stuff

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>

install/kubernetes/templates/_container_tetragon.tpl

@@ -82,5 +82,11 @@
 - name: {{ include "container.tetragon.name" . }}-operator
   image: "{{ if .Values.tetragonOperator.image.override }}{{ .Values.tetragonOperator.image.override }}{{ else }}{{ .Values.tetragonOperator.image.repository }}{{ .Values.tetragonOperator.image.suffix }}:{{ .Values.tetragonOperator.image.tag }}{{ end }}"
   imagePullPolicy: {{ .Values.imagePullPolicy }}
+  args:
+    - --config-dir=/etc/tetragon/tetragon-operator.conf.d/
+  volumeMounts:
+    - mountPath: /etc/tetragon/tetragon.conf.d/
+      name: tetragon-operator-config
+      readOnly: true
 {{- end }}
 {{- end -}}

install/kubernetes/templates/daemonset.yaml

@@ -95,6 +95,11 @@ spec:
       - emptyDir: {}
         name: metadata-files
 {{- end }}
+{{- end }}
+{{- if .Values.tetragonOperator.enabled }}
+      - name: tetragon-operator-config
+        configMap:
+          name: {{ .Chart.Name }}-operator-config
 {{- end }}
       {{- with .Values.extraVolumes }}
         {{- toYaml . | nindent 6 }}

install/kubernetes/templates/operator_configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-operator-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "tetragon-operator.labels" . | nindent 4 }}
+data:
+  skip-crd-creation: {{ .Values.tetragonOperator.skipCRDCreation | quote }}

install/kubernetes/values.yaml

@@ -158,6 +158,8 @@ tetragonOperator:
     tag: v0.10.0
     # tetragon-operator image-digest
     suffix: ""
+  # Skip CRD creation.
+  skipCRDCreation: false
 export:
   # "stdout". "" to disable.
   mode: "stdout"

operator/flags.go

@@ -18,6 +18,7 @@ import (
 	"strings"
 
 	operatorOption "github.com/cilium/tetragon/operator/option"
+	"github.com/cilium/tetragon/pkg/option"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -33,6 +34,15 @@ func initializeFlags() {
 		viper.SetEnvKeyReplacer(replacer)
 		viper.SetEnvPrefix(operatorOption.TetragonOpEnvPrefix)
 		viper.AutomaticEnv()
+		configDir := viper.GetString(operatorOption.ConfigDir)
+		if configDir != "" {
+			err := option.ReadConfigDir(configDir)
+			if err != nil {
+				log.WithField(operatorOption.ConfigDir, configDir).WithError(err).Fatal("Failed to read config from directory")
+			} else {
+				log.WithField(operatorOption.ConfigDir, configDir).Info("Loaded config from directory")
+			}
+		}
 	})
 
 	flags := rootCmd.Flags()
@@ -44,11 +54,14 @@ func initializeFlags() {
 
 	flags.String(operatorOption.KubeCfgPath, "", "Kubeconfig filepath to connect to k8s")
 
+	flags.String(operatorOption.ConfigDir, "", "Directory in which tetragon-operator-config configmap is mounted")
+
 	viper.BindPFlags(flags)
 }
 
 // Populate sets all options with the values from viper.
 func configPopulate() {
 	operatorOption.Config.SkipCRDCreation = viper.GetBool(operatorOption.SkipCRDCreation)
 	operatorOption.Config.KubeCfgPath = viper.GetString(operatorOption.KubeCfgPath)
+	operatorOption.Config.ConfigDir = viper.GetString(operatorOption.ConfigDir)
 }

operator/option/config.go

@@ -26,6 +26,9 @@ const (
 
 	// KubeCfgPath is the path to a kubeconfig file
 	KubeCfgPath = "kube-config"
+
+	// ConfigDir specifies the directory in which tetragon-operator-config configmap is mounted.
+	ConfigDir = "config-dir"
 )
 
 // OperatorConfig is the configuration used by the operator.
@@ -36,6 +39,9 @@ type OperatorConfig struct {
 
 	// KubeCfgPath allows users to specify a kubeconfig file to be used by the operator
 	KubeCfgPath string
+
+	// ConfigDir specifies the directory in which tetragon-operator-config configmap is mounted.
+	ConfigDir string
 }
 
 // Config represents the operator configuration.