Add nameOverride and fullnameOverride support to Tetragon Helm chart #3604
Conversation
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
mtardy
added
the
release-note/minor
cy83rc0llect0r
force-pushed
the
pr/cy83rc0llect0r/add-nameOverride-to-helm-chart
branch
from
fcd9f30 to
85476ec
Compare
|
@tpapagian Could you please find some time to review my PR? It's been pending for a while, and your feedback would be greatly appreciated to move it forward. |
Hey, sorry missed that review. This PR looks good to me. Thanks! |
| name: {{ include "tetragon-operator.serviceAccount" . }} | ||
| name: {{ include "tetragon.fullname" . }}-operator-service-account |
There was a problem hiding this comment.
here you don't use the tetragon-operator.serviceAccount name anymore, it seems it was missing the .name but maybe we still want that to work?
There was a problem hiding this comment.
@mtardy Thanks for the review! I understand you're concerned about switching from tetragon-operator.serviceAccount to tetragon.fullname for the serviceAccount name in operator_deployment.yaml and operator_serviceaccount.yaml. With the current setup, the serviceAccount name is tetragon-operator-service-account by default, and it changes to custom-operator-service-account when nameOverride=custom is set, which works correctly with RBAC (e.g., custom-operator-rolebinding).
To clarify, do you want the serviceAccount name to always remain tetragon-operator-service-account (regardless of nameOverride or fullnameOverride) to ensure compatibility with existing configurations? Or is the current behavior, where the name can change with nameOverride, acceptable? I can revert to tetragon-operator.serviceAccount and lock the name if needed.
There was a problem hiding this comment.
Any comments? @mtardy
There was a problem hiding this comment.
So as I understand this value is defined as such, if you have .Values.tetragonOperator.serviceAccount.name we use it otherwise it default to what you said.
{{- define "tetragon-operator.serviceAccount" -}}
{{- if .Values.tetragonOperator.serviceAccount.name -}}
{{- printf "%s" .Values.tetragonOperator.serviceAccount.name -}}
{{- else -}}
{{- printf "%s-operator-service-account" .Release.Name -}}
{{- end -}}
{{- end }}So perhaps what you want to do in this PR is to change
- {{- printf "%s-operator-service-account" .Release.Name -}}
+ {{ include "tetragon.fullname" . }}-operator-service-accountIn this template no? Otherwise the value will be ignored
There was a problem hiding this comment.
you might want to change tetragon's serviceaccount as well, it seems you skipped that:
{{/*
ServiceAccounts
*/}}
{{- define "tetragon.serviceAccount" -}}
{{- if .Values.serviceAccount.name -}}
{{- printf "%s" .Values.serviceAccount.name -}}
{{- else -}}
{{- printf "%s" .Release.Name -}}
{{- end -}}
{{- end }}In the _helpers.tpl
Maybe grep for .Release.Name for the remaining stuff.
| @@ -98,12 +98,12 @@ spec: | |||
| tolerations: | |||
| {{- toYaml . | nindent 8 }} | |||
| {{- end }} | |||
| serviceAccountName: {{ include "tetragon-operator.serviceAccount" . }} | |||
| @@ -2,7 +2,7 @@ | |||
| apiVersion: v1 | |||
| kind: ServiceAccount | |||
| metadata: | |||
| name: {{ include "tetragon-operator.serviceAccount" . }} | |||
|
Aside I'll be off for the next two weeks, so feel free to ping someone else if you want to merge this earlier |
cy83rc0llect0r
force-pushed
the
pr/cy83rc0llect0r/add-nameOverride-to-helm-chart
branch
from
85476ec to
e786762
Compare
|
My bad! |
Hey, what would you like to remove? This PR seems to be closed already. |
Yes it closed by my mistake :( |
I think you might be able to reopen it if you push commit to the branch again |
- Added nameOverride and fullnameOverride fields to values.yaml at root level for customizable resource names. - Introduced tetragon.fullname helper in _helpers.tpl to standardize naming across the chart. - Updated all templates to use tetragon.fullname instead of .Release.Name for consistency in resources (DaemonSet, Deployment, ServiceAccount, etc.). - Tested with helm template to ensure correct name rendering." Enhancement cilium#2951 Signed-off-by: Amir Reza Nazarizadeh <[email protected]>
cy83rc0llect0r
force-pushed
the
pr/cy83rc0llect0r/add-nameOverride-to-helm-chart
branch
from
95a7785 to
a0c015f
Compare
|
@mtardy Could you please check my changes? |
| {{- if and .Values.tetragonOperator.enabled .Values.tetragonOperator.serviceAccount.create -}} | ||
| {{- if and .Values.tetragonOperator.serviceAccount.create }} |
There was a problem hiding this comment.
I don't get why you removed that?
| {{- if .Values.serviceAccount.create -}} | ||
| {{- if .Values.serviceAccount.create }} |
| {{- define "rthooksInterface" -}} | ||
| {{ $iface := .Values.rthooks.interface }} | ||
| {{- if (eq $iface "oci-hooks") -}} | ||
| oci-hooks | ||
| oci-hooks |
There was a problem hiding this comment.
should we use space? why the empty line removals?
| labels: | ||
| {{- include "tetragon.labels" . | nindent 4 }} | ||
| {{- include "tetragon.labels" . | nindent 4 }} |
No I didn't. I was working on another PR for Tetragon and I think everything was messed up. Let me clean it up. |
|
To be honest, I felt quite disheartened and lost some focus after seeing the assumption that I might have used an LLM to patch my code. I understand that the code might appear a bit messy or unexpected, but this is primarily due to the long time gap between opening this PR and today, which has led to a lack of proper focus on this particular fork. Thank you so much. |
yeah sorry it's just that it happened in the past and because I saw some random changes I thought it was that again, sorry it was indelicate! The PR is helpful |
Enhancement #2951
Description
This pull request adds support for
nameOverrideandfullnameOverridein the Tetragon Helm chart, addressing the enhancement request in issue #2951. This feature allows users to customize the names of Kubernetes resources deployed via Helm, improving flexibility and compatibility in diverse environments (e.g., when deploying multiple instances or following naming conventions).The changes include:
nameOverrideandfullnameOverridefields tovalues.yaml.tetragon.fullnamehelper in_helpers.tplto unify naming logic across templates..Release.Name.helm templateto validate correct name rendering.These changes are fully backward compatible: if
nameOverrideandfullnameOverrideare not set, the chart behaves as before.Use Case Example
A user deploying multiple instances of Tetragon (e.g., in different namespaces or clusters) can now avoid resource name collisions by customizing the full names of the Kubernetes objects. This is especially useful in CI/CD pipelines or large multi-tenant setups where naming conventions must be enforced.
Changelog
Added
nameOverrideandfullnameOverridesupport to the Tetragon Helm chart. Use these fields invalues.yamlto customize resource names.