k8s helm charts - make proxy great again

Changes: 1. Block https scheme in httpsProxy Rather than allowing users to install the chart and fail miserably later, we shift left the check to template render time. 2. Check if proxy is configured but is not enabled
wiz-sec · Jan 12, 2025 · e5bc78b · e5bc78b
1 parent a1dc571
commit e5bc78b
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/wiz-kubernetes-integration/Chart.lock b/wiz-kubernetes-integration/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: wiz-kubernetes-connector
+  repository: https://wiz-sec.github.io/charts
+  version: 3.2.9
+- name: wiz-admission-controller
+  repository: https://wiz-sec.github.io/charts
+  version: 3.7.10
+- name: wiz-sensor
+  repository: https://wiz-sec.github.io/charts
+  version: 1.0.5429
+digest: sha256:1cc41e848d2c0583638ac0783e892a77608e96aee5a6d6a3f2364c24b89935ff
+generated: "2025-01-11T16:35:35.918316+02:00"
diff --git a/wiz-kubernetes-integration/charts/wiz-sensor-1.0.5429.tgz b/wiz-kubernetes-integration/charts/wiz-sensor-1.0.5429.tgz
diff --git a/wiz-kubernetes-integration/templates/secret-proxy.yaml b/wiz-kubernetes-integration/templates/secret-proxy.yaml
@@ -1,4 +1,11 @@
+{{- if and (not (empty .Values.global.httpProxyConfiguration.httpsProxy)) (eq .Values.global.httpProxyConfiguration.enabled false) }}
+  {{- fail "Error: httpsProxy is set but httpProxyConfiguration.enabled is false. Please enable the proxy configuration or unset httpsProxy." }}
+{{- end }}
+
 {{- if and .Values.global.httpProxyConfiguration.enabled .Values.global.httpProxyConfiguration.create }}
+  {{- if hasPrefix "https://" .Values.global.httpProxyConfiguration.httpsProxy }}
+    {{- fail "Error: httpsProxy must start with 'http://', https or any other protocol is not supported." }}
+  {{- end }}
 apiVersion: v1
 kind: Secret
 type: Opaque