From b331b31df73387987ff72b915fbcd3597b6f88ea Mon Sep 17 00:00:00 2001
From: Ivan Mora Perez <ivan@opentodo.net>
Date: Fri, 22 Jul 2022 13:32:55 +0200
Subject: [PATCH] Add flag to optionally mount the Docker socket

---
 filebeat/README.md                | 1 +
 filebeat/templates/daemonset.yaml | 4 ++++
 filebeat/values.yaml              | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/filebeat/README.md b/filebeat/README.md
index 06678822b..af3a176fc 100644
--- a/filebeat/README.md
+++ b/filebeat/README.md
@@ -114,6 +114,7 @@ as a reference. They are also used in the automated testing of this chart.
 | `daemonset.podSecurityContext` | Configurable [podSecurityContext][] for filebeat DaemonSet pod execution environment                                                                                         | see [values.yaml][]                |
 | `daemonset.resources`          | Allows you to set the [resources][] for filebeat DaemonSet                                                                                                                   | see [values.yaml][]                |
 | `daemonset.tolerations`        | Configurable [tolerations][] for filebeat DaemonSet                                                                                                                          | `[]`                               |
+| `daemonset.dockerSockMount`    | If true, mounts the docker socket from `/var/run/docker.sock`                                                                                                                | `true`                             |
 | `deployment.annotations`       | Configurable [annotations][] for filebeat Deployment                                                                                                                         | `{}`                               |
 | `deployment.labels`            | Configurable [labels][] applied to all filebeat Deployment pods                                                                                                              | `{}`                               |
 | `deployment.affinity`          | Configurable [affinity][] for filebeat Deployment                                                                                                                            | `{}`                               |
diff --git a/filebeat/templates/daemonset.yaml b/filebeat/templates/daemonset.yaml
index 54bfa70b0..0ebaa2462 100644
--- a/filebeat/templates/daemonset.yaml
+++ b/filebeat/templates/daemonset.yaml
@@ -106,9 +106,11 @@ spec:
       - name: varlog
         hostPath:
           path: /var/log
+      {{- if .Values.daemonset.dockerSockMount }}
       - name: varrundockersock
         hostPath:
           path: /var/run/docker.sock
+      {{- end }}
       {{- if .Values.extraVolumes | default .Values.daemonset.extraVolumes }}
 {{ toYaml ( .Values.extraVolumes | default .Values.daemonset.extraVolumes )  | indent 6 }}
       {{- end }}
@@ -189,9 +191,11 @@ spec:
           readOnly: true
         # Necessary when using autodiscovery; avoid mounting it otherwise
         # See: https://www.elastic.co/guide/en/beats/filebeat/master/configuration-autodiscover.html
+        {{- if .Values.daemonset.dockerSockMount }}
         - name: varrundockersock
           mountPath: /var/run/docker.sock
           readOnly: true
+        {{- end }}
         {{- if .Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts }}
 {{ toYaml (.Values.extraVolumeMounts | default .Values.daemonset.extraVolumeMounts ) | indent 8 }}
         {{- end }}
diff --git a/filebeat/values.yaml b/filebeat/values.yaml
index c3c6a66ca..19ad1831f 100644
--- a/filebeat/values.yaml
+++ b/filebeat/values.yaml
@@ -53,6 +53,8 @@ daemonset:
         password: '${ELASTICSEARCH_PASSWORD}'
         protocol: https
         ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"]
+  # Mount Docker socket /var/run/docker.sock
+  dockerSockMount: true
   # Only used when updateStrategy is set to "RollingUpdate"
   maxUnavailable: 1
   nodeSelector: {}