Make mounting of working-area conditional

kylos101 · ona-agent · kylos101 · commit e9645f38fdfb · 2025-08-15T02:29:29.000Z
This way we do not do for Dedicated

Co-authored-by: Ona &lt;no-reply@ona.com&gt;
diff --git a/install/installer/pkg/components/agent-smith/daemonset.go b/install/installer/pkg/components/agent-smith/daemonset.go
@@ -24,6 +24,61 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 	if err != nil {
 		return nil, err
 	}
+	volumeMounts := []corev1.VolumeMount{
+		{
+			Name:      "config",
+			MountPath: "/config",
+		},
+		{
+			Name:      "wsman-tls-certs",
+			MountPath: "/wsman-certs",
+			ReadOnly:  true,
+		},
+		common.CAVolumeMount(),
+	}
+
+	filesystemScanningEnabled := ctx.Config.Components != nil &&
+		ctx.Config.Components.AgentSmith != nil &&
+		ctx.Config.Components.AgentSmith.FilesystemScanning != nil &&
+		ctx.Config.Components.AgentSmith.FilesystemScanning.Enabled
+
+	if filesystemScanningEnabled {
+		volumeMounts = append(volumeMounts, corev1.VolumeMount{
+			Name:      "working-area",
+			MountPath: ContainerWorkingAreaMk2,
+			ReadOnly:  true,
+		})
+	}
+
+	volumes := []corev1.Volume{
+		{
+			Name: "config",
+			VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{
+				LocalObjectReference: corev1.LocalObjectReference{Name: Component},
+			}},
+		},
+		{
+			Name: "wsman-tls-certs",
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: wsmanagermk2.TLSSecretNameClient,
+				},
+			},
+		},
+		common.CAVolume(),
+	}
+
+	if filesystemScanningEnabled {
+		volumes = append(volumes, corev1.Volume{
+			Name: "working-area",
+			VolumeSource: corev1.VolumeSource{
+				HostPath: &corev1.HostPathVolumeSource{
+					Path: HostWorkingAreaMk2,
+					Type: func() *corev1.HostPathType { t := corev1.HostPathDirectory; return &t }(),
+				},
+			},
+		})
+	}
 
 	return []runtime.Object{&appsv1.DaemonSet{
 		TypeMeta: common.TypeMetaDaemonset,
@@ -64,23 +119,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 								"memory": resource.MustParse("32Mi"),
 							},
 						}),
-						VolumeMounts: []corev1.VolumeMount{
-							{
-								Name:      "config",
-								MountPath: "/config",
-							},
-							{
-								Name:      "wsman-tls-certs",
-								MountPath: "/wsman-certs",
-								ReadOnly:  true,
-							},
-							{
-								Name:      "working-area",
-								MountPath: ContainerWorkingAreaMk2,
-								ReadOnly:  true,
-							},
-							common.CAVolumeMount(),
-						},
+						VolumeMounts: volumeMounts,
 						Env: common.CustomizeEnvvar(ctx, Component, common.MergeEnv(
 							common.DefaultEnv(&ctx.Config),
 							common.WorkspaceTracingEnv(ctx, Component),
@@ -93,32 +132,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 					},
 						*common.KubeRBACProxyContainer(ctx),
 					},
-					Volumes: []corev1.Volume{
-						{
-							Name: "config",
-							VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{
-								LocalObjectReference: corev1.LocalObjectReference{Name: Component},
-							}},
-						},
-						{
-							Name: "wsman-tls-certs",
-							VolumeSource: corev1.VolumeSource{
-								Secret: &corev1.SecretVolumeSource{
-									SecretName: wsmanagermk2.TLSSecretNameClient,
-								},
-							},
-						},
-						{
-							Name: "working-area",
-							VolumeSource: corev1.VolumeSource{
-								HostPath: &corev1.HostPathVolumeSource{
-									Path: HostWorkingAreaMk2,
-									Type: func() *corev1.HostPathType { t := corev1.HostPathDirectory; return &t }(),
-								},
-							},
-						},
-						common.CAVolume(),
-					},
+					Volumes: volumes,
 					Tolerations: []corev1.Toleration{
 						{
 							Effect:   corev1.TaintEffectNoSchedule,
