Added audit log collector to the mix

ofirc-wiz · ofirc-wiz · commit 968f58401acb · 2024-10-22T21:43:37.000+03:00
diff --git a/wiz-admission-controller/templates/_helpers.tpl b/wiz-admission-controller/templates/_helpers.tpl
@@ -40,9 +40,14 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 
-{{- define "wiz-hpa.name" -}}
-{{- $name := "wiz-hpa" }}
-{{- default $name .Values.hpa.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- define "wiz-hpa-enforcer.name" -}}
+{{- $name := "wiz-hpa-enforcer" }}
+{{- default $name .Values.hpa.enforcerNameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "wiz-hpa-audit-logs.name" -}}
+{{- $name := "wiz-hpa-audit-logs" }}
+{{- default $name .Values.hpa.auditLogsNameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
@@ -110,11 +115,17 @@ app.kubernetes.io/name: {{ include "wiz-kubernetes-audit-log-collector.name" . }
 Wiz Horizontal Pod Autoscaler labels
 */}}
 
-{{- define "wiz-hpa.labels" -}}
+{{- define "wiz-hpa-enforcer.labels" -}}
+{{ include "wiz-admission-controller.labels" . }}
+app.kubernetes.io/name: {{ include "wiz-hpa-enforcer.name" . }}
+{{- end }}
+
+{{- define "wiz-hpa-audit-logs.labels" -}}
 {{ include "wiz-admission-controller.labels" . }}
-app.kubernetes.io/name: {{ include "wiz-hpa.name" . }}
+app.kubernetes.io/name: {{ include "wiz-hpa-audit-logs.name" . }}
 {{- end }}
 
+
 {{/*
 
 {{/*
@@ -203,3 +214,29 @@ Use for debug purpose only.
 {{- define "helpers.var_dump" -}}
 {{- . | mustToPrettyJson | printf "\nThe JSON output of the dumped var is: \n%s" | fail }}
 {{- end -}}
+
+{{- define "wiz-admission-controller.resources" -}}
+{{- if not .Values.hpa.enabled }}
+{{- if hasKey .Values "resources" }}
+{{- toYaml .Values.resources }}
+{{- else -}}
+{}
+{{- end -}}
+{{- else }}
+{{- if hasKey .Values "resources" }}
+{{- toYaml .Values.resources }}
+{{- else -}}
+requests:
+    cpu: 500m
+    memory: 300Mi
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "wiz-admission-controller.isEnforcerEnabled" -}}
+  {{- if or .Values.opaWebhook.enabled .Values.imageIntegrityWebhook.enabled .Values.debugWebhook.enabled }}
+    true
+  {{- else }}
+    false
+  {{- end }}
+{{- end }}
diff --git a/wiz-admission-controller/templates/deploymentauditlogs.yaml b/wiz-admission-controller/templates/deploymentauditlogs.yaml
@@ -7,7 +7,9 @@ metadata:
   labels:
     {{- include "wiz-kubernetes-audit-log-collector.labels" . | nindent 4 }}
 spec:
+  {{- if not .Values.hpa.enabled }}
   replicas: {{ .Values.kubernetesAuditLogsWebhook.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
       {{- include "wiz-admission-controller.selectorLabels" . | nindent 6 }}
@@ -184,11 +186,7 @@ spec:
             value: "true"
           {{- end }}
           resources:
-            {{- if hasKey .Values "resources" }}
-            {{- toYaml .Values.resources | nindent 12 }}
-            {{- else }}
-            {}
-            {{- end }}
+            {{- include "wiz-admission-controller.resources" . | nindent 12 }}
           volumeMounts:
           - mountPath: /var/server-certs
             name: server-certs
diff --git a/wiz-admission-controller/templates/deploymentenforcement.yaml b/wiz-admission-controller/templates/deploymentenforcement.yaml
@@ -1,4 +1,5 @@
-{{- if or .Values.opaWebhook.enabled .Values.imageIntegrityWebhook.enabled .Values.debugWebhook.enabled}}
+{{- $isEnabled := include "wiz-admission-controller.isEnforcerEnabled" . | trim | lower }}
+{{- if eq $isEnabled "true" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -213,21 +214,7 @@ spec:
             value: "true"
           {{- end }}
           resources:
-            {{- if not .Values.hpa.enabled }}
-            {{- if hasKey .Values "resources" }}
-            {{- toYaml .Values.resources | nindent 12 }}
-            {{- else }}
-            {}
-            {{- end }}
-            {{- else }}
-            {{- if hasKey .Values "resources" }}
-            {{- toYaml .Values.resources | nindent 12 }}
-            {{- else }}
-            requests:
-              cpu: 500m
-              memory: 300Mi
-            {{- end }}
-            {{- end }}
+            {{- include "wiz-admission-controller.resources" . | nindent 12 }}
           volumeMounts:
           - mountPath: /var/cache
             name: cache
diff --git a/wiz-admission-controller/templates/hpa.yaml b/wiz-admission-controller/templates/hpa.yaml
@@ -1,11 +1,13 @@
 {{- if .Values.hpa.enabled }}
+{{- $isEnabled := include "wiz-admission-controller.isEnforcerEnabled" . | trim | lower }}
+{{- if eq $isEnabled "true" }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
-  name: {{ include "wiz-hpa.name" . }}
+  name: {{ include "wiz-hpa-enforcer.name" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "wiz-hpa.labels" . | nindent 4 }}
+    {{- include "wiz-hpa-enforcer.labels" . | nindent 4 }}
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
@@ -33,4 +35,42 @@ spec:
     {{- if hasKey .Values.hpa "customMetrics" }}
     {{- toYaml .Values.hpa.customMetrics | nindent 4 }}
     {{- end }}
+---
+{{- end }}
+{{ if .Values.kubernetesAuditLogsWebhook.enabled -}}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "wiz-hpa-audit-logs.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "wiz-hpa-audit-logs.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "wiz-kubernetes-audit-log-collector.name" . }}
+  minReplicas: {{ .Values.hpa.minReplicas }}
+  maxReplicas: {{ .Values.hpa.maxReplicas }}
+  metrics:
+    {{- if .Values.hpa.enableCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.hpa.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.hpa.enableMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.hpa.targetMemoryUtilizationPercentage }}
+    {{- end }}
+    {{- if hasKey .Values.hpa "customMetrics" }}
+    {{- toYaml .Values.hpa.customMetrics | nindent 4 }}
+    {{- end }}
+{{- end }}
 {{- end }}
