Update charts with latest changes

circleci-wiz · circleci-wiz · commit 6eac98f92cef · 2025-08-18T05:09:02.000Z
diff --git a/wiz-admission-controller/Chart.yaml b/wiz-admission-controller/Chart.yaml
@@ -5,7 +5,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.10.6
+version: 3.10.7-preview
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/wiz-admission-controller/templates/_helpers.tpl b/wiz-admission-controller/templates/_helpers.tpl
@@ -552,8 +552,44 @@ false
 - name: WIZ_CLUSTER_NAME
   value: {{ coalesce .Values.global.clusterDisplayName .Values.clusterDisplayName | quote }}
 {{- end }}
+{{- if .Values.prometheus.enabled }}
+# Prometheus metrics configuration
+- name: WIZ_METRICS_ENABLED
+  value: {{ .Values.prometheus.enabled | quote }}
+- name: WIZ_METRICS_PORT
+  value: {{ .Values.prometheus.metricsPort | quote }}
+- name: WIZ_DISABLE_TLS_METRICS
+  value: {{ .Values.prometheus.diableTLS | quote }}
+{{- end }}
 {{- end -}}
 
 {{- define "wiz-admission-controller.image" -}}
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ include "wiz-admission-controller.appVersion" . }}
 {{- end -}}
+
+{{/*
+Common service ports configuration
+*/}}
+{{- define "wiz-admission-controller.service.ports" -}}
+- port: {{ .Values.service.port }}
+  targetPort: {{ .Values.service.targetPort }}
+  protocol: TCP
+  name: webhook
+{{- if .Values.prometheus.enabled }}
+- port: {{ .Values.prometheus.metricsPort }}
+  targetPort: metrics
+  protocol: TCP
+  name: metrics
+{{- end }}
+{{- end -}}
+
+{{/*
+Common container ports configuration
+*/}}
+{{- define "wiz-admission-controller.container.ports" -}}
+- containerPort: {{ .Values.service.targetPort }}
+{{- if .Values.prometheus.enabled }}
+- name: metrics
+  containerPort: {{ .Values.prometheus.metricsPort }}
+{{- end }}
+{{- end -}}
diff --git a/wiz-admission-controller/templates/deploymentauditlogs.yaml b/wiz-admission-controller/templates/deploymentauditlogs.yaml
@@ -68,7 +68,7 @@ spec:
           image: {{ include "wiz-admission-controller.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-          - containerPort: {{ .Values.service.targetPort }}
+          {{- include "wiz-admission-controller.container.ports" . | nindent 10 }}
           readinessProbe:
             httpGet:
               path: /ready
diff --git a/wiz-admission-controller/templates/deploymentdebug.yaml b/wiz-admission-controller/templates/deploymentdebug.yaml
@@ -68,7 +68,7 @@ spec:
           image: {{ include "wiz-admission-controller.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-          - containerPort: {{ .Values.service.targetPort }}
+          {{- include "wiz-admission-controller.container.ports" . | nindent 10 }}
           readinessProbe:
             httpGet:
               path: /ready
diff --git a/wiz-admission-controller/templates/deploymentenforcement.yaml b/wiz-admission-controller/templates/deploymentenforcement.yaml
@@ -68,7 +68,7 @@ spec:
           image: {{ include "wiz-admission-controller.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-          - containerPort: {{ .Values.service.targetPort }}
+          {{- include "wiz-admission-controller.container.ports" . | nindent 10 }}
           readinessProbe:
             httpGet:
               path: /ready
diff --git a/wiz-admission-controller/templates/deploymentsensor.yaml b/wiz-admission-controller/templates/deploymentsensor.yaml
@@ -68,7 +68,7 @@ spec:
           image: {{ include "wiz-admission-controller.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-            - containerPort: {{ .Values.service.targetPort }}
+            {{- include "wiz-admission-controller.container.ports" . | nindent 12 }}
           readinessProbe:
             httpGet:
               path: /ready
diff --git a/wiz-admission-controller/templates/service.yaml b/wiz-admission-controller/templates/service.yaml
@@ -10,9 +10,7 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-      protocol: TCP
+    {{- include "wiz-admission-controller.service.ports" . | nindent 4 }}
   selector:
     {{- include "wiz-admission-controller.selectorLabels" . | nindent 4 }}
     {{- include "wiz-admission-controller-enforcement.selectorLabels" . | nindent 4 }}
@@ -29,9 +27,7 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-      protocol: TCP
+    {{- include "wiz-admission-controller.service.ports" . | nindent 4 }}
   selector:
     {{- include "wiz-admission-controller.selectorLabels" . | nindent 4 }}
     {{- include "wiz-kubernetes-audit-log-collector.selectorLabels" . | nindent 4 }}
@@ -48,9 +44,7 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-      protocol: TCP
+    {{- include "wiz-admission-controller.service.ports" . | nindent 4 }}
   selector:
     {{- include "wiz-admission-controller.selectorLabels" . | nindent 4 }}
     {{- include "wiz-sensor-webhook.selectorLabels" . | nindent 4 }}
@@ -67,9 +61,7 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
-      protocol: TCP
+    {{- include "wiz-admission-controller.service.ports" . | nindent 4 }}
   selector:
     {{- include "wiz-admission-controller.selectorLabels" . | nindent 4 }}
     {{- include "wiz-debug-webhook.selectorLabels" . | nindent 4 }}
diff --git a/wiz-admission-controller/values.yaml b/wiz-admission-controller/values.yaml
@@ -747,3 +747,27 @@ global:
   #
   # lowPrivilegePodSecurityPolicy: {}
   # lowPrivilegeSecurityPolicy: {}
+
+# Prometheus allows to scrape targets in two different ways:
+# 1. Annotations-based Service Discovery
+#    Where Prometheus discovers endpoints via Services enumeration via the Kubernetes API Server.
+#    To enable it with Wiz, you may need to also add the following annotations, e.g.
+#    podAnnotations:
+#      prometheus.io/scrape: "true"
+#      prometheus.io/port: "9090"
+#      prometheus.io/path: "/metrics"
+#
+# 2. ServiceMonitor-based Service Discovery
+#    Applicable if you are using the Prometheus Operator and the ServiceMonitor custom resource (CR).
+#    To enable it with Wiz, use the following selectors:
+#      selector:
+#        matchLabels:
+#          app.kubernetes.io/instance: <Helm release name> # e.g. wiz-kubernetes-integration
+#      namespaceSelector:
+#        matchNames:
+#          - wiz
+#
+prometheus:
+  enabled: false  # Enable the /metrics endpoint.
+  metricsPort: 9090
+  diableTLS: true # When TLS enabled uses the same TLS certificates that are used for all other webhooks.
