From 524e397c9de71ea0d909d3c783f4e402804d5e6d Mon Sep 17 00:00:00 2001 From: Alberto Barba Date: Tue, 12 Aug 2025 11:49:13 +0200 Subject: [PATCH 1/3] feat(shield): add support for ca-mon and eu2 regions --- charts/shield/templates/common/_regions.tpl | 25 ++++++ charts/shield/tests/common/regions_test.yaml | 91 +++++++++++++++++++- charts/shield/values.schema.json | 6 ++ 3 files changed, 118 insertions(+), 4 deletions(-) diff --git a/charts/shield/templates/common/_regions.tpl b/charts/shield/templates/common/_regions.tpl index 07c1f99b2..d5d38bfa0 100644 --- a/charts/shield/templates/common/_regions.tpl +++ b/charts/shield/templates/common/_regions.tpl @@ -15,6 +15,14 @@ "monitor_api_endpoint" "eu1.app.sysdig.com" "secure_api_endpoint" "eu1.app.sysdig.com" "secure_ui" "eu1.app.sysdig.com/secure") + "eu2" (dict "collector_endpoint" "ingest.eu2.sysdig.com" + "monitor_api_endpoint" "app.eu2.sysdig.com" + "secure_api_endpoint" "app.eu2.sysdig.com" + "secure_ui" "app.eu2.sysdig.com/secure") + "eu2-alt" (dict "collector_endpoint" "ingest-alt.eu2.sysdig.com" + "monitor_api_endpoint" "app.eu2.sysdig.com" + "secure_api_endpoint" "app.eu2.sysdig.com" + "secure_ui" "app.eu2.sysdig.com/secure") "in1" (dict "collector_endpoint" "ingest.in1.sysdig.com" "monitor_api_endpoint" "app.in1.sysdig.com" "secure_api_endpoint" "app.in1.sysdig.com" @@ -71,6 +79,10 @@ "monitor_api_endpoint" "br-sao.monitoring.cloud.ibm.com" "secure_api_endpoint" "br-sao.security-compliance-secure.cloud.ibm.com" "secure_ui" "br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-monitor" (dict "collector_endpoint" "ingest.ca-mon.monitoring.cloud.ibm.com" + "monitor_api_endpoint" "ca-mon.monitoring.cloud.ibm.com" + "secure_api_endpoint" "ca-mon.security-compliance-secure.cloud.ibm.com" + "secure_ui" "ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-monitor" (dict "collector_endpoint" "ingest.ca-tor.monitoring.cloud.ibm.com" "monitor_api_endpoint" "ca-tor.monitoring.cloud.ibm.com" "secure_api_endpoint" "ca-tor.security-compliance-secure.cloud.ibm.com" @@ -107,6 +119,10 @@ "monitor_api_endpoint" "private.br-sao.monitoring.cloud.ibm.com" "secure_api_endpoint" "private.br-sao.security-compliance-secure.cloud.ibm.com" "secure_ui" "private.br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-private-monitor" (dict "collector_endpoint" "ingest.private.ca-mon.monitoring.cloud.ibm.com" + "monitor_api_endpoint" "private.ca-mon.monitoring.cloud.ibm.com" + "secure_api_endpoint" "private.ca-mon.security-compliance-secure.cloud.ibm.com" + "secure_ui" "private.ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-private-monitor" (dict "collector_endpoint" "ingest.private.ca-tor.monitoring.cloud.ibm.com" "monitor_api_endpoint" "private.ca-tor.monitoring.cloud.ibm.com" "secure_api_endpoint" "private.ca-tor.security-compliance-secure.cloud.ibm.com" @@ -143,6 +159,10 @@ "monitor_api_endpoint" "br-sao.monitoring.cloud.ibm.com" "secure_api_endpoint" "br-sao.security-compliance-secure.cloud.ibm.com" "secure_ui" "br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-secure" (dict "collector_endpoint" "ingest.ca-mon.security-compliance-secure.cloud.ibm.com" + "monitor_api_endpoint" "ca-mon.monitoring.cloud.ibm.com" + "secure_api_endpoint" "ca-mon.security-compliance-secure.cloud.ibm.com" + "secure_ui" "ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-secure" (dict "collector_endpoint" "ingest.ca-tor.security-compliance-secure.cloud.ibm.com" "monitor_api_endpoint" "ca-tor.monitoring.cloud.ibm.com" "secure_api_endpoint" "ca-tor.security-compliance-secure.cloud.ibm.com" @@ -179,6 +199,10 @@ "monitor_api_endpoint" "private.br-sao.monitoring.cloud.ibm.com" "secure_api_endpoint" "private.br-sao.security-compliance-secure.cloud.ibm.com" "secure_ui" "private.br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-private-secure" (dict "collector_endpoint" "ingest.private.ca-mon.security-compliance-secure.cloud.ibm.com" + "monitor_api_endpoint" "private.ca-mon.monitoring.cloud.ibm.com" + "secure_api_endpoint" "private.ca-mon.security-compliance-secure.cloud.ibm.com" + "secure_ui" "private.ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-private-secure" (dict "collector_endpoint" "ingest.private.ca-tor.security-compliance-secure.cloud.ibm.com" "monitor_api_endpoint" "private.ca-tor.monitoring.cloud.ibm.com" "secure_api_endpoint" "private.ca-tor.security-compliance-secure.cloud.ibm.com" @@ -250,6 +274,7 @@ {{- $altRegions := list "au1-alt" "eu1-alt" + "eu2-alt" "in1-alt" "me2-alt" "us1-alt" diff --git a/charts/shield/tests/common/regions_test.yaml b/charts/shield/tests/common/regions_test.yaml index 67e878274..029423fee 100644 --- a/charts/shield/tests/common/regions_test.yaml +++ b/charts/shield/tests/common/regions_test.yaml @@ -1,29 +1,112 @@ suite: Common - Regions templates: - templates/host/configmap.yaml + - templates/cluster/configmap.yaml + - templates/host/configmap-windows.yaml release: name: release-name namespace: shield-namespace values: - ../values/base.yaml tests: - - it: Sanity check for regions + - it: Sanity check for regions (host) set: sysdig_endpoint: region: "eu1" + template: host/configmap.yaml asserts: - matchRegex: path: data["dragent.yaml"] pattern: | collector: ingest-eu1.app.sysdig.com collector_port: 6443 + - matchRegex: + path: data["dragent.yaml"] + pattern: | + sysdig_api_endpoint: eu1.app.sysdig.com - - it: API endpoint validation + - it: Sanity check for alternate regions (host) set: sysdig_endpoint: - region: "us1" + region: "eu1-alt" + template: host/configmap.yaml asserts: - matchRegex: path: data["dragent.yaml"] pattern: | - sysdig_api_endpoint: secure.sysdig.com + collector: ingest-alt-eu1.app.sysdig.com + collector_port: 443 + - matchRegex: + path: data["dragent.yaml"] + pattern: | + sysdig_api_endpoint: eu1.app.sysdig.com + + - it: Sanity check for regions (cluster) + set: + sysdig_endpoint: + region: "eu1" + api_url: + collector: + host: + port: + template: cluster/configmap.yaml + asserts: + - matchRegex: + path: data["cluster-shield.yaml"] + pattern: | + sysdig_endpoint: + region: eu1 + + - it: Sanity check for alternate regions (cluster) + set: + sysdig_endpoint: + region: "eu1-alt" + api_url: + collector: + host: + port: + template: cluster/configmap.yaml + asserts: + - matchRegex: + path: data["cluster-shield.yaml"] + pattern: | + sysdig_endpoint: + region: eu1-alt + + - it: Sanity check for regions (host-windows) + set: + host_windows: + enabled: true + sysdig_endpoint: + region: "eu1" + api_url: + collector: + host: + port: + template: host/configmap-windows.yaml + asserts: + - matchRegex: + path: data["host-shield.yaml"] + pattern: | + sysdig_endpoint: + collector: {} + region: eu1 + + - it: Sanity check for alternate regions (host-windows) + set: + host_windows: + enabled: true + sysdig_endpoint: + region: "eu1-alt" + api_url: + collector: + host: + port: + template: host/configmap-windows.yaml + asserts: + - matchRegex: + path: data["host-shield.yaml"] + pattern: | + sysdig_endpoint: + collector: {} + region: eu1-alt diff --git a/charts/shield/values.schema.json b/charts/shield/values.schema.json index 2ac753b2a..dd1dc589e 100644 --- a/charts/shield/values.schema.json +++ b/charts/shield/values.schema.json @@ -179,6 +179,10 @@ "br-sao-private-monitor", "br-sao-private-secure", "br-sao-secure", + "ca-mon-monitor", + "ca-mon-private-monitor", + "ca-mon-private-secure", + "ca-mon-secure", "ca-tor-monitor", "ca-tor-private-monitor", "ca-tor-private-secure", @@ -193,6 +197,8 @@ "eu-gb-secure", "eu1", "eu1-alt", + "eu2", + "eu2-alt", "in1", "in1-alt", "jp-osa-monitor", From 6d04758988f1b29eb8c2eb80629e3456ebc7f261 Mon Sep 17 00:00:00 2001 From: Alberto Barba Date: Tue, 12 Aug 2025 12:02:59 +0200 Subject: [PATCH 2/3] feat(common,sysdig-deploy): add support for ca-mon and eu2 regions --- charts/common/Chart.yaml | 2 +- charts/common/templates/_regions.tpl | 20 ++++++++++++++++++++ charts/sysdig-deploy/Chart.yaml | 2 +- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index 204b68046..270cf1e46 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -16,7 +16,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.3.1 +version: 1.4.0 maintainers: - name: AlbertoBarba diff --git a/charts/common/templates/_regions.tpl b/charts/common/templates/_regions.tpl index a4197cd46..fc78f5c69 100644 --- a/charts/common/templates/_regions.tpl +++ b/charts/common/templates/_regions.tpl @@ -7,6 +7,10 @@ "monitorApiEndpoint" "eu1.app.sysdig.com" "secureApiEndpoint" "eu1.app.sysdig.com" "secureUi" "eu1.app.sysdig.com/secure") + "eu2" (dict "collectorEndpoint" "ingest.eu2.sysdig.com" + "monitorApiEndpoint" "app.eu2.sysdig.com" + "secureApiEndpoint" "app.eu2.sysdig.com" + "secureUi" "app.eu2.sysdig.com/secure") "in1" (dict "collectorEndpoint" "ingest.in1.sysdig.com" "monitorApiEndpoint" "app.in1.sysdig.com" "secureApiEndpoint" "app.in1.sysdig.com" @@ -39,6 +43,10 @@ "monitorApiEndpoint" "br-sao.monitoring.cloud.ibm.com" "secureApiEndpoint" "br-sao.security-compliance-secure.cloud.ibm.com" "secureUi" "br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-monitor" (dict "collectorEndpoint" "ingest.ca-mon.monitoring.cloud.ibm.com" + "monitorApiEndpoint" "ca-mon.monitoring.cloud.ibm.com" + "secureApiEndpoint" "ca-mon.security-compliance-secure.cloud.ibm.com" + "secureUi" "ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-monitor" (dict "collectorEndpoint" "ingest.ca-tor.monitoring.cloud.ibm.com" "monitorApiEndpoint" "ca-tor.monitoring.cloud.ibm.com" "secureApiEndpoint" "ca-tor.security-compliance-secure.cloud.ibm.com" @@ -75,6 +83,10 @@ "monitorApiEndpoint" "private.br-sao.monitoring.cloud.ibm.com" "secureApiEndpoint" "private.br-sao.security-compliance-secure.cloud.ibm.com" "secureUi" "private.br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-private-monitor" (dict "collectorEndpoint" "ingest.private.ca-mon.monitoring.cloud.ibm.com" + "monitorApiEndpoint" "private.ca-mon.monitoring.cloud.ibm.com" + "secureApiEndpoint" "private.ca-mon.security-compliance-secure.cloud.ibm.com" + "secureUi" "private.ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-private-monitor" (dict "collectorEndpoint" "ingest.private.ca-tor.monitoring.cloud.ibm.com" "monitorApiEndpoint" "private.ca-tor.monitoring.cloud.ibm.com" "secureApiEndpoint" "private.ca-tor.security-compliance-secure.cloud.ibm.com" @@ -111,6 +123,10 @@ "monitorApiEndpoint" "br-sao.monitoring.cloud.ibm.com" "secureApiEndpoint" "br-sao.security-compliance-secure.cloud.ibm.com" "secureUi" "br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-secure" (dict "collectorEndpoint" "ingest.ca-mon.security-compliance-secure.cloud.ibm.com" + "monitorApiEndpoint" "ca-mon.monitoring.cloud.ibm.com" + "secureApiEndpoint" "ca-mon.security-compliance-secure.cloud.ibm.com" + "secureUi" "ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-secure" (dict "collectorEndpoint" "ingest.ca-tor.security-compliance-secure.cloud.ibm.com" "monitorApiEndpoint" "ca-tor.monitoring.cloud.ibm.com" "secureApiEndpoint" "ca-tor.security-compliance-secure.cloud.ibm.com" @@ -147,6 +163,10 @@ "monitorApiEndpoint" "private.br-sao.monitoring.cloud.ibm.com" "secureApiEndpoint" "private.br-sao.security-compliance-secure.cloud.ibm.com" "secureUi" "private.br-sao.security-compliance-secure.cloud.ibm.com") + "ca-mon-private-secure" (dict "collectorEndpoint" "ingest.private.ca-mon.security-compliance-secure.cloud.ibm.com" + "monitorApiEndpoint" "private.ca-mon.monitoring.cloud.ibm.com" + "secureApiEndpoint" "private.ca-mon.security-compliance-secure.cloud.ibm.com" + "secureUi" "private.ca-mon.security-compliance-secure.cloud.ibm.com") "ca-tor-private-secure" (dict "collectorEndpoint" "ingest.private.ca-tor.security-compliance-secure.cloud.ibm.com" "monitorApiEndpoint" "private.ca-tor.monitoring.cloud.ibm.com" "secureApiEndpoint" "private.ca-tor.security-compliance-secure.cloud.ibm.com" diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index a886826d7..d3523f45b 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -32,7 +32,7 @@ dependencies: - name: common # repository: https://charts.sysdig.com repository: file://../common - version: ~1.3.1 + version: ~1.4.0 - name: node-analyzer # repository: https://charts.sysdig.com repository: file://../node-analyzer From cf5540753eaf5359bc025aa5794036f087935349 Mon Sep 17 00:00:00 2001 From: Alberto Barba Date: Thu, 28 Aug 2025 15:45:07 +0200 Subject: [PATCH 3/3] chore(admission-controller,agent,cluster-scanner,kspm-collector,node-analyzer,rapid-response): bump common to v1.4.0 --- charts/admission-controller/Chart.yaml | 4 ++-- charts/admission-controller/README.md | 4 ++-- charts/agent/Chart.yaml | 4 ++-- charts/cluster-scanner/Chart.yaml | 4 ++-- charts/cluster-scanner/README.md | 8 ++++---- charts/kspm-collector/Chart.yaml | 4 ++-- charts/node-analyzer/Chart.yaml | 4 ++-- charts/rapid-response/Chart.yaml | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/charts/admission-controller/Chart.yaml b/charts/admission-controller/Chart.yaml index 55428acf3..3f46985c6 100644 --- a/charts/admission-controller/Chart.yaml +++ b/charts/admission-controller/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: admission-controller description: Sysdig Admission Controller using Sysdig Secure inline image scanner type: application -version: 0.16.10 +version: 0.16.11 appVersion: 3.9.50 home: https://sysdiglabs.github.io/admission-controller/ icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 @@ -11,4 +11,4 @@ maintainers: dependencies: - name: common repository: file://../common - version: ~1.3.1 + version: ~1.4.0 diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md index 5e2e8a365..be7972bdd 100644 --- a/charts/admission-controller/README.md +++ b/charts/admission-controller/README.md @@ -68,7 +68,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.16.10 \ + --create-namespace -n sysdig-admission-controller --version=0.16.11 \ --set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME ``` @@ -80,7 +80,7 @@ For example: ```bash helm upgrade --install admission-controller sysdig/admission-controller \ - --create-namespace -n sysdig-admission-controller --version=0.16.10 \ + --create-namespace -n sysdig-admission-controller --version=0.16.11 \ --values values.yaml ``` diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index 21dade48a..e44482a1c 100644 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 14.1.1 dependencies: - name: common repository: file://../common - version: ~1.3.1 + version: ~1.4.0 description: Sysdig Monitor and Secure agent home: https://www.sysdig.com/ icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 @@ -30,4 +30,4 @@ sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig type: application -version: 2.2.4 +version: 2.2.5 diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml index 59628668f..77a8a094e 100644 --- a/charts/cluster-scanner/Chart.yaml +++ b/charts/cluster-scanner/Chart.yaml @@ -3,7 +3,7 @@ name: cluster-scanner description: Sysdig Cluster Scanner type: application -version: 0.14.2 +version: 0.14.3 appVersion: "0.1.0" home: https://www.sysdig.com/ @@ -13,4 +13,4 @@ dependencies: - name: common # repository: https://charts.sysdig.com repository: file://../common - version: ~1.3.1 + version: ~1.4.0 diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md index d521fcc90..ab1cd375d 100644 --- a/charts/cluster-scanner/README.md +++ b/charts/cluster-scanner/README.md @@ -25,7 +25,7 @@ $ pre-commit run -a $ helm repo add sysdig https://charts.sysdig.com $ helm repo update $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.14.2 \ + --create-namespace -n sysdig --version=0.14.3 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.14.2 \ + --create-namespace -n sysdig --version=0.14.3 \ --set global.clusterConfig.name=CLUSTER_NAME \ --set global.sysdig.region=SYSDIG_REGION \ --set global.sysdig.accessKey=YOUR-KEY-HERE @@ -166,7 +166,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to ` ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.14.2 \ + --create-namespace -n sysdig --version=0.14.3 \ --set global.sysdig.region="us1" ``` @@ -175,7 +175,7 @@ installing the chart. For example: ```console $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \ - --create-namespace -n sysdig --version=0.14.2 \ + --create-namespace -n sysdig --version=0.14.3 \ --values values.yaml ``` diff --git a/charts/kspm-collector/Chart.yaml b/charts/kspm-collector/Chart.yaml index f670b60dc..999990b74 100644 --- a/charts/kspm-collector/Chart.yaml +++ b/charts/kspm-collector/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: kspm-collector description: Sysdig KSPM collector -version: 0.18.3 +version: 0.18.4 appVersion: 1.39.14 keywords: - monitoring @@ -22,4 +22,4 @@ dependencies: - name: common # repository: https://charts.sysdig.com repository: file://../common - version: ~1.3.1 + version: ~1.4.0 diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml index f5da4a113..ffb20d964 100644 --- a/charts/node-analyzer/Chart.yaml +++ b/charts/node-analyzer/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: node-analyzer description: Sysdig Node Analyzer # currently matching Sysdig's appVersion 1.14.34 -version: 1.36.6 +version: 1.36.7 appVersion: 12.9.2 keywords: - monitoring @@ -24,4 +24,4 @@ dependencies: - name: common # repository: https://charts.sysdig.com repository: file://../common - version: ~1.3.1 + version: ~1.4.0 diff --git a/charts/rapid-response/Chart.yaml b/charts/rapid-response/Chart.yaml index a97443bec..12fe65435 100644 --- a/charts/rapid-response/Chart.yaml +++ b/charts/rapid-response/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.25 +version: 0.9.26 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. @@ -39,4 +39,4 @@ dependencies: - name: common # repository: https://charts.sysdig.com repository: file://../common - version: ~1.3.1 + version: ~1.4.0