Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eBPF agent chart changes #241

Closed
wants to merge 9 commits into from
Closed

eBPF agent chart changes #241

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
967133c
Restructure the sniffer DS to a single DaemonSet with sniffer, ebpf, …
orishavit Jul 11, 2024
778a367
enable node DS if any component is enabled
orishavit Jul 18, 2024
5a1cde1
flatten all image values
orishavit Aug 7, 2024
52487bc
remove bpfman
orishavit Aug 22, 2024
7ec3906
Merge remote-tracking branch 'origin/main' into shavit/node-agent-ebpf
orishavit Sep 9, 2024
6e64486
Merge remote-tracking branch 'origin/main' into shavit/node-agent-ebpf
orishavit Sep 17, 2024
e82a708
feature flags
orishavit Sep 18, 2024
0d76bf2
set NODE_NAME for network-mapper agent
orishavit Sep 19, 2024
5a4438c
Add env variables to the agent
otterobert Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
230 changes: 230 additions & 0 deletions network-mapper/templates/agent-daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,230 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: otterize-node-agent
labels:
{{- with .Values.global.commonLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/version: {{ .Chart.Version }}
annotations:
{{- with .Values.global.commonAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/version: {{ .Chart.Version }}
spec:
selector:
matchLabels:
app: otterize-node-agent
template:
metadata:
labels:
{{- with .Values.global.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.commonLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app: otterize-node-agent
app.kubernetes.io/version: {{ .Chart.Version }}
annotations:
{{- with .Values.global.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.commonAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/version: {{ .Chart.Version }}
spec:
serviceAccountName: {{ template "otterize.sniffer.fullName" . }}
{{- if .Values.agent.podSecurityContext }}
securityContext:
{{- toYaml .Values.agent.podSecurityContext | nindent 8 }}
{{- end }}
{{ if .Values.agent.pullSecrets }}
imagePullSecrets:
- name: {{ .Values.agent.pullSecrets }}
{{ end }}
{{- with .Values.agent.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.agent.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet

volumes:
- hostPath:
path: /proc
name: host-proc
- name: component-config
configMap:
name: {{ template "otterize.mapper.componentConfigmap" . }}
- name: host-socket-k3s
hostPath:
path: "/run/k3s/containerd/containerd.sock"
- name: host-socket-containerd
hostPath:
path: "/run/containerd/containerd.sock"
- name: host-bpffs
hostPath:
path: "/sys/fs/bpf"

containers:
{{ if .Values.agent.enable }}
- name: node-agent
image: "{{ .Values.agent.repository }}/{{ .Values.agent.image }}:{{ .Values.agent.tag }}"
{{ if .Values.agent.pullPolicy }}
imagePullPolicy: {{ .Values.agent.pullPolicy }}
{{ end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName

{{ if .Values.debug }}
- name: OTTERIZE_DEBUG
value: {{ .Values.debug | quote }}
{{ end }}

{{ if .Values.global.otterizeCloud.apiAddress }}
- name: OTTERIZE_API_ADDRESS
value: "{{ .Values.global.otterizeCloud.apiAddress }}"
{{ end }}
{{ if .Values.global.otterizeCloud.credentials.clientId }}
- name: OTTERIZE_CLIENT_ID
value: "{{ .Values.global.otterizeCloud.credentials.clientId }}"
{{ end }}
{{ if (and .Values.global.otterizeCloud.credentials.clientSecretKeyRef.secretName .Values.global.otterizeCloud.credentials.clientSecretKeyRef.secretKey) }}
- name: OTTERIZE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.global.otterizeCloud.credentials.clientSecretKeyRef.secretName }}"
key: "{{ .Values.global.otterizeCloud.credentials.clientSecretKeyRef.secretKey }}"
{{ else if .Values.global.otterizeCloud.credentials.clientSecret }}
- name: OTTERIZE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: mapper-otterize-cloud-client-secret
key: otterize-cloud-client-secret
{{ end }}

{{ if default false .Values.experimental.ebpf }}
- name: OTTERIZE_EXPERIMENTAL_EBPF
value: {{ .Values.experimental.ebpf | quote }}
{{ end }}

volumeMounts:
- name: host-proc
mountPath: /host/proc
readOnly: true

- name: host-socket-k3s
mountPath: /run/cri/k3s.sock
- name: host-socket-containerd
mountPath: /run/cri/containerd.sock

- mountPath: /host/sys/fs/bpf
name: host-bpffs
readOnly: false

securityContext:
privileged: true
{{ end }}


{{ if .Values.sniffer.enable }}
- name: network-sniffer
image: "{{ .Values.sniffer.repository }}/{{ .Values.sniffer.image }}:{{ default $.Chart.AppVersion .Values.sniffer.tag }}"
{{ if .Values.sniffer.pullPolicy }}
imagePullPolicy: {{ .Values.sniffer.pullPolicy }}
{{ end }}
resources: {{- toYaml .Values.sniffer.resources | nindent 12 }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OTTERIZE_MAPPER_API_URL
value: http://{{ template "otterize.mapper.fullName" . }}:9090/query
- name: OTTERIZE_DEBUG
value: {{ .Values.debug | quote }}
{{ if .Values.global.serviceNameOverrideAnnotationName }}
- name: OTTERIZE_SERVICE_NAME_OVERRIDE_ANNOTATION
value: {{ .Values.global.serviceNameOverrideAnnotationName | quote }}
{{ end }}
{{- if eq false .Values.global.telemetry.enabled }}
- name: OTTERIZE_TELEMETRY_ENABLED
value: "false"
{{- else }}
- name: OTTERIZE_TELEMETRY_ENABLED
value: "true"
{{- end }}
{{- if eq false .Values.global.telemetry.usage.enabled }}
- name: OTTERIZE_TELEMETRY_USAGE_ENABLED
value: "false"
{{- else }}
- name: OTTERIZE_TELEMETRY_USAGE_ENABLED
value: "true"
{{- end }}
{{- if eq false .Values.global.telemetry.errors.enabled }}
- name: OTTERIZE_TELEMETRY_ERRORS_ENABLED
value: "false"
{{- else }}
- name: OTTERIZE_TELEMETRY_ERRORS_ENABLED
value: "true"
{{- end }}
{{- if .Values.global.telemetry.errors.stage }}
- name: OTTERIZE_TELEMETRY_ERRORS_STAGE
value: {{ .Values.global.telemetry.errors.stage | quote }}
{{- end }}
{{- if .Values.global.telemetry.errors.endpointAddress }}
- name: OTTERIZE_TELEMETRY_ERRORS_ADDRESS
value: {{ .Values.global.telemetry.errors.endpointAddress | quote }}
{{- end }}
{{- if .Values.global.telemetry.errors.networkMapperApiKey }}
- name: OTTERIZE_TELEMETRY_ERRORS_API_KEY
value: {{ .Values.global.telemetry.errors.networkMapperApiKey | quote }}
{{- end }}
{{- if .Values.global.otterizeCloud.credentials.clientId }}
- name: OTTERIZE_CLIENT_ID
value: "{{ .Values.global.otterizeCloud.credentials.clientId }}"
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: 9090
initialDelaySeconds: 30
periodSeconds: 20
readinessProbe:
httpGet:
path: /healthz
port: 9090
initialDelaySeconds: 30
periodSeconds: 20
{{- if .Values.sniffer.containerSecurityContext }}
securityContext:
{{- toYaml .Values.sniffer.containerSecurityContext | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /hostproc
name: host-proc
readOnly: true
- mountPath: /etc/otterize
name: component-config
readOnly: true
{{ end }}
146 changes: 0 additions & 146 deletions network-mapper/templates/sniffer-daemonset.yaml
View file
Open in desktop

This file was deleted.

Loading
Loading