Skip to content

[VC-45025] cyberark-disco-agent: Change default config.period to 12h in values.yaml #720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wallrj-cyberark merged 1 commit into from
Sep 18, 2025
Merged

[VC-45025] cyberark-disco-agent: Change default config.period to 12h in values.yaml #720

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions deploy/charts/cyberark-disco-agent/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,10 +257,10 @@ Configure a PodDisruptionBudget for the agent's Deployment. If running with mult
#### **config.period** ~ `string`
> Default value:
> ```yaml
> 1h0m0s
> 12h0m0s
> ```

Push data every hour unless changed.
Push data every 12 hours unless changed.
#### **config.excludeAnnotationKeysRegex** ~ `array`
> Default value:
> ```yaml
Expand Down
9 changes: 9 additions & 0 deletions deploy/charts/cyberark-disco-agent/tests/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# `helm unittest`

We use `helm unittest` to test the YAML output coming out of the Helm chart.

In order to update the snapshots, run the following command:

```bash
make test-helm-snapshot
```
210 changes: 210 additions & 0 deletions deploy/charts/cyberark-disco-agent/tests/__snapshot__/configmap_test.yaml.snap
View file
Open in desktop
Copy link
Member Author

@wallrj-cyberark wallrj-cyberark Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This snapshot was generated by make test-helm-snapshot.

Original file line number Diff line number Diff line change
@@ -0,0 +1,210 @@
custom-period:
1: |
apiVersion: v1
data:
config.yaml: |-
period: "1m"
Copy link
Member Author

@wallrj-cyberark wallrj-cyberark Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the output of helm template when a custom config.period value is supplied.

data-gatherers:
- kind: k8s-discovery
name: ark/discovery
- kind: k8s-dynamic
name: ark/secrets
config:
resource-type:
version: v1
resource: secrets
field-selectors:
- type!=kubernetes.io/dockercfg
- type!=kubernetes.io/dockerconfigjson
- type!=bootstrap.kubernetes.io/token
- type!=helm.sh/release.v1
- kind: k8s-dynamic
name: ark/serviceaccounts
config:
resource-type:
resource: serviceaccounts
version: v1
- kind: k8s-dynamic
name: ark/roles
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: roles
- kind: k8s-dynamic
name: ark/clusterroles
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: clusterroles
- kind: k8s-dynamic
name: ark/rolebindings
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: rolebindings
- kind: k8s-dynamic
name: ark/clusterrolebindings
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: clusterrolebindings
- kind: k8s-dynamic
name: ark/jobs
config:
resource-type:
version: v1
group: batch
resource: jobs
- kind: k8s-dynamic
name: ark/cronjobs
config:
resource-type:
version: v1
group: batch
resource: cronjobs
- kind: k8s-dynamic
name: ark/deployments
config:
resource-type:
version: v1
group: apps
resource: deployments
- kind: k8s-dynamic
name: ark/statefulsets
config:
resource-type:
version: v1
group: apps
resource: statefulsets
- kind: k8s-dynamic
name: ark/daemonsets
config:
resource-type:
version: v1
group: apps
resource: daemonsets
- kind: k8s-dynamic
name: ark/pods
config:
resource-type:
version: v1
resource: pods
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cyberark-disco-agent
app.kubernetes.io/version: v0.0.0
helm.sh/chart: cyberark-disco-agent-0.0.0
name: test-cyberark-disco-agent-config
namespace: test-ns
defaults:
1: |
apiVersion: v1
data:
config.yaml: |-
period: "12h0m0s"
Copy link
Member Author

@wallrj-cyberark wallrj-cyberark Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the output of helm template without any supplied helm values (the defaults)

data-gatherers:
- kind: k8s-discovery
name: ark/discovery
- kind: k8s-dynamic
name: ark/secrets
config:
resource-type:
version: v1
resource: secrets
field-selectors:
- type!=kubernetes.io/dockercfg
- type!=kubernetes.io/dockerconfigjson
- type!=bootstrap.kubernetes.io/token
- type!=helm.sh/release.v1
- kind: k8s-dynamic
name: ark/serviceaccounts
config:
resource-type:
resource: serviceaccounts
version: v1
- kind: k8s-dynamic
name: ark/roles
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: roles
- kind: k8s-dynamic
name: ark/clusterroles
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: clusterroles
- kind: k8s-dynamic
name: ark/rolebindings
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: rolebindings
- kind: k8s-dynamic
name: ark/clusterrolebindings
config:
resource-type:
version: v1
group: rbac.authorization.k8s.io
resource: clusterrolebindings
- kind: k8s-dynamic
name: ark/jobs
config:
resource-type:
version: v1
group: batch
resource: jobs
- kind: k8s-dynamic
name: ark/cronjobs
config:
resource-type:
version: v1
group: batch
resource: cronjobs
- kind: k8s-dynamic
name: ark/deployments
config:
resource-type:
version: v1
group: apps
resource: deployments
- kind: k8s-dynamic
name: ark/statefulsets
config:
resource-type:
version: v1
group: apps
resource: statefulsets
- kind: k8s-dynamic
name: ark/daemonsets
config:
resource-type:
version: v1
group: apps
resource: daemonsets
- kind: k8s-dynamic
name: ark/pods
config:
resource-type:
version: v1
resource: pods
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: test
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cyberark-disco-agent
app.kubernetes.io/version: v0.0.0
helm.sh/chart: cyberark-disco-agent-0.0.0
name: test-cyberark-disco-agent-config
namespace: test-ns
16 changes: 16 additions & 0 deletions deploy/charts/cyberark-disco-agent/tests/configmap_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
suite: test the contents of the config.yaml
templates:
- configmap.yaml
release:
name: test
namespace: test-ns
tests:
- it: defaults
asserts:
- matchSnapshot: {}

- it: custom-period
set:
config.period: 1m
asserts:
- matchSnapshot: {}
4 changes: 2 additions & 2 deletions deploy/charts/cyberark-disco-agent/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,8 +128,8 @@
"type": "array"
},
"helm-values.config.period": {
"default": "1h0m0s",
"description": "Push data every hour unless changed.",
"default": "12h0m0s",
"description": "Push data every 12 hours unless changed.",
"type": "string"
},
"helm-values.extraArgs": {
Expand Down
4 changes: 2 additions & 2 deletions deploy/charts/cyberark-disco-agent/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,8 +122,8 @@ podDisruptionBudget:

# Configuration for the agent
config:
# Push data every hour unless changed.
period: "1h0m0s"
# Push data every 12 hours unless changed.
period: "12h0m0s"
Copy link
Member Author

@wallrj-cyberark wallrj-cyberark Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot suggested that I add a comment explaining the rationale for this rather long interval between uploads.
But I don't know why this interval has been chosen and I expect that it might be reduced in future when this agent is tested in the real world.


# You can configure the agent to exclude some annotations or
# labels from being pushed . All Kubernetes objects
Expand Down
4 changes: 2 additions & 2 deletions make/02_mod.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,13 @@ test-e2e-gke: | $(NEEDS_HELM) $(NEEDS_STEP) $(NEEDS_VENCTL)
## Run `helm unittest`.
## @category Testing
test-helm: | $(NEEDS_HELM-UNITTEST)
$(HELM-UNITTEST) ./deploy/charts/venafi-kubernetes-agent/
$(HELM-UNITTEST) ./deploy/charts/{venafi-kubernetes-agent,cyberark-disco-agent}
Copy link
Member Author

@wallrj-cyberark wallrj-cyberark Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

$ make test-helm
/home/richard/projects/jetstack/jetstack-secure/_bin/tools/helm-unittest ./deploy/charts/{venafi-kubernetes-agent,cyberark-disco-agent}

### Chart [ venafi-kubernetes-agent ] ./deploy/charts/venafi-kubernetes-agent

 PASS  test deployment  deploy/charts/venafi-kubernetes-agent/tests/deployment_test.yaml

### Chart [ cyberark-disco-agent ] ./deploy/charts/cyberark-disco-agent

 PASS  test the contents of the config.yaml     deploy/charts/cyberark-disco-agent/tests/configmap_test.yaml

Charts:      2 passed, 2 total
Test Suites: 2 passed, 2 total
Tests:       10 passed, 10 total
Snapshot:    2 passed, 2 total
Time:        94.109718ms


.PHONY: test-helm-snapshot
## Update the `helm unittest` snapshots.
## @category Testing
test-helm-snapshot: | $(NEEDS_HELM-UNITTEST)
$(HELM-UNITTEST) ./deploy/charts/venafi-kubernetes-agent/ -u
$(HELM-UNITTEST) ./deploy/charts/{venafi-kubernetes-agent,cyberark-disco-agent} -u

.PHONY: helm-plugins
## Install required helm plugins
Expand Down
26 changes: 10 additions & 16 deletions make/ark/02_mod.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,3 @@
.PHONY: ark-generate-helm-docs
## Generate Helm chart documentation.
## @category CyberArk Discovery and Context
ark-generate-helm-docs: helm_chart_source_dir := deploy/charts/cyberark-disco-agent
ark-generate-helm-docs: generate-helm-docs

shared_generate_targets += ark-generate-helm-docs

.PHONY: ark-generate-helm-schema
## Generate Helm chart schema.
## @category CyberArk Discovery and Context
ark-generate-helm-schema: helm_chart_source_dir := deploy/charts/cyberark-disco-agent
ark-generate-helm-schema: generate-helm-schema

shared_generate_targets += ark-generate-helm-schema
Copy link
Member Author

@wallrj-cyberark wallrj-cyberark Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this was not being run by make generate because generate-helm-docs was already a dependency of generate:

  • generate > ark-generate-helm-docs > generate-helm-docs
  • generate > generate-helm-docs

So the first dependency (with different variables) was being dropped.

So I've changed it to invoke a make subprocess below, and tested that it works by altering values in the README.md files of both charts and observing that make generate reverts both those changes.


GITHUB_OUTPUT ?= /dev/stderr
.PHONY: ark-release
## Publish all release artifacts (image + helm chart)
Expand Down Expand Up @@ -61,3 +45,13 @@ ark-verify:
helm_chart_image_name=$(OCI_BASE)/charts/cyberark-disco-agent

shared_verify_targets_dirty += ark-verify

.PHONY: ark-generate
## Generate Helm chart documentation and schema
## @category CyberArk Discovery and Context
ark-generate:
$(MAKE) generate-helm-docs generate-helm-schema \
helm_chart_source_dir=deploy/charts/cyberark-disco-agent

shared_generate_targets += ark-generate