From f8f6609db1c6cbae108b83341e331cce9a4daf12 Mon Sep 17 00:00:00 2001 From: Matthias Bertschy Date: Wed, 5 Jul 2023 08:25:55 +0200 Subject: [PATCH] rewrite node-agent config Signed-off-by: Matthias Bertschy --- .../templates/node-agent/configmap.yaml | 27 ++++--------------- .../templates/node-agent/daemonset.yaml | 20 ++++++++++++++ charts/kubescape-cloud-operator/values.yaml | 15 ++++------- 3 files changed, 30 insertions(+), 32 deletions(-) diff --git a/charts/kubescape-cloud-operator/templates/node-agent/configmap.yaml b/charts/kubescape-cloud-operator/templates/node-agent/configmap.yaml index e93b861a..6a67b9a8 100644 --- a/charts/kubescape-cloud-operator/templates/node-agent/configmap.yaml +++ b/charts/kubescape-cloud-operator/templates/node-agent/configmap.yaml @@ -2,30 +2,13 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Values.nodeAgent.config.name }} + name: {{ .Values.nodeAgent.name }} namespace: {{ .Values.ksNamespace }} data: - ConfigurationFile.json: | + config.json: | { - "sniffer": { - "services": [ - { - "Name": "relevantCVEs" - } - ], - "maxSniffingTimePerContainer": {{ .Values.nodeAgent.config.maxLearningPeriod }} - }, - "falcoEbpfEngine": { - "kernelObjPath": "/root/.falco/falco-bpf.o", - "ebpfEngineLoaderPath": "/etc/node-agent/resources/ebpf/falco/userspace_app" - }, - "node": { - "name": "" - }, - "db": { - "updateDataPeriod": {{ .Values.nodeAgent.config.learningPeriod }} - }, - "clusterName": "{{ regexReplaceAll "\\W+" .Values.clusterName "-" }}", - "accountID": "{{ .Values.account }}" + "relevantCVEServiceEnabled": true, + "maxSniffingTimePerContainer": "{{ .Values.nodeAgent.config.maxLearningPeriod }}", + "updateDataPeriod": "{{ .Values.nodeAgent.config.learningPeriod }}" } {{- end }} diff --git a/charts/kubescape-cloud-operator/templates/node-agent/daemonset.yaml b/charts/kubescape-cloud-operator/templates/node-agent/daemonset.yaml index 9f162a3e..8fcadcea 100644 --- a/charts/kubescape-cloud-operator/templates/node-agent/daemonset.yaml +++ b/charts/kubescape-cloud-operator/templates/node-agent/daemonset.yaml @@ -57,6 +57,18 @@ spec: kubernetes.io/os: linux kubernetes.io/arch: amd64 volumes: + - name: {{ .Values.global.cloudConfig }} + configMap: + name: {{ .Values.global.cloudConfig }} + items: + - key: "clusterData" + path: "clusterData.json" + - name: config + configMap: + name: {{ .Values.nodeAgent.name }} + items: + - key: "config.json" + path: "config.json" {{- range .Values.nodeAgent.volumes }} - name: {{ .name }} {{- if .configMap }} @@ -121,6 +133,14 @@ spec: add: - SYS_ADMIN volumeMounts: + - name: {{ .Values.global.cloudConfig }} + mountPath: /etc/config/clusterData.json + readOnly: true + subPath: "clusterData.json" + - name: config + mountPath: /etc/config/config.json + readOnly: true + subPath: "config.json" {{- range .Values.nodeAgent.containers.nodeAgent.volumeMounts }} - mountPath: {{ .mountPath }} name: {{ .name }} diff --git a/charts/kubescape-cloud-operator/values.yaml b/charts/kubescape-cloud-operator/values.yaml index 4e7c62fc..7ee6643f 100644 --- a/charts/kubescape-cloud-operator/values.yaml +++ b/charts/kubescape-cloud-operator/values.yaml @@ -567,9 +567,8 @@ nodeAgent: name: "node-agent" config: - name: node-agent-config-map - maxLearningPeriod: 180 # minutes - learningPeriod: 2 # minutes + maxLearningPeriod: 3h + learningPeriod: 2m resources: requests: @@ -607,20 +606,16 @@ nodeAgent: containers: nodeAgent: name: node-agent - image: + image: repository: quay.io/matthiasb_1/node-agent - tag: inspektor + tag: rewrite pullPolicy: Always - env: - - name: CONFIG_ENV_VAR - value: "/etc/node-agent/configuration/ConfigurationFile.json" + env: - name: NodeName valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - - mountPath: /etc/node-agent/configuration - name: configmap-volume - mountPath: /host name: host - mountPath: /run