helm: remove grpc.port and fix livenessProbe

Up until now, configuring gRPC listen address for the agent via the helm chart used two variables grpc.port and grpc.address. The previous patch added support for passing a unix socket address to the agent, which does not match well the grpc.address:grpc.port configuration. This patch removes the grpc.port helm variable, and, instead, relies only on grpc.address for configuration. Users can use "localhost:54321", ":54321", or "unix:///var/run/tetragon/tetragon.sock" to configure the gRPC address that the agent listens to. Furthermore, the livenessProbe of the agent relies on checking health status via the gRPC interface via the CLI (tetra status). This patch also fixes the livenessProbe so that: - it is only defined, if grpc is enabled - the proper gRPC address is used to contact the agent Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
cilium · Nov 22, 2022 · 5aaa41a · 5aaa41a
1 parent f09209f
commit 5aaa41a
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 11 deletions.
diff --git a/install/kubernetes/README.md b/install/kubernetes/README.md
@@ -64,9 +64,8 @@ Helm chart for Tetragon
 | tetragon.fieldFilters | string | `"{}"` |  |
 | tetragon.gops.address | string | `"localhost"` | The address at which to expose gops. |
 | tetragon.gops.port | int | `8118` | The port at which to expose gops. |
-| tetragon.grpc.address | string | `"localhost"` | The address at which to expose gRPC. Set it to "" to listen on all available interfaces. |
+| tetragon.grpc.address | string | `"localhost:54321"` | The address at which to expose gRPC. Examples: localhost:54321, unix:///var/run/tetragon/tetragon.sock |
 | tetragon.grpc.enabled | bool | `true` | Whether to enable exposing Tetragon gRPC. |
-| tetragon.grpc.port | int | `54321` | The port at which to expose gRPC. |
 | tetragon.image.override | string | `nil` |  |
 | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` |  |
 | tetragon.image.tag | string | `"v0.8.3"` |  |

diff --git a/install/kubernetes/templates/_container_tetragon.tpl b/install/kubernetes/templates/_container_tetragon.tpl
@@ -68,11 +68,15 @@
   resources:
     {{- toYaml . | nindent 4 }}
 {{- end }}
+{{- if .Values.tetragon.grpc.enabled }}
   livenessProbe:
-    exec:
-      command:
-      - tetra
-      - status
+     exec:
+       command:
+       - tetra
+       - status
+       - --server-address
+       - {{ .Values.tetragon.grpc.address }}
+{{- end -}}
 {{- end -}}
 
 {{- define "container.tetragon.init-operator" -}}

diff --git a/install/kubernetes/templates/tetragon_configmap.yaml b/install/kubernetes/templates/tetragon_configmap.yaml
@@ -39,7 +39,7 @@ data:
   metrics-server: ""
 {{- end }}
 {{- if .Values.tetragon.grpc.enabled }}
-  server-address: {{ .Values.tetragon.grpc.address }}:{{ .Values.tetragon.grpc.port }}
+  server-address: {{ .Values.tetragon.grpc.address }}
 {{- else }}
 {{- end }}
 {{- if .Values.tetragon.tcpStatsSampleSegs }}

diff --git a/install/kubernetes/values.yaml b/install/kubernetes/values.yaml
@@ -134,10 +134,8 @@ tetragon:
   grpc:
     # -- Whether to enable exposing Tetragon gRPC.
     enabled: true
-    # -- The address at which to expose gRPC. Set it to "" to listen on all available interfaces.
-    address: "localhost"
-    # -- The port at which to expose gRPC.
-    port: 54321
+    # -- The address at which to expose gRPC. Examples: localhost:54321, unix:///var/run/tetragon/tetragon.sock
+    address: "localhost:54321"
   gops:
     # -- The address at which to expose gops.
     address: "localhost"