From aade4e7ce0940e7d671c203e4c44b5b6eac864be Mon Sep 17 00:00:00 2001 From: Marat Salakhutdinov Date: Wed, 30 Oct 2024 07:11:05 -0400 Subject: [PATCH] remove unused allowedUnsafeSysctls constraint to fix OpenShift GitOps (Argo CD) app going out of sync on OpenShift clusters --- charts/agent/Chart.yaml | 2 +- charts/agent/templates/securitycontextconstraint.yaml | 1 - charts/cluster-shield/Chart.yaml | 2 +- .../templates/openshift_securitycontextconstraint.yaml | 1 - charts/node-analyzer/Chart.yaml | 2 +- charts/node-analyzer/templates/securitycontextconstraint.yaml | 1 - charts/shield/Chart.yaml | 2 +- .../templates/cluster/openshift-securitycontextconstraint.yaml | 1 - 8 files changed, 4 insertions(+), 8 deletions(-) diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index 0484b67db..2d7dbf4f3 100644 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -30,4 +30,4 @@ sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig type: application -version: 1.30.0 +version: 1.30.1 diff --git a/charts/agent/templates/securitycontextconstraint.yaml b/charts/agent/templates/securitycontextconstraint.yaml index 252a2bce3..06f63407c 100644 --- a/charts/agent/templates/securitycontextconstraint.yaml +++ b/charts/agent/templates/securitycontextconstraint.yaml @@ -25,7 +25,6 @@ allowedCapabilities: [] allowedCapabilities: {{ include "agent.capabilities" . }} {{- end }} -allowedUnsafeSysctls: [] defaultAddCapabilities: [] fsGroup: type: RunAsAny diff --git a/charts/cluster-shield/Chart.yaml b/charts/cluster-shield/Chart.yaml index 7682985d3..19357bd90 100644 --- a/charts/cluster-shield/Chart.yaml +++ b/charts/cluster-shield/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cluster-shield description: Cluster Shield Helm Chart for Kubernetes type: application -version: 1.4.2 +version: 1.4.3 appVersion: "1.4.0" maintainers: - name: AlbertoBarba diff --git a/charts/cluster-shield/templates/openshift_securitycontextconstraint.yaml b/charts/cluster-shield/templates/openshift_securitycontextconstraint.yaml index e8c00b88f..5875ebd76 100644 --- a/charts/cluster-shield/templates/openshift_securitycontextconstraint.yaml +++ b/charts/cluster-shield/templates/openshift_securitycontextconstraint.yaml @@ -16,7 +16,6 @@ allowHostPorts: false allowPrivilegeEscalation: true allowPrivilegedContainer: true allowedCapabilities: [] -allowedUnsafeSysctls: [] defaultAddCapabilities: [] fsGroup: type: RunAsAny diff --git a/charts/node-analyzer/Chart.yaml b/charts/node-analyzer/Chart.yaml index f5a0a5d22..d795bd6b9 100644 --- a/charts/node-analyzer/Chart.yaml +++ b/charts/node-analyzer/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: node-analyzer description: Sysdig Node Analyzer # currently matching Sysdig's appVersion 1.14.34 -version: 1.32.15 +version: 1.32.16 appVersion: 12.9.2 keywords: - monitoring diff --git a/charts/node-analyzer/templates/securitycontextconstraint.yaml b/charts/node-analyzer/templates/securitycontextconstraint.yaml index 8ad2ba578..aba48c010 100644 --- a/charts/node-analyzer/templates/securitycontextconstraint.yaml +++ b/charts/node-analyzer/templates/securitycontextconstraint.yaml @@ -16,7 +16,6 @@ allowHostPorts: false allowPrivilegeEscalation: true allowPrivilegedContainer: true allowedCapabilities: [] -allowedUnsafeSysctls: [] defaultAddCapabilities: [] fsGroup: type: RunAsAny diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml index f1428569f..39a61e101 100644 --- a/charts/shield/Chart.yaml +++ b/charts/shield/Chart.yaml @@ -13,5 +13,5 @@ maintainers: - name: mavimo email: marcovito.moscaritolo@sysdig.com type: application -version: 0.1.12 +version: 0.1.13 appVersion: "1.0.0" diff --git a/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml b/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml index ce6016f0d..c93dc578b 100644 --- a/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml +++ b/charts/shield/templates/cluster/openshift-securitycontextconstraint.yaml @@ -16,7 +16,6 @@ allowHostPorts: false allowPrivilegeEscalation: true allowPrivilegedContainer: true allowedCapabilities: [] -allowedUnsafeSysctls: [] defaultAddCapabilities: [] fsGroup: type: RunAsAny