From 9be75434ea7d2a63a2f64691d30a5038c8f5cdfb Mon Sep 17 00:00:00 2001
From: marvinWolff <36923121+marvinWolff@users.noreply.github.com>
Date: Fri, 23 Aug 2024 23:02:18 +0200
Subject: [PATCH] feat(base-cluster/tetragon): add tetragon (#1056)

Ref.: https://github.com/teutonet/teutonet-helm-charts/issues/1046
---
 .../templates/tetragon/tetragon.yaml          | 48 +++++++++++++++++++
 charts/base-cluster/values.schema.json        |  9 ++++
 charts/base-cluster/values.yaml               |  7 +++
 3 files changed, 64 insertions(+)
 create mode 100644 charts/base-cluster/templates/tetragon/tetragon.yaml

diff --git a/charts/base-cluster/templates/tetragon/tetragon.yaml b/charts/base-cluster/templates/tetragon/tetragon.yaml
new file mode 100644
index 000000000..2fea41ff9
--- /dev/null
+++ b/charts/base-cluster/templates/tetragon/tetragon.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.tetragon.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tetragon
+  namespace: kube-system
+  labels: {{- include "common.labels.standard" $ | nindent 4 }}
+    app.kubernetes.io/component: tetragon
+spec:
+  chart:
+    spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "tetragon" "chart" "tetragon" "context" $) | nindent 6 }}
+  interval: 5m
+  driftDetection:
+    mode: enabled
+  {{- if .Values.monitoring.prometheus.enabled }}
+  dependsOn:
+    - name: kube-prometheus-stack
+      namespace: monitoring
+  {{- end }}
+  values:
+    export:
+      {{- if .Values.global.imageRegistry }}
+      stdout:
+        image:
+          repository: {{ printf "%s/cilium/hubble-export-stdout" .Values.global.imageRegistry }}
+      {{- end }}
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+    crds:
+      installMethod: helm
+    tetragonOperator:
+      enabled: false
+    tetragon:
+      {{- if .Values.global.imageRegistry }}
+      image:
+        repository: {{ printf "%s/cilium/tetragon" .Values.global.imageRegistry }}
+      {{- end }}
+      enableProcessCred: true
+      enableProcessNs: true
+      {{- if .Values.monitoring.prometheus.enabled }}
+      prometheus:
+        serviceMonitor:
+          enabled: true
+          labelsOverride: {{- toYaml .Values.monitoring.labels | nindent 12 }}
+      {{- end }}
+  {{- end }}
diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json
index 086d4f9fa..6b1ca67a1 100644
--- a/charts/base-cluster/values.schema.json
+++ b/charts/base-cluster/values.schema.json
@@ -549,6 +549,15 @@
       },
       "additionalProperties": false
     },
+    "tetragon": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "additionalProperties": false
+    },
     "monitoring": {
       "type": "object",
       "properties": {
diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml
index 53e4999b1..b36d93d23 100644
--- a/charts/base-cluster/values.yaml
+++ b/charts/base-cluster/values.yaml
@@ -141,6 +141,10 @@ global:
         kyverno: 3.x.x
         kyverno-policies: 3.x.x
       condition: "{{ .Values.kyverno.enabled }}"
+    tetragon:
+      url: https://helm.cilium.io
+      charts:
+        tetragon: 1.x.x
     cetic:
       url: https://cetic.github.io/helm-charts
       charts:
@@ -457,3 +461,6 @@ backup:
 
 kube-janitor:
   enabled: false
+
+tetragon:
+  enabled: false