Add ClusterAgentInjectors to helm chart, helm chart creates ClusterAgentInjectors by default

gamingrobot · gamingrobot · commit 69a5300164c6 · 2025-08-21T15:25:53.000-05:00
diff --git a/manifests/helm/templates/NOTES.txt b/manifests/helm/templates/NOTES.txt
@@ -1,7 +1,7 @@
 {{ .Chart.Name }} chart version {{ .Chart.Version }} deployed!
 
 {{- if .Values.agentInjectors.enabled }}
-{{- $namespaces := include "contrast-agent-operator.filterInjectorNamespaces" . | fromJsonArray }}
+{{- $namespaces := .Values.agentInjectors.namespaces }}
 ✅ {{ len .Values.agentInjectors.injectors }} {{ len .Values.agentInjectors.injectors | plural "injector" "injectors" }} {{ len .Values.agentInjectors.injectors | plural "has" "have" }} been deployed to {{ len $namespaces | plural "namespace" "namespaces" }}: {{ join ", " $namespaces}}
   To use with your workloads:
 
diff --git a/manifests/helm/templates/_helpers.tpl b/manifests/helm/templates/_helpers.tpl
diff --git a/manifests/helm/templates/agent-injectors.yaml.tpl b/manifests/helm/templates/agent-injectors.yaml.tpl
@@ -1,6 +1,48 @@
 {{ if .Values.agentInjectors.enabled }}
-{{- range $namespace := include "contrast-agent-operator.filterInjectorNamespaces" . | fromJsonArray }}
-{{- range $injector := $.Values.agentInjectors.injectors }}
+{{ if .Values.agentInjectors.useClusterAgentInjectors }} # ClusterAgentInjectors
+{{- range $injector := .Values.agentInjectors.injectors }}
+---
+apiVersion: agents.contrastsecurity.com/v1beta1
+kind: ClusterAgentInjector
+metadata:
+  name: {{ $injector.name }}
+  namespace: '{{ default $.Release.Namespace $.Values.namespace }}'
+spec:
+  {{- if $.Values.agentInjectors.namespaces }}
+  namespaces: {{- $.Values.agentInjectors.namespaces | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $.Values.agentInjectors.namespaces }}
+  namespaceLabelSelector: {{- $.Values.agentInjectors.namespaceLabelSelector | toYaml | nindent 4 }}
+  {{- end }}
+  template:
+    spec:
+      {{- if eq $injector.enabled false}}
+      enabled: false
+      {{- end }}
+      {{- if $injector.imageVersion }}
+      version: {{ quote $injector.imageVersion }}
+      {{- end }}
+      type: {{ $injector.language }}
+      {{- if $injector.image }}
+      image:
+        {{- $injector.image | toYaml | nindent 8 }}
+      {{- end}}
+      {{- if or $injector.selector $injector.images }}
+      {{ $selector := $injector.selector | default dict -}}
+      selector:
+      {{- if $selector.labels }}
+        labels:
+          {{- $selector.labels | toYaml | nindent 10 }}
+      {{- end }}
+      {{- if $selector.images }}
+        images:
+          {{- $selector.images | toYaml | nindent 10 }}
+      {{- end }}
+      {{- end }}
+{{- end }}
+{{ else }} # AgentInjectors
+{{- range $namespace := .Values.agentInjectors.namespaces }}
+{{- range $injector := .Values.agentInjectors.injectors }}
 ---
 apiVersion: agents.contrastsecurity.com/v1beta1
 kind: AgentInjector
@@ -41,4 +83,5 @@ spec:
   {{- end }}
 {{- end }}
 {{- end }}
-{{ end }}
+{{ end }}
+{{ end }}
diff --git a/manifests/helm/values.testing.yaml b/manifests/helm/values.testing.yaml
@@ -15,6 +15,7 @@ image:
 
 agentInjectors:
   enabled: true
+  useClusterAgentInjectors: true
   namespaces:
     - test1
     - test2
diff --git a/manifests/helm/values.yaml b/manifests/helm/values.yaml
@@ -111,16 +111,14 @@ clusterDefaults:
 
 agentInjectors:
   enabled: true
-  lookupNamespaces:
-    # If enabled, Helm will lookup namespaces and deploy AgentInjectors to any accessible namespaces.
-    deployToAllAccessibleNamespaces: false
-    # List of namespace patterns to exclude deploying AgentInjectors to only when looking up namespaces.
-    excludePatterns:
-      - gatekeeper*
-      - kube*
-  # Required if lookupNamespaces.deployToAllAccessibleNamespaces is not enabled. All injectors will be created in each specified namespace.
+  useClusterAgentInjectors: true # Create ClusterAgentInjector resources instead of AgentInjectors
+  # Optional, target namespaces for AgentInjectors. Glob syntax is supported if useClusterAgentInjectors is true.
   namespaces:
     - default
+  # Optional, selector namespace labels for AgentInjectors. Only supported if useClusterAgentInjectors is true. Label selections are cumulative using the logical AND operation.
+  # namespaceLabelSelector:
+  #   - name: namespacelabel
+  #     value: labelvalue
   injectors:
     - language: java
       name: contrast-java-injector
@@ -141,9 +139,9 @@ agentInjectors:
       #   pullPolicy: Always
       # Optional image version, defaults to latest
       #imageVersion: 5
-      # Optional name of an AgentConfiguration to use with this injector
+      # Optional name of an AgentConfiguration to use with this injector. Only supported if useClusterAgentInjectors is false.
       #configurationName: custom-config-name
-      # Optional name of an AgentConnection to use with this injector
+      # Optional name of an AgentConnection to use with this injector. Only supported if useClusterAgentInjectors is false.
       #connectionName: custom-connection-name
 
     - language: dotnet-core
