castai · eliAbdulrahman · Jun 17, 2024 · Jun 17, 2024 · Jun 18, 2024
@@ -368,6 +368,7 @@ No modules.
 | <a name="input_install_security_agent"></a> [install\_security\_agent](#input\_install\_security\_agent) | Optional flag for installation of security agent (https://docs.cast.ai/product-overview/console/security-insights/) | `bool` | `false` | no |
 | <a name="input_kvisor_values"></a> [kvisor\_values](#input\_kvisor\_values) | List of YAML formatted string values for kvisor helm chart | `list(string)` | `[]` | no |
 | <a name="input_kvisor_version"></a> [kvisor\_version](#input\_kvisor\_version) | Version of kvisor chart. If not provided, latest version will be used. | `string` | `null` | no |
+| <a name="input_kvisor_controller_extra_args"></a> [kvisor\_controller\_extra\_args](#input\_kvisor\_controller\_extra\_args) | Map of extra arguments for the kvisor controller  | `map(string)` |`{`<br>`kube-linter-enabled    = true`<br>`image-scan-enabled    = true`<br>`kube-bench-enabled    = true`<br>`kube-bench-cloud-provider     = eks`<br>`}`| no |
 | <a name="input_node_configurations"></a> [node\_configurations](#input\_node\_configurations) | Map of AKS node configurations to create | `any` | `{}` | no |
 | <a name="input_node_resource_group"></a> [node\_resource\_group](#input\_node\_resource\_group) | n/a | `string` | n/a | yes |
 | <a name="input_node_templates"></a> [node\_templates](#input\_node\_templates) | Map of node templates to create | `any` | `{}` | no |

@@ -643,19 +643,12 @@ resource "helm_release" "castai_kvisor" {
     value = var.api_grpc_addr
   }
 
-  set {
-    name  = "controller.extraArgs.kube-linter-enabled"
-    value = "true"
-  }
-
-  set {
-    name  = "controller.extraArgs.image-scan-enabled"
-    value = "true"
-  }
-
-  set {
-    name  = "controller.extraArgs.kube-bench-enabled"
-    value = "true"
+  dynamic "set" {
+    for_each = var.kvisor_controller_extra_args
+    content {
+      name  = "controller.extraArgs.${set.key}"
+      value = set.value
+    }
   }
 
   set {
@@ -700,19 +693,12 @@ resource "helm_release" "castai_kvisor_self_managed" {
     value = var.api_grpc_addr
   }
 
-  set {
-    name  = "controller.extraArgs.kube-linter-enabled"
-    value = "true"
-  }
-
-  set {
-    name  = "controller.extraArgs.image-scan-enabled"
-    value = "true"
-  }
-
-  set {
-    name  = "controller.extraArgs.kube-bench-enabled"
-    value = "true"
+  dynamic "set" {
+    for_each = merge(var.kvisor_controller_extra_args.default, var.kvisor_controller_extra_args)
+    content {
+      name  = "controller.extraArgs.${set.key}"
+      value = set.value
+    }
   }
 
   set {

@@ -23,6 +23,17 @@ variable "api_grpc_addr" {
   default     = "api-grpc.cast.ai:443"
 }
 
+variable "kvisor_controller_extra_args" {
+  type        = map(string)
+  description = "Extra arguments for the kvisor controller. Optionally enable kvisor to lint Kubernetes YAML manifests, scan workload images and check if workloads pass CIS Kubernetes Benchmarks as well as NSA, WASP and PCI recommendations."
+  default = {
+    "kube-linter-enabled"        = "true"
+    "image-scan-enabled"         = "true"
+    "kube-bench-enabled"         = "true"
+    "kube-bench-cloud-provider"  = "aks"
+  }
+}
+
 variable "aks_cluster_name" {
   type        = string
   description = "Name of the cluster to be connected to CAST AI."