Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial addition of terrascan helm chart #688

Merged
merged 26 commits into from
May 12, 2021

Conversation

jlk
Copy link
Contributor

@jlk jlk commented Apr 23, 2021

Fixes #685

@codecov
Copy link

codecov bot commented Apr 23, 2021

Codecov Report

Merging #688 (70a8066) into master (0c7f4ca) will decrease coverage by 0.07%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #688      +/-   ##
==========================================
- Coverage   73.86%   73.78%   -0.08%     
==========================================
  Files         110      110              
  Lines        3176     3285     +109     
==========================================
+ Hits         2346     2424      +78     
- Misses        652      677      +25     
- Partials      178      184       +6     
Impacted Files Coverage Δ
pkg/results/store.go 46.15% <0.00%> (-23.08%) ⬇️
...ac-providers/terraform/commons/local-references.go 71.87% <0.00%> (-8.13%) ⬇️
pkg/policy/opa/engine.go 65.43% <0.00%> (-5.94%) ⬇️
pkg/writer/human_readable.go 82.75% <0.00%> (-4.04%) ⬇️
...providers/terraform/commons/variable-references.go 78.46% <0.00%> (-3.51%) ⬇️
pkg/iac-providers/kubernetes/v1/normalize.go 88.05% <0.00%> (-2.31%) ⬇️
...c-providers/terraform/commons/module-references.go 40.00% <0.00%> (-2.11%) ⬇️
pkg/results/types.go 100.00% <0.00%> (ø)
pkg/termcolor/colorpatterns.go 33.33% <0.00%> (ø)
pkg/k8s/admission-webhook/validating-webhook.go 62.00% <0.00%> (ø)
... and 8 more

Copy link
Contributor

@rahulchheda rahulchheda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
nit: let's remove NOTES.txt, and README.md if needed

rahulchheda
rahulchheda previously approved these changes Apr 26, 2021
@devang-gaur
Copy link
Contributor

Two important points:

  1. webhook is missing. you may use something from updated charts with webhook jlk/terrascan#1

  2. the manifests and the helm chart have to be terrascan compliant

Incase the pod the dies down, the webhook will not allow even the new terrascan pod itself to be created. Thus, creating a deadlock.

@jlk
Copy link
Contributor Author

jlk commented Apr 27, 2021

FYI please don't merge yet - doing a little more work on this, will merge in by COB today.

@jlk
Copy link
Contributor Author

jlk commented Apr 28, 2021

(sidetracked on the homebrew stuff...still chewing on this)

@devang-gaur devang-gaur marked this pull request as draft May 4, 2021 15:58
Working on some helm variable names for clarity,
Added admission webook template
@jlk jlk dismissed stale reviews from kanchwala-yusuf and rahulchheda via 3cc2adc May 5, 2021 04:55
@jlk
Copy link
Contributor Author

jlk commented May 5, 2021

Trying to remove myself as a blocker on this. Just pushed some more changes.

@dev-gaur - maybe during your day you can test this out and help with the docs? I haven't made any changes yet around the issue of what happens when the admission controller restarts - probably worth testing by killing the pod and seeing what happens.

@jlk jlk marked this pull request as ready for review May 6, 2021 15:46
deploy/helm-charts/Chart.yaml Outdated Show resolved Hide resolved
deploy/helm-charts/values.yaml Outdated Show resolved Hide resolved
deploy/helm-charts/values.yaml Outdated Show resolved Hide resolved
jlk and others added 8 commits May 10, 2021 16:38
Co-authored-by: Devang Gaur <devang.gaur@accurics.com>
If the admission controller webhook is deployed at same time as
terrascan service, there's sometimes a race condition where the
webhook starts before terrascan, and then blocks terrascan from
starting.  So users can read about admission controller in the docs,
and deploy that yaml manually.
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@devang-gaur devang-gaur merged commit 01c8d78 into tenable:master May 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create Helm charts for the terrascan admission webhook setup.
4 participants