Update charts with latest changes

circleci-wiz · circleci-wiz · commit 264afd833eb0 · 2025-03-19T15:35:10.000Z
diff --git a/wiz-admission-controller/Chart.yaml b/wiz-admission-controller/Chart.yaml
@@ -5,14 +5,14 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.10.0-preview.1
+version: 3.10.0-preview.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "2.9"
 dependencies:
   - name: wiz-common
-    version: "0.1.7"
+    version: "0.1.8"
     repository: https://wiz-sec.github.io/charts
 #    repository: "file://../wiz-common" # Use this line to test the chart locally
diff --git a/wiz-admission-controller/templates/_helpers.tpl b/wiz-admission-controller/templates/_helpers.tpl
@@ -394,6 +394,10 @@ false
 {{- end }}
 {{- if or .Values.global.httpProxyConfiguration.enabled .Values.httpProxyConfiguration.enabled }}
 {{ include "wiz-common.proxy.env" . | trim }}
+{{- if or .Values.global.httpProxyConfiguration.clientCertificate .Values.httpProxyConfiguration.clientCertificate }}
+- name: WIZ_HTTP_PROXY_CLIENT_CERT_PATH
+  value: "{{ include "wiz-common.proxy.dir" . }}/clientCertificate"
+{{- end }}
 {{- end }}
 - name: WIZ_ENV
   value: {{ coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote }}
diff --git a/wiz-admission-controller/templates/proxy.yaml b/wiz-admission-controller/templates/proxy.yaml
@@ -5,7 +5,13 @@
 {{- if .Values.httpProxyConfiguration.enabled }}
 {{- if .Values.httpProxyConfiguration.create }}
   {{- if hasPrefix "https://" .Values.httpProxyConfiguration.httpsProxy }}
-    {{- fail "Error: httpsProxy must start with 'http://', https or any other protocol is not supported." }}
+    {{- if empty .Values.httpProxyConfiguration.clientCertificate }}
+      {{- fail "Error: HTTPS proxy requires a client certificate. Please provide clientCertificate in httpProxyConfiguration." }}
+    {{- end }}
+  {{- else }}
+    {{- if not (empty .Values.httpProxyConfiguration.clientCertificate) }}
+      {{- fail "Error: Client certificate is only supported for HTTPS proxies. Please remove clientCertificate or use an HTTPS proxy." }}
+    {{- end }}
   {{- end }}
 
 apiVersion: v1
@@ -24,5 +30,6 @@ stringData:
   httpProxy: {{ .Values.httpProxyConfiguration.httpProxy | quote }}
   httpsProxy: {{ .Values.httpProxyConfiguration.httpsProxy | quote }}
   noProxyAddress: {{ .Values.httpProxyConfiguration.noProxyAddress | quote }}
+  clientCertificate: {{ .Values.httpProxyConfiguration.clientCertificate | quote }}
 {{- end }}
 {{- end }}
diff --git a/wiz-admission-controller/values.yaml b/wiz-admission-controller/values.yaml
@@ -60,6 +60,9 @@ httpProxyConfiguration:
   httpProxy: "" # URL to use as a proxy for outbound HTTP traffic.
   httpsProxy: "" # URL to use as a proxy for outbound HTTPS traffic.
   noProxyAddress: "kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local"
+  # Proxy client certificate in PEM format. This is required for client certificate authentication.
+  # The file should contain a certificate and a private key in PEM format.
+  clientCertificate: ""
 
 # When Horizontal Pod Autoscaling (`hpa.enabled`) is enabled (`true`),
 # this field is discarded and set to an empty value.
@@ -549,6 +552,9 @@ global:
     httpProxy: ""
     httpsProxy: ""
     noProxyAddress: "kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local"
+    # Proxy client certificate in PEM format. This is required for client certificate authentication.
+    # The file should contain a certificate and a private key in PEM format.
+    clientCertificate: ""
 
   image:
     registry: "" # Registry to get the container images from.
diff --git a/wiz-broker/Chart.yaml b/wiz-broker/Chart.yaml
@@ -2,10 +2,10 @@ apiVersion: v2
 name: "wiz-broker"
 description: Wiz Broker for tunneling http traffic to Wiz backend
 type: application
-version: 2.3.8
+version: 2.3.9
 appVersion: "2.7"
 dependencies:
   - name: wiz-common
-    version: "0.1.7"
+    version: "0.1.8"
     repository: https://wiz-sec.github.io/charts
     #    repository: "file://../wiz-common" # Use this line to test the chart locally
diff --git a/wiz-common/Chart.yaml b/wiz-common/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
 name: wiz-common
 description: Common library chart for shared templates
 type: library
-version: 0.1.7
+version: 0.1.8
diff --git a/wiz-common/templates/_proxy.tpl b/wiz-common/templates/_proxy.tpl
@@ -2,6 +2,9 @@
 proxy
 {{- end -}}
 
+{{- define "wiz-common.proxy.dir" -}}
+/var/{{ include "wiz-common.proxy.name" . }}
+{{- end -}}
 
 {{- define "wiz-common.proxy.volume" -}}
 {{- $secret := index . 0 -}}
@@ -15,15 +18,17 @@ proxy
       path: httpsProxy
     - key: noProxyAddress
       path: noProxy
+    - key: clientCertificate
+      path: clientCertificate
 {{- end -}}
 
 {{- define "wiz-common.proxy.volumeMount" -}}
 - name: {{ include "wiz-common.proxy.name" . }}
-  mountPath: /var/{{ include "wiz-common.proxy.name" . }}
+  mountPath: {{ include "wiz-common.proxy.dir" . }}
   readOnly: true
 {{- end -}}
 
 {{- define "wiz-common.proxy.env" -}}
 - name: CLI_FILES_AS_ENV_VARS
-  value: "/var/{{ include "wiz-common.proxy.name" . }}/httpProxy,/var/{{ include "wiz-common.proxy.name" . }}/httpsProxy,/var/{{ include "wiz-common.proxy.name" . }}/noProxy"
-{{- end -}}
+  value: "{{ include "wiz-common.proxy.dir" . }}/httpProxy,{{ include "wiz-common.proxy.dir" . }}/httpsProxy,{{ include "wiz-common.proxy.dir" . }}/noProxy"
+{{- end -}}
diff --git a/wiz-kubernetes-connector/Chart.yaml b/wiz-kubernetes-connector/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.3.11
+version: 3.3.12
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -27,9 +27,9 @@ dependencies:
   - name: wiz-broker
     repository: https://wiz-sec.github.io/charts
 #    repository: "file://../wiz-broker" # Use this line to test the chart locally
-    version: "2.3.8"
+    version: "2.3.9"
     condition: wiz-broker.enabled
   - name: wiz-common
-    version: "0.1.7"
+    version: "0.1.8"
     repository: https://wiz-sec.github.io/charts
     #    repository: "file://../wiz-common" # Use this line to test the chart locally
