From d8b87a90e4cfc3ea3676121b8e607e68d750f696 Mon Sep 17 00:00:00 2001
From: Volodymyr Stoiko <me@volodymyrstoiko.com>
Date: Mon, 30 Sep 2024 20:39:34 +0300
Subject: [PATCH] Add resource guard flag (#1622)

* Add resource-guard flags

* make generate-helm-values

* Add resource guard flag
---
 cmd/tap.go                                     | 1 +
 config/configStructs/tapConfig.go              | 6 ++++++
 helm-chart/templates/09-worker-daemon-set.yaml | 3 +++
 helm-chart/values.yaml                         | 2 ++
 4 files changed, 12 insertions(+)

diff --git a/cmd/tap.go b/cmd/tap.go
index 962079235..dcc8f8662 100644
--- a/cmd/tap.go
+++ b/cmd/tap.go
@@ -61,4 +61,5 @@ func init() {
 	tapCmd.Flags().Bool(configStructs.IgnoreTaintedLabel, defaultTapConfig.IgnoreTainted, "Ignore tainted pods while running Worker DaemonSet")
 	tapCmd.Flags().Bool(configStructs.IngressEnabledLabel, defaultTapConfig.Ingress.Enabled, "Enable Ingress")
 	tapCmd.Flags().Bool(configStructs.TelemetryEnabledLabel, defaultTapConfig.Telemetry.Enabled, "Enable/disable Telemetry")
+	tapCmd.Flags().Bool(configStructs.ResourceGuardEnabledLabel, defaultTapConfig.ResourceGuard.Enabled, "Enable/disable resource guard")
 }
diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index d4a0b1252..4b64478dc 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -31,6 +31,7 @@ const (
 	IgnoreTaintedLabel           = "ignoreTainted"
 	IngressEnabledLabel          = "ingress-enabled"
 	TelemetryEnabledLabel        = "telemetry-enabled"
+	ResourceGuardEnabledLabel    = "resource-guard-enabled"
 	PprofPortLabel               = "pprof-port"
 	PprofViewLabel               = "pprof-view"
 	DebugLabel                   = "debug"
@@ -144,6 +145,10 @@ type TelemetryConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
+type ResourceGuardConfig struct {
+	Enabled bool `yaml:"enabled" json:"enabled" default:"false"`
+}
+
 type SentryConfig struct {
 	Enabled     bool   `yaml:"enabled" json:"enabled" default:"false"`
 	Environment string `yaml:"environment" json:"environment" default:"production"`
@@ -215,6 +220,7 @@ type TapConfig struct {
 	Debug                        bool                  `yaml:"debug" json:"debug" default:"false"`
 	KernelModule                 KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
 	Telemetry                    TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
+	ResourceGuard                ResourceGuardConfig   `yaml:"resourceGuard" json:"resourceGuard"`
 	Sentry                       SentryConfig          `yaml:"sentry" json:"sentry"`
 	DefaultFilter                string                `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !tcp and !udp and !icmp"`
 	ScriptingDisabled            bool                  `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"`
diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml
index f7c51acf2..298ef5d6f 100644
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -72,6 +72,9 @@ spec:
           {{- end }}
           {{- if ne .Values.tap.packetCapture "ebpf" }}
             - -disable-ebpf
+          {{- end }}
+          {{- if .Values.tap.resourceGuard.enabled }}
+            - -enable-resource-guard
           {{- end }}
             - -resolution-strategy
             - '{{ .Values.tap.misc.resolutionStrategy }}'
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 2cb071a62..cfc64af7b 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -98,6 +98,8 @@ tap:
     unloadOnDestroy: false
   telemetry:
     enabled: true
+  resourceGuard:
+    enabled: false
   sentry:
     enabled: false
     environment: production