7 @@ entries:
version: 0.1.6
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.150053-04:00"
created: "2022-05-09T14:23:28.965203524-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -91,7 +91,7 @@ entries:
version: 0.1.5
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.146361-04:00"
created: "2022-05-09T14:23:28.964269503-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -113,7 +113,7 @@ entries:
version: 0.1.4
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.144133-04:00"
created: "2022-05-09T14:23:28.963301889-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -135,7 +135,7 @@ entries:
version: 0.1.3
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.142452-04:00"
created: "2022-05-09T14:23:28.962380332-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -157,7 +157,7 @@ entries:
version: 0.1.2
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.140701-04:00"
created: "2022-05-09T14:23:28.961473683-07:00"
dependencies:
- condition: proxy-scanner.enabled
name: proxy-scanner
Expand All @@ -179,7 +179,7 @@ entries:
version: 0.1.1
- apiVersion: v2
appVersion: 0.0.1
created: "2022-04-14T17:54:46.138911-04:00"
created: "2022-05-09T14:23:28.959715841-07:00"
description: Lacework admission controller using Lacework proxy scanner
digest: d6d2a6042b051b02ee6eac547b528cb56c5d2ce772f79f962bfb01f41c8ccccd
keywords:
Expand All @@ -197,7 +197,28 @@ entries:
lacework-agent:
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-18T15:41:09.705164971-07:00"
created: "2022-05-09T14:23:28.973860507-07:00"
description: Lacework Agent
digest: 00fe42c64021bb5d592adaff34c42ddbba4bacb4e9271a58e72ddc13f9cdc394
home: https://www.lacework.com
icon: https://www.lacework.com/wp-content/uploads/2019/07/Lacework_Logo_color_2019.svg
keywords:
- monitoring
- security
- run-time
- metric
- troubleshooting
kubeVersion: '> 1.9.0-0'
maintainers:
- email: [email protected]
name: lacework-support
name: lacework-agent
urls:
- lacework-agent-5.5.1.tgz
version: 5.5.1
- apiVersion: v2
appVersion: "1.0"
created: "2022-05-09T14:23:28.972624874-07:00"
description: Lacework Agent
digest: 4ccaf43d39c6bdc31b03af0ebc09b0e34ced39b55a321c15fbd1b457fed9df98
home: https://www.lacework.com
Expand All @@ -218,9 +239,9 @@ entries:
version: 5.5.0
- apiVersion: v1
appVersion: "1.0"
created: "2022-04-14T17:54:46.163616-04:00"
created: "2022-05-09T14:23:28.971282099-07:00"
description: Lacework Agent
digest: 92b924cd23251e515c48affbbb11c9fe24b358feb05797f10bb52821af680c25
digest: 7dc078885fb3163ef07fcd87b94cb2e932b364960adf2f9f6051d10b65865192
home: https://www.lacework.com
icon: https://www.lacework.com/wp-content/uploads/2019/07/Lacework_Logo_color_2019.svg
keywords:
Expand All @@ -238,7 +259,7 @@ entries:
version: 5.4.2
- apiVersion: v1
appVersion: "1.0"
created: "2022-04-14T17:54:46.161568-04:00"
created: "2022-05-09T14:23:28.96983758-07:00"
description: Lacework Agent
digest: 2cfd347bac431971f6a56854db8aba5ce3746bc9d77e48a07142906713aeb885
home: https://www.lacework.com
Expand All @@ -258,7 +279,7 @@ entries:
version: 5.4.1
- apiVersion: v1
appVersion: "1.0"
created: "2022-04-14T17:54:46.159832-04:00"
created: "2022-05-09T14:23:28.969449925-07:00"
description: Lacework Agent
digest: 9fd57c70abb267d1e57b3625f04f4623ae6629341a6c2e92d97c2464b9ad8515
home: https://www.lacework.com
Expand All @@ -278,7 +299,7 @@ entries:
version: 5.2.0
- apiVersion: v1
appVersion: "1.0"
created: "2022-04-14T17:54:46.159117-04:00"
created: "2022-05-09T14:23:28.969107316-07:00"
description: Lacework Agent
digest: 40199f36400a1d1a3e434a512fc79cc82866183ac7497423ec15c5e59dfc06c8
home: https://www.lacework.com
Expand All @@ -298,7 +319,7 @@ entries:
version: 5.1.0
- apiVersion: v1
appVersion: "1.0"
created: "2022-04-14T17:54:46.158343-04:00"
created: "2022-05-09T14:23:28.968726904-07:00"
description: Lacework Agent
digest: e6c0778f858ed427cf0bc48a509b22480473d9d0b1a38fcc22ab532a74c1118c
home: https://www.lacework.com
Expand All @@ -318,7 +339,7 @@ entries:
version: 5.0.0
- apiVersion: v1
appVersion: "1.0"
created: "2022-04-14T17:54:46.157439-04:00"
created: "2022-05-09T14:23:28.968374887-07:00"
description: Lacework Agent
digest: 316df313975abcb5ab65846cc749c194c5169f09636f2ffbc26a71f0ae9ef29b
home: https://www.lacework.com
Expand All @@ -339,7 +360,7 @@ entries:
proxy-scanner:
- apiVersion: v2
appVersion: "1.0"
created: "2022-05-05T21:57:33.165098-07:00"
created: "2022-05-09T14:23:28.977374178-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: f2169a46fb0a49068fe1ef42ab34e99fd50aaf9cff8fb767e49b67484926f8a1
name: proxy-scanner
Expand All @@ -349,7 +370,7 @@ entries:
version: 0.2.15
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.169454-04:00"
created: "2022-05-09T14:23:28.976719968-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: dff07f929e41b1a21cf2f66eab38b1d64af3edcf8bd4ca170ff2ec63caeb06ad
name: proxy-scanner
Expand All @@ -359,7 +380,7 @@ entries:
version: 0.2.14
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.168229-04:00"
created: "2022-05-09T14:23:28.976095163-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: 69ce605e16c01f1ad58c1bcd3da4a96368b838ad502257290479f6b108bac65a
name: proxy-scanner
Expand All @@ -369,7 +390,7 @@ entries:
version: 0.2.13
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.167591-04:00"
created: "2022-05-09T14:23:28.975516897-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: eeca51b1ba0b699863eab83fb1d4642ba6851c32a3cb02358118390521dacb13
name: proxy-scanner
Expand All @@ -379,7 +400,7 @@ entries:
version: 0.2.12
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.166991-04:00"
created: "2022-05-09T14:23:28.974956695-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: 394da8b5dc2a18b416fc423a5b13e49d9920c1f89be5976d9fe6e9d94c6883b2
name: proxy-scanner
Expand All @@ -389,7 +410,7 @@ entries:
version: 0.2.10
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.175152-04:00"
created: "2022-05-09T14:23:28.980990814-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: 43324444314509c32b76ce2c213e48a90c54d16d3146d69141b18e42a9383b46
name: proxy-scanner
Expand All @@ -399,7 +420,7 @@ entries:
version: 0.2.9
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.174314-04:00"
created: "2022-05-09T14:23:28.980493311-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: b2735c7642058f3d630f69f319c6957c5a406b6d0f720a83caa770735ddf9b17
name: proxy-scanner
Expand All @@ -409,7 +430,7 @@ entries:
version: 0.2.8
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.173589-04:00"
created: "2022-05-09T14:23:28.979990889-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: 2265208dc08b5b502fa1d9defda5ca87236f3e9a14c33ab8a47a36b06e21bf2d
name: proxy-scanner
Expand All @@ -419,7 +440,7 @@ entries:
version: 0.2.7
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.17287-04:00"
created: "2022-05-09T14:23:28.979445254-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: 54201342fd7677c391d536298b32263fc6736463717a41f1636f54dfb8c719d2
name: proxy-scanner
Expand All @@ -429,7 +450,7 @@ entries:
version: 0.2.6
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.172178-04:00"
created: "2022-05-09T14:23:28.978938143-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: a2c75b0233b886373017762b45af3e7c71bb50b1c80e4b2f8d7945da2177df22
name: proxy-scanner
Expand All @@ -439,7 +460,7 @@ entries:
version: 0.2.5
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.171483-04:00"
created: "2022-05-09T14:23:28.978454406-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: 7fe22bae1babc9de329c70220eb2668b56a9b6d93d1687c95dc396250f23eeb5
name: proxy-scanner
Expand All @@ -449,7 +470,7 @@ entries:
version: 0.2.4
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.17056-04:00"
created: "2022-05-09T14:23:28.977928499-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: adc5ba1623b878b70329e67cf97263f7ff353befdd2d47efe8f2e75808d6ad76
name: proxy-scanner
Expand All @@ -459,12 +480,12 @@ entries:
version: 0.2.2
- apiVersion: v2
appVersion: "1.0"
created: "2022-04-14T17:54:46.166309-04:00"
created: "2022-05-09T14:23:28.974404097-07:00"
description: A Helm chart for Lacework Proxy Scanner
digest: fb0bbde3066707aca7f32735c9890e5cf2b24181c9357467124b9cb4fa209f08
name: proxy-scanner
type: application
urls:
- proxy-scanner-0.2.1.tgz
version: 0.2.1
generated: "2022-05-05T22:09:37.379838-07:00"
generated: "2022-05-09T14:23:28.959156029-07:00"
Binary file added lacework-agent-5.5.1.tgz
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion lacework-agent/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ maintainers:
- email: [email protected]
name: lacework-support
name: lacework-agent
version: 5.5.0
version: 5.5.1
3 changes: 3 additions & 0 deletions lacework-agent/templates/daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,9 @@ spec:
readOnly: true
- name: podinfo
mountPath: /etc/podinfo
{{- if kindIs "string" .Values.laceworkConfig.serviceAccountName }}
serviceAccountName: {{ .Values.laceworkConfig.serviceAccountName | quote }}
{{- end}}
Comment on lines +99 to +101
Copy link

@joebowbeer joebowbeer Sep 19, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cirego Is this documented anywhere except with respect to OpenShift?

Why isn't there a corresponding template to create a service account with this name?

By default, Lacework uses the default service account, which is something that CIS Benchmark recommends against.

However, if I specify serviceAccountName, then I need to create that service account myself.

Copy link
Contributor Author

@cirego cirego Sep 19, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @joebowbeer, great question! We have not documented this outside of Lacework as this functionality was only required for OpenShift. As for why we didn't add this functionality before? I commented in more detail on #105.

If you would like us to add a flag to auto-create the Service Account, even for agents that don't access the K8s API Server, please let us know!

volumes:
- name: dev
hostPath:
Expand Down
6 changes: 6 additions & 0 deletions lacework-agent/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,12 @@
"format": "uri",
"pattern": "^https://.*.lacework.net$"
},
"serviceAccountName": {
"type": [
"string",
"null"
]
},
"stdoutLogging": {
"type": "boolean"
}
Expand Down
4 changes: 3 additions & 1 deletion lacework-agent/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
image:
registry: docker.io
repository: lacework/datacollector
tag: 5.5.0
tag: 5.5.1
# imagePullPolicy should be Always to get the latest container
# http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
pullPolicy: Always
Expand Down Expand Up @@ -56,6 +56,8 @@ laceworkConfig:
proxyUrl:
# [Required] Region specific Lacework service URL. Defaults to the US region.
serverUrl: https://api.lacework.net
# [Optional] Specify the service account for agent pods
serviceAccountName:
# [Optional] Set to false to prevent agent from sending diagnostic logs to stdout
stdoutLogging: true
##########################################################################
Expand Down