Add resource guard flag (#1622)

* Add resource-guard flags

* make generate-helm-values

* Add resource guard flag

cmd/tap.go

@@ -61,4 +61,5 @@ func init() {
 	tapCmd.Flags().Bool(configStructs.IgnoreTaintedLabel, defaultTapConfig.IgnoreTainted, "Ignore tainted pods while running Worker DaemonSet")
 	tapCmd.Flags().Bool(configStructs.IngressEnabledLabel, defaultTapConfig.Ingress.Enabled, "Enable Ingress")
 	tapCmd.Flags().Bool(configStructs.TelemetryEnabledLabel, defaultTapConfig.Telemetry.Enabled, "Enable/disable Telemetry")
+	tapCmd.Flags().Bool(configStructs.ResourceGuardEnabledLabel, defaultTapConfig.ResourceGuard.Enabled, "Enable/disable resource guard")
 }

config/configStructs/tapConfig.go

@@ -31,6 +31,7 @@ const (
 	IgnoreTaintedLabel           = "ignoreTainted"
 	IngressEnabledLabel          = "ingress-enabled"
 	TelemetryEnabledLabel        = "telemetry-enabled"
+	ResourceGuardEnabledLabel    = "resource-guard-enabled"
 	PprofPortLabel               = "pprof-port"
 	PprofViewLabel               = "pprof-view"
 	DebugLabel                   = "debug"
@@ -144,6 +145,10 @@ type TelemetryConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
+type ResourceGuardConfig struct {
+	Enabled bool `yaml:"enabled" json:"enabled" default:"false"`
+}
+
 type SentryConfig struct {
 	Enabled     bool   `yaml:"enabled" json:"enabled" default:"false"`
 	Environment string `yaml:"environment" json:"environment" default:"production"`
@@ -215,6 +220,7 @@ type TapConfig struct {
 	Debug                        bool                  `yaml:"debug" json:"debug" default:"false"`
 	KernelModule                 KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
 	Telemetry                    TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
+	ResourceGuard                ResourceGuardConfig   `yaml:"resourceGuard" json:"resourceGuard"`
 	Sentry                       SentryConfig          `yaml:"sentry" json:"sentry"`
 	DefaultFilter                string                `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !tcp and !udp and !icmp"`
 	ScriptingDisabled            bool                  `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"`

helm-chart/templates/09-worker-daemon-set.yaml

@@ -72,6 +72,9 @@ spec:
           {{- end }}
           {{- if ne .Values.tap.packetCapture "ebpf" }}
             - -disable-ebpf
+          {{- end }}
+          {{- if .Values.tap.resourceGuard.enabled }}
+            - -enable-resource-guard
           {{- end }}
             - -resolution-strategy
             - '{{ .Values.tap.misc.resolutionStrategy }}'

helm-chart/values.yaml

@@ -98,6 +98,8 @@ tap:
     unloadOnDestroy: false
   telemetry:
     enabled: true
+  resourceGuard:
+    enabled: false
   sentry:
     enabled: false
     environment: production