AO-115 Expose missing operator settings in helm chart

manifests/helm/templates/operator/deployment.yaml.tpl

@@ -90,34 +90,76 @@ spec:
               value: $(CONTRAST_WEBHOOK_SERVICENAME),$(CONTRAST_WEBHOOK_SERVICENAME).$(POD_NAMESPACE).svc,$(CONTRAST_WEBHOOK_SERVICENAME).$(POD_NAMESPACE).svc.cluster.local
             - name: CONTRAST_DEFAULT_REGISTRY
               value: '{{ required "operator.defaultRegistry is required." .Values.operator.defaultRegistry }}'
+            - name: CONTRAST_INSTALL_SOURCE
+              value: helm
+            {{- if hasKey .Values.operator "settleDuration" }}
             - name: CONTRAST_SETTLE_DURATION
               value: '{{ .Values.operator.settleDuration }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "eventQueueSize" }}
             - name: CONTRAST_EVENT_QUEUE_SIZE
               value: '{{ .Values.operator.eventQueueSize }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "eventQueueFullMode" }}
             - name: CONTRAST_EVENT_QUEUE_FULL_MODE
               value: '{{ .Values.operator.eventQueueFullMode }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "eventQueueMergeWindowSeconds" }}
+            - name: CONTRAST_EVENT_QUEUE_MERGE_WINDOW_SECONDS
+              value: '{{ .Values.operator.eventQueueMergeWindowSeconds }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "webhookSecretName" }}
             - name: CONTRAST_WEBHOOK_SECRET
               value: '{{ .Values.operator.webhookSecretName }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "webhookConfiguration" }}
             - name: CONTRAST_WEBHOOK_CONFIGURATION
               value: '{{ .Values.operator.webhookConfiguration }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "enableEarlyChaining" }}
             - name: CONTRAST_ENABLE_EARLY_CHAINING
               value: '{{ .Values.operator.enableEarlyChaining }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "enableAgentStdout" }}
             - name: CONTRAST_ENABLE_AGENT_STDOUT
               value: '{{ .Values.operator.enableAgentStdout }}'
-            - name: CONTRAST_INSTALL_SOURCE
-              value: helm
+            {{- end }}
+            {{- if hasKey .Values.operator "telemetryOptOut" }}
+            - name: CONTRAST_AGENT_TELEMETRY_OPTOUT
+              value: '{{ .Values.operator.telemetryOptOut }}'
+            {{- end }}
+            {{- if hasKey .Values.operator "operatorLogLevel" }}
+            - name: CONTRAST_LOG_LEVEL
+              value: '{{ .Values.operator.operatorLogLevel }}'
+            {{- end }}
+            {{- if hasKey .Values.operator.initContainer "nonRoot" }}
+            - name: CONTRAST_RUN_INIT_CONTAINER_AS_NON_ROOT
+              value: '{{ .Values.operator.initContainer.nonRoot }}'
+            {{- end }}
+            {{- if hasKey .Values.operator.initContainer.resources.requests "cpu" }}
             - name: CONTRAST_INITCONTAINER_CPU_REQUEST
               value: '{{ .Values.operator.initContainer.resources.requests.cpu }}'
+            {{- end }}
+            {{- if hasKey .Values.operator.initContainer.resources.limits "cpu" }}
             - name: CONTRAST_INITCONTAINER_CPU_LIMIT
               value: '{{ .Values.operator.initContainer.resources.limits.cpu }}'
+            {{- end }}
+            {{- if hasKey .Values.operator.initContainer.resources.requests "memory" }}
             - name: CONTRAST_INITCONTAINER_MEMORY_REQUEST
               value: '{{ .Values.operator.initContainer.resources.requests.memory }}'
+            {{- end }}
+            {{- if hasKey .Values.operator.initContainer.resources.limits "memory" }}
             - name: CONTRAST_INITCONTAINER_MEMORY_LIMIT
               value: '{{ .Values.operator.initContainer.resources.limits.memory }}'
+            {{- end }}
+            {{- if hasKey .Values.operator.initContainer.resources.requests "ephemeralStorage" }}
             - name: CONTRAST_INITCONTAINER_EPHEMERALSTORAGE_REQUEST
               value: '{{ .Values.operator.initContainer.resources.requests.ephemeralStorage }}'
+            {{- end }}
+            {{- if hasKey .Values.operator.initContainer.resources.limits "ephemeralStorage" }}
             - name: CONTRAST_INITCONTAINER_EPHEMERALSTORAGE_LIMIT
               value: '{{ .Values.operator.initContainer.resources.limits.ephemeralStorage }}'
+            {{- end }}
           livenessProbe:
             httpGet:
               path: /health

manifests/helm/values.schema.json

@@ -354,6 +354,11 @@
                         "DropOldest"
                     ]
                 },
+                "eventQueueMergeWindowSeconds": {
+                    "description": "Time window to merge events in the eventQueue",
+                    "default": 10,
+                    "type": "integer"
+                },
                 "eventQueueSize": {
                     "description": "Max number of events to queue from the K8s event stream.",
                     "default": 10000,
@@ -363,6 +368,11 @@
                     "description": "Resource management for the agent initContainers",
                     "type": "object",
                     "properties": {
+                        "nonRoot": {
+                            "description": "Run init-containers as non-root",
+                            "default": true,
+                            "type": "boolean"
+                        },
                         "resources": {
                             "type": "object",
                             "properties": {
@@ -428,6 +438,18 @@
                     "description": "Deployment Labels for the operator deployment.",
                     "type": "object"
                 },
+                "operatorLogLevel": {
+                    "description": "Operator Log Level",
+                    "default": "Info",
+                    "type": "string",
+                    "enum": [
+                        "Trace",
+                        "Debug",
+                        "Info",
+                        "Warn",
+                        "Error"
+                    ]
+                },
                 "podAnnotations": {
                     "description": "Pod Annotations for the operator pod(s).",
                     "type": "object"
@@ -504,6 +526,11 @@
                     "default": 10,
                     "type": "integer"
                 },
+                "telemetryOptOut": {
+                    "description": "Opt-Out of telemetry collection",
+                    "default": false,
+                    "type": "boolean"
+                },
                 "webhookConfiguration": {
                     "description": "The name of the webhook to patch after certificate generation occurs.",
                     "default": "contrast-web-hook-configuration",

manifests/helm/values.schema.yaml

@@ -39,6 +39,8 @@ operator:
   # DropOldest:
   #   Removes and ignores the oldest item in the channel in order to make room for the item being written.
   eventQueueFullMode: # @schema type:[string];enum:[Wait, DropOldest];default:DropOldest
+  # -- Time window to merge events in the eventQueue
+  eventQueueMergeWindowSeconds: # @schema type:[integer];default:10
   # -- The secret containing the TLS certificates used for the webhook. Used for to cache TLS certificate generation across restarts, and to share the same certificate across operator instances (when running in HA mode).
   webhookSecretName: # @schema type:[string];default:contrast-web-hook-secret
   # -- The name of the webhook to patch after certificate generation occurs.
@@ -47,6 +49,10 @@ operator:
   enableEarlyChaining: # @schema type:[boolean];default:false
   # -- Globally enable agents logging to stdout
   enableAgentStdout: # @schema type:[boolean];default:false
+  # -- Opt-Out of telemetry collection
+  telemetryOptOut: # @schema type:[boolean];default:false
+  # -- Operator Log Level
+  operatorLogLevel: # @schema type:[string];enum:[Trace, Debug, Info, Warn, Error];default:Info
   # -- Deployment Labels for the operator deployment.
   labels: {}
   # -- Deployment Annotations for the operator deployment.
@@ -69,6 +75,8 @@ operator:
       ephemeralStorage: # @schema type:[string, null]
   # -- Resource management for the agent initContainers
   initContainer:
+    # -- Run init-containers as non-root
+    nonRoot: # @schema type:[boolean];default:true
     resources:
       limits:
         cpu: # @schema type:[string, null];default:100m

manifests/helm/values.yaml

@@ -36,6 +36,8 @@ operator:
   # DropOldest:
   #   Removes and ignores the oldest item in the channel in order to make room for the item being written.
   eventQueueFullMode: DropOldest
+  # Time window to merge events in the eventQueue
+  eventQueueMergeWindowSeconds: 10
   # The secret containing the TLS certificates used for the webhook.
   # Used for to cache TLS certificate generation across restarts,
   # and to share the same certificate across operator instances (when running in HA mode).
@@ -48,6 +50,10 @@ operator:
   enableEarlyChaining: false
   # Globally enable agents logging to stdout
   enableAgentStdout: false
+  # Opt-Out of telemetry collection
+  #telemetryOptOut: false
+  # Operator Log Level
+  operatorLogLevel: Info
   # Metadata for the operator deployment.
   labels: {}
   annotations: {}
@@ -75,6 +81,8 @@ operator:
       #ephemeralStorage:
   # Resource management for the agent initContainers
   initContainer:
+    # Run init-containers as non-root
+    nonRoot: true
     resources:
       limits:
         cpu: 100m