From ce6bdcd95c97e658a38b2733aa773864494dba7b Mon Sep 17 00:00:00 2001 From: Gerlando Falauto Date: Mon, 1 Jul 2024 10:19:36 +0200 Subject: [PATCH] feat(agent): add support for Windows Agent (#1730) Co-authored-by: Alberto Barba --- charts/agent/Chart.yaml | 2 +- charts/agent/README.md | 13 ++ charts/agent/templates/_helpers.tpl | 48 ++++++++ charts/agent/templates/configmap.yaml | 2 +- charts/agent/templates/daemonset-windows.yaml | 116 ++++++++++++++++++ charts/agent/values.yaml | 28 +++++ charts/sysdig-deploy/Chart.yaml | 4 +- 7 files changed, 209 insertions(+), 4 deletions(-) create mode 100644 charts/agent/templates/daemonset-windows.yaml diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index be77007a9..ede683d46 100644 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -30,4 +30,4 @@ sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig type: application -version: 1.24.5 +version: 1.25.0 diff --git a/charts/agent/README.md b/charts/agent/README.md index 79a1dd535..61fb4a42c 100644 --- a/charts/agent/README.md +++ b/charts/agent/README.md @@ -173,3 +173,16 @@ The following table lists the configurable parameters of the Sysdig chart and th | `proxy.httpProxy` | Sets `http_proxy` on the agent container. Overrides the proxy setting from `global.proxy`. | `""` | | `proxy.httpsProxy` | Sets `https_proxy` on the agent container. Overrides the proxy setting from `global.proxy`. | `""` | | `proxy.noProxy` | Sets `no_proxy` on the agent container. Overrides the proxy setting from `global.proxy`. | `""` | +| `windows.enabled` | Enable Daemonset for Windows agents. | `false` | +| `windows.nodeSelector` | Nodeselector for Windows agents. | `{}` | +| `windows.image.registry` | Windows Agent image registry. | `quay.io` | +| `windows.image.repository` | Sets the image repository to pull the Windows agent image from. | `sysdig/agent-windows` | +| `windows.image.tag` | Specifies the image tag to pull from the repository. | `latest` | +| `windows.image.pullPolicy` | Specifies the Image pull policy for the Windows Agent Image. | `IfNotPresent` | +| `image.pullSecrets` | Specifies the image pull secrets for the Windows Agent Image. | `nil` | +| `windows.resources.requests.cpu` | Specifies the CPU requested to run in a Windows node. | ` ` | +| `windows.resources.requests.memory` | Specifies the memory requested to run in a Windows node. | ` ` | +| `windows.resources.limits.cpu` | Specifies the CPU limit for Windows Agents. | ` ` | +| `resources.limits.memory` | Specifies the memory limit for Windows Agents. | ` ` | +| `windows.affinity` | Specifies node affinities for Windows Agents. | `{}` | +| `windows.tolerations` | Specifies the tolerations for scheduling of Windows Agents. | 
node-role.kubernetes.io/master:NoSchedule,
node-role.kubernetes.io/control-plane:NoSchedule
| diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl index f8c400a5a..ddc4e7174 100644 --- a/charts/agent/templates/_helpers.tpl +++ b/charts/agent/templates/_helpers.tpl @@ -1,4 +1,52 @@ {{/* vim: set filetype=mustache: */}} + +{{/************** WINDOWS ***************/}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "agent-windows.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 55 | trimSuffix "-" }}-windows +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "agent-windows.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 55 | trimSuffix "-" }}-windows +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 55 | trimSuffix "-" }}-windows +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 55 | trimSuffix "-" }}-windows +{{- end }} +{{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "agent-windows.labels" -}} +helm.sh/chart: {{ include "agent.chart" . }} +{{ include "agent-windows.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.windows.image.tag | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "agent-windows.selectorLabels" -}} +app.kubernetes.io/name: {{ include "agent-windows.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/************** WINDOWS-END ***************/}} + {{/* Expand the name of the chart. */}} diff --git a/charts/agent/templates/configmap.yaml b/charts/agent/templates/configmap.yaml index b8987bfe0..d18117ad6 100644 --- a/charts/agent/templates/configmap.yaml +++ b/charts/agent/templates/configmap.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.daemonset.deploy .Values.delegatedAgentDeployment.enabled }} +{{- if or .Values.daemonset.deploy .Values.delegatedAgentDeployment.enabled .Values.windows.enabled }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/charts/agent/templates/daemonset-windows.yaml b/charts/agent/templates/daemonset-windows.yaml new file mode 100644 index 000000000..c3bb26f18 --- /dev/null +++ b/charts/agent/templates/daemonset-windows.yaml @@ -0,0 +1,116 @@ +{{- if .Values.windows.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "agent-windows.fullname" . }} + labels: + {{- include "agent-windows.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "agent-windows.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "agent-windows.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "agent.serviceAccountName" .}} + {{- if .Values.windows.image.pullSecrets }} + imagePullSecrets: + {{ toYaml .Values.windows.image.pullSecrets | nindent 8 }} + {{- else if .Values.global.image.pullSecrets }} + imagePullSecrets: + {{ toYaml .Values.global.image.pullSecrets | nindent 8 }} + {{- end }} + securityContext: + windowsOptions: + hostProcess: true + runAsUserName: "NT AUTHORITY\\SYSTEM" + hostNetwork: true + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.windows.image.registry }}/{{ .Values.windows.image.repository }}:{{ .Values.windows.image.tag }}" + imagePullPolicy: {{ .Values.windows.image.pullPolicy | default .Values.global.image.pullPolicy }} + livenessProbe: + httpGet: + host: 127.0.0.1 + path: /healthz + port: 24484 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + readinessProbe: + httpGet: + host: 127.0.0.1 + path: /healthz + port: 24484 + initialDelaySeconds: 60 + timeoutSeconds: 10 + resources: + {{- toYaml .Values.windows.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: Sysdig/Agent/Config + - name: secrets + mountPath: Sysdig/Agent/Secrets/AccessKey + {{- if eq (include "sysdig.custom_ca.enabled" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} + - name: ca-cert + mountPath: Sysdig/Agent/certificates + readOnly: true + {{- end }} + {{- if and (include "agent.httpProxyCredentials" .) (not (include "agent.gke.autopilot" .)) }} + - mountPath: Sysdig/Agent/Secrets/http_proxy + name: sysdig-agent-http-proxy-secrets + {{- end }} + terminationGracePeriodSeconds: 0 + volumes: + - name: config + configMap: + name: {{ include "agent.configmapName" . }} + - name: secrets + secret: + {{- if not ( include "agent.accessKeySecret" . ) }} + secretName: {{ template "agent.fullname" . }} + {{- else }} + secretName: {{ include "agent.accessKeySecret" . }} + {{- end }} + {{- if and (include "agent.httpProxyCredentials" .) (not (include "agent.gke.autopilot" .)) }} + - name: sysdig-agent-http-proxy-secrets + secret: + secretName: {{ template "agent.fullname" . }}-proxy + {{- end }} + {{- if eq (include "sysdig.custom_ca.useValues" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} + - name: ca-cert + secret: + secretName: {{ include "agent.fullname" . }}-ca + {{- else if eq (include "sysdig.custom_ca.useExistingSecret" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} + - name: ca-cert + secret: + secretName: {{ include "sysdig.custom_ca.existingSecret" (dict "global" .Values.global.ssl "component" .Values.ssl) }} + {{- else if eq (include "sysdig.custom_ca.useExistingConfigMap" (dict "global" .Values.global.ssl "component" .Values.ssl)) "true" }} + - name: ca-cert + configMap: + name: {{ include "sysdig.custom_ca.existingConfigMap" (dict "global" .Values.global.ssl "component" .Values.ssl) }} + {{- end }} + nodeSelector: + {{- if .Values.windows.nodeSelector }} + {{ toYaml .Values.windows.nodeSelector | nindent 8 }} + {{- else }} + "kubernetes.io/os": windows + {{- end }} + {{- with .Values.windows.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.windows.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml index f31ee820b..767423ec7 100644 --- a/charts/agent/values.yaml +++ b/charts/agent/values.yaml @@ -62,6 +62,34 @@ image: # # pullSecrets: # - name: myRegistrKeySecretName +windows: + enabled: false + nodeSelector: {} + image: + registry: quay.io + repository: sysdig/agent-windows + tag: 1.0.0 + # Specify an imagePullPolicy + # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + pullPolicy: [] + # Optionally specify an array of imagePullSecrets. + # Secrets must be manually created in the namespace. + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # + # pullSecrets: + # - name: myRegistrKeySecretName + resources: + # sizing TBD + requests: + cpu: 250m + memory: 348Mi + limits: + cpu: 1000m + memory: 512Mi + affinity: {} + tolerations: [] + # Specify a predefined resource profile. # # Available options are: diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index ef47b558e..00ac00026 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.57.1 +version: 1.57.2 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com @@ -26,7 +26,7 @@ dependencies: - name: agent # repository: https://charts.sysdig.com repository: file://../agent - version: ~1.24.5 + version: ~1.25.0 alias: agent condition: agent.enabled - name: common