CS Falcon Image Analyzer ( IAR ) Helm initial Draft

helm-charts/falcon-image-analyzer/templates/_helpers.tpl

@@ -88,13 +88,13 @@ runAsGroup: {{ .Values.securityContext.runAsGroup | default 0 }}
 {{- end }}
 {{- end }}
 {{- else -}}
-{{- .Values.volumeMounts | toYaml -}}
+{{- .Values.volumeMounts | toYaml }}
 {{- end }}
 {{- end }}
 
 {{- define "falcon-image-analyzer.volumes" -}}
 {{- if lt (len .Values.volumes) 2 -}}
-{{- .Values.volumes | toYaml -}}
+{{- .Values.volumes | toYaml }}
 {{- if eq .Values.crowdstrikeConfig.agentRunmode "socket" }}
 - name: var-run
   hostPath:
@@ -120,7 +120,7 @@ runAsGroup: {{ .Values.securityContext.runAsGroup | default 0 }}
 {{- end }}
 {{- end }}
 {{- else -}}
-{{- .Values.volumes | toYaml -}}
+{{- .Values.volumes | toYaml }}
 {{- end }}
 {{- end }}
 

helm-charts/falcon-image-analyzer/templates/daemonset.yaml

@@ -56,12 +56,22 @@ spec:
                 {{- end }}
           volumeMounts:
           {{- (include "falcon-image-analyzer.volumeMounts" .) | nindent 12 }}
+          {{- if .Values.azure.enabled }}
+            - name: azure-config
+              mountPath: /etc/kubernetes/azure.json
+          {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
       {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
         {{- include "falcon-image-analyzer.volumes" . | nindent 8 }}
+        {{- if .Values.azure.enabled }}
+        - name: azure-config
+          hostPath:
+            path: {{ .Values.azure.azureConfig }}
+            type: File
+        {{- end }}
       {{- with .Values.affinity }}
       affinity:
       {{- toYaml . | nindent 8 }}

helm-charts/falcon-image-analyzer/templates/deployment.yaml

@@ -58,15 +58,23 @@ spec:
                 name: {{ include "falcon-image-analyzer.fullname" . }}
                 {{- end }}
           volumeMounts:
-           {{- toYaml .Values.volumeMounts | default "" | nindent 12 }}
+          {{- toYaml .Values.volumeMounts | default "" | nindent 12 }}
+          {{- if .Values.azure.enabled }}
+            - name: azure-config
+              mountPath: /etc/kubernetes/azure.json
+          {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
       {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.volumes }}
       volumes:
-        {{- toYaml . | default "" | nindent 8 }}
-      {{- end}}
+        {{- toYaml .Values.volumes | default "" | nindent 8 }}
+        {{- if .Values.azure.enabled }}
+        - name: azure-config
+          hostPath:
+            path: {{ .Values.azure.azureConfig }}
+            type: File
+        {{- end }}
       {{- with .Values.affinity }}
       affinity:
       {{- toYaml . | nindent 8 }}

helm-charts/falcon-image-analyzer/values.yaml

@@ -22,7 +22,7 @@ image:
   # Example digest variable configuration:
   # digest: sha256:ffdc91f66ef8570bd7612cf19145563a787f552656f5eec43cd80ef9caca0398
   digest:
-  pullPolicy: IfNotPresent
+  pullPolicy: Always
 
   # Use this if you have a base64 encoded docker
   # config json with user and pass of your own
@@ -61,6 +61,17 @@ affinity: {}
 
 priorityClassName: ""
 
+  # For AKS without the pulltoken option
+azure:
+  enabled: false
+
+  # Path to the Kubernetes Azure config file on worker nodes
+  azureConfig: /etc/kubernetes/azure.json
+
+# GCP GKE workload identity init container
+gcp:
+  enabled: false
+
 # This is a mandatory mount for both deployment and daemon set.
 # this is used as a tmp working space for image storage
 volumes: