chore: changes to jetstack-agent chart to use new Agent image

deploy/charts/jetstack-agent/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: jetstack-agent
 description: TLS Protect for Kubernetes Agent
 type: application
-version: 0.4.0
-appVersion: "v0.1.43"
+version: 0.5.0
+appVersion: "v1.6.0"
 home: https://github.com/jetstack/jetstack-secure
 maintainers:
 - name: JSCP and CRE Team

deploy/charts/jetstack-agent/templates/deployment.yaml

@@ -33,14 +33,30 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- if  eq .Values.authentication.type "token" }}
           env:
-            - name: API_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: {{ default "agent-credentials" .Values.authentication.secretName }}
-                  key: {{ default "apitoken" .Values.authentication.secretKey }}
+          {{- if  eq .Values.authentication.type "token" }}
+          - name: API_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ default "agent-credentials" .Values.authentication.secretName }}
+                key: {{ default "apitoken" .Values.authentication.secretKey }}
           {{- end }}
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_UID
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.uid
+          - name: POD_NODE
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
           {{- if not (empty .Values.command) }}
           command:
           {{- range .Values.command }}

deploy/charts/jetstack-agent/templates/rbac.yaml

@@ -200,7 +200,7 @@ metadata:
   labels:
     {{- include "jetstack-agent.labels" . | nindent 4 }}
 rules:
-  - apiGroups: ["*.openshift.io"]
+  - apiGroups: ["route.openshift.io"]
     resources:
       - routes
     verbs: ["get", "list", "watch"]

deploy/charts/jetstack-agent/tests/deployment_test.yaml

@@ -20,7 +20,7 @@ tests:
       # Check is latest is set as tag that it uses that tag
       - equal:
           path: spec.template.spec.containers[0].image
-          value: quay.io/jetstack/preflight:latest
+          value: registry.venafi.cloud/venafi-agent/venafi-agent:latest
 
   # Check naming works with nameOverride
   - it: Deployment name is set when nameOverride is used

deploy/charts/jetstack-agent/values.yaml

@@ -7,11 +7,11 @@ replicaCount: 1
 
 image:
   # -- Default to Open Source image repository
-  repository: quay.io/jetstack/preflight
+  repository: "registry.venafi.cloud/venafi-agent/venafi-agent"
   # -- Defaults to only pull if not already present
   pullPolicy: IfNotPresent
   # -- Overrides the image tag whose default is the chart appVersion
-  tag: "v0.1.43"
+  tag: "v1.6.0"
 
 # -- Specify image pull credentials if using a prviate registry
 imagePullSecrets: []

hack/install_local_jetstack_secure_chart.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+set -eu -o pipefail
+
+# This script is provided to quickly install the Jetstack Secure Helm chart from the local checkout
+# into a Kind cluster, for testing changes to the legacy chart with Jetstack Secure.
+#
+# This script should be invoked from the root of the repository, e.g.:
+# ./hack/install_local_jetstack_secure_chart.sh
+
+TLSPK_ORG="${TLSPK_ORG:-jetstack}"
+TLSPK_CLUSTER_NAME="jss_test_$(date +"%Y%m%d_%H%M")"
+
+helm install cert-manager oci://quay.io/jetstack/charts/cert-manager:v1.18.2 \
+	--set crds.enabled=true \
+	--namespace cert-manager \
+	--create-namespace \
+	--set 'extraArgs={--dns01-recursive-nameservers-only,--dns01-recursive-nameservers=https://1.1.1.1/dns-query}'
+
+kubectl create namespace jetstack-secure || :
+
+# Get credentials from: https://platform.jetstack.io/org/jetstack/manage/service_accounts
+# Save them as JSON a file named credentials.json
+kubectl create secret generic agent-credentials --namespace jetstack-secure --from-file=credentials.json || :
+
+helm upgrade --install --create-namespace -n jetstack-secure jetstack-agent \
+    ./deploy/charts/jetstack-agent	\
+	--set config.organisation="${TLSPK_ORG}" \
+	--set config.cluster="${TLSPK_CLUSTER_NAME}"