Update charts with latest changes

circleci-wiz · circleci-wiz · commit 9fbc9d0f98ce · 2025-10-28T14:53:14.000Z
diff --git a/wiz-admission-controller/Chart.yaml b/wiz-admission-controller/Chart.yaml
@@ -5,7 +5,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.12.0-preview.4
+version: 3.12.0-preview.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/wiz-admission-controller/templates/NOTES.txt b/wiz-admission-controller/templates/NOTES.txt
@@ -5,44 +5,8 @@ For uninstalling the wiz admission controller you need to delete helm hooks reso
 {{- if not .Values.webhook.secret.name }}
 3. Delete certificates secret - kubectl delete -n {{ .Release.Namespace }} secret  {{ include "wiz-admission-controller.secretServerCert" . | trim }}
 {{- end }}
-{{- if and .Values.crdCache.enabled (eq .Values.crdCache.argoCDCompatibilityMode "helm-hook") }}
-{{- $enabledTypes := include "wiz-admission-controller.enabledRunnerTypes" . | fromJsonArray }}
-{{- range $runnerType := $enabledTypes }}
-4. Delete cache secret for {{ $runnerType }} - kubectl delete -n {{ $.Release.Namespace }} secret {{ include "wiz-admission-controller.cacheSecretName" $runnerType }}
-{{- end }}
-{{- end }}
 {{- if eq .Values.opaWebhook.failurePolicy "Fail" }}
 
 WARNING!!!
 opaWebhook.failurePolicy is Fail, You need to delete validatingwebhookconfiguration before uninstall, if webhook exists without chart resources you can’t create resources in your cluster!
 {{- end }}
-
-{{- if .Values.crdCache.enabled }}
-{{- if eq .Values.crdCache.argoCDCompatibilityMode "none" }}
-
-NOTE: ArgoCD Compatibility
-You have enabled CRD-based caching. The cache secrets are modified at runtime by the
-admission controller, which will cause ArgoCD to mark your application as out-of-sync.
-
-If you are not using ArgoCD, you can ignore the following section.
-
-To prevent this, you have two options:
-
-Option 1: Configure ArgoCD to ignore differences in the cache secret's data field.
-Add the following to your ArgoCD Application manifest under spec.ignoreDifferences:
-
-{{- $enabledTypes := include "wiz-admission-controller.enabledRunnerTypes" . | fromJsonArray }}
-{{- range $runnerType := $enabledTypes }}
-  - group: ""
-    kind: Secret
-    name: {{ include "wiz-admission-controller.cacheSecretName" $runnerType }}
-    namespace: {{ $.Release.Namespace }}
-    jsonPointers:
-    - /data
-{{- end }}
-
-Option 2: Set crdCache.argoCDCompatibilityMode to "helm-hook" in your values.yaml.
-This will add Helm hooks to the cache secrets, preventing ArgoCD from tracking them.
-Note: You will need to manually delete the cache secrets after uninstalling the chart.
-{{- end }}
-{{- end }}
diff --git a/wiz-admission-controller/templates/_helpers.tpl b/wiz-admission-controller/templates/_helpers.tpl
@@ -637,14 +637,6 @@ Returns: list of runner types that are enabled
 {{- $types | toJson -}}
 {{- end -}}
 
-{{/*
-Get the cache secret name for a specific runner type
-*/}}
-{{- define "wiz-admission-controller.cacheSecretName" -}}
-{{- $runnerType := . -}}
-{{- printf "wiz-ac-cache-secrets-%s" $runnerType -}}
-{{- end -}}
-
 {{/*
 Get the leader lock ID for a specific runner type
 */}}
@@ -669,18 +661,6 @@ Usage: include "wiz-admission-controller.crdCacheEnvVars" "enforcer"
 {{- $runnerType := . -}}
 - name: WIZ_CRD_CACHE_LEADER_LOCK_ID
   value: {{ include "wiz-admission-controller.leaderLockId" $runnerType }}
-- name: WIZ_CRD_CACHE_SECRET_NAME
-  value: {{ include "wiz-admission-controller.cacheSecretName" $runnerType }}
 - name: WIZ_CRD_CACHE_NAME_PREFIX
   value: {{ include "wiz-admission-controller.cacheNamePrefix" $runnerType }}
 {{- end -}}
-
-{{/*
-Validate argoCDCompatibilityMode value
-*/}}
-{{- define "wiz-admission-controller.validateArgoCDCompatibilityMode" -}}
-{{- $validModes := list "none" "helm-hook" -}}
-{{- if not (has .Values.crdCache.argoCDCompatibilityMode $validModes) -}}
-{{- fail (printf "Invalid value for crdCache.argoCDCompatibilityMode: '%s'. Valid values are: none, helm-hook" .Values.crdCache.argoCDCompatibilityMode) -}}
-{{- end -}}
-{{- end -}}
diff --git a/wiz-admission-controller/templates/caching-secrets.yaml b/wiz-admission-controller/templates/caching-secrets.yaml
diff --git a/wiz-admission-controller/templates/input-validations.yaml b/wiz-admission-controller/templates/input-validations.yaml
@@ -1,4 +1 @@
 {{ include "wiz-common.requireHelm310" . }}
-{{- if .Values.crdCache.enabled }}
-{{ include "wiz-admission-controller.validateArgoCDCompatibilityMode" . }}
-{{- end }}
diff --git a/wiz-admission-controller/templates/serviceaccount.yaml b/wiz-admission-controller/templates/serviceaccount.yaml
@@ -39,17 +39,10 @@ rules:
 - apiGroups: ["wiz.io"]
   resources: ["wizadmissioncontrollercaches/status"]
   verbs: ["get", "update", "patch"]
-- apiGroups: [""]
-  resources: ["secrets"]
-  resourceNames:
-{{- $enabledTypes := include "wiz-admission-controller.enabledRunnerTypes" . | fromJsonArray }}
-{{- range $runnerType := $enabledTypes }}
-    - {{ include "wiz-admission-controller.cacheSecretName" $runnerType }}
-{{- end }}
-  verbs: ["get", "update", "patch"]
 - apiGroups: ["coordination.k8s.io"]
   resources: ["leases"]
   resourceNames:
+{{- $enabledTypes := include "wiz-admission-controller.enabledRunnerTypes" . | fromJsonArray }}
 {{- range $runnerType := $enabledTypes }}
     - {{ include "wiz-admission-controller.leaderLockId" $runnerType }}
 {{- end }}
diff --git a/wiz-admission-controller/values.yaml b/wiz-admission-controller/values.yaml
@@ -627,19 +627,6 @@ hpa:
 crdCache:
   enabled: false # Should the CRD-based caching be enabled. When enabled, the WizAdmissionControllerCache CRD will be installed.
   maxAge: 12h # In case of no connectivity to the backend, the admission controller will use the cache for up to this time, before starting to crash.
-  leaderLockId: "wiz-admission-controller-crd-cache"
-
-  # ArgoCD compatibility mode for the cache secret.
-  # When crdCache is enabled, a Secret is created that the application modifies at runtime,
-  # which can cause ArgoCD to mark the application as out-of-sync.
-  #
-  # Options:
-  # - "none": Do nothing special. If using ArgoCD, see NOTES.txt for instructions on configuring
-  #           ArgoCD to ignore differences in the secret's data field.
-  # - "helm-hook": Add Helm pre-install/pre-upgrade hooks to the secret. This prevents ArgoCD
-  #                from marking it as out-of-sync, but requires manual deletion of the secret
-  #                after uninstall (see NOTES.txt for instructions).
-  argoCDCompatibilityMode: "none"
 
 wizManager:
   enabled: true # Should the Wiz Manager be deployed.
diff --git a/wiz-kubernetes-integration/Chart.yaml b/wiz-kubernetes-integration/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: wiz-kubernetes-integration
 description: A Helm chart for Kubernetes
 type: application
-version: 0.2.129
+version: 0.2.130
 appVersion: ""
 #    Dependencies for wiz-kubernetes connector and wiz-admission-controller and wiz-sensor
 dependencies:
