search

CrowdStrike / falcon-helm

Helm Charts for running CrowdStrike Falcon with Kubernetes
https://artifacthub.io/packages/helm/falcon-helm/falcon-sensor
Apache License 2.0
74 stars 71 forks source link

Ways to reference existing value for clusterName in helm-charts/cs-k8s-protection-agent #311

Open gniltaws opened 1 month ago

gniltaws commented 1 month ago

Our clusters are managed by gitops/Argo CD. We have a global variable for the cluster's shortname .Values.global.clusterName which I'd like to be able to use, instead of needing a separate Values.yaml for each cluster.

I've worked out a few ways of doing it, in separate branches in my fork: (I'm pretty inexperienced with Github.com, so apologies if this is a confusing way to link them)

  1. Default to using Values.global.clusterName This uses my chosen variable, which might not be what others would want to use.
# templates/configmap.yaml
AGENT_CLUSTER_NAME: {{ (.Values.crowdstrikeConfig.clusterName | default .Values.global.clusterName) | quote }}
  1. Use user-defined variable for clusterName

This lets the user define a template (which can reference another variable)

#  Values.yaml
crowdstrikeConfig:
  clusterName: ""
  clusterNameOverrideTemplate: "{{ .Values.global.clusterName }}"

global:
  clusterName: myClusterName
# templates/configmap.yaml
{{- if .Values.crowdstrikeConfig.clusterNameOverrideTemplate }}
  AGENT_CLUSTER_NAME: {{ tpl .Values.crowdstrikeConfig.clusterNameOverrideTemplate . | quote }}
{{- else }}
  AGENT_CLUSTER_NAME: {{ .Values.crowdstrikeConfig.clusterName | quote }}
{{- end }}
  1. Use already-existing configmap instead of creating it

This adds a new variable in Values.yaml .Values.crowdstrikeConfig.existingConfigMap. When defined, configmap.yaml is not created and existingConfigMap is used in the deployment's envFrom:

# templates/deployment.yaml
          envFrom:
            - configMapRef:
                {{- if .Values.crowdstrikeConfig.existingConfigMap }}
                name: {{ .Values.crowdstrikeConfig.existingConfigMap }}
                {{- else }}
                name: {{ include "cs-k8s-protection-agent.fullname" . }}
                {{- end }}

I'd be happy to make any changes needed, but I will need help with the values.schema.json validation.

r3motecontrol commented 4 weeks ago

We solved this easily using helm parameters. You can leave the clusterName blank in values.yaml, and in the ApplicationSet, set the helm parameter (i.e., clusterName)

source:
  helm:
    parameters:
    - name: crowdstrikeConfig.clusterName
      value: "{{.name}}"  # if using a Cluster Generator, it is automatically available.

Argo Cluster Generator

redhatrises commented 2 weeks ago

The usage of helm parameters is generally the appropriate and preferred approach to handling this.