Merge pull request #44 from jullianow/fixes_adjustments

olhado · web-flow · commit ea2549e15b27 · 2022-09-07T12:33:18.000-04:00
[Helm] Correction in templates and enabling use of PowerMode and Ebpf
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -86,6 +86,17 @@ Return eBPF configuration required if enabled
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return Low Power Mode configuration required if enabled
+*/}}
+{{- define "threatstack-agent.daemonset-lowPowerMode-config" -}}
+{{- if .Values.daemonset.enableLowPowerMode -}}
+{{- "low_power true" -}}
+{{- else -}}
+{{- "low_power false" -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return runtime config if docker is disabled
 */}}
@@ -115,14 +126,24 @@ Return runtime config if containerd is disabled
 {{- end -}}
 
 {{/*
-Return low-power config if setting is enabled
+Return Service Account Name if rbac is enabled
 */}}
-{{- define "threatstack-agent.daemonset-lowpower-config" -}}
-{{- if kindIs "invalid" .Values.daemonset.enableLowPowerMode -}}
+{{- define "threatstack-agent.serviceAccountName" -}}
+{{- if .Values.rbac.create -}}
+{{ include "threatstack-agent.name" . }}
 {{- else -}}
-{{- if eq .Values.daemonset.enableLowPowerMode false -}}
-{{- else -}}
-{{- default "--low_power=true" -}}
+{{ .Values.rbac.serviceAccountName }}
+{{- end -}}
 {{- end -}}
+
+{{/*
+Return Additional Runtime Config for Daemonset
+*/}}
+{{- define "threatstack-agent.daemonset-runtimeConfig" -}}
+{{- $runtimeConfig := list (include "threatstack-agent.docker-config" .) (include "threatstack-agent.containerd-config" .) -}}
+{{- $runtimeConfig = append $runtimeConfig (include "threatstack-agent.daemonset-lowPowerMode-config" .) -}}
+{{- $runtimeConfig = append $runtimeConfig (include "threatstack-agent.daemonset-ebpf-config" .) -}}
+{{- $runtimeConfig = append $runtimeConfig .Values.daemonset.additionalRuntimeConfig -}}
+
+{{ $runtimeConfig | join " " }}
 {{- end -}}
-{{- end -}}
diff --git a/templates/cluster-rolebinding.yaml b/templates/cluster-rolebinding.yaml
@@ -35,5 +35,5 @@ roleRef:
   name: {{ include "threatstack-agent.name" .}}
 subjects: 
 - kind: ServiceAccount
-  name: {{ include "threatstack-agent.name" .}}
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "threatstack-agent.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/templates/configmap.yaml b/templates/configmap.yaml
@@ -30,7 +30,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
-  config-args: {{ include "threatstack-agent.docker-config" . }} {{ include "threatstack-agent.containerd-config" . }} {{ include "threatstack-agent.daemonset-ebpf-config" . }} {{ .Values.daemonset.additionalRuntimeConfig}}
+  config-args: {{ include "threatstack-agent.daemonset-runtimeConfig" . }}
   kubernetes-api-config-args: enable_kubes_master 1 {{ .Values.apiReader.additionalRuntimeConfig }}
 {{- if .Values.daemonset.customAuditRules }}
   custom-audit-rules-content: {{ toYaml .Values.daemonset.customAuditRules | indent 4 }}
diff --git a/templates/daemonset.yaml b/templates/daemonset.yaml
@@ -82,7 +82,7 @@ spec:
 {{- end }}
       hostNetwork: true
       hostPID: true
-      serviceAccountName: {{ if .Values.rbac.create }}{{ include "threatstack-agent.name" . }}{{ else }}{{ .Values.rbac.serviceAccountName }}{{ end }}
+      serviceAccountName: {{ include "threatstack-agent.serviceAccountName" . }}
       containers:
       - image: {{ .Values.image.repository }}:{{ if not .Values.image.version }}{{ .Chart.AppVersion }}{{ else }}{{ .Values.image.version }}{{ end }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -201,4 +201,4 @@ spec:
         - hostPath:
             path: /sys/kernel/debug
           name: kernel-debug
-{{- end }}
+{{- end }}
diff --git a/templates/deployment-api-reader.yaml b/templates/deployment-api-reader.yaml
@@ -83,7 +83,7 @@ spec:
 {{- end }}
       hostNetwork: true
       hostPID: true
-      serviceAccountName: {{ if .Values.rbac.create }}{{ include "threatstack-agent.name" . }}{{ else }}{{ .Values.rbac.serviceAccountName }}{{ end }}
+      serviceAccountName: {{ include "threatstack-agent.serviceAccountName" . }}
       containers:
       - image: {{ .Values.image.repository }}:{{ if not .Values.image.version }}{{ .Chart.AppVersion }}{{ else }}{{ .Values.image.version }}{{ end }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
diff --git a/templates/secrets.yaml b/templates/secrets.yaml
@@ -32,5 +32,5 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 type: Opaque
 stringData:
-  ts-setup-args: "--deploy-key {{ .Values.agentDeployKey }} --ruleset '{{ .Values.rulesets }}' {{ include "threatstack-agent.daemonset-lowpower-config" . }} {{ .Values.additionalSetupConfig }}"
-{{- end -}}
+  ts-setup-args: "--deploy-key {{ .Values.agentDeployKey }} --ruleset '{{ .Values.rulesets }}'"
+{{- end }}
diff --git a/templates/service-account.yaml b/templates/service-account.yaml
@@ -24,10 +24,10 @@
 kind: ServiceAccount
 apiVersion: v1
 metadata: 
-  name: {{ include "threatstack-agent.name" .}}
+  name: {{ include "threatstack-agent.serviceAccountName" . }}
   labels:
     app.kubernetes.io/name: {{ include "threatstack-agent.name" . }}
     helm.sh/chart: {{ include "threatstack-agent.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
+{{- end }}
diff --git a/values.yaml b/values.yaml
@@ -298,4 +298,4 @@ daemonset:
   customLuaFilter: ""
 
   securityContext:
-    privileged: false
+    privileged: false
