Update charts with latest changes

circleci-wiz · circleci-wiz · commit e5cac4ad56a5 · 2025-10-28T02:18:50.000Z
diff --git a/wiz-admission-controller/Chart.yaml b/wiz-admission-controller/Chart.yaml
@@ -5,7 +5,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.12.0-preview.3
+version: 3.12.0-preview.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/wiz-admission-controller/templates/wiz.io_wizadmissioncontrollercaches.yaml b/wiz-admission-controller/templates/wiz.io_wizadmissioncontrollercaches.yaml
@@ -27,10 +27,6 @@ spec:
       jsonPath: .spec.state.version
       name: Version
       type: string
-    - description: Total number of chunks
-      jsonPath: .spec.state.totalChunks
-      name: Chunks
-      type: integer
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
diff --git a/wiz-kubernetes-integration/Chart.yaml b/wiz-kubernetes-integration/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: wiz-kubernetes-integration
 description: A Helm chart for Kubernetes
 type: application
-version: 0.2.128
+version: 0.2.129
 appVersion: ""
 #    Dependencies for wiz-kubernetes connector and wiz-admission-controller and wiz-sensor
 dependencies:
@@ -16,5 +16,5 @@ dependencies:
     condition: wiz-admission-controller.enabled
   - name: wiz-sensor
     repository: https://wiz-sec.github.io/charts
-    version: ">=1.0.7947"
+    version: ">=1.0.8204"
     condition: wiz-sensor.enabled
diff --git a/wiz-outpost-lite/Chart.yaml b/wiz-outpost-lite/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.20251009
+version: 0.1.20251027
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/wiz-outpost-lite/templates/_helpers.tpl b/wiz-outpost-lite/templates/_helpers.tpl
@@ -81,8 +81,10 @@ wiz.io/runner: {{ .runner | quote }}
   {{- $moduleType = "datascan" }}
 {{- else if hasPrefix "vcs-" $runner -}}
   {{- $moduleType = "vcs" }}
+ {{- else if eq $runner "databricks" -}}
+  {{- $moduleType = "databricks" }}
 {{- else -}}
-  {{- fail (printf "Invalid runner name: %s. Runner name must start with 'rem-', 'vcs-', or be 'container-registry', 'datascan'" $runner) -}}
+  {{- fail (printf "Invalid runner name: %s. Runner name must start with 'rem-', 'vcs-', or be 'container-registry', 'datascan', 'databricks" $runner) -}}
 {{- end }}
 
 {{/* e.g. remediation-aws-rds-003 -> outpost-lite-runner-remediation
diff --git a/wiz-outpost-lite/values.yaml b/wiz-outpost-lite/values.yaml
@@ -153,6 +153,29 @@ modules:
       readOnlyRootFilesystem: true
       seLinuxOptions:
         type: container_t
+  databricks:
+    enabled: false
+    image:
+      name: outpost-lite-runner-databricks
+    serviceAccount:
+      create: true
+    podSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 1000
+      runAsGroup: 1000
+      fsGroup: 1000
+    containerSecurityContext:
+      capabilities:
+        drop:
+          - ALL
+      runAsNonRoot: true
+      runAsUser: 1000
+      runAsGroup: 1000
+      allowPrivilegeEscalation: false
+      privileged: false
+      readOnlyRootFilesystem: true
+      seLinuxOptions:
+        type: container_t
 
 runners:
   vcs-event-triggered:
diff --git a/wiz-sensor/Chart.yaml b/wiz-sensor/Chart.yaml
@@ -3,8 +3,8 @@ name: wiz-sensor
 description: Wiz Sensor helm chart
 type: application
 home: https://www.wiz.io/
-version: 1.0.7947
+version: 1.0.8204
 appVersion: 1.0.7947
 annotations:
-  diskScanAppVersion: 1.1.26
-  windowsAppVersion: 1.0.0
+  diskScanAppVersion: 1.1.27
+  windowsAppVersion: 1.0.1
diff --git a/wiz-sensor/templates/_helpers.tpl b/wiz-sensor/templates/_helpers.tpl
@@ -54,30 +54,48 @@ Windows sensor image tag
 {{- end }}
 
 {{/*
-Common labels
+Common labels shared between Linux and Windows
+Includes standard Helm labels and user-defined common labels from Values
 */}}
-{{- define "wiz-sensor.labels" -}}
-{{- $imageparts:= split "@" (include "wiz-sensor.imageTag" .) }}
-{{- $dsimageparts:= split "@" (include "wiz-sensor.diskScanTag" .) }}
+{{- define "wiz-sensor.commonLabels" -}}
 helm.sh/chart: {{ include "wiz-sensor.chart" . }}
-image/tag: {{ $imageparts._0 }}
-dsimage/tag: {{ $dsimageparts._0 }}
 {{ include "wiz-sensor.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if (coalesce .Values.global.commonLabels .Values.commonLabels .Values.daemonset.commonLabels) }}
+{{- range $key, $value := (coalesce .Values.global.commonLabels .Values.commonLabels .Values.daemonset.commonLabels) }}
+{{ $key }}: {{ tpl $value $ | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Linux labels
+*/}}
+{{- define "wiz-sensor.labels" -}}
+{{ include "wiz-sensor.commonLabels" . }}
+{{- $imageparts:= split "@" (include "wiz-sensor.imageTag" .) }}
+{{- $dsimageparts:= split "@" (include "wiz-sensor.diskScanTag" .) }}
+image/tag: {{ $imageparts._0 }}
+dsimage/tag: {{ $dsimageparts._0 }}
 {{- if .Values.gkeAutopilot }}
 autopilot.gke.io/no-connect: "true"
 {{- if .Values.gkeAutopilotUseAllowlist }}
 cloud.google.com/matching-allowlist: {{ .Values.gkeAutopilotAllowlist }}
 {{- end }}
 {{- end }}
-{{- if (coalesce .Values.global.commonLabels .Values.commonLabels .Values.daemonset.commonLabels) }}
-{{- range $key, $value := (coalesce .Values.global.commonLabels .Values.commonLabels .Values.daemonset.commonLabels) }}
-{{ $key }}: {{ tpl $value $ | quote }}
-{{- end }}
 {{- end }}
+
+{{/*
+Windows labels
+*/}}
+{{- define "wiz-sensor.windowsLabels" -}}
+{{ include "wiz-sensor.commonLabels" . }}
+{{- $imageparts:= split "@" (include "wiz-sensor.windowsTag" .) }}
+os: windows
+image/tag: {{ $imageparts._0 }}
 {{- end }}
 
 {{/*
diff --git a/wiz-sensor/templates/daemonset-windows.yaml b/wiz-sensor/templates/daemonset-windows.yaml
@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: {{ include "wiz-sensor.fullname" . }}-windows
-  labels: {{- include "wiz-sensor.labels" . | nindent 4 }}
+  labels: {{- include "wiz-sensor.windowsLabels" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
 spec:
   selector:
@@ -12,7 +12,7 @@ spec:
     type: RollingUpdate
   template:
     metadata:
-      labels: {{- include "wiz-sensor.labels" . | nindent 8 }}
+      labels: {{- include "wiz-sensor.windowsLabels" . | nindent 8 }}
     spec:
       serviceAccountName: {{ include "wiz-sensor.serviceAccountName" . }}
       affinity:
@@ -34,11 +34,10 @@ spec:
                 operator: In
                 values:
                   - windows
+      {{- with .Values.daemonset.windowsTolerations }}
       tolerations:
-      - effect: NoSchedule
-        key: os
-        operator: Equal
-        value: "windows"
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       securityContext:
         windowsOptions:
           hostProcess: true
@@ -114,6 +113,12 @@ spec:
           value: {{ include "wiz-sensor.fileLogLevel" . | quote }}
         - name: STDOUT_LOG
           value: {{ include "wiz-sensor.stdoutLogLevel" . }}
+        - name: POD_IMAGE_TAG
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.labels['image/tag']
+        - name: POD_IMAGE_REGISTRY
+          value: {{ coalesce .Values.global.image.registry .Values.image.registry }}
         - name: POD_MEM_LIMITS
           valueFrom:
             resourceFieldRef:
diff --git a/wiz-sensor/values.yaml b/wiz-sensor/values.yaml
@@ -340,6 +340,17 @@ daemonset:
   #- key: CriticalAddonsOnly # allow running on EKS auto-mode system nodes
   #  operator: Exists
 
+  windowsTolerations:
+  # Common tolerations for Windows nodes
+  - effect: NoSchedule
+    key: node.kubernetes.io/os
+    operator: Equal
+    value: "windows"
+  - effect: NoSchedule
+    key: os
+    operator: Equal
+    value: "windows"
+
   # Default strategy to update the daemonset
   updateStrategy:
     type: RollingUpdate
@@ -372,7 +383,7 @@ daemonset:
 
     # resource values for the Windows sensor
     windowsLimits:
-      cpu: "500m"
+      cpu: "1"
       memory: "550Mi"
     windowsRequests:
       cpu: "100m"
