Publish 4.3.0 Agent Charts

jstewart612 · Oct 7, 2021 · 9aab43f · 9aab43f
1 parent cf7ebae
commit 9aab43f
Show file tree

Hide file tree

Showing 12 changed files with 423 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -1,2 +1,7 @@
 # helm-charts
+
 Official Lacework Helm Charts
+
+# Lacework Agent
+
+[Install Using Lacework Charts Repository](https://support.lacework.com/hc/en-us/articles/360005263034-Deploy-on-Kubernetes#install-using-lacework-charts-repository-recommended).
diff --git a/index.yaml b/index.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+entries:
+  lacework-agent:
+  - apiVersion: v1
+    appVersion: "1.0"
+    created: "2021-10-06T20:28:07.439483296-07:00"
+    description: Lacework Agent
+    digest: 316df313975abcb5ab65846cc749c194c5169f09636f2ffbc26a71f0ae9ef29b
+    home: https://www.lacework.com
+    icon: https://www.lacework.com/wp-content/uploads/2019/07/Lacework_Logo_color_2019.svg
+    keywords:
+    - monitoring
+    - security
+    - run-time
+    - metric
+    - troubleshooting
+    maintainers:
+    - email: [email protected]
+      name: lacework-support
+    name: lacework-agent
+    urls:
+    - lacework-agent-4.3.0.tgz
+    version: 4.3.0
+generated: "2021-10-06T20:28:07.438487133-07:00"
diff --git a/lacework-agent-4.3.0.tgz b/lacework-agent-4.3.0.tgz
diff --git a/lacework-agent/Chart.yaml b/lacework-agent/Chart.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Lacework Agent
+home: https://www.lacework.com
+icon: https://www.lacework.com/wp-content/uploads/2019/07/Lacework_Logo_color_2019.svg
+keywords:
+- monitoring
+- security
+- run-time
+- metric
+- troubleshooting
+maintainers:
+- email: [email protected]
+  name: lacework-support
+name: lacework-agent
+version: 4.3.0
diff --git a/lacework-agent/dev_install.sh b/lacework-agent/dev_install.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -euo pipefail
+
+helm upgrade --install --create-namespace -f values.yaml \
+             --set image.pullPolicy=Never \
+             --set image.tag=${VERSION:-99.9.9} \
+             --set laceworkConfig.accessToken=${LACEWORK_AGENT_TOKEN} \
+             --set laceworkConfig.serverUrl=${LACEWORK_SERVER_URL} \
+             --set laceworkConfig.env=${USER}-minikube \
+             --set laceworkConfig.kubernetesCluster=${USER}-minikube \
+             lacework-agent .
diff --git a/lacework-agent/dev_uninstall.sh b/lacework-agent/dev_uninstall.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -euo pipefail
+
+helm uninstall lacework-agent
diff --git a/lacework-agent/templates/_helpers.tpl b/lacework-agent/templates/_helpers.tpl
@@ -0,0 +1,46 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "lacework-agent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "lacework-agent.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "lacework-agent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Lacework Agent image name
+*/}}
+{{- define "lacework-agent.image" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | toString -}}
+{{- if .Values.image.overrideValue }}
+    {{- printf .Values.image.overrideValue -}}
+{{- else -}}
+    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
diff --git a/lacework-agent/templates/access-token.yaml b/lacework-agent/templates/access-token.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "lacework-agent.name" . }}-access-token
+  labels:
+    tier: monitoring
+    app: {{ include "lacework-agent.name" . }}
+type: Opaque
+data:
+  agent-access-token: {{ required "A valid AccessToken is required! Specify your Lacework agent token in values.yaml" .Values.laceworkConfig.accessToken | b64enc }}
diff --git a/lacework-agent/templates/configmap.yaml b/lacework-agent/templates/configmap.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: lacework-config
+  namespace: {{ .Release.Namespace }}          
+data:
+  config.json: |
+    {"autoupgrade": "{{ required "A value for autoupgrade is required" .Values.laceworkConfig.autoUpgrade }}",
+     "serverurl": "{{ .Values.laceworkConfig.serverUrl}}",
+     "tags": {"Env": "{{ .Values.laceworkConfig.env }}"
+              {{- if .Values.laceworkConfig.kubernetesCluster }}, "KubernetesCluster" :"{{ .Values.laceworkConfig.kubernetesCluster}}" {{- end }}
+             }
+    }
diff --git a/lacework-agent/templates/daemonset.yaml b/lacework-agent/templates/daemonset.yaml
@@ -0,0 +1,132 @@
+apiVersion: apps/v1
+
+kind: DaemonSet
+metadata:
+  name: {{ include "lacework-agent.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    tier: monitoring
+    app: {{ include "lacework-agent.name" . }}
+spec:
+  selector:
+    matchLabels:
+      name: {{ include "lacework-agent.name" . }}
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: {{ include "lacework-agent.name" . }}
+    spec:
+      tolerations: 
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+{{- end }}
+{{- if .Values.image.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.image.imagePullSecrets | indent 8 }}
+{{- end }}
+      terminationGracePeriodSeconds: 20
+      hostPID: true
+      hostNetwork: true
+      containers:
+      - name: lacework
+        image: {{ template "lacework-agent.image" . }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        env:
+          - name: LaceworkLogStdout
+            value: "yes"
+          - name: LaceworkAccessToken
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "lacework-agent.name" . }}-access-token
+                key: agent-access-token
+        resources:
+{{ toYaml .Values.resources | indent 12 }}
+        securityContext:
+          privileged: true
+          runAsNonRoot: false
+          runAsUser: 0
+          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: true
+        volumeMounts:
+          - name: cfgmap
+            mountPath: /var/lib/lacework/config
+          - name: dev
+            mountPath: /dev
+          - name: run-sock
+            mountPath: /var/run/docker.sock
+          - name: run-pid
+            mountPath: /var/run/docker.pid
+          - name: sys
+            mountPath: /sys
+          - name: log
+            mountPath: /var/log
+          - name: passwd
+            mountPath: /etc/passwd
+            readOnly: true
+          - name: group
+            mountPath: /etc/group
+            readOnly: true
+          - name: hostlacework
+            mountPath: /var/lib/lacework/collector
+          - name: hostroot
+            mountPath: /laceworkfim
+            readOnly: true
+          - name: podinfo
+            mountPath: /etc/podinfo
+      volumes:
+        - name: dev
+          hostPath:
+              path: /dev
+        - name: run-sock
+          hostPath:
+              path: /var/run/docker.sock
+        - name: run-pid
+          hostPath:
+              path: /var/run/docker.pid
+        - name: sys
+          hostPath:
+              path: /sys
+        - name: log
+          hostPath:
+              path: /var/log
+        - name: passwd
+          hostPath:
+              path: /etc/passwd
+        - name: group
+          hostPath:
+              path: /etc/group
+        - name: hostroot
+          hostPath:
+              path: /
+        - name: hostlacework
+          hostPath:
+              path: /var/lib/lacework/collector
+        - name: cfgmap
+          configMap:
+            name: lacework-config
+            items:
+            - key: config.json
+              path: config.json
+        - name: podinfo
+          downwardAPI:
+            items:
+              - path: "labels"
+                fieldRef:
+                  fieldPath: metadata.labels
+              - path: "annotations"
+                fieldRef:
+                  fieldPath: metadata.annotations
+              - path: "name"
+                fieldRef:
+                  fieldPath: metadata.name
+              - path: "poduid"
+                fieldRef:
+                  fieldPath: metadata.uid
+              - path: "namespace"
+                fieldRef:
+                  fieldPath: metadata.namespace
+  updateStrategy:
+{{ toYaml .Values.daemonset.updateStrategy | indent 4 }}
diff --git a/lacework-agent/values.schema.json b/lacework-agent/values.schema.json
@@ -0,0 +1,84 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema",
+    "required": [
+        "laceworkConfig"
+    ],
+    "properties": {
+        "image": {
+            "type": "object",
+            "properties": {
+                "imagePullSecrets": {
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "properties": {
+                            "name": {
+                                "type": "string"
+                            }
+                        }
+                    }
+                },
+                "pullPolicy": {
+                    "type": "string",
+                    "enum": [
+                        "Always",
+                        "IfNotPresent",
+                        "Never"
+                    ]
+                },
+                "registry": {
+                    "type": "string"
+                },
+                "repository": {
+                    "type": "string"
+                },
+                "tag": {
+                    "type": "string"
+                }
+            }
+        },
+        "laceworkConfig": {
+            "type": "object",
+            "required": [
+                "accessToken"
+            ],
+            "properties": {
+                "accessToken": {
+                    "type": "string"
+                },
+                "autoUpgrade": {
+                    "type": "string",
+                    "enum": [
+                        "disable",
+                        "enable"
+                    ]
+                },
+                "kubernetesCluster": {
+                    "type": [
+                        "string",
+                        "null"
+                    ]
+                },
+                "env": {
+                    "type": [
+                        "string",
+                        "null"
+                    ]
+                },
+                "serverUrl": {
+                    "type": [
+                        "string",
+                        "null"
+                    ]
+                }
+            }
+        },
+        "priorityClassName": {
+            "type": [
+                "string",
+                "null"
+            ]
+        }
+    },
+    "additionalProperties": true
+}