add autopilot support

Author: ranberant

charts/cortex-agent/README.md

@@ -97,6 +97,7 @@ Even when using `--reuse-values` (which uses the values of the previous installa
 | `platform.talos`                       | Support for TalOS platform (Required when installing on TalOS)                                             | Since 1.5.0, agent >= 8.2
 | `platform.gcos`                        | Support for GCOS (Google Container-Optimized OS) platform (Required when installing on GCOS)               | Since 1.5.0, agent >= 8.2
 | `platform.bottlerocket`                | Support for BottlerocketOS platform (Required when installing on BottlerocketOS)                           | Since 1.6.3, agent >= 8.3
+| `platform.autopilot`                   | Support for Autopilot platform (Required when installing on GKE Autopilot cluster)                         | Since 1.8.0, agent >= 8.9
 | `agent.clusterName`                    | Name of the kuberenets cluster, will be used as part of the information sent to the server                 | Since 1.5.0, agent >= 8.2
 | `namespace.name`                       | Name of the namespace the agent resides on                                                                 | Since 1.6.0
 | `namespace.create`                     | Create/Don't create namespace for the agent                                                                | Since 1.6.0

charts/cortex-agent/templates/cortex-xdr-synchronizer.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.platform.autopilot }}
+apiVersion: auto.gke.io/v1
+kind: AllowlistSynchronizer
+metadata:
+  name: cortex-xdr-synchronizer
+  annotations:
+    helm.sh/hook: "pre-install,pre-upgrade"
+    "helm.sh/hook-weight": "-1"
+spec:
+  allowlistPaths:
+  - Palo-Alto-Networks/cortex-agent/*
+{{- end }}

charts/cortex-agent/templates/daemonset.yaml

@@ -49,7 +49,12 @@ spec:
 
       containers:
       - name: cortex-agent
+        {{- if .Values.platform.autopilot }}
+        image: {{ .Values.daemonset.image.url }}
+        {{- else }}
         image: {{ .Values.daemonset.image.repository }}:{{ .Values.daemonset.image.tag }}
+        {{- end }}
+
         imagePullPolicy: {{ .Values.daemonset.image.pullPolicy }}
 
         securityContext:
@@ -71,7 +76,7 @@ spec:
             - SYS_ADMIN
             - SYSLOG
             - SYS_CHROOT
-            {{- if not .Values.platform.talos }}
+            {{- if not (or .Values.platform.talos .Values.platform.autopilot) }}
             - SYS_MODULE
             {{- end }}
             - SYS_PTRACE
@@ -116,8 +121,10 @@ spec:
         - name: var-log
           mountPath: /var/log
 
+        {{- if not .Values.platform.autopilot }}
         - name: host-km-directory
           mountPath: /lib/modules
+        {{- end }}
 
         - name: pod-info
           mountPath: /var/run/pod-info
@@ -150,10 +157,12 @@ spec:
           path: {{ include "cortex-xdr.XdrVarLogHostPath" . | quote }}
           type: DirectoryOrCreate
 
+      {{- if not .Values.platform.autopilot }}
       - name: host-km-directory
         hostPath:
           path: /lib/modules
           type: Directory
+      {{- end }}
 
       - name: pod-info
         downwardAPI:

charts/cortex-agent/values.yaml

@@ -34,6 +34,8 @@ platform:
   gcos: false
   # Deploy on bottlerocket platform
   bottlerocket: false
+  # Deploy on autopilot cluster
+  autopilot: false
 
 rbac:
   # create/don't create Cluster Role and Cluster Role Bindings
@@ -92,6 +94,9 @@ daemonset:
 
     tag: "latest"
 
+    # for autopilot
+    url: ""
+
   # These values are the recommended values for cortex agent
   # and are not recommended to change!
   resources: