Skip to content

AO-91 Add ClusterAgentInjectors to helm chart #338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

AO-91 Add ClusterAgentInjectors to helm chart #338

wants to merge 3 commits into from
+71 −42

Conversation

gamingrobot
Copy link
Contributor

@gamingrobot gamingrobot commented Aug 21, 2025
edited
Loading

  • Add ClusterAgentInjectors to helm chart
  • Add namespaceLabelSelector for support ClusterAgentInjectors in helm chart
  • Create ClusterAgentInjectors by default in helm chart
  • Remove lookupNamespaces, replaced by namespaces: '*' when using useClusterAgentInjectors: true

Example template output

# Source: contrast-agent-operator/templates/agent-injectors.yaml.tpl
apiVersion: agents.contrastsecurity.com/v1beta1
kind: ClusterAgentInjector
metadata:
  name: contrast-flex-injector
  namespace: 'contrast-agent-operator'
spec:
  namespaces:
    - default
  namespaceLabelSelector:
    - name: namespacelabel
      value: labelvalue
  template:
    spec:
      type: flex
      selector:
        labels:
          - name: contrast-agent
            value: flex

@gamingrobot gamingrobot force-pushed the AO-91-clusteragentinjectors-helm branch from 69a5300 to 37e0c63 Compare August 21, 2025 20:30
@gamingrobot gamingrobot marked this pull request as ready for review August 21, 2025 20:33
@gamingrobot gamingrobot requested a review from a team as a code owner August 21, 2025 20:33
andersonshatch
andersonshatch reviewed Aug 22, 2025
View reviewed changes
andersonshatch
andersonshatch reviewed Aug 22, 2025
View reviewed changes
manifests/helm/templates/agent-injectors.yaml.tpl
{{- range $injector := .Values.agentInjectors.injectors }}
---
apiVersion: agents.contrastsecurity.com/v1beta1
kind: ClusterAgentInjector
Copy link
Contributor

@andersonshatch andersonshatch Aug 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When you do a helm upgrade this will fail because the CRD is not present.
Maybe we could check if it exists and print some guidance at that point?
That would likely bring back a call to lookup and that doesn't work in every tool though, maybe it's just some migration docs, presuming this will be a new major version?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to move the CRDs into the templates directory but this doesn't work because helm templates/validates before helm hooks are called so even if the CRDs are labeled with pre-install/pre-upgrade the template step fails with "ensure CRDs are installed first". We have https://docs.contrastsecurity.com/en/helm-upgrades.html for upgrade instructions (kubectl replace should be kubectl apply though). There is a proposal to handle this better in helm 4, another option is possibly having the CRDs as a subchart but that has its own issues.

andersonshatch
andersonshatch reviewed Aug 22, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andersonshatch andersonshatch andersonshatch left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gamingrobot @andersonshatch