From d3c21a07bb070e9c0574841bf47082125663bbaa Mon Sep 17 00:00:00 2001 From: Serhiy Berezin Date: Mon, 11 Dec 2023 19:52:58 +0100 Subject: [PATCH] EFS persistent volume helm deployment support (#1455) * EFS persistent volume docs/14 EFS static and dynamic provision added to default * Update helm-chart/values.yaml Co-authored-by: M. Mert Yildiran * Update helm-chart/templates/08-persistent-volume-claim.yaml Co-authored-by: M. Mert Yildiran * Update config/configStructs/tapConfig.go Fix format Co-authored-by: M. Mert Yildiran * Fix format config/configStructs/tapConfig.go Co-authored-by: M. Mert Yildiran * Improve formatting --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com> Co-authored-by: M. Mert Yildiran --- cmd/tap.go | 2 + config/configStructs/tapConfig.go | 92 ++++++++++--------- helm-chart/README.md | 2 + .../templates/08-persistent-volume-claim.yaml | 21 +++++ helm-chart/values.yaml | 2 + 5 files changed, 75 insertions(+), 44 deletions(-) diff --git a/cmd/tap.go b/cmd/tap.go index 038bca055..0f9f8a8f1 100644 --- a/cmd/tap.go +++ b/cmd/tap.go @@ -50,6 +50,8 @@ func init() { tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector") tapCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark") tapCmd.Flags().Bool(configStructs.PersistentStorageLabel, defaultTapConfig.PersistentStorage, "Enable persistent storage (PersistentVolumeClaim)") + tapCmd.Flags().Bool(configStructs.PersistentStorageStaticLabel, defaultTapConfig.PersistentStorageStatic, "Persistent storage static provision") + tapCmd.Flags().Bool(configStructs.EfsFileSytemIdAndPathLabel, defaultTapConfig.EfsFileSytemIdAndPath, "EFS file system ID") tapCmd.Flags().String(configStructs.StorageLimitLabel, defaultTapConfig.StorageLimit, "Override the default storage limit (per node)") tapCmd.Flags().String(configStructs.StorageClassLabel, defaultTapConfig.StorageClass, "Override the default storage class of the PersistentVolumeClaim (per node)") tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them") diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 25f1e7260..242a637ba 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -9,28 +9,30 @@ import ( ) const ( - DockerRegistryLabel = "docker-registry" - DockerTagLabel = "docker-tag" - DockerImagePullPolicy = "docker-imagePullPolicy" - DockerImagePullSecrets = "docker-imagePullSecrets" - ProxyFrontPortLabel = "proxy-front-port" - ProxyHubPortLabel = "proxy-hub-port" - ProxyHostLabel = "proxy-host" - NamespacesLabel = "namespaces" - ReleaseNamespaceLabel = "release-namespace" - PersistentStorageLabel = "persistentStorage" - StorageLimitLabel = "storageLimit" - StorageClassLabel = "storageClass" - DryRunLabel = "dryRun" - PcapLabel = "pcap" - ServiceMeshLabel = "serviceMesh" - TlsLabel = "tls" - IgnoreTaintedLabel = "ignoreTainted" - IngressEnabledLabel = "ingress-enabled" - TelemetryEnabledLabel = "telemetry-enabled" - DebugLabel = "debug" - ContainerPort = 80 - ContainerPortStr = "80" + DockerRegistryLabel = "docker-registry" + DockerTagLabel = "docker-tag" + DockerImagePullPolicy = "docker-imagePullPolicy" + DockerImagePullSecrets = "docker-imagePullSecrets" + ProxyFrontPortLabel = "proxy-front-port" + ProxyHubPortLabel = "proxy-hub-port" + ProxyHostLabel = "proxy-host" + NamespacesLabel = "namespaces" + ReleaseNamespaceLabel = "release-namespace" + PersistentStorageLabel = "persistentStorage" + PersistentStorageStaticLabel = "persistentStorageStatic" + EfsFileSytemIdAndPathLabel = "efsFileSytemIdAndPath" + StorageLimitLabel = "storageLimit" + StorageClassLabel = "storageClass" + DryRunLabel = "dryRun" + PcapLabel = "pcap" + ServiceMeshLabel = "serviceMesh" + TlsLabel = "tls" + IgnoreTaintedLabel = "ignoreTainted" + IngressEnabledLabel = "ingress-enabled" + TelemetryEnabledLabel = "telemetry-enabled" + DebugLabel = "debug" + ContainerPort = 80 + ContainerPortStr = "80" ) type ResourceLimits struct { @@ -105,28 +107,30 @@ type TelemetryConfig struct { } type TapConfig struct { - Docker DockerConfig `yaml:"docker" json:"docker"` - Proxy ProxyConfig `yaml:"proxy" json:"proxy"` - PodRegexStr string `yaml:"regex" json:"regex" default:".*"` - Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"` - Release ReleaseConfig `yaml:"release" json:"release"` - PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` - StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"500Mi"` - StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` - DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` - Resources ResourcesConfig `yaml:"resources" json:"resources"` - ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` - Tls bool `yaml:"tls" json:"tls" default:"true"` - IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` - Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` - Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` - NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"` - Auth AuthConfig `yaml:"auth" json:"auth"` - Ingress IngressConfig `yaml:"ingress" json:"ingress"` - IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` - Debug bool `yaml:"debug" json:"debug" default:"false"` - NoKernelModule bool `yaml:"noKernelModule" json:"noKernelModule" default:"false"` - Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` + Docker DockerConfig `yaml:"docker" json:"docker"` + Proxy ProxyConfig `yaml:"proxy" json:"proxy"` + PodRegexStr string `yaml:"regex" json:"regex" default:".*"` + Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"` + Release ReleaseConfig `yaml:"release" json:"release"` + PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` + PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"` + EfsFileSytemIdAndPath bool `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""` + StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"500Mi"` + StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` + DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` + Resources ResourcesConfig `yaml:"resources" json:"resources"` + ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` + Tls bool `yaml:"tls" json:"tls" default:"true"` + IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` + Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` + Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` + NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"` + Auth AuthConfig `yaml:"auth" json:"auth"` + Ingress IngressConfig `yaml:"ingress" json:"ingress"` + IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` + Debug bool `yaml:"debug" json:"debug" default:"false"` + NoKernelModule bool `yaml:"noKernelModule" json:"noKernelModule" default:"false"` + Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` } func (config *TapConfig) PodRegex() *regexp.Regexp { diff --git a/helm-chart/README.md b/helm-chart/README.md index f9de49a08..3673325e0 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -122,6 +122,8 @@ helm install kubeshark kubeshark/kubeshark \ | `tap.release.name` | Helm release name | `kubeshark` | | `tap.release.namespace` | Helm release namespace | `default` | | `tap.persistentStorage` | Use `persistentVolumeClaim` instead of `emptyDir` | `false` | +| `tap.persistentStorageStatic` | Use static persistent volume provisioning (explicitly defined `PersistentVolume` ) | `false` | +| `tap.efsFileSytemIdAndPath` | [EFS file system ID and, optionally, subpath and/or access point](https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/examples/kubernetes/access_points/README.md) `::` | "" | | `tap.storageLimit` | Limit of either the `emptyDir` or `persistentVolumeClaim` | `500Mi` | | `tap.storageClass` | Storage class of the `PersistentVolumeClaim` | `standard` | | `tap.dryRun` | Preview of all pods matching the regex, without tapping them | `false` | diff --git a/helm-chart/templates/08-persistent-volume-claim.yaml b/helm-chart/templates/08-persistent-volume-claim.yaml index ef0935ebf..079899161 100644 --- a/helm-chart/templates/08-persistent-volume-claim.yaml +++ b/helm-chart/templates/08-persistent-volume-claim.yaml @@ -1,4 +1,25 @@ --- +{{- if .Values.tap.persistentStorageStatic }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: kubeshark-persistent-volume + namespace: {{ .Release.Namespace }} +spec: + capacity: + storage: {{ .Values.tap.storageLimit }} + volumeMode: Filesystem + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: {{ .Values.tap.storageClass }} + {{- if .Values.tap.efsFileSytemIdAndPath }} + csi: + driver: efs.csi.aws.com + volumeHandle: {{ .Values.tap.efsFileSytemIdAndPath }} + {{ end }} +--- +{{ end }} {{- if .Values.tap.persistentStorage }} apiVersion: v1 kind: PersistentVolumeClaim diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index fe041796d..9a4c97999 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -19,6 +19,8 @@ tap: name: kubeshark namespace: default persistentStorage: false + persistentStorageStatic: false + efsFileSytemIdAndPath: "" storageLimit: 500Mi storageClass: standard dryRun: false