diff --git a/stable/sysdig/CHANGELOG.md b/stable/sysdig/CHANGELOG.md index 2ecf65a10356..a94cd9e17fe1 100644 --- a/stable/sysdig/CHANGELOG.md +++ b/stable/sysdig/CHANGELOG.md @@ -3,6 +3,13 @@ This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.4.0 + +### Major Changes + +* Use the latest image from Agent (0.89.0) by default. +* eBPF support added. + ## v1.3.2 ### Minor Changes diff --git a/stable/sysdig/Chart.yaml b/stable/sysdig/Chart.yaml index 7d122e4b8941..c3aee5c42c7c 100755 --- a/stable/sysdig/Chart.yaml +++ b/stable/sysdig/Chart.yaml @@ -1,6 +1,6 @@ name: sysdig -version: 1.3.2 -appVersion: 0.88.1 +version: 1.4.0 +appVersion: 0.89.0 description: Sysdig Monitor and Secure agent keywords: - monitoring diff --git a/stable/sysdig/README.md b/stable/sysdig/README.md index b1db4c2f82ea..0507e6ec4648 100644 --- a/stable/sysdig/README.md +++ b/stable/sysdig/README.md @@ -38,26 +38,28 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Sysdig chart and their default values. -| Parameter | Description | Default | -| --- | --- | --- | -| `image.registry` | Sysdig agent image registry | `docker.io` | -| `image.repository` | The image repository to pull from | `sysdig/agent` | -| `image.tag` | The image tag to pull | `0.88.1` | -| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `nil` | -| `resources.requests.cpu` | CPU requested for being run in a node | `100m` | -| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | -| `resources.limits.cpu` | CPU limit | `200m` | -| `resources.limits.memory` | Memory limit | `1024Mi` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | Create serviceAccount | `true` | -| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | -| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | -| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | -| `sysdig.settings` | Settings for agent's configuration file | `{}` | -| `secure.enabled` | Enable Sysdig Secure | `false` | -| `customAppChecks` | The custom app checks deployed with your agent | `{}` | -| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | +| Parameter | Description | Default | +| --- | --- | --- | +| `image.registry` | Sysdig agent image registry | `docker.io` | +| `image.repository` | The image repository to pull from | `sysdig/agent` | +| `image.tag` | The image tag to pull | `0.88.1` | +| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `nil` | +| `resources.requests.cpu` | CPU requested for being run in a node | `100m` | +| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | +| `resources.limits.cpu` | CPU limit | `200m` | +| `resources.limits.memory` | Memory limit | `1024Mi` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `serviceAccount.create` | Create serviceAccount | `true` | +| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | +| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | +| `ebpf.enabled` | Enable eBPF support for Sysdig instead of `sysdig-probe` kernel module | `false` | +| `ebpf.settings.mountEtcVolume` | Needed to detect which kernel version are running in Google COS | `true` | +| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | +| `sysdig.settings` | Settings for agent's configuration file | `{}` | +| `secure.enabled` | Enable Sysdig Secure | `false` | +| `customAppChecks` | The custom app checks deployed with your agent | `{}` | +| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/sysdig/templates/daemonset.yaml b/stable/sysdig/templates/daemonset.yaml index 7a0d87007262..70f1a3b67c84 100644 --- a/stable/sysdig/templates/daemonset.yaml +++ b/stable/sysdig/templates/daemonset.yaml @@ -35,6 +35,11 @@ spec: {{ toYaml .Values.resources | indent 12 }} securityContext: privileged: true + {{- if .Values.ebpf.enabled }} + env: + - name: SYSDIG_BPF_PROBE + value: + {{- end }} readinessProbe: exec: command: [ "test", "-e", "/opt/draios/logs/running" ] @@ -65,6 +70,11 @@ spec: name: sysdig-agent-config - mountPath: /opt/draios/etc/kubernetes/secrets name: sysdig-agent-secrets + {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} + - mountPath: /host/etc + name: etc-fs + readOnly: true + {{- end }} {{- if .Values.customAppChecks }} - mountPath: /opt/draios/lib/python/checks.custom.d name: custom-app-checks-volume @@ -94,6 +104,11 @@ spec: - name: varrun-vol hostPath: path: /var/run + {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} + - name: etc-fs + hostPath: + path: /etc + {{- end }} - name: sysdig-agent-config configMap: name: {{ template "sysdig.fullname" . }} diff --git a/stable/sysdig/values.yaml b/stable/sysdig/values.yaml index 660a7dc2829b..0e914bda3ef4 100644 --- a/stable/sysdig/values.yaml +++ b/stable/sysdig/values.yaml @@ -3,7 +3,7 @@ image: registry: docker.io repository: sysdig/agent - tag: 0.88.1 + tag: 0.89.0 # Specify a imagePullPolicy # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -44,6 +44,15 @@ daemonset: # need it type: RollingUpdate +ebpf: + # Enable eBPF support for Sysdig Agent + enabled: false + + settings: + # Needed to correctly detect the kernel version for the eBPF program + # Set to false if not running on Google COS + mountEtcVolume: true + sysdig: # Required: You need your Sysdig Monitor access key before running agents. # accessKey: ""