From 8d35c5742921cb23c4a88502613961e08e070b6d Mon Sep 17 00:00:00 2001
From: Michi Mutsuzaki <michi@isovalent.com>
Date: Fri, 24 May 2024 21:44:19 +0000
Subject: [PATCH] helm: Add tetragon.livenessProbe value

[ upstream commit 1871fe85f1fd5bf62846a861b9f995265cb214c9 ]

Add tetragon.livenessProbe Helm value that overrides the default
liveness probe for the tetragon container. For example, to use grpc
probe, you can specify tetragon.livenessProbe Helm value like this:

    tetragon:
      livenessProbe:
        grpc:
          port: 54321

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
---
 docs/content/en/docs/reference/helm-chart.md                 | 1 +
 install/kubernetes/tetragon/README.md                        | 1 +
 .../kubernetes/tetragon/templates/_container_tetragon.tpl    | 5 ++++-
 install/kubernetes/tetragon/values.yaml                      | 5 +++++
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md
index f51c3c17879..8aef0525dbb 100644
--- a/docs/content/en/docs/reference/helm-chart.md
+++ b/docs/content/en/docs/reference/helm-chart.md
@@ -82,6 +82,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u
 | tetragon.image.override | string | `nil` |  |
 | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` |  |
 | tetragon.image.tag | string | `"v1.1.0"` |  |
+| tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. |
 | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host |
 | tetragon.ociHookSetup.enabled | bool | `false` | enable  init container to setup tetragon-oci-hook |
 | tetragon.ociHookSetup.extraVolumeMounts | list | `[]` | Extra volume mounts to add to the oci-hook-setup init container |
diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md
index 55986abd165..8ae74067c06 100644
--- a/install/kubernetes/tetragon/README.md
+++ b/install/kubernetes/tetragon/README.md
@@ -64,6 +64,7 @@ Helm chart for Tetragon
 | tetragon.image.override | string | `nil` |  |
 | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` |  |
 | tetragon.image.tag | string | `"v1.1.0"` |  |
+| tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. |
 | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host |
 | tetragon.ociHookSetup.enabled | bool | `false` | enable  init container to setup tetragon-oci-hook |
 | tetragon.ociHookSetup.extraVolumeMounts | list | `[]` | Extra volume mounts to add to the oci-hook-setup init container |
diff --git a/install/kubernetes/tetragon/templates/_container_tetragon.tpl b/install/kubernetes/tetragon/templates/_container_tetragon.tpl
index 03617f510be..fb8cc91508d 100644
--- a/install/kubernetes/tetragon/templates/_container_tetragon.tpl
+++ b/install/kubernetes/tetragon/templates/_container_tetragon.tpl
@@ -64,7 +64,10 @@
   resources:
     {{- toYaml . | nindent 4 }}
 {{- end }}
-{{- if .Values.tetragon.grpc.enabled }}
+{{- if .Values.tetragon.livenessProbe }}
+  livenessProbe:
+  {{- toYaml .Values.tetragon.livenessProbe | nindent 4 }}
+{{- else if .Values.tetragon.grpc.enabled }}
   livenessProbe:
      timeoutSeconds: 60
      exec:
diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml
index d8a8a4c5bfb..24f25a519e6 100644
--- a/install/kubernetes/tetragon/values.yaml
+++ b/install/kubernetes/tetragon/values.yaml
@@ -63,6 +63,11 @@ tetragon:
   extraVolumeMounts: []
   securityContext:
     privileged: true
+  # -- Overrides the default livenessProbe for the tetragon container.
+  livenessProbe: {}
+  #  grpc:
+  #    port: 54321
+
   # Tetragon puts processes in an LRU cache. The cache is used to find ancestors
   # for subsequently exec'ed processes.
   processCacheSize: 65536