CircleCI: Upload wiz-sensor chart

circleci-wiz · circleci-wiz · commit 29b3e935831e · 2025-03-18T20:39:25.000Z
diff --git a/wiz-kubernetes-integration/Chart.yaml b/wiz-kubernetes-integration/Chart.yaml
@@ -17,5 +17,5 @@ dependencies:
   condition: wiz-admission-controller.enabled
 - name: wiz-sensor
   repository: https://wiz-sec.github.io/charts
-  version: ">=1.0.6051"
+  version: ">=1.0.6187"
   condition: wiz-sensor.enabled
diff --git a/wiz-sensor/Chart.yaml b/wiz-sensor/Chart.yaml
@@ -3,5 +3,5 @@ description: Wiz Sensor helm chart
 home: https://www.wiz.io/
 name: wiz-sensor
 type: application
-version: 1.0.6051
-appVersion: 1.0.5835
+version: 1.0.6187
+appVersion: 1.0.6187
diff --git a/wiz-sensor/templates/_helpers.tpl b/wiz-sensor/templates/_helpers.tpl
@@ -46,6 +46,12 @@ dsimage/tag: {{ $dsimageparts._0 }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.gkeAutopilot }}
+autopilot.gke.io/no-connect: "true"
+{{- if .Values.gkeAutopilotUseAllowlist }}
+cloud.google.com/matching-allowlist: {{ .Values.gkeAutopilotAllowlist }}
+{{- end }}
+{{- end }}
 {{- if (coalesce .Values.global.commonLabels .Values.commonLabels .Values.daemonset.commonLabels) }}
 {{- range $key, $value := (coalesce .Values.global.commonLabels .Values.commonLabels .Values.daemonset.commonLabels) }}
 {{ $key }}: {{ tpl $value $ | quote }}
diff --git a/wiz-sensor/templates/gkeallowlistsynchronizer.yaml b/wiz-sensor/templates/gkeallowlistsynchronizer.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.gkeAutopilotUseAllowlist }}
+apiVersion: auto.gke.io/v1
+kind: AllowlistSynchronizer
+metadata:
+  name: wiz-sensor-allowlist-synchronizer
+  annotations:
+    helm.sh/hook: "pre-install,pre-upgrade"
+spec:
+  allowlistPaths:
+  - "Wiz/wiz-sensor/v1/*"
+{{- end }}
diff --git a/wiz-sensor/values.yaml b/wiz-sensor/values.yaml
@@ -40,6 +40,9 @@ openshift: false
 # see https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-resource-requests#resource-limits .
 # there are also other small changes
 gkeAutopilot: false
+# Newer GKE autopilot clusters support the use of an allowlist. This is required for some options in the chart
+gkeAutopilotUseAllowlist: false
+gkeAutopilotAllowlist: wiz-sensor-v1 # changing this is usually not required
 
 # use a custom SELinux type that is required by flatcar Linux nodes, but is incompatible with some
 # other node types (like AWS bottlerocket)
@@ -298,7 +301,7 @@ daemonset:
     type: RollingUpdate
 
   # Time for which kubernetes waits for the sensor pod to terminate gracefully.
-  terminationGracePeriodSeconds: 90
+  terminationGracePeriodSeconds: 25
 
   resources:
     # resource values for the wiz sensor, without API security enabled
