Skip to content

Commit

Permalink
feat(agent): add support for Windows Agent (#1730)
Browse files Browse the repository at this point in the history 
Co-authored-by: Alberto Barba <[email protected]>
  • Loading branch information
@iurly @AlbertoBarba
iurly and AlbertoBarba authored Jul 1, 2024
1 parent 61b7b2c commit ce6bdcd
Show file tree
Hide file tree
Showing 7 changed files with 209 additions and 4 deletions.
2 changes: 1 addition & 1 deletion charts/agent/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@ sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
type: application
version: 1.24.5
version: 1.25.0
13 changes: 13 additions & 0 deletions charts/agent/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,3 +173,16 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `proxy.httpProxy` | Sets `http_proxy` on the agent container. Overrides the proxy setting from `global.proxy`. | `""` |
| `proxy.httpsProxy` | Sets `https_proxy` on the agent container. Overrides the proxy setting from `global.proxy`. | `""` |
| `proxy.noProxy` | Sets `no_proxy` on the agent container. Overrides the proxy setting from `global.proxy`. | `""` |
| `windows.enabled` | Enable Daemonset for Windows agents. | `false` |
| `windows.nodeSelector` | Nodeselector for Windows agents. | `{}` |
| `windows.image.registry` | Windows Agent image registry. | `quay.io` |
| `windows.image.repository` | Sets the image repository to pull the Windows agent image from. | `sysdig/agent-windows` |
| `windows.image.tag` | Specifies the image tag to pull from the repository. | `latest` |
| `windows.image.pullPolicy` | Specifies the Image pull policy for the Windows Agent Image. | `IfNotPresent` |
| `image.pullSecrets` | Specifies the image pull secrets for the Windows Agent Image. | `nil` |
| `windows.resources.requests.cpu` | Specifies the CPU requested to run in a Windows node. | ` ` |
| `windows.resources.requests.memory` | Specifies the memory requested to run in a Windows node. | ` ` |
| `windows.resources.limits.cpu` | Specifies the CPU limit for Windows Agents. | ` ` |
| `resources.limits.memory` | Specifies the memory limit for Windows Agents. | ` ` |
| `windows.affinity` | Specifies node affinities for Windows Agents. | `{}` |
| `windows.tolerations` | Specifies the tolerations for scheduling of Windows Agents. | <pre>node-role.kubernetes.io/master:NoSchedule,<br>node-role.kubernetes.io/control-plane:NoSchedule</pre> |
48 changes: 48 additions & 0 deletions charts/agent/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,52 @@
{{/* vim: set filetype=mustache: */}}

{{/************** WINDOWS ***************/}}

{{/*
Expand the name of the chart.
*/}}
{{- define "agent-windows.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 55 | trimSuffix "-" }}-windows
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "agent-windows.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 55 | trimSuffix "-" }}-windows
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 55 | trimSuffix "-" }}-windows
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 55 | trimSuffix "-" }}-windows
{{- end }}
{{- end }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "agent-windows.labels" -}}
helm.sh/chart: {{ include "agent.chart" . }}
{{ include "agent-windows.selectorLabels" . }}
app.kubernetes.io/version: {{ .Values.windows.image.tag | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "agent-windows.selectorLabels" -}}
app.kubernetes.io/name: {{ include "agent-windows.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/************** WINDOWS-END ***************/}}

{{/*
Expand the name of the chart.
*/}}
Expand Down
2 changes: 1 addition & 1 deletion charts/agent/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if or .Values.daemonset.deploy .Values.delegatedAgentDeployment.enabled }}
{{- if or .Values.daemonset.deploy .Values.delegatedAgentDeployment.enabled .Values.windows.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
Expand Down
116 changes: 116 additions & 0 deletions charts/agent/templates/daemonset-windows.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
{{- if .Values.windows.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "agent-windows.fullname" . }}
labels:
{{- include "agent-windows.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "agent-windows.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "agent-windows.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "agent.serviceAccountName" .}}
{{- if .Values.windows.image.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.windows.image.pullSecrets | nindent 8 }}
{{- else if .Values.global.image.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.global.image.pullSecrets | nindent 8 }}
{{- end }}
securityContext:
windowsOptions:
hostProcess: true
runAsUserName: "NT AUTHORITY\\SYSTEM"
hostNetwork: true
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.windows.image.registry }}/{{ .Values.windows.image.repository }}:{{ .Values.windows.image.tag }}"
imagePullPolicy: {{ .Values.windows.image.pullPolicy | default .Values.global.image.pullPolicy }}
livenessProbe:
httpGet:
host: 127.0.0.1
path: /healthz
port: 24484
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
readinessProbe:
httpGet:
host: 127.0.0.1
path: /healthz
port: 24484
initialDelaySeconds: 60
timeoutSeconds: 10
resources:
{{- toYaml .Values.windows.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: Sysdig/Agent/Config
- name: secrets
mountPath: Sysdig/Agent/Secrets/AccessKey
{{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }}
- name: ca-cert
mountPath: Sysdig/Agent/certificates
readOnly: true
{{- end }}
{{- if and (include "agent.httpProxyCredentials" .) (not (include "agent.gke.autopilot" .)) }}
- mountPath: Sysdig/Agent/Secrets/http_proxy
name: sysdig-agent-http-proxy-secrets
{{- end }}
terminationGracePeriodSeconds: 0
volumes:
- name: config
configMap:
name: {{ include "agent.configmapName" . }}
- name: secrets
secret:
{{- if not ( include "agent.accessKeySecret" . ) }}
secretName: {{ template "agent.fullname" . }}
{{- else }}
secretName: {{ include "agent.accessKeySecret" . }}
{{- end }}
{{- if and (include "agent.httpProxyCredentials" .) (not (include "agent.gke.autopilot" .)) }}
- name: sysdig-agent-http-proxy-secrets
secret:
secretName: {{ template "agent.fullname" . }}-proxy
{{- end }}
{{- if eq (include "sysdig.custom_ca.useValues" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }}
- name: ca-cert
secret:
secretName: {{ include "agent.fullname" . }}-ca
{{- else if eq (include "sysdig.custom_ca.useExistingSecret" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }}
- name: ca-cert
secret:
secretName: {{ include "sysdig.custom_ca.existingSecret" (dict "global" .Values.global.ssl "component" .Values.ssl) }}
{{- else if eq (include "sysdig.custom_ca.useExistingConfigMap" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }}
- name: ca-cert
configMap:
name: {{ include "sysdig.custom_ca.existingConfigMap" (dict "global" .Values.global.ssl "component" .Values.ssl) }}
{{- end }}
nodeSelector:
{{- if .Values.windows.nodeSelector }}
{{ toYaml .Values.windows.nodeSelector | nindent 8 }}
{{- else }}
"kubernetes.io/os": windows
{{- end }}
{{- with .Values.windows.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.windows.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
28 changes: 28 additions & 0 deletions charts/agent/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,34 @@ image:
#
# pullSecrets:
# - name: myRegistrKeySecretName
windows:
enabled: false
nodeSelector: {}
image:
registry: quay.io
repository: sysdig/agent-windows
tag: 1.0.0
# Specify an imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
pullPolicy: []
# Optionally specify an array of imagePullSecrets.
# Secrets must be manually created in the namespace.
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
#
# pullSecrets:
# - name: myRegistrKeySecretName
resources:
# sizing TBD
requests:
cpu: 250m
memory: 348Mi
limits:
cpu: 1000m
memory: 512Mi
affinity: {}
tolerations: []

# Specify a predefined resource profile.
#
# Available options are:
Expand Down
4 changes: 2 additions & 2 deletions charts/sysdig-deploy/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
version: 1.57.1
version: 1.57.2
maintainers:
- name: AlbertoBarba
email: [email protected]
Expand All @@ -26,7 +26,7 @@ dependencies:
- name: agent
# repository: https://charts.sysdig.com
repository: file://../agent
version: ~1.24.5
version: ~1.25.0
alias: agent
condition: agent.enabled
- name: common
Expand Down

0 comments on commit ce6bdcd

Please sign in to comment.