Update charts

2025-09-30 03:34:26 +03:00 · 2023-07-24 17:24:40 +03:00
parent 08583fdb4c
commit edd357f297
53 changed files with 707 additions and 251 deletions
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/_helpers.tpl
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/_helpers.tpl
@@ -201,8 +201,12 @@ Extra modules.

 - name: {{ .name }}
  image: {{ .image }}
+  {{- if .distroless | default false }}
+  command: ['/init_module']
+  {{- else }}
  command: ['sh', '-c', '/usr/local/bin/init_module.sh']
-  {{- if (.containerSecurityContext) }}
+  {{- end }}
+  {{- if .containerSecurityContext }}
  securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }}
  {{- end }}
  volumeMounts:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-learning-pvc.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-learning-pvc.yaml
@@ -1,3 +1,4 @@
+{{- if not (eq .Values.kind "Vanilla") -}}
 {{- if and (eq "standalone" .Values.appsec.mode) (eq .Values.appsec.persistence.enabled true) -}}
 kind: PersistentVolumeClaim
 apiVersion: v1
@@ -18,3 +19,4 @@ spec:
  storageClassName: {{ required "A storage class for learning data is required" .Values.appsec.persistence.learning.storageClass.name }}
 {{- end -}}
 {{- end }}
+{{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-pvc.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-pvc.yaml
@@ -1,4 +1,4 @@
-{{- if (eq .Values.controller.kind "Deployment") -}}
+{{- if (and (eq .Values.kind "AppSec") .Values.appsec.persistence.enabled) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-settings-configmap.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-settings-configmap.yaml
@@ -0,0 +1,32 @@
+{{- if not (eq .Values.kind "Vanilla") -}}
+{{- if .Values.appsec.configMapContent }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.appsec.configMapName | default "appsec-settings-configmap" | quote }}
+data:
+  {{- if .Values.appsec.configMapContent.crowdsec }}
+  CROWDSEC_ENABLED: {{ .Values.appsec.configMapContent.crowdsec.enabled | default "false"  | quote }}
+  {{- if .Values.appsec.configMapContent.crowdsec.api }}
+  CROWDSEC_API_URL: {{ .Values.appsec.configMapContent.crowdsec.api.url | default "http://crowdsec-service:8080/v1/decisions/stream" }}
+  {{- else }}
+  CROWDSEC_API_URL: "http://crowdsec-service:8080/v1/decisions/stream"
+  {{- end }}
+  {{- if .Values.appsec.configMapContent.crowdsec.auth }}
+  CROWDSEC_AUTH_METHOD: {{ .Values.appsec.configMapContent.crowdsec.auth.method | default "apikey" }}
+  {{- else }}
+  CROWDSEC_AUTH_METHOD: "apikey"
+  {{- end }}
+  {{- if .Values.appsec.configMapContent.crowdsec.mode }}
+  CROWDSEC_MODE: {{ .Values.appsec.configMapContent.crowdsec.mode | default "prevent" }}
+  {{- else }}
+  CROWDSEC_MODE: "prevent"
+  {{- end }}
+  {{- if .Values.appsec.configMapContent.crowdsec.logging }}
+  CROWDSEC_LOGGING: {{ .Values.appsec.configMapContent.crowdsec.logging | default "enabled" }}
+  {{- else }}
+  CROWDSEC_LOGGING: "enabled"
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-settings-secret.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec-settings-secret.yaml
@@ -0,0 +1,12 @@
+{{- if not (eq .Values.kind "Vanilla") -}}
+{{ if .Values.appsec.secretContent }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.appsec.secretName | default "appsec-settings-secret" | quote }}
+data:
+  {{- if and .Values.appsec.secretContent.crowdsec .Values.appsec.secretContent.crowdsec.auth }}
+  CROWDSEC_AUTH_DATA: {{ .Values.appsec.secretContent.crowdsec.auth.data | b64enc }}
+  {{- end }}
+{{ end }}
+{{ end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-statefulset.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-statefulset.yaml
@@ -1,6 +1,15 @@
-{{- if or (eq .Values.controller.kind "StatefulSet") (eq .Values.controller.kind "Both") -}}
+{{- if  (not (eq .Values.kind "Vanilla")) }}
+{{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
+{{- if (eq .Values.kind "AppSec") }}
+{{- if (eq .Values.controller.kind "DaemonSet") }}
+kind: DaemonSet
+{{- else }}
+kind: Deployment
+{{- end }}
+{{- else if eq .Values.kind "AppSecStateful" }}
 kind: StatefulSet
+{{- end }}
 metadata:
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
@@ -19,15 +28,25 @@ spec:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: controller
  {{- if not .Values.controller.autoscaling.enabled }}
+  {{- if eq .Values.kind "AppSecStateful" }}
  serviceName: "open-appsec-stateful-set"
+  {{- end }}
+  {{- if or (not (eq .Values.controller.kind "DaemonSet")) (and (eq .Values.kind "AppSecStateful") (eq .Values.controller.kind "DaemonSet")) }}
  replicas: {{ .Values.controller.replicaCount }}
  {{- end }}
+  {{- end }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  {{- if .Values.controller.updateStrategy }}
+  {{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
+  updateStrategy:
+  {{- else }}
  strategy:
+  {{- end }}
    {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
  {{- end }}
-  #minReadySeconds: {{ .Values.controller.minReadySeconds }}
+  {{- if (eq .Values.kind "AppSec") }}
+  minReadySeconds: {{ .Values.controller.minReadySeconds }}
+  {{- end }}
  template:
    metadata:
    {{- if .Values.controller.podAnnotations }}
@@ -79,6 +98,10 @@ spec:
        - name: {{ .Values.appsec.name }}
          securityContext:
            {{ toYaml .Values.appsec.securityContext | nindent 12 }}
+          {{- $tag := .Values.appsec.image.tag }}
+          {{- if .Values.appsec.configMapContent.crowdsec.enabled }}
+          {{- $tag = "crowdsec-1.2314-rc1" }}
+          {{- end }}
          {{- with .Values.appsec.image }}
          image: "{{- if .registry }}{{ .registry }}/{{- end }}{{- if .repository }}{{ .repository }}/{{- end }}{{ .image }}{{- if .tag }}:{{ .tag }}{{- end }}{{- if (.digest) -}} @{{.digest}} {{- end }}"
          {{- end }}
@@ -106,6 +129,8 @@ spec:
          env:
            - name: user_email
              value: {{ .Values.appsec.userEmail }}
+            - name: registered_server
+              value: "NGINX Server"
        {{- if eq .Values.appsec.playground false }}
            - name: SHARED_STORAGE_HOST
              value: {{ .Values.appsec.storage.name }}-svc
@@ -115,20 +140,29 @@ spec:
            - name: PLAYGROUND
              value: "true"
        {{- end }}
+          envFrom:
+          - configMapRef:
+              name: {{ .Values.appsec.configMapName | default "appsec-settings-configmap" }}
+          - secretRef:
+              name: {{ .Values.appsec.secretName | default "appsec-settings-secret" }}
          resources:
            {{ toYaml .Values.resources | nindent 12 }}
          volumeMounts:
          - name: advanced-model
            mountPath: /advanced-model
-        {{- if .Values.appsec.persistence.enabled }}
+        {{- if (eq .Values.appsec.persistence.enabled true) }}
          - name: appsec-conf
            mountPath: /etc/cp/conf
          - name: appsec-data
            mountPath: /etc/cp/data
        {{- end }}
        - name: {{ .Values.controller.containerName }}
-          {{- with .Values.controller.image }}
-          image: "{{- if .registry }}{{ .registry }}/{{- end }}{{- if .repository }}{{ .repository }}/{{- end }}{{ .image }}{{- if .tag }}:{{ .tag }}{{- end }}{{- if (.digest) -}} @{{.digest}} {{- end }}"
+          {{- $tag := .Values.appsec.nginx.image.tag }}
+          {{- if .Values.appsec.configMapContent.crowdsec.enabled }}
+          {{- $tag = "1.2303.1-rc1-v1.3.0" }}
+          {{- end }}
+          {{- with .Values.appsec.nginx.image }}
+          image: "{{ .repository }}:{{ .tag }}"
          {{- end }}
          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
        {{- if .Values.controller.lifecycle }}
@@ -240,7 +274,11 @@ spec:
      {{- end }}
      {{- if .Values.controller.opentelemetry.enabled}}
          {{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
-          {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}}
+          {{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
+          {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext ) | nindent 8}}
+          {{ else }}
+          {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" false) | nindent 8}}
+          {{- end }}
      {{- end}}
    {{- end }}
    {{- if .Values.controller.hostNetwork }}
@@ -266,6 +304,14 @@ spec:
          configMap:
            name: advanced-model-config
            optional: true
+      {{- if (and (eq .Values.kind "AppSec") .Values.appsec.persistence.enabled) }}
+        - name: appsec-conf
+          persistentVolumeClaim:
+            claimName: {{ .Values.appsec.name }}-conf
+        - name: appsec-data
+          persistentVolumeClaim:
+            claimName: {{ .Values.appsec.name }}-data
+      {{- end }}
      {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
        - name: modules
          emptyDir: {}
@@ -294,7 +340,7 @@ spec:
        {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
      {{- end }}
    {{- end }}
-{{- if .Values.appsec.persistence.enabled }}
+  {{- if (and (eq .Values.kind "AppSecStateful") .Values.appsec.persistence.enabled) }}
  volumeClaimTemplates:
  - metadata:
      name: appsec-conf
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-daemonset.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-daemonset.yaml
@@ -1,4 +1,4 @@
-{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}}
+{{- if and (eq .Values.kind "Vanilla") (or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both")) -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: DaemonSet
@@ -53,12 +53,12 @@ spec:
      imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.priorityClassName }}
-      priorityClassName: {{ .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName | quote }}
    {{- end }}
    {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
      securityContext:
    {{- end }}
-    {{- if .Values.controller.podSecurityContext  }}
+    {{- if .Values.controller.podSecurityContext }}
        {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
    {{- end }}
    {{- if .Values.controller.sysctls }}
@@ -143,11 +143,15 @@ spec:
              hostPort: {{ $key }}
              {{- end }}
          {{- end }}
-        {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }}
+        {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
          volumeMounts:
-          {{- if .Values.controller.extraModules }}
+          {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
            - name: modules
+            {{ if .Values.controller.image.chroot }}
+              mountPath: /chroot/modules_mount
+            {{ else }}
              mountPath: /modules_mount
+            {{ end }}
          {{- end }}
          {{- if .Values.controller.customTemplate.configMapName }}
            - mountPath: /etc/nginx/template
@@ -169,9 +173,7 @@ spec:
      {{- if .Values.controller.extraContainers }}
        {{ toYaml .Values.controller.extraContainers | nindent 8 }}
      {{- end }}
-
-
-    {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }}
+    {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
      initContainers:
      {{- if .Values.controller.extraInitContainers }}
        {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-deployment.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-deployment.yaml
@@ -1,4 +1,4 @@
-{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
+{{- if and (eq .Values.kind "Vanilla") (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
 {{- include  "isControllerTagValid" . -}}
 apiVersion: apps/v1
 kind: Deployment
@@ -76,59 +76,9 @@ spec:
      shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }}
    {{- end }}
      containers:
-        - name: {{ .Values.appsec.name }}
-          securityContext:
-            {{ toYaml .Values.appsec.securityContext | nindent 12 }}
-          {{- with .Values.appsec.image }}
-          image: "{{- if .registry }}{{ .registry }}/{{- end }}{{- if .repository }}{{ .repository }}/{{- end }}{{ .image }}{{- if .tag }}:{{ .tag }}{{- end }}{{- if (.digest) -}} @{{.digest}} {{- end }}"
-          {{- end }}
-          command:
-          - {{ .Values.appsec.command }}
-          imagePullPolicy: {{ .Values.appsec.image.pullPolicy }}
-          args:
-        {{- if (eq "standalone" .Values.appsec.mode) }}
-          - --hybrid-mode
-          - --token
-          - cp-3fb5c718-5e39-47e6-8d5e-99b4bc5660b74b4b7fc8-5312-451d-a763-aaf7872703c0
-        {{- else }}
-          - --token
-          - {{ .Values.appsec.agentToken }}
-        {{- end -}}
-        {{- if .Values.appsec.customFog.enabled }}
-          - --fog
-          - {{ .Values.appsec.customFog.fogAddress }}
-        {{- end }}
-        {{- if .Values.appsec.proxy }}
-          - --proxy
-          - {{ .Values.appsec.proxy }}
-        {{- end }}
-          imagePullPolicy: {{ .Values.appsec.image.pullPolicy }}
-          env:
-            - name: user_email
-              value: {{ .Values.appsec.userEmail }}
-        {{- if eq .Values.appsec.playground false }}
-            - name: SHARED_STORAGE_HOST
-              value: {{ .Values.appsec.storage.name }}-svc
-            - name: LEARNING_HOST
-              value: {{ .Values.appsec.learning.name }}-svc
-        {{- else }}
-            - name: PLAYGROUND
-              value: "true"
-        {{- end }}
-          resources:
-            {{ toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-          - name: advanced-model
-            mountPath: /advanced-model
-        {{- if .Values.appsec.persistence.enabled }}
-          - name: appsec-conf
-            mountPath: /etc/cp/conf
-          - name: appsec-data
-            mountPath: /etc/cp/data
-        {{- end }}
        - name: {{ .Values.controller.containerName }}
          {{- with .Values.controller.image }}
-          image: "{{- if .registry }}{{ .registry }}/{{- end }}{{- if .repository }}{{ .repository }}/{{- end }}{{ .image }}{{- if .tag }}:{{ .tag }}{{- end }}{{- if (.digest) -}} @{{.digest}} {{- end }}"
+          image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}"
          {{- end }}
          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
        {{- if .Values.controller.lifecycle }}
@@ -240,7 +190,7 @@ spec:
      {{- end }}
      {{- if .Values.controller.opentelemetry.enabled}}
          {{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
-          {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}}
+          {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" false) | nindent 8}}
      {{- end}}
    {{- end }}
    {{- if .Values.controller.hostNetwork }}
@@ -260,14 +210,8 @@ spec:
    {{- end }}
      serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
-      volumes:
-        - name: appsec-conf
-          persistentVolumeClaim:
-            claimName: {{ .Values.appsec.name }}-conf
-        - name: appsec-data
-          persistentVolumeClaim:
-            claimName: {{ .Values.appsec.name }}-data
    {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
+      volumes:
      {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
        - name: modules
          emptyDir: {}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-hpa.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-hpa.yaml
@@ -1,12 +1,9 @@
-{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
-{{- if not .Values.controller.keda.enabled }}
-
-apiVersion: {{ .Values.controller.autoscaling.apiVersion }}
+{{- if and (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) .Values.controller.autoscaling.enabled (not .Values.controller.keda.enabled) -}}
+apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
 kind: HorizontalPodAutoscaler
 metadata:
-  annotations:
  {{- with .Values.controller.autoscaling.annotations }}
-  {{- toYaml . | trimSuffix "\n" | nindent 4 }}
+  annotations: {{ toYaml . | nindent 4 }}
  {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
@@ -48,5 +45,3 @@ spec:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
-{{- end }}
-
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-keda.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-keda.yaml
@@ -25,6 +25,11 @@ spec:
  cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
  minReplicaCount: {{ .Values.controller.keda.minReplicas }}
  maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
+{{- with .Values.controller.keda.fallback }}
+  fallback:
+    failureThreshold: {{ .failureThreshold | default 3 }}
+    replicas: {{ .replicas | default $.Values.controller.keda.maxReplicas }}
+{{- end }}
  triggers:
 {{- with .Values.controller.keda.triggers }}
 {{ toYaml . | indent 2 }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-poddisruptionbudget.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-poddisruptionbudget.yaml
@@ -10,12 +10,15 @@ metadata:
    {{- end }}
  name: {{ include "ingress-nginx.controller.fullname" . }}
  namespace: {{ .Release.Namespace }}
+  {{- if .Values.controller.annotations }}
+  annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
+  {{- end }}
 spec:
  selector:
    matchLabels:
      {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/component: controller
-  {{- if .Values.controller.minAvailable }}
+  {{- if and .Values.controller.minAvailable (not (hasKey .Values.controller "maxUnavailable")) }}
  minAvailable: {{ .Values.controller.minAvailable }}
  {{- else if .Values.controller.maxUnavailable }}
  maxUnavailable: {{ .Values.controller.maxUnavailable }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-service.yaml
@@ -28,6 +28,9 @@ spec:
 {{- if .Values.controller.service.loadBalancerSourceRanges }}
  loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
 {{- end }}
+{{- if .Values.controller.service.loadBalancerClass }}
+  loadBalancerClass: {{ .Values.controller.service.loadBalancerClass }}
+{{- end }}
 {{- if .Values.controller.service.externalTrafficPolicy }}
  externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-hpa.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/default-backend-hpa.yaml
@@ -1,37 +1,40 @@
 {{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }}
-apiVersion: {{ .Values.defaultBackend.autoscaling.apiVersion }}
+apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }}
 kind: HorizontalPodAutoscaler
 metadata:
+  {{- with .Values.defaultBackend.autoscaling.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
  labels:
    {{- include "ingress-nginx.labels" . | nindent 4 }}
    app.kubernetes.io/component: default-backend
    {{- with .Values.defaultBackend.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
-  name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
+  name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
-    name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
+    name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
  minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
  metrics:
-{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ . }}
-{{- end }}
-{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ . }}
-{{- end }}
+  {{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: {{ . }}
+  {{- end }}
+  {{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: {{ . }}
+  {{- end }}
 {{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/learning-deployment.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/learning-deployment.yaml
@@ -1,3 +1,4 @@
+{{- if not (eq .Values.kind "Vanilla") -}}
 {{- if and (eq "standalone" .Values.appsec.mode) (eq .Values.appsec.playground false) }}
 apiVersion: apps/v1
 kind: Deployment
@@ -137,3 +138,4 @@ spec:
            claimName: {{ .Values.appsec.name }}-storage
      {{- end }}
 {{- end }}
+{{- end }}
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/learning-services.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/learning-services.yaml
@@ -1,3 +1,4 @@
+{{- if not (eq .Values.kind "Vanilla") -}}
 {{- if and (eq "standalone" .Values.appsec.mode) (eq .Values.appsec.playground false) }}
 apiVersion: v1
 kind: Service
@@ -31,3 +32,4 @@ spec:
  selector:
    app: {{ .Values.appsec.storage.name }}-lbl
 {{- end }}
+{{- end }}