From a78d679bc2114cdd4b02c219b0a11977d1a50a5b Mon Sep 17 00:00:00 2001
From: Michi Mutsuzaki <michi@isovalent.com>
Date: Tue, 8 Aug 2023 21:21:38 +0000
Subject: [PATCH] stuff

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
---
 docs/content/en/docs/reference/helm-chart.md        |  1 +
 install/kubernetes/README.md                        |  1 +
 .../kubernetes/templates/_container_tetragon.tpl    |  6 ++++++
 install/kubernetes/templates/daemonset.yaml         |  5 +++++
 .../kubernetes/templates/operator_configmap.yaml    |  9 +++++++++
 install/kubernetes/values.yaml                      |  2 ++
 operator/flags.go                                   | 13 +++++++++++++
 operator/main.go                                    |  1 +
 operator/option/config.go                           |  6 ++++++
 9 files changed, 44 insertions(+)
 create mode 100644 install/kubernetes/templates/operator_configmap.yaml

diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md
index 6944abdd02f..a18dc8f4f9f 100644
--- a/docs/content/en/docs/reference/helm-chart.md
+++ b/docs/content/en/docs/reference/helm-chart.md
@@ -99,6 +99,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u
 | tetragon.securityContext.privileged | bool | `true` |  |
 | tetragonOperator.enabled | bool | `true` | Enable the tetragon-operator component (required). |
 | tetragonOperator.image | object | `{"override":null,"repository":"quay.io/cilium/tetragon-operator","suffix":"","tag":"v0.10.0"}` | tetragon-operator image. |
+| tetragonOperator.skipCRDCreation | bool | `false` |  |
 | tolerations[0].operator | string | `"Exists"` |  |
 | updateStrategy | object | `{}` |  |
 
diff --git a/install/kubernetes/README.md b/install/kubernetes/README.md
index 53aaba0b00f..18138e97789 100644
--- a/install/kubernetes/README.md
+++ b/install/kubernetes/README.md
@@ -82,6 +82,7 @@ Helm chart for Tetragon
 | tetragon.securityContext.privileged | bool | `true` |  |
 | tetragonOperator.enabled | bool | `true` | Enable the tetragon-operator component (required). |
 | tetragonOperator.image | object | `{"override":null,"repository":"quay.io/cilium/tetragon-operator","suffix":"","tag":"v0.10.0"}` | tetragon-operator image. |
+| tetragonOperator.skipCRDCreation | bool | `false` |  |
 | tolerations[0].operator | string | `"Exists"` |  |
 | updateStrategy | object | `{}` |  |
 
diff --git a/install/kubernetes/templates/_container_tetragon.tpl b/install/kubernetes/templates/_container_tetragon.tpl
index 15cebb8b96e..c62c6f76021 100644
--- a/install/kubernetes/templates/_container_tetragon.tpl
+++ b/install/kubernetes/templates/_container_tetragon.tpl
@@ -82,5 +82,11 @@
 - name: {{ include "container.tetragon.name" . }}-operator
   image: "{{ if .Values.tetragonOperator.image.override }}{{ .Values.tetragonOperator.image.override }}{{ else }}{{ .Values.tetragonOperator.image.repository }}{{ .Values.tetragonOperator.image.suffix }}:{{ .Values.tetragonOperator.image.tag }}{{ end }}"
   imagePullPolicy: {{ .Values.imagePullPolicy }}
+  args:
+    - --config-dir=/etc/tetragon/
+  volumeMounts:
+    - mountPath: /etc/tetragon/
+      name: tetragon-operator-config
+      readOnly: true
 {{- end }}
 {{- end -}}
diff --git a/install/kubernetes/templates/daemonset.yaml b/install/kubernetes/templates/daemonset.yaml
index 44636ce677f..d83ddd1d72d 100644
--- a/install/kubernetes/templates/daemonset.yaml
+++ b/install/kubernetes/templates/daemonset.yaml
@@ -95,6 +95,11 @@ spec:
       - emptyDir: {}
         name: metadata-files
 {{- end }}
+{{- end }}
+{{- if .Values.tetragonOperator.enabled }}
+      - name: tetragon-operator-config
+        configMap:
+          name: {{ .Chart.Name }}-operator-config
 {{- end }}
       {{- with .Values.extraVolumes }}
         {{- toYaml . | nindent 6 }}
diff --git a/install/kubernetes/templates/operator_configmap.yaml b/install/kubernetes/templates/operator_configmap.yaml
new file mode 100644
index 00000000000..2f623ab398e
--- /dev/null
+++ b/install/kubernetes/templates/operator_configmap.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-operator-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "tetragon-operator.labels" . | nindent 4 }}
+data:
+  skip-crd-creation: {{ .Values.tetragonOperator.skipCRDCreation | quote }}
diff --git a/install/kubernetes/values.yaml b/install/kubernetes/values.yaml
index 071a73b22e2..4e42e30e195 100644
--- a/install/kubernetes/values.yaml
+++ b/install/kubernetes/values.yaml
@@ -158,6 +158,8 @@ tetragonOperator:
     tag: v0.10.0
     # tetragon-operator image-digest
     suffix: ""
+  # Skip CRD creation.
+  skipCRDCreation: false
 export:
   # "stdout". "" to disable.
   mode: "stdout"
diff --git a/operator/flags.go b/operator/flags.go
index 0958613224e..a402331535e 100644
--- a/operator/flags.go
+++ b/operator/flags.go
@@ -18,6 +18,7 @@ import (
 	"strings"
 
 	operatorOption "github.com/cilium/tetragon/operator/option"
+	"github.com/cilium/tetragon/pkg/option"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -33,6 +34,15 @@ func initializeFlags() {
 		viper.SetEnvKeyReplacer(replacer)
 		viper.SetEnvPrefix(operatorOption.TetragonOpEnvPrefix)
 		viper.AutomaticEnv()
+		configDir := viper.GetString(operatorOption.ConfigDir)
+		if configDir != "" {
+			err := option.ReadConfigDir(configDir)
+			if err != nil {
+				log.WithField(operatorOption.ConfigDir, configDir).WithError(err).Fatal("Failed to read config from directory")
+			} else {
+				log.WithField(operatorOption.ConfigDir, configDir).Info("Loaded config from directory")
+			}
+		}
 	})
 
 	flags := rootCmd.Flags()
@@ -44,6 +54,8 @@ func initializeFlags() {
 
 	flags.String(operatorOption.KubeCfgPath, "", "Kubeconfig filepath to connect to k8s")
 
+	flags.String(operatorOption.ConfigDir, "", "Directory in which tetragon-operator-config configmap is mounted")
+
 	viper.BindPFlags(flags)
 }
 
@@ -51,4 +63,5 @@ func initializeFlags() {
 func configPopulate() {
 	operatorOption.Config.SkipCRDCreation = viper.GetBool(operatorOption.SkipCRDCreation)
 	operatorOption.Config.KubeCfgPath = viper.GetString(operatorOption.KubeCfgPath)
+	operatorOption.Config.ConfigDir = viper.GetString(operatorOption.ConfigDir)
 }
diff --git a/operator/main.go b/operator/main.go
index 98f72c33937..296d942fedf 100644
--- a/operator/main.go
+++ b/operator/main.go
@@ -63,6 +63,7 @@ func getConfig() (*rest.Config, error) {
 func operatorExecute() {
 	// Prepopulate option.Config with options from CLI.
 	configPopulate()
+	log.WithField("config", operatorOption.Config).Info("Starting tetragon-operator")
 
 	restConfig, err := getConfig()
 	if err != nil {
diff --git a/operator/option/config.go b/operator/option/config.go
index 7bdaa819f5e..c6ce007505f 100644
--- a/operator/option/config.go
+++ b/operator/option/config.go
@@ -26,6 +26,9 @@ const (
 
 	// KubeCfgPath is the path to a kubeconfig file
 	KubeCfgPath = "kube-config"
+
+	// ConfigDir specifies the directory in which tetragon-operator-config configmap is mounted.
+	ConfigDir = "config-dir"
 )
 
 // OperatorConfig is the configuration used by the operator.
@@ -36,6 +39,9 @@ type OperatorConfig struct {
 
 	// KubeCfgPath allows users to specify a kubeconfig file to be used by the operator
 	KubeCfgPath string
+
+	// ConfigDir specifies the directory in which tetragon-operator-config configmap is mounted.
+	ConfigDir string
 }
 
 // Config represents the operator configuration.