Add flags for operator to make it possible using k8s api without TP CRDs

Fixes: #1880

Signed-off-by: Alexey Olshanskiy <gh@aohoy.dev>

install/kubernetes/tetragon/templates/operator_configmap.yaml

@@ -8,3 +8,4 @@ metadata:
 data:
   skip-crd-creation: {{ .Values.tetragonOperator.skipCRDCreation | quote }}
   skip-pod-info-crd: {{ not .Values.tetragonOperator.podInfo.enabled | quote }}
+  skip-tracing-policy-crd: {{ not .Values.tetragonOperator.tracingPolicy.enabled | quote }}

install/kubernetes/tetragon/templates/tetragon_configmap.yaml

@@ -56,4 +56,5 @@ data:
   enable-msg-handling-latency: "true"
 {{- end }}
   enable-pod-info: {{ .Values.tetragonOperator.podInfo.enabled | quote }}
+  enable-tracing-policy-crd: {{ .Values.tetragonOperator.tracingPolicy.enabled | quote }}
   {{- include "configmap.extra" . | nindent 2 }}

install/kubernetes/tetragon/values.yaml

@@ -232,6 +232,9 @@ tetragonOperator:
     # -- Enables the PodInfo CRD and the controller that reconciles PodInfo
     # custom resources.
     enabled: false
+  tracingPolicy:
+    # -- Enables the TracingPolicy and TracingPolicyNamespaced CRD creation.
+    enabled: true
   # -- Enables the Tetragon Operator metrics.
   prometheus:
     enabled: true

operator/cmd/common/common.go

@@ -21,6 +21,7 @@ func AddCommonFlags(cmd *cobra.Command) {
 	flags.String(operatorOption.KubeCfgPath, "", "Kubeconfig filepath to connect to k8s")
 	flags.String(operatorOption.ConfigDir, "", "Directory in which tetragon-operator-config configmap is mounted")
 	flags.Bool(operatorOption.SkipPodInfoCRD, false, "When true, PodInfo Custom Resource Definition (CRD) will not be created")
+	flags.Bool(operatorOption.SkipTracingPolicyCRD, false, "When true, TracingPolicy and TracingPolicyNamespaced Custom Resource Definition (CRD) will not be created")
 }
 
 func Initialize(cmd *cobra.Command) {

operator/crd/crd.go

@@ -58,7 +58,12 @@ func RegisterCRDs() {
 
 	crds := []crdutils.CRD{}
 	for _, crd := range client.AllCRDs {
-		if option.Config.SkipPodInfoCRD && crd.CRDName == client.PodInfoCRD.CRDName {
+		switch {
+		case option.Config.SkipPodInfoCRD && crd.CRDName == client.PodInfoCRD.CRDName:
+			continue
+		case option.Config.SkipTracingPolicyCRD && crd.CRDName == client.TracingPolicyCRD.CRDName:
+			continue
+		case option.Config.SkipTracingPolicyCRD && crd.CRDName == client.TracingPolicyNamespacedCRD.CRDName:
 			continue
 		}
 		crds = append(crds, crd)

operator/option/config.go

@@ -26,6 +26,10 @@ const (
 	// SkipPodInfoCRD specifies whether the tetragonPod CustomResourceDefinition will be
 	// disabled
 	SkipPodInfoCRD = "skip-pod-info-crd"
+
+	// SkipTracingPolicyCRD specifies whether the tracing-policies CustomResourceDefinition will be
+	// disabled
+	SkipTracingPolicyCRD = "skip-tracing-policy-crd"
 )
 
 // OperatorConfig is the configuration used by the operator.
@@ -42,6 +46,10 @@ type OperatorConfig struct {
 
 	// SkipPodInfoCRD disables creation of the TetragonPod CustomResourceDefinition only.
 	SkipPodInfoCRD bool
+
+	// SkipTracingPolicyCRD disables creation of the TracingPolicy and
+	// TracingPolicyNamespaced CustomResourceDefinition only.
+	SkipTracingPolicyCRD bool
 }
 
 // Config represents the operator configuration.
@@ -53,4 +61,5 @@ func ConfigPopulate() {
 	Config.KubeCfgPath = viper.GetString(KubeCfgPath)
 	Config.ConfigDir = viper.GetString(ConfigDir)
 	Config.SkipPodInfoCRD = viper.GetBool(SkipPodInfoCRD)
+	Config.SkipTracingPolicyCRD = viper.GetBool(SkipTracingPolicyCRD)
 }