remove process metrics config

Author: kondracek-nr

charts/newrelic-infrastructure/templates/NOTES.txt

@@ -39,17 +39,12 @@ Windows privileged mode is enabled (windows.privileged: true). The Windows kubel
 HostProcess containers, which execute directly on the Windows host with elevated privileges.
 
 HostProcess containers:
-  {{- if .Values.enableProcessMetrics }}
-  - Kubelet scraper runs as NT AUTHORITY\Local service
-  - Agent runs as NT AUTHORITY\SYSTEM (required for enableProcessMetrics: true)
-  {{- else }}
   - Both containers run as NT AUTHORITY\Local service
-  {{- end }}
   - Have full access to the host filesystem via CONTAINER_SANDBOX_MOUNT_POINT
   - Require hostNetwork: true (pods use the host's network namespace)
   - Are supported on Windows Server 2019 and later
 
-This mode provides full monitoring capabilities including {{ if .Values.enableProcessMetrics }}process metrics and {{ end }}network statistics, but requires
+This mode provides full monitoring capabilities including network statistics, but requires
 administrative privileges on Windows nodes. If you need to run in a more restricted environment, set
 `windows.privileged: false` to use standard container isolation.
 {{- end }}

charts/newrelic-infrastructure/templates/kubelet/_agent-config_helper.tpl

@@ -16,15 +16,6 @@ either `true` or `false`. So we test if the variable is a boolean and in that ca
 {{- if (get .Values "enableProcessMetrics" | kindIs "bool") }}
 enable_process_metrics: {{ .Values.enableProcessMetrics }}
 {{- end }}
-{{- /*
-`enable_elevated_process_priv` enables SeDebugPrivilege on Windows for enhanced process visibility.
-Auto-enable when enableProcessMetrics is true AND enableWindows is true, since Windows HostProcess
-containers are inherently privileged and partial process visibility is less useful.
-Users can still override via kubelet.agentConfig.enable_elevated_process_priv if needed.
-*/}}
-{{- if and (get .Values "enableProcessMetrics") (get .Values "enableWindows") }}
-enable_elevated_process_priv: true
-{{- end }}
 {{- end -}}
 
 

charts/newrelic-infrastructure/templates/kubelet/daemonset-windows.yaml

@@ -144,11 +144,7 @@ spec:
             windowsOptions:
               {{- if include "nriKubernetes.windows.privileged" $ }}
               hostProcess: true
-              {{- if $.Values.enableProcessMetrics }}
-              runAsUserName: "NT AUTHORITY\\SYSTEM"
-              {{- else }}
               runAsUserName: "NT AUTHORITY\\Local service"
-              {{- end }}
               {{- else }}
               hostProcess: false
               runAsUserName: "ContainerUser"

charts/newrelic-infrastructure/tests/elevated_process_privilege_test.yaml

@@ -29,7 +29,7 @@ tests:
           value: true
         template: templates/kubelet/daemonset-windows.yaml
 
-  - it: should set correct user accounts in privileged mode with enableProcessMetrics
+  - it: should use Local service for agent when privileged regardless of enableProcessMetrics
     set:
       licenseKey: test
       cluster: test
@@ -46,7 +46,7 @@ tests:
         template: templates/kubelet/daemonset-windows.yaml
       - equal:
           path: spec.template.spec.containers[1].securityContext.windowsOptions.runAsUserName
-          value: "NT AUTHORITY\\SYSTEM"
+          value: "NT AUTHORITY\\Local service"
         template: templates/kubelet/daemonset-windows.yaml
 
   - it: should use Local service for agent when privileged without enableProcessMetrics