From 9f6f30d4ed5328dd4243498283e78b0a41e85d08 Mon Sep 17 00:00:00 2001 From: Marc Lehmann Date: Thu, 1 Jun 2023 18:07:35 +0200 Subject: [PATCH 1/2] Allow flexible configuration of container affinity --- helm-charts/falcon-sensor/README.md | 2 +- .../templates/container_deployment_webhook.yaml | 17 +++-------------- helm-charts/falcon-sensor/values.yaml | 17 +++++++++++++++++ 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/helm-charts/falcon-sensor/README.md b/helm-charts/falcon-sensor/README.md index 3d597f4b..75266878 100644 --- a/helm-charts/falcon-sensor/README.md +++ b/helm-charts/falcon-sensor/README.md @@ -5,7 +5,7 @@ platform purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks — including malware and much more. -# Kubernetes Cluster Compatability +# Kubernetes Cluster Compatibility The Falcon Helm chart has been tested to deploy on the following Kubernetes distributions: diff --git a/helm-charts/falcon-sensor/templates/container_deployment_webhook.yaml b/helm-charts/falcon-sensor/templates/container_deployment_webhook.yaml index 6bb37abf..d94e581c 100644 --- a/helm-charts/falcon-sensor/templates/container_deployment_webhook.yaml +++ b/helm-charts/falcon-sensor/templates/container_deployment_webhook.yaml @@ -83,21 +83,10 @@ spec: {{- end }} {{- end }} spec: + {{- if .Values.container.affinity }} affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - preference: - matchExpressions: - - key: node-role.kubernetes.io/master - operator: DoesNotExist + {{- toYaml .Values.container.affinity | nindent 6 }} + {{- end }} {{- if .Values.container.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml .Values.container.topologySpreadConstraints | nindent 6 }} diff --git a/helm-charts/falcon-sensor/values.yaml b/helm-charts/falcon-sensor/values.yaml index 6b98e75b..8944f484 100644 --- a/helm-charts/falcon-sensor/values.yaml +++ b/helm-charts/falcon-sensor/values.yaml @@ -95,6 +95,23 @@ container: matchLabels: crowdstrike.com/component: crowdstrike-falcon-injector + # Configure affinity to restrict container to certain nodes + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: DoesNotExist + # Auto update the certificates every time there is an update autoCertificateUpdate: true From de64dc609604f403ac9cebd7029a7a8e9bedd467 Mon Sep 17 00:00:00 2001 From: Marc Lehmann Date: Thu, 1 Jun 2023 18:19:59 +0200 Subject: [PATCH 2/2] Bump version --- helm-charts/falcon-sensor/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-charts/falcon-sensor/Chart.yaml b/helm-charts/falcon-sensor/Chart.yaml index 5e9675d9..6fbc26c2 100644 --- a/helm-charts/falcon-sensor/Chart.yaml +++ b/helm-charts/falcon-sensor/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.19.1 +version: 1.19.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to