From d4fa7df9b39ea0d2c361962ea997b22b980ddeec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iago=20L=C3=B3pez=20Galeiras?= Date: Tue, 29 Sep 2020 12:59:04 +0200 Subject: [PATCH 1/5] pkg/components: Add Inspektor Gadget component --- .../components/inspektor-gadget/.helmignore | 23 ++++ .../components/inspektor-gadget/Chart.yaml | 7 + .../inspektor-gadget/templates/_helpers.tpl | 62 +++++++++ .../inspektor-gadget/templates/daemonset.yaml | 124 ++++++++++++++++++ .../inspektor-gadget/templates/psp.yaml | 24 ++++ .../inspektor-gadget/templates/rbac.yaml | 26 ++++ .../templates/serviceaccount.yaml | 12 ++ .../components/inspektor-gadget/values.yaml | 42 ++++++ cli/cmd/component.go | 1 + .../components/inspektor-gadget.md | 68 ++++++++++ pkg/assets/generated_assets.go | 78 +++++++++++ pkg/components/inspektor-gadget/component.go | 86 ++++++++++++ pkg/components/inspektor-gadget/doc.go | 16 +++ pkg/components/inspektor-gadget/template.go | 28 ++++ 14 files changed, 597 insertions(+) create mode 100644 assets/charts/components/inspektor-gadget/.helmignore create mode 100644 assets/charts/components/inspektor-gadget/Chart.yaml create mode 100644 assets/charts/components/inspektor-gadget/templates/_helpers.tpl create mode 100644 assets/charts/components/inspektor-gadget/templates/daemonset.yaml create mode 100644 assets/charts/components/inspektor-gadget/templates/psp.yaml create mode 100644 assets/charts/components/inspektor-gadget/templates/rbac.yaml create mode 100644 assets/charts/components/inspektor-gadget/templates/serviceaccount.yaml create mode 100644 assets/charts/components/inspektor-gadget/values.yaml create mode 100644 docs/configuration-reference/components/inspektor-gadget.md create mode 100644 pkg/components/inspektor-gadget/component.go create mode 100644 pkg/components/inspektor-gadget/doc.go create mode 100644 pkg/components/inspektor-gadget/template.go diff --git a/assets/charts/components/inspektor-gadget/.helmignore b/assets/charts/components/inspektor-gadget/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/assets/charts/components/inspektor-gadget/Chart.yaml b/assets/charts/components/inspektor-gadget/Chart.yaml new file mode 100644 index 000000000..c72ac88d8 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: inspektor-gadget +description: Collection of gadgets for debugging and introspecting Kubernetes applications using BPF +type: application + +version: 0.1.0 +appVersion: 0.2.0 diff --git a/assets/charts/components/inspektor-gadget/templates/_helpers.tpl b/assets/charts/components/inspektor-gadget/templates/_helpers.tpl new file mode 100644 index 000000000..8251fdf67 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "inspektor-gadget.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "inspektor-gadget.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "inspektor-gadget.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "inspektor-gadget.labels" -}} +helm.sh/chart: {{ include "inspektor-gadget.chart" . }} +{{ include "inspektor-gadget.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "inspektor-gadget.selectorLabels" -}} +app.kubernetes.io/name: {{ include "inspektor-gadget.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "inspektor-gadget.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "inspektor-gadget.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/assets/charts/components/inspektor-gadget/templates/daemonset.yaml b/assets/charts/components/inspektor-gadget/templates/daemonset.yaml new file mode 100644 index 000000000..3bf689a20 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/templates/daemonset.yaml @@ -0,0 +1,124 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "inspektor-gadget.fullname" . }} + labels: + {{- include "inspektor-gadget.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "inspektor-gadget.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + k8s-app: gadget # kubectl-gadget and headlamp's traceloop plugin expect this + {{- include "inspektor-gadget.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "inspektor-gadget.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + hostPID: true + hostNetwork: true + containers: + - name: gadget # kubectl-gadget expects this container name + securityContext: + privileged: true + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + command: [ "/entrypoint.sh" ] + lifecycle: + preStop: + exec: + command: + - "/cleanup.sh" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: GADGET_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- if .Values.enableTraceloop }} + - name: TRACELOOP_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: TRACELOOP_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: TRACELOOP_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TRACELOOP_IMAGE + value: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + {{- end }} + - name: INSPEKTOR_GADGET_VERSION + value: {{ .Chart.AppVersion }} + - name: INSPEKTOR_GADGET_OPTION_TRACELOOP + value: "{{ .Values.enableTraceloop }}" + {{- if .Values.enableTraceloop }} + - name: INSPEKTOR_GADGET_OPTION_TRACELOOP_LOGLEVEL + value: {{ .Values.logLevel }} + - name: INSPEKTOR_GADGET_OPTION_RUNC_HOOKS_MODE + value: "auto" + {{- end }} + volumeMounts: + - name: host + mountPath: /host + - name: run + mountPath: /run + mountPropagation: Bidirectional + - name: modules + mountPath: /lib/modules + - name: debugfs + mountPath: /sys/kernel/debug + - name: cgroup + mountPath: /sys/fs/cgroup + - name: bpffs + mountPath: /sys/fs/bpf + - name: localtime + mountPath: /etc/localtime + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: host + hostPath: + path: / + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: modules + hostPath: + path: /lib/modules + - name: bpffs + hostPath: + path: /sys/fs/bpf + - name: debugfs + hostPath: + path: /sys/kernel/debug + - name: localtime + hostPath: + path: /etc/localtime diff --git a/assets/charts/components/inspektor-gadget/templates/psp.yaml b/assets/charts/components/inspektor-gadget/templates/psp.yaml new file mode 100644 index 000000000..d75d80542 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/templates/psp.yaml @@ -0,0 +1,24 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: inspektor-gadget + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' +spec: + privileged: true + volumes: + - 'hostPath' + hostNetwork: true + hostPID: true + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false + allowedHostPaths: + - pathPrefix: "/" diff --git a/assets/charts/components/inspektor-gadget/templates/rbac.yaml b/assets/charts/components/inspektor-gadget/templates/rbac.yaml new file mode 100644 index 000000000..7f360e765 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/templates/rbac.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "inspektor-gadget.serviceAccountName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "inspektor-gadget.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: inspektor-gadget-psp + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - inspektor-gadget +{{ end }} diff --git a/assets/charts/components/inspektor-gadget/templates/serviceaccount.yaml b/assets/charts/components/inspektor-gadget/templates/serviceaccount.yaml new file mode 100644 index 000000000..1a291c3a2 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "inspektor-gadget.serviceAccountName" . }} + labels: + {{- include "inspektor-gadget.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/assets/charts/components/inspektor-gadget/values.yaml b/assets/charts/components/inspektor-gadget/values.yaml new file mode 100644 index 000000000..a7c2b6525 --- /dev/null +++ b/assets/charts/components/inspektor-gadget/values.yaml @@ -0,0 +1,42 @@ +# Default values for inspektor-gadget. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: kinvolk/gadget + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: 202007010134320f732c # v0.2.0 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +tolerations: [] + +enableTraceloop: true +logLevel: "info,json" +rbac: true diff --git a/cli/cmd/component.go b/cli/cmd/component.go index dd2adbb51..dc2b6a507 100644 --- a/cli/cmd/component.go +++ b/cli/cmd/component.go @@ -27,6 +27,7 @@ import ( _ "github.com/kinvolk/lokomotive/pkg/components/flatcar-linux-update-operator" _ "github.com/kinvolk/lokomotive/pkg/components/gangway" _ "github.com/kinvolk/lokomotive/pkg/components/httpbin" + _ "github.com/kinvolk/lokomotive/pkg/components/inspektor-gadget" _ "github.com/kinvolk/lokomotive/pkg/components/istio-operator" _ "github.com/kinvolk/lokomotive/pkg/components/linkerd" _ "github.com/kinvolk/lokomotive/pkg/components/metallb" diff --git a/docs/configuration-reference/components/inspektor-gadget.md b/docs/configuration-reference/components/inspektor-gadget.md new file mode 100644 index 000000000..6f8b31eb3 --- /dev/null +++ b/docs/configuration-reference/components/inspektor-gadget.md @@ -0,0 +1,68 @@ +# Inspektor Gadget configuration reference for Lokomotive + +## Contents + +* [Introduction](#introduction) +* [Prerequisites](#prerequisites) +* [Configuration](#configuration) +* [Attribute reference](#attribute-reference) +* [Applying](#applying) +* [Deleting](#deleting) + +## Introduction + +[Inspektor Gadget](https://github.com/kinvolk/inspektor-gadget) is a collection +of tools (or gadgets) for debugging and introspecting Kubernetes applications +using BPF. + +This component installs the in-cluster part of Inspektor Gadget. To use the +tracing gadgets you need to install the [Inspektor Gadget kubectl +plugin](https://github.com/kinvolk/inspektor-gadget/blob/master/Documentation/install.md#installing-kubectl-gadget). + +[Headlamp](headlamp.md) has integration with the traceloop gadget. When both +the Headlamp and Inspektor Gadget components are installed in the cluster, a +new "Traces" menu is available on Headlamp which provides access to pod's +traces via [traceloop](https://github.com/kinvolk/traceloop). + +## Prerequisites + +* A Kubernetes cluster accessible via `kubectl`. + +* Optionally Headlamp to use the traceloop integration. + +## Configuration + +```tf +# inspektor-gadget.lokocfg + +component "inspektor-gadget" { + enable_traceloop = true +} +``` + +## Attribute reference + +Table of all the arguments accepted by the component. + +Example: + +| Argument | Description | Default | Type | Required | +|--------------------|-------------------------------------------------------------------------------------------------------------------------------|---------------|--------|----------| +| `namespace` | Namespace where Inspektor Gadget will be installed. | "kube-system" | string | false | +| `enable_traceloop` | Whether to enable [traceloop](https://github.com/kinvolk/traceloop) or not. It has a small performance impact on the cluster. | - | block | false | + +## Applying + +To apply the Inspektor Gadget component: + +```bash +lokoctl component apply inspektor-gadget +``` + +## Deleting + +To destroy the component: + +```bash +lokoctl component delete inspektor-gadget +``` diff --git a/pkg/assets/generated_assets.go b/pkg/assets/generated_assets.go index dfe9db677..fbb882586 100644 --- a/pkg/assets/generated_assets.go +++ b/pkg/assets/generated_assets.go @@ -1139,6 +1139,70 @@ var vfsgenAssets = func() http.FileSystem { modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), content: []byte("\x63\x65\x72\x74\x4d\x61\x6e\x61\x67\x65\x72\x43\x6c\x75\x73\x74\x65\x72\x49\x73\x73\x75\x65\x72\x3a\x0a\x69\x6e\x67\x72\x65\x73\x73\x48\x6f\x73\x74\x3a\x0a"), }, + "/charts/components/inspektor-gadget": &vfsgen۰DirInfo{ + name: "inspektor-gadget", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + }, + "/charts/components/inspektor-gadget/.helmignore": &vfsgen۰CompressedFileInfo{ + name: ".helmignore", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 349, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x4c\x8e\x41\x6e\xe3\x30\x0c\x45\xf7\x3c\xc5\x1f\x78\x33\x63\x0c\xe4\x43\x24\xb3\x98\x55\x0b\xa4\xc8\xb6\x90\x6d\x46\x62\x22\x8b\x82\x44\x27\x6d\x17\x3d\x7b\x91\x04\x41\xbb\x79\x20\x3f\xc8\x8f\xd7\xe1\xd9\x9b\x71\xcd\x0d\xa6\x90\x90\xb5\x32\x2e\x91\x33\xc6\x55\xd2\x2c\x39\xa0\xf8\xe9\xe4\x03\x37\x47\x1d\x5e\xa2\x34\xb4\xb5\x14\xad\xd6\xd0\x22\xa7\x84\x90\x74\xc4\xe2\x6d\x8a\x92\xc3\x5f\x54\x4e\xde\xe4\xcc\x28\xde\xe2\x8f\xdc\xe7\x99\x3a\x64\x0e\xde\x44\x33\x7e\x97\xca\x07\x79\xe3\x19\x17\xb1\x88\x5f\x7f\x1c\x9e\x72\x7a\x87\xe6\xdb\xe7\x55\x09\x85\x2b\x92\x64\x76\xe4\xb6\xbb\xd7\x9d\x69\x65\xea\xb0\xd1\x65\xd1\x8c\xfd\x66\x87\x59\x6a\x23\x17\xc4\x86\x1b\xef\xfa\xe4\xc6\x8f\x3a\xdc\xf8\x08\x62\x18\xae\x78\xac\xed\x9c\x87\xef\xa2\xd1\x4f\xa7\xb5\xe0\x20\x89\x1b\xf5\xae\x5d\x0a\xf5\x6e\xf4\x27\xea\x9d\x2d\xd7\x59\xab\x04\xea\x3f\xa9\xc3\xde\x57\xd1\xb5\xe1\xff\xf6\x5f\x23\x57\xaa\x1e\x79\x32\x72\x32\xb3\x1f\xee\xe7\x55\x8f\xe4\xce\x6d\xd2\x99\x07\xfa\x0a\x00\x00\xff\xff\x16\xec\x32\x27\x5d\x01\x00\x00"), + }, + "/charts/components/inspektor-gadget/Chart.yaml": &vfsgen۰CompressedFileInfo{ + name: "Chart.yaml", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 191, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x4c\x8e\xb1\x0e\xc2\x30\x0c\x44\x77\x7f\x85\x7f\x80\xaa\x74\xec\x08\x12\x0b\x0b\x53\x77\xb7\x71\x23\x8b\xe2\x58\x71\x52\x89\xbf\x47\x01\x21\xd8\x4e\xf7\x9e\x4e\x47\x26\x13\x67\x97\xa4\x23\xee\x03\x28\x3d\x78\x44\x51\x37\xbe\x97\x94\x0f\x91\x42\xe4\x02\x81\x7d\xc9\x62\xe5\xad\x9d\xd3\xb6\xf1\xd2\x32\xa6\x15\x3f\x86\xe3\x9a\x32\x06\x9e\x6b\x8c\xa2\x11\x49\x03\x8a\x96\x9c\xdc\x9a\xaa\x11\xaf\x75\xe6\xac\x5c\xd8\x91\xcc\x36\x59\xa8\x2d\x38\x56\x6f\xf4\x74\xbb\x40\x79\x1a\x8f\xff\x10\x60\xff\x5e\xeb\xbb\x63\xd7\x03\x99\x4d\xbf\x66\xe8\x7a\x78\x05\x00\x00\xff\xff\x3b\xb9\xa7\xf5\xbf\x00\x00\x00"), + }, + "/charts/components/inspektor-gadget/templates": &vfsgen۰DirInfo{ + name: "templates", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + }, + "/charts/components/inspektor-gadget/templates/_helpers.tpl": &vfsgen۰CompressedFileInfo{ + name: "_helpers.tpl", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 1872, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x94\x55\x4d\x6b\xdc\x30\x10\xbd\xfb\x57\x0c\xa2\x81\x24\xc5\xda\x43\xa1\x87\x40\x0f\x21\xed\xa1\xb4\xa4\xd0\x85\xf4\x58\x64\x79\xbc\x2b\x22\x4b\x8e\x3e\xd2\x04\x67\xff\x7b\xd1\xc7\x7a\xbd\xde\xdd\xc4\xb9\x0d\xf6\xcc\xd3\x7b\x6f\x46\xa3\xbe\x5f\x5c\x16\xdf\x9e\x3a\xa6\x6a\x70\x6b\x04\xc5\x5a\x04\xdd\xc4\x98\xaf\x99\x71\xb4\xb8\x5c\x6c\x36\x45\xdf\x97\x50\x63\x23\x14\x02\x11\xca\x76\x78\xef\xb4\x29\x57\xac\x5e\xa1\xa3\xa1\x88\x40\xb9\x4b\x63\x5e\x3a\xa0\x37\xb1\xfe\x36\x20\xd2\x3b\x26\x3d\xda\x98\xf9\xeb\x11\x8d\x11\x35\xc2\x0b\x38\xe3\x15\x87\xcf\x9f\x62\x28\xda\xa5\x6f\x1a\xf1\x04\xa4\x24\x90\xb1\x50\xd5\x21\x2c\x22\xcd\x1b\x83\xcc\x21\xb0\xe1\x84\xc6\x4b\xf9\x0c\x0f\x9e\x49\xd1\x08\xac\x81\x75\x5d\x14\x40\x8b\x3f\x98\xb0\x63\xbe\x0b\x27\x04\x31\x16\x2a\xe4\xcc\x5b\x04\xab\x5b\x84\x1f\xbe\x42\xa3\xd0\xa1\x4d\xb2\x1b\x81\xb2\xb6\xc0\x0c\x82\x14\xad\x70\x58\x83\xd3\xe0\xd6\xc2\xc2\x79\xf5\x1c\x2d\xf9\x7a\xbb\x0c\xb9\x42\xad\xc0\x76\xc8\x2f\x68\xf1\xbd\x01\x83\x12\x99\xcd\xde\x71\xad\x1c\x13\xca\x26\xf7\xd2\x37\xe1\xe0\x9f\x90\x12\x2a\x04\x6f\x03\x4f\x0b\x2c\x92\xcf\x6c\xdf\x76\x38\x24\xef\xbb\x2c\x9a\xc1\xd4\xed\xcf\xc1\xd8\x9c\x72\xf2\xff\x1c\xe3\xa5\x1d\x70\x3e\x44\x11\x57\x5f\xe6\x77\x76\xc7\x71\xb0\x23\x81\xd0\xdf\xc9\xab\x54\xbb\xe5\xb9\xf7\xf1\x9d\xe4\x3a\x23\x94\x6b\x80\x9c\xd9\xf2\xcc\x92\x09\x56\x3a\x74\xfe\x9c\x1d\x0f\xf7\xa6\x6f\xd4\xd6\x70\x67\x1e\xd1\x58\xa1\x55\x68\x69\x6c\x6d\x9e\x93\x94\x25\x59\x85\x72\x4e\x7b\x63\xfa\xae\xb7\x53\x4d\x63\xbb\x53\x7c\x97\x8f\x7d\x01\x83\x9d\x64\x1c\x81\x7c\x24\x40\xfe\x92\xf7\x5f\x2a\xdd\xb6\x5a\x25\xaa\x76\x06\xd5\x94\x98\xb8\xae\x51\xb6\xd4\xae\x17\x91\xfe\x15\xf4\x3d\x08\xc5\xa5\xaf\x5f\x91\x48\x13\x89\x57\x12\x2d\x4a\xe4\x4e\x9b\x9f\xf9\x20\x3a\x9a\xa6\xac\xfe\xba\xeb\xb6\x06\x6c\x36\x05\xeb\x3a\x7a\x3f\x5c\x65\x2a\xf4\x22\x37\x25\x32\x3a\x2c\x79\x81\x07\xaf\x1d\x4e\xdc\x38\x44\x69\x99\x62\x2b\xac\xcb\xea\x39\x01\x6d\x27\x6b\x89\xe6\x51\xf0\x69\x7d\x72\x73\x99\xc9\xcf\xf7\x73\x2a\xb7\x3c\xca\x25\xcc\xdb\x1b\x06\xa7\xf5\x40\x8f\x6b\x11\xca\x3a\xa6\x38\xee\x2b\x19\x5f\xc2\x63\xb3\x3e\x7d\x10\x6c\x56\xce\x38\xd7\x5e\xb9\xb0\x1d\xbd\xc5\x59\x22\x63\xe1\x75\xaa\xbb\x3d\xb5\xc8\xf6\xd3\x28\x4f\x2c\x26\xcf\xca\xf9\x69\x0b\x76\x5b\x92\x5e\x9c\x02\x55\x63\xcd\xa3\x3d\xb2\x85\x27\x39\x20\xb3\x00\x0e\x76\xc5\xff\x00\x00\x00\xff\xff\xbe\xd6\xeb\xd8\x50\x07\x00\x00"), + }, + "/charts/components/inspektor-gadget/templates/daemonset.yaml": &vfsgen۰CompressedFileInfo{ + name: "daemonset.yaml", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 3789, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xbc\x56\x4d\x8f\x22\x37\x10\xbd\xcf\xaf\x28\x91\x43\x4e\x80\x36\x8a\xa2\x55\xdf\xc8\x40\x26\x68\x19\x1a\x0d\xb3\x23\x45\x51\x84\x8c\xbb\x1a\x2c\xdc\xb6\x65\x57\xb3\x20\x96\xff\x1e\x35\x4d\x7f\xd1\x1f\x4c\xb2\x9b\x70\xc3\xae\xf7\x5e\xb9\xea\xb9\xda\xcc\x88\x37\xb4\x4e\x68\xe5\x01\x33\xc6\x0d\xf7\x1f\x1e\x76\x42\x05\x1e\x8c\x19\x46\x5a\x2d\x91\x1e\x22\x24\x16\x30\x62\xde\x03\x80\x62\x11\x7a\x70\x3a\x81\x50\x5c\xc6\x01\x42\x4f\x28\x67\x70\x47\xda\xf6\x37\x2c\xd8\x20\x0d\xc2\x58\xca\x24\xac\x07\x03\x38\x9f\x1f\x00\x24\x5b\xa3\x74\x09\x1a\xe0\x74\xea\x77\x40\xd3\xc8\x04\xf8\x15\x94\x50\x01\x2a\x82\x9f\x13\x12\x67\x90\x27\x04\x0e\x25\x72\xd2\x36\x25\x8b\x18\xf1\xed\xac\xc4\x7e\x8f\x3f\x83\xcf\x1a\x74\x7e\x49\x93\x25\x8c\x8c\x64\x84\x57\x85\xd2\xd1\x53\xf2\x2f\x82\xb6\x30\x78\x63\x32\x46\x37\x30\x3a\x18\x29\xa5\x89\x91\xd0\xca\xa5\x04\xc9\x8f\x15\x8b\x59\x62\x29\x9a\xf4\x1f\x2c\x92\x15\xdd\x8f\x19\x2c\xd9\x47\x15\x14\x2c\xb2\x72\x32\x80\xdd\x47\xd7\x67\xc6\x78\x90\x9e\x06\x7e\x80\x5d\xbc\x46\x4e\xf2\x7a\x3c\x60\x2a\x80\x2d\xb2\x40\xb2\xc8\xfc\xe8\x80\x2c\xe3\x28\xb5\x36\x60\x64\xbc\x11\x0a\xf0\x60\x90\x13\xd0\x56\xb8\x4a\x56\xff\xae\x60\x79\xe2\x59\x73\x1a\x4b\x24\x22\xb6\xc1\x45\x2c\xe5\x12\xb9\x45\x2a\x15\xe9\x76\xe7\xfd\x95\x6a\xa8\x95\x43\xbb\x17\x1c\x47\x9c\xeb\x58\xd1\xfc\xbe\x4b\xeb\x80\xdc\xaf\x29\x1f\x8f\xad\xa0\xe3\xa3\x56\x84\x07\x6a\xce\xad\x70\xc1\xb2\x1a\xde\x9c\xf4\x56\x3b\x5a\x4c\xc7\x1e\x90\x8d\xb1\xb4\x36\x47\xfa\xa2\xed\xae\xb2\xce\xb5\x22\x26\x14\xda\xbc\x2c\xfd\xeb\xdd\x6b\x6b\x7e\xda\x5c\x77\xe9\x6e\x01\xbf\x80\xf2\xe4\x5b\x4f\x05\x60\xac\xd8\x0b\x89\x1b\x0c\x2a\x79\x5c\xdb\xe4\x41\xef\x74\xaa\xf6\x74\x60\xd1\x68\x27\x48\xdb\x23\x9c\xcf\x5e\x6d\x9b\xd8\x06\xbe\x42\x80\x21\x8b\x25\xc1\xe0\x71\xcb\x2c\x0d\x46\xc6\x5c\xc7\x0d\x9c\xcf\xbd\xaa\x46\x62\x85\x85\x96\x82\x1f\x2f\xad\xab\xb2\x99\x7c\xb3\xa8\x27\x80\x45\xa7\x63\xcb\xd1\x95\x4f\xd2\xd0\xa1\x3c\xae\xd4\x98\x0f\x3f\x95\x99\xb8\x8e\x22\x96\x8c\xbd\x3f\xa1\x37\x44\x45\xf6\x68\xb4\x50\x34\x70\xdb\x1e\xfc\x95\x47\x49\x11\x22\x3f\x72\x89\xd5\xca\xe1\x92\xb4\x29\x2f\x01\xe0\xa1\xb8\x13\xb7\x1a\x37\xcb\x7d\xe8\x0d\xb9\x44\xa6\x62\x93\xc8\xe5\xbb\xa8\xf6\x45\x68\xd6\xfd\xb9\x3f\x9e\xac\xe6\xa3\xe7\x49\x89\x64\x9f\x1c\xf2\x37\xab\xa3\x2a\x73\x28\x50\x06\x2f\x18\xde\xea\x5d\xd6\x17\x8c\xb6\xde\xe5\xe6\x0e\x94\x0e\x70\x5e\x76\x49\xa6\xf5\x34\x1a\x3f\x4d\x5e\x57\x0b\x7f\xbc\xfa\x3c\x1d\x7f\x17\xc1\x6c\x9e\x0e\x62\x11\x54\x47\x50\x98\x37\x0b\x15\x5b\x4b\x7c\xcd\x87\x57\xa9\x4b\x59\x66\xaf\x2f\xa3\xc7\xc9\xcc\xf7\x17\xab\xff\xb3\x1e\x85\x6a\x52\x92\xef\x26\x9a\xd7\x44\xbd\x4f\x74\xb9\x18\x3d\xfe\x07\xca\xce\x30\xde\x25\x3f\x7d\x1e\x3d\xd5\x64\x1b\x6e\xea\x37\x8f\x85\x8a\x2f\x2a\x43\xbe\x48\x6b\x3a\x5f\x2e\x26\x9f\x5e\xfd\x97\xd5\xd5\xa4\x6f\x93\x97\xe5\xd4\x9f\x37\xe7\xd7\x25\xd2\xca\xe8\x2f\x5e\xa7\xfe\x7c\x95\x17\xa0\x4e\x5d\x1e\x89\x75\xd3\xf6\xbe\xc1\xdf\x77\x93\x59\xcd\xfc\xa7\xd9\xe4\x6d\x32\xeb\x6c\x88\xd4\x9b\x19\xee\x51\xfe\x13\x89\x97\xcf\xf3\xc7\xd5\xef\xbe\xff\x69\xb9\x7a\xf6\xc7\x0d\x0d\xef\xb1\x98\x74\xaf\xab\x49\x7b\x2d\xe3\x08\x9f\x93\xef\xaa\xab\x4f\xb0\xe4\x8b\x57\x62\x8d\x92\xb0\xd4\x8e\xc3\xca\x56\x16\x6f\x63\xd5\x12\xde\xb4\x63\xb5\x61\x9b\xcb\xcb\xcb\x83\x5f\x45\x20\x2c\xf2\xe4\x0f\x93\x35\xde\x48\x07\xb1\x44\xd7\xc2\x2d\xc5\x7a\x78\x1b\x91\x21\x03\x5c\xc7\x9b\xb0\x0d\xe9\x8e\x6e\xb8\x43\xab\x50\x0e\x2f\x81\x35\x38\xdf\x58\x1d\x9b\x0e\x74\xe8\x86\x37\x31\x19\x74\x6d\xc2\x4e\xdd\xd0\x0d\xd7\x26\xac\xc1\xa4\xe6\x4c\x92\x28\x4d\x97\x2a\x14\x89\x0f\x6f\x63\x48\x4b\xb4\xd5\x27\x6c\x1f\x30\x0c\x91\x93\x07\x73\xbd\xe4\x5b\x4c\xaa\x93\x33\x6a\x93\x84\x6b\xeb\xc1\xe4\x20\x1c\xb9\x06\xcc\xe4\x80\x3c\xa6\xbb\x90\x86\x47\x64\x29\x99\xb2\xd1\xde\xf3\x52\x6c\x70\x68\xea\xcf\xda\xc3\xaa\xe2\xbe\xcb\x5b\x2d\xa9\x4e\xf9\x43\x9f\x56\xeb\x06\x56\x76\x61\x07\xaa\x08\x6b\xf1\x41\x07\xb6\xc9\x14\x6d\x36\xee\xa0\xa9\x7b\xba\xd9\x57\xf7\x33\x29\x4c\xd6\x76\x27\xee\x70\x34\x5c\x90\x76\xb3\x76\x70\x55\x9d\xfb\x77\x00\x00\x00\xff\xff\xb6\x8a\x05\x8e\xcd\x0e\x00\x00"), + }, + "/charts/components/inspektor-gadget/templates/psp.yaml": &vfsgen۰CompressedFileInfo{ + name: "psp.yaml", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 559, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x90\xcd\x6a\xeb\x30\x10\x85\xf7\x7e\x8a\x21\x1b\xaf\x62\x93\xad\x76\x81\xcb\xfd\x81\x4b\x6a\x52\xda\xfd\xc4\x1a\xc7\xc2\xb2\x46\x68\x46\x49\xfc\xf6\x45\xa9\x09\x85\x12\xe8\x4e\xd2\x39\xfa\xf8\x66\x30\xba\x77\x4a\xe2\x38\x18\x88\xec\x5d\xbf\xb4\x97\xdd\x89\x14\x77\xd5\xe4\x82\x35\xd0\xb1\x7d\xa5\x3e\x27\xa7\x4b\x77\xcf\xab\x99\x14\x2d\x2a\x9a\x0a\x20\xe0\x4c\x06\x5c\x90\x48\x93\x72\xda\x9e\xd1\x9e\x49\x2b\x00\x0c\x81\x15\xd5\x71\x90\xd2\x03\x10\xea\x7b\x9e\x63\x23\x2b\xac\x41\x1f\x47\x6c\xa6\x7c\xa2\x14\x48\x49\x1a\xc7\x2d\x7a\xcf\x57\xb2\x5d\xe2\xc1\x79\x3a\xe0\x4c\x62\xa0\xb6\xdc\x4f\x94\x5a\x4b\x03\x66\xaf\xf5\xcf\x71\xeb\x8f\x2f\x38\x03\xdf\x71\x12\xa9\x2f\x8e\x31\xb9\x8b\xf3\x74\x26\x6b\x40\x53\xa6\x0a\xe0\xc2\x3e\x17\x87\x0a\x60\x0b\xf5\xc8\xa2\x1d\xea\x58\x0c\xca\xf9\x40\x7a\xe5\x34\x3d\xda\xf7\xfc\xdf\xaf\xc7\x3d\xe5\xb0\x97\x37\xa1\xf4\xb9\x81\x94\x3d\x19\xa8\x8f\xe5\x75\x1f\x96\x42\x11\xfa\xef\x42\xbe\x3d\xcf\x73\x8c\x9e\x66\x0a\x8a\xfe\x4f\xe2\x1c\xe5\x69\x75\x90\x7b\xe1\x69\x9e\x08\xed\x4b\xf0\xcb\x91\x59\x7f\x3b\x4f\xb2\x88\xd2\x6c\x60\x40\x2f\x45\x76\x5d\xfd\xdf\x75\xc6\x75\xe6\x88\x3a\x76\x89\x06\x77\x33\xb0\x69\x37\xd5\x47\x00\x00\x00\xff\xff\xed\x88\xe0\x50\x2f\x02\x00\x00"), + }, + "/charts/components/inspektor-gadget/templates/rbac.yaml": &vfsgen۰CompressedFileInfo{ + name: "rbac.yaml", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 662, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xa4\x90\x31\x8b\x1b\x31\x10\x85\x7b\xfd\x8a\xc1\x8d\x2b\x29\xa4\x0b\xea\x92\x14\xe9\x5c\x38\xe0\xc6\xa4\x18\x4b\x63\x67\xce\x5a\x49\x68\x24\x83\x6f\xf1\x7f\x3f\xb4\xeb\x33\x9c\x0d\x87\xe1\x3a\x31\x7a\x33\xef\x7b\x6f\x1c\x81\xf7\x60\x36\x18\x1a\x89\x29\x3b\x74\x70\xb9\xa8\x23\x47\x6f\xe1\x77\x68\x52\xa9\xac\x53\xa0\x5f\x1c\x3d\xc7\x83\xc2\xcc\x1b\x2a\xc2\x29\x5a\xe8\x62\x83\xad\xfe\x4f\x85\x5f\xb1\x72\x8a\xe6\xf8\x43\x0c\xa7\x6f\xa7\xef\x6a\xa0\x8a\x1e\x2b\x5a\x05\x10\x71\x20\x0b\xdd\x29\xba\xd0\x3c\xc1\x82\xa3\x64\x3a\xd6\x54\xf4\x01\xfd\x81\xaa\x11\x2a\x27\x76\xf4\xd3\xb9\xd4\x62\x5d\xe1\x40\x0b\x30\x9d\x44\xda\xee\x85\x5c\x15\xab\x34\xcc\x54\x7f\x3f\x48\xbf\x78\x7e\xde\x96\x8c\x6e\x3e\x61\xd6\x14\x08\x85\xcc\xea\x7d\xdc\x55\x25\x05\x5a\xd3\xbe\x67\x79\x68\xe6\x06\xe0\xe6\x99\x46\x3f\x70\x54\x00\x98\xf9\x4f\x49\x2d\x7f\x52\x94\xd2\x5a\x3f\x5f\xe9\x6c\x3d\x79\x3e\xb6\x7b\x1f\x59\x67\xc9\xcf\xa6\x6b\x81\xa4\x5f\xd2\x37\x66\xb1\xb0\x5d\xe6\x14\xd8\x9d\x97\xff\x14\x00\x40\x21\x49\xad\x38\xba\xfe\x78\x21\xd7\x0a\xd7\xf3\x24\x62\x92\xab\xec\x44\x65\x27\xb6\xbf\x60\xbb\x6c\x42\x77\xdb\x93\xaf\x9d\x46\xfa\x01\x59\x8d\x23\x50\xf4\x1d\xe9\x2d\x00\x00\xff\xff\x7f\x0c\x2b\x6b\x96\x02\x00\x00"), + }, + "/charts/components/inspektor-gadget/templates/serviceaccount.yaml": &vfsgen۰CompressedFileInfo{ + name: "serviceaccount.yaml", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 338, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x74\x8f\x31\x4e\x04\x31\x0c\x45\xfb\x9c\xe2\x6b\xfb\x19\x09\x89\x6a\x3a\x2e\x40\x83\xb4\x12\xa5\x49\xcc\x62\x6d\xe2\xac\x12\xcf\x52\x84\xdc\x1d\x85\x29\x18\x90\xa6\x4b\xac\xff\xde\xb7\x5b\x9b\x20\xef\x98\xcf\x14\x57\xae\x73\xe5\x72\x17\xcf\x4f\xde\xe7\x55\x6d\xf6\x85\xc9\x18\x53\xef\x8e\x6e\x72\xe6\x52\x25\xeb\x82\xfb\x83\xbb\x8a\x86\x05\x2f\x7f\xe2\x2e\xb1\x51\x20\xa3\xc5\x01\x4a\x89\x17\xb4\x06\x51\x1f\xd7\xc0\x38\x89\xd6\x1b\x5f\x2d\x97\xe9\x42\xe1\xc2\xf6\xaf\xec\x99\x12\x9f\x30\xa3\x77\x07\x44\x7a\xe3\x58\x87\x07\xf8\x59\xf1\x50\xb2\x25\x07\xf8\x05\x15\x0d\xac\x86\xc7\x4d\x32\xc0\x4f\xb1\x8f\xa3\xeb\x48\x35\x1b\x99\x64\xad\x1b\xb0\x1b\xfc\x56\x5b\x7e\xa5\x14\x8f\xfc\xac\x61\x7c\x76\xcf\xef\x00\x00\x00\xff\xff\x95\xd6\x9b\x21\x52\x01\x00\x00"), + }, + "/charts/components/inspektor-gadget/values.yaml": &vfsgen۰CompressedFileInfo{ + name: "values.yaml", + modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), + uncompressedSize: 1214, + + compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x54\xc1\x6e\xdc\x36\x14\xbc\xf3\x2b\x06\xf6\x21\x17\x47\x95\xd7\x05\x52\xe8\x66\x20\x97\x00\x71\x6b\x20\x46\x8b\x22\xc8\x81\x4b\x3d\xad\x18\x53\x7c\x2a\xdf\xa3\x16\x42\xd1\x7f\x2f\x48\x29\xeb\xd6\xed\x21\x27\xed\x2e\xe7\xcd\x9b\x19\xce\xea\x1a\xef\x69\xb0\x39\x28\x16\x1b\x32\x09\x06\x4e\xf0\x51\x66\x7a\x56\x4e\x6f\x4f\xb6\x3f\x91\x36\xe6\x1a\x4f\xa3\x17\x78\x81\xc5\xef\xf7\x0f\x1f\xdf\x0e\x9c\x26\xab\x4a\x3d\x06\x1f\xa8\x00\xde\x93\x0b\x36\x11\x16\x9b\xbc\x3d\x06\x12\x28\xe3\x48\x98\xad\x08\xf5\xf0\x51\x19\x2b\xe7\x04\xa5\x69\x0e\x56\x49\x1a\x63\xfc\x64\x4f\xd4\x19\x20\xd1\xcc\xe2\x95\xd3\xda\xe1\xd9\xc7\x85\xc3\xf3\x0f\xdb\x72\x03\xcc\x39\x84\x47\x0e\xde\xad\x1d\x3e\x0c\x3f\xb3\x3e\x26\x12\x8a\xe5\xe8\x1a\xbf\x2c\x94\x92\xef\xcb\xbe\x91\x50\x09\xa1\xf6\x84\xf3\xc8\x42\xe8\x77\x77\x7e\x3b\x76\xa3\x4d\x0a\x3b\xcf\xbf\x52\x12\xcf\xb1\x31\x28\xe0\x0e\x87\xf6\xd0\xb6\xef\xda\xdb\xf6\xf6\xee\xc7\xbb\x43\x3b\xbc\xbb\x3b\x38\x5c\x63\x69\x9b\x43\xd3\xee\x3a\x1f\x73\x08\x9f\xc8\x25\x52\xe9\xf0\xf9\x8b\x89\x76\xa2\x6f\xdb\x3b\x5c\x5d\x99\x21\x87\xf0\x9f\x1f\x8d\x50\x5a\xbc\xa3\x7b\xe7\x38\x47\xed\xaa\xe8\x4f\x33\x39\x3f\x78\x12\x9c\x47\xd2\x91\x12\x2c\x76\x1c\xec\x06\x84\x8c\x9c\x43\x5f\x22\x74\x89\xac\x52\x6f\xb0\x7f\xea\xa0\x29\x53\x25\xba\x8f\x91\xd5\xaa\xe7\x58\xf3\xb6\x7d\x5f\x1e\xc5\xea\x2b\x3a\x03\xd8\x17\x6c\x87\x3f\xff\xaa\xf3\x4f\x23\xa1\x48\x06\x0f\xff\x37\x55\xc8\xb2\x50\x53\xb1\x1f\x06\x44\x56\x08\x29\x6c\xec\x77\x2d\x35\xd9\x94\xe9\x06\x76\x23\xf2\x82\x13\x45\x4a\x45\x31\xb2\xf8\x78\xaa\xc4\xdf\xb2\xb9\x5c\xbf\x41\xc5\x6f\x19\xcd\xdc\xdf\xbf\x52\x67\x12\x09\xe7\xe4\xe8\x45\xec\x6f\x84\x2c\xd9\x86\xb0\x22\x91\xe3\x69\xa2\xd8\x57\x49\xca\x90\x9a\xe8\x7a\xb9\xf0\xcb\x74\xd5\xaa\x8c\x40\x76\x21\x68\xa9\xb1\x2d\x35\x76\x1c\xc5\x79\xce\x52\xa9\xdd\xc8\xc5\x76\x69\x7f\x51\x9b\x85\x52\xb3\x75\xde\x06\x61\xf8\x58\xdc\x0a\x49\x69\x50\x74\xdb\x33\xa9\x20\xe5\x08\x8e\xa0\xb8\xf8\xc4\x71\xa2\xa8\x82\xb3\xd7\x11\xc1\xab\x86\xed\x8e\x2e\x52\x6e\x20\xd9\x8d\x65\xfd\x83\x8f\xfe\x39\x1f\xa9\x29\xa1\xae\x9c\xd1\x33\xce\x36\xfe\xcb\xc9\x3f\xc6\x72\xdc\xdc\xea\x16\x25\x87\xc0\x67\x1f\x4f\x95\x3d\xf8\x58\x20\xb6\xff\x9a\xa5\x9e\x4f\x65\x41\x24\x47\x22\x36\xad\x37\xd5\x7f\xa2\x89\xab\x7b\x82\xcb\x29\xac\x38\x26\x5b\xb3\x19\x94\x12\xde\xbc\x44\xfd\xa6\xd9\x49\x27\xaf\xb2\x75\x15\x70\x73\xee\x70\xdb\xb6\xd3\xfe\x7d\xa2\xa9\xfe\x51\x6f\x0f\x3f\x3d\xf8\xdd\xe2\x1f\x99\xe4\x7b\x27\x8c\x72\x28\x05\xd9\xee\xfa\xf3\x17\x63\x28\x96\x57\xc6\x53\x11\x15\x98\xe7\xbd\xe0\x81\x4f\x1f\x69\xa1\xd0\xe1\xca\xc7\x81\x6f\xbe\x0a\xc7\x2b\x93\x8e\xd6\xed\x80\xbf\x03\x00\x00\xff\xff\x7a\x07\x3b\xab\xbe\x04\x00\x00"), + }, "/charts/components/istio-operator": &vfsgen۰DirInfo{ name: "istio-operator", modTime: time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC), @@ -6292,6 +6356,7 @@ var vfsgenAssets = func() http.FileSystem { fs["/charts/components/flatcar-linux-update-operator"].(os.FileInfo), fs["/charts/components/gangway"].(os.FileInfo), fs["/charts/components/httpbin"].(os.FileInfo), + fs["/charts/components/inspektor-gadget"].(os.FileInfo), fs["/charts/components/istio-operator"].(os.FileInfo), fs["/charts/components/linkerd2"].(os.FileInfo), fs["/charts/components/metrics-server"].(os.FileInfo), @@ -6502,6 +6567,19 @@ var vfsgenAssets = func() http.FileSystem { fs["/charts/components/httpbin/templates/ingress.yaml"].(os.FileInfo), fs["/charts/components/httpbin/templates/service.yaml"].(os.FileInfo), } + fs["/charts/components/inspektor-gadget"].(*vfsgen۰DirInfo).entries = []os.FileInfo{ + fs["/charts/components/inspektor-gadget/.helmignore"].(os.FileInfo), + fs["/charts/components/inspektor-gadget/Chart.yaml"].(os.FileInfo), + fs["/charts/components/inspektor-gadget/templates"].(os.FileInfo), + fs["/charts/components/inspektor-gadget/values.yaml"].(os.FileInfo), + } + fs["/charts/components/inspektor-gadget/templates"].(*vfsgen۰DirInfo).entries = []os.FileInfo{ + fs["/charts/components/inspektor-gadget/templates/_helpers.tpl"].(os.FileInfo), + fs["/charts/components/inspektor-gadget/templates/daemonset.yaml"].(os.FileInfo), + fs["/charts/components/inspektor-gadget/templates/psp.yaml"].(os.FileInfo), + fs["/charts/components/inspektor-gadget/templates/rbac.yaml"].(os.FileInfo), + fs["/charts/components/inspektor-gadget/templates/serviceaccount.yaml"].(os.FileInfo), + } fs["/charts/components/istio-operator"].(*vfsgen۰DirInfo).entries = []os.FileInfo{ fs["/charts/components/istio-operator/Chart.yaml"].(os.FileInfo), fs["/charts/components/istio-operator/crds"].(os.FileInfo), diff --git a/pkg/components/inspektor-gadget/component.go b/pkg/components/inspektor-gadget/component.go new file mode 100644 index 000000000..30e48e82e --- /dev/null +++ b/pkg/components/inspektor-gadget/component.go @@ -0,0 +1,86 @@ +// Copyright 2020 The Lokomotive Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inspektorgadget + +import ( + "fmt" + + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/gohcl" + + "github.com/kinvolk/lokomotive/internal/template" + "github.com/kinvolk/lokomotive/pkg/components" + "github.com/kinvolk/lokomotive/pkg/components/util" + "github.com/kinvolk/lokomotive/pkg/k8sutil" +) + +const name = "inspektor-gadget" + +//nolint:gochecknoinits +func init() { + components.Register(name, newComponent()) +} + +type component struct { + Namespace string `hcl:"namespace,optional"` + EnableTraceloop bool `hcl:"enable_traceloop,optional"` +} + +func newComponent() *component { + return &component{ + Namespace: "kube-system", + EnableTraceloop: true, + } +} + +// LoadConfig loads the component config. +func (c *component) LoadConfig(configBody *hcl.Body, evalContext *hcl.EvalContext) hcl.Diagnostics { + if configBody == nil { + return hcl.Diagnostics{ + components.HCLDiagConfigBodyNil, + } + } + + return gohcl.DecodeBody(*configBody, evalContext, c) +} + +// RenderManifests renders the Helm chart templates with values provided. +func (c *component) RenderManifests() (map[string]string, error) { + helmChart, err := components.Chart(name) + if err != nil { + return nil, fmt.Errorf("retrieving chart from assets: %w", err) + } + + values, err := template.Render(chartValuesTmpl, c) + if err != nil { + return nil, fmt.Errorf("rendering chart values template failed: %w", err) + } + + renderedFiles, err := util.RenderChart(helmChart, name, c.Metadata().Namespace.Name, values) + if err != nil { + return nil, fmt.Errorf("rendering chart failed: %w", err) + } + + return renderedFiles, nil +} + +func (c *component) Metadata() components.Metadata { + return components.Metadata{ + Name: name, + Namespace: k8sutil.Namespace{ + Name: c.Namespace, + }, + } +} diff --git a/pkg/components/inspektor-gadget/doc.go b/pkg/components/inspektor-gadget/doc.go new file mode 100644 index 000000000..730ad6620 --- /dev/null +++ b/pkg/components/inspektor-gadget/doc.go @@ -0,0 +1,16 @@ +// Copyright 2020 The Lokomotive Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package inspektorgadget contains code for the Inspektor Gadget component. +package inspektorgadget diff --git a/pkg/components/inspektor-gadget/template.go b/pkg/components/inspektor-gadget/template.go new file mode 100644 index 000000000..0117c37f3 --- /dev/null +++ b/pkg/components/inspektor-gadget/template.go @@ -0,0 +1,28 @@ +// Copyright 2020 The Lokomotive Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inspektorgadget + +const chartValuesTmpl = ` +image: + pullPolicy: Always +{{ if .EnableTraceloop }} +enableTraceloop: true +podAnnotations: + inspektor-gadget.kinvolk.io/option-traceloop: "true" + inspektor-gadget.kinvolk.io/option-runc-hooks: "auto" +{{ else }} +enableTraceloop: false +{{ end }} +` From 5e74edd84dbcf9d03eca6a9acaedfd1c4f0496b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iago=20L=C3=B3pez=20Galeiras?= Date: Wed, 14 Oct 2020 11:24:13 +0200 Subject: [PATCH 2/5] pkg/inspektor-gadget: add unit test --- .../inspektor-gadget/component_test.go | 332 ++++++++++++++++++ 1 file changed, 332 insertions(+) create mode 100644 pkg/components/inspektor-gadget/component_test.go diff --git a/pkg/components/inspektor-gadget/component_test.go b/pkg/components/inspektor-gadget/component_test.go new file mode 100644 index 000000000..8309acd9d --- /dev/null +++ b/pkg/components/inspektor-gadget/component_test.go @@ -0,0 +1,332 @@ +// Copyright 2020 The Lokomotive Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inspektorgadget_test + +import ( + "fmt" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/hashicorp/hcl/v2" + appsv1 "k8s.io/api/apps/v1" + "sigs.k8s.io/yaml" + + "github.com/kinvolk/lokomotive/pkg/components" + "github.com/kinvolk/lokomotive/pkg/components/util" +) + +func renderManifests(configHCL string) (map[string]string, error) { + component, err := components.Get("inspektor-gadget") + if err != nil { + return nil, err + } + + body, diagnostics := util.GetComponentBody(configHCL, "inspektor-gadget") + if diagnostics != nil { + return nil, fmt.Errorf("Getting component body: %v", diagnostics) + } + + diagnostics = component.LoadConfig(body, &hcl.EvalContext{}) + if diagnostics.HasErrors() { + return nil, fmt.Errorf("Valid config should not return an error, got: %s", diagnostics) + } + + ret, err := component.RenderManifests() + if err != nil { + return nil, err + } + + return ret, nil +} + +func daemonSetFromYAML(s string) (*appsv1.DaemonSet, error) { + i := &appsv1.DaemonSet{} + if err := yaml.Unmarshal([]byte(s), i); err != nil { + return nil, err + } + + return i, nil +} + +func TestRenderManifest(t *testing.T) { //nolint:funlen + type testCase struct { + name string + configHCL string + expectFailure bool + expectDaemonSet string + } + + tcs := []testCase{ + { + "WithEmptyConfig", + `component "inspektor-gadget" {}`, + false, + `apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: inspektor-gadget + labels: + helm.sh/chart: inspektor-gadget-0.1.0 + app.kubernetes.io/name: inspektor-gadget + app.kubernetes.io/instance: inspektor-gadget + app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: inspektor-gadget + app.kubernetes.io/instance: inspektor-gadget + template: + metadata: + annotations: + inspektor-gadget.kinvolk.io/option-runc-hooks: auto + inspektor-gadget.kinvolk.io/option-traceloop: "true" + labels: + k8s-app: gadget # headlamp's traceloop plugin expects this + app.kubernetes.io/name: inspektor-gadget + app.kubernetes.io/instance: inspektor-gadget + spec: + serviceAccountName: inspektor-gadget + securityContext: + null + hostPID: true + hostNetwork: true + containers: + - name: gadget + securityContext: + privileged: true + image: "kinvolk/gadget:202007010134320f732c" + imagePullPolicy: Always + resources: + {} + command: [ "/entrypoint.sh" ] + lifecycle: + preStop: + exec: + command: + - "/cleanup.sh" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: GADGET_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: TRACELOOP_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: TRACELOOP_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: TRACELOOP_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TRACELOOP_IMAGE + value: kinvolk/gadget:202007010134320f732c + - name: INSPEKTOR_GADGET_VERSION + value: 0.2.0 + - name: INSPEKTOR_GADGET_OPTION_TRACELOOP + value: "true" + - name: INSPEKTOR_GADGET_OPTION_TRACELOOP_LOGLEVEL + value: info,json + - name: INSPEKTOR_GADGET_OPTION_RUNC_HOOKS_MODE + value: "auto" + volumeMounts: + - name: host + mountPath: /host + - name: run + mountPath: /run + mountPropagation: Bidirectional + - name: modules + mountPath: /lib/modules + - name: debugfs + mountPath: /sys/kernel/debug + - name: cgroup + mountPath: /sys/fs/cgroup + - name: bpffs + mountPath: /sys/fs/bpf + - name: localtime + mountPath: /etc/localtime + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: host + hostPath: + path: / + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: modules + hostPath: + path: /lib/modules + - name: bpffs + hostPath: + path: /sys/fs/bpf + - name: debugfs + hostPath: + path: /sys/kernel/debug + - name: localtime + hostPath: + path: /etc/localtime`, + }, + { + "WithoutTraceloop", + `component "inspektor-gadget" { + enable_traceloop = false + }`, + false, + `apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: inspektor-gadget + labels: + helm.sh/chart: inspektor-gadget-0.1.0 + app.kubernetes.io/name: inspektor-gadget + app.kubernetes.io/instance: inspektor-gadget + app.kubernetes.io/version: "0.2.0" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: inspektor-gadget + app.kubernetes.io/instance: inspektor-gadget + template: + metadata: + labels: + k8s-app: gadget # headlamp's traceloop plugin expects this + app.kubernetes.io/name: inspektor-gadget + app.kubernetes.io/instance: inspektor-gadget + spec: + serviceAccountName: inspektor-gadget + securityContext: + null + hostPID: true + hostNetwork: true + containers: + - name: gadget + securityContext: + privileged: true + image: "kinvolk/gadget:202007010134320f732c" + imagePullPolicy: Always + resources: + {} + command: [ "/entrypoint.sh" ] + lifecycle: + preStop: + exec: + command: + - "/cleanup.sh" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: GADGET_POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: INSPEKTOR_GADGET_VERSION + value: 0.2.0 + - name: INSPEKTOR_GADGET_OPTION_TRACELOOP + value: "false" + volumeMounts: + - name: host + mountPath: /host + - name: run + mountPath: /run + mountPropagation: Bidirectional + - name: modules + mountPath: /lib/modules + - name: debugfs + mountPath: /sys/kernel/debug + - name: cgroup + mountPath: /sys/fs/cgroup + - name: bpffs + mountPath: /sys/fs/bpf + - name: localtime + mountPath: /etc/localtime + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: host + hostPath: + path: / + - name: run + hostPath: + path: /run + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: modules + hostPath: + path: /lib/modules + - name: bpffs + hostPath: + path: /sys/fs/bpf + - name: debugfs + hostPath: + path: /sys/kernel/debug + - name: localtime + hostPath: + path: /etc/localtime`, + }, + } + + testFunc := func(t *testing.T, tc testCase) { + m, err := renderManifests(tc.configHCL) + if err != nil { + if tc.expectFailure { + return + } + + t.Fatalf("Rendering manifests: %v", err) + } + + got, err := daemonSetFromYAML(m["inspektor-gadget/templates/daemonset.yaml"]) + if err != nil { + t.Fatalf("Unmarshaling ingress: %v", err) + } + + want, err := daemonSetFromYAML(tc.expectDaemonSet) + if err != nil { + t.Fatalf("Unmarshaling daemonset: %v", err) + } + + if diff := cmp.Diff(got, want); diff != "" { + t.Fatalf("unexpected daemonset -want +got)\n%s", diff) + } + } + + for _, tc := range tcs { + tc := tc + t.Run(tc.name, func(t *testing.T) { + testFunc(t, tc) + }) + } +} From 2eb11468a38af8427ff1e37ae08f7677437f3e85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iago=20L=C3=B3pez=20Galeiras?= Date: Mon, 12 Oct 2020 14:57:08 +0200 Subject: [PATCH 3/5] docs/components: update list of available components --- docs/concepts/components.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/concepts/components.md b/docs/concepts/components.md index f271a8263..5f2e8630f 100644 --- a/docs/concepts/components.md +++ b/docs/concepts/components.md @@ -86,6 +86,7 @@ Available components: gangway web-ui httpbin + inspektor-gadget metallb metrics-server openebs-operator From 6d9a9a796fdc7e3a81ebbaba738dc83b5ee3ac9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iago=20L=C3=B3pez=20Galeiras?= Date: Mon, 12 Oct 2020 14:54:06 +0200 Subject: [PATCH 4/5] inspektor-gadget: add simple daemonset test It checks that the daemonset is created and converges. --- .../inspektor-gadget/inspektorgadget_test.go | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 test/components/inspektor-gadget/inspektorgadget_test.go diff --git a/test/components/inspektor-gadget/inspektorgadget_test.go b/test/components/inspektor-gadget/inspektorgadget_test.go new file mode 100644 index 000000000..95ea2fc08 --- /dev/null +++ b/test/components/inspektor-gadget/inspektorgadget_test.go @@ -0,0 +1,35 @@ +// Copyright 2020 The Lokomotive Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build aws aws_edge packet aks +// +build e2e + +package inspektorgadget_test + +import ( + "testing" + + testutil "github.com/kinvolk/lokomotive/test/components/util" +) + +const ( + daemonset = "inspektor-gadget" + namespace = "kube-system" +) + +func TestInspektorGadgetDaemonSet(t *testing.T) { + client := testutil.CreateKubeClient(t) + + testutil.WaitForDaemonSet(t, client, namespace, daemonset, testutil.RetryInterval, testutil.Timeout) +} From 10705c9aeae6177891ccf1458495b3551f750970 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iago=20L=C3=B3pez=20Galeiras?= Date: Mon, 12 Oct 2020 14:56:29 +0200 Subject: [PATCH 5/5] ci: add inspektor-gadget --- ci/aks/aks-cluster.lokocfg.envsubst | 2 ++ ci/aws/aws-cluster.lokocfg.envsubst | 2 ++ ci/baremetal/baremetal-cluster.lokocfg.envsubst | 2 ++ ci/packet/packet-cluster.lokocfg.envsubst | 2 ++ 4 files changed, 8 insertions(+) diff --git a/ci/aks/aks-cluster.lokocfg.envsubst b/ci/aks/aks-cluster.lokocfg.envsubst index 04401e104..f381aebf9 100644 --- a/ci/aks/aks-cluster.lokocfg.envsubst +++ b/ci/aks/aks-cluster.lokocfg.envsubst @@ -125,3 +125,5 @@ component "web-ui" { certmanager_cluster_issuer = "letsencrypt-staging" } } + +component "inspektor-gadget" {} diff --git a/ci/aws/aws-cluster.lokocfg.envsubst b/ci/aws/aws-cluster.lokocfg.envsubst index d69409f25..24e11fb38 100644 --- a/ci/aws/aws-cluster.lokocfg.envsubst +++ b/ci/aws/aws-cluster.lokocfg.envsubst @@ -250,3 +250,5 @@ component "web-ui" { issuer_url = "$ISSUER_HOST" } } + +component "inspektor-gadget" {} diff --git a/ci/baremetal/baremetal-cluster.lokocfg.envsubst b/ci/baremetal/baremetal-cluster.lokocfg.envsubst index ffecd9d20..89d3985f3 100644 --- a/ci/baremetal/baremetal-cluster.lokocfg.envsubst +++ b/ci/baremetal/baremetal-cluster.lokocfg.envsubst @@ -41,3 +41,5 @@ cluster "bare-metal" { "roleofnode" = "testing", } } + +component "inspektor-gadget" {} diff --git a/ci/packet/packet-cluster.lokocfg.envsubst b/ci/packet/packet-cluster.lokocfg.envsubst index 49db5ef74..ddc6fa021 100644 --- a/ci/packet/packet-cluster.lokocfg.envsubst +++ b/ci/packet/packet-cluster.lokocfg.envsubst @@ -222,3 +222,5 @@ component "web-ui" { issuer_url = "$ISSUER_HOST" } } + +component "inspektor-gadget" {}