Merge pull request #33 from tabudipanw/master

helm: Add BottlerocketOS support

Author: ranberant

charts/cortex-agent/Chart.yaml

@@ -5,7 +5,7 @@ description: Cortex XDR agent helm chart
 
 type: application
 
-version: 1.6.2
+version: 1.6.3
 
 appVersion: 1.0.0
 

charts/cortex-agent/README.md

@@ -13,6 +13,7 @@
 | 1.6.0         | >=7.5         |
 | 1.6.1         | >=7.5         | Namespace is created by the chart and no longer by helm itself. Therefore the helm namespace will be `default` (unless chosen otherwise).
 | 1.6.2         | >=7.5         |
+| 1.6.3         | >=7.5         |
 
 ## Installing Cortex XDR helm chart
 
@@ -94,6 +95,7 @@ Even when using `--reuse-values` (which uses the values of the previous installa
 | `serviceAccount.openshift.scc.create`  | Enable `SecurityConstraintsContext` for openshift platform (Required when installing on openshift)         |
 | `platform.talos`                       | Support for TalOS platform (Required when installing on TalOS)                                             | Since 1.5.0, agent >= 8.2
 | `platform.gcos`                        | Support for GCOS (Google Container-Optimized OS) platform (Required when installing on GCOS)               | Since 1.5.0, agent >= 8.2
+| `platform.bottlerocket`                | Support for BottlerocketOS platform (Required when installing on BottlerocketOS)                           | Since 1.6.3, agent >= 8.3
 | `agent.clusterName`                    | Name of the kuberenets cluster, will be used as part of the information sent to the server                 | Since 1.5.0, agent >= 8.2
 | `namespace.name`                       | Name of the namespace the agent resides on                                                                 | Since 1.6.0
 | `namespace.create`                     | Create/Don't create namespace for the agent                                                                | Since 1.6.0

charts/cortex-agent/templates/_helpers.tpl

@@ -83,3 +83,14 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create the path of the /var/log volume mount on the host fs
+*/}}
+{{- define "cortex-xdr.XdrVarLogHostPath" -}}
+{{- if .Values.platform.bottlerocket -}}
+/local/traps/var/log
+{{- else -}}
+/var/log
+{{- end }}
+{{- end }}

charts/cortex-agent/templates/daemonset.yaml

@@ -51,6 +51,10 @@ spec:
         imagePullPolicy: {{ .Values.daemonset.image.pullPolicy }}
 
         securityContext:
+          {{- if .Values.platform.bottlerocket }}
+          seLinuxOptions:
+            type: super_t
+          {{- end }}
           capabilities:
             add:
             - SYS_ADMIN
@@ -89,6 +93,8 @@ spec:
         {{- end }}
         - name: XDR_CLUSTER_NAME
           value: {{ .Values.agent.clusterName | quote }}
+        - name: XDR_VAR_LOG_HOST_PATH
+          value:  {{ include "cortex-xdr.XdrVarLogHostPath" . | quote }}
 
         volumeMounts:
 
@@ -130,8 +136,8 @@ spec:
 
       - name: var-log
         hostPath:
-            path: /var/log
-            type: Directory
+          path: {{ include "cortex-xdr.XdrVarLogHostPath" . | quote }}
+          type: DirectoryOrCreate
 
       - name: host-km-directory
         hostPath:
@@ -159,6 +165,11 @@ spec:
         hostPath:
           path: /var/traps/etc/traps
           type: DirectoryOrCreate
+      {{- else if .Values.platform.bottlerocket }}
+      - name: agent-ids
+        hostPath:
+          path: /local/traps/etc/traps
+          type: DirectoryOrCreate
       {{- else if not .Values.platform.talos }}
       - name: agent-ids
         hostPath:

charts/cortex-agent/values.yaml

@@ -32,6 +32,8 @@ platform:
   talos: false
   # Deploy on GCOS platform
   gcos: false
+  # Deploy on bottlerocket platform
+  bottlerocket: false
 
 rbac:
   # create/don't create Cluster Role and Cluster Role Bindings