Skip to content

Commit

Permalink
[stable/sysdig] Use latest released agent image version and add optio…
Browse files Browse the repository at this point in the history 
…ns to support eBPF based probe (helm#11856)

* Upgrade agent image version to 0.89.0

Signed-off-by: Néstor Salceda <[email protected]>

* Add support for configuring eBPF

Signed-off-by: Néstor Salceda <[email protected]>

* Bump up Chart version

Signed-off-by: Néstor Salceda <[email protected]>

* Update CHANGELOG with latest news

Signed-off-by: Néstor Salceda <[email protected]>
  • Loading branch information
@nestorsalceda @k8s-ci-robot
nestorsalceda authored and k8s-ci-robot committed Mar 1, 2019
1 parent 61dd396 commit af554de
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 23 deletions.
7 changes: 7 additions & 0 deletions stable/sysdig/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,13 @@
This file documents all notable changes to Sysdig Helm Chart. The release
numbering uses [semantic versioning](http://semver.org).

## v1.4.0

### Major Changes

* Use the latest image from Agent (0.89.0) by default.
* eBPF support added.

## v1.3.2

### Minor Changes
Expand Down
4 changes: 2 additions & 2 deletions stable/sysdig/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: sysdig
version: 1.3.2
appVersion: 0.88.1
version: 1.4.0
appVersion: 0.89.0
description: Sysdig Monitor and Secure agent
keywords:
- monitoring
Expand Down
42 changes: 22 additions & 20 deletions stable/sysdig/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,26 +38,28 @@ The command removes all the Kubernetes components associated with the chart and

The following table lists the configurable parameters of the Sysdig chart and their default values.

| Parameter | Description | Default |
| --- | --- | --- |
| `image.registry` | Sysdig agent image registry | `docker.io` |
| `image.repository` | The image repository to pull from | `sysdig/agent` |
| `image.tag` | The image tag to pull | `0.88.1` |
| `image.pullPolicy` | The Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `nil` |
| `resources.requests.cpu` | CPU requested for being run in a node | `100m` |
| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` |
| `resources.limits.cpu` | CPU limit | `200m` |
| `resources.limits.memory` | Memory limit | `1024Mi` |
| `rbac.create` | If true, create & use RBAC resources | `true` |
| `serviceAccount.create` | Create serviceAccount | `true` |
| `serviceAccount.name` | Use this value as serviceAccountName | ` ` |
| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` |
| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key |
| `sysdig.settings` | Settings for agent's configuration file | `{}` |
| `secure.enabled` | Enable Sysdig Secure | `false` |
| `customAppChecks` | The custom app checks deployed with your agent | `{}` |
| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` |
| Parameter | Description | Default |
| --- | --- | --- |
| `image.registry` | Sysdig agent image registry | `docker.io` |
| `image.repository` | The image repository to pull from | `sysdig/agent` |
| `image.tag` | The image tag to pull | `0.88.1` |
| `image.pullPolicy` | The Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets | `nil` |
| `resources.requests.cpu` | CPU requested for being run in a node | `100m` |
| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` |
| `resources.limits.cpu` | CPU limit | `200m` |
| `resources.limits.memory` | Memory limit | `1024Mi` |
| `rbac.create` | If true, create & use RBAC resources | `true` |
| `serviceAccount.create` | Create serviceAccount | `true` |
| `serviceAccount.name` | Use this value as serviceAccountName | ` ` |
| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` |
| `ebpf.enabled` | Enable eBPF support for Sysdig instead of `sysdig-probe` kernel module | `false` |
| `ebpf.settings.mountEtcVolume` | Needed to detect which kernel version are running in Google COS | `true` |
| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key |
| `sysdig.settings` | Settings for agent's configuration file | `{}` |
| `secure.enabled` | Enable Sysdig Secure | `false` |
| `customAppChecks` | The custom app checks deployed with your agent | `{}` |
| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` |

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

Expand Down
15 changes: 15 additions & 0 deletions stable/sysdig/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ spec:
{{ toYaml .Values.resources | indent 12 }}
securityContext:
privileged: true
{{- if .Values.ebpf.enabled }}
env:
- name: SYSDIG_BPF_PROBE
value:
{{- end }}
readinessProbe:
exec:
command: [ "test", "-e", "/opt/draios/logs/running" ]
Expand Down Expand Up @@ -65,6 +70,11 @@ spec:
name: sysdig-agent-config
- mountPath: /opt/draios/etc/kubernetes/secrets
name: sysdig-agent-secrets
{{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }}
- mountPath: /host/etc
name: etc-fs
readOnly: true
{{- end }}
{{- if .Values.customAppChecks }}
- mountPath: /opt/draios/lib/python/checks.custom.d
name: custom-app-checks-volume
Expand Down Expand Up @@ -94,6 +104,11 @@ spec:
- name: varrun-vol
hostPath:
path: /var/run
{{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }}
- name: etc-fs
hostPath:
path: /etc
{{- end }}
- name: sysdig-agent-config
configMap:
name: {{ template "sysdig.fullname" . }}
Expand Down
11 changes: 10 additions & 1 deletion stable/sysdig/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
image:
registry: docker.io
repository: sysdig/agent
tag: 0.88.1
tag: 0.89.0
# Specify a imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
Expand Down Expand Up @@ -44,6 +44,15 @@ daemonset:
# need it
type: RollingUpdate

ebpf:
# Enable eBPF support for Sysdig Agent
enabled: false

settings:
# Needed to correctly detect the kernel version for the eBPF program
# Set to false if not running on Google COS
mountEtcVolume: true

sysdig:
# Required: You need your Sysdig Monitor access key before running agents.
# accessKey: ""
Expand Down

0 comments on commit af554de

Please sign in to comment.