diff --git a/install/kubernetes/templates/_container_tetragon.tpl b/install/kubernetes/templates/_container_tetragon.tpl index 15cebb8b96e..525a235831d 100644 --- a/install/kubernetes/templates/_container_tetragon.tpl +++ b/install/kubernetes/templates/_container_tetragon.tpl @@ -82,5 +82,11 @@ - name: {{ include "container.tetragon.name" . }}-operator image: "{{ if .Values.tetragonOperator.image.override }}{{ .Values.tetragonOperator.image.override }}{{ else }}{{ .Values.tetragonOperator.image.repository }}{{ .Values.tetragonOperator.image.suffix }}:{{ .Values.tetragonOperator.image.tag }}{{ end }}" imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - --config-dir=/etc/tetragon/tetragon-operator.conf.d/ + volumeMounts: + - mountPath: /etc/tetragon/tetragon.conf.d/ + name: tetragon-operator-config + readOnly: true {{- end }} {{- end -}} diff --git a/install/kubernetes/templates/daemonset.yaml b/install/kubernetes/templates/daemonset.yaml index 44636ce677f..d83ddd1d72d 100644 --- a/install/kubernetes/templates/daemonset.yaml +++ b/install/kubernetes/templates/daemonset.yaml @@ -95,6 +95,11 @@ spec: - emptyDir: {} name: metadata-files {{- end }} +{{- end }} +{{- if .Values.tetragonOperator.enabled }} + - name: tetragon-operator-config + configMap: + name: {{ .Chart.Name }}-operator-config {{- end }} {{- with .Values.extraVolumes }} {{- toYaml . | nindent 6 }} diff --git a/install/kubernetes/templates/operator_configmap.yaml b/install/kubernetes/templates/operator_configmap.yaml new file mode 100644 index 00000000000..2f623ab398e --- /dev/null +++ b/install/kubernetes/templates/operator_configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-operator-config + namespace: {{ .Release.Namespace }} + labels: + {{- include "tetragon-operator.labels" . | nindent 4 }} +data: + skip-crd-creation: {{ .Values.tetragonOperator.skipCRDCreation | quote }} diff --git a/install/kubernetes/values.yaml b/install/kubernetes/values.yaml index 071a73b22e2..4e42e30e195 100644 --- a/install/kubernetes/values.yaml +++ b/install/kubernetes/values.yaml @@ -158,6 +158,8 @@ tetragonOperator: tag: v0.10.0 # tetragon-operator image-digest suffix: "" + # Skip CRD creation. + skipCRDCreation: false export: # "stdout". "" to disable. mode: "stdout" diff --git a/operator/flags.go b/operator/flags.go index 0958613224e..a402331535e 100644 --- a/operator/flags.go +++ b/operator/flags.go @@ -18,6 +18,7 @@ import ( "strings" operatorOption "github.com/cilium/tetragon/operator/option" + "github.com/cilium/tetragon/pkg/option" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -33,6 +34,15 @@ func initializeFlags() { viper.SetEnvKeyReplacer(replacer) viper.SetEnvPrefix(operatorOption.TetragonOpEnvPrefix) viper.AutomaticEnv() + configDir := viper.GetString(operatorOption.ConfigDir) + if configDir != "" { + err := option.ReadConfigDir(configDir) + if err != nil { + log.WithField(operatorOption.ConfigDir, configDir).WithError(err).Fatal("Failed to read config from directory") + } else { + log.WithField(operatorOption.ConfigDir, configDir).Info("Loaded config from directory") + } + } }) flags := rootCmd.Flags() @@ -44,6 +54,8 @@ func initializeFlags() { flags.String(operatorOption.KubeCfgPath, "", "Kubeconfig filepath to connect to k8s") + flags.String(operatorOption.ConfigDir, "", "Directory in which tetragon-operator-config configmap is mounted") + viper.BindPFlags(flags) } @@ -51,4 +63,5 @@ func initializeFlags() { func configPopulate() { operatorOption.Config.SkipCRDCreation = viper.GetBool(operatorOption.SkipCRDCreation) operatorOption.Config.KubeCfgPath = viper.GetString(operatorOption.KubeCfgPath) + operatorOption.Config.ConfigDir = viper.GetString(operatorOption.ConfigDir) } diff --git a/operator/option/config.go b/operator/option/config.go index 7bdaa819f5e..c6ce007505f 100644 --- a/operator/option/config.go +++ b/operator/option/config.go @@ -26,6 +26,9 @@ const ( // KubeCfgPath is the path to a kubeconfig file KubeCfgPath = "kube-config" + + // ConfigDir specifies the directory in which tetragon-operator-config configmap is mounted. + ConfigDir = "config-dir" ) // OperatorConfig is the configuration used by the operator. @@ -36,6 +39,9 @@ type OperatorConfig struct { // KubeCfgPath allows users to specify a kubeconfig file to be used by the operator KubeCfgPath string + + // ConfigDir specifies the directory in which tetragon-operator-config configmap is mounted. + ConfigDir string } // Config represents the operator configuration.