From 4a3e6d834957ebeb7b0d09035af00e4d047341ef Mon Sep 17 00:00:00 2001 From: Michi Mutsuzaki Date: Fri, 24 May 2024 21:44:19 +0000 Subject: [PATCH] helm: Add tetragon.livenessProbe value Add tetragon.livenessProbe Helm value that overrides the default liveness probe for the tetragon container. For example, to use grpc probe, you can specify tetragon.livenessProbe Helm value like this: tetragon: livenessProbe: grpc: port: 54321 Signed-off-by: Michi Mutsuzaki --- docs/content/en/docs/reference/helm-chart.md | 1 + install/kubernetes/tetragon/README.md | 1 + .../kubernetes/tetragon/templates/_container_tetragon.tpl | 5 ++++- install/kubernetes/tetragon/values.yaml | 5 +++++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index a8f03a2d93a..cdb0231ac4d 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -82,6 +82,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | | tetragon.image.tag | string | `"v1.1.0"` | | +| tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"failAllowNamespaces":"","installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | | tetragon.ociHookSetup.extraVolumeMounts | list | `[]` | Extra volume mounts to add to the oci-hook-setup init container | diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md index 4d9b4cde51e..ad0c7bcd000 100644 --- a/install/kubernetes/tetragon/README.md +++ b/install/kubernetes/tetragon/README.md @@ -64,6 +64,7 @@ Helm chart for Tetragon | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | | tetragon.image.tag | string | `"v1.1.0"` | | +| tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"failAllowNamespaces":"","installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | | tetragon.ociHookSetup.extraVolumeMounts | list | `[]` | Extra volume mounts to add to the oci-hook-setup init container | diff --git a/install/kubernetes/tetragon/templates/_container_tetragon.tpl b/install/kubernetes/tetragon/templates/_container_tetragon.tpl index 03617f510be..fb8cc91508d 100644 --- a/install/kubernetes/tetragon/templates/_container_tetragon.tpl +++ b/install/kubernetes/tetragon/templates/_container_tetragon.tpl @@ -64,7 +64,10 @@ resources: {{- toYaml . | nindent 4 }} {{- end }} -{{- if .Values.tetragon.grpc.enabled }} +{{- if .Values.tetragon.livenessProbe }} + livenessProbe: + {{- toYaml .Values.tetragon.livenessProbe | nindent 4 }} +{{- else if .Values.tetragon.grpc.enabled }} livenessProbe: timeoutSeconds: 60 exec: diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml index 7f37016f58b..d113a0d63ba 100644 --- a/install/kubernetes/tetragon/values.yaml +++ b/install/kubernetes/tetragon/values.yaml @@ -63,6 +63,11 @@ tetragon: extraVolumeMounts: [] securityContext: privileged: true + # -- Overrides the default livenessProbe for the tetragon container. + livenessProbe: {} + # grpc: + # port: 54321 + # Tetragon puts processes in an LRU cache. The cache is used to find ancestors # for subsequently exec'ed processes. processCacheSize: 65536