From 8afadcaa235329ec4cb8c7677a255690e2ecfc56 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Thu, 3 Jul 2025 19:32:36 +0200 Subject: [PATCH 1/2] feat: add `nameOverride` support to helm templates - adds `nameOverride` to tetragon and tetragonOperator Helm values. - adds helper templates and makes resources names dependent on tetragon and operator names Signed-off-by: Mikita Iwanowski --- .../tetragon/templates/_helpers.tpl | 36 +++++++++++++++++-- .../tetragon/templates/clusterrole.yaml | 2 +- .../tetragon/templates/clusterrolebinding.yml | 4 +-- .../tetragon/templates/daemonset.yaml | 4 +-- .../templates/operator_clusterrole.yaml | 2 +- .../operator_clusterrolebinding.yaml | 4 +-- .../templates/operator_configmap.yaml | 2 +- .../templates/operator_deployment.yaml | 6 ++-- .../tetragon/templates/operator_role.yaml | 2 +- .../templates/operator_rolebinding.yaml | 4 +-- .../tetragon/templates/operator_service.yaml | 2 +- .../templates/operator_servicemonitor.yaml | 2 +- .../tetragon/templates/service.yaml | 2 +- .../tetragon/templates/servicemonitor.yaml | 2 +- .../templates/tetragon_configmap.yaml | 2 +- install/kubernetes/tetragon/values.yaml | 3 ++ 16 files changed, 57 insertions(+), 22 deletions(-) diff --git a/install/kubernetes/tetragon/templates/_helpers.tpl b/install/kubernetes/tetragon/templates/_helpers.tpl index 160eee2e554..442acfc0e91 100644 --- a/install/kubernetes/tetragon/templates/_helpers.tpl +++ b/install/kubernetes/tetragon/templates/_helpers.tpl @@ -1,3 +1,35 @@ +{{/* +Resources names +*/}} +{{- define "tetragon.name" -}} +{{- default .Release.Name .Values.tetragon.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "tetragon.configMapName" -}} +{{- printf "%s-config" (include "tetragon.name" .) | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "tetragon.clusterRole" -}} +{{- include "tetragon.name" . }} +{{- end }} + +{{- define "tetragon-operator.name" -}} +{{- default (printf "%s-operator" .Release.Name) .Values.tetragonOperator.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "tetragon-operator.clusterRole" -}} +{{- include "tetragon-operator.name" . }} +{{- end }} + +{{- define "tetragon-operator.roleBindingName" -}} +{{- printf "%s-rolebinding" (include "tetragon-operator.name" .) | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "tetragon-operator.configMapName" -}} +{{- printf "%s-config" (include "tetragon-operator.name" .) | trunc 63 | trimSuffix "-" }} +{{- end }} + + {{/* Common labels */}} @@ -55,7 +87,7 @@ ServiceAccounts {{- if .Values.serviceAccount.name -}} {{- printf "%s" .Values.serviceAccount.name -}} {{- else -}} -{{- printf "%s" .Release.Name -}} +{{- include "tetragon.name" . -}} {{- end -}} {{- end }} @@ -63,7 +95,7 @@ ServiceAccounts {{- if .Values.tetragonOperator.serviceAccount.name -}} {{- printf "%s" .Values.tetragonOperator.serviceAccount.name -}} {{- else -}} -{{- printf "%s-operator-service-account" .Release.Name -}} +{{- printf "%s-service-account" (include "tetragon-operator.name" .) -}} {{- end -}} {{- end }} diff --git a/install/kubernetes/tetragon/templates/clusterrole.yaml b/install/kubernetes/tetragon/templates/clusterrole.yaml index e3f2bc19768..fc1ba54d345 100644 --- a/install/kubernetes/tetragon/templates/clusterrole.yaml +++ b/install/kubernetes/tetragon/templates/clusterrole.yaml @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{.Release.Name}} + name: {{ include "tetragon.clusterRole" . }} labels: {{- include "tetragon.labels" . | nindent 4 }} rules: diff --git a/install/kubernetes/tetragon/templates/clusterrolebinding.yml b/install/kubernetes/tetragon/templates/clusterrolebinding.yml index 552bfff84b3..a137681aadd 100644 --- a/install/kubernetes/tetragon/templates/clusterrolebinding.yml +++ b/install/kubernetes/tetragon/templates/clusterrolebinding.yml @@ -2,13 +2,13 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }} + name: {{ include "tetragon.clusterRole" . }} labels: {{- include "tetragon.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Release.Name }} + name: {{ include "tetragon.clusterRole" . }} subjects: - kind: ServiceAccount namespace: {{ .Release.Namespace }} diff --git a/install/kubernetes/tetragon/templates/daemonset.yaml b/install/kubernetes/tetragon/templates/daemonset.yaml index 41f3ed43a79..f6e941f50ce 100644 --- a/install/kubernetes/tetragon/templates/daemonset.yaml +++ b/install/kubernetes/tetragon/templates/daemonset.yaml @@ -11,7 +11,7 @@ metadata: {{- else }} {{- include "tetragon.labels" . | nindent 4 }} {{- end }} - name: {{ .Release.Name }} + name: {{ include "tetragon.name" . }} namespace: {{ .Release.Namespace }} spec: selector: @@ -86,7 +86,7 @@ spec: {{- if .Values.tetragon.enabled }} - name: tetragon-config configMap: - name: {{ .Release.Name }}-config + name: {{ include "tetragon.configMapName" . }} - name: bpf-maps hostPath: path: /sys/fs/bpf diff --git a/install/kubernetes/tetragon/templates/operator_clusterrole.yaml b/install/kubernetes/tetragon/templates/operator_clusterrole.yaml index 5e645738d58..ada67460b28 100644 --- a/install/kubernetes/tetragon/templates/operator_clusterrole.yaml +++ b/install/kubernetes/tetragon/templates/operator_clusterrole.yaml @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{.Release.Name}}-operator + name: {{ include "tetragon-operator.clusterRole" . }} labels: {{- include "tetragon-operator.labels" . | nindent 4 }} rules: diff --git a/install/kubernetes/tetragon/templates/operator_clusterrolebinding.yaml b/install/kubernetes/tetragon/templates/operator_clusterrolebinding.yaml index 046a3cc8bc6..f67bf74b261 100644 --- a/install/kubernetes/tetragon/templates/operator_clusterrolebinding.yaml +++ b/install/kubernetes/tetragon/templates/operator_clusterrolebinding.yaml @@ -2,13 +2,13 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-operator-rolebinding + name: {{ include "tetragon-operator.roleBindingName" . }} labels: {{- include "tetragon-operator.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Release.Name }}-operator + name: {{ include "tetragon-operator.name" . }} subjects: - kind: ServiceAccount namespace: {{ .Release.Namespace }} diff --git a/install/kubernetes/tetragon/templates/operator_configmap.yaml b/install/kubernetes/tetragon/templates/operator_configmap.yaml index cfaded784fc..20c9f2b485c 100644 --- a/install/kubernetes/tetragon/templates/operator_configmap.yaml +++ b/install/kubernetes/tetragon/templates/operator_configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-operator-config + name: {{ include "tetragon-operator.configMapName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "tetragon-operator.labels" . | nindent 4 }} diff --git a/install/kubernetes/tetragon/templates/operator_deployment.yaml b/install/kubernetes/tetragon/templates/operator_deployment.yaml index 07cbc6172ec..24ca9d097bf 100644 --- a/install/kubernetes/tetragon/templates/operator_deployment.yaml +++ b/install/kubernetes/tetragon/templates/operator_deployment.yaml @@ -11,7 +11,7 @@ metadata: {{- with .Values.tetragonOperator.extraLabels }} {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .Release.Name }}-operator + name: {{ include "tetragon-operator.name" . }} namespace: {{ .Release.Namespace }} spec: selector: @@ -31,7 +31,7 @@ spec: {{- end }} spec: containers: - - name: {{ .Release.Name }}-operator + - name: {{ include "tetragon-operator.name" . }} command: - /usr/bin/tetragon-operator args: @@ -103,7 +103,7 @@ spec: volumes: - name: tetragon-operator-config configMap: - name: {{ .Release.Name }}-operator-config + name: {{ include "tetragon-operator.configMapName" . }} {{- with .Values.tetragonOperator.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/install/kubernetes/tetragon/templates/operator_role.yaml b/install/kubernetes/tetragon/templates/operator_role.yaml index e2fef751624..418d0f0ca47 100644 --- a/install/kubernetes/tetragon/templates/operator_role.yaml +++ b/install/kubernetes/tetragon/templates/operator_role.yaml @@ -2,7 +2,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-operator + name: {{ include "tetragon-operator.name" . }} namespace: {{ .Release.Namespace }} labels: {{- include "tetragon-operator.labels" . | nindent 4 }} diff --git a/install/kubernetes/tetragon/templates/operator_rolebinding.yaml b/install/kubernetes/tetragon/templates/operator_rolebinding.yaml index 802b6711d46..b961f036575 100644 --- a/install/kubernetes/tetragon/templates/operator_rolebinding.yaml +++ b/install/kubernetes/tetragon/templates/operator_rolebinding.yaml @@ -2,14 +2,14 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ .Release.Name }}-operator-rolebinding + name: {{ include "tetragon-operator.roleBindingName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "tetragon-operator.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-operator + name: {{ include "tetragon-operator.name" . }} subjects: - kind: ServiceAccount namespace: {{ .Release.Namespace }} diff --git a/install/kubernetes/tetragon/templates/operator_service.yaml b/install/kubernetes/tetragon/templates/operator_service.yaml index bc183e3f483..94e86f7aa87 100644 --- a/install/kubernetes/tetragon/templates/operator_service.yaml +++ b/install/kubernetes/tetragon/templates/operator_service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: namespace: {{ .Release.Namespace }} - name: {{ .Release.Name }}-operator-metrics + name: {{ include "tetragon-operator.name" . }}-metrics labels: {{- include "tetragon-operator.labels" . | nindent 4 }} spec: diff --git a/install/kubernetes/tetragon/templates/operator_servicemonitor.yaml b/install/kubernetes/tetragon/templates/operator_servicemonitor.yaml index 36fe4f714d4..86fb3219522 100644 --- a/install/kubernetes/tetragon/templates/operator_servicemonitor.yaml +++ b/install/kubernetes/tetragon/templates/operator_servicemonitor.yaml @@ -11,7 +11,7 @@ metadata: {{- with .Values.tetragonOperator.prometheus.serviceMonitor.extraLabels }} {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .Release.Name }}-operator + name: {{ include "tetragon-operator.name" . }} namespace: {{ .Release.Namespace }} spec: endpoints: diff --git a/install/kubernetes/tetragon/templates/service.yaml b/install/kubernetes/tetragon/templates/service.yaml index cb9165b1e0c..9af54e4ea05 100644 --- a/install/kubernetes/tetragon/templates/service.yaml +++ b/install/kubernetes/tetragon/templates/service.yaml @@ -9,7 +9,7 @@ metadata: {{- else }} {{- include "tetragon.labels" . | nindent 4 }} {{- end }} - name: {{ .Release.Name }} + name: {{ include "tetragon.name" . }} namespace: {{ .Release.Namespace }} spec: ports: diff --git a/install/kubernetes/tetragon/templates/servicemonitor.yaml b/install/kubernetes/tetragon/templates/servicemonitor.yaml index c5c5534b920..3aeb0d29d08 100644 --- a/install/kubernetes/tetragon/templates/servicemonitor.yaml +++ b/install/kubernetes/tetragon/templates/servicemonitor.yaml @@ -12,7 +12,7 @@ metadata: {{- with .Values.tetragon.prometheus.serviceMonitor.extraLabels }} {{- toYaml . | nindent 4 }} {{- end }} - name: {{ .Release.Name }} + name: {{ include "tetragon.name" . }} namespace: {{ .Release.Namespace }} spec: endpoints: diff --git a/install/kubernetes/tetragon/templates/tetragon_configmap.yaml b/install/kubernetes/tetragon/templates/tetragon_configmap.yaml index 0fe402bed17..18357b37ddc 100644 --- a/install/kubernetes/tetragon/templates/tetragon_configmap.yaml +++ b/install/kubernetes/tetragon/templates/tetragon_configmap.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-config + name: {{ include "tetragon.configMapName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "tetragon.labels" . | nindent 4 }} diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml index 55c35e48393..a7b05941bfb 100644 --- a/install/kubernetes/tetragon/values.yaml +++ b/install/kubernetes/tetragon/values.yaml @@ -37,6 +37,7 @@ exportDirectory: "/var/run/cilium/tetragon" hostNetwork: true tetragon: enabled: true + nameOverride: "" image: override: ~ repository: quay.io/cilium/tetragon @@ -240,6 +241,8 @@ tetragon: tetragonOperator: # -- Enables the Tetragon Operator. enabled: true + # -- The name of the Tetragon Operator deployment. + nameOverride: "" # -- Number of replicas to run for the tetragon-operator deployment replicas: 1 # -- Lease handling for an automated failover when running multiple replicas From 5f79a22bff2730b84aa42895aa46eef62b5e5107 Mon Sep 17 00:00:00 2001 From: Mikita Iwanowski Date: Thu, 3 Jul 2025 19:43:09 +0200 Subject: [PATCH 2/2] codegen: generate docs for `nameOverride` Helm values Signed-off-by: Mikita Iwanowski --- docs/content/en/docs/reference/helm-chart.md | 2 ++ install/kubernetes/tetragon/README.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index 13cc0e51d05..fc64595e90e 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -114,6 +114,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | | tetragon.image.tag | string | `"v1.4.1"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | +| tetragon.nameOverride | string | `""` | | | tetragon.podAnnotations.enabled | bool | `false` | | | tetragon.pprof.address | string | `"localhost"` | The address at which to expose pprof. | | tetragon.pprof.enabled | bool | `false` | Whether to enable exposing pprof server. | @@ -149,6 +150,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragonOperator.failoverLease.namespace | string | `""` | Kubernetes Namespace in which the Lease resource is created. Defaults to the namespace where Tetragon is deployed in, if it's empty. | | tetragonOperator.forceUpdateCRDs | bool | `false` | | | tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.4.1"}` | tetragon-operator image. | +| tetragonOperator.nameOverride | string | `""` | The name of the Tetragon Operator deployment. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md index da03a6ad05d..d11a016a7f5 100644 --- a/install/kubernetes/tetragon/README.md +++ b/install/kubernetes/tetragon/README.md @@ -96,6 +96,7 @@ Helm chart for Tetragon | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | | tetragon.image.tag | string | `"v1.4.1"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | +| tetragon.nameOverride | string | `""` | | | tetragon.podAnnotations.enabled | bool | `false` | | | tetragon.pprof.address | string | `"localhost"` | The address at which to expose pprof. | | tetragon.pprof.enabled | bool | `false` | Whether to enable exposing pprof server. | @@ -131,6 +132,7 @@ Helm chart for Tetragon | tetragonOperator.failoverLease.namespace | string | `""` | Kubernetes Namespace in which the Lease resource is created. Defaults to the namespace where Tetragon is deployed in, if it's empty. | | tetragonOperator.forceUpdateCRDs | bool | `false` | | | tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.4.1"}` | tetragon-operator image. | +| tetragonOperator.nameOverride | string | `""` | The name of the Tetragon Operator deployment. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. |