Add Helm support for export.mode with sidecar management

cy83rc0llect0r · cy83rc0llect0r · commit 9db16944a7e5 · 2025-04-24T17:22:30.000+03:30
Update Helm chart to support export.mode (stdout, file and direct-stdout), with conditional sidecar and volume management. Default to stdout mode for backward compatibility. Enhancement #1710 Signed-off-by: Amir Reza Nazarizadeh <amir.nazarizadeh@gmail.com>
diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md
diff --git a/install/kubernetes/tetragon/templates/_container_tetragon.tpl b/install/kubernetes/tetragon/templates/_container_tetragon.tpl
@@ -34,8 +34,10 @@
       name: bpf-maps
     - mountPath: "/var/run/cilium"
       name: cilium-run
+{{- if or (eq .Values.export.mode "file") (eq .Values.export.mode "stdout") }}
     - mountPath: {{ .Values.exportDirectory }}
       name: export-logs
+{{- end }}
     - mountPath: "/procRoot"
       name: host-proc
 {{- if and (.Values.tetragon.cri.enabled) (.Values.tetragon.cri.socketHostPath) }}
diff --git a/install/kubernetes/tetragon/templates/daemonset.yaml b/install/kubernetes/tetragon/templates/daemonset.yaml
@@ -56,7 +56,7 @@ spec:
 {{- end }}
       {{- include "initcontainers.extra" . | nindent 6 }}
       containers:
-{{- if eq .Values.export.mode "stdout" }}
+{{- if or (eq .Values.export.mode "file") (eq .Values.export.mode "stdout") }}
       {{- include "container.export.stdout" . | nindent 6 -}}
 {{- end }}
 {{- if .Values.tetragon.enabled }}
@@ -82,10 +82,12 @@ spec:
         hostPath:
           path: /var/run/cilium
           type: DirectoryOrCreate
+{{- if or (eq .Values.export.mode "file") (eq .Values.export.mode "stdout") }}
       - name: export-logs
         hostPath:
           path: {{ .Values.exportDirectory }}
           type: DirectoryOrCreate
+{{- end }}
 {{- if .Values.tetragon.enabled }}
       - name: tetragon-config
         configMap:
diff --git a/install/kubernetes/tetragon/templates/tetragon_configmap.yaml b/install/kubernetes/tetragon/templates/tetragon_configmap.yaml
@@ -87,3 +87,4 @@ data:
 {{- end }}
   enable-cgidmap: {{ .Values.tetragon.cgidmap.enabled | quote }}
   enable-pod-annotations: {{ .Values.tetragon.podAnnotations.enabled | default "false" | quote }}
+  export-mode: {{ .Values.export.mode | default "stdout" | quote }}
diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml
@@ -3,7 +3,7 @@ enabled: true
 imagePullSecrets: []
 # Tetragon agent settings
 priorityClassName: ""
-imagePullPolicy: IfNotPresent
+imagePullPolicy: Always
 serviceAccount:
   create: true
   annotations: {}
@@ -39,8 +39,8 @@ tetragon:
   enabled: true
   image:
     override: ~
-    repository: quay.io/cilium/tetragon
-    tag: v1.4.0
+    repository: 172.16.236.129:5000/cilium/tetragon
+    tag: 16
   resources: {}
   extraArgs: {}
   extraEnv: []
@@ -319,9 +319,9 @@ tetragonOperator:
   # -- tetragon-operator image.
   image:
     override: ~
-    repository: quay.io/cilium/tetragon-operator
-    tag: v1.4.0
-    pullPolicy: IfNotPresent
+    repository: 172.16.236.129:5000/cilium/tetragon-operator
+    tag: 16
+    pullPolicy: Always
   # -- Extra volumes for the Tetragon Operator Deployment.
   extraVolumes: []
   extraVolumeMounts: []
@@ -351,7 +351,7 @@ tetragonOperator:
       scrapeInterval: "10s"
 # -- Tetragon events export settings
 export:
-  # "stdout". "" to disable.
+  # "stdout (deprecated)" - file (sidecar + volume) - direct-stdout (stdout without file and sidecar).
   mode: "stdout"
   resources: {}
   securityContext: {}
