diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index 8c1e53862f0..efe75b3702a 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -46,7 +46,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | podLabelsOverride | object | `{}` | | | podSecurityContext | object | `{}` | | | priorityClassName | string | `""` | | -| rthooks | object | `{"annotations":{},"enabled":false,"extraHookArgs":{},"extraLabels":{},"extraVolumeMounts":[],"failAllowNamespaces":"","image":{"override":null,"repository":"quay.io/cilium/tetragon-rthooks","tag":"v0.3"},"installDir":"/opt/tetragon","interface":"","nriHook":{"nriSocket":"/var/run/nri/nri.sock"},"ociHooks":{"hooksPath":"/usr/share/containers/oci/hooks.d"},"podAnnotations":{},"podSecurityContext":{"privileged":true},"priorityClassName":"","resources":{}}` | Method for installing Tetagon rthooks (tetragon-rthooks) daemonset The tetragon-rthooks daemonset is responsible for installing run-time hooks on the host. See: https://tetragon.io/docs/concepts/runtime-hooks | +| rthooks | object | `{"annotations":{},"enabled":false,"extraHookArgs":{},"extraLabels":{},"extraVolumeMounts":[],"failAllowNamespaces":"","image":{"override":null,"repository":"quay.io/cilium/tetragon-rthooks","tag":"v0.3"},"installDir":"/opt/tetragon","interface":"","nriHook":{"nriSocket":"/var/run/nri/nri.sock"},"ociHooks":{"hooksPath":"/usr/share/containers/oci/hooks.d"},"podAnnotations":{},"podSecurityContext":{"privileged":true},"priorityClassName":"","resources":{},"serviceAccount":{"name":""}}` | Method for installing Tetagon rthooks (tetragon-rthooks) daemonset The tetragon-rthooks daemonset is responsible for installing run-time hooks on the host. See: https://tetragon.io/docs/concepts/runtime-hooks | | rthooks.annotations | object | `{}` | Annotations for the Tetragon rthooks daemonset | | rthooks.enabled | bool | `false` | Enable the Tetragon rthooks daemonset | | rthooks.extraHookArgs | object | `{}` | extra args to pass to tetragon-oci-hook | @@ -64,6 +64,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | rthooks.podSecurityContext | object | `{"privileged":true}` | security context for the Tetrargon rthooks pod | | rthooks.priorityClassName | string | `""` | priorityClassName for the Tetrargon rthooks pod | | rthooks.resources | object | `{}` | resources for the the oci-hook-setup init container | +| rthooks.serviceAccount | object | `{"name":""}` | rthooks service account. | | selectorLabelsOverride | object | `{}` | | | serviceAccount.annotations | object | `{}` | | | serviceAccount.create | bool | `true` | | diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md index f10a6cf7e7b..2251df8830d 100644 --- a/install/kubernetes/tetragon/README.md +++ b/install/kubernetes/tetragon/README.md @@ -28,7 +28,7 @@ Helm chart for Tetragon | podLabelsOverride | object | `{}` | | | podSecurityContext | object | `{}` | | | priorityClassName | string | `""` | | -| rthooks | object | `{"annotations":{},"enabled":false,"extraHookArgs":{},"extraLabels":{},"extraVolumeMounts":[],"failAllowNamespaces":"","image":{"override":null,"repository":"quay.io/cilium/tetragon-rthooks","tag":"v0.3"},"installDir":"/opt/tetragon","interface":"","nriHook":{"nriSocket":"/var/run/nri/nri.sock"},"ociHooks":{"hooksPath":"/usr/share/containers/oci/hooks.d"},"podAnnotations":{},"podSecurityContext":{"privileged":true},"priorityClassName":"","resources":{}}` | Method for installing Tetagon rthooks (tetragon-rthooks) daemonset The tetragon-rthooks daemonset is responsible for installing run-time hooks on the host. See: https://tetragon.io/docs/concepts/runtime-hooks | +| rthooks | object | `{"annotations":{},"enabled":false,"extraHookArgs":{},"extraLabels":{},"extraVolumeMounts":[],"failAllowNamespaces":"","image":{"override":null,"repository":"quay.io/cilium/tetragon-rthooks","tag":"v0.3"},"installDir":"/opt/tetragon","interface":"","nriHook":{"nriSocket":"/var/run/nri/nri.sock"},"ociHooks":{"hooksPath":"/usr/share/containers/oci/hooks.d"},"podAnnotations":{},"podSecurityContext":{"privileged":true},"priorityClassName":"","resources":{},"serviceAccount":{"name":""}}` | Method for installing Tetagon rthooks (tetragon-rthooks) daemonset The tetragon-rthooks daemonset is responsible for installing run-time hooks on the host. See: https://tetragon.io/docs/concepts/runtime-hooks | | rthooks.annotations | object | `{}` | Annotations for the Tetragon rthooks daemonset | | rthooks.enabled | bool | `false` | Enable the Tetragon rthooks daemonset | | rthooks.extraHookArgs | object | `{}` | extra args to pass to tetragon-oci-hook | @@ -46,6 +46,7 @@ Helm chart for Tetragon | rthooks.podSecurityContext | object | `{"privileged":true}` | security context for the Tetrargon rthooks pod | | rthooks.priorityClassName | string | `""` | priorityClassName for the Tetrargon rthooks pod | | rthooks.resources | object | `{}` | resources for the the oci-hook-setup init container | +| rthooks.serviceAccount | object | `{"name":""}` | rthooks service account. | | selectorLabelsOverride | object | `{}` | | | serviceAccount.annotations | object | `{}` | | | serviceAccount.create | bool | `true` | | diff --git a/install/kubernetes/tetragon/templates/rthooks-daemonset.yaml b/install/kubernetes/tetragon/templates/rthooks-daemonset.yaml index 1a8c0a52052..96710b15512 100644 --- a/install/kubernetes/tetragon/templates/rthooks-daemonset.yaml +++ b/install/kubernetes/tetragon/templates/rthooks-daemonset.yaml @@ -37,6 +37,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.rthooks.serviceAccount.name }} + serviceAccountName: {{ . }} + {{- end }} {{- with .Values.rthooks.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml index 682ecc42ff1..0281e711322 100644 --- a/install/kubernetes/tetragon/values.yaml +++ b/install/kubernetes/tetragon/values.yaml @@ -395,3 +395,6 @@ rthooks: override: ~ repository: quay.io/cilium/tetragon-rthooks tag: v0.3 + # -- rthooks service account. + serviceAccount: + name: ""