From 5f13f1b3d5b10b11194d58398250d412d6f15edb Mon Sep 17 00:00:00 2001 From: Amir Malka Date: Tue, 31 Oct 2023 10:56:34 +0200 Subject: [PATCH] add account to storage & node-agent Signed-off-by: Amir Malka --- .../templates/node-agent/daemonset.yaml | 6 ++++++ .../kubescape-operator/templates/storage/deployment.yaml | 2 ++ .../tests/__snapshot__/snapshot_test.yaml.snap | 8 ++++++++ 3 files changed, 16 insertions(+) diff --git a/charts/kubescape-operator/templates/node-agent/daemonset.yaml b/charts/kubescape-operator/templates/node-agent/daemonset.yaml index 97924ee9..35a94c85 100644 --- a/charts/kubescape-operator/templates/node-agent/daemonset.yaml +++ b/charts/kubescape-operator/templates/node-agent/daemonset.yaml @@ -39,6 +39,9 @@ spec: automountServiceAccountToken: true hostPID: true volumes: + - name: {{ .Values.global.cloudSecret }} + secret: + secretName: {{ .Values.global.cloudSecret }} - name: {{ .Values.global.cloudConfig }} configMap: name: {{ .Values.global.cloudConfig }} @@ -127,6 +130,9 @@ spec: seLinuxOptions: type: spc_t volumeMounts: + - name: {{ .Values.global.cloudSecret }} + mountPath: /etc/credentials + readOnly: true - name: {{ .Values.global.cloudConfig }} mountPath: /etc/config/clusterData.json readOnly: true diff --git a/charts/kubescape-operator/templates/storage/deployment.yaml b/charts/kubescape-operator/templates/storage/deployment.yaml index dcdabed6..4a99f3ab 100644 --- a/charts/kubescape-operator/templates/storage/deployment.yaml +++ b/charts/kubescape-operator/templates/storage/deployment.yaml @@ -48,6 +48,8 @@ spec: - name: "GOMEMLIMIT" value: "{{ .Values.storage.resources.requests.memory }}B" {{- if $components.otelCollector.enabled }} + - name: ACCOUNT_ID + value: "{{ .Values.account }}" - name: OTEL_COLLECTOR_SVC value: "otel-collector:4317" {{- end }} diff --git a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap index 8ac0ddc6..fa308c3d 100644 --- a/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap @@ -1725,6 +1725,9 @@ matches the snapshot: seLinuxOptions: type: spc_t volumeMounts: + - mountPath: /etc/credentials + name: cloud-secret + readOnly: true - mountPath: /etc/config/clusterData.json name: ks-cloud-config readOnly: true @@ -1756,6 +1759,9 @@ matches the snapshot: kubernetes.io/os: linux serviceAccountName: node-agent volumes: + - name: cloud-secret + secret: + secretName: cloud-secret - configMap: items: - key: clusterData @@ -2545,6 +2551,8 @@ matches the snapshot: - env: - name: GOMEMLIMIT value: 400MiB + - name: ACCOUNT_ID + value: 9e6c0c2c-6bd0-4919-815b-55030de7c9a0 - name: OTEL_COLLECTOR_SVC value: otel-collector:4317 image: quay.io/kubescape/storage:v0.0.30