feat(agent): Fix GKE Autopilot installation (#975)

Co-authored-by: Marco Vito Moscaritolo <[email protected]>
sysdiglabs · May 11, 2023 · 5c194ec · 5c194ec
1 parent 50101ce
commit 5c194ec
Show file tree

Hide file tree

Showing 15 changed files with 784 additions and 228 deletions.
diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
@@ -5,7 +5,7 @@ description: Sysdig Monitor and Secure agent
 type: application
 
 # currently matching sysdig 1.14.32
-version: 1.7.5
+version: 1.8.0
 
 appVersion: 12.14.0
 

diff --git a/charts/agent/README.md b/charts/agent/README.md
@@ -83,6 +83,8 @@ The following table lists the configurable parameters of the Sysdig chart and th
 | `collectorSettings.ssl`                        | The collector accepts SSL                                                                                                                               | `true`                                                      |
 | `collectorSettings.sslVerifyCertificate`       | Set to false if you don't want to verify SSL certificate                                                                                                | `true`                                                      |
 | `gke.autopilot`                                | If true, overrides the agent configuration to run on GKE Autopilot clusters                                                                             | `false`                                                     |
+| `gke.autopilot.createPriorityClass`            | If true, create the required PriorityClass to ensure Agent Pods are scheduled in GKE Autopilot. Uses the name provided by the `priorityClassName` parameter | `false`                                                 |
+| `gke.ephemeralStorage`                         | Amount of ephemeral storage to provide to the Agent container in GKE Autopilot clusters                                                                 | `500Mi`                                                     |
 | `rbac.create`                                  | If true, create & use RBAC resources                                                                                                                    | `true`                                                      |
 | `scc.create`                                   | Create OpenShift's Security Context Constraint                                                                                                          | `true`                                                      |
 | `psp.create`                                   | Create Pod Security Policy to allow the agent running in clusters with PSP enabled                                                                      | `true`                                                      |

diff --git a/charts/agent/templates/NOTES.txt b/charts/agent/templates/NOTES.txt
@@ -17,6 +17,11 @@ The "drift_killer" feature in agent is not supported when running on GKE Autopil
     {{- end }}
 {{- end }}
 
+{{- if and (include "agent.gke.autopilot" .) (not .Values.gke.createPriorityClass) (not .Values.priorityClassName) }}
+
+A PriorityClass is recommended for GKE Autopilot environments. Please set gke.createPriorityClass=true or provide the name of an existing PriorityClass by using the priorityClassName parameter.
+{{- end }}
+
 {{- $secureFeatProvided := false }}
 {{- if hasKey .Values.sysdig.settings "feature" }}
     {{- if hasKey .Values.sysdig.settings.feature "mode" }}

diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl
@@ -77,22 +77,27 @@ Sysdig Agent resources
 */}}
 {{- define "agent.resources" -}}
 {{/* we have same values for both requests and limits */}}
-{{- $smallCpu := "1000m" -}}
-{{- $smallMemory := "1024Mi" -}}
-{{- $mediumCpu := "3000m" -}}
-{{- $mediumMemory := "3072Mi" -}}
-{{- $largeCpu := "5000m" -}}
-{{- $largeMemory := "6144Mi" -}}
+{{- $resourceProfiles := dict "small"  (dict "cpu" "1000m"
+                                             "memory" "1024Mi")
+                              "medium" (dict "cpu" "3000m"
+                                             "memory" "3072Mi")
+                              "large"  (dict "cpu" "5000m"
+                                             "memory" "6144Mi") }}
+{{- $resources := dict }}
 {{/* custom resource values are always first-class */}}
 {{- if .Values.resources }}
-{{- toYaml .Values.resources -}}
-{{- else if eq .Values.resourceProfile "small" -}}
-{{- printf "requests:\n  cpu: %s\n  memory: %s\nlimits:\n  cpu: %s\n  memory: %s" $smallCpu $smallMemory $smallCpu $smallMemory -}}
-{{- else if eq .Values.resourceProfile "medium" -}}
-{{- printf "requests:\n  cpu: %s\n  memory: %s\nlimits:\n  cpu: %s\n  memory: %s" $mediumCpu $mediumMemory $mediumCpu $mediumMemory -}}
-{{- else if eq .Values.resourceProfile "large" -}}
-{{- printf "requests:\n  cpu: %s\n  memory: %s\nlimits:\n  cpu: %s\n  memory: %s" $largeCpu $largeMemory $largeCpu $largeMemory -}}
-{{- end -}}
+    {{- toYaml .Values.resources -}}
+{{- else if not (hasKey $resourceProfiles .Values.resourceProfile) }}
+    {{- fail (printf "Invalid value for resourceProfile provided: %s" .Values.resourceProfile) }}
+{{- else if and (include "agent.gke.autopilot" .) (not .Values.slim.enabled) }}
+    {{- toYaml (dict "requests" (dict "cpu" "250m"
+                                      "ephemeral-storage" .Values.gke.ephemeralStorage
+                                      "memory" "512Mi")
+                     "limits"   (get $resourceProfiles .Values.resourceProfile)) }}
+{{- else }}
+    {{- toYaml (dict "requests" (get $resourceProfiles .Values.resourceProfile)
+                     "limits"   (get $resourceProfiles .Values.resourceProfile)) }}
+{{- end }}
 {{- end -}}
 
 {{/*