Merge pull request #851 from zivshits/2022.4

SLK-77315 - Support AKS 1.28
aquasecurity · Apr 3, 2024 · 5cdda0a · 5cdda0a
2 parents 3216922 + d01f10a
commit 5cdda0a
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 28 deletions.
diff --git a/enforcer/CHANGELOG.md b/enforcer/CHANGELOG.md
@@ -1,5 +1,7 @@
 # Changelog
 All notable changes to this project will be documented in this file.
+## 2022.4.21 ( Apr 3rd, 2024 )
+* SLK-77315 - Support AKS 1.28
 ## 2022.4.20 ( Jan 8th, 2024 )
 * SLK-73499 - Add robustness to removal of windows-enforcer
 ## 2022.4.19 ( Jan 3rd, 2024 )

diff --git a/enforcer/Chart.yaml b/enforcer/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "2022.4"
 description: A Helm chart for the Aqua Enforcer
 name: enforcer
-version: "2022.4.20"
+version: "2022.4.21"
 icon: https://avatars3.githubusercontent.com/u/12783832?s=200&v=4
 home: https://www.aquasec.com/
 maintainers:

diff --git a/enforcer/templates/enforcer-windows-daemonset.yaml b/enforcer/templates/enforcer-windows-daemonset.yaml
@@ -54,28 +54,31 @@ spec:
         command:
         - powershell.exe
         - -command
-        - |
-          $Installation = Get-WmiObject -Class Win32_Product | Where-Object {$_.Vendor -eq "Aqua Security"}
-          if ($Installation -ne $null) {
-            Write-Output "Backing up Aqua-Enforcer logs to C:\Temp\Aquasec\"
-            Copy-Item -Path "C:\Program Files\AquaSec\log" -Destination "C:\Temp\Aquasec\" -Recurse -Force -ErrorAction SilentlyContinue
-            Write-Output "Removing $Installation.Name..."
-            $argList=@("/X",$Installation.IdentifyingNumber,"/qn","/L C:\Temp\Aquasec\AquaAgentWindowsInstaller.remove.log","/norestart","MSIRESTARTMANAGERCONTROL=Disable")
-            $Process=Start-Process -FilePath msiexec.exe -ArgumentList $argList -NoNewWindow -PassThru -Wait
-          }
-          Write-Output "Installing Aqua-Enforcer from $env:CONTAINER_SANDBOX_MOUNT_POINT"
-          $argList=@("/I","$env:CONTAINER_SANDBOX_MOUNT_POINT\AquaAgentWindowsInstaller.msi","/qn","/L C:\Temp\Aquasec\AquaAgentWindowsInstaller.install.log")
-          New-Item -Path "C:\Temp\Aquasec" -ItemType Directory -Force
-          $sysEnv=@(Get-ChildItem -Path Env:) | ForEach { $argList+=$_.Name+'="'+$_.Value+'"' }
-          $Process=Start-Process -FilePath msiexec.exe -ArgumentList $argList -NoNewWindow -PassThru -Wait
-          Get-Content C:\Temp\Aquasec\AquaAgentWindowsInstaller.install.log
-          While (Get-Service slkd | Where-Object {$_.Status -eq "Running"}){ Start-Sleep -s 30 }
+        - $Installation = Get-WmiObject -Class Win32_Product | Where-Object {$_.Vendor -eq "Aqua Security"};
+        - if ($Installation -ne $null) {
+            Get-ChildItem -Path "C:\Program Files\AquaSec\log";
+            Write-Output "Backing up Aqua-Enforcer logs to $Env:TEMP\Aquasec\";
+            Copy-Item -Path "C:\Program Files\AquaSec\log" -Destination "$Env:TEMP\Aquasec" -Recurse -Force -ErrorAction SilentlyContinue;
+            Write-Output "Removing $Installation.Name...";
+            $argList=@("/X",$Installation.IdentifyingNumber,"/qn","/L $Env:TEMP\Aquasec\AquaAgentWindowsInstaller.remove.log","/norestart","MSIRESTARTMANAGERCONTROL=Disable");
+            $Process=Start-Process -FilePath msiexec.exe -ArgumentList $argList -NoNewWindow -PassThru -Wait;
+          };
+        - Write-Output "List $Env:CONTAINER_SANDBOX_MOUNT_POINT";
+        - Get-ChildItem -Path $Env:CONTAINER_SANDBOX_MOUNT_POINT;
+        - Copy-Item -Path $(Join-Path -Path "$Env:CONTAINER_SANDBOX_MOUNT_POINT" -ChildPath "\AquaAgentWindowsInstaller.msi") -Destination $(Join-Path -Path "$Env:TEMP" -ChildPath "\AquaAgentWindowsInstaller.msi") -Force;
+        - $argList=@("/I","$Env:TEMP\AquaAgentWindowsInstaller.msi","/qn","/L*V AquaAgentWindowsInstaller.install.log");
+        - $sysEnv=@(Get-ChildItem -Path Env:) | ForEach { $argList+=$_.Name+'="'+$_.Value+'"' };
+        - Write-Output "Running Start-Process -FilePath msiexec.exe -ArgumentList " $argList " -NoNewWindow -PassThru -Wait";
+        - $Process=Start-Process -FilePath msiexec.exe -ArgumentList $argList -NoNewWindow -PassThru -Wait;
+        - Get-Content AquaAgentWindowsInstaller.install.log;
+        - While ( $true ){ Start-Sleep -s 30 }
         startupProbe:
           exec:
             command:
             - powershell.exe
             - -c
             - Get-Service -Name slkd
+          timeoutSeconds: 5
           initialDelaySeconds: 15
           periodSeconds: 15
         envFrom:
@@ -129,15 +132,15 @@ spec:
               command:
               - powershell.exe
               - -command
-              - |
-                $Installation = Get-WmiObject -Class Win32_Product | Where-Object {$_.Vendor -eq "Aqua Security"}
-                if ($Installation -ne $null) {
-                  Write-Output "Backing up Aqua-Enforcer logs to C:\Temp\Aquasec\"
-                  Copy-Item -Path "C:\Program Files\AquaSec\log" -Destination "C:\Temp\Aquasec\" -Recurse -Force -ErrorAction SilentlyContinue
-                  Write-Output "Removing $Installation.Name..."
-                  $argList=@("/X",$Installation.IdentifyingNumber,"/qn","/L C:\Temp\Aquasec\AquaAgentWindowsInstaller.remove.log","/norestart","MSIRESTARTMANAGERCONTROL=Disable")
-                  $Process=Start-Process -FilePath msiexec.exe -ArgumentList $argList -NoNewWindow -PassThru -Wait
-                }
+              - $Installation = Get-WmiObject -Class Win32_Product | Where-Object {$_.Vendor -eq "Aqua Security"};
+              - if ($Installation -ne $null) {
+                  Get-ChildItem -Path "C:\Program Files\AquaSec\log";
+                  Write-Output "Backing up Aqua-Enforcer logs to $Env:TEMP\Aquasec\";
+                  Copy-Item -Path "C:\Program Files\AquaSec\log" -Destination "$Env:TEMP\Aquasec\" -Recurse -Force -ErrorAction SilentlyContinue;
+                  Write-Output "Removing $Installation.Name...";
+                  $argList=@("/X",$Installation.IdentifyingNumber,"/qn","/L $Env:TEMP\Aquasec\AquaAgentWindowsInstaller.remove.log","/norestart","MSIRESTARTMANAGERCONTROL=Disable");
+                  $Process=Start-Process -FilePath msiexec.exe -ArgumentList $argList -NoNewWindow -PassThru -Wait;
+                };
         {{- if and (not .Values.windowsEnforcer.resources) .Values.expressMode }}
         resources:
           requests:

diff --git a/enforcer/values.yaml b/enforcer/values.yaml
@@ -243,7 +243,8 @@ windowsEnforcer:
       command:
       - powershell.exe
       - -c
-      - Get-Service -Name slkd
+      - Get-Service -Name slkd | Where-Object {$_.Status -eq "Running"}
+    timeoutSeconds: 5
     initialDelaySeconds: 15
     periodSeconds: 15
 
@@ -252,7 +253,14 @@ windowsEnforcer:
       command:
       - powershell.exe
       - -c
-      - Get-Service -Name slkd  | Where-Object {$_.Status -eq "Running"}
+      - Start-Process -FilePath "C:\Program Files\AquaSec\slk.exe" -ArgumentList @("health","check") -Wait -NoNewWindow -RedirectStandardOutput "$Env:TEMP\aqua-enforcer-health.check";
+      - $connection = Get-Content -Path "$Env:TEMP\aqua-enforcer-health.check" | Select-String "connection to management server";
+      - Get-Content -Path "$Env:TEMP\aqua-enforcer-health.check";
+      - if ($connection | Select-String "PASSED" -Quiet) {
+          Exit 0;
+        };
+      - Exit 1;
+    timeoutSeconds: 15
     initialDelaySeconds: 15
     periodSeconds: 15