CircleCI: Upload wiz-sensor chart

circleci-wiz · circleci-wiz · commit 3ead58a138cd · 2024-11-14T17:15:27.000Z
diff --git a/wiz-kubernetes-integration/Chart.yaml b/wiz-kubernetes-integration/Chart.yaml
@@ -17,5 +17,5 @@ dependencies:
   condition: wiz-admission-controller.enabled
 - name: wiz-sensor
   repository: https://wiz-sec.github.io/charts
-  version: ">=1.0.4760"
+  version: ">=1.0.4945"
   condition: wiz-sensor.enabled
diff --git a/wiz-sensor/Chart.yaml b/wiz-sensor/Chart.yaml
@@ -3,5 +3,5 @@ description: Wiz Sensor helm chart
 home: https://www.wiz.io/
 name: wiz-sensor
 type: application
-version: 1.0.4760
-appVersion: 1.0.4708
+version: 1.0.4945
+appVersion: 1.0.4945
diff --git a/wiz-sensor/templates/daemonset.yaml b/wiz-sensor/templates/daemonset.yaml
@@ -25,7 +25,7 @@ spec:
         prometheus.io/port: "{{ .Values.metricsPort }}"
       {{- end }}
 
-      {{- if semverCompare "<1.31" $kubeVersion }}
+      {{- if or (semverCompare "<1.31" $kubeVersion) (.Values.oldAppArmorAnnotation) }}
         container.apparmor.security.beta.kubernetes.io/wiz-sensor: unconfined
         {{- if .Values.diskScan.enabled }}
         container.apparmor.security.beta.kubernetes.io/wiz-disk-scanner: unconfined
@@ -104,7 +104,7 @@ spec:
           runAsGroup: 2202
         {{- end }}
           readOnlyRootFilesystem: true
-          {{- if semverCompare ">=1.30" $kubeVersion }}
+          {{- if and (semverCompare ">=1.30" $kubeVersion) (not .Values.oldAppArmorAnnotation) }}
           appArmorProfile:
             type: Unconfined
           {{- end }}
@@ -277,7 +277,7 @@ spec:
         {{- end }}
           readOnlyRootFilesystem: true
 
-          {{- if semverCompare ">=1.30" $kubeVersion }}
+          {{- if and (semverCompare ">=1.30" $kubeVersion) (not .Values.oldAppArmorAnnotation) }}
           appArmorProfile:
             type: Unconfined
           {{- end }}
diff --git a/wiz-sensor/values.yaml b/wiz-sensor/values.yaml
@@ -70,6 +70,9 @@ privileged: false
 # for a production deployment.
 debug: false
 
+# force old-style annotation for AppArmor profile (compatibility with some gitops tools)
+oldAppArmorAnnotation: false
+
 clusterExternalId: "" # Required for OKE clusters - specify the cluster's OCID
 subscriptionExternalId: "" # Optional. Used to associate the installation with a Subscription if none can be obtained from IMDS (e.g. on-prem)
 clusterTags: {} # Optional. List of key: value tags to be added to KubernetesCluster object associated with this installation
